7 INTERNET-DRAFT Editor: Kurt D. Zeilenga
8 Intended Category: Standard Track OpenLDAP Foundation
9 Expires in six months 17 May 2002
14 LDAPv3: A Collection of User Schema
15 <draft-zeilenga-ldap-user-schema-06.txt>
20 This document is an Internet-Draft and is in full conformance with all
21 provisions of Section 10 of RFC2026.
23 This document is intended to be, after appropriate review and
24 revision, submitted to the RFC Editor as a Standard Track document.
25 Distribution of this memo is unlimited. Technical discussion of this
26 document will take place on the IETF Directory Interest mailing list
27 <directory@apps.ietf.org>. Please send editorial comments directly to
28 the author <Kurt@OpenLDAP.org>.
30 Internet-Drafts are working documents of the Internet Engineering Task
31 Force (IETF), its areas, and its working groups. Note that other
32 groups may also distribute working documents as Internet-Drafts.
33 Internet-Drafts are draft documents valid for a maximum of six months
34 and may be updated, replaced, or obsoleted by other documents at any
35 time. It is inappropriate to use Internet-Drafts as reference
36 material or to cite them other than as ``work in progress.''
38 The list of current Internet-Drafts can be accessed at
39 <http://www.ietf.org/ietf/1id-abstracts.txt>. The list of
40 Internet-Draft Shadow Directories can be accessed at
41 <http://www.ietf.org/shadow.html>.
43 Copyright 2002, The Internet Society. All Rights Reserved.
45 Please see the Copyright section near the end of this document for
51 This document provides a collection of user schema elements for use
52 with LDAP (Lightweight Directory Access Protocol) from both ITU-T
53 Recommendations for the X.500 Directory and COSINE and Internet X.500
58 Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 1]
60 INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
65 Schema definitions are provided using LDAPv3 description formats
66 [RFC2252]. Definitions provided here are formatted (line wrapped) for
69 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
70 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
71 document are to be interpreted as described in BCP 14 [RFC2119].
74 Table of Contents (to be expanded by editor)
80 1. Background and Intended Use 3
84 2.3. caseExactOrderingMatch
85 2.4. caseExactSubstringsMatch
86 2.5. caseIgnoreListSubstringsMatch
87 2.6. directoryStringFirstComponentMatch 5
88 2.7. integerOrderingMatch
90 2.9. numericStringOrderingMatch 6
91 2.10. octetStringOrderingMatch
92 2.11. storedPrefixMatch
100 3.6. documentIdentifier
101 3.7. documentLocation
102 3.8. documentPublisher 9
104 3.10. documentVersion
107 3.13. homePostalAddress
114 Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 2]
116 INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
121 3.20. organizationalStatus
122 3.21. otherMailbox 12
128 3.27. uniqueIdentifier
134 4.4. domainRelatedObject
136 4.6. rFC822LocalPart 16
138 4.8. simpleSecurityObject
139 5. Security Considerations 17
140 6. IANA Considerations
141 7. Acknowledgments 19
143 9. Normative References
144 10. Informative References
148 1. Background and Intended Use
150 This document provides descriptions [RFC2252] of user schema for use
151 with LDAP [LDAPTS] collected from numerous sources.
153 This document includes a summary of select schema introduced for the
154 COSINE and Internet X.500 pilot projects [RFC1274]. This document
157 This document includes a summary of X.500 user schema [X.520] not
158 previously specified for use with LDAP. Some of these items were
159 described in the inetOrgPerson [RFC2798] schema. This document
160 supersedes these descriptions, replacing sections 9.1.3 and 9.3.3 of
166 This section introduces LDAP matching rules based upon descriptions of
170 Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 3]
172 INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
175 their X.500 counterparts.
180 BooleanMatch compares for equality a asserted Boolean value with an
181 attribute value of BOOLEAN syntax. The rule returns TRUE if and only
182 if the values are the same, i.e. both are TRUE or both are FALSE.
185 ( 2.5.13.13 NAME 'booleanMatch'
186 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
191 CaseExactMatch compares for equality the asserted value with an
192 attribute value of DirectoryString syntax. The rule is identical to
193 the caseIgnoreMatch [RFC2252] rule except that case is not ignored.
196 ( 2.5.13.5 NAME 'caseExactMatch'
197 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
200 2.3. caseExactOrderingMatch
202 CaseExactOrderingMatch compares the collation order of the asserted
203 string with an attribute value of DirectoryString syntax. The rule is
204 identical to the caseIgnoreOrderingMatch [RFC2252] rule except that
205 letters are not folded. (Source: X.520)
207 ( 2.5.13.6 NAME 'caseExactOrderingMatch'
208 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
211 2.4. caseExactSubstringsMatch
213 CaseExactSubstringsMatch determines whether the asserted value(s) are
214 substrings of an attribute value of DirectoryString syntax. The rule
215 is identical to the caseIgnoreSubstringsMatch [RFC2252] rule except
216 that case is not ignored. (Source: X.520)
218 ( 2.5.13.7 NAME 'caseExactSubstringsMatch'
219 SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
222 2.5. caseIgnoreListSubstringsMatch
226 Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 4]
228 INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
231 CaseIgnoreListSubstringMatch compares the asserted substring with an
232 attribute value which is a sequence of DirectoryStrings, but where the
233 case (upper or lower) is not significant for comparison purposes. The
234 asserted value matches a stored value if and only if the asserted
235 value matches the string formed by concatenating the strings of the
236 stored value. This matching is done according to the
237 caseIgnoreSubstringsMatch [RFC2252] rule; however, none of the
238 initial, any, or final values of the asserted value are considered to
239 match a substring of the concatenated string which spans more than one
240 of the strings of the stored value. (Source: X.520)
242 ( 2.5.13.12 NAME 'caseIgnoreListSubstringsMatch'
243 SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
246 2.6. directoryStringFirstComponentMatch
248 DirectoryStringFirstComponentMatch compares for equality the asserted
249 DirectoryString value with an attribute value of type SEQUENCE whose
250 first component is mandatory and of type DirectoryString. The rule
251 returns TRUE if and only if the attribute value has a first component
252 whose value matches the asserted DirectoryString using the rules of
253 caseIgnoreMatch [RFC2252]. A value of the assertion syntax is derived
254 from a value of the attribute syntax by using the value of the first
255 component of the SEQUENCE. (Source: X.520)
257 ( 2.5.13.31 NAME 'directoryStringFirstComponentMatch'
258 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
261 2.7. integerOrderingMatch
263 The integerOrderingMatch rule compares the ordering of the asserted
264 integer with an attribute value of Integer syntax. The rule returns
265 True if the attribute value is less than the asserted value. (Source:
268 ( 2.5.13.15 NAME 'integerOrderingMatch'
269 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
274 The keywordMatch rule compares the asserted string with keywords in an
275 attribute value of DirectoryString syntax. The rule returns TRUE if
276 and only if the asserted value matches any keyword in the attribute
277 value. The identification of keywords in an attribute value and of
278 the exactness of match are both implementation specific. (Source:
282 Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 5]
284 INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
289 ( 2.5.13.32 NAME 'keywordMatch'
290 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
293 2.9. numericStringOrderingMatch
295 NumericStringOrderingMatch compares the collation order of the
296 asserted string with an attribute value of NumericString syntax. The
297 rule is identical to the caseIgnoreOrderingMatch [RFC2252] rule except
298 that all space characters are skipped during comparison (case is
299 irrelevant as characters are numeric). (Source: X.520)
301 ( 2.5.13.9 NAME 'numericStringOrderingMatch'
302 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )
305 2.10. octetStringOrderingMatch
307 OctetStringOrderingMatch compares the collation order of the asserted
308 octet string with an attribute value of OCTET STRING syntax. The rule
309 compares octet strings from first octet to last octet, and from the
310 most significant bit to the least significant bit within the octet.
311 The first occurrence of a different bit determines the ordering of the
312 strings. A zero bit precedes a one bit. If the strings are identical
313 but contain different numbers of octets, the shorter string precedes
314 the longer string. (Source: X.520)
316 ( 2.5.13.18 NAME 'octetStringOrderingMatch'
317 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
320 2.11. storedPrefixMatch
322 StoredPrefixMatch determines whether an attribute value, whose syntax
323 is DirectoryString, is a prefix (i.e. initial substring) of the
324 asserted value, without regard to the case (upper or lower) of the
325 strings. The rule returns TRUE if and only if the attribute value is
326 an initial substring of the asserted value with corresponding
327 characters identical except possibly with regard to case. (Source:
330 ( 2.5.13.41 NAME 'storedPrefixMatch'
331 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
333 Note: This rule can be used, for example, to compare values in the
334 Directory which are telephone area codes with a purported value
338 Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 6]
340 INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
343 which is a telephone number.
