draft-ietf-ldapbis-bcp64-04.txt   draft-ietf-ldapbis-bcp64-05.txt 
INTERNET-DRAFT Kurt D. Zeilenga INTERNET-DRAFT Kurt D. Zeilenga
Intended Category: BCP OpenLDAP Foundation Intended Category: BCP OpenLDAP Foundation
Expires in six months 24 October 2004 Expires in six months 21 February 2005
Obsoletes: RFC 3383 Obsoletes: RFC 3383
IANA Considerations for LDAP IANA Considerations for LDAP
<draft-ietf-ldapbis-bcp64-04.txt> <draft-ietf-ldapbis-bcp64-05.txt>
Status of Memo Status of Memo
This document is intended to be, after appropriate review and This document is intended to be, after appropriate review and
revision, submitted to the RFC Editor as a Best Current Practice revision, submitted to the RFC Editor as a Best Current Practice
document. This document is intended to replace RFC 3383. document. This document is intended to replace RFC 3383.
Distribution of this memo is unlimited. Technical discussion of this Distribution of this memo is unlimited. Technical discussion of this
document will take place on the IETF LDAP Revision Working Group document will take place on the IETF LDAP Revision Working Group
(LDAPBIS) mailing list <ietf-ldapbis@openldap.org>. Please send (LDAPBIS) mailing list <ietf-ldapbis@openldap.org>. Please send
editorial comments directly to the document editor editorial comments directly to the document editor
skipping to change at page 1, line 37 skipping to change at page 1, line 38
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts. groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
<http://www.ietf.org/ietf/1id-abstracts.txt>. The list of http://www.ietf.org/1id-abstracts.html
Internet-Draft Shadow Directories can be accessed at
<http://www.ietf.org/shadow.html>.
Copyright (C) The Internet Society (2004). All Rights Reserved. The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Copyright (C) The Internet Society (2005). All Rights Reserved.
Please see the Full Copyright section near the end of this document Please see the Full Copyright section near the end of this document
for more information. for more information.
Abstract Abstract
This document provides procedures for registering extensible elements This document provides procedures for registering extensible elements
of Lightweight Directory Access Protocol (LDAP). The document also of Lightweight Directory Access Protocol (LDAP). The document also
provides guidelines to Internet Assigned Numbers Authority (IANA) provides guidelines to Internet Assigned Numbers Authority (IANA)
describing conditions under which new values can be assigned. describing conditions under which new values can be assigned.
skipping to change at page 3, line 39 skipping to change at page 3, line 39
A keyword is a case-insensitive string of UTF-8 [RFC3629] encoded A keyword is a case-insensitive string of UTF-8 [RFC3629] encoded
Unicode [Unicode] restricted to the <keystring> production. Unicode [Unicode] restricted to the <keystring> production.
3. IANA Considerations for LDAP 3. IANA Considerations for LDAP
This section details each kind of protocol value which can be This section details each kind of protocol value which can be
registered and provides IANA guidelines on how to assign new values. registered and provides IANA guidelines on how to assign new values.
IANA may reject obviously bogus registrations described. IANA may reject obviously bogus registrations described.
LDAP values specified in RFCs MUST be registered. Other LDAP values,
expecting those in private-use name spaces, SHOULD be registered.
RFCs SHOULD NOT reference, use, or otherwise recongize unregistered
LDAP values.
3.1. Object Identifiers 3.1. Object Identifiers
Numerous LDAP schema and protocol elements are identified by Object Numerous LDAP schema and protocol elements are identified by Object
Identifiers (OIDs) [X.680]. Specifications which assign OIDs to Identifiers (OIDs) [X.680]. Specifications which assign OIDs to
elements SHOULD state who delegated the OIDs for its use. elements SHOULD state who delegated the OIDs for its use.
For IETF developed elements, specifications SHOULD use OIDs under For IETF developed elements, specifications SHOULD use OIDs under
"Internet Directory Numbers" (1.3.6.1.1.x). For elements developed "Internet Directory Numbers" (1.3.6.1.1.x). For elements developed
by others, any properly delegated OID can be used, including those by others, any properly delegated OID can be used, including those
under "Internet Directory Numbers" (1.3.6.1.1.x) or "Internet Private under "Internet Directory Numbers" (1.3.6.1.1.x) or "Internet Private
Enterprise Numbers" (1.3.6.1.4.1.x). Enterprise Numbers" (1.3.6.1.4.1.x).
Internet Directory Numbers (1.3.6.1.1.x) will be assigned upon Expert Internet Directory Numbers (1.3.6.1.1.x) will be assigned upon Expert
Review with Specification Required. Only one OID per specification Review with Specification Required. Only one OID per specification
will be assigned. The specification MAY then assign any number of will be assigned. The specification MAY then assign any number of
OIDs within this arc without further coordination with IANA. OIDs within this arc without further coordination with IANA.
Internet Private Enterprise Numbers (1.3.6.1.4.1.x) are assigned by Internet Private Enterprise Numbers (1.3.6.1.4.1.x) are assigned by
IANA <http://www.iana.org/cgi-bin/enterprise.pl>. IANA <http://www.iana.org/cgi-bin/enterprise.pl>. Practices for IANA
assignment of Internet Private Enterprise Numbers is detailed in STD
16 [RFC1155].
To avoid interoperability problems between early implementations of a To avoid interoperability problems between early implementations of a
"work in progress" and implementations of the published specification "work in progress" and implementations of the published specification
(e.g., the RFC), experimental OIDs SHOULD be used in "works in (e.g., the RFC), experimental OIDs SHOULD be used in "works in
progress" and early implementations. OIDs under the Internet progress" and early implementations. OIDs under the Internet
Experimental OID arc (1.3.6.1.3.x) may be used for this purpose. Experimental OID arc (1.3.6.1.3.x) may be used for this purpose.
