[Docs] [txt|pdf] [Tracker] [Email] [Nits]

Versions: 00 RFC 3698

INTERNET-DRAFT                           Editor:  Kurt D. Zeilenga
Intended Category: Standard Track                 OpenLDAP Foundation
Expires in six months                             5 June 2003
Updates: RFC 2798



                     LDAP: Additional Matching Rules
               <draft-zeilenga-ldap-user-schema-mr-00.txt>



Status of this Memo

  This document is an Internet-Draft and is in full conformance with all
  provisions of Section 10 of RFC2026.

  This document is a subset of technical specification offered in
  draft-zeilenga-ldap-user-schema-xx.txt.

  This document is intended to be, after appropriate review and
  revision, submitted to the RFC Editor as a Standard Track document.
  Distribution of this memo is unlimited.  Technical discussion of this
  document will take place on the IETF Directory Interest mailing list
  <directory@apps.ietf.org>.  Please send editorial comments directly to
  the author <Kurt@OpenLDAP.org>.

  Internet-Drafts are working documents of the Internet Engineering Task
  Force (IETF), its areas, and its working groups.  Note that other
  groups may also distribute working documents as Internet-Drafts.
  Internet-Drafts are draft documents valid for a maximum of six months
  and may be updated, replaced, or obsoleted by other documents at any
  time.  It is inappropriate to use Internet-Drafts as reference
  material or to cite them other than as ``work in progress.''

  The list of current Internet-Drafts can be accessed at
  <http://www.ietf.org/ietf/1id-abstracts.txt>. The list of
  Internet-Draft Shadow Directories can be accessed at
  <http://www.ietf.org/shadow.html>.

  Copyright (C) The Internet Society (2003).  All Rights Reserved.

  Please see the Full Copyright section near the end of this document
  for more information.







Zeilenga          draft-zeilenga-ldap-user-schema-mr-00         [Page 1]

INTERNET-DRAFT       LDAP: Additional Matching Rules         5 June 2003


Abstract

  This document provides a collection of matching rules for use with the
  Lightweight Directory Access Protocol (LDAP).  As these matching rules
  are simple adaptations of matching rules specified for use with the
  X.500 Directory, most are already in wide use.


Table of Contents (to be expanded by editor)

  Status of this Memo                                  1
  Abstract                                             2
  Table of Contents
  1.     Background and Intended Use
  2.     Matching Rules                                3
  2.1.      booleanMatch
  2.2.      caseExactMatch
  2.3.      caseExactOrderingMatch
  2.4.      caseExactSubstringsMatch                   4
  2.5.      caseIgnoreListSubstringsMatch
  2.6.      directoryStringFirstComponentMatch
  2.7.      integerOrderingMatch                       5
  2.8.      keywordMatch
  2.9.      numericStringOrderingMatch
  2.10.     octetStringOrderingMatch                   6
  2.11.     storedPrefixMatch
  2.12.     wordMatch
  3.     Security Considerations                       7
  4.     IANA Considerations
  5.     Acknowledgments                               8
  6.     Author's Address
  7.     Normative References
  8.     Informative References
  Intellectual Property Rights                         9
  Full Copyright


1. Background and Intended Use

  This document adapts additional X.500 Directory [X.500] matching rules
  [X.520] for use with the Lightweight Directory Access Protocol (LDAP)
  [RFC3377].  Most of these rules are widely used today on the Internet,
  such as in support of the inetOrgPerson [RFC2798] and Policy Core
  Information Model [PCIM] LDAP schemas.  The rules are applicable to
  many other applications.

  This document supersedes the informational matching rules descriptions
  provided in RFC 2798 that are now provided in this document.



Zeilenga          draft-zeilenga-ldap-user-schema-mr-00         [Page 2]

INTERNET-DRAFT       LDAP: Additional Matching Rules         5 June 2003


  Specifically, section 2 of this document replaces section 9.3.3 of RFC
  2798.

  Schema definitions are provided using LDAP description formats
  [RFC2252].  Definitions provided here are formatted (line wrapped) for
  readability.


