-INTERNET-DRAFT S. Legg, Editor
-draft-ietf-ldapbis-syntaxes-05.txt Adacel Technologies
-Intended Category: Standard Track K. Dally
-Obsoletes: RFC 2252, RFC 2256 The MITRE Corp.
- 27 February 2003
+INTERNET-DRAFT S. Legg
+draft-ietf-ldapbis-syntaxes-11.txt eB2Bcom
+Intended Category: Standards Track 23 June 2005
+Obsoletes: RFC 2252, RFC 2256 Updates: RFC 3698
- LDAP: Syntaxes and Matching Rules
+ Lightweight Directory Access Protocol (LDAP):
+ Syntaxes and Matching Rules
- Copyright (C) The Internet Society (2003). All Rights Reserved.
+ Copyright (C) The Internet Society (2005). All Rights Reserved.
Status of this Memo
+ By submitting this Internet-draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware
+ have been or will be disclosed, and any of which he or she becomes
+ aware will be disclosed, in accordance with Section 6 of BCP 79.
- This document is an Internet-Draft and is in full conformance with
- all provisions of Section 10 of RFC2026.
+ By submitting this Internet-draft, I accept the provisions of Section
+ 3 of BCP 78.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
material or to cite them other than as "work in progress".
The list of current Internet-Drafts can be accessed at
- http://www.ietf.org/ietf/1id-abstracts.txt
+ http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at
- http://www.ietf.org/shadow.html.
+ http://www.ietf.org/shadow.html
This document is intended to be, after appropriate review and
revision, submitted to the RFC Editor as a Standard Track document.
this document should take place on the IETF LDAP Revision Working
Group (LDAPbis) mailing list <ietf-ldapbis@openldap.org>. Please
send editorial comments directly to the editor
- <steven.legg@adacel.com.au>.
-
- This Internet-Draft expires on 27 August 2003.
+ <steven.legg@eb2bcom.com>.
+ This Internet-Draft expires on 23 December 2005.
Abstract
- Each attribute stored in a Lightweight Directory Access Protocol
- (LDAP) directory, and whose values may be transfered in the LDAP
-
-Legg & Dally Expires 27 August 2003 [Page 1]
+Legg Expires 23 December 2005 [Page 1]
\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+ Each attribute stored in a Lightweight Directory Access Protocol
+ (LDAP) directory, and whose values may be transfered in the LDAP
protocol, has a defined syntax which constrains the structure and
format of its values. The comparison semantics for values of a
syntax are not part of the syntax definition but are instead provided
-
-
-Legg & Dally Expires 27 August 2003 [Page 2]
+Legg Expires 23 December 2005 [Page 2]
\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
-
-1. Table of Contents
-
- 1. Table of Contents ............................................. 3
- 2. Introduction .................................................. 4
- 3. Conventions ................................................... 5
- 4. Syntaxes ...................................................... 5
- 4.1 General Considerations .................................... 5
- 4.2 Common Definitions ........................................ 6
- 4.3 Syntax Definitions ........................................ 7
- 4.3.1 Attribute Type Description ........................... 7
- 4.3.2 Bit String ........................................... 7
- 4.3.3 Boolean .............................................. 8
- 4.3.4 Country String ....................................... 8
- 4.3.5 Delivery Method ...................................... 9
- 4.3.6 Directory String ..................................... 9
- 4.3.7 DIT Content Rule Description ......................... 10
- 4.3.8 DIT Structure Rule Description ....................... 11
- 4.3.9 DN ................................................... 11
- 4.3.10 Enhanced Guide ...................................... 12
- 4.3.11 Facsimile Telephone Number .......................... 13
- 4.3.12 Fax ................................................. 13
- 4.3.13 Generalized Time .................................... 14
- 4.3.14 Guide ............................................... 15
- 4.3.15 IA5 String .......................................... 15
- 4.3.16 Integer ............................................. 16
- 4.3.17 JPEG ................................................ 16
- 4.3.18 LDAP Syntax Description ............................. 16
- 4.3.19 Matching Rule Description ........................... 17
- 4.3.20 Matching Rule Use Description ....................... 17
- 4.3.21 Name and Optional UID ............................... 18
- 4.3.22 Name Form Description ............................... 18
- 4.3.23 Numeric String ...................................... 19
- 4.3.24 Object Class Description ............................ 19
- 4.3.25 Octet String ........................................ 20
- 4.3.26 OID ................................................. 20
- 4.3.27 Other Mailbox ....................................... 21
- 4.3.28 Postal Address ...................................... 21
- 4.3.29 Printable String .................................... 22
- 4.3.30 Substring Assertion ................................. 23
- 4.3.31 Telephone Number .................................... 23
- 4.3.32 Teletex Terminal Identifier ......................... 24
- 4.3.33 Telex Number ........................................ 25
- 4.3.34 UTC Time ............................................ 25
- 5. Matching Rules ................................................ 26
- 5.1 General Considerations .................................... 26
- 5.2 Matching Rule Definitions ................................. 28
- 5.2.1 bitStringMatch ....................................... 28
- 5.2.2 caseExactIA5Match .................................... 28
-
-
-
-Legg & Dally Expires 27 August 2003 [Page 3]
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+Table of Contents
+
+ 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
+ 2. Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . 5
+ 3. Syntaxes . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
+ 3.1. General Considerations . . . . . . . . . . . . . . . . . 6
+ 3.2. Common Definitions . . . . . . . . . . . . . . . . . . . 7
+ 3.3. Syntax Definitions . . . . . . . . . . . . . . . . . . . 7
+ 3.3.1. Attribute Type Description . . . . . . . . . . . 7
+ 3.3.2. Bit String . . . . . . . . . . . . . . . . . . . 8
+ 3.3.3. Boolean. . . . . . . . . . . . . . . . . . . . . 8
+ 3.3.4. Country String . . . . . . . . . . . . . . . . . 8
+ 3.3.5. Delivery Method. . . . . . . . . . . . . . . . . 9
+ 3.3.6. Directory String . . . . . . . . . . . . . . . . 9
+ 3.3.7. DIT Content Rule Description . . . . . . . . . . 10
+ 3.3.8. DIT Structure Rule Description . . . . . . . . . 11
+ 3.3.9. DN . . . . . . . . . . . . . . . . . . . . . . . 11
+ 3.3.10. Enhanced Guide . . . . . . . . . . . . . . . . . 12
+ 3.3.11. Facsimile Telephone Number . . . . . . . . . . . 13
+ 3.3.12. Fax. . . . . . . . . . . . . . . . . . . . . . . 13
+ 3.3.13. Generalized Time . . . . . . . . . . . . . . . . 14
+ 3.3.14. Guide. . . . . . . . . . . . . . . . . . . . . . 15
+ 3.3.15. IA5 String . . . . . . . . . . . . . . . . . . . 16
+ 3.3.16. Integer. . . . . . . . . . . . . . . . . . . . . 16
+ 3.3.17. JPEG . . . . . . . . . . . . . . . . . . . . . . 16
+ 3.3.18. LDAP Syntax Description. . . . . . . . . . . . . 17
+ 3.3.19. Matching Rule Description. . . . . . . . . . . . 17
+ 3.3.20. Matching Rule Use Description. . . . . . . . . . 18
+ 3.3.21. Name and Optional UID. . . . . . . . . . . . . . 18
+ 3.3.22. Name Form Description. . . . . . . . . . . . . . 19
+ 3.3.23. Numeric String . . . . . . . . . . . . . . . . . 19
+ 3.3.24. Object Class Description . . . . . . . . . . . . 19
+ 3.3.25. Octet String . . . . . . . . . . . . . . . . . . 20
+ 3.3.26. OID. . . . . . . . . . . . . . . . . . . . . . . 20
+ 3.3.27. Other Mailbox. . . . . . . . . . . . . . . . . . 21
+ 3.3.28. Postal Address . . . . . . . . . . . . . . . . . 21
+ 3.3.29. Printable String . . . . . . . . . . . . . . . . 22
+ 3.3.30. Substring Assertion. . . . . . . . . . . . . . . 23
+ 3.3.31. Telephone Number . . . . . . . . . . . . . . . . 23
+ 3.3.32. Teletex Terminal Identifier. . . . . . . . . . . 24
+ 3.3.33. Telex Number . . . . . . . . . . . . . . . . . . 25
+ 3.3.34. UTC Time . . . . . . . . . . . . . . . . . . . . 25
+ 4. Matching Rules . . . . . . . . . . . . . . . . . . . . . . . . 26
+ 4.1. General Considerations . . . . . . . . . . . . . . . . . 26
+ 4.2. Matching Rule Definitions. . . . . . . . . . . . . . . . 28
+ 4.2.1. bitStringMatch . . . . . . . . . . . . . . . . . 28
+ 4.2.2. booleanMatch . . . . . . . . . . . . . . . . . . 29
+ 4.2.3. caseExactIA5Match. . . . . . . . . . . . . . . . 29
+
+
+
+Legg Expires 23 December 2005 [Page 3]
\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
-
- 5.2.3 caseIgnoreIA5Match ................................... 29
- 5.2.4 caseIgnoreIA5SubstringsMatch ......................... 29
- 5.2.5 caseIgnoreListMatch .................................. 29
- 5.2.6 caseIgnoreListSubstringsMatch ........................ 30
- 5.2.7 caseIgnoreMatch ...................................... 31
- 5.2.8 caseIgnoreOrderingMatch .............................. 31
- 5.2.9 caseIgnoreSubstringsMatch ............................ 32
- 5.2.10 distinguishedNameMatch .............................. 32
- 5.2.11 generalizedTimeMatch ................................ 33
- 5.2.12 generalizedTimeOrderingMatch ........................ 33
- 5.2.13 integerFirstComponentMatch .......................... 34
- 5.2.14 integerMatch ........................................ 34
- 5.2.15 numericStringMatch .................................. 34
- 5.2.16 numericStringSubstringsMatch ........................ 35
- 5.2.17 objectIdentifierFirstComponentMatch ................. 35
- 5.2.18 objectIdentifierMatch ............................... 36
- 5.2.19 octetStringMatch .................................... 36
- 5.2.20 telephoneNumberMatch ................................ 37
- 5.2.21 telephoneNumberSubstringsMatch ...................... 37
- 5.2.22 uniqueMemberMatch ................................... 38
- 6. Security Considerations ....................................... 38
- 7. Acknowledgements .............................................. 39
- 8. IANA Considerations ........................................... 39
- 9. Normative References .......................................... 40
- 10. Informative References ....................................... 42
- 11. Authors' Addresses ........................................... 42
- 12. Copyright Notice ............................................. 43
- Appendix A. Summary of Syntax Object Identifiers ................. 43
- Appendix B. Changes from RFC 2252 & RFC 2256 ..................... 44
-
-
-2. Introduction
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ 4.2.4. caseExactMatch . . . . . . . . . . . . . . . . . 30
+ 4.2.5. caseExactOrderingMatch . . . . . . . . . . . . . 30
+ 4.2.6. caseExactSubstringsMatch . . . . . . . . . . . . 31
+ 4.2.7. caseIgnoreIA5Match . . . . . . . . . . . . . . . 31
+ 4.2.8. caseIgnoreIA5SubstringsMatch . . . . . . . . . . 32
+ 4.2.9. caseIgnoreListMatch. . . . . . . . . . . . . . . 32
+ 4.2.10. caseIgnoreListSubstringsMatch. . . . . . . . . . 33
+ 4.2.11. caseIgnoreMatch. . . . . . . . . . . . . . . . . 33
+ 4.2.12. caseIgnoreOrderingMatch. . . . . . . . . . . . . 34
+ 4.2.13. caseIgnoreSubstringsMatch. . . . . . . . . . . . 34
+ 4.2.14. directoryStringFirstComponentMatch . . . . . . . 35
+ 4.2.15. distinguishedNameMatch . . . . . . . . . . . . . 36
+ 4.2.16. generalizedTimeMatch . . . . . . . . . . . . . . 36
+ 4.2.17. generalizedTimeOrderingMatch . . . . . . . . . . 37
+ 4.2.18. integerFirstComponentMatch . . . . . . . . . . . 37
+ 4.2.19. integerMatch . . . . . . . . . . . . . . . . . . 38
+ 4.2.20. integerOrderingMatch . . . . . . . . . . . . . . 38
+ 4.2.21. keywordMatch . . . . . . . . . . . . . . . . . . 38
+ 4.2.22. numericStringMatch . . . . . . . . . . . . . . . 39
+ 4.2.23. numericStringOrderingMatch . . . . . . . . . . . 39
+ 4.2.24. numericStringSubstringsMatch . . . . . . . . . . 40
+ 4.2.25. objectIdentifierFirstComponentMatch. . . . . . . 40
+ 4.2.26. objectIdentifierMatch. . . . . . . . . . . . . . 41
+ 4.2.27. octetStringMatch . . . . . . . . . . . . . . . . 41
+ 4.2.28. octetStringOrderingMatch . . . . . . . . . . . . 42
+ 4.2.29. telephoneNumberMatch . . . . . . . . . . . . . . 42
+ 4.2.30. telephoneNumberSubstringsMatch . . . . . . . . . 43
+ 4.2.31. uniqueMemberMatch. . . . . . . . . . . . . . . . 44
+ 4.2.32. wordMatch. . . . . . . . . . . . . . . . . . . . 44
+ 5. Security Considerations. . . . . . . . . . . . . . . . . . . . 44
+ 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 45
+ 7. IANA Considerations. . . . . . . . . . . . . . . . . . . . . . 45
+ Appendix A. Summary of Syntax Object Identifiers . . . . . . . . . 47
+ Appendix B. Changes from RFC 2252. . . . . . . . . . . . . . . . . 48
+ Normative References . . . . . . . . . . . . . . . . . . . . . . . 50
+ Informative References . . . . . . . . . . . . . . . . . . . . . . 52
+ Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 53
+ Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 53
+
+1. Introduction
Each attribute stored in a Lightweight Directory Access Protocol
(LDAP) directory [ROADMAP], and whose values may be transfered in the
- LDAP protocol [PROT], has a defined syntax (i.e. data type) which
+ LDAP protocol [PROT], has a defined syntax (i.e., data type) which
constrains the structure and format of its values. The comparison
semantics for values of a syntax are not part of the syntax
definition but are instead provided through separately defined
matching rules. Matching rules specify an argument, an assertion
- value, which also has a defined syntax. This document defines a base
- set of syntaxes and matching rules for use in defining attributes for
- LDAP directories.