348 The wordMatch rule compares the asserted string with words in an
349 attribute value of DirectoryString syntax. The rule returns TRUE if
350 and only if the asserted word matches any word in the attribute value.
351 Individual word matching is as for the caseIgnoreMatch [RFC2252]
352 matching rule. The precise definition of a "word" is implementation
353 specific. (Source: X.520)
355 ( 2.5.13.32 NAME 'wordMatch'
356 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
361 This section details attribute types for use in LDAP.
364 3.1. associatedDomain
366 The associatedDomain attribute type specifies a DNS domain [RFC1034]
367 which is associated with an object. For example, the entry in the DIT
368 with a distinguished name "DC=example,DC=com" might have an associated
369 domain of "example.com". (Source: RFC 1274)
371 ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
372 EQUALITY caseIgnoreIA5Match
373 SUBSTR caseIgnoreIA5SubstringsMatch
374 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
379 The associatedName attribute type specifies an entry in the
380 organizational DIT associated with a DNS domain [RFC1034]. (Source:
383 ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
384 EQUALITY distinguishedNameMatch
385 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
390 The buildingName attribute type specifies the name of the building
394 Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 7]
396 INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
399 where an organization or organizational unit is based. (Source: RFC
402 ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
403 EQUALITY caseIgnoreMatch
404 SUBSTR caseIgnoreSubstringsMatch
405 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
410 The co (Friendly Country Name) attribute type specifies names of
411 countries in human readable format. It is commonly used in
412 conjunction with the c (Country Name) [RFC2256] attribute type (which
413 restricted to one of the two-letter codes defined in [ISO3166]).
416 ( 0.9.2342.19200300.100.1.43
417 NAME ( 'co' 'friendlyCountryName' )
418 EQUALITY caseIgnoreMatch
419 SUBSTR caseIgnoreSubstringsMatch
420 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
425 The documentAuthor attribute type specifies the distinguished name of
426 the author of a document. (Source: RFC 1274)
428 ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
429 EQUALITY distinguishedNameMatch
430 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
433 3.6. documentIdentifier
435 The documentIdentifier attribute type specifies a unique identifier
436 for a document. (Source: RFC 1274)
438 ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
439 EQUALITY caseIgnoreMatch
440 SUBSTR caseIgnoreSubstringsMatch
441 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
444 3.7. documentLocation
446 The documentLocation attribute type specifies the location of the
450 Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 8]
452 INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
455 document original. (Source: RFC 1274)
457 ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
458 EQUALITY caseIgnoreMatch
459 SUBSTR caseIgnoreSubstringsMatch
460 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
463 3.8. documentPublisher
465 The documentPublisher attribute is the person and/or organization that
466 published a document. (Source: RFC 1274)
468 ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
469 EQUALITY caseIgnoreMatch
470 SUBSTR caseIgnoreSubstringsMatch
471 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
476 The documentTitle attribute type specifies the title of a document.
479 ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
480 EQUALITY caseIgnoreMatch
481 SUBSTR caseIgnoreSubstringsMatch
482 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
485 3.10. documentVersion
487 The documentVersion attribute type specifies the version number of a
488 document. (Source: RFC 1274)
490 ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
491 EQUALITY caseIgnoreMatch
492 SUBSTR caseIgnoreSubstringsMatch
493 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
498 The drink (Favourite Drink) attribute type specifies the favorite
499 drink of an object (or person). (Source: RFC 1274)
501 ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDrink' )
502 EQUALITY caseIgnoreMatch
506 Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 9]
508 INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
511 SUBSTR caseIgnoreSubstringsMatch
512 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
517 The homePhone (Home Telephone Number) attribute type specifies a home
518 telephone number (e.g., "+44 71 123 4567") associated with a person.
