draft-ietf-asid-ldapv3schema-x500-02.txt   draft-ietf-asid-ldapv3schema-x500-03.txt 
Network Working Group M. Wahl Network Working Group M. Wahl
INTERNET-DRAFT Critical Angle Inc. INTERNET-DRAFT Critical Angle Inc.
Expires in six months from 5 Aug. 1997 Expires in six months from 10 Oct. 1997
A Summary of the X.500(96) User Schema for use with LDAPv3 A Summary of the X.500(96) User Schema for use with LDAPv3
<draft-ietf-asid-ldapv3schema-x500-02.txt> <draft-ietf-asid-ldapv3schema-x500-03.txt>
1. Status of this Memo 1. Status of this Memo
This document is an Internet-Draft. Internet-Drafts are working This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, and documents of the Internet Engineering Task Force (IETF), its areas, and
its working groups. Note that other groups may also distribute working its working groups. Note that other groups may also distribute working
documents as Internet-Drafts. documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
skipping to change at line 64 skipping to change at line 63
5.1 - 5.2 X.501(93) 5.1 - 5.2 X.501(93)
5.3 - 5.36 X.520(88) 5.3 - 5.36 X.520(88)
5.37 - 5.41 X.509(93) 5.37 - 5.41 X.509(93)
5.42 - 5.52 X.520(93) 5.42 - 5.52 X.520(93)
5.53 - 5.54 X.509(96) 5.53 - 5.54 X.509(96)
5.55 X.520(96) 5.55 X.520(96)
6.1 RFC 1274 6.1 RFC 1274
6.2 (new syntax) 6.2 (new syntax)
6.3 - 6.6 RFC 1274 6.3 - 6.6 RFC 1274
7.1 - 7.2 X.501(93) 7.1 - 7.2 X.501(93)
7.3 - 7.18 X.521(88) 7.3 - 7.18 X.521(93)
7.19 - 7.22 X.501(93) 7.19 - 7.21 X.509(96)
7.23 - 7.25 X.509(96) 7.22 X.521(96)
7.26 X.521(96)
Some attribute names are different from those found in X.520(93). Some attribute names are different from those found in X.520(93).
Three new attributes supportedAlgorithms, deltaRevocationList and Three new attributes supportedAlgorithms, deltaRevocationList and
dmdName, and the objectClass dmd, are defined in the X.500(96) dmdName, and the objectClass dmd, are defined in the X.500(96)
documents. documents.
5. Attribute Types 5. Attribute Types
An LDAP server implementation SHOULD recognize the attribute types An LDAP server implementation SHOULD recognize the attribute types
described in this section. described in this section.
5.1. objectClass 5.1. objectClass
The values of the objectClass attribute describe the kind of object The values of the objectClass attribute describe the kind of object
which an entry represents. The objectClass attribute is present in which an entry represents. The objectClass attribute is present in
every entry, with at least two values. One of the values is either every entry, with at least two values. One of the values is either
"top" or "alias". "top" or "alias".
( 2.5.4.0 NAME 'objectClass' EQUALITY objectIdentifierMatch ( 2.5.4.0 NAME 'objectClass' EQUALITY objectIdentifierMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
5.2. aliasedObjectName 5.2. aliasedObjectName
The aliasedObjectName attribute is used by the directory service if The aliasedObjectName attribute is used by the directory service if
the entry containing this attribute is an alias. the entry containing this attribute is an alias.
( 2.5.4.1 NAME 'aliasedObjectName' EQUALITY distinguishedNameMatch ( 2.5.4.1 NAME 'aliasedObjectName' EQUALITY distinguishedNameMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
5.3. knowledgeInformation 5.3. knowledgeInformation
This attribute is no longer used. This attribute is no longer used.
( 2.5.4.2 NAME 'knowledgeInformation' EQUALITY caseIgnoreMatch ( 2.5.4.2 NAME 'knowledgeInformation' EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{32768}' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
5.4. cn 5.4. cn
This is the X.500 commonName attribute, which contains a name of This is the X.500 commonName attribute, which contains a name of
an object. If the object corresponds to a person, it is typically the an object. If the object corresponds to a person, it is typically the
person's full name. person's full name.
( 2.5.4.3 NAME 'cn' SUP name ) ( 2.5.4.3 NAME 'cn' SUP name )
5.5. sn 5.5. sn
skipping to change at line 126 skipping to change at line 124
a person. a person.