-
- Readers are advised to familiarize themselves with the Directory
- Information Models [MODELS] before reading the rest of this document.
- Section 4 provides definitions for the base set of LDAP syntaxes.
- Section 5 provides definitions for the base set of matching rules for
-Legg & Dally Expires 27 August 2003 [Page 4]
+Legg Expires 23 December 2005 [Page 4]
\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+ value, which also has a defined syntax. This document defines a base
+ set of syntaxes and matching rules for use in defining attributes for
+ LDAP directories.
+
+ Readers are advised to familiarize themselves with the Directory
+ Information Models [MODELS] before reading the rest of this document.
+ Section 3 provides definitions for the base set of LDAP syntaxes.
+ Section 4 provides definitions for the base set of matching rules for
LDAP.
This document is a integral part of the LDAP technical specification
Sections 4, 5 and 7 of RFC 2252 [RFC2252] are obsoleted by [MODELS].
The remainder of RFC 2252 is obsoleted by this document. Sections 6
- and 8 of RFC 2256 are obsoleted by this document. The changes from
- RFC 2252 and RFC 2256 [RFC2256] are described in Appendix B of this
- document.
+ and 8 of RFC 2256 [RFC2256] are obsoleted by this document. The
+ remainder of RFC 2256 is obsoleted by [SCHEMA] and [MODELS]. All but
+ Section 2.11 of RFC 3698 [RFC3698] is obsoleted by this document.
+ A number of schema elements which were included in the previous
+ revision of the LDAP technical specification are not included in this
+ revision of LDAP. Public Key Infrastructure schema elements are now
+ specified in [LDAP-PKI]. Unless reintroduced in future technical
+ specifications, the remainder are to be considered Historic.
-3. Conventions
+ The changes with respect to RFC 2252 are described in Appendix B of
+ this document.
+
+2. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
- document are to be interpreted as described in RFC 2119 [KEYWORD].
+ document are to be interpreted as described in BCP 14, RFC 2119
+ [KEYWORD].
Syntax definitions are written according to the <SyntaxDescription>
ABNF [ABNF] rule specified in [MODELS], and matching rule definitions
specified in [MODELS], except that the syntax and matching rule
definitions provided in this document are line-wrapped for
readability. When such definitions are transfered as attribute
- values in the LDAP protocol (e.g. as values of the ldapSyntaxes and
+ values in the LDAP protocol (e.g., as values of the ldapSyntaxes and
matchingRules attributes [MODELS] respectively) then those values
would not contain line breaks.
+3. Syntaxes
+
+
+
+
+Legg Expires 23 December 2005 [Page 5]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
-4. Syntaxes
Syntax definitions constrain the structure of attribute values stored
in an LDAP directory, and determine the representation of attribute
Syntaxes that are required for directory operation, or that are in
common use, are specified in this section. Servers SHOULD recognize
- all the syntaxes listed in this document, but are NOT REQUIRED to
+ all the syntaxes listed in this document, but are not required to
otherwise support them, and MAY recognise or support other syntaxes.
However, the definition of additional arbitrary syntaxes is
discouraged since it will hinder interoperability. Client and server
implementations typically do not have the ability to dynamically
recognize new syntaxes.
-
-4.1 General Considerations
-
-
-
-
-Legg & Dally Expires 27 August 2003 [Page 5]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
+3.1. General Considerations
The description of each syntax specifies how attribute or assertion
values conforming to the syntax are to be represented when transfered
in the LDAP protocol [PROT]. This representation is referred to as
the LDAP-specific encoding to distinguish it from other methods of
- encoding attribute values (e.g. the BER encoding [BER] used by X.500
- [X.500] directories).
+ encoding attribute values (e.g., the Basic Encoding Rules (BER)
+ encoding [BER] used by X.500 [X.500] directories).
The LDAP-specific encoding of a given attribute syntax always
produces octet-aligned values. To the greatest extent possible,
that can be displayed with little or no translation by clients
implementing LDAP. However, clients MUST NOT assume that the
LDAP-specific encoding of a value of an unrecognized syntax is a
- human-readable character string. There are a few cases (e.g. the
+ human-readable character string. There are a few cases (e.g., the
JPEG syntax) when it is not reasonable to produce a human-readable
representation.
For example, "1.3.6.1.4.1.1466.115.121.1.15{64}" in an attribute
definition suggests that the directory server will allow a value of
the attribute to be up to 64 characters long, although it may allow
+
+
+
+Legg Expires 23 December 2005 [Page 6]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
longer character strings. Note that a single character of the
Directory String syntax can be encoded in more than one octet since
- UTF-8 [UTF-8] is a variable-length encoding. Therefore a 64
- character string may be more than 64 octets in length.
-
+ UTF-8 [UTF8] is a variable-length encoding. Therefore a 64 character
+ string may be more than 64 octets in length.
-4.2 Common Definitions
+3.2. Common Definitions
The following ABNF rules are used in a number of the syntax
- definitions in Section 4.3.
+ definitions in Section 3.3.
PrintableCharacter = ALPHA / DIGIT / SQUOTE / LPAREN / RPAREN /
PLUS / COMMA / HYPHEN / DOT / EQUALS /
SLASH / COLON / QUESTION / SPACE
PrintableString = 1*PrintableCharacter
-
-
-
-Legg & Dally Expires 27 August 2003 [Page 6]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
-
IA5String = *(%x00-7F)
- HEX-DIGIT = DIGIT / "A" / "B" / "C" / "D" / "E" / "F"
- ; N.B. allows upper and lower case
SLASH = %x2F ; forward slash ("/")
COLON = %x3A ; colon (":")
QUESTION = %x3F ; question mark ("?")
- The <OCTET>, <ALPHA>, <DIGIT>, <SQUOTE>, <LPAREN>, <RPAREN>, <PLUS>,
- <COMMA>, <HYPHEN>, <DOT>, <EQUALS> and <SPACE> rules are defined in
- [MODELS].
-
+ The <ALPHA>, <DIGIT>, <SQUOTE>, <LPAREN>, <RPAREN>, <PLUS>, <COMMA>,
+ <HYPHEN>, <DOT>, <EQUALS> and <SPACE> rules are defined in [MODELS].
-4.3 Syntax Definitions
+3.3. Syntax Definitions
-4.3.1 Attribute Type Description
+3.3.1. Attribute Type Description
A value of the Attribute Type Description syntax is the definition of
an attribute type. The LDAP-specific encoding of a value of this
syntax is defined by the <AttributeTypeDescription> rule in [MODELS].
- For example, the following definition of the createTimestamp
- attribute type from [MODELS] is also a value of the Attribute Type
- Description syntax (note: line breaks have been added for readability
- - they are not part of the value when transfered in protocol).
-
- ( 2.5.18.1 NAME 'createTimestamp'
- EQUALITY generalizedTimeMatch
- ORDERING generalizedTimeOrderingMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
- SINGLE-VALUE NO-USER-MODIFICATION
- USAGE directoryOperation )
+
+ For example, the following definition of the createTimestamp
+ attribute type from [MODELS] is also a value of the Attribute Type
+ Description syntax (note: line breaks have been added for
+ readability - they are not part of the value when transfered in
+ protocol).
+
+ ( 2.5.18.1 NAME 'createTimestamp'
+ EQUALITY generalizedTimeMatch
+ ORDERING generalizedTimeOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ SINGLE-VALUE NO-USER-MODIFICATION
+ USAGE directoryOperation )
The LDAP definition for the Attribute Type Description syntax is:
( 1.3.6.1.4.1.1466.115.121.1.3 DESC 'Attribute Type Description' )
This syntax corresponds to the AttributeTypeDescription ASN.1 type
- from [X.501].
-4.3.2 Bit String
+
+Legg Expires 23 December 2005 [Page 7]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ from [X.501].
+
+3.3.2. Bit String
A value of the Bit String syntax is a sequence of binary digits. The
LDAP-specific encoding of a value of this syntax is defined by the
BitString = SQUOTE *binary-digit SQUOTE "B"
binary-digit = "0" / "1"
-
-
-
-Legg & Dally Expires 27 August 2003 [Page 7]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
-
The <SQUOTE> rule is defined in [MODELS].
Example:
This syntax corresponds to the BIT STRING ASN.1 type from [ASN.1].
-
-4.3.3 Boolean
+3.3.3. Boolean
A value of the Boolean syntax is one of the Boolean values, true or
false. The LDAP-specific encoding of a value of this syntax is
This syntax corresponds to the BOOLEAN ASN.1 type from [ASN.1].
-
-4.3.4 Country String
+3.3.4. Country String
A value of the Country String syntax is one of the two-character
codes from ISO 3166 [ISO3166] for representing a country. The
CountryString = 2(PrintableCharacter)
- The <PrintableCharacter> rule is defined in Section 4.2.
+ The <PrintableCharacter> rule is defined in Section 3.2.
Examples:
- US
- AU
-
- The LDAP definition for the Country String syntax is:
- ( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' )
- This syntax corresponds to the following ASN.1 type from [X.520]:
+Legg Expires 23 December 2005 [Page 8]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+ US
+ AU
-Legg & Dally Expires 27 August 2003 [Page 8]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
+ The LDAP definition for the Country String syntax is:
+ ( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' )
- PrintableString (SIZE (2)) -- IS 3166 codes only
+ This syntax corresponds to the following ASN.1 type from [X.520]:
+ PrintableString (SIZE (2)) -- ISO 3166 codes only
-4.3.5 Delivery Method
+3.3.5. Delivery Method
A value of the Delivery Method syntax is a sequence of items that
indicate, in preference order, the service(s) by which an entity is
videotex-delivery (8),
telephone-delivery (9) }
+3.3.6. Directory String
+
+
+
+
+Legg Expires 23 December 2005 [Page 9]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
-4.3.6 Directory String
A value of the Directory String syntax is a string of one or more
arbitrary characters from the Universal Character Set (UCS) [UCS]. A
zero length character string is not permitted. The LDAP-specific
- encoding of a value of this syntax is the UTF-8 encoding [UTF-8] of
+ encoding of a value of this syntax is the UTF-8 encoding [UTF8] of
the character string. Such encodings conform to the following ABNF:
DirectoryString = 1*UTF8
-
-
-Legg & Dally Expires 27 August 2003 [Page 9]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
-
The <UTF8> rule is defined in [MODELS].
Example:
and code points not presently assigned to any character.
Attribute type definitions using the Directory String syntax should
- not restrict the format of Directory String values, e.g. by requiring
- that the character string conforms to specific patterns described by
- ABNF. A new syntax should be defined in such cases.
+ not restrict the format of Directory String values, e.g., by
+ requiring that the character string conforms to specific patterns
+ described by ABNF. A new syntax should be defined in such cases.
The LDAP definition for the Directory String syntax is:
LDAP-specific encoding to the BER encoding used by X.500 must choose
an alternative that permits the particular characters in the string,
and must convert the characters from the UTF-8 encoding into the
- character encoding of the chosen alternative.
+ character encoding of the chosen alternative. When converting
+ Directory String values from the BER encoding to the LDAP-specific
+ encoding the characters must be converted from the character encoding
+ of the chosen alternative into the UTF-8 encoding. These conversions
+ SHOULD be done in a manner consistent with the Transcode step of the
+ string preparation algorithms [PREP] for LDAP.
- When converting Directory String values from the BER encoding to the
- LDAP-specific encoding the characters must be converted from the
- character encoding of the chosen alternative into the UTF-8 encoding.
-
-
-4.3.7 DIT Content Rule Description
+3.3.7. DIT Content Rule Description
A value of the DIT Content Rule Description syntax is the definition
- of a DIT content rule. The LDAP-specific encoding of a value of this
- syntax is defined by the <DITContentRuleDescription> rule in
- [MODELS].
- Example:
- ( 2.5.6.4 DESC 'content rule for organization'
- NOT ( x121Address $ telexNumber ) )
+Legg Expires 23 December 2005 [Page 10]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
-Legg & Dally Expires 27 August 2003 [Page 10]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
+ of a DIT (Directory Information Tree) content rule. The
+ LDAP-specific encoding of a value of this syntax is defined by the
+ <DITContentRuleDescription> rule in [MODELS].
+ Example:
+ ( 2.5.6.4 DESC 'content rule for organization'
+ NOT ( x121Address $ telexNumber ) )
- Note: a line break has been added for readability - it is not part of
- the value.
+ Note: a line break has been added for readability - it is not part
+ of the value.
The LDAP definition for the DIT Content Rule Description syntax is:
This syntax corresponds to the DITContentRuleDescription ASN.1 type
from [X.501].
-
-4.3.8 DIT Structure Rule Description
+3.3.8. DIT Structure Rule Description
A value of the DIT Structure Rule Description syntax is the
definition of a DIT structure rule. The LDAP-specific encoding of a
This syntax corresponds to the DITStructureRuleDescription ASN.1 type
from [X.501].
+3.3.9. DN
-4.3.9 DN
-
- A value of the DN syntax is the (purported) distinguished name of an
- entry [MODELS]. The LDAP-specific encoding of a value of this syntax
- is defined by the <distinguishedName> rule in [LDAPDN].
+ A value of the DN syntax is the (purported) distinguished name (DN)
+ of an entry [MODELS]. The LDAP-specific encoding of a value of this
+ syntax is defined by the <distinguishedName> rule from the string
+ representation of distinguished names [LDAPDN].