2. Matching Rules


2.1. booleanMatch

  The booleanMatch rule compares for equality a asserted Boolean value
  with an attribute value of BOOLEAN syntax.  The rule returns TRUE if
  and only if the values are the same, i.e. both are TRUE or both are
  FALSE.  (Source: X.520)

      ( 2.5.13.13 NAME 'booleanMatch'
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

  The BOOLEAN (1.3.6.1.4.1.1466.115.121.1.7) syntax is described in
  [RFC2252].


2.2. caseExactMatch

  The caseExactMatch rule compares for equality the asserted value with
  an attribute value of DirectoryString syntax.  The rule is identical
  to the caseIgnoreMatch [RFC2252] rule except that case is not ignored.
  (Source: X.520)

      ( 2.5.13.5 NAME 'caseExactMatch'
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax is
  described in [RFC2252].


2.3. caseExactOrderingMatch

  The caseExactOrderingMatch rule compares the collation order of the
  asserted string with an attribute value of DirectoryString syntax.
  The rule is identical to the caseIgnoreOrderingMatch [RFC2252] rule
  except that letters are not folded.  (Source: X.520)

      ( 2.5.13.6 NAME 'caseExactOrderingMatch'
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )



Zeilenga          draft-zeilenga-ldap-user-schema-mr-00         [Page 3]

INTERNET-DRAFT       LDAP: Additional Matching Rules         5 June 2003


  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax is
  described in [RFC2252].


2.4. caseExactSubstringsMatch

  The caseExactSubstringsMatch rule determines whether the asserted
  value(s) are substrings of an attribute value of DirectoryString
  syntax.  The rule is identical to the caseIgnoreSubstringsMatch
  [RFC2252] rule except that case is not ignored. (Source: X.520)

      ( 2.5.13.7 NAME 'caseExactSubstringsMatch'
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )

  The SubstringsAssertion (1.3.6.1.4.1.1466.115.121.1.58) syntax is
  described in [RFC2252].


2.5. caseIgnoreListSubstringsMatch

  The caseIgnoreListSubstringMatch rule compares the asserted substring
  with an attribute value which is a sequence of DirectoryStrings, but
  where the case (upper or lower) is not significant for comparison
  purposes.  The asserted value matches a stored value if and only if
  the asserted value matches the string formed by concatenating the
  strings of the stored value.  This matching is done according to the
  caseIgnoreSubstringsMatch [RFC2252] rule; however, none of the
  initial, any, or final values of the asserted value are considered to
  match a substring of the concatenated string which spans more than one
  of the strings of the stored value.  (Source: X.520)

      ( 2.5.13.12 NAME 'caseIgnoreListSubstringsMatch'
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )

  The SubstringsAssertion (1.3.6.1.4.1.1466.115.121.1.58) syntax is
  described in [RFC2252].


2.6. directoryStringFirstComponentMatch

  The directoryStringFirstComponentMatch rule compares for equality the
  asserted DirectoryString value with an attribute value of type
  SEQUENCE whose first component is mandatory and of type
  DirectoryString.  The rule returns TRUE if and only if the attribute
  value has a first component whose value matches the asserted
  DirectoryString using the rules of caseIgnoreMatch [RFC2252].  A value
  of the assertion syntax is derived from a value of the attribute
  syntax by using the value of the first component of the SEQUENCE.



Zeilenga          draft-zeilenga-ldap-user-schema-mr-00         [Page 4]

INTERNET-DRAFT       LDAP: Additional Matching Rules         5 June 2003


  (Source: X.520)

      ( 2.5.13.31 NAME 'directoryStringFirstComponentMatch'
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax is
  described in [RFC2252].


2.7. integerOrderingMatch

  The integerOrderingMatch rule compares the ordering of the asserted
  integer with an attribute value of INTEGER syntax.  The rule returns
  True if the attribute value is less than the asserted value. (Source:
  X.520)

      ( 2.5.13.15 NAME 'integerOrderingMatch'
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )

  The INTEGER (1.3.6.1.4.1.1466.115.121.1.27) syntax is described in
  [RFC2252].