( 2.5.4.4 NAME 'sn' SUP name ) ( 2.5.4.4 NAME 'sn' SUP name )
5.6. serialNumber 5.6. serialNumber
This attribute contains the serial number of a device. This attribute contains the serial number of a device.
( 2.5.4.5 NAME 'serialNumber' EQUALITY caseIgnoreMatch ( 2.5.4.5 NAME 'serialNumber' EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.44{64}' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
5.7. c 5.7. c
This attribute contains a two-letter ISO 3166 country code This attribute contains a two-letter ISO 3166 country code
(countryName). (countryName).
( 2.5.4.6 NAME 'c' SUP name SINGLE-VALUE ) ( 2.5.4.6 NAME 'c' SUP name SINGLE-VALUE )
5.8. l 5.8. l
skipping to change at line 157 skipping to change at line 155
( 2.5.4.8 NAME 'st' SUP name ) ( 2.5.4.8 NAME 'st' SUP name )
5.10. street 5.10. street
This attribute contains the physical address of the object to which This attribute contains the physical address of the object to which
the entry corresponds, such as an address for package delivery the entry corresponds, such as an address for package delivery
(streetAddress). (streetAddress).
( 2.5.4.9 NAME 'street' EQUALITY caseIgnoreMatch ( 2.5.4.9 NAME 'street' EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{128}' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
5.11. o 5.11. o
This attribute contains the name of an organization This attribute contains the name of an organization
(organizationName). (organizationName).
( 2.5.4.10 NAME 'o' SUP name ) ( 2.5.4.10 NAME 'o' SUP name )
5.12. ou 5.12. ou
skipping to change at line 188 skipping to change at line 186
job function. job function.
( 2.5.4.12 NAME 'title' SUP name ) ( 2.5.4.12 NAME 'title' SUP name )
5.14. description 5.14. description
This attribute contains a human-readable description of the object. This attribute contains a human-readable description of the object.
( 2.5.4.13 NAME 'description' EQUALITY caseIgnoreMatch ( 2.5.4.13 NAME 'description' EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{1024}' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
5.15. searchGuide 5.15. searchGuide
This attribute is for use by X.500 clients in constructing search This attribute is for use by X.500 clients in constructing search
filters. It is obsoleted by enhancedSearchGuide, described below in filters. It is obsoleted by enhancedSearchGuide, described below in
5.48. 5.48.
( 2.5.4.14 NAME 'searchGuide' ( 2.5.4.14 NAME 'searchGuide'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.25' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
5.16. businessCategory 5.16. businessCategory
This attribute describes the kind of business performed by an This attribute describes the kind of business performed by an
organization. organization.
( 2.5.4.15 NAME 'businessCategory' EQUALITY caseIgnoreMatch ( 2.5.4.15 NAME 'businessCategory' EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{128}' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
5.17. postalAddress 5.17. postalAddress
( 2.5.4.16 NAME 'postalAddress' EQUALITY caseIgnoreListMatch ( 2.5.4.16 NAME 'postalAddress' EQUALITY caseIgnoreListMatch
SUBSTR caseIgnoreListSubstringsMatch SUBSTR caseIgnoreListSubstringsMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.41' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
5.18. postalCode 5.18. postalCode
( 2.5.4.17 NAME 'postalCode' EQUALITY caseIgnoreMatch ( 2.5.4.17 NAME 'postalCode' EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{40}' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
5.19. postOfficeBox 5.19. postOfficeBox
( 2.5.4.18 NAME 'postOfficeBox' EQUALITY caseIgnoreMatch ( 2.5.4.18 NAME 'postOfficeBox' EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{40}' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
5.20. physicalDeliveryOfficeName 5.20. physicalDeliveryOfficeName
( 2.5.4.19 NAME 'physicalDeliveryOfficeName' EQUALITY caseIgnoreMatch ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{128}' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
5.21. telephoneNumber 5.21. telephoneNumber
( 2.5.4.20 NAME 'telephoneNumber' EQUALITY telephoneNumberMatch ( 2.5.4.20 NAME 'telephoneNumber' EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch SUBSTR telephoneNumberSubstringsMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.50{32}' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
5.22. telexNumber 5.22. telexNumber
( 2.5.4.21 NAME 'telexNumber' ( 2.5.4.21 NAME 'telexNumber'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.52' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