Examples (from [LDAPDN]):
UID=jsmith,DC=example,DC=net
OU=Sales+CN=J. Smith,DC=example,DC=net
CN=John Smith\, III,DC=example,DC=net
+
+
+
+Legg Expires 23 December 2005 [Page 11]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
CN=Before\0dAfter,DC=example,DC=net
1.3.6.1.4.1.1466.0=#04024869,DC=example,DC=com
CN=Lu\C4\8Di\C4\87
( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'DN' )
-
-
-Legg & Dally Expires 27 August 2003 [Page 11]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
-
The DN syntax corresponds to the DistinguishedName ASN.1 type from
[X.501]. Note that a BER encoded distinguished name (as used by
X.500) re-encoded into the LDAP-specific encoding is not necessarily
reversible to the original BER encoding since the chosen string type
in any DirectoryString components of the distinguished name is not
indicated in the LDAP-specific encoding of the distinguished name
- (see Section 4.3.6).
+ (see Section 3.3.6).
-
-4.3.10 Enhanced Guide
+3.3.10. Enhanced Guide
A value of the Enhanced Guide syntax suggests criteria, which consist
of combinations of attribute types and filter operators, to be used
The <SHARP>, <WSP>, <oid>, <LPAREN>, <RPAREN>, <attributetype> and
<DOLLAR> rules are defined in [MODELS].
- The LDAP definition for the Enhanced Guide syntax is:
-
- ( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' )
- Example:
+Legg Expires 23 December 2005 [Page 12]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+ The LDAP definition for the Enhanced Guide syntax is:
-Legg & Dally Expires 27 August 2003 [Page 12]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
+ ( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' )
+ Example:
person#(sn$EQ)#oneLevel
The Enhanced Guide syntax corresponds to the EnhancedGuide ASN.1 type
above represents an empty "or" expression in a value of the Criteria
type.
-
-4.3.11 Facsimile Telephone Number
+3.3.11. Facsimile Telephone Number
A value of the Facsimile Telephone Number syntax is a subscriber
number of a facsimile device on the public switched telephone
The <telephone-number> is a string of printable characters that
complies with the internationally agreed format for representing
international telephone numbers [E.123]. The <PrintableString> rule
- is defined in Section 4.2. The <DOLLAR> rule is defined in [MODELS].
+ is defined in Section 3.2. The <DOLLAR> rule is defined in [MODELS].
The LDAP definition for the Facsimile Telephone Number syntax is:
The Facsimile Telephone Number syntax corresponds to the
FacsimileTelephoneNumber ASN.1 type from [X.520].
-
-4.3.12 Fax
+3.3.12. Fax
A value of the Fax syntax is an image which is produced using the
Group 3 facsimile process [FAX] to duplicate an object, such as a
- memo. The LDAP-specific encoding of a value of this syntax is the
- string of octets for a Group 3 Fax image as defined in [FAX].
-
- The LDAP definition for the Fax syntax is:
-Legg & Dally Expires 27 August 2003 [Page 13]
+Legg Expires 23 December 2005 [Page 13]
\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ memo. The LDAP-specific encoding of a value of this syntax is the
+ string of octets for a Group 3 Fax image as defined in [FAX].
+ The LDAP definition for the Fax syntax is:
( 1.3.6.1.4.1.1466.115.121.1.23 DESC 'Fax' )
The G3FacsimileBodyPart ASN.1 type is defined in [X.420].
-
-4.3.13 Generalized Time
+3.3.13. Generalized Time
A value of the Generalized Time syntax is a character string
representing a date and time. The LDAP-specific encoding of a value
of this syntax is a restriction of the format defined in [ISO8601],
and is described by the following ABNF:
+ GeneralizedTime = century year month day hour
+ [ minute [ second / leap-second ] ]
+ [ fraction ]
+ g-time-zone
+
century = 2(%x30-39) ; "00" to "99"
year = 2(%x30-39) ; "00" to "99"
month = ( %x30 %x31-39 ) ; "01" (January) to "09"
/ ( %x33 %x30-31 ) ; "30" to "31"
hour = ( %x30-31 %x30-39 ) / ( %x32 %x30-33 ) ; "00" to "23"
minute = %x30-35 %x30-39 ; "00" to "59"
- second = %x30-35 %x30-39 ; "00" to "59"
- GeneralizedTime = century year month day hour
- [ minute [ second ] ] [ fraction ]
- g-time-zone
+ second = ( %x30-35 %x30-39 ) ; "00" to "59"
+ leap-second = ( %x36 %x30 ) ; "60"
+
fraction = ( DOT / COMMA ) 1*(%x30-39)
g-time-zone = %x5A ; "Z"
/ g-differential
The <DOT>, <COMMA> and <PLUS> rules are defined in [MODELS].
+
+
+Legg Expires 23 December 2005 [Page 14]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ The above ABNF allows character strings which do not represent valid
+ dates (in the Gregorian calendar) and/or valid times (e.g., February
+ 31, 1994). Such character strings SHOULD be considered invalid for
+ this syntax.
+
The time value represents coordinated universal time (equivalent to
Greenwich Mean Time) if the "Z" form of <g-time-zone> is used,
otherwise the value represents a local time in the time zone
the local time. The "Z" form of <g-time-zone> SHOULD be used in
preference to <g-differential>.
-
-
-Legg & Dally Expires 27 August 2003 [Page 14]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
+ If <minute> is omitted then <fraction> represents a fraction of an
+ hour, otherwise if <second> and <leap-second> are omitted then
+ <fraction> represents a fraction of a minute, otherwise <fraction>
+ represents a fraction of a second.
Examples:
199412161032Z
199412160532-0500
Both example values represent the same coordinated universal time:
- 40:32 am, December 16, 1994.
+ 10:32 AM, December 16, 1994.
The LDAP definition for the Generalized Time syntax is:
[ASN.1], with the constraint that local time without a differential
SHALL NOT be used.
-
-4.3.14 Guide
+3.3.14. Guide
A value of the Guide syntax suggests criteria, which consist of
combinations of attribute types and filter operators, to be used in
Guide = [ object-class SHARP ] criteria
The <object-class> and <criteria> rules are defined in Section
- 4.3.10. The <SHARP> rule is defined in [MODELS].
+ 3.3.10. The <SHARP> rule is defined in [MODELS].
+
+
+
+Legg Expires 23 December 2005 [Page 15]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
The LDAP definition for the Guide syntax is:
The Guide syntax corresponds to the Guide ASN.1 type from [X.520].
-
-4.3.15 IA5 String
+3.3.15. IA5 String
A value of the IA5 String syntax is a string of zero, one or more
characters from International Alphabet 5 (IA5) [T.50], the
international version of the ASCII character set. The LDAP-specific
encoding of a value of this syntax is the unconverted string of
- characters, which conforms to the <IA5String> rule in Section 4.2.
+ characters, which conforms to the <IA5String> rule in Section 3.2.
The LDAP definition for the IA5 String syntax is:
-
-
-Legg & Dally Expires 27 August 2003 [Page 15]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
-
( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5 String' )
This syntax corresponds to the IA5String ASN.1 type from [ASN.1].
-
-4.3.16 Integer
+3.3.16. Integer
A value of the Integer syntax is a whole number of unlimited
magnitude. The LDAP-specific encoding of a value of this syntax is
character string "1321"). The encoding is defined by the following
ABNF:
- Integer = [ HYPHEN ] number
+ Integer = ( HYPHEN LDIGIT *DIGIT ) / number
- The <HYPHEN> and <number> rules are defined in [MODELS].
+ The <HYPHEN>, <LDIGIT>, <DIGIT> and <number> rules are defined in
+ [MODELS].
The LDAP definition for the Integer syntax is:
This syntax corresponds to the INTEGER ASN.1 type from [ASN.1].
-
-4.3.17 JPEG
+3.3.17. JPEG
A value of the JPEG syntax is an image in the JPEG File Interchange
Format (JFIF), as described in [JPEG]. The LDAP-specific encoding of
The LDAP definition for the JPEG syntax is:
+
+
+Legg Expires 23 December 2005 [Page 16]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' )
The JPEG syntax corresponds to the following ASN.1 type:
{ -- contents octets are an image in the --
-- JPEG File Interchange Format -- })
-
-4.3.18 LDAP Syntax Description
+3.3.18. LDAP Syntax Description
A value of the LDAP Syntax Description syntax is the description of
an LDAP syntax. The LDAP-specific encoding of a value of this syntax
is defined by the <SyntaxDescription> rule in [MODELS].
-
-
-Legg & Dally Expires 27 August 2003 [Page 16]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
-
The LDAP definition for the LDAP Syntax Description syntax is:
( 1.3.6.1.4.1.1466.115.121.1.54 DESC 'LDAP Syntax Description' )
The value of ub-schema (an integer) is implementation defined. A
non-normative definition appears in [X.520].
-
-4.3.19 Matching Rule Description
+3.3.19. Matching Rule Description
A value of the Matching Rule Description syntax is the definition of
a matching rule. The LDAP-specific encoding of a value of this
The LDAP definition for the Matching Rule Description syntax is:
+
+
+
+Legg Expires 23 December 2005 [Page 17]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
( 1.3.6.1.4.1.1466.115.121.1.30 DESC 'Matching Rule Description' )
This syntax corresponds to the MatchingRuleDescription ASN.1 type
from [X.501].
-
-4.3.20 Matching Rule Use Description
+3.3.20. Matching Rule Use Description
A value of the Matching Rule Use Description syntax indicates the
attribute types to which a matching rule may be applied in an
a value of this syntax is defined by the <MatchingRuleUseDescription>
rule in [MODELS].
-
-
-Legg & Dally Expires 27 August 2003 [Page 17]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
-
Example:
( 2.5.13.16 APPLIES ( givenName $ surname ) )
This syntax corresponds to the MatchingRuleUseDescription ASN.1 type
from [X.501].
-
-4.3.21 Name and Optional UID
+3.3.21. Name and Optional UID
A value of the Name and Optional UID syntax is the distinguished name
[MODELS] of an entity optionally accompanied by a unique identifier
NameAndOptionalUID = distinguishedName [ SHARP BitString ]
- The <BitString> rule is defined in Section 4.3.2. The
+ The <BitString> rule is defined in Section 3.3.2. The
<distinguishedName> rule is defined in [LDAPDN]. The <SHARP> rule is
defined in [MODELS].
Example:
1.3.6.1.4.1.1466.0=#04024869,O=Test,C=GB#'0101'B
+
+
+
+Legg Expires 23 December 2005 [Page 18]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
The LDAP definition for the Name and Optional UID syntax is:
( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional UID' )
This syntax corresponds to the NameAndOptionalUID ASN.1 type from
[X.520].
-
-4.3.22 Name Form Description
+3.3.22. Name Form Description
A value of the Name Form Description syntax is the definition of a
name form, which regulates how entries may be named. The
-
-
-
-Legg & Dally Expires 27 August 2003 [Page 18]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
-
LDAP-specific encoding of a value of this syntax is defined by the
<NameFormDescription> rule in [MODELS].
This syntax corresponds to the NameFormDescription ASN.1 type from
[X.501].
-
-4.3.23 Numeric String
+3.3.23. Numeric String
A value of the Numeric String syntax is a sequence of one or more
numerals and spaces. The LDAP-specific encoding of a value of this
This syntax corresponds to the NumericString ASN.1 type from [ASN.1].
-
-4.3.24 Object Class Description
+3.3.24. Object Class Description
A value of the Object Class Description syntax is the definition of
an object class. The LDAP-specific encoding of a value of this
+
+
+
+Legg Expires 23 December 2005 [Page 19]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
syntax is defined by the <ObjectClassDescription> rule in [MODELS].
Example:
Note: a line break has been added for readability - it is not part of
the syntax.
-
-
-
-Legg & Dally Expires 27 August 2003 [Page 19]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
-
The LDAP definition for the Object Class Description syntax is:
( 1.3.6.1.4.1.1466.115.121.1.37 DESC 'Object Class Description' )
This syntax corresponds to the ObjectClassDescription ASN.1 type from
[X.501].
-
-4.3.25 Octet String
+3.3.25. Octet String
A value of the Octet String syntax is a sequence of zero, one or more
arbitrary octets. The LDAP-specific encoding of a value of this
This syntax corresponds to the OCTET STRING ASN.1 type from [ASN.1].
-
-4.3.26 OID
+3.3.26. OID
A value of the OID syntax is an object identifier; a sequence of two
or more non-negative integers that uniquely identify some object or
1.2.3.4
cn
- The LDAP definition for the OID syntax is:
- ( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' )
- This syntax corresponds to the OBJECT IDENTIFIER ASN.1 type from
- [ASN.1].
+Legg Expires 23 December 2005 [Page 20]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+ The LDAP definition for the OID syntax is:
-Legg & Dally Expires 27 August 2003 [Page 20]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
+ ( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' )
+ This syntax corresponds to the OBJECT IDENTIFIER ASN.1 type from
+ [ASN.1].
-4.3.27 Other Mailbox
+3.3.27. Other Mailbox
A value of the Other Mailbox syntax identifies an electronic mailbox,
in a particular named mail system. The LDAP-specific encoding of a
The <mailbox-type> rule represents the type of mail system in which
the mailbox resides, for example "MCIMail", and <mailbox> is the
actual mailbox in the mail system described by <mailbox-type>. The
- <PrintableString> and <IA5String> rules are defined in Section 4.2.
+ <PrintableString> and <IA5String> rules are defined in Section 3.2.
The <DOLLAR> rule is defined in [MODELS].