521 ( 0.9.2342.19200300.100.1.20
522 NAME ( 'homePhone' 'homeTelephoneNumber' )
523 EQUALITY telephoneNumberMatch
524 SUBSTR telephoneNumberSubstringsMatch
525 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
528 3.13. homePostalAddress
530 The homePostalAddress attribute type specifies a home postal address
531 for an object. This SHOULD be limited to up to 6 lines of 30
532 characters each. (Source: RFC 1274)
534 ( 0.9.2342.19200300.100.1.39
535 NAME 'homePostalAddress'
536 EQUALITY caseIgnoreListMatch
537 SUBSTR caseIgnoreListSubstringsMatch
538 SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
543 The host attribute type specifies a host computer. (Source: RFC 1274)
545 ( 0.9.2342.19200300.100.1.9
547 EQUALITY caseIgnoreMatch
548 SUBSTR caseIgnoreSubstringsMatch
549 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
554 The info (Information) attribute type specifies any general
555 information pertinent to an object. It is RECOMMENDED that specific
556 usage of this attribute type is avoided, and that specific
557 requirements are met by other (possibly additional) attribute types.
558 Note that the description attribute type [RFC2256] is available for
562 Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 10]
564 INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
567 specifying descriptive information pertinent to an object. (Source:
570 ( 0.9.2342.19200300.100.1.4
572 EQUALITY caseIgnoreMatch
573 SUBSTR caseIgnoreSubstringsMatch
574 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
579 The mail (rfc822mailbox) attribute type holds an the electronic mail
580 address in [RFC822] form (e.g.: user@example.com). Note that this
581 attribute SHOULD NOT be used to hold non-Internet addresses. (Source:
585 ( 0.9.2342.19200300.100.1.3
586 NAME ( 'mail' 'rfc822Mailbox' )
587 EQUALITY caseIgnoreIA5Match
588 SUBSTR caseIgnoreIA5SubstringsMatch
589 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
594 The Manager attribute type specifies the manager of an object
595 represented by an entry. (Source: RFC 1274)
597 ( 0.9.2342.19200300.100.1.10
599 EQUALITY distinguishedNameMatch
600 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
605 The mobile (Mobile Telephone Number) attribute type specifies a mobile
606 telephone number (e.g., "+44 71 123 4567") associated with a person.
609 ( 0.9.2342.19200300.100.1.41
610 NAME ( 'mobile' 'mobileTelephoneNumber' )
611 EQUALITY telephoneNumberMatch
612 SUBSTR telephoneNumberSubstringsMatch
613 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
618 Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 11]
620 INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
623 3.20. organizationalStatus
625 The organizationalStatus attribute type specifies a category by which
626 a person is often referred to in an organization. Examples of usage
627 in academia might include undergraduate student, researcher, lecturer,
630 A Directory administrator SHOULD consider carefully the distinctions
631 between this and the title and userClass attributes. (Source: RFC
634 ( 0.9.2342.19200300.100.1.45
635 NAME 'organizationalStatus'
636 EQUALITY caseIgnoreMatch
637 SUBSTR caseIgnoreSubstringsMatch
638 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
643 The otherMailbox attribute type specifies values for electronic
644 mailbox types other than X.400 and RFC822. (Source: RFC 1274)
646 ( 0.9.2342.19200300.100.1.22
648 SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )
653 The pager (Pager Telephone Number) attribute type specifies a pager
654 telephone number (e.g., "+44 71 123 4567") for an object. (Source:
657 ( 0.9.2342.19200300.100.1.42
658 NAME ( 'pager' 'pagerTelephoneNumber' )
659 EQUALITY telephoneNumberMatch
660 SUBSTR telephoneNumberSubstringsMatch
661 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
666 The personalTitle attribute type specifies a personal title for a
667 person. Examples of personal titles are "Frau", "Dr", "Herr", and
668 "Prof". (Source: RFC 1274)
670 ( 0.9.2342.19200300.100.1.40
674 Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 12]