Practices for IANA assignment of these Internet Experimental numbers
Experimental OIDs SHALL NOT be used in published specifications (e.g. is detailed in STD 16 [RFC1155].
RFCs).
Practices for IANA assignment of Internet Enterprise and Experimental
OIDs are detailed in STD 16 [RFC1155].
3.2 Protocol Mechanisms 3.2 Protocol Mechanisms
LDAP provides a number of Root DSE attributes for discovery of LDAP provides a number of Root DSE attributes for discovery of
protocol mechanisms identified by OIDs, including: protocol mechanisms identified by OIDs, including the
- supportedControl [Models], supportedControl, supportedExtension, and supportedFeatures
- supportedExtension [Models], and attributes [Models],
- supportedFeatures [RFC3674],
A registry of OIDs used for discover of protocol mechanisms is A registry of OIDs used for discover of protocol mechanisms is
provided to allow implementors and others to locate the technical provided to allow implementors and others to locate the technical
specification for these protocol mechanisms. Future specifications specification for these protocol mechanisms. Future specifications
of additional Root DSE attributes holding values identifying protocol of additional Root DSE attributes holding values identifying protocol
mechanisms MAY extend this registry for their values. mechanisms MAY extend this registry for their values.
OIDs associated with discoverable protocol mechanisms SHOULD be Protocol Mechanisms are registered on a First Come First Served
registered. These are be considered on a First Come First Served basis.
with Specification Required basis.
OIDs associated with Standard Track mechanisms MUST be registered and
require Standards Action.
3.3 LDAP Syntaxes 3.3 LDAP Syntaxes
This registry provides a listing of LDAP syntaxes [Models]. Each This registry provides a listing of LDAP syntaxes [Models]. Each
LDAP syntax is identified by an object identifier (OID). This LDAP syntax is identified by an object identifier (OID). This
registry is provided to allow implementors and others to locate the registry is provided to allow implementors and others to locate the
technical specification describing a particular LDAP Syntax. technical specification describing a particular LDAP Syntax.
OIDs used to identify LDAP syntaxes SHOULD be registered. These are LDAP Syntaxes are registered on a First Come First Served with
be considered on a First Come First Served with Specification Specification Required basis.
Required basis.
OIDs associated with Standard Track LDAP syntaxes MUST be registered
and require Standards Action.
Note: unlike object classes, attribute types and various other kinds Note: unlike object classes, attribute types and various other kinds
of schema elements, descriptors are not used in LDAP to identify LDAP of schema elements, descriptors are not used in LDAP to identify LDAP
syntaxes. Syntaxes.
3.4. Object Identifier Descriptors 3.4. Object Identifier Descriptors
LDAP allows short descriptive names (or descriptors) to be used LDAP allows short descriptive names (or descriptors) to be used
instead of a numeric Object Identifier to identify select protocol instead of a numeric Object Identifier to identify select protocol
extensions [Protocol], schema elements [Models], LDAP URL [LDAPURL] extensions [Protocol], schema elements [Models], LDAP URL [LDAPURL]
extensions, and other objects. extensions, and other objects.
Descriptors SHOULD be registered unless in private-use name space
(e.g., they begin with "x-"). Descriptors defined in RFCs MUST be
registered.
While the protocol allows the same descriptor to refer to different While the protocol allows the same descriptor to refer to different
object identifiers in certain cases and the registry supports object identifiers in certain cases and the registry supports
multiple registrations of the same descriptor (each indicating a multiple registrations of the same descriptor (each indicating a
different kind of schema element and different object identifier), different kind of schema element and different object identifier),
multiple registrations of the same descriptor are to be avoided. All multiple registrations of the same descriptor are to be avoided. All
such registration requests require Expert Review. such registration requests require Expert Review.
Descriptors are restricted to strings of UTF-8 encoded Unicode Descriptors are restricted to strings of UTF-8 encoded Unicode
characters restricted by the following ABNF: characters restricted by the following ABNF:
skipping to change at page 9, line 6 skipping to change at page 8, line 44
3.10. LDAP Filter Choice 3.10. LDAP Filter Choice
LDAP filters are used in making assertions against an object LDAP filters are used in making assertions against an object
represented in the directory [Protocol]. The Filter CHOICE indicates represented in the directory [Protocol]. The Filter CHOICE indicates
a type of assertion. Each Filter CHOICE consists of an ASN.1 a type of assertion. Each Filter CHOICE consists of an ASN.1
identifier in the form of a keyword and a non-negative choice number. identifier in the form of a keyword and a non-negative choice number.
The choice number is combined with the class (APPLICATION) and data The choice number is combined with the class (APPLICATION) and data
type (CONSTRUCTED or PRIMITIVE) to construct the BER tag in the type (CONSTRUCTED or PRIMITIVE) to construct the BER tag in the
message's encoding. message's encoding.
New values will be registered upon Standards Action.
Note: LDAP provides the extensibleMatching choice which reduces, but Note: LDAP provides the extensibleMatching choice which reduces, but
does not eliminate, the need to add new filter choices. does not eliminate, the need to add new filter choices.
3.11. LDAP ModifyRequest Operation Type 3.11. LDAP ModifyRequest Operation Type
The LDAP ModifyRequest carries a sequence of modification operations The LDAP ModifyRequest carries a sequence of modification operations
[Protocol]. Each kind (e.g., add, delete, replace) of operation is [Protocol]. Each kind (e.g., add, delete, replace) of operation is
consists of a ASN.1 identifier in the form of a keyword and a consists of a ASN.1 identifier in the form of a keyword and a
non-negative integer. non-negