-
INTERNET-DRAFT Editor: Kurt D. Zeilenga
Intended Category: Standard Track OpenLDAP Foundation
-Expires in six months 27 October 2003
-Obsoletes: 2253
+Expires in six months 10 February 2005
+Obsoletes: RFC 2253
LDAP: String Representation of Distinguished Names
- <draft-ietf-ldapbis-dn-12.txt>
+ <draft-ietf-ldapbis-dn-16.txt>
Status of Memo
- This document is an Internet-Draft and is in full conformance with all
- provisions of Section 10 of RFC2026.
-
This document is intended to be, after appropriate review and
revision, submitted to the RFC Editor as a Standard Track document
replacing RFC 2253. Distribution of this memo is unlimited.
<ietf-ldapbis@openldap.org>. Please send editorial comments directly
to the document editor <Kurt@OpenLDAP.org>.
+ By submitting this Internet-Draft, I accept the provisions of Section
+ 4 of RFC 3667. By submitting this Internet-Draft, I certify that any
+ applicable patent or other IPR claims of which I am aware have been
+ disclosed, or will be disclosed, and any of which I become aware will
+ be disclosed, in accordance with RFC 3668.
+
Internet-Drafts are working documents of the Internet Engineering Task
- Force (IETF), its areas, and its working groups. Note that other
+ Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts.
+
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
- time. It is inappropriate to use Internet-Drafts as reference
- material or to cite them other than as ``work in progress.''
+ time. It is inappropriate to use Internet-Drafts as reference material
+ or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
- <http://www.ietf.org/ietf/1id-abstracts.txt>. The list of
- Internet-Draft Shadow Directories can be accessed at
- <http://www.ietf.org/shadow.html>.
-
- Copyright (C) The Internet Society (2003). All Rights Reserved.
-
- Please see the Full Copyright section near the end of this document
- for more information.
-
-
+ http://www.ietf.org/1id-abstracts.html
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+ Copyright (C) The Internet Society (2005). All Rights Reserved.
+ Please see the Full Copyright section near the end of this document
+ for more information.
Zeilenga LDAP: Distinguished Names [Page 1]
\f
-INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
Abstract
names, while being able to represent any distinguished name.
-Conventions
-
- The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
- "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
- document are to be interpreted as described in BCP 14 [RFC2119].
-
-
1. Background and Intended Usage
In X.500-based directory systems [X.500], including those accessed
from its ASN.1 structured representation to a string, all algorithms
MUST produce strings which adhere to the requirements of Section 3.
+ This document does not define a canonical string representation for
+ DNs. Comparison of DNs for equality is to be performed in accordance
+ with the distinguishedNameMatch matching rule [Syntaxes].
+
+ This document is a integral part of the LDAP technical specification
+ [Roadmap] which obsoletes the previously defined LDAP technical
+
Zeilenga LDAP: Distinguished Names [Page 2]
\f
-INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
- This document does not define a canonical string representation for
- DNs. Comparison of DNs for equality is to be performed in accordance
- with the distinguishedNameMatch matching rule [Syntaxes].
+ specification, RFC 3377, in its entirety. This document obsoletes RFC
+ 2253. Changes since RFC 2253 are summarized in Appendix B.
- This document is an integral part of the LDAP Technical Specification
- [Roadmap].
+ This specification assumes familiarity with X.500 [X.500] and the
+ concept of Distinguished Name [X.501][Models].
- This document obsoletes RFC 2253. Changes since RFC 2253 are
- summarized in Appendix B.
- This specification assumes familiarity with X.500 [X.500], and the
- concept of Distinguished Name [X.501][Models].
+1.1. Conventions
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14 [RFC2119].
+
+ Character names in this document use the notation for code points and
+ names from the Unicode Standard [Unicode]. For example, the letter
+ "a" may be represented as either <U+0061> or <LATIN SMALL LETTER A>.
+
+ Note: a glossary of terms used in Unicode can be found in [Glossary].
+ Information on the Unicode character encoding model can be found in
+ [CharModel].
2. Converting DistinguishedName from ASN.1 to a String
This section defines the RECOMMENDED algorithm for converting a
distinguished name from an ASN.1 structured representation to an UTF-8
- [UTF-8] encoded Universal Character Set (UCS) [ISO10646] character
- string representation. Other documents may describe other algorithms
- for converting a distinguished name to a string, but only strings
- which conform to the grammar defined in Section 3 MUST be produced by
- LDAP implementations.
+ [RFC3629] encoded Unicode [Unicode] character string representation.
+ Other documents may describe other algorithms for converting a
+ distinguished name to a string, but only strings which conform to the
+ grammar defined in Section 3 SHALL be produced by LDAP
+ implementations.
2.1. Converting the RDNSequence
+
+
+Zeilenga LDAP: Distinguished Names [Page 3]
+\f
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
+
+
If the RDNSequence is an empty sequence, the result is the empty or
zero length string.
2.2), starting with the last element of the sequence and moving
backwards toward the first.
-
-
-Zeilenga LDAP: Distinguished Names [Page 3]
-\f
-INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
-
-
The encodings of adjoining RelativeDistinguishedNames are separated by
- a comma ("," U+002C) character.
+ a comma (',' U+002C) character.
2.2. Converting RelativeDistinguishedName
AttributeTypeAndValue (according to Section 2.3), in any order.
Where there is a multi-valued RDN, the outputs from adjoining
- AttributeTypeAndValues are separated by a plus sign ("+" U+002B)
+ AttributeTypeAndValues are separated by a plus sign ('+' U+002B)
character.
2.3. Converting AttributeTypeAndValue
The AttributeTypeAndValue is encoded as the string representation of
- the AttributeType, followed by an equals ("=" U+003D) character,
+ the AttributeType, followed by an equals sign ('=' U+003D) character,
followed by the string representation of the AttributeValue. The
encoding of the AttributeValue is given in Section 2.4.
- If the AttributeType is defined to have a short name and that short
- name is known to be registered [REGISTRY][BCP64bis] as identifying the
- AttributeType, that short name, a <descr>, is used. Otherwise the
- AttributeType is encoded as the dotted-decimal encoding, a
- <numericoid>, of its OBJECT IDENTIFIER. The <descr> and <numericoid>
- is defined in [Models].
+ If the AttributeType is defined to have a short name (descriptor)
+ [Models] and that short name is known to be registered
+ [REGISTRY][BCP64bis] as identifying the AttributeType, that short
+ name, a <descr>, is used. Otherwise the AttributeType is encoded as
+ the dotted-decimal encoding, a <numericoid>, of its OBJECT IDENTIFIER.
+ The <descr> and <numericoid> is defined in [Models].
Implementations are not expected to dynamically update their knowledge
of registered short names. However, implementations SHOULD provide a
2.4. Converting an AttributeValue from ASN.1 to a String
If the AttributeType is of the dotted-decimal form, the AttributeValue
- is represented by an number sign ("#" U+0023) character followed by
+ is represented by an number sign ('#' U+0023) character followed by
the hexadecimal encoding of each of the octets of the BER encoding of
- the X.500 AttributeValue. This form is also used when the syntax of
- the AttributeValue does not have a native string encoding defined for
- it or the native string encoding is not restricted to UTF-8 encoded
- UCS (or a subset of UCS) characters. This form may also be used in
- other cases, such as when a reversible string representation is
- desired (see Section 5.2).
-
- Otherwise, if the AttributeValue is of a syntax which has a native
Zeilenga LDAP: Distinguished Names [Page 4]
\f
-INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
- string encoding, the value is converted first to a UTF-8 encoded UCS
- string according to its syntax specification (see for example Section
- 6 of [Syntaxes]). If that UTF-8 encoded UCS string does not have any
- of the following characters which need escaping, then that string can
- be used as the string representation of the value.
-
- - a space (" " U+0020) or number sign ("#" U+0023) occurring at
+ the X.500 AttributeValue. This form is also used when the syntax of
+ the AttributeValue does not have a LDAP-specific [Syntaxes, Section
+ 3.1] string encoding defined for it or the LDAP-specific string
+ encoding is not restricted to UTF-8 encoded Unicode characters. This
+ form may also be used in other cases, such as when a reversible string
+ representation is desired (see Section 5.2).