5.23. teletexTerminalIdentifier 5.23. teletexTerminalIdentifier
( 2.5.4.22 NAME 'teletexTerminalIdentifier' ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.51' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
5.24. facsimileTelephoneNumber 5.24. facsimileTelephoneNumber
( 2.5.4.23 NAME 'facsimileTelephoneNumber' ( 2.5.4.23 NAME 'facsimileTelephoneNumber'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.22' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
5.25. x121Address 5.25. x121Address
( 2.5.4.24 NAME 'x121Address' EQUALITY numericStringMatch ( 2.5.4.24 NAME 'x121Address' EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch SUBSTR numericStringSubstringsMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.36{15}' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
5.26. internationaliSDNNumber 5.26. internationaliSDNNumber
( 2.5.4.25 NAME 'internationaliSDNNumber' EQUALITY numericStringMatch ( 2.5.4.25 NAME 'internationaliSDNNumber' EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch SUBSTR numericStringSubstringsMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.36{16}' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
5.27. registeredAddress 5.27. registeredAddress
This attribute holds a postal address suitable for reception of This attribute holds a postal address suitable for reception of
telegrams or expedited documents, where it is necessary to have the telegrams or expedited documents, where it is necessary to have the
recipient accept delivery. recipient accept delivery.
( 2.5.4.26 NAME 'registeredAddress' SUP postalAddress ( 2.5.4.26 NAME 'registeredAddress' SUP postalAddress
SYNTAX '1.3.6.1.4.1.1466.115.121.1.41' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
5.28. destinationIndicator 5.28. destinationIndicator
This attribute is used for the telegram service. This attribute is used for the telegram service.
( 2.5.4.27 NAME 'destinationIndicator' EQUALITY caseIgnoreMatch ( 2.5.4.27 NAME 'destinationIndicator' EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.44{128}' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
5.29. preferredDeliveryMethod 5.29. preferredDeliveryMethod
( 2.5.4.28 NAME 'preferredDeliveryMethod' ( 2.5.4.28 NAME 'preferredDeliveryMethod'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.14' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
SINGLE-VALUE ) SINGLE-VALUE )
5.30. presentationAddress 5.30. presentationAddress
This attribute contains an OSI presentation address. This attribute contains an OSI presentation address.
( 2.5.4.29 NAME 'presentationAddress' ( 2.5.4.29 NAME 'presentationAddress'
EQUALITY presentationAddressMatch EQUALITY presentationAddressMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.43' SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
SINGLE-VALUE ) SINGLE-VALUE )
5.31. supportedApplicationContext 5.31. supportedApplicationContext
This attribute contains the identifiers of OSI application contexts. This attribute contains the identifiers of OSI application contexts.
( 2.5.4.30 NAME 'supportedApplicationContext' ( 2.5.4.30 NAME 'supportedApplicationContext'
EQUALITY objectIdentifierMatch EQUALITY objectIdentifierMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
5.32. member 5.32. member
( 2.5.4.31 NAME 'member' SUP distinguishedName ) ( 2.5.4.31 NAME 'member' SUP distinguishedName )
5.33. owner 5.33. owner
( 2.5.4.32 NAME 'owner' SUP distinguishedName ) ( 2.5.4.32 NAME 'owner' SUP distinguishedName )
5.34. roleOccupant 5.34. roleOccupant
( 2.5.4.33 NAME 'roleOccupant' SUP distinguishedName ) ( 2.5.4.33 NAME 'roleOccupant' SUP distinguishedName )
5.35. seeAlso 5.35. seeAlso
( 2.5.4.34 NAME 'seeAlso' SUP distinguishedName ) ( 2.5.4.34 NAME 'seeAlso' SUP distinguishedName )
5.36. userPassword 5.36. userPassword
( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch ( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.40{128}' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
Passwords are stored using an Octet String syntax and are not Passwords are stored using an Octet String syntax and are not
encrypted. Transfer of cleartext passwords are strongly discouraged encrypted. Transfer of cleartext passwords are strongly discouraged
where the underlying transport service cannot guarantee where the underlying transport service cannot guarantee
confidentiality and may result in disclosure of the password to confidentiality and may result in disclosure of the password to
unauthorized parties. unauthorized parties.
