INTERNET-DRAFT Editor: Kurt D. Zeilenga
Intended Category: Standard Track OpenLDAP Foundation
-Expires: 26 December 2001 26 June 2001
+Expires: 22 April 2002 22 October 2001
Obsoletes: RFC 1274
+Updates: RFC 2798
LDAPv3: A Collection of User Schema
- <draft-zeilenga-ldap-user-schema-01.txt>
+ <draft-zeilenga-ldap-user-schema-03.txt>
Status of this Memo
This document is intended to be, after appropriate review and
revision, submitted to the RFC Editor as a Standard Track document.
Distribution of this memo is unlimited. Technical discussion of this
- document will take place on the IETF LDAP Extension Working Group
- mailing list <ietf-ldapext@netscape.com>. Please send editorial
- comments directly to the author <Kurt@OpenLDAP.org>.
+ document will take place on the IETF Directory Interest mailing list
+ <directory@apps.ietf.org>. Please send editorial comments directly to
+ the author <Kurt@OpenLDAP.org>.
Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other
Abstract
This document provides a collection of user schema elements for use
- with LDAP collected from numerous sources.
+ with LDAP collected from numerous sources including RFC 1274, X.501,
+ and X.520.
-
-
-Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 1]
+Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 1]
\f
-INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
+INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
+
+
+Conventions
+
+ Schema definitions are provided using LDAPv3 description formats
+ [RFC2252]. Definitions provided here are formatted (line wrapped) for
+ readability.
+
+ The key words "SHALL", "SHALL NOT", "MUST", "MUST NOT", "SHOULD",
+ "SHOULD NOT", "MAY" and "MAY NOT" used in this document are to be
+ interpreted as described in [RFC2119].
+
+
+Table of Contents (to be expanded by editor)
+
+ Status of this Memo 1
+ Abstract
+ Conventions 2
+ Table of Contents
+ 1. Background and Intended Use 3
+ 2. Matching Rules
+ 2.1. booleanMatch 4
+ 2.2. caseExactMatch
+ 2.3. caseExactOrderingMatch
+ 2.4. caseExactSubstringsMatch
+ 2.5. caseIgnoreListSubstringsMatch
+ 2.6. directoryStringFirstComponentMatch 5
+ 2.7. integerOrderingMatch
+ 2.7. keywordMatch
+ 2.9. numericStringOrderingMatch 6
+ 2.10. octetStringOrderingMatch
+ 2.11. storedPrefixMatch
+ 2.12. wordMatch 7
+ 3. Attribute Types
+ 3.1. associatedDomain
+ 3.2. associatedName
+ 3.3. buildingName
+ 3.3. co 8
+ 3.4. destinationIndicator
+ 3.5. documentAuthor
+ 3.6. documentIdentifier 9
+ 3.7. documentLocation
+ 3.8. documentPublisher
+ 3.9. documentTitle
+ 3.10. documentVersion
+ 3.11. drink 10
+ 3.12. houseIdentifier
+ 3.13. homePhone
+ 3.14. homePostalAddress
+ 3.15. host 11
+
+
+
+Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 2]
+\f
+INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
+
+
+ 3.16. info
+ 3.17. mail
+ 3.18. manager 12
+ 3.19. mobile
+ 3.20. organizationalStatus
+ 3.21. otherMailbox
+ 3.22. pager 13
+ 3.23. personalTitle
+ 3.24. roomNumber
+ 3.25. secretary
+ 3.26. uid 14
+ 3.27. uniqueIdentifier
+ 3.28. userClass
+ 4. Object Classes 15
+ 4.1. account
+ 4.2. document
+ 4.3. documentSeries
+ 4.4. domainRelatedObject 16
+ 4.5. friendlyCountry
+ 4.6. rFC822LocalPart
+ 4.7. room 17
+ 4.8. simpleSecurityObject
+ 5. Security Considerations
+ 6. Acknowledgements
+ 7. Author's Address
+ References 18
+ Full Copyright 19
1. Background and Intended Use
This document provides descriptions [RFC2252] of user schema for use
with LDAP [LDAPTS] collected from numerous sources.
- The document includes a summary of select schema introduced for the
+ This document includes a summary of select schema introduced for the
COSINE and Internet X.500 pilot projects [RFC1274]. This document
obsoletes RFC 1274.
- The document also contains a summary of X.500 user schema [X.520] not
- included in LDAPv3 [RFC2256].
+ This document contains a summary of X.500 user schema [X.520] not
+ included in LDAPv3 [RFC2252][RFC2256]. Some of these items were
+ described in the inetOrgPerson [RFC2798] schema. This document
+ supercedes these descriptions, replacing sections 9.1.3 and 9.3.3 of
+ RFC 2798.
+
- The key words ``MUST'', ``MUST NOT'', ``REQUIRED'', ``SHALL'', ``SHALL
- NOT'', ``SHOULD'', ``SHOULD NOT'', ``RECOMMENDED'', and ``MAY'' in
- this document are to be interpreted as described in RFC 2119
- [RFC2119].
+2. Matching Rules
+ This section introduces LDAP matching rules based upon descriptions of
-2. Syntaxes
- None (yet).
+Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 3]
+\f
+INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
-3. Matching Rules
- This section introduces LDAP matching rules based upon descriptions of
their X.500 counterparts.
-3.1. caseExactMatch
+2.1. booleanMatch
+
+ BooleanMatch compares for equality a asserted Boolean value with an
+ attribute value of BOOLEAN syntax. The rule returns TRUE if and only
+ if the values are the same, i.e. both are TRUE or both are FALSE.
+ (Source: X.520)
+
+ ( 2.5.13.13 NAME 'booleanMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+
+2.2. caseExactMatch
- CaseExactMatch compares for equality the asserted string with an
+ CaseExactMatch compares for equality the asserted value with an
attribute value of DirectoryString syntax. The rule is identical to
the caseIgnoreMatch [RFC2252] rule except that case is not ignored.
(Source: X.520)
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-3.2. caseExactOrderingMatch
+2.3. caseExactOrderingMatch
CaseExactOrderingMatch compares the collation order of the asserted
string with an attribute value of DirectoryString syntax. The rule is
letters are not folded. (Source: X.520)
( 2.5.13.6 NAME 'caseExactOrderingMatch'
-
-
-
-Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 2]
-\f
-INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
-
-
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-3.3. caseExactSubstringsMatch
+2.3. caseExactSubstringsMatch
- CaseExactSubstringsMatch determines whether the asserted value is a
- substring of an attribute value of DirectoryString syntax. The rule
+ CaseExactSubstringsMatch determines whether the asserted value are
+ substrings of an attribute value of DirectoryString syntax. The rule
is identical to the caseIgnoreSubstringsMatch [RFC2252] rule except
that case is not ignored. (Source: X.520)
SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
-3.4. numericStringOrderingMatch
+2.4. caseIgnoreListSubstringsMatch
- NumericStringOrderingMatch compares the collation order of the
- asserted string with an attribute value of NumericString syntax. The
- rule is identical to the caseIgnoreOrderingMatch [RFC2252] rule except
- that all space characters are skipped during comparison (case is
- irrelevant as characters are numeric). (Source: X.520)
- ( 2.5.13.9 NAME 'NumericStringOrderingMatch'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )
+Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 4]
+\f
+INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
-3.5. caseIgnoreListSubstringsMatch
CaseIgnoreListSubstringMatch compares the asserted substring with an
attribute value which is a sequence of DirectoryStrings, but where the
SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
-3.6. storedPrefixMatch
+2.5. directoryStringFirstComponentMatch
- StoredPrefixMatch determines whether an attribute value, whose syntax
- is DirectoryString, is a prefix (i.e. initial substring) of the
- asserted value, without regard to the case (upper or lower) of the
+ DirectoryStringFirstComponentMatch compares for equality the asserted
+ DirectoryString value with an attribute value of type SEQUENCE whose
+ first component is mandatory and of type DirectoryString. The rule
+ returns TRUE if and only if the attribute value has a first component
+ whose value matches the asserted DirectoryString using the rules of
+ caseIgnoreMatch [RFC2252]. A value of the assertion syntax is derived
+ from a value of the attribute syntax by using the value of the first
+ component of the SEQUENCE. (Source: X.520)
+
+ ( 2.5.13.31 NAME 'directoryStringFirstComponentMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+2.6. integerOrderingMatch
-Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 3]
+ The integerOrderingMatch rule compares the ordering of the asserted
+ integer with an attribute value of Integer syntax. The rule returns
+ True if the attribute value is less than the asserted value. (Source:
+ X.520)
+
+ ( 2.5.13.15 NAME 'integerOrderingMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+
+2.7. keywordMatch
+
+ The keywordMatch rule compares the asserted string with keywords in an
+ attribute value of DirectoryString syntax. The rule returns TRUE if
+ and only if the asserted value matches any keyword in the attribute
+ value. The identification of keywords in an attribute value and of
+ the exactness of match are both implementation specific. (Source:
+
+
+
+Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 5]
\f
-INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
+INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
- strings. The rule returns TRUE if and only if the attribute value is
- an initial substring of the asserted value with corresponding
- characters identical except possibly with regard to case. (Source:
X.520)
- ( 2.5.13.41 NAME 'storedPrefixMatch'
+ ( 2.5.13.32 NAME 'keywordMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
- Note: This rule can be used, for example, to compare values in the
- Directory which are telephone area codes with a purported value
- which is a telephone number.
-
-3.7. booleanMatch
+2.8. numericStringOrderingMatch
- BooleanMatch compares for equality a asserted Boolean value with an
- attribute value of BOOLEAN syntax. The rule returns TRUE if and only
- if the values are the same, i.e. both are TRUE or both are FALSE.
- (Source: X.520)
+ NumericStringOrderingMatch compares the collation order of the
+ asserted string with an attribute value of NumericString syntax. The
+ rule is identical to the caseIgnoreOrderingMatch [RFC2252] rule except
+ that all space characters are skipped during comparison (case is
+ irrelevant as characters are numeric). (Source: X.520)
- ( 2.5.13.13 NAME 'booleanMatch'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+ ( 2.5.13.9 NAME 'NumericStringOrderingMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )
-3.8. octetStringOrderingMatch
+2.9. octetStringOrderingMatch
OctetStringOrderingMatch compares the collation order of the asserted
octet string with an attribute value of OCTET STRING syntax. The rule
The first occurrence of a different bit determines the ordering of the
strings. A zero bit precedes a one bit. If the strings are identical
but contain different numbers of octets, the shorter string precedes
- the longer string. (Source: X.520)
+ the longer string. (Source: X.520)
( 2.5.13.18 NAME 'octetStringOrderingMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
-3.9. directoryStringFirstComponentMatch
+2.10. storedPrefixMatch
- DirectoryStringFirstComponentMatch compares for equality the asserted
- DirectoryString value with an attribute value of type SEQUENCE whose
- first component is mandatory and of type DirectoryString. The rule
- returns TRUE if and only if the attribute value has a first component
- whose value matches the asserted DirectoryString using the rules of
- caseIgnoreMatch [RFC2252]. A value of the assertion syntax is derived
- from a value of the attribute syntax by using the value of the first
+ StoredPrefixMatch determines whether an attribute value, whose syntax
+ is DirectoryString, is a prefix (i.e. initial substring) of the
+ asserted value, without regard to the case (upper or lower) of the
+ strings. The rule returns TRUE if and only if the attribute value is
+ an initial substring of the asserted value with corresponding
+ characters identical except possibly with regard to case. (Source:
+ X.520)
+ ( 2.5.13.41 NAME 'storedPrefixMatch'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+ Note: This rule can be used, for example, to compare values in the
+ Directory which are telephone area codes with a purported value
-Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 4]
+
+Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 6]
\f
-INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
+INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
- component of the SEQUENCE. (Source: X.520)
+ which is a telephone number.
- ( 2.5.13.31 NAME 'directoryStringFirstComponentMatch'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-3.10. wordMatch
+2.11. wordMatch
The wordMatch rule compares the asserted string with words in an
attribute value of DirectoryString syntax. The rule returns TRUE if
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-3.11. keywordMatch
+3. Attribute Types
- The keywordMatch rule compares the asserted string with keywords in an
- attribute value of DirectoryString syntax. The rule returns TRUE if
- and only if the asserted value matches any keyword in the attribute
- value. The identification of keywords in an attribute value and of
- the exactness of match are both implementation specific. (Source:
- X.520)
-
- ( 2.5.13.32 NAME 'keywordMatch'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+ This section details attribute types for use in LDAP based upon their
+ X.500 descriptions.
-4. Attribute Types
-
-4.1. associatedDomain
+3.1. associatedDomain
The associatedDomain attribute type specifies a DNS domain [RFC1034]
which is associated with an object. For example, the entry in the DIT
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-4.2. associatedName
-
-
-
-
-Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 5]
-\f
-INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
-
+3.2. associatedName
- The Associated Name attribute type specifies an entry in the
+ The associatedName attribute type specifies an entry in the
organizational DIT associated with a DNS domain [RFC1034]. (Source:
RFC 1274)
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-4.4. buildingName
+3.3. buildingName
+
+
+
+
+Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 7]
+\f
+INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
+
The buildingName attribute type specifies the name of the building
where an organization or organizational unit is based. (Source: RFC
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-4.5. co
+3.3. co
The co (Friendly Country Name) attribute type specifies names of
countries in human readable format. The standard attribute country
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-4.6. destinationIndicator
+3.4. destinationIndicator
The destinationIndicator attribute type specifies (according to CCITT
Recommendation F.1 and CCITT Recommendation F.31) the country and city
( 2.5.4.27 NAME 'destinationIndicator'
EQUALITY caseIgnoreMatch
- SUBSTRINGS caseIgnoreSubstringsMatch
+ SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
-
-Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 6]
-\f
-INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
-
-
-4.7. documentAuthor
+3.5. documentAuthor
The documentAuthor attribute type specifies the distinguished name of
the author of a document. (Source: RFC 1274)
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-4.8. documentIdentifier
+
+
+Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 8]
+\f
+INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
+
+
+3.6. documentIdentifier
The documentIdentifier attribute type specifies a unique identifier
for a document. (Source: RFC 1274)
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-4.9. documentLocation
+3.7. documentLocation
The documentLocation attribute type specifies the location of the
document original. (Source: RFC 1274)
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-4.10. documentPublisher
+3.8. documentPublisher
The documentPublisher attribute is the person and/or organization that
published a document. (Source: RFC 1274)
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-4.11. documentTitle
+3.9. documentTitle
The documentTitle attribute type specifies the title of a document.
(Source: RFC 1274)
-
-
-
-Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 7]
-\f
-INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
-
-
( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-4.12. documentVersion
+3.10. documentVersion
The documentVersion attribute type specifies the version number of a
document. (Source: RFC 1274)
+
+
+Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 9]
+\f
+INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
+
+
( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-4.13. drink
+3.11. drink
The drink (Favourite Drink) attribute type specifies the favorite
drink of an object (or person). (Source: RFC 1274)
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-4.14. houseIdentifier
+3.12. houseIdentifier
The houseIdentifier attribute type specifies a linguistic construct
used to identify a particular building, for example a house number or
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
-4.15. homePhone
+3.13. homePhone
The homePhone (Home Telephone Number) attribute type specifies a home
telephone number (e.g., "+44 71 123 4567") associated with a person.
(Source: RFC 1274)
-
-
-
-Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 8]
-\f
-INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
-
-
( 0.9.2342.19200300.100.1.20
NAME ( 'homePhone' 'homeTelephoneNumber' )
EQUALITY telephoneNumberMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
-4.16. homePostalAddress
+3.14. homePostalAddress
The homePostalAddress attribute type specifies a home postal address
for an object. This should be limited to up to 6 lines of 30
+
+
+
+Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 10]
+\f
+INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
+
+
characters each. (Source: RFC 1274)
( 0.9.2342.19200300.100.1.39
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
-4.17. host
+3.15. host
The host attribute type specifies a host computer. (Source: RFC 1274)
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-4.18. info
+
+3.16. info
The info (Information) attribute type specifies any general
information pertinent to an object. It is RECOMMENDED that specific
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
-4.19. mail
-
-
-
-
-Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 9]
-\f
-INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
-
+3.17. mail
The mail (rfc822mailbox) attribute type holds an the electronic mail
address in RFC822 form (e.g.: user@example.com). Note that this
attribute SHOULD NOT be used to hold non-Internet addresses. (Source:
RFC 1274)
+
( 0.9.2342.19200300.100.1.3
NAME ( 'mail' 'rfc822Mailbox' )
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
+
+
+
+Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 11]
+\f
+INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
+
+
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-4.20. manager
+3.18. manager
The Manager attribute type specifies the manager of an object
represented by an entry. (Source: RFC 1274)
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-4.21. mobile
+3.19. mobile
The mobile (Mobile Telephone Number) attribute type specifies a mobile
telephone number (e.g., "+44 71 123 4567") associated with a person.
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
-4.22. organizationalStatus
+3.20. organizationalStatus
The organizationalStatus attribute type specifies a category by which
a person is often referred to in an organization. Examples of usage
(Source: RFC 1274)
( 0.9.2342.19200300.100.1.45
-
-
-
-Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 10]
-\f
-INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
-
-
NAME 'organizationalStatus'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-4.23. otherMailbox
+3.21. otherMailbox
The otherMailbox attribute type specifies values for electronic
+
+
+
+Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 12]
+\f
+INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
+
+
mailbox types other than X.400 and RFC822. (Source: RFC 1274)
( 0.9.2342.19200300.100.1.22
SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )
-4.24. pager
+3.22. pager
The pager (Pager Telephone Number) attribute type specifies a pager
telephone number (e.g., "+44 71 123 4567") for an object. (Source:
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
-4.25. personalTitle
+3.23. personalTitle
The personalTitle attribute type specifies a personal title for a
person. Examples of personal titles are "Frau", "Dr", "Herr", and
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-4.26. roomNumber
+3.24. roomNumber
The roomNumber attribute type specifies the room number of an object.
Note that the cn (commonName) attribute should be used for naming room
objects. (Source: RFC 1274)
-
-
-
-Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 11]
-\f
-INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
-
-
( 0.9.2342.19200300.100.1.6
NAME 'roomNumber'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-4.27. secretary
+3.25. secretary
+
+
+
+
+Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 13]
+\f
+INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
+
The secretary attribute type specifies the secretary of a person. The
attribute value for Secretary is a distinguished name. (Source: RFC
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-4.28. uid
+3.26. uid
The uid (userid) attribute type specifies a computer system login
name. (Source: RFC 1274)
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-4.29. uniqueIdentifier
-
- The uniqueIdentifier attribute type specifies an identifier which may
- be used to distinguish between object references when a distinguished
- name has been reused. It may be, for example, an encoded object
- identifier, certificate, date, timestamp, or some other form of
- certification on the validity of the distinguished name.
+3.27. uniqueIdentifier
- An attribute value for uniqueIdentifier is a bitString. (Source:
- X.520)
+ The Unique Identifier attribute type specifies a "unique identifier"
+ for an object represented in the Directory. The domain within which
+ the identifier is unique, and the exact semantics of the identifier,
+ are for local definition. For a person, this might be an institution-
+ wide payroll number. For an organizational unit, it might be a
+ department code. An attribute value for uniqueIdentifier is a
+ directoryString. (Source: RFC 1274)
( 2.5.4.45 NAME 'uniqueIdentifier'
- EQUALITY bitStringMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
-
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
- Note: RFC 1274 describes a variant of this attribute which is not
+ Note: X.520 describes an attribute also called 'uniqueIdentifier'
+ (2.5.4.45) which is called 'x500UniqueIdentifier' in LDAP
+ [RFC2256]. The attribute detailed here ought not be confused
+ with x500UniqueIdentifier.
+3.28. userClass
-Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 12]
-\f
-INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
+ The userClass attribute type specifies a category of computer user.
+ The semantics placed on this attribute are for local interpretation.
+ Examples of current usage od this attribute in academia are
- used.
+Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 14]
+\f
+INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
-4.30. userClass
- The userClass attribute type specifies a category of computer user.
- The semantics placed on this attribute are for local interpretation.
- Examples of current usage od this attribute in academia are
undergraduate student, researcher, lecturer, etc. Note that the
organizationalStatus attribute may now often be preferred as it makes
no distinction between computer users and others. (Source: RFC 1274)
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-5. Object Classes
+4. Object Classes
-5.1. account
+ This section details attribute types for use in LDAP based upon their
+ X.500 descriptions.