+
+ Otherwise, if the AttributeValue is of a syntax which has a
+ LDAP-specific string encoding, the value is converted first to a UTF-8
+ encoded Unicode string according to its syntax specification (see
+ [Syntaxes, Section 3.3] for examples). If that UTF-8 encoded Unicode
+ string does not have any of the following characters which need
+ escaping, then that string can be used as the string representation of
+ the value.
+
+ - a space (' ' U+0020) or number sign ('#' U+0023) occurring at
the beginning of the string;
- - a space (" " U+0020) character occurring at the end of the
+ - a space (' ' U+0020) character occurring at the end of the
string;
- - one of the characters """, "+", ",", ";", "<", ">", or "\"
+ - one of the characters '"', '+', ',', ';', '<', '>', or '\'
(U+0022, U+002B, U+002C, U+003B, U+003C, U+003E, or U+005C
respectively);
character. Alternatively, if and only if the character to be escaped
is one of
- " ", """, "#", "+", ",", ";", "<", "=", ">", or "\"
+ ' ', '"', '#', '+', ',', ';', '<', '=', '>', or '\'
(U+0020, U+0022, U+0023, U+002B, U+002C, U+003B,
U+003C, U+003D, U+003E, U+005C respectively)
- it can be prefixed by a backslash ("\" U+0005C).
+ it can be prefixed by a backslash ('\' U+005C).
Examples of the escaping mechanism are shown in Section 4.
3. Parsing a String back to a Distinguished Name
The string representation of Distinguished Names is restricted to
- UTF-8 [UTF-8] encoded characters from the Universal Character Set
- (UCS) [ISO10646]. The structure of this string representation is
- specified using the following Augmented BNF [RFC2234] grammar:
-
- distinguishedName = [ relativeDistinguishedName
- *( COMMA relativeDistinguishedName ) ]
-
- relativeDistinguishedName = attributeTypeAndValue
- *( PLUS attributeTypeAndValue )
-
- attributeTypeAndValue = attributeType EQUALS attributeValue
+ UTF-8 [RFC3629] encoded Unicode [Unicode] characters. The structure
+ of this string representation is specified using the following
Zeilenga LDAP: Distinguished Names [Page 5]
\f
-INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
- attributeType = descr / numericoid
+ Augmented BNF [RFC2234] grammar:
+ distinguishedName = [ relativeDistinguishedName
+ *( COMMA relativeDistinguishedName ) ]
+ relativeDistinguishedName = attributeTypeAndValue
+ *( PLUS attributeTypeAndValue )
+ attributeTypeAndValue = attributeType EQUALS attributeValue
+ attributeType = descr / numericoid
attributeValue = string / hexstring
- ; The UTF-8 string shall not contain NULL, ESC, or
- ; one of escaped, shall not start with SHARP or SPACE,
- ; and shall must not end with SPACE.
- string = [ (leadchar / pair)
- [ *( stringchar / pair ) ( trailchar / pair ) ] ]
+ ; The following characters are to be escaped when they appear
+ ; in the value to be encoded: ESC, one of <escaped>, leading
+ ; SHARP or SPACE, trailing SPACE, and NULL.
+ string = [ ( leadchar / pair ) [ *( stringchar / pair )
+ ( trailchar / pair ) ] ]
- leadchar = LUTF1 / UTFMB
- LUTF1 = %x01-1F / %x21 / %x24-2A / %x2D-3A /
- %x3D / %x3F-5B / %x5D-7F
+ leadchar = LUTF1 / UTFMB
+ LUTF1 = %x01-1F / %x21 / %x24-2A / %x2D-3A /
+ %x3D / %x3F-5B / %x5D-7F
trailchar = TUTF1 / UTFMB
- TUTF1 = %x01-1F / %x21 / %x23-2A / %x2D-3A /
- %x3D / %x3F-5B / %x5D-7F
+ TUTF1 = %x01-1F / %x21 / %x23-2A / %x2D-3A /
+ %x3D / %x3F-5B / %x5D-7F
stringchar = SUTF1 / UTFMB
- SUTF1 = %x01-21 / %x23-2A / %x2D-3A /
- %x3D / %x3F-5B / %x5D-7F
+ SUTF1 = %x01-21 / %x23-2A / %x2D-3A /
+ %x3D / %x3F-5B / %x5D-7F
- pair = ESC ( ESC / special / hexpair )
-
- special = escaped / SPACE / SHARP / EQUALS
-
- escaped = DQUOTE / PLUS / COMMA / SEMI / LANGLE / RANGLE
-
- hexstring = SHARP 1*hexpair
-
- hexpair = HEX HEX
+ pair = ESC ( ESC / special / hexpair )
+ special = escaped / SPACE / SHARP / EQUALS
+ escaped = DQUOTE / PLUS / COMMA / SEMI / LANGLE / RANGLE
+ hexstring = SHARP 1*hexpair
+ hexpair = HEX HEX
where the productions <descr>, <numericoid>, <COMMA>, <DQUOTE>,
<EQUALS>, <ESC>, <HEX>, <LANGLE>, <NULL>, <PLUS>, <RANGLE>, <SEMI>,
appearing in the <string> as follows:
replace <ESC><ESC> with <ESC>;
replace <ESC><special> with <special>;
- replace <ESC><hexpair> with the octet indicated by the <hexpair>.