The LDAP definition for the Other Mailbox syntax is:
mailbox IA5String
}
-
-4.3.28 Postal Address
+3.3.28. Postal Address
A value of the Postal Address syntax is a sequence of strings of one
or more arbitrary UCS characters, which form an address in a physical
line = 1*line-char
line-char = %x00-23
/ (%x5C "24") ; escaped "$"
- / %x25-5B
- / (%x5C "5C") ; escaped "\"
- / %x5D-7F
- / UTFMB
- Each character string (i.e. <line>) of a postal address value is
-
-Legg & Dally Expires 27 August 2003 [Page 21]
+Legg Expires 23 December 2005 [Page 21]
\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+ / %x25-5B
+ / (%x5C "5C") ; escaped "\"
+ / %x5D-7F
+ / UTFMB
- encoded as a UTF-8 [UTF-8] string except that "\" and "$" characters,
+ Each character string (i.e., <line>) of a postal address value is
+ encoded as a UTF-8 [UTF8] string except that "\" and "$" characters,
if they occur in the string, are escaped by a "\" character followed
- by the two hexadecimal digit code for the character. The <HEX-DIGIT>
- rule is defined in Section 4.2. The <DOLLAR> and <UTFMB> rules are
- defined in [MODELS].
+ by the two hexadecimal digit code for the character. The <DOLLAR>
+ and <UTFMB> rules are defined in [MODELS].
Many servers limit the postal address to no more than six lines of no
more than thirty characters each.
( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' )
This syntax corresponds to the PostalAddress ASN.1 type from [X.520],
- i.e.
+ i.e.,
PostalAddress ::= SEQUENCE SIZE(1..ub-postal-line) OF
DirectoryString { ub-postal-string }
The values of ub-postal-line and ub-postal-string (both integers) are
implementation defined. Non-normative definitions appear in [X.520].
+3.3.29. Printable String
-4.3.29 Printable String
-
- A value of the Printable String syntax is a string of latin
- alphabetic, numeric, and (limited) punctuation characters as
- specified by the <PrintableCharacter> rule in Section 4.2.
+ A value of the Printable String syntax is a string of one or more
+ latin alphabetic, numeric, and selected punctuation characters as
+ specified by the <PrintableCharacter> rule in Section 3.2.
The LDAP-specific encoding of a value of this syntax is the
unconverted string of characters, which conforms to the
- <PrintableString> rule in Section 4.2.
+ <PrintableString> rule in Section 3.2.
Example:
This is a PrintableString.
( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' )
- This syntax corresponds to the PrintableString ASN.1 type from
- [ASN.1].
-
-
-Legg & Dally Expires 27 August 2003 [Page 22]
+Legg Expires 23 December 2005 [Page 22]
\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
-4.3.30 Substring Assertion
+ This syntax corresponds to the PrintableString ASN.1 type from
+ [ASN.1].
+
+3.3.30. Substring Assertion
A value of the Substring Assertion syntax is a sequence of zero, one
or more character substrings used as an argument for substring
- extensible matching of character string attribute values, i.e. as the
- matchValue of a MatchingRuleAssertion [PROT]. Each substring is a
- string of one or more arbitrary characters from the Universal
+ extensible matching of character string attribute values, i.e., as
+ the matchValue of a MatchingRuleAssertion [PROT]. Each substring is
+ a string of one or more arbitrary characters from the Universal
Character Set (UCS) [UCS]. A zero length substring is not permitted.
The LDAP-specific encoding of a value of this syntax is defined by
/ UTFMB
Each <substring> of a Substring Assertion value is encoded as a UTF-8
- [UTF-8] string, except that "\" and "*" characters, if they occur in
+ [UTF8] string, except that "\" and "*" characters, if they occur in
the substring, are escaped by a "\" character followed by the two
hexadecimal digit code for the character.
This syntax corresponds to the SubstringAssertion ASN.1 type from
[X.520].
+3.3.31. Telephone Number
-4.3.31 Telephone Number
-
- A value of the Telephone Number syntax is a string of printable
- characters that complies with the internationally agreed format for
-Legg & Dally Expires 27 August 2003 [Page 23]
+Legg Expires 23 December 2005 [Page 23]
\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+ A value of the Telephone Number syntax is a string of printable
+ characters that complies with the internationally agreed format for
representing international telephone numbers [E.123].
The LDAP-specific encoding of a value of this syntax is the
unconverted string of characters, which conforms to the
- <PrintableString> rule in Section 4.2.
+ <PrintableString> rule in Section 3.2.
- Example: +1 512 315 0280
+ Examples:
+ +1 512 315 0280
+ +1-512-315-0280
+ +61 3 9896 7830
The LDAP definition for the Telephone Number syntax is:
The value of ub-telephone-number (an integer) is implementation
defined. A non-normative definition appears in [X.520].
-
-4.3.32 Teletex Terminal Identifier
+3.3.32. Teletex Terminal Identifier
A value of this syntax specifies the identifier and (optionally)
parameters of a teletex terminal.
ttx-term = PrintableString ; terminal identifier
ttx-param = ttx-key COLON ttx-value ; parameter
ttx-key = "graphic" / "control" / "misc" / "page" / "private"
- ttx-value = *ttx-value-char
+ ttx-value = *ttx-value-octet
- ttx-value-char = %x00-23
- / (%x5C "24") ; escaped "$"
- / %x25-5B
- / (%x5C "5C") ; escaped "\"
- / %x5D-FF
+ ttx-value-octet = %x00-23
+ / (%x5C "24") ; escaped "$"
+ / %x25-5B
+ / (%x5C "5C") ; escaped "\"
+ / %x5D-FF
- The <PrintableString> and <COLON> rules are defined in Section 4.2.
+ The <PrintableString> and <COLON> rules are defined in Section 3.2.
The <DOLLAR> rule is defined in [MODELS].
- The LDAP definition for the Teletex Terminal Identifier syntax is:
-
- ( 1.3.6.1.4.1.1466.115.121.1.51
- DESC 'Teletex Terminal Identifier' )
-Legg & Dally Expires 27 August 2003 [Page 24]
+Legg Expires 23 December 2005 [Page 24]
\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ The LDAP definition for the Teletex Terminal Identifier syntax is:
+ ( 1.3.6.1.4.1.1466.115.121.1.51
+ DESC 'Teletex Terminal Identifier' )
This syntax corresponds to the TeletexTerminalIdentifier ASN.1 type
from [X.520].
-
-4.3.33 Telex Number
+3.3.33. Telex Number
A value of the Telex Number syntax specifies the telex number,
country code and answerback code of a telex terminal.
country-code = PrintableString
answerback = PrintableString
- The <PrintableString> rule is defined in Section 4.2. The <DOLLAR>
+ The <PrintableString> rule is defined in Section 3.2. The <DOLLAR>
rule is defined in [MODELS].
The LDAP definition for the Telex Number syntax is:
This syntax corresponds to the TelexNumber ASN.1 type from [X.520].
-
-4.3.34 UTC Time
+3.3.34. UTC Time
A value of the UTC Time syntax is a character string representing a
date and time to a precision of one minute or one second. The year
u-differential = ( MINUS / PLUS ) hour minute
The <year>, <month>, <day>, <hour>, <minute>, <second> and <MINUS>
- rules are defined in Section
4.3.13. The <PLUS> rule is defined in
+ rules are defined in Section
3.3.13. The <PLUS> rule is defined in
[MODELS].
- The time value represents coordinated universal time if the "Z" form
- of <u-time-zone> is used, otherwise the value represents a local
-
-Legg & Dally Expires 27 August 2003 [Page 25]
+Legg Expires 23 December 2005 [Page 25]
\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+ The above ABNF allows character strings which do not represent valid
+ dates (in the Gregorian calendar) and/or valid times. Such character
+ strings SHOULD be considered invalid for this syntax.
+
+ The time value represents coordinated universal time if the "Z" form
+ of <u-time-zone> is used, otherwise the value represents a local
time. In the latter case, if <u-differential> is provided then
coordinated universal time can be calculated by subtracting the
differential from the local time. The <u-time-zone> SHOULD be
The UTC Time syntax corresponds to the UTCTime ASN.1 type from
[ASN.1].
-
-5. Matching Rules
+4. Matching Rules
Matching rules are used by directory implementations to compare
attribute values against assertion values when performing Search and
Matching rules that are required for directory operation, or that are
in common use, are specified in this section.
-5.1 General Considerations
+4.1. General Considerations
A matching rule is applied to attribute values through an
AttributeValueAssertion or MatchingRuleAssertion [PROT]. The
conditions under which an AttributeValueAssertion or
- MatchingRuleAssertion evaluates to Undefined are specified in [PROT].
- If an assertion is not Undefined then the result of the assertion is
- the result of applying the selected matching rule. A matching rule
- evaluates to TRUE, and in some cases Undefined, as specified in the
- description of the matching rule, otherwise it evaluates to FALSE.
+ MatchingRuleAssertion evaluates to Undefined are specified elsewhere
+ [PROT]. If an assertion is not Undefined then the result of the
+ assertion is the result of applying the selected matching rule. A
+ matching rule evaluates to TRUE, and in some cases Undefined, as
+ specified in the description of the matching rule, otherwise it
+ evaluates to FALSE.
Each assertion contains an assertion value. The definition of each
- matching rule specifies the syntax for the assertion value. The
- syntax of the assertion value is typically, but not necessarily, the
- same as the syntax of the attribute values to which the matching rule
- may be applied. Note that the AssertionValue in a SubstringFilter
- [PROT] MUST conform to the assertion syntax of the equality matching
- rule for the attribute type rather than the assertion syntax of the
-Legg & Dally Expires 27 August 2003 [Page 26]
+Legg Expires 23 December 2005 [Page 26]
\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
- substrings matching rule for the attribute type. The entire
- SubstringFilter is converted into an assertion value of the
+ matching rule specifies the syntax for the assertion value. The
+ syntax of the assertion value is typically, but not necessarily, the
+ same as the syntax of the attribute values to which the matching rule
+ may be applied. Note that an AssertionValue in a SubstringFilter
+ [PROT] conforms to the assertion syntax of the equality matching rule
+ for the attribute type rather than the assertion syntax of the
+ substrings matching rule for the attribute type. Conceptually, the
+ entire SubstringFilter is converted into an assertion value of the
substrings matching rule prior to applying the rule.
The definition of each matching rule indicates the attribute syntaxes
corresponding ASN.1 type of a candidate attribute syntax must
satisfy. These conditions are also satisfied if the corresponding
ASN.1 type is a tagged or constrained derivative of the ASN.1 type
- explicitly mentioned in the rule description (i.e. ASN.1 tags and
+ explicitly mentioned in the rule description (i.e., ASN.1 tags and
constraints are ignored in checking applicability), or an alternative
reference notation for the explicitly mentioned type. Each rule
description lists as examples of applicable attribute syntaxes, the
If a change is desirable then a new matching rule with a different
object identifier should be defined instead.
- Servers SHOULD implement all the matching rules in Section 5.2.
+ Servers MAY implement the wordMatch and keywordMatch matching rules,
+ but SHOULD implement the other matching rules in Section 4.2.
Servers MAY implement additional matching rules.
Servers which implement the extensibleMatch filter SHOULD allow the
- matching rules listed in Section 5.2 to be used in the
+ matching rules listed in Section 4.2 to be used in the
extensibleMatch filter and SHOULD allow matching rules to be used
with all attribute types known to the server, where the assertion
syntax of the matching rule is the same as the value syntax of the
Servers MUST publish in the matchingRules attribute, the definitions
of matching rules referenced by values of the attributeTypes and
matchingRuleUse attributes in the same subschema entry. Other
+
+
+
+Legg Expires 23 December 2005 [Page 27]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
unreferenced matching rules MAY be published in the matchingRules
attribute.
(in an extensibleMatch filter) of selected matching rules to
nominated attribute types.
+4.2. Matching Rule Definitions
+
+ Nominated character strings in assertion and attribute values are
+ prepared according to the string preparation algorithms [PREP] for
+ LDAP when evaluating the following matching rules:
+
+ numericStringMatch,
+ numericStringSubstringsMatch,
+ caseExactMatch,
+ caseExactOrderingMatch,
+ caseExactSubstringsMatch,
+ caseExactIA5Match,
+ caseIgnoreIA5Match,
+ caseIgnoreIA5SubstringsMatch,
+ caseIgnoreListMatch,
+ caseIgnoreListSubstringsMatch,
+ caseIgnoreMatch,
+ caseIgnoreOrderingMatch,
+ caseIgnoreSubstringsMatch,
+ directoryStringFirstComponentMatch,
+ telephoneNumberMatch,
+ telephoneNumberSubstringsMatch and
+ wordMatch.
+
+ The Transcode, Normalize, Prohibit and Check bidi steps are the same
+ for each of the matching rules. However, the Map and Insignificant
+ Character Handling steps depends on the specific rule, as detailed in
+ the description of these matching rules in the sections that follow.
+
+4.2.1. bitStringMatch
+ The bitStringMatch rule compares an assertion value of the Bit String
+ syntax to an attribute value of a syntax (e.g., the Bit String
+ syntax) whose corresponding ASN.1 type is BIT STRING.
-Legg & Dally Expires 27 August 2003 [Page 27]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
-
-5.2 Matching Rule Definitions
-
- When evaluating the caseExactIA5Match, caseIgnoreIA5Match,
- caseIgnoreIA5SubstringsMatch, caseIgnoreListMatch,
- caseIgnoreListSubstringsMatch, caseIgnoreMatch,
- caseIgnoreOrderingMatch and caseIgnoreSubstringsMatch matching rules
- multiple adjoining whitespace characters are treated the same as an
- individual space, and leading and trailing whitespace is ignored.
+ If the corresponding ASN.1 type of the attribute syntax does not have
+ a named bit list [ASN.1] (which is the case for the Bit String
+ syntax) then the rule evaluates to TRUE if and only if the attribute
+ value has the same number of bits as the assertion value and the bits
+ match on a bitwise basis.
-5.2.1 bitStringMatch
- The bitStringMatch rule compares an assertion value of the Bit String
- syntax to an attribute value of a syntax (e.g. the Bit String syntax)
- whose corresponding ASN.1 type is BIT STRING.