5.37. userCertificate 5.37. userCertificate
This attribute is to be stored and requested in the binary form, as This attribute is to be stored and requested in the binary form, as
'userCertificate;binary'. 'userCertificate;binary'.
( 2.5.4.36 NAME 'userCertificate' ( 2.5.4.36 NAME 'userCertificate'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.8' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
5.38. cACertificate 5.38. cACertificate
This attribute is to be stored and requested in the binary form, as This attribute is to be stored and requested in the binary form, as
'cACertificate;binary'. 'cACertificate;binary'.
( 2.5.4.37 NAME 'cACertificate' ( 2.5.4.37 NAME 'cACertificate'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.8' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
5.39. authorityRevocationList 5.39. authorityRevocationList
This attribute is to be stored and requested in the binary form, as This attribute is to be stored and requested in the binary form, as
'authorityRevocationList;binary'. 'authorityRevocationList;binary'.
( 2.5.4.38 NAME 'authorityRevocationList' ( 2.5.4.38 NAME 'authorityRevocationList'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.9' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
5.40. certificateRevocationList 5.40. certificateRevocationList
This attribute is to be stored and requested in the binary form, as This attribute is to be stored and requested in the binary form, as
'certificateRevocationList;binary'. 'certificateRevocationList;binary'.
( 2.5.4.39 NAME 'certificateRevocationList' ( 2.5.4.39 NAME 'certificateRevocationList'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.9' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
5.41. crossCertificatePair 5.41. crossCertificatePair
This attribute is to be stored and requested in the binary form, as This attribute is to be stored and requested in the binary form, as
'crossCertificatePair;binary'. 'crossCertificatePair;binary'.
( 2.5.4.40 NAME 'crossCertificatePair' ( 2.5.4.40 NAME 'crossCertificatePair'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.10' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
5.42. name 5.42. name
The name attribute type is the attribute supertype from which string The name attribute type is the attribute supertype from which string
attribute types typically used for naming may be formed. It is attribute types typically used for naming may be formed. It is
unlikely that values of this type itself will occur in an entry. unlikely that values of this type itself will occur in an entry.
LDAP server implementations which do not support attribute subtyping LDAP server implementations which do not support attribute subtyping
need not recognize this attribute in requests. Client need not recognize this attribute in requests. Client
implementations MUST NOT assume that LDAP servers are capable of implementations MUST NOT assume that LDAP servers are capable of
performing attribute subtyping. performing attribute subtyping.
( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch ( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{32768}' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
5.43. givenName 5.43. givenName
The givenName attribute is used to hold the part of a person's name The givenName attribute is used to hold the part of a person's name
which is not their surname nor middle name. which is not their surname nor middle name.
( 2.5.4.42 NAME 'givenName' SUP name ) ( 2.5.4.42 NAME 'givenName' SUP name )
5.44. initials 5.44. initials
skipping to change at line 415 skipping to change at line 413
( 2.5.4.44 NAME 'generationQualifier' SUP name ) ( 2.5.4.44 NAME 'generationQualifier' SUP name )
5.46. x500UniqueIdentifier 5.46. x500UniqueIdentifier
The x500UniqueIdentifier attribute is used to distinguish between The x500UniqueIdentifier attribute is used to distinguish between
objects when a distinguished name has been reused. This is a objects when a distinguished name has been reused. This is a
different attribute type from both the "uid" and "uniqueIdentifier" different attribute type from both the "uid" and "uniqueIdentifier"
types. types.
( 2.5.4.45 NAME 'x500UniqueIdentifier' EQUALITY bitStringMatch ( 2.5.4.45 NAME 'x500UniqueIdentifier' EQUALITY bitStringMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.6' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
5.47. dnQualifier 5.47. dnQualifier
The dnQualifier attribute type specifies disambiguating information to The dnQualifier attribute type specifies disambiguating information to
add to the relative distinguished name of an entry. It is intended add to the relative distinguished name of an entry. It is intended
for use when merging data from multiple sources in order to prevent for use when merging data from multiple sources in order to prevent
conflicts between entries which would otherwise have the same name. conflicts between entries which would otherwise have the same name.
It is recommended that the value of the dnQualifier attribute be the It is recommended that the value of the dnQualifier attribute be the
same for all entries from a particular source. same for all entries from a particular source.