-
Zeilenga LDAP: Distinguished Names [Page 6]
\f
-INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
+
+ replace <ESC><hexpair> with the octet indicated by the <hexpair>.
If in <hexstring> form, a BER representation can be obtained from
converting each <hexpair> of the <hexstring> to the octet indicated by
DC domainComponent (0.9.2342.19200300.100.1.25)
UID userId (0.9.2342.19200300.100.1.1)
- Implementations MAY recognize other DN string representations
- (such as that described in RFC 1779). However, as there is no
- requirement that alternative DN string representations to be
- recognized (and, if so, how), implementations SHOULD only generate
- DN strings in accordance with Section 2 of this document.
+ Implementations MAY recognize other DN string representations (such as
+ that described in RFC 1779). However, as there is no requirement that
+ alternative DN string representations to be recognized (and, if so,
+ how), implementations SHOULD only generate DN strings in accordance
+ with Section 2 of this document.
4. Examples
- This notation is designed to be convenient for common forms of
- name. This section gives a few examples of distinguished names
- written using this notation. First is a name containing three
- relative distinguished names (RDNs):
+ This notation is designed to be convenient for common forms of name.
+ This section gives a few examples of distinguished names written using
+ this notation. First is a name containing three relative
+ distinguished names (RDNs):
- UID=jsmith,DC=example,DC=net
+ UID=jsmith,DC=example,DC=net
- Here is an example name containing three RDNs, in which the first
- RDN is multi-valued:
+ Here is an example name containing three RDNs, in which the first RDN
+ is multi-valued:
- OU=Sales+CN=J. Smith,DC=example,DC=net
-
- This example shows the method of escaping of a comma in a common
+ OU=Sales+CN=J. Smith,DC=example,DC=net
Zeilenga LDAP: Distinguished Names [Page 7]
\f
-INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
- name:
+ This example shows the method of escaping of a special characters
+ appearing in a common name:
- CN=John Smith\, III,DC=example,DC=net
+ CN=James \"Jim\" Smith\, III,DC=example,DC=net
- An example name in which a value contains a carriage return
- character:
+ The following shows the method for encoding a value which contains a
+ carriage return character:
- CN=Before\0dAfter,DC=example,DC=net
+ CN=Before\0dAfter,DC=example,DC=net
- An example name in which an RDN was of an unrecognized type. The
- value is the BER encoding of an OCTET STRING containing two octets
- 0x48 and 0x69.
+ In this RDN example, the type in the RDN is unrecognized, and the
+ value is the BER encoding of an OCTET STRING containing two octets
+ 0x48 and 0x69.
