draft-ietf-asid-ldapv3schema-x500-01.txt   draft-ietf-asid-ldapv3schema-x500-02.txt 
Network Working Group M. Wahl Network Working Group M. Wahl
INTERNET-DRAFT Critical Angle Inc. INTERNET-DRAFT Critical Angle Inc.
Expires in six months from 5 Aug. 1997
A Summary of the X.500(96) User Schema for use with LDAPv3 A Summary of the X.500(96) User Schema for use with LDAPv3
<draft-ietf-asid-ldapv3schema-x500-01.txt> <draft-ietf-asid-ldapv3schema-x500-02.txt>
1. Status of this Memo 1. Status of this Memo
This document is an Internet-Draft. Internet-Drafts are working This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, and documents of the Internet Engineering Task Force (IETF), its areas, and
its working groups. Note that other groups may also distribute working its working groups. Note that other groups may also distribute working
documents as Internet-Drafts. documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
skipping to change at line 324 skipping to change at line 326
5.35. seeAlso 5.35. seeAlso
( 2.5.4.34 NAME 'seeAlso' SUP distinguishedName ) ( 2.5.4.34 NAME 'seeAlso' SUP distinguishedName )
5.36. userPassword 5.36. userPassword
( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch ( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.40{128}' ) SYNTAX '1.3.6.1.4.1.1466.115.121.1.40{128}' )
Transfer of cleartext passwords are strongly discouraged where the Passwords are stored using an Octet String syntax and are not
underlying transport service cannot guarantee confidentiality and may encrypted. Transfer of cleartext passwords are strongly discouraged
result in disclosure of the password to unauthorized parties. where the underlying transport service cannot guarantee
confidentiality and may result in disclosure of the password to
unauthorized parties.
5.37. userCertificate 5.37. userCertificate
This attribute is to be stored and requested in the binary form, as This attribute is to be stored and requested in the binary form, as
'userCertificate;binary'. 'userCertificate;binary'.
( 2.5.4.36 NAME 'userCertificate' ( 2.5.4.36 NAME 'userCertificate'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.8' ) SYNTAX '1.3.6.1.4.1.1466.115.121.1.8' )
5.38. cACertificate 5.38. cACertificate
skipping to change at line 499 skipping to change at line 503
The value of this attribute specifies a directory management The value of this attribute specifies a directory management
domain (DMD), the administrative authority which operates the domain (DMD), the administrative authority which operates the
directory server. directory server.
( 2.5.4.54 NAME 'dmdName' SUP name ) ( 2.5.4.54 NAME 'dmdName' SUP name )
6. Syntaxes 6. Syntaxes
Servers SHOULD recognize the syntaxes defined in this section. Servers SHOULD recognize the syntaxes defined in this section.
Each syntax begins with a sample value of the ldapSyntaxes attribute
which defines the OBJECT IDENTIFIER of the syntax. The descriptions
of syntax names are not carried in protocol, and are not guaranteed
to be unique.
6.1. Delivery Method 6.1. Delivery Method
This syntax has OBJECT IDENTIFIER 1.3.6.1.4.1.1466.115.121.1.14. ( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' )
Values in this syntax are encoded according to the following BNF: Values in this syntax are encoded according to the following BNF:
delivery-value = pdm / ( pdm "$" delivery-value ) delivery-value = pdm / ( pdm "$" delivery-value )
pdm = "any" / "mhs" / "physical" / "telex" / "teletex" / pdm = "any" / "mhs" / "physical" / "telex" / "teletex" /
"g3fax" / "g4fax" / "ia5" / "videotex" / "telephone" "g3fax" / "g4fax" / "ia5" / "videotex" / "telephone"
Example: Example:
telephone telephone
6.2. Enhanced Guide 6.2. Enhanced Guide
This syntax has OBJECT IDENTIFIER 1.3.6.1.4.1.1466.115.121.1.21. ( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' )
Values in this syntax are encoded according to the following BNF: Values in this syntax are encoded according to the following BNF:
EnhancedGuide = objectclass "#" criteria "#" subset EnhancedGuide = objectclass "#" criteria "#" subset
subset = "baseobject" / "oneLevel" / "wholeSubtree" subset = "baseobject" / "oneLevel" / "wholeSubtree"
The criteria production is defined in the Guide syntax below. The criteria production is defined in the Guide syntax below.
This syntax has been added subsequent to RFC 1778. This syntax has been added subsequent to RFC 1778.
Example: Example:
person#(sn)#oneLevel person#(sn)#oneLevel
6.3. Guide 6.3. Guide
This syntax has OBJECT IDENTIFIER 1.3.6.1.4.1.1466.115.121.1.25. ( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' )
Values in this syntax are encoded according to the following BNF: Values in this syntax are encoded according to the following BNF:
guide-value = [ object-class "#" ] criteria guide-value = [ object-class "#" ] criteria
object-class = <an encoded value with OID syntax> object-class = <an encoded value with OID syntax>
criteria = criteria-item / criteria-set / ( "!" criteria ) criteria = criteria-item / criteria-set / ( "!" criteria )
criteria-set = ( [ "(" ] criteria "&" criteria-set [ ")" ] ) / criteria-set = ( [ "(" ] criteria "&" criteria-set [ ")" ] ) /
( [ "(" ] criteria "|" criteria-set [ ")" ] ) ( [ "(" ] criteria "|" criteria-set [ ")" ] )
criteria-item = [ "(" ] attributetype "$" match-type [ ")" ] criteria-item = [ "(" ] attributetype "$" match-type [ ")" ]
match-type = "EQ" / "SUBSTR" / "GE" / "LE" / "APPROX" match-type = "EQ" / "SUBSTR" / "GE" / "LE" / "APPROX"
This syntax should not be used for defining new attributes. This syntax should not be used for defining new attributes.