+Legg Expires 23 December 2005 [Page 28]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
- If the corresponding ASN.1 type of the attribute syntax does not have
- a named bit list (which is the case for the Bit String syntax) then
- the rule evaluates to TRUE if and only if the attribute value has the
- same number of bits as the assertion value and the bits match on a
- bitwise basis.
If the corresponding ASN.1 type does have a named bit list then
bitStringMatch operates as above except that trailing zero bits in
The bitStringMatch rule is an equality matching rule.
+4.2.2. booleanMatch
+
+ The booleanMatch rule compares an assertion value of the Boolean
+ syntax to an attribute value of a syntax (e.g., the Boolean syntax)
+ whose corresponding ASN.1 type is BOOLEAN.
+
+ The rule evaluates to TRUE if and only if the attribute value and the
+ assertion value are both TRUE or both FALSE.
+
+ The LDAP definition for the booleanMatch rule is:
+
+ ( 2.5.13.13 NAME 'booleanMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
-5.2.2 caseExactIA5Match
+ The booleanMatch rule is an equality matching rule.
+
+4.2.3. caseExactIA5Match
The caseExactIA5Match rule compares an assertion value of the IA5
String syntax to an attribute value of a syntax (e.g the IA5 String
syntax) whose corresponding ASN.1 type is IA5String.
- The rule evaluates to TRUE if and only if the attribute value and the
- assertion value have the same number of characters and corresponding
- characters are the same. Letter case is significant in the
- comparison.
+ The rule evaluates to TRUE if and only if the prepared attribute
+ value character string and the prepared assertion value character
+ string have the same number of characters and corresponding
+ characters have the same code point.
+
+ In preparing the attribute value and assertion value for comparison,
+ characters are not case folded in the Map preparation step, and only
+ Insignificant Space Handling is applied in the Insignificant
+ Character Handling step.
The LDAP definition for the caseExactIA5Match rule is:
( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-Legg & Dally Expires 27 August 2003 [Page 28]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
+Legg Expires 23 December 2005 [Page 29]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
The caseExactIA5Match rule is an equality matching rule.
+4.2.4. caseExactMatch
+
+ The caseExactMatch rule compares an assertion value of the Directory
+ String syntax to an attribute value of a syntax (e.g., the Directory
+ String, Printable String, Country String or Telephone Number syntax)
+ whose corresponding ASN.1 type is DirectoryString or one of the
+ alternative string types of DirectoryString, e.g., PrintableString
+ (the other alternatives do not correspond to any syntax defined in
+ this document).
+
+ The rule evaluates to TRUE if and only if the prepared attribute
+ value character string and the prepared assertion value character
+ string have the same number of characters and corresponding
+ characters have the same code point.
+
+ In preparing the attribute value and assertion value for comparison,
+ characters are not case folded in the Map preparation step, and only
+ Insignificant Space Handling is applied in the Insignificant
+ Character Handling step.
+
+ The LDAP definition for the caseExactMatch rule is:
+
+ ( 2.5.13.5 NAME 'caseExactMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+ The caseExactMatch rule is an equality matching rule.
-5.2.3 caseIgnoreIA5Match
+4.2.5. caseExactOrderingMatch
+
+ The caseExactOrderingMatch rule compares an assertion value of the
+ Directory String syntax to an attribute value of a syntax (e.g., the
+ Directory String, Printable String, Country String or Telephone
+ Number syntax) whose corresponding ASN.1 type is DirectoryString or
+ one of its alternative string types.
+
+ The rule evaluates to TRUE if, and only if, in the code point
+ collation order, the prepared attribute value character string
+ appears earlier than the prepared assertion value character string,
+ i.e., the attribute value is "less than" the assertion value.
+
+ In preparing the attribute value and assertion value for comparison,
+ characters are not case folded in the Map preparation step, and only
+ Insignificant Space Handling is applied in the Insignificant
+ Character Handling step.
+
+ The LDAP definition for the caseExactOrderingMatch rule is:
+
+
+
+Legg Expires 23 December 2005 [Page 30]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ ( 2.5.13.6 NAME 'caseExactOrderingMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+ The caseExactOrderingMatch rule is an ordering matching rule.
+
+4.2.6. caseExactSubstringsMatch
+
+ The caseExactSubstringsMatch rule compares an assertion value of the
+ Substring Assertion syntax to an attribute value of a syntax (e.g.,
+ the Directory String, Printable String, Country String or Telephone
+ Number syntax) whose corresponding ASN.1 type is DirectoryString or
+ one of its alternative string types.
+
+ The rule evaluates to TRUE if and only if the prepared substrings of
+ the assertion value match disjoint portions of the prepared attribute
+ value character string in the order of the substrings in the
+ assertion value, and an <initial> substring, if present, matches the
+ beginning of the prepared attribute value character string, and a
+ <final> substring, if present, matches the end of the prepared
+ attribute value character string. A prepared substring matches a
+ portion of the prepared attribute value character string if
+ corresponding characters have the same code point.
+
+ In preparing the attribute value and assertion value substrings for
+ comparison, characters are not case folded in the Map preparation
+ step, and only Insignificant Space Handling is applied in the
+ Insignificant Character Handling step.
+
+ The LDAP definition for the caseExactSubstringsMatch rule is:
+
+ ( 2.5.13.7 NAME 'caseExactSubstringsMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
+
+ The caseExactSubstringsMatch rule is a substrings matching rule.
+
+4.2.7. caseIgnoreIA5Match
The caseIgnoreIA5Match rule compares an assertion value of the IA5
String syntax to an attribute value of a syntax (e.g the IA5 String
syntax) whose corresponding ASN.1 type is IA5String.
- The rule evaluates to TRUE if and only if the attribute value and the
- assertion value have the same number of characters and corresponding
- characters are the same, ignoring the case of letters.
+ The rule evaluates to TRUE if and only if the prepared attribute
+ value character string and the prepared assertion value character
+ string have the same number of characters and corresponding
+ characters have the same code point.
+
+ In preparing the attribute value and assertion value for comparison,
+ characters are case folded in the Map preparation step, and only
+
+
+
+Legg Expires 23 December 2005 [Page 31]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ Insignificant Space Handling is applied in the Insignificant
+ Character Handling step.
The LDAP definition for the caseIgnoreIA5Match rule is:
The caseIgnoreIA5Match rule is an equality matching rule.
-
-5.2.4 caseIgnoreIA5SubstringsMatch
+4.2.8. caseIgnoreIA5SubstringsMatch
The caseIgnoreIA5SubstringsMatch rule compares an assertion value of
the Substring Assertion syntax to an attribute value of a syntax (e.g
the IA5 String syntax) whose corresponding ASN.1 type is IA5String.
- The rule evaluates to TRUE if and only if the substrings of the
- assertion value match disjoint portions of the attribute value in the
- order of the substrings in the assertion value, and an <initial>
- substring, if present, matches the beginning of the attribute value,
- and a <final> substring, if present, matches the end of the attribute
- value. A substring matches a portion of the attribute value if
- corresponding characters are the same, ignoring the case of letters.
+ The rule evaluates to TRUE if and only if the prepared substrings of
+ the assertion value match disjoint portions of the prepared attribute
+ value character string in the order of the substrings in the
+ assertion value, and an <initial> substring, if present, matches the
+ beginning of the prepared attribute value character string, and a
+ <final> substring, if present, matches the end of the prepared
+ attribute value character string. A prepared substring matches a
+ portion of the prepared attribute value character string if
+ corresponding characters have the same code point.
+
+ In preparing the attribute value and assertion value substrings for
+ comparison, characters are case folded in the Map preparation step,
+ and only Insignificant Space Handling is applied in the Insignificant
+ Character Handling step.
( 1.3.6.1.4.1.1466.109.114.3 NAME 'caseIgnoreIA5SubstringsMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
The caseIgnoreIA5SubstringsMatch rule is a substrings matching rule.
-
-5.2.5 caseIgnoreListMatch
+4.2.9. caseIgnoreListMatch
The caseIgnoreListMatch rule compares an assertion value that is a
- sequence of strings to an attribute value of a syntax (e.g. the
+ sequence of strings to an attribute value of a syntax (e.g., the
Postal Address syntax) whose corresponding ASN.1 type is a SEQUENCE
-
-
-
-Legg & Dally Expires 27 August 2003 [Page 29]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
-
OF the DirectoryString ASN.1 type.
The rule evaluates to TRUE if and only if the attribute value and the
strings (by position) match according to the caseIgnoreMatch matching
rule.
+
+
+
+Legg Expires 23 December 2005 [Page 32]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
In [X.520] the assertion syntax for this matching rule is defined to
be:
SEQUENCE OF DirectoryString {ub-match}
- i.e. different from the corresponding type for the Postal Address
+ i.e., different from the corresponding type for the Postal Address
syntax. The choice of the Postal Address syntax for the assertion
syntax of the caseIgnoreListMatch in LDAP should not be seen as
limiting the matching rule to only apply to attributes with the
The caseIgnoreListMatch rule is an equality matching rule.
-
-5.2.6 caseIgnoreListSubstringsMatch
+4.2.10. caseIgnoreListSubstringsMatch
The caseIgnoreListSubstringsMatch rule compares an assertion value of
the Substring Assertion syntax to an attribute value of a syntax
- (e.g. the Postal Address syntax) whose corresponding ASN.1 type is a
+ (e.g., the Postal Address syntax) whose corresponding ASN.1 type is a
SEQUENCE OF the DirectoryString ASN.1 type.
The rule evaluates to TRUE if and only if the assertion value
The LDAP definition for the caseIgnoreListSubstringsMatch rule is:
( 2.5.13.12 NAME 'caseIgnoreListSubstringsMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
+ The caseIgnoreListSubstringsMatch rule is a substrings matching rule.
+4.2.11. caseIgnoreMatch
-Legg & Dally Expires 27 August 2003 [Page 30]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
+ The caseIgnoreMatch rule compares an assertion value of the Directory
+ String syntax to an attribute value of a syntax (e.g., the Directory
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
- The caseIgnoreListSubstringsMatch rule is a substrings matching rule.
+Legg Expires 23 December 2005 [Page 33]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
-5.2.7 caseIgnoreMatch
- The caseIgnoreMatch rule compares an assertion value of the Directory
- String syntax to an attribute value of a syntax (e.g. the Directory
String, Printable String, Country String or Telephone Number syntax)
- whose corresponding ASN.1 type is DirectoryString or one of the
- alternative string types of DirectoryString, e.g. PrintableString
- (the other alternatives do not correspond to any syntax defined in
- this document).
+ whose corresponding ASN.1 type is DirectoryString or one of its
+ alternative string types.
- The rule evaluates to TRUE if and only if the attribute value and the
- assertion value have the same number of characters and corresponding
- characters are the same, ignoring the case of letters.
+ The rule evaluates to TRUE if and only if the prepared attribute
+ value character string and the prepared assertion value character
+ string have the same number of characters and corresponding
+ characters have the same code point.
+
+ In preparing the attribute value and assertion value for comparison,
+ characters are case folded in the Map preparation step, and only
+ Insignificant Space Handling is applied in the Insignificant
+ Character Handling step.
The LDAP definition for the caseIgnoreMatch rule is:
The caseIgnoreMatch rule is an equality matching rule.
-
-5.2.8 caseIgnoreOrderingMatch
+4.2.12. caseIgnoreOrderingMatch
The caseIgnoreOrderingMatch rule compares an assertion value of the
- Directory String syntax to an attribute value of a syntax (e.g. the
+ Directory String syntax to an attribute value of a syntax (e.g., the
Directory String, Printable String, Country String or Telephone
Number syntax) whose corresponding ASN.1 type is DirectoryString or
one of its alternative string types.
- The rule evaluates to TRUE if, and only if, in the normal collation
- order for the attribute syntax after lower-case letters in both the
- attribute and assertion values have been replaced by their upper-case
- equivalents, the attribute value appears earlier than the assertion
- value, i.e. the attribute value is "less than" the assertion value.
+ The rule evaluates to TRUE if, and only if, in the code point
+ collation order, the prepared attribute value character string
+ appears earlier than the prepared assertion value character string,
+ i.e., the attribute value is "less than" the assertion value.
- The collation order for values of the DirectoryString syntax is
- implementation-defined. [Editor's note: this will be specified by a
- stringprep profile before final publication.]
+ In preparing the attribute value and assertion value for comparison,
+ characters are case folded in the Map preparation step, and only
+ Insignificant Space Handling is applied in the Insignificant
+ Character Handling step.
The LDAP definition for the caseIgnoreOrderingMatch rule is:
( 2.5.13.3 NAME 'caseIgnoreOrderingMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+ The caseIgnoreOrderingMatch rule is an ordering matching rule.
-
-Legg & Dally Expires 27 August 2003 [Page 31]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
+4.2.13. caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
- The caseIgnoreOrderingMatch rule is an ordering matching rule.
+Legg Expires 23 December 2005 [Page 34]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
-5.2.9 caseIgnoreSubstringsMatch
The caseIgnoreSubstringsMatch rule compares an assertion value of the
- Substring Assertion syntax to an attribute value of a syntax (e.g.
+ Substring Assertion syntax to an attribute value of a syntax (e.g.,
the Directory String, Printable String, Country String or Telephone
Number syntax) whose corresponding ASN.1 type is DirectoryString or
one of its alternative string types.
- The rule evaluates to TRUE if and only if the substrings of the
- assertion value match disjoint portions of the attribute value in the
- order of the substrings in the assertion value, and an <initial>
- substring, if present, matches the beginning of the attribute value,
- and a <final> substring, if present, matches the end of the attribute
- value. A substring matches a portion of the attribute value if
- corresponding characters are the same, ignoring the case of letters.