( 2.5.4.46 NAME 'dnQualifier' EQUALITY caseIgnoreMatch ( 2.5.4.46 NAME 'dnQualifier' EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.44' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
5.48. enhancedSearchGuide 5.48. enhancedSearchGuide
This attribute is for use by X.500 clients in constructing search This attribute is for use by X.500 clients in constructing search
filters. filters.
( 2.5.4.47 NAME 'enhancedSearchGuide' ( 2.5.4.47 NAME 'enhancedSearchGuide'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.21' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
5.49. protocolInformation 5.49. protocolInformation
This attribute is used in conjuction with the presentationAddress This attribute is used in conjunction with the presentationAddress
attribute, to provide additional information to the OSI network attribute, to provide additional information to the OSI network
service. service.
( 2.5.4.48 NAME 'protocolInformation' ( 2.5.4.48 NAME 'protocolInformation'
EQUALITY protocolInformationMatch EQUALITY protocolInformationMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.42' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
5.50. distinguishedName 5.50. distinguishedName
This attribute type is not used as the name of the object itself, but This attribute type is not used as the name of the object itself, but
it is instead a base type from which attributes with DN syntax it is instead a base type from which attributes with DN syntax
inherit. inherit.
It is unlikely that values of this type itself will occur in an entry. It is unlikely that values of this type itself will occur in an entry.
LDAP server implementations which do not support attribute subtyping LDAP server implementations which do not support attribute subtyping
need not recognize this attribute in requests. Client need not recognize this attribute in requests. Client
implementations MUST NOT assume that LDAP servers are capable of implementations MUST NOT assume that LDAP servers are capable of
performing attribute subtyping. performing attribute subtyping.
( 2.5.4.49 NAME 'distinguishedName' EQUALITY distinguishedNameMatch ( 2.5.4.49 NAME 'distinguishedName' EQUALITY distinguishedNameMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
5.51. uniqueMember 5.51. uniqueMember
( 2.5.4.50 NAME 'uniqueMember' EQUALITY uniqueMemberMatch ( 2.5.4.50 NAME 'uniqueMember' EQUALITY uniqueMemberMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.34' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
5.52. houseIdentifier 5.52. houseIdentifier
This attribute is used to identify a building within a location. This attribute is used to identify a building within a location.
( 2.5.4.51 NAME 'houseIdentifier' EQUALITY caseIgnoreMatch ( 2.5.4.51 NAME 'houseIdentifier' EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{32768}' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
5.53. supportedAlgorithms 5.53. supportedAlgorithms
This attribute is to be stored and requested in the binary form, as This attribute is to be stored and requested in the binary form, as
'supportedAlgorithms;binary'. 'supportedAlgorithms;binary'.
( 2.5.4.52 NAME 'supportedAlgorithms' ( 2.5.4.52 NAME 'supportedAlgorithms'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.49' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
5.54. deltaRevocationList 5.54. deltaRevocationList
This attribute is to be stored and requested in the binary form, as This attribute is to be stored and requested in the binary form, as
'deltaRevocationList;binary'. 'deltaRevocationList;binary'.
( 2.5.4.53 NAME 'deltaRevocationList' ( 2.5.4.53 NAME 'deltaRevocationList'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.9' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
5.55. dmdName 5.55. dmdName
The value of this attribute specifies a directory management The value of this attribute specifies a directory management
domain (DMD), the administrative authority which operates the domain (DMD), the administrative authority which operates the
directory server. directory server.
( 2.5.4.54 NAME 'dmdName' SUP name ) ( 2.5.4.54 NAME 'dmdName' SUP name )
6. Syntaxes 6. Syntaxes
skipping to change at line 514 skipping to change at line 512
which defines the OBJECT IDENTIFIER of the syntax. The descriptions which defines the OBJECT IDENTIFIER of the syntax. The descriptions
of syntax names are not carried in protocol, and are not guaranteed of syntax names are not carried in protocol, and are not guaranteed
to be unique. to be unique.