6.4. Password 6.4. Octet String
This syntax has OBJECT IDENTIFIER 1.3.6.1.4.1.1466.115.121.1.40. ( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'Octet String' )
Values in this syntax are encoded as octet strings. They are not Values in this syntax are encoded as octet strings.
encrypted.
Example: Example:
secret secret
6.5. Teletex Terminal Identifier 6.5. Teletex Terminal Identifier
This syntax has OBJECT IDENTIFIER 1.3.6.1.4.1.1466.115.121.1.51. ( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'Teletex Terminal Identifier' )
Values in this syntax are encoded according to the following BNF: Values in this syntax are encoded according to the following BNF:
teletex-id = ttx-term 0*("$" ttx-param) teletex-id = ttx-term 0*("$" ttx-param)
ttx-term = printablestring ttx-term = printablestring
ttx-param = ttx-key ":" ttx-value ttx-param = ttx-key ":" ttx-value
ttx-key = "graphic" / "control" / "misc" / "page" / "private" ttx-key = "graphic" / "control" / "misc" / "page" / "private"
ttx-value = octetstring ttx-value = octetstring
In the above, the first printablestring is the encoding of the In the above, the first printablestring is the encoding of the
first portion of the teletex terminal identifier to be encoded, and first portion of the teletex terminal identifier to be encoded, and
the subsequent 0 or more octetstrings are subsequent portions the subsequent 0 or more octetstrings are subsequent portions
of the teletex terminal identifier. of the teletex terminal identifier.
6.6. Telex Number 6.6. Telex Number
This syntax has OBJECT IDENTIFIER 1.3.6.1.4.1.1466.115.121.1.52. ( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' )
Values in this syntax are encoded according to the following BNF: Values in this syntax are encoded according to the following BNF:
telex-number = actual-number "$" country "$" answerback telex-number = actual-number "$" country "$" answerback
actual-number = printablestring actual-number = printablestring
country = printablestring country = printablestring
answerback = printablestring answerback = printablestring
In the above, actual-number is the syntactic representation of the In the above, actual-number is the syntactic representation of the
number portion of the TELEX number being encoded, country is the number portion of the TELEX number being encoded, country is the
TELEX country code, and answerback is the answerback code of a TELEX country code, and answerback is the answerback code of a
TELEX terminal. TELEX terminal.
6.7. Supported Algorithm 6.7. Supported Algorithm
This syntax has OBJECT IDENTIFIER 1.3.6.1.4.1.1466.115.121.1.49. ( 1.3.6.1.4.1.1466.115.121.1.49 DESC 'Supported Algorithm' )
No printable representation of values of the supportedAlgorithms No printable representation of values of the supportedAlgorithms
attribute is defined in this document. Clients which wish to store attribute is defined in this document. Clients which wish to store
and retrieve this attribute MUST use "supportedAlgorithms;binary", in and retrieve this attribute MUST use "supportedAlgorithms;binary", in
which the value is transferred as a binary encoding. which the value is transferred as a binary encoding.
7. Object Classes 7. Object Classes
LDAP servers MUST recognize the object classes "top" and "subschema". LDAP servers MUST recognize the object classes "top" and "subschema".
LDAP servers SHOULD recognize all the other object classes listed here LDAP servers SHOULD recognize all the other object classes listed here
skipping to change at line 831 skipping to change at line 838
laws regarding the publication of information about people. laws regarding the publication of information about people.
Transfer of cleartext passwords are strongly discouraged where the Transfer of cleartext passwords are strongly discouraged where the
underlying transport service cannot guarantee confidentiality and may underlying transport service cannot guarantee confidentiality and may
result in disclosure of the password to unauthorized parties. result in disclosure of the password to unauthorized parties.
10. Acknowledgements 10. Acknowledgements
The definitions on which this document have been developed by The definitions on which this document have been developed by
committees for telecommunications and international standards. committees for telecommunications and international standards.
No new schema definitions have been added. The syntax definitions No new attribute definitions have been added. The syntax definitions
are based on the ISODE "QUIPU" implementation of X.500. are based on the ISODE "QUIPU" implementation of X.500.
11. Bibliography 11. Bibliography
[1] M. Wahl, A. Coulbeck, T. Howes, S. Kille, W. Yeong, C. Robbins, [1] M. Wahl, A. Coulbeck, T. Howes, S. Kille, W. Yeong, C. Robbins,
"Lightweight X.500 Directory Access Protocol Attribute Syntax "Lightweight X.500 Directory Access Protocol Attribute Syntax
Definitions", INTERNET-DRAFT Definitions", INTERNET-DRAFT
<draft-ietf-asid-ldapv3-attributes-06.txt>, July 1997. <draft-ietf-asid-ldapv3-attributes-06.txt>, July 1997.
[2] The Directory: Models. ITU-T Recommendation X.501, 1993. [2] The Directory: Models. ITU-T Recommendation X.501, 1993.
[3] The Directory: Authentication Framework. ITU-T Recommendation [3] The Directory: Authentication Framework. ITU-T Recommendation
X.509, 1993. X.509, 1993.
 End of changes. 16 change blocks. 
15 lines changed or deleted 23 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/