676 INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
680 EQUALITY caseIgnoreMatch
681 SUBSTR caseIgnoreSubstringsMatch
682 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
687 The roomNumber attribute type specifies the room number of an object.
688 Note that the cn (commonName) attribute type SHOULD be used for naming
689 room objects. (Source: RFC 1274)
691 ( 0.9.2342.19200300.100.1.6
693 EQUALITY caseIgnoreMatch
694 SUBSTR caseIgnoreSubstringsMatch
695 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
700 The secretary attribute type specifies the secretary of a person. The
701 attribute value for Secretary is a distinguished name. (Source: RFC
704 ( 0.9.2342.19200300.100.1.21
706 EQUALITY distinguishedNameMatch
707 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
712 The uid (userid) attribute type specifies a computer system login
713 name. (Source: RFC 1274)
715 ( 0.9.2342.19200300.100.1.1
716 NAME ( 'uid' 'userid' )
717 EQUALITY caseIgnoreMatch
718 SUBSTR caseIgnoreSubstringsMatch
719 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
722 3.27. uniqueIdentifier
724 The Unique Identifier attribute type specifies a "unique identifier"
725 for an object represented in the Directory. The domain within which
726 the identifier is unique, and the exact semantics of the identifier,
730 Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 13]
732 INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
735 are for local definition. For a person, this might be an institution-
736 wide payroll number. For an organizational unit, it might be a
737 department code. An attribute value for uniqueIdentifier is a
738 directoryString. (Source: RFC 1274)
740 ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
741 EQUALITY caseIgnoreMatch
742 SUBSTR caseIgnoreSubstringsMatch
743 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
745 Note: X.520 describes an attribute also called 'uniqueIdentifier'
746 (2.5.4.45) which is called 'x500UniqueIdentifier' in LDAP
747 [RFC2256]. The attribute detailed here ought not be confused
748 with x500UniqueIdentifier.
753 The userClass attribute type specifies a category of computer user.
754 The semantics placed on this attribute are for local interpretation.
755 Examples of current usage od this attribute in academia are
756 undergraduate student, researcher, lecturer, etc. Note that the
757 organizationalStatus attribute type is now often be preferred as it
758 makes no distinction between computer users and others. (Source: RFC
761 ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
762 EQUALITY caseIgnoreMatch
763 SUBSTR caseIgnoreSubstringsMatch
764 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
769 This section details object classes for use in LDAP.
774 The account object class is used to define entries representing
775 computer accounts. The uid (userid) attribute SHOULD be used for
776 naming entries of this object class. (Source: RFC 1274)
778 ( 0.9.2342.19200300.100.4.5
782 MAY ( description $ seeAlso $ l $ o $ ou $ host ) )
786 Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 14]
788 INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
793 The document object class is used to define entries which represent
794 documents. (Source: RFC 1274)
796 ( 0.9.2342.19200300.100.4.6
799 MUST documentIdentifier
800 MAY ( cn $ description $ seeAlso $ l $ o $ ou $
801 documentTitle $ documentVersion $ documentAuthor $
802 documentLocation $ documentPublisher ) )
807 The documentSeries object class is used to define an entry which
808 represents a series of documents (e.g., The Request For Comments
809 memos). (Source: RFC 1274)
811 ( 0.9.2342.19200300.100.4.9
812 NAME 'documentSeries'
815 MAY ( description $ l $ o $ ou $ seeAlso $
819 4.4. domainRelatedObject
821 The domainRelatedObject object class is used to define entries which
822 represent DNS domains which are "equivalent" to an X.500 domain: e.g.,
823 an organization or organizational unit. (Source: RFC 1274)
825 ( 0.9.2342.19200300.100.4.17
826 NAME 'domainRelatedObject'
828 MUST associatedDomain )
833 The friendlyCountry object class is used to define country entries in
834 the DIT. The object class is used to allow friendlier naming of
835 countries than that allowed by the object class country [RFC2256].
838 ( 0.9.2342.19200300.100.4.18
842 Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 15]
844 INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
847 NAME 'friendlyCountry'
848 SUP country STRUCTURAL
854 The rFC822LocalPart object class is used to define entries which
855 represent the local part of [RFC822] mail addresses. This treats this
856 part of an RFC 822 address as a domain [RFC2247]. (Source: RFC 1274)
858 ( 0.9.2342.19200300.100.4.14
859 NAME 'rFC822localPart'
860 SUP domain STRUCTURAL
861 MAY ( cn $ description $ destinationIndicator $
862 facsimileTelephoneNumber $ internationaliSDNNumber $
863 physicalDeliveryOfficeName $ postalAddress $
864 postalCode $ postOfficeBox $ preferredDeliveryMethod $
865 registeredAddress $ seeAlso $ sn $ street $
866 telephoneNumber $ teletexTerminalIdentifier $
867 telexNumber $ x121Address ) )