2.8. keywordMatch

  The keywordMatch rule compares the asserted string with keywords in an
  attribute value of DirectoryString syntax.  The rule returns TRUE if
  and only if the asserted value matches any keyword in the attribute
  value.  The identification of keywords in an attribute value and of
  the exactness of match are both implementation specific.  (Source:
  X.520)

      ( 2.5.13.32 NAME 'keywordMatch'
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax is
  described in [RFC2252].


2.9. numericStringOrderingMatch

  The numericStringOrderingMatch rule compares the collation order of
  the asserted string with an attribute value of NumericString syntax.
  The rule is identical to the caseIgnoreOrderingMatch [RFC2252] rule
  except that all space characters are skipped during comparison (case
  is irrelevant as characters are numeric). (Source: X.520)

      ( 2.5.13.9 NAME 'numericStringOrderingMatch'



Zeilenga          draft-zeilenga-ldap-user-schema-mr-00         [Page 5]

INTERNET-DRAFT       LDAP: Additional Matching Rules         5 June 2003


        SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )

  The NumericString (1.3.6.1.4.1.1466.115.121.1.36) syntax is described
  in [RFC2252].


2.10. octetStringOrderingMatch

  The octetStringOrderingMatch rule compares the collation order of the
  asserted octet string with an attribute value of OCTET STRING syntax.
  The rule compares octet strings from first octet to last octet, and
  from the most significant bit to the least significant bit within the
  octet. The first occurrence of a different bit determines the ordering
  of the strings.  A zero bit precedes a one bit.  If the strings are
  identical but contain different numbers of octets, the shorter string
  precedes the longer string. (Source: X.520)

      ( 2.5.13.18 NAME 'octetStringOrderingMatch'
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )

  The OCTET STRING (1.3.6.1.4.1.1466.115.121.1.40) syntax is described
  in [RFC2252].


2.11. storedPrefixMatch

  The storedPrefixMatch rule determines whether an attribute value,
  whose syntax is DirectoryString is a prefix (i.e. initial substring)
  of the asserted value, without regard to the case (upper or lower) of
  the strings.  The rule returns TRUE if and only if the attribute value
  is an initial substring of the asserted value with corresponding
  characters identical except possibly with regard to case. (Source:
  X.520)

      ( 2.5.13.41 NAME 'storedPrefixMatch'
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

  Note: This rule can be used, for example, to compare values in the
        Directory which are telephone area codes with a purported value
        which is a telephone number.

  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax is
  described in [RFC2252].


2.12. wordMatch

  The wordMatch rule compares the asserted string with words in an



Zeilenga          draft-zeilenga-ldap-user-schema-mr-00         [Page 6]

INTERNET-DRAFT       LDAP: Additional Matching Rules         5 June 2003


  attribute value of DirectoryString syntax.  The rule returns TRUE if
  and only if the asserted word matches any word in the attribute value.
  Individual word matching is as for the caseIgnoreMatch [RFC2252]
  matching rule.  The precise definition of a "word" is implementation
  specific. (Source: X.520)

      ( 2.5.13.32 NAME 'wordMatch'
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax is
  described in [RFC2252].


3. Security Considerations

  General LDAP security considerations [RFC3377] is applicable to the
  use of this schema.  Additional considerations are noted above where
  appropriate.


4. IANA Considerations

  It is requested that the Internet Assigned Numbers Authority (IANA)
  update upon Standard Action the LDAP descriptors registry [RFC3383] as
  indicated the following template:

      Subject: Request for LDAP Descriptor Registration Update
      Descriptor (short name): see comment
      Object Identifier: see comments
      Person & email address to contact for further information:
          Kurt Zeilenga <kurt@OpenLDAP.org>
      Usage: see comments
      Specification: RFC XXXX
      Author/Change Controller: IESG
      Comments:

      The following descriptors should be added:

        NAME                               Type OID
        ------------------------           ---- ---------
        booleanMatch                       M    2.5.13.13
        caseExactMatch                     M    2.5.13.5
        caseExactOrderingMatch             M    2.5.13.6
        caseExactSubstringsMatch           M    2.5.13.7
        caseIgnoreListSubstringsMatch      M    2.5.13.12
        directoryStringFirstComponentMatch M    2.5.13.31
        integerOrderingMatch               M    2.5.13.15
        keywordMatch                       M    2.5.13.32



Zeilenga          draft-zeilenga-ldap-user-schema-mr-00         [Page 7]

INTERNET-DRAFT       LDAP: Additional Matching Rules         5 June 2003


        numericStringOrderingMatch         M    2.5.13.9
        octetStringOrderingMatch           M    2.5.13.18
        storedPrefixMatch                  M    2.5.13.41
        wordMatch                          M    2.5.13.32


      where Type M is Matching Rule.