- 1.3.6.1.4.1.1466.0=#04024869,DC=example,DC=com
+ 1.3.6.1.4.1.1466.0=#04024869
- Finally, an example of an RDN commonName value consisting of 5
- letters:
+ Finally, this example shows an RDN whose commonName value consisting
+ of 5 letters:
- Unicode Letter Description UCS code UTF-8 Escaped
- ------------------------------- -------- ------ --------
+ Unicode Character Code UTF-8 Escaped
+ ------------------------------- ------ ------ --------
LATIN CAPITAL LETTER L U+004C 0x4C L
LATIN SMALL LETTER U U+0075 0x75 u
LATIN SMALL LETTER C WITH CARON U+010D 0xC48D \C4\8D
LATIN SMALL LETTER I U+0069 0x69 i
LATIN SMALL LETTER C WITH ACUTE U+0107 0xC487 \C4\87
- could be written in printable ASCII (useful for debugging purposes):
+ could be encoded in printable ASCII (useful for debugging purposes)
+ as:
CN=Lu\C4\8Di\C4\87
other real-world objects. This frequently includes some of the
following kinds of information:
- - the common name of the object (i.e. a person's full name)
- - an email or TCP/IP address
Zeilenga LDAP: Distinguished Names [Page 8]
\f
-INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
+ - the common name of the object (i.e. a person's full name)
+ - an email or TCP/IP address
- its physical location (country, locality, city, street address)
- organizational attributes (such as department name or affiliation)
- Most countries have privacy laws regarding the publication of
- information about people.
+ In some cases, such information can be considered sensitive. In many
+ countries, privacy laws exist which prohibit disclosure of certain
+ kinds of descriptive information (e.g., email addresses). Hence,
+ servers implementors are encouraged to support DIT structural rules
+ and name forms [Models] as these provide a mechanism for
+ administrators to select appropriate naming attributes for entries.
+ Administrators are encouraged to use these mechanisms, access
+ controls, and other administrative controls which may be available to
+ restrict use of attributes containing sensitive information in naming
+ of entries. Additionally, use of authentication and data security
+ services in LDAP [AuthMeth][Protocol] should be considered.
5.2. Use of Distinguished Names in Security Applications
For example, a distinguished name consisting of one RDN with one AVA,
in which the type is commonName and the value is of the TeletexString
choice with the letters 'Sam' would be represented in LDAP as the
- string CN=Sam. Another distinguished name in which the value is still
- 'Sam' but of the PrintableString choice would have the same
- representation CN=Sam.
+ string <CN=Sam>. Another distinguished name in which the value is
+ still 'Sam' but of the PrintableString choice would have the same
+ representation <CN=Sam>.
Applications which require the reconstruction of the DER form of the
value SHOULD NOT use the string representation of attribute syntaxes
when converting a distinguished name to the LDAP format. Instead,
- they SHOULD use the hexadecimal form prefixed by the number sign ('#')
- as described in the first paragraph of Section 2.3.
+ they SHOULD use the hexadecimal form prefixed by the number sign ('#'
+ U+0023) as described in the first paragraph of Section 2.4.
6. Acknowledgment
This document is a product of the IETF LDAPBIS Working Group.
+
+
+
+Zeilenga LDAP: Distinguished Names [Page 9]
+\f
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
+
+
7. Document Editor's Address
Kurt D. Zeilenga
OpenLDAP Foundation
- <Kurt@OpenLDAP.org>
+ Email: Kurt@OpenLDAP.org
-8. Normative References
-
- [X.501] International Telecommunication Union -
- Telecommunication Standardization Sector, "The Directory
+8. References
+ [[Note to the RFC Editor: please replace the citation tags used in
+ referencing Internet-Drafts with tags of the form RFCnnnn where
+ possible.]]
-Zeilenga LDAP: Distinguished Names [Page 9]
-\f
-INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
+8.1. Normative References
+ [X.501] International Telecommunication Union -
+ Telecommunication Standardization Sector, "The Directory
-- Models," X.501(1993) (also ISO/IEC 9594-2:1994).
[X.680] International Telecommunication Union -
[RFC2234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", RFC 2234, November 1997.
- [UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO
- 10646", draft-yergeau-rfc2279bis-xx.txt, a work in
- progress.
+ [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
+ 10646", RFC 3629 (also STD 63), November 2003.
+
+ [Unicode] The Unicode Consortium, "The Unicode Standard, Version
+ 3.2.0" is defined by "The Unicode Standard, Version 3.0"
+ (Reading, MA, Addison-Wesley, 2000. ISBN 0-201-61633-5),
+ as amended by the "Unicode Standard Annex #27: Unicode
+ 3.1" (http://www.unicode.org/reports/tr27/) and by the
+ "Unicode Standard Annex #28: Unicode 3.2"
+ (http://www.unicode.org/reports/tr28/).