872 The room object class is used to define entries representing rooms.
873 The cn (commonName) attribute SHOULD be used for naming entries of
874 this object class. (Source: RFC 1274)
876 ( 0.9.2342.19200300.100.4.7 NAME 'room'
879 MAY ( roomNumber $ description $
880 seeAlso $ telephoneNumber ) )
883 4.8. simpleSecurityObject
885 The simpleSecurityObject object class is used to require an entry to
886 have a userPassword attribute when the entry's structural object class
887 does not require (or allow) the userPassword attribute. (Source: RFC
891 ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
898 Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 16]
900 INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
903 Note: Security considerations related to the use of simple
904 authentication mechanisms in LDAP are discussed in RFC 2829
908 5. Security Considerations
910 General LDAP security considerations [LDAPTS] is applicable to the use
911 of this schema. Additional considerations are noted above where
915 6. IANA Considerations
917 It is requested that IANA update the LDAP descriptors registry as
918 indicated the following template:
920 Subject: Request for LDAP Descriptor Registration Update
921 Descriptor (short name): see comment
922 Object Identifier: see comment
923 Person & email address to contact for further information:
924 Kurt Zeilenga <kurt@OpenLDAP.org>
926 Specification: RFCXXXX
927 Author/Change Controller: IESG
930 The following descriptors should be added:
933 ------------------------ ---- ---------
934 booleanMatch M 2.5.13.13
935 caseExactMatch M 2.5.13.5
936 caseExactOrderingMatch M 2.5.13.6
937 caseExactSubstringsMatch M 2.5.13.7
938 caseIgnoreListSubstringsMatch M 2.5.13.12
939 directoryStringFirstComponentMatch M 2.5.13.31
940 integerOrderingMatch M 2.5.13.15
941 keywordMatch M 2.5.13.32
942 numericStringOrderingMatch M 2.5.13.9
943 octetStringOrderingMatch M 2.5.13.18
944 storedPrefixMatch M 2.5.13.41
945 wordMatch M 2.5.13.32
947 The following descriptors should be updated to refer to RFC XXXX.
950 ------------------------ ---- --------------------------
954 Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 17]
956 INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
959 account O 0.9.2342.19200300.100.4.5
960 associatedDomain A 0.9.2342.19200300.100.1.37
961 associatedName A 0.9.2342.19200300.100.1.38
962 buildingName A 0.9.2342.19200300.100.1.48
963 co A 0.9.2342.19200300.100.1.43
964 document O 0.9.2342.19200300.100.4.6
965 documentAuthor A 0.9.2342.19200300.100.1.14
966 documentIdentifier A 0.9.2342.19200300.100.1.11
967 documentLocation A 0.9.2342.19200300.100.1.15
968 documentPublisher A 0.9.2342.19200300.100.1.56
969 documentSeries O 0.9.2342.19200300.100.4.8
970 documentTitle A 0.9.2342.19200300.100.1.12
971 documentVersion A 0.9.2342.19200300.100.1.13
972 domainRelatedObject O 0.9.2342.19200300.100.4.17
973 drink A 0.9.2342.19200300.100.1.5
974 favouriteDrink A 0.9.2342.19200300.100.1.5
975 friendlyCountry O 0.9.2342.19200300.100.4.18
976 friendlyCountryName A 0.9.2342.19200300.100.1.43
977 homePhone A 0.9.2342.19200300.100.1.20
978 homePostalAddress A 0.9.2342.19200300.100.1.39
979 homeTelephone A 0.9.2342.19200300.100.1.20
980 host A 0.9.2342.19200300.100.1.9
981 info A 0.9.2342.19200300.100.1.4
982 mail A 0.9.2342.19200300.100.1.3
983 manager A 0.9.2342.19200300.100.1.10
984 mobile A 0.9.2342.19200300.100.1.41
985 mobileTelephoneNumber A 0.9.2342.19200300.100.1.41
986 organizationalStatus A 0.9.2342.19200300.100.1.45
987 otherMailbox A 0.9.2342.19200300.100.1.22
988 pager A 0.9.2342.19200300.100.1.42
989 pagerTelephoneNumber A 0.9.2342.19200300.100.1.42
990 personalTitle A 0.9.2342.19200300.100.1.40
991 RFC822LocalPart O 0.9.2342.19200300.100.4.14
992 RFC822Mailbox A 0.9.2342.19200300.100.1.3
993 room O 0.9.2342.19200300.100.4.7
994 roomNumber A 0.9.2342.19200300.100.1.6
995 secretary A 0.9.2342.19200300.100.1.21
996 simpleSecurityObject O 0.9.2342.19200300.100.4.19
997 singleLevelQuality A 0.9.2342.19200300.100.1.50
998 uid A 0.9.2342.19200300.100.1.1
999 uniqueIdentifier A 0.9.2342.19200300.100.1.44
1000 userClass A 0.9.2342.19200300.100.1.8
1001 userId A 0.9.2342.19200300.100.1.1
1003 where Type A is Attribute, Type O is ObjectClass, and Type M
1010 Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 18]
1012 INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
1015 This document make no OID assignments, it only associates LDAP schema
1016 descriptions with existing elements of X.500 schema.