  This document make no new OID assignments.  It only associates LDAP
  matching rule descriptions with existing X.500 matching rules.


5. Acknowledgments

  This document borrows from [X.520], an ITU-T Recommendation.


6. Author's Address

  Kurt D. Zeilenga
  OpenLDAP Foundation
  <Kurt@OpenLDAP.org>


7. Normative References

  [RFC2119]     Bradner, S., "Key words for use in RFCs to Indicate
                Requirement Levels", BCP 14 (also RFC 2119), March 1997.

  [RFC2252]     Wahl, M., A. Coulbeck, T. Howes, and S. Kille,
                "Lightweight Directory Access Protocol (v3):  Attribute
                Syntax Definitions", RFC 2252, December 1997.

  [RFC3377]     Hodges, J. and R. Morgan, "Lightweight Directory Access
                Protocol (v3): Technical Specification", RFC 3377,
                September 2002.



8. Informative References

  [RFC2798]     Smith, M., "The LDAP inetOrgPerson Object Class", RFC
                2798, April 2000.

  [RFC3383]     Zeilenga, K., "IANA Considerations for LDAP", BCP 64
                (also RFC 3383), September 2002.




Zeilenga          draft-zeilenga-ldap-user-schema-mr-00         [Page 8]

INTERNET-DRAFT       LDAP: Additional Matching Rules         5 June 2003


  [X.500]       International Telecommunication Union -
                Telecommunication Standardization Sector, "The Directory
                -- Overview of concepts, models and services,"
                X.500(1993) (also ISO/IEC 9594-1:1994).

  [X.520]       International Telecommunication Union -
                Telecommunication Standardization Sector, "The
                Directory: Selected Attribute Types", X.520(1997).

  [PCIM]        Strassner, J., B. Moore, R. Moats, E. Ellesson, "Policy
                Core LDAP Schema", a work in progress.


Intellectual Property Rights

  The IETF takes no position regarding the validity or scope of any
  intellectual property or other rights that might be claimed to pertain
  to the implementation or use of the technology described in this
  document or the extent to which any license under such rights might or
  might not be available; neither does it represent that it has made any
  effort to identify any such rights.  Information on the IETF's
  procedures with respect to rights in standards-track and
  standards-related documentation can be found in BCP-11.  Copies of
  claims of rights made available for publication and any assurances of
  licenses to be made available, or the result of an attempt made to
  obtain a general license or permission for the use of such proprietary
  rights by implementors or users of this specification can be obtained
  from the IETF Secretariat.

  The IETF invites any interested party to bring to its attention any
  copyrights, patents or patent applications, or other proprietary
  rights which may cover technology that may be required to practice
  this standard.  Please address the information to the IETF Executive
  Director.



Full Copyright

  Copyright (C) The Internet Society (2003). All Rights Reserved.

  This document and translations of it may be copied and furnished to
  others, and derivative works that comment on or otherwise explain it
  or assist in its implmentation may be prepared, copied, published and
  distributed, in whole or in part, without restriction of any kind,
  provided that the above copyright notice and this paragraph are
  included on all such copies and derivative works.  However, this
  document itself may not be modified in any way, such as by removing



Zeilenga          draft-zeilenga-ldap-user-schema-mr-00         [Page 9]

INTERNET-DRAFT       LDAP: Additional Matching Rules         5 June 2003


  the copyright notice or references to the Internet Society or other
  Internet organizations, except as needed for the  purpose of
  developing Internet standards in which case the procedures for
  copyrights defined in the Internet Standards process must be followed,
  or as required to translate it into languages other than English.














































Zeilenga          draft-zeilenga-ldap-user-schema-mr-00        [Page 10]


Html markup produced by rfcmarkup 1.107, available from http://tools.ietf.org/tools/rfcmarkup/