6.1. Delivery Method 6.1. Delivery Method
( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' ) ( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' )
Values in this syntax are encoded according to the following BNF: Values in this syntax are encoded according to the following BNF:
delivery-value = pdm / ( pdm "$" delivery-value ) delivery-value = pdm / ( pdm whsp "$" whsp delivery-value )
pdm = "any" / "mhs" / "physical" / "telex" / "teletex" / pdm = "any" / "mhs" / "physical" / "telex" / "teletex" /
"g3fax" / "g4fax" / "ia5" / "videotex" / "telephone" "g3fax" / "g4fax" / "ia5" / "videotex" / "telephone"
Example: Example:
telephone telephone
6.2. Enhanced Guide 6.2. Enhanced Guide
( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' ) ( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' )
Values in this syntax are encoded according to the following BNF: Values in this syntax are encoded according to the following BNF:
EnhancedGuide = objectclass "#" criteria "#" subset EnhancedGuide = woid whsp "#" whsp criteria whsp "#" whsp subset
subset = "baseobject" / "oneLevel" / "wholeSubtree" subset = "baseobject" / "oneLevel" / "wholeSubtree"
The criteria production is defined in the Guide syntax below. The criteria production is defined in the Guide syntax below.
This syntax has been added subsequent to RFC 1778. This syntax has been added subsequent to RFC 1778.
Example: Example:
person#(sn)#oneLevel person#(sn)#oneLevel
6.3. Guide 6.3. Guide
( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' ) ( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' )
Values in this syntax are encoded according to the following BNF: Values in this syntax are encoded according to the following BNF:
guide-value = [ object-class "#" ] criteria guide-value = [ object-class "#" ] criteria
object-class = <an encoded value with OID syntax> object-class = woid
criteria = criteria-item / criteria-set / ( "!" criteria ) criteria = criteria-item / criteria-set / ( "!" criteria )
criteria-set = ( [ "(" ] criteria "&" criteria-set [ ")" ] ) / criteria-set = ( [ "(" ] criteria "&" criteria-set [ ")" ] ) /
( [ "(" ] criteria "|" criteria-set [ ")" ] ) ( [ "(" ] criteria "|" criteria-set [ ")" ] )
criteria-item = [ "(" ] attributetype "$" match-type [ ")" ] criteria-item = [ "(" ] attributetype "$" match-type [ ")" ]
match-type = "EQ" / "SUBSTR" / "GE" / "LE" / "APPROX" match-type = "EQ" / "SUBSTR" / "GE" / "LE" / "APPROX"
skipping to change at line 748 skipping to change at line 746
( 2.5.6.16 NAME 'certificationAuthority' SUP top AUXILIARY ( 2.5.6.16 NAME 'certificationAuthority' SUP top AUXILIARY
MUST ( authorityRevocationList $ certificateRevocationList $ MUST ( authorityRevocationList $ certificateRevocationList $
cACertificate ) MAY crossCertificatePair ) cACertificate ) MAY crossCertificatePair )
7.18. groupOfUniqueNames 7.18. groupOfUniqueNames
( 2.5.6.17 NAME 'groupOfUniqueNames' SUP top STRUCTURAL ( 2.5.6.17 NAME 'groupOfUniqueNames' SUP top STRUCTURAL
MUST ( uniqueMember $ cn ) MUST ( uniqueMember $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
7.19. subentry 7.19. userSecurityInformation
This object class has special significance for administering X.500(93)
servers, as described in section 13.2 of X.501 [2].
( 2.5.17.0 NAME 'subentry' SUP top STRUCTURAL
MUST ( cn $ subtreeSpecification ) )
7.20. accessControlSubentry
This object class has special significance for administering X.500(93)
servers. It is used in conjunction with the "subentry" object class.
( 2.5.17.1 NAME 'accessControlSubentry' AUXILIARY )
7.21. collectiveAttributeSubentry
This object class has special significance for administering X.500(93)
servers. It is used in conjunction with the "subentry" object class.
( 2.5.17.2 NAME 'collectiveAttributeSubentry' AUXILIARY )
7.22. subschema
This object class is used for the subschema subentry in X.500(93)
servers.