1021 This document borrows from a number of IETF documents including RFC
1022 1274 by Paul Barker and Steve Kille. This document also borrows from
1023 a number of ITU documents including X.520.
1033 9. Normative References
1035 [RFC822] D. Crocker, "Standard for the format of ARPA Internet text
1036 messages", STD 11 (also RFC 822), August 1982.
1038 [RFC1034] P.V. Mockapetris, "Domain names - concepts and facilities",
1039 STD 13 (also RFC 1034), November 1987.
1041 [RFC2119] S. Bradner, "Key words for use in RFCs to Indicate
1042 Requirement Levels", BCP 14 (also RFC 2119), March 1997.
1044 [RFC2247] S. Kille, M. Wahl, A. Grimstad, R. Huber, S. Sataluri,
1045 "Using Domains in LDAP/X.500 Distinguished Names", January
1048 [RFC2252] M. Wahl, A. Coulbeck, T. Howes, S. Kille, "Lightweight
1049 Directory Access Protocol (v3): Attribute Syntax
1050 Definitions", RFC 2252, December 1997.
1052 [RFC2256] M. Wahl, "A Summary of the X.500(96) User Schema for use
1053 with LDAPv3", RFC 2256, December 1997.
1055 [RFC2829] M. Wahl, H. Alvestrand, J. Hodges, R. Morgan,
1056 "Authentication Methods for LDAP", RFC 2829, May 2000.
1058 [LDAPTS] J. Hodges, R. Morgan, "Lightweight Directory Access Protocol
1059 (v3): Technical Specification", draft-ietf-ldapbis-
1066 Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 19]
1068 INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
1071 10. Informative References
1073 [ISO3166] International Standards Organization, "Codes for the
1074 representation of names of countries", ISO 3166.
1076 [RFC1274] P. Barker, S. Kille, "The COSINE and Internet X.500 Schema",
1079 [RFC2798] M. Smith, "The LDAP inetOrgPerson Object Class", RFC 2798,
1082 [X.520] International Telephone Union, "The Directory: Selected
1083 Attribute Types", X.520, 1997.
1088 Copyright 2002, The Internet Society. All Rights Reserved.
1090 This document and translations of it may be copied and furnished to
1091 others, and derivative works that comment on or otherwise explain it
1092 or assist in its implementation may be prepared, copied, published and
1093 distributed, in whole or in part, without restriction of any kind,
1094 provided that the above copyright notice and this paragraph are
1095 included on all such copies and derivative works. However, this
1096 document itself may not be modified in any way, such as by removing
1097 the copyright notice or references to the Internet Society or other
1098 Internet organizations, except as needed for the purpose of
1099 developing Internet standards in which case the procedures for
1100 copyrights defined in the Internet Standards process must be followed,
1101 or as required to translate it into languages other than English.
1103 The limited permissions granted above are perpetual and will not be
1104 revoked by the Internet Society or its successors or assigns.
1106 This document and the information contained herein is provided on an
1107 "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE INTERNET
1108 ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED,
1109 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
1110 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
1111 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
1122 Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 20]