[Models] Zeilenga, K. (editor), "LDAP: Directory Information
Models", draft-ietf-ldapbis-models-xx.txt, a work in
progress.
[Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
+
+
+
+Zeilenga LDAP: Distinguished Names [Page 10]
+\f
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
+
+
Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
progress.
draft-ietf-ldapbis-user-schema-xx.txt, a work in
progress.
- [ISO10646] International Organization for Standardization,
- "Universal Multiple-Octet Coded Character Set (UCS) -
- Architecture and Basic Multilingual Plane", ISO/IEC
- 10646-1 : 1993.
-
[REGISTRY] IANA, Object Identifier Descriptors Registry,
<http://www.iana.org/...>.
-9. Informative References
+8.2. Informative References
[ASCII] Coded Character Set--7-bit American Standard Code for
Information Interchange, ANSI X3.4-1986.
-
-
-
-Zeilenga LDAP: Distinguished Names [Page 10]
-\f
-INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
-
-
[X.500] International Telecommunication Union -
Telecommunication Standardization Sector, "The Directory
-- Overview of concepts, models and services,"
[RFC2849] Good, G., "The LDAP Data Interchange Format (LDIF) -
Technical Specification", RFC 2849, June 2000.
- [BCP64bis] Zeilenga, K., "IANA Considerations for LDAP", draft-
- ietf-ldapbis-bcp64-xx.txt, a work in progress.
+ [BCP64bis] Zeilenga, K., "IANA Considerations for LDAP",
+ draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.
+
+ [CharModel] Whistler, K. and M. Davis, "Unicode Technical Report
+ #17, Character Encoding Model", UTR17,
+ <http://www.unicode.org/unicode/reports/tr17/>, August
+ 2000.
+ [Glossary] The Unicode Consortium, "Unicode Glossary",
+ <http://www.unicode.org/glossary/>.
+
+
+
+
+
+Zeilenga LDAP: Distinguished Names [Page 11]
+\f
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
Appendix A. Presentation Issues
to users. This section is not comprehensive, it does not discuss all
presentation issues which implementors may face.
- Not all user interfaces are capable of displaying the full set of UCS
- characters. Some UCS characters are not displayable.
+ Not all user interfaces are capable of displaying the full set of
+ Unicode characters. Some Unicode characters are not displayable.
It is recommended that human interfaces use the optional hex pair
escaping mechanism (Section 2.3) to produce a string representation
demonstrated in the final example of Section 4).
When a DN string is displayed in free form text, it is often necessary
-
-
-
-Zeilenga LDAP: Distinguished Names [Page 11]
-\f
-INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
-
-
to distinguish the DN string from surrounding text. While this is
often done with white space (as demonstrated in Section 4), it is
noted that DN strings may end with white space. Careful readers of
- Section 3 will note that characters "<" (U+003C) and ">" (U+003E) may
+ Section 3 will note that characters '<' (U+003C) and '>' (U+003E) may
only appear in the DN string if escaped. These characters are
intended to be used in free form text to distinguish a DN string from
surrounding text. For example, <CN=Sam\ > distinguished the string
representation of the DN comprised of one RDN consisting of the AVA:
- the commonName (CN) value "Sam " from the surrounding text. It should
- be noted to the user that the wrapping "<" and ">" characters are not
+ the commonName (CN) value 'Sam ' from the surrounding text. It should
+ be noted to the user that the wrapping '<' and '>' characters are not
part of the DN string.
DN strings can be quite long. It is often desirable to line-wrap
and is to be removed before use in LDAP. For example,
The following DN string is long:
+
+
+
+Zeilenga LDAP: Distinguished Names [Page 12]
+\f
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
+
+
CN=Kurt D. Zeilenga,OU=Engineering,L=Redwood Shores,
O=OpenLDAP Foundation,ST=California,C=US
so it has been line-wrapped for readability. The extra white
The following substantive changes were made to RFC 2253:
- Removed IESG Note. The IESG Note has been addressed.
+ - Replaced all references to ISO 10646-1 with [Unicode].
- Clarified (in Section 1) that this document does not define a
-
-
-
-Zeilenga LDAP: Distinguished Names [Page 12]
-\f
-INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
-
-
canonical string representation.