+ The rule evaluates to TRUE if and only if the prepared substrings of
+ the assertion value match disjoint portions of the prepared attribute
+ value character string in the order of the substrings in the
+ assertion value, and an <initial> substring, if present, matches the
+ beginning of the prepared attribute value character string, and a
+ <final> substring, if present, matches the end of the prepared
+ attribute value character string. A prepared substring matches a
+ portion of the prepared attribute value character string if
+ corresponding characters have the same code point.
+
+ In preparing the attribute value and assertion value substrings for
+ comparison, characters are case folded in the Map preparation step,
+ and only Insignificant Space Handling is applied in the Insignificant
+ Character Handling step.
The LDAP definition for the caseIgnoreSubstringsMatch rule is:
The caseIgnoreSubstringsMatch rule is a substrings matching rule.
+4.2.14. directoryStringFirstComponentMatch
+
+ The directoryStringFirstComponentMatch rule compares an assertion
+ value of the Directory String syntax to an attribute value of a
+ syntax whose corresponding ASN.1 type is a SEQUENCE with a mandatory
+ first component of the DirectoryString ASN.1 type.
+
+ Note that the assertion syntax of this matching rule differs from the
+ attribute syntax of attributes for which this is the equality
+ matching rule.
+
+ The rule evaluates to TRUE if and only if the assertion value matches
+ the first component of the attribute value using the rules of
+ caseIgnoreMatch.
+
+ The LDAP definition for the directoryStringFirstComponentMatch
+ matching rule is:
+
+ ( 2.5.13.31 NAME 'directoryStringFirstComponentMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+
+
+Legg Expires 23 December 2005 [Page 35]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ The directoryStringFirstComponentMatch rule is an equality matching
+ rule. When using directoryStringFirstComponentMatch to compare two
+ attribute values (of an applicable syntax), an assertion value must
+ first be derived from one of the attribute values. An assertion
+ value can be derived from an attribute value by taking the first
+ component of that attribute value.
-5.2.10 distinguishedNameMatch
+4.2.15. distinguishedNameMatch
The distinguishedNameMatch rule compares an assertion value of the DN
- syntax to an attribute value of a syntax (e.g. the DN syntax) whose
+ syntax to an attribute value of a syntax (e.g., the DN syntax) whose
corresponding ASN.1 type is DistinguishedName.
The rule evaluates to TRUE if and only if the attribute value and the
- assertion value have the same number of RDNs and corresponding RDNs
- (by position) are the same. An RDN of the assertion value is the
- same as an RDN of the attribute value if and only if they have the
- same number of attribute value assertions (AVAs) and each AVA of the
- first RDN is the same as the AVA of the second RDN with the same
- attribute type. The order of the AVAs is not significant. Also note
- that a particular attribute type may appear in at most one AVA in an
- RDN. Two AVAs with the same attribute type are the same if their
- values are equal according to the equality matching rule of the
- attribute type. If one or more of the AVA comparisons evaluate to
- Undefined and the remaining AVA comparisons return TRUE then the
- distinguishedNameMatch rule evaluates to Undefined.
-
-
-
-Legg & Dally Expires 27 August 2003 [Page 32]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
+ assertion value have the same number of relative distinguished names
+ and corresponding relative distinguished names (by position) are the
+ same. A relative distinguished name (RDN) of the assertion value is
+ the same as an RDN of the attribute value if and only if they have
+ the same number of attribute value assertions and each attribute
+ value assertion (AVA) of the first RDN is the same as the AVA of the
+ second RDN with the same attribute type. The order of the AVAs is
+ not significant. Also note that a particular attribute type may
+ appear in at most one AVA in an RDN. Two AVAs with the same
+ attribute type are the same if their values are equal according to
+ the equality matching rule of the attribute type. If one or more of
+ the AVA comparisons evaluate to Undefined and the remaining AVA
+ comparisons return TRUE then the distinguishedNameMatch rule
+ evaluates to Undefined.
The LDAP definition for the distinguishedNameMatch rule is:
The distinguishedNameMatch rule is an equality matching rule.
-
-5.2.11 generalizedTimeMatch
+4.2.16. generalizedTimeMatch
The generalizedTimeMatch rule compares an assertion value of the
Generalized Time syntax to an attribute value of a syntax (e.g the
then the number of minutes or seconds (respectively) is assumed to be
zero.
+
+
+Legg Expires 23 December 2005 [Page 36]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
The LDAP definition for the generalizedTimeMatch rule is:
( 2.5.13.27 NAME 'generalizedTimeMatch'
The generalizedTimeMatch rule is an equality matching rule.
+4.2.17. generalizedTimeOrderingMatch
-5.2.12 generalizedTimeOrderingMatch
-
- The generalizedTimeMatch rule compares the time ordering of an
- assertion value of the Generalized Time syntax to an attribute value
- of a syntax (e.g the Generalized Time syntax) whose corresponding
- ASN.1 type is GeneralizedTime.
+ The generalizedTimeOrderingMatch rule compares the time ordering of
+ an assertion value of the Generalized Time syntax to an attribute
+ value of a syntax (e.g the Generalized Time syntax) whose
+ corresponding ASN.1 type is GeneralizedTime.
The rule evaluates to TRUE if and only if the attribute value
represents a universal coordinated time which is earlier than the
The generalizedTimeOrderingMatch rule is an ordering matching rule.
-
-
-
-
-Legg & Dally Expires 27 August 2003 [Page 33]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
-
-5.2.13 integerFirstComponentMatch
+4.2.18. integerFirstComponentMatch
The integerFirstComponentMatch rule compares an assertion value of
the Integer syntax to an attribute value of a syntax (e.g the DIT
The integerFirstComponentMatch rule is an equality matching rule.
When using integerFirstComponentMatch to compare two attribute values
+
+
+
+Legg Expires 23 December 2005 [Page 37]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
(of an applicable syntax), an assertion value must first be derived
from one of the attribute values. An assertion value can be derived
from an attribute value by taking the first component of that
attribute value.
-
-5.2.14 integerMatch
+4.2.19. integerMatch
The integerMatch rule compares an assertion value of the Integer
syntax to an attribute value of a syntax (e.g the Integer syntax)
The integerMatch rule is an equality matching rule.
+4.2.20. integerOrderingMatch
+
+ The integerOrderingMatch rule compares an assertion value of the
+ Integer syntax to an attribute value of a syntax (e.g the Integer
+ syntax) whose corresponding ASN.1 type is INTEGER.
+
+ The rule evaluates to TRUE if and only if the integer value of the
+ attribute value is less than the integer value the assertion value.
+
+ The LDAP definition for the integerOrderingMatch matching rule is:
-5.2.15 numericStringMatch
+ ( 2.5.13.15 NAME 'integerOrderingMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+ The integerOrderingMatch rule is an ordering matching rule.
+
+4.2.21. keywordMatch
+
+ The keywordMatch rule compares an assertion value of the Directory
+ String syntax to an attribute value of a syntax (e.g., the Directory
+ String syntax) whose corresponding ASN.1 type is DirectoryString.
+
+ The rule evaluates to TRUE if and only if the assertion value
+ character string matches any keyword in the attribute value. The
+ identification of keywords in the attribute value and the exactness
+ of the match are both implementation specific.
-Legg & Dally Expires 27 August 2003 [Page 34]
+Legg Expires 23 December 2005 [Page 38]
\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ The LDAP definition for the keywordMatch rule is:
+ ( 2.5.13.33 NAME 'keywordMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+4.2.22. numericStringMatch
The numericStringMatch rule compares an assertion value of the
Numeric String syntax to an attribute value of a syntax (e.g the
Numeric String syntax) whose corresponding ASN.1 type is
NumericString.
- The rule evaluates to TRUE if and only if the attribute value and the
- assertion value are the same string of numerals, ignoring any space
- characters.
+ The rule evaluates to TRUE if and only if the prepared attribute
+ value character string and the prepared assertion value character
+ string have the same number of characters and corresponding
+ characters have the same code point.
+
+ In preparing the attribute value and assertion value for comparison,
+ characters are not case folded in the Map preparation step, and only
+ numericString Insignificant Character Handling is applied in the
+ Insignificant Character Handling step.
The LDAP definition for the numericStringMatch matching rule is:
The numericStringMatch rule is an equality matching rule.
+4.2.23. numericStringOrderingMatch
+
+ The numericStringOrderingMatch rule compares an assertion value of
+ the Numeric String syntax to an attribute value of a syntax (e.g the
+ Numeric String syntax) whose corresponding ASN.1 type is
+ NumericString.
+
+ The rule evaluates to TRUE if, and only if, in the code point
+ collation order, the prepared attribute value character string
+ appears earlier than the prepared assertion value character string,
+ i.e., the attribute value is "less than" the assertion value.
+
+ In preparing the attribute value and assertion value for comparison,
+ characters are not case folded in the Map preparation step, and only
+ numericString Insignificant Character Handling is applied in the
+ Insignificant Character Handling step.
+
+ The rule is identical to the caseIgnoreOrderingMatch rule except that
+ all space characters are skipped during comparison (case is
+
+
+
+Legg Expires 23 December 2005 [Page 39]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ irrelevant as characters are numeric).
-5.2.16 numericStringSubstringsMatch
+ The LDAP definition for the numericStringOrderingMatch matching rule
+ is:
+
+ ( 2.5.13.9 NAME 'numericStringOrderingMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )
+
+ The numericStringOrderingMatch rule is an ordering matching rule.
+
+4.2.24. numericStringSubstringsMatch
The numericStringSubstringsMatch rule compares an assertion value of
the Substring Assertion syntax to an attribute value of a syntax (e.g
the Numeric String syntax) whose corresponding ASN.1 type is
NumericString.
- The rule evaluates to TRUE if and only if the substrings of the
- assertion value match disjoint portions of the attribute value in the
- order of the substrings in the assertion value, and an <initial>
- substring, if present, matches the beginning of the attribute value,
- and a <final> substring, if present, matches the end of the attribute
- value. A substring matches a portion of the attribute value if
- corresponding characters are the same, ignoring any space characters.
+ The rule evaluates to TRUE if and only if the prepared substrings of
+ the assertion value match disjoint portions of the prepared attribute
+ value character string in the order of the substrings in the
+ assertion value, and an <initial> substring, if present, matches the
+ beginning of the prepared attribute value character string, and a
+ <final> substring, if present, matches the end of the prepared
+ attribute value character string. A prepared substring matches a
+ portion of the prepared attribute value character string if
+ corresponding characters have the same code point.
+
+ In preparing the attribute value and assertion value for comparison,
+ characters are not case folded in the Map preparation step, and only
+ numericString Insignificant Character Handling is applied in the
+ Insignificant Character Handling step.
+
+ The LDAP definition for the numericStringSubstringsMatch matching
+ rule is:
( 2.5.13.10 NAME 'numericStringSubstringsMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
The numericStringSubstringsMatch rule is a substrings matching rule.
-
-5.2.17 objectIdentifierFirstComponentMatch
+4.2.25. objectIdentifierFirstComponentMatch
The objectIdentifierFirstComponentMatch rule compares an assertion
value of the OID syntax to an attribute value of a syntax (e.g the
Description, Matching Rule Description, Matching Rule Use
Description, Name Form Description or Object Class Description
syntax) whose corresponding ASN.1 type is a SEQUENCE with a mandatory
- first component of the OBJECT IDENTIFIER ASN.1 type.
-
-Legg & Dally Expires 27 August 2003 [Page 35]
+Legg Expires 23 December 2005 [Page 40]
\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+ first component of the OBJECT IDENTIFIER ASN.1 type.
Note that the assertion syntax of this matching rule differs from the
attribute syntax of attributes for which this is the equality
The LDAP definition for the objectIdentifierFirstComponentMatch
matching rule is:
- ( 2.5.13.31 NAME 'objectIdentifierFirstComponentMatch'
+ ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
The objectIdentifierFirstComponentMatch rule is an equality matching
value can be derived from an attribute value by taking the first
component of that attribute value.
-
-5.2.18 objectIdentifierMatch
+4.2.26. objectIdentifierMatch
The objectIdentifierMatch rule compares an assertion value of the OID
syntax to an attribute value of a syntax (e.g the OID syntax) whose
The objectIdentifierMatch rule is an equality matching rule.
+4.2.27. octetStringMatch
-5.2.19 octetStringMatch
-
-Legg & Dally Expires 27 August 2003 [Page 36]
+Legg Expires 23 December 2005 [Page 41]
\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
The octetStringMatch rule compares an assertion value of the Octet
The octetStringMatch rule is an equality matching rule.
+4.2.28. octetStringOrderingMatch
+
+ The octetStringOrderingMatch rule compares an assertion value of the
+ Octet String syntax to an attribute value of a syntax (e.g the Octet
+ String or JPEG syntax) whose corresponding ASN.1 type is the OCTET
+ STRING ASN.1 type.
+
+ The rule evaluates to TRUE if and only if the attribute value appears
+ earlier in the collation order than the assertion value. The rule
+ compares octet strings from the first octet to the last octet, and
+ from the most significant bit to the least significant bit within the
+ octet. The first occurrence of a different bit determines the
+ ordering of the strings. A zero bit precedes a one bit. If the
+ strings contain different numbers of octets but the longer string is
+ identical to the shorter string up to the length of the shorter
+ string then the shorter string precedes the longer string.
+
+ The LDAP definition for the octetStringOrderingMatch matching rule
+ is:
+
+ ( 2.5.13.18 NAME 'octetStringOrderingMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+ The octetStringOrderingMatch rule is an ordering matching rule.
-5.2.20 telephoneNumberMatch
+4.2.29. telephoneNumberMatch
The telephoneNumberMatch rule compares an assertion value of the
Telephone Number syntax to an attribute value of a syntax (e.g the
Telephone Number syntax) whose corresponding ASN.1 type is a
PrintableString representing a telephone number.