( 2.5.20.1 NAME 'subschema' AUXILIARY
MAY ( dITStructureRules $ nameForms $ ditContentRules $
objectClasses $ attributeTypes $ matchingRules $
matchingRuleUse ) )
7.23. userSecurityInformation
( 2.5.6.18 NAME 'userSecurityInformation' SUP top AUXILIARY ( 2.5.6.18 NAME 'userSecurityInformation' SUP top AUXILIARY
MAY ( supportedAlgorithms ) ) MAY ( supportedAlgorithms ) )
7.24. certificationAuthority-V2 7.20. certificationAuthority-V2
( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP ( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP
certificationAuthority certificationAuthority
AUXILIARY MAY ( deltaRevocationList ) ) AUXILIARY MAY ( deltaRevocationList ) )
7.25. cRLDistributionPoint 7.21. cRLDistributionPoint
( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL ( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL
MUST ( cn ) MAY ( certificateRevocationList $ MUST ( cn ) MAY ( certificateRevocationList $
authorityRevocationList $ authorityRevocationList $
deltaRevocationList ) ) deltaRevocationList ) )
7.26. dmd 7.22. dmd
( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdName ) ( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdName )
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $ x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $ telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ facsimileTelephoneNumber $
street $ postOfficeBox $ postalCode $ postalAddress $ street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l $ description ) ) physicalDeliveryOfficeName $ st $ l $ description ) )
8. Matching Rule 8. Matching Rules
Servers MAY implement additional matching rules.
8.1. octetStringMatch
Servers which implement the extensibleMatch filter SHOULD allow Servers which implement the extensibleMatch filter SHOULD allow
the matching rule listed in this section to be used in the the matching rule listed in this section to be used in the
extensibleMatch. In general these servers SHOULD allow matching extensibleMatch. In general these servers SHOULD allow matching
rules to be used with all attribute types known to the server, when rules to be used with all attribute types known to the server, when
the assertion syntax of the matching rule is the same as the value the assertion syntax of the matching rule is the same as the value
syntax of the attribute. syntax of the attribute.
Servers MAY implement additional matching rules.
( 2.5.13.17 NAME 'octetStringMatch' ( 2.5.13.17 NAME 'octetStringMatch'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
9. Security Considerations 9. Security Considerations
Attributes of directory entries are used to provide descriptive Attributes of directory entries are used to provide descriptive
information about the real-world objects they represent, which can information about the real-world objects they represent, which can
be people, organizations or devices. Most countries have privacy be people, organizations or devices. Most countries have privacy
laws regarding the publication of information about people. laws regarding the publication of information about people.
Transfer of cleartext passwords are strongly discouraged where the Transfer of cleartext passwords are strongly discouraged where the
underlying transport service cannot guarantee confidentiality and may underlying transport service cannot guarantee confidentiality and may
skipping to change at line 843 skipping to change at line 811
10. Acknowledgements 10. Acknowledgements
The definitions on which this document have been developed by The definitions on which this document have been developed by
committees for telecommunications and international standards. committees for telecommunications and international standards.
No new attribute definitions have been added. The syntax definitions No new attribute definitions have been added. The syntax definitions
are based on the ISODE "QUIPU" implementation of X.500. are based on the ISODE "QUIPU" implementation of X.500.
11. Bibliography 11. Bibliography
[1] M. Wahl, A. Coulbeck, T. Howes, S. Kille, W. Yeong, C. Robbins, [1] M. Wahl, A. Coulbeck, T. Howes, S. Kille,
"Lightweight X.500 Directory Access Protocol Attribute Syntax "Lightweight X.500 Directory Access Protocol Attribute Syntax
Definitions", INTERNET-DRAFT Definitions", INTERNET-DRAFT
<draft-ietf-asid-ldapv3-attributes-06.txt>, July 1997. <draft-ietf-asid-ldapv3-attributes-08.txt>, October 1997.
[2] The Directory: Models. ITU-T Recommendation X.501, 1993. [2] The Directory: Models. ITU-T Recommendation X.501, 1996.
[3] The Directory: Authentication Framework. ITU-T Recommendation [3] The Directory: Authentication Framework. ITU-T Recommendation
X.509, 1993. X.509, 1996.
[4] The Directory: Selected Attribute Types. ITU-T Recommendation [4] The Directory: Selected Attribute Types. ITU-T Recommendation
X.520, 1993. X.520, 1996.
[5] The Directory: Selected Object Classes. ITU-T Recommendation [5] The Directory: Selected Object Classes. ITU-T Recommendation
X.521, 1993. X.521, 1996.
12. Author's Address 12. Author's Address
Mark Wahl Mark Wahl
Critical Angle Inc. Critical Angle Inc.
4815 West Braker Lane #502-385 4815 West Braker Lane #502-385
Austin, TX 78759 Austin, TX 78759
USA USA
Phone: +1 512 372 3160 Phone: +1 512 372 3160
 End of changes. 60 change blocks. 
96 lines changed or deleted 64 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/