+ - Clarified that Section 2 describes the RECOMMENDED encoding
+ algorithm and that alternative algorithms are allowed. Some
+ encoding options described in RFC 2253 are now treated as
+ alternative algorithms in this specification.
- Revised specification (in Section 2) to allow short names of any
registered attribute type to appear in string representations of
DNs instead of being restricted to a "published table". Remove
recognition of additional names but require recognization of those
names in the published table. The table is now published in
Section 3.
- - Replaced specification of additional requirements for LDAPv2
- implementations which also support LDAPv3 (RFC 2253, Section 4)
- with a statement (in Section 3) allowing recognition of
- alternative string representations.
- - Updated Section 2.3 to indicate attribute type name strings are
- case insensitive.
+ - Removed specification of additional requirements for LDAPv2
+ implementations which also support LDAPv3 (RFC 2253, Section 4) as
+ LDAPv2 is now Historic.
+ - Allow recognition of alternative string representations.
- Updated Section 2.4 to allow hex pair escaping of all characters
- and clarified escaping for when multiple octet UTF-8 characters
- are present.
+ and clarified escaping for when multiple octet UTF-8 encodings are
+ present. Indicated that null (U+0000) character is to be escaped.
+
+
+
+Zeilenga LDAP: Distinguished Names [Page 13]
+\f
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
+
+
+ Indicated that equals sign ('=' U+003D) character may be escaped
+ as '\='.
- Rewrote Section 3 to use ABNF as defined in RFC 2234.
- - Rewrote Section 3 ABNF to be consistent with 2.4.
+ - Updated the Section 3 ABNF. Changes include:
+ + allow AttributeType short names of length 1 (e.g., 'L'),
+ + use more restrictive <oid> production in AttributeTypes,
+ + do not require escaping of equals sign ('=' U+003D) characters,
+ + do not require escaping of non-leading number sign ('#' U+0023)
+ characters,
+ + allow space (' ' U+0020) to escaped as '\ ',
+ + require hex escaping of null (U+0000) characters, and
+ + removed LDAPv2-only constructs.
- Updated Section 3 to describe how to parse elements of the
grammar.
- Rewrote examples.
Intellectual Property Rights
The IETF takes no position regarding the validity or scope of any
- intellectual property or other rights that might be claimed to pertain
- to the implementation or use of the technology described in this
- document or the extent to which any license under such rights might or
- might not be available; neither does it represent that it has made any
- effort to identify any such rights. Information on the IETF's
- procedures with respect to rights in standards-track and
- standards-related documentation can be found in BCP-11. Copies of
- claims of rights made available for publication and any assurances of
- licenses to be made available, or the result of an attempt made to
- obtain a general license or permission for the use of such proprietary
- rights by implementors or users of this specification can be obtained
- from the IETF Secretariat.
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be found
+ in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this specification
+ can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr@ietf.org.
-Zeilenga LDAP: Distinguished Names [Page 13]
+
+
+Zeilenga LDAP: Distinguished Names [Page 14]
\f
-INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
+INTERNET-DRAFT draft-ietf-ldapbis-dn-16.txt 10 February 2005
- rights which may cover technology that may be required to practice
- this standard. Please address the information to the IETF Executive
- Director.
+Full Copyright
+ Copyright (C) The Internet Society (2005). This document is subject
+ to the rights, licenses and restrictions contained in BCP 78, and
+ except as set forth therein, the authors retain all their rights.
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-Full Copyright
- Copyright (C) The Internet Society (2003). All Rights Reserved.
- This document and translations of it may be copied and furnished to
- others, and derivative works that comment on or otherwise explain it
- or assist in its implmentation may be prepared, copied, published and
- distributed, in whole or in part, without restriction of any kind,
- provided that the above copyright notice and this paragraph are
- included on all such copies and derivative works. However, this
- document itself may not be modified in any way, such as by removing
- the copyright notice or references to the Internet Society or other
- Internet organizations, except as needed for the purpose of
- developing Internet standards in which case the procedures for
- copyrights defined in the Internet Standards process must be followed,
- or as required to translate it into languages other than English.
-Zeilenga LDAP: Distinguished Names [Page 14]
+
+
+
+
+
+
+Zeilenga LDAP: Distinguished Names [Page 15]
\f
+
projects / openldap / blobdiff