- The rule evaluates to TRUE if and only if the attribute value and the
- assertion value have the same number of characters and corresponding
- characters are the same, ignoring the case of letters, and ignoring
- space and `-' characters.
+
+
+
+Legg Expires 23 December 2005 [Page 42]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ The rule evaluates to TRUE if and only if the prepared attribute
+ value character string and the prepared assertion value character
+ string have the same number of characters and corresponding
+ characters have the same code point.
+
+ In preparing the attribute value and assertion value for comparison,
+ characters are case folded in the Map preparation step, and only
+ telephoneNumber Insignificant Character Handling is applied in the
+ Insignificant Character Handling step.
The LDAP definition for the telephoneNumberMatch matching rule is:
The telephoneNumberMatch rule is an equality matching rule.
-
-5.2.21 telephoneNumberSubstringsMatch
+4.2.30. telephoneNumberSubstringsMatch
The telephoneNumberSubstringsMatch rule compares an assertion value
of the Substring Assertion syntax to an attribute value of a syntax
(e.g the Telephone Number syntax) whose corresponding ASN.1 type is a
PrintableString representing a telephone number.
- The rule evaluates to TRUE if and only if the substrings of the
- assertion value match disjoint portions of the attribute value in the
- order of the substrings in the assertion value, and an <initial>
- substring, if present, matches the beginning of the attribute value,
-
-
-
-Legg & Dally Expires 27 August 2003 [Page 37]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
-
- and a <final> substring, if present, matches the end of the attribute
- value. A substring matches a portion of the attribute value if
- corresponding characters are the same, ignoring the case of letters,
- and ignoring space and `-' characters.
+ The rule evaluates to TRUE if and only if the prepared substrings of
+ the assertion value match disjoint portions of the prepared attribute
+ value character string in the order of the substrings in the
+ assertion value, and an <initial> substring, if present, matches the
+ beginning of the prepared attribute value character string, and a
+ <final> substring, if present, matches the end of the prepared
+ attribute value character string. A prepared substring matches a
+ portion of the prepared attribute value character string if
+ corresponding characters have the same code point.
+
+ In preparing the attribute value and assertion value substrings for
+ comparison, characters are case folded in the Map preparation step,
+ and only telephoneNumber Insignificant Character Handling is applied
+ in the Insignificant Character Handling step.
The LDAP definition for the telephoneNumberSubstringsMatch matching
rule is:
rule.
-5.2.22 uniqueMemberMatch
+
+
+Legg Expires 23 December 2005 [Page 43]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+4.2.31. uniqueMemberMatch
The uniqueMemberMatch rule compares an assertion value of the Name
And Optional UID syntax to an attribute value of a syntax (e.g the
The rule evaluates to TRUE if and only if the <distinguishedName>
components of the assertion value and attribute value match according
- to the distinguishedNameMatch rule and the <BitString> component is
- absent from the attribute value or matches the <BitString> component
- of the assertion value according to the bitStringMatch rule.
+ to the distinguishedNameMatch rule and either, the <BitString>
+ component is absent from both the attribute value and assertion
+ value, or the <BitString> component is present in both the attribute
+ value and the assertion value and the <BitString> component of the
+ assertion value matches the <BitString> component of the attribute
+ value according to the bitStringMatch rule.
+
+ Note that this matching rule has been altered from its description in
+ X.520 [X.520] in order to make the matching rule commutative. Server
+ implementors should consider using the original X.520 semantics
+ (where the matching was less exact) for approximate matching of
+ attributes with uniqueMemberMatch as the equality matching rule.
The LDAP definition for the uniqueMemberMatch matching rule is:
The uniqueMemberMatch rule is an equality matching rule.
+4.2.32. wordMatch
-6. Security Considerations
+ The wordMatch rule compares an assertion value of the Directory
+ String syntax to an attribute value of a syntax (e.g., the Directory
+ String syntax) whose corresponding ASN.1 type is DirectoryString.
- In general, the LDAP-specific encodings for syntaxes defined in this
- document do not define canonical encodings. That is, a
- transformation from an LDAP-specific encoding into some other
- encoding (e.g. BER) and back into the LDAP-specific encoding will not
- necessarily reproduce exactly the original octets of the
- LDAP-specific encoding. Therefore an LDAP-specific encoding should
- not be used where a canonical encoding is required.
+ The rule evaluates to TRUE if and only if the assertion value word
+ matches, according to the semantics of caseIgnoreMatch, any word in
+ the attribute value. The precise definition of a word is
+ implementation specific.
- Furthermore, the LDAP-specific encodings do not necessarily enable an
- alternative encoding of values of the Directory String and DN
+ The LDAP definition for the wordMatch rule is:
+ ( 2.5.13.32 NAME 'wordMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+5. Security Considerations
-Legg & Dally Expires 27 August 2003 [Page 38]
+ In general, the LDAP-specific encodings for syntaxes defined in this
+
+
+
+Legg Expires 23 December 2005 [Page 44]
\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+ document do not define canonical encodings. That is, a
+ transformation from an LDAP-specific encoding into some other
+ encoding (e.g., BER) and back into the LDAP-specific encoding will
+ not necessarily reproduce exactly the original octets of the
+ LDAP-specific encoding. Therefore an LDAP-specific encoding should
+ not be used where a canonical encoding is required.
- syntaxes to be reconstructed, e.g. a transformation from DER to
- LDAP-specific encoding and back to DER may not reproduce the original
+ Furthermore, the LDAP-specific encodings do not necessarily enable an
+ alternative encoding of values of the Directory String and DN
+ syntaxes to be reconstructed, e.g., a transformation from a
+ Distinguished Encoding Rules (DER) [BER] encoding to an LDAP-specific
+ encoding and back to a DER encoding may not reproduce the original
DER encoding. Therefore LDAP-specific encodings should not be used
- where reversibility to DER is needed, e.g. for the verification of
+ where reversibility to DER is needed, e.g., for the verification of
digital signatures. Instead, DER or a DER-reversible encoding should
be used.
matching rule comparisons are done on the underlying abstract value,
regardless of the particular encoding used.
+6. Acknowledgements
-7. Acknowledgements
-
- This document is an revision of RFC 2252 by M. Wahl, A. Coulbeck, T.
- Howes, and S. Kille. RFC 2252 was a product of the IETF ASID Working
- Group.
+ This document is primarily a revision of RFC 2252 by M. Wahl, A.
+ Coulbeck, T. Howes, and S. Kille. RFC 2252 was a product of the IETF
+ ASID Working Group.
This document is based upon input of the IETF LDAPBIS working group.
- The authors wish to thank J. Sermersheim and K. Zeilenga for their
- significant contribution to this revision.
-
+ The author would like to thank Kathy Dally for editing the early
+ drafts of this revision, and Jim Sermersheim and Kurt Zeilenga for
+ their significant contributions to this revision.
-8. IANA Considerations
+7. IANA Considerations
The Internet Assigned Numbers Authority (IANA) is requested to update
- the LDAP descriptors registry as indicated by the following
+ the LDAP descriptors registry [BCP64] as indicated by the following
templates:
Subject: Request for LDAP Descriptor Registration Update
Descriptor (short name): see comment
Object Identifier: see comment
Person & email address to contact for further information:
- Steven Legg <steven.legg@adacel.com.au>
+ Steven Legg <steven.legg@eb2bcom.com>
Usage: see comment
Specification: RFC XXXX
Author/Change Controller: IESG
Comments:
+
+
+Legg Expires 23 December 2005 [Page 45]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
The following descriptors (short names) should be updated to refer
to RFC XXXX.
NAME Type OID
------------------------------------------------------------------
bitStringMatch M 2.5.13.16
+ booleanMatch M 2.5.13.13
caseExactIA5Match M 1.3.6.1.4.1.1466.109.114.1
+ caseExactMatch M 2.5.13.5
+ caseExactOrderingMatch M 2.5.13.6
+ caseExactSubstringsMatch M 2.5.13.7
caseIgnoreIA5Match M 1.3.6.1.4.1.1466.109.114.2
-
-
-
-Legg & Dally Expires 27 August 2003 [Page 39]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
-
caseIgnoreListMatch M 2.5.13.11
+ caseIgnoreListSubstringsMatch M 2.5.13.12
caseIgnoreMatch M 2.5.13.2
caseIgnoreOrderingMatch M 2.5.13.3
caseIgnoreSubstringsMatch M 2.5.13.4
+ directoryStringFirstComponentMatch M 2.5.13.31
distinguishedNameMatch M 2.5.13.1
generalizedTimeMatch M 2.5.13.27
generalizedTimeOrderingMatch M 2.5.13.28
integerFirstComponentMatch M 2.5.13.29
integerMatch M 2.5.13.14
+ integerOrderingMatch M 2.5.13.15
+ keywordMatch M 2.5.13.33
numericStringMatch M 2.5.13.8
+ numericStringOrderingMatch M 2.5.13.9
numericStringSubstringsMatch M 2.5.13.10
- objectIdentifierFirstComponentMatch M 2.5.13.31
+ objectIdentifierFirstComponentMatch M 2.5.13.30
octetStringMatch M 2.5.13.17
+ octetStringOrderingMatch M 2.5.13.18
telephoneNumberMatch M 2.5.13.20
telephoneNumberSubstringsMatch M 2.5.13.21
uniqueMemberMatch M 2.5.13.23
+ wordMatch M 2.5.13.32
The descriptor for the object identifier 2.5.13.0 was incorrectly
- registered as objectIdentifiersMatch (extraneous `s') in RFC 3383.
- It should be changed to the following with a reference to RFC
- XXXX.
+ registered as objectIdentifiersMatch (extraneous `s') in BCP 64.
+ It should be changed to the following with a reference to
+ RFC XXXX.
NAME Type OID
------------------------------------------------------------------
Subject: Request for LDAP Descriptor Registration
Descriptor (short name): caseIgnoreIA5SubstringsMatch
- Object Identifier: 1.3.6.1.4.1.1466.109.114.3
- Person & email address to contact for further information:
- Steven Legg <steven.legg@adacel.com.au>
- Usage: other (M)
- Specification: RFC XXXX
- Author/Change Controller: IESG
-
-
- Subject: Request for LDAP Descriptor Registration
- Descriptor (short name): caseIgnoreListSubstringsMatch
- Object Identifier: 2.5.13.12
- Person & email address to contact for further information:
- Steven Legg <steven.legg@adacel.com.au>
- Usage: other (M)
- Specification: RFC XXXX
- Author/Change Controller: IESG
-
-9. Normative References
-
-Legg & Dally Expires 27 August 2003 [Page 40]
+Legg Expires 23 December 2005 [Page 46]
\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
-
- [KEYWORD] Bradner, S., "Key words for use in RFCs to Indicate
- Requirement Levels", BCP 14, RFC 2119, March 1997.
-
- [ABNF] Crocker, D. and P. Overell, "Augmented BNF for Syntax
- Specifications: ABNF", RFC 2234, November 1997.
-
- [UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO
- 10646", RFC 2279, January 1998.
-
- [RFC3383] Zeilenga, K., "IANA Considerations for LDAP", BCP 64, RFC
- 3383, September 2002.
-
- [LDAPDN] Zeilenga, K., "LDAP: String Representation of
- Distinguished Names", draft-ietf-ldapbis-dn-xx.txt, a work
- in progress, August 2002.
-
- [PROT] Sermersheim, J., "LDAP: The Protocol", draft-ietf-ldapbis-
- protocol-xx.txt, a work in progress, December 2002.
-
- [E.123] Notation for national and international telephone numbers,
- ITU-T Recommendation E.123, 1988.
-
- [FAX] Standardization of Group 3 facsimile apparatus for
- document transmission - Terminal Equipment and Protocols
- for Telematic Services, ITU-T Recommendation T.4, 1993
-
- [T.50] International Reference Alphabet (IRA) (Formerly
- International Alphabet No. 5 or IA5) Information
- Technology - 7-Bit Coded Character Set for Information
- Interchange, ITU-T Recommendation T.50, 1992
-
- [X.420] ITU-T Recommendation X.420 (1996) | ISO/IEC 10021-7:1997,
- Information Technology - Message Handling Systems (MHS):
- Interpersonal messaging system
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
- [X.501] ITU-T Recommendation X.501 (1993) | ISO/IEC 9594-2:1994,
- Information Technology - Open Systems Interconnection -
- The Directory: Models
-
- [X.520] ITU-T Recommendation X.520 (1993) | ISO/IEC 9594-6:1994,
- Information Technology - Open Systems Interconnection -
- The Directory: Selected attribute types
-
- [ASN.1] ITU-T Recommendation X.680 (1997) | ISO/IEC 8824-1:1998
- Information Technology - Abstract Syntax Notation One
- (ASN.1): Specification of basic notation
-
- [ISO3166] ISO 3166, "Codes for the representation of names of
-
-
-
-Legg & Dally Expires 27 August 2003 [Page 41]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
-
- countries".
-
- [UCS] Universal Multiple-Octet Coded Character Set (UCS) -
- Architecture and Basic Multilingual Plane, ISO/IEC
- 10646-1: 1993 (with amendments).
-
- [JPEG] JPEG File Interchange Format (Version 1.02). Eric
- Hamilton, C-Cube Microsystems, Milpitas, CA, September 1,
- 1992.
-
-
-10. Informative References
-
- [RFC2252] Wahl, M., Coulbeck, A., Howes, T. and S. Kille,
- "Lightweight Directory Access Protocol (v3): Attribute
- Syntax Definitions", RFC 2252, December 1997.
-
- [RFC2256] Wahl, M., "A Summary of the X.500(96) User Schema for use
- with LDAPv3", RFC 2256, December 1997.
-
- [RFC3377] Hodges, J. and R. Morgan, "Lightweight Directory Access
- Protocol (v3): Technical Specification", RFC 3377,
- September 2002.