+
+4.1. account
The account object class is used to define entries representing
computer accounts. The uid (userid) attribute should be used for
MAY ( description $ seeAlso $ l $ o $ ou $ host ) )
-5.2. document
+4.2. document
The document object class is used to define entries which represent
documents. (Source: RFC 1274)
documentLocation $ documentPublisher ) )
-5.3. documentSeries
+4.3. documentSeries
+ The documentSeries object class is used to define an entry which
+ represents a series of documents (e.g., The Request For Comments
+ memos). (Source: RFC 1274)
-Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 13]
-\f
-INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
- The documentSeries object class is used to define an entry which
- represents a series of documents (e.g., The Request For Comments
- memos). (Source: RFC 1274)
+Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 15]
+\f
+INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
+
( 0.9.2342.19200300.100.4.9
NAME 'documentSeries'
telephonenumber ) )
-5.4. domainRelatedObject
+4.4. domainRelatedObject
The domainRelatedObject object class is used to define entries which
represent DNS domains which are "equivalent" to an X.500 domain: e.g.,
MUST associatedDomain )
-5.5. friendlyCountry
+4.5. friendlyCountry
The friendlyCountry object class is used to define country entries in
the DIT. The object class is used to allow friendlier naming of
MUST co )
-5.6. rFC822LocalPart
+4.6. rFC822LocalPart
The rFC822LocalPart object class is used to define entries which
represent the local part of RFC822 mail addresses. This treats this
NAME 'rFC822localPart'
SUP domain STRUCTURAL
MAY ( cn $ description $ destinationIndicator $
+ facsimileTelephoneNumber $ internationaliSDNNumber $
+ physicalDeliveryOfficeName $ postalAddress $
+ postalCode $ postOfficeBox $ preferredDeliveryMethod $
+ registeredAddress $ seeAlso $ sn $ street $
-Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 14]
+Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 16]
\f
-INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
+INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
- facsimileTelephoneNumber $ internationaliSDNNumber $
- physicalDeliveryOfficeName $ postalAddress $
- postalCode $ postOfficeBox $ preferredDeliveryMethod $
- registeredAddress $ seeAlso $ sn $ street $
telephoneNumber $ teletexTerminalIdentifier $
telexNumber $ x121Address ) )
-5.7. room
+4.7. room
The room object class is used to define entries representing rooms.
The cn (commonName) attribute should be used for naming entries of
seeAlso $ telephoneNumber ) )
-5.8. simpleSecurityObject
+4.8. simpleSecurityObject
The simpleSecurityObject object class is used to allow an entry to
have a userPassword attribute when an entry's principal object classes
SUP top AUXILIARY
MUST userPassword )
- Note: Security considerations related to simple authentication
- mechanisms in LDAP are discussed in RFC 2829 [RFC2829].
+ Note: Security considerations related to the use of simple
+ authentication mechanisms in LDAP are discussed in RFC 2829
+ [RFC2829].
-6. Security Considerations
+5. Security Considerations
- General LDAP security considerations [RFC2251][RFC2252][RFC2256] is
- applicable to the use of this schema. Additional considerations are
- noted above where appropriate.
+ General LDAP security considerations [LDAPTS] is applicable to the use
+ of this schema. Additional considerations are noted above where
+ appropriate.
-7. Acknowledgements
+6. Acknowledgements
This document borrows from a number of IETF documents including RFC
- 1274 and RFC 2252. This document also borrows from a number of ITU
- documents including X.501 and X.520.
+ 1274 by Paul Barker and Steve Kille. This document also borrows from
+ a number of ITU documents including X.520.
+7. Author's Address
+
-Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 15]
-\f
-INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
+Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 17]
+\f
+INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
-8. Author's Address
Kurt D. Zeilenga
OpenLDAP Foundation
November 1991.
[RFC2219] S. Bradner, "Key words for use in RFCs to Indicate
- Requirement Levels", RFC 2119, March 1997.
+ Requirement Levels", RFC 2119 (also BCP 14), March 1997.
[RFC2247] S. Kille, M. Wahl, A. Grimstad, R. Huber, S. Sataluri,
"Using Domains in LDAP/X.500 Distinguished Names", January
1998.
- [RFC2251] M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access
- Protocol (v3)", RFC 2251, December 1997.
-
[RFC2252] M. Wahl, A. Coulbeck, T. Howes, S. Kille, "Lightweight
Directory Access Protocol (v3): Attribute Syntax
Definitions", RFC 2252, December 1997.
[RFC2256] M. Wahl, "A Summary of the X.500(96) User Schema for use
with LDAPv3", RFC 2256, December 1997.
+ [RFC2798] M. Smith, "The LDAP inetOrgPerson Object Class", RFC 2798,
+ April 2000.
+
[RFC2829] M. Wahl, H. Alvestrand, J. Hodges, R. Morgan,
- "Authentication Methods for LDAP", May 2000
+ "Authentication Methods for LDAP", RFC 2829, May 2000.
- [LDAPTS] J. Hodges, R.L. Morgan, "Lightweight Directory Access
- Protocol (v3): Technical Specification", draft-ietf-ldapbis-
+ [LDAPTS] J. Hodges, R. Morgan, "Lightweight Directory Access Protocol
+ (v3): Technical Specification", draft-ietf-ldapbis-
ldapv3-ts-00.txt.
[X.520] "The Directory: Selected Attribute Types", ITU
-Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 16]
+
+
+Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 18]
\f
-INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
+INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
Full Copyright
-Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 17]
+Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 19]
\f
projects / openldap / commitdiff