-
- [X.500] ITU-T Recommendation X.500 (1993) | ISO/IEC 9594-1:1994,
- Information Technology - Open Systems Interconnection -
- The Directory: Overview of concepts, models and services
-
- [BER] ITU-T Recommendation X.690 (1997) | ISO/IEC 8825-1:1998
- Information Technology - ASN.1 encoding rules:
- Specification of Basic Encoding Rules (BER), Canonical
- Encoding Rules (CER) and Distinguished Encoding Rules
- (DER)
-
-
-11. Authors' Addresses
-
- Steven Legg
- Adacel Technologies Ltd.
- 405-409 Ferntree Gully Road
- Mount Waverley, Victoria 3149
- AUSTRALIA
-
- Phone: +61 3 9451 2107
- Fax: +61 3 9541 2121
- Email: steven.legg@adacel.com.au
-
-
-
-
-
-Legg & Dally Expires 27 August 2003 [Page 42]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
-
- Kathy Dally
- The MITRE Corp.
- 7515 Colshire Dr., ms-W650
- McLean VA 22102
- USA
-
- Phone: +1 703 883 6058
- Fax: +1 703 883 7142
- Email: kdally@mitre.org
-
-
-12. Copyright Notice
-
- Copyright (C) The Internet Society (2003). All Rights Reserved.
-
- This document and translations of it may be copied and furnished to
- others, and derivative works that comment on or otherwise explain it
- or assist in its implementation may be prepared, copied, published
- and distributed, in whole or in part, without restriction of any
- kind, provided that the above copyright notice and this paragraph are
- included on all such copies and derivative works. However, this
- document itself may not be modified in any way, such as by removing
- the copyright notice or references to the Internet Society or other
- Internet organizations, except as needed for the purpose of
- developing Internet standards in which case the procedures for
- copyrights defined in the Internet Standards process must be
- followed, or as required to translate it into languages other than
- English.
-
- The limited permissions granted above are perpetual and will not be
- revoked by the Internet Society or its successors or assigns.
-
- This document and the information contained herein is provided on an
- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+ Object Identifier: 1.3.6.1.4.1.1466.109.114.3
+ Person & email address to contact for further information:
+ Steven Legg <steven.legg@eb2bcom.com>
+ Usage: other (M)
+ Specification: RFC XXXX
+ Author/Change Controller: IESG
Appendix A. Summary of Syntax Object Identifiers
Syntax OBJECT IDENTIFIER
==============================================================
Attribute Type Description 1.3.6.1.4.1.1466.115.121.1.3
-
-
-
-Legg & Dally Expires 27 August 2003 [Page 43]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
-
Bit String 1.3.6.1.4.1.1466.115.121.1.6
Boolean 1.3.6.1.4.1.1466.115.121.1.7
Country String 1.3.6.1.4.1.1466.115.121.1.11
UTC Time 1.3.6.1.4.1.1466.115.121.1.53
-Appendix B. Changes from RFC 2252 & RFC 2256
+
+Legg Expires 23 December 2005 [Page 47]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+Appendix B. Changes from RFC 2252
This annex lists the significant differences between this
- specification and RFC 2252 and Sections 6 and 8 of RFC 2256.
+ specification and RFC 2252.
This annex is provided for informational purposes only. It is not a
normative part of this specification.
1. The IESG Note has been removed.
2. The major part of Sections 4, 5 and 7 has been moved to [MODELS]
- and revised. Changes to the parts of these sections moved to
+ and revised. Changes to the parts of these sections moved to
[MODELS] are detailed in [MODELS].
-
-
-Legg & Dally Expires 27 August 2003 [Page 44]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
-
3. BNF descriptions of syntax formats have been replaced by ABNF
[ABNF] specifications.
4. The ambiguous statement in RFC 2252, Section 4.3 regarding the
use of a backslash quoting mechanism to escape separator symbols
- has been removed. The escaping mechanism is now explicitly
+ has been removed. The escaping mechanism is now explicitly
represented in the ABNF for the syntaxes where this provision
applies.
11. A corresponding ASN.1 type for the LDAP Syntax Description syntax
has been invented.
+
+
+
+Legg Expires 23 December 2005 [Page 48]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
12. The Binary syntax has been removed because it was not adequately
specified, implementations with different incompatible
interpretations exist, and it was confused with the ;binary
transfer encoding.
13. All discussion of transfer options, including the ";binary"
- option, has been removed. All imperatives regarding binary
+ option, has been removed. All imperatives regarding binary
transfer of values have been removed.
14. The Delivery Method, Enhanced Guide, Guide, Octet String, Teletex
been incorporated.
15. The <criteria> rule for the Enhanced Guide and Guide syntaxes has
-
-
-
-Legg & Dally Expires 27 August 2003 [Page 45]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
-
-
been extended to accommodate empty "and" and "or" expressions.
16. An encoding for the <ttx-value> rule in the Teletex Terminal
Identifier syntax has been defined.
17. The PKI-related syntaxes (Certificate, Certificate List and
- Certificate Pair from RFC 2252, and Supported Algorithm syntax
- from RFC 2256) have been removed. They are to be reintroduced in
- PKIX documents.
+ Certificate Pair) have been removed. They are reintroduced in
+ [LDAP-PKI] (as is the Supported Algorithm syntax from RFC 2256).
18. The MHS OR Address syntax has been removed since its
specification (in RFC 2156) is not at draft standard maturity.
22. The LDAP Schema Definition syntax (defined in RFC 2927) and the
Mail Preference syntax have been removed on the grounds that they
- are out of scope for a core specification.
+ are out of scope for the core specification.
23. The description of each of the matching rules has been expanded
so that they are less dependent on knowledge of X.500 for
interpretation.
24. The caseIgnoreIA5SubstringsMatch matching rule from RFC 2798 has
- been added.
- 25. The caseIgnoreIA5SubstringsMatch, caseIgnoreListSubstringsMatch,
- caseIgnoreOrderingMatch and caseIgnoreSubstringsMatch matching
- rules have been added to the list of matching rules for which the
- provisions for handling leading, trailing and multiple adjoining
- whitespace characters apply. This is consistent with the
- definitions of these matching rules in X.500. The
- telephoneNumberMatch rule has been removed from the list since it
- completely ignores all space characters.
- 26. The specification of the octetStringMatch matching rule from RFC
- 2256 has been added to this document.
+Legg Expires 23 December 2005 [Page 49]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
-Legg & Dally Expires 27 August 2003 [Page 46]
-\f
-INTERNET-DRAFT LDAP: Syntaxes and Matching Rules February 27, 2003
+ been added.
+
+ 25. The caseIgnoreListSubstringsMatch, caseIgnoreOrderingMatch and
+ caseIgnoreSubstringsMatch matching rules have been added to the
+ list of matching rules for which the provisions for handling
+ leading, trailing and multiple adjoining whitespace characters
+ apply (now through string preparation). This is consistent with
+ the definitions of these matching rules in X.500. The
+ caseIgnoreIA5SubstringsMatch rule has also been added to the
+ list.
+ 26. The specification of the octetStringMatch matching rule from
+ RFC 2256 has been added to this document.
27. The presentationAddressMatch matching rule has been removed as it
depends on an assertion syntax (Presentation Address) that is not
X.680 since X.680 is the version of ASN.1 referred to by X.500.
30. The specification of the caseIgnoreListSubstringsMatch matching
- rule from RFC 2798 & X.520 has been added to this document.
+ rule from RFC 2798 & X.520 has been added.
+
+ 31. String preparation algorithms have been applied to the character
+ string matching rules.
+
+ 32. The specifications of the booleanMatch, caseExactMatch,
+ caseExactOrderingMatch, caseExactSubstringsMatch,
+ directoryStringFirstComponentMatch, integerOrderingMatch,
+ keywordMatch, numericStringOrderingMatch,
+ octetStringOrderingMatch and wordMatch matching rules from
+ RFC 3698 & X.520 have been added.
+
+Normative References
+
+ [KEYWORD] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [UTF8] Yergeau, F., "UTF-8, a transformation format of ISO
+ 10646", RFC 3629, November 2003.
+
+ [BCP64] Zeilenga, K., "Internet Assigned Numbers Authority (IANA)
+ Considerations for the Lightweight Directory Access
+ Protocol (LDAP)", BCP 64, RFC 3383, September 2002.
+
+
+
+Legg Expires 23 December 2005 [Page 50]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ [ABNF] Crocker, D. and P. Overell, "Augmented BNF for Syntax
+ Specifications: ABNF", draft-crocker-abnf-rfc2234bis-
+ xx.txt, a work in progress, March 2005.
+
+ [ROADMAP] Zeilenga, K., "Lightweight Directory Access Protocol
+ (LDAP): Technical Specification Road Map", draft-ietf-
+ ldapbis-roadmap-xx.txt, a work in progress, February 2005.
+
+ [MODELS] Zeilenga, K., "LDAP: Directory Information Models", draft-
+ ietf-ldapbis-models-xx.txt, a work in progress, February
+ 2005.
+
+ [PROT] Sermersheim, J., "LDAP: The Protocol", draft-ietf-ldapbis-
+ protocol-xx.txt, a work in progress, May 2005.
+
+ [LDAPDN] Zeilenga, K., "LDAP: String Representation of
+ Distinguished Names", draft-ietf-ldapbis-dn-xx.txt, a work
+ in progress, February 2005.
+
+ [PREP] Zeilenga, K., "LDAP: Internationalized String
+ Preparation", draft-ietf-ldapbis-strprep-xx.txt, a work in
+ progress, February 2005.
+
+ [E.123] Notation for national and international telephone numbers,
+ ITU-T Recommendation E.123, 1988.
+
+ [FAX] Standardization of Group 3 facsimile apparatus for
+ document transmission - Terminal Equipment and Protocols
+ for Telematic Services, ITU-T Recommendation T.4, 1993
+
+ [T.50] International Reference Alphabet (IRA) (Formerly
+ International Alphabet No. 5 or IA5) Information
+ Technology - 7-Bit Coded Character Set for Information
+ Interchange, ITU-T Recommendation T.50, 1992
+
+ [X.420] ITU-T Recommendation X.420 (1996) | ISO/IEC 10021-7:1997,
+ Information Technology - Message Handling Systems (MHS):
+ Interpersonal messaging system
+
+ [X.501] ITU-T Recommendation X.501 (1993) | ISO/IEC 9594-2:1994,
+ Information Technology - Open Systems Interconnection -
+ The Directory: Models
+
+ [X.520] ITU-T Recommendation X.520 (1993) | ISO/IEC 9594-6:1994,
+ Information Technology - Open Systems Interconnection -
+ The Directory: Selected attribute types
+
+ [ASN.1] ITU-T Recommendation X.680 (07/02) | ISO/IEC 8824-1:2002,
+
+
+
+Legg Expires 23 December 2005 [Page 51]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ Information technology - Abstract Syntax Notation One
+ (ASN.1): Specification of basic notation
+
+ [ISO3166] ISO 3166, "Codes for the representation of names of
+ countries".
+
+ [ISO8601] ISO 8601:2004, "Data elements and interchange formats --
+ Information interchange -- Representation of dates and
+ times".
+
+ [UCS] Universal Multiple-Octet Coded Character Set (UCS) -
+ Architecture and Basic Multilingual Plane, ISO/IEC
+ 10646-1: 1993 (with amendments).
+
+ [JPEG] JPEG File Interchange Format (Version 1.02). Eric
+ Hamilton, C-Cube Microsystems, Milpitas, CA, September 1,
+ 1992.
+
+Informative References
+
+ [RFC2252] Wahl, M., Coulbeck, A., Howes, T. and S. Kille,
+ "Lightweight Directory Access Protocol (v3): Attribute
+ Syntax Definitions", RFC 2252, December 1997.
+
+ [RFC2256] Wahl, M., "A Summary of the X.500(96) User Schema for use
+ with LDAPv3", RFC 2256, December 1997.
+
+ [RFC3377] Hodges, J. and R. Morgan, "Lightweight Directory Access
+ Protocol (v3): Technical Specification", RFC 3377,
+ September 2002.
+
+ [RFC3698] Zeilenga, K., "Lightweight Directory Access Protocol
+ (LDAP): Additional Matching Rules", RFC 3698, February
+ 2004.
+
+ [SCHEMA] Sciberras, A., "LDAP: Schema for User Applications",
+ draft-ietf-ldapbis-user-schema-xx.txt, a work in progress,
+ April 2005.
+
+ [LDAP-PKI] Zeilenga, K. D., "Lightweight Directory Access Protocol
+ (LDAP) schema definitions for X.509 Certificates", draft-
+ zeilenga-ldap-x509-xx.txt, a work in progress, February
+ 2005.
+
+ [X.500] ITU-T Recommendation X.500 (1993) | ISO/IEC 9594-1:1994,
+ Information Technology - Open Systems Interconnection -
+ The Directory: Overview of concepts, models and services
+
+
+
+
+Legg Expires 23 December 2005 [Page 52]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ [BER] ITU-T Recommendation X.690 (07/02) | ISO/IEC 8825-1:2002,
+ Information technology - ASN.1 encoding rules:
+ Specification of Basic Encoding Rules (BER), Canonical
+ Encoding Rules (CER) and Distinguished Encoding Rules
+ (DER)
+
+Author's Address
+
+ Steven Legg
+ eB2Bcom
+ Suite3, Woodhouse Corporate Centre
+ 935 Station Street
+ Box Hill North, Victoria 3129
+ AUSTRALIA
+
+ Phone: +61 3 9896 7830
+ Fax: +61 3 9896 7801
+ EMail: steven.legg@eb2bcom.com
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2005).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+
+
+
+Legg Expires 23 December 2005 [Page 53]
+\f
+INTERNET-DRAFT LDAP: Syntaxes and Matching Rules June 23, 2005
+
+
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr@ietf.org.
+
+
-Legg & Dally Expires 27 August 2003 [Page 47]
+Legg Expires 23 December 2005 [Page 54]
\f
projects / openldap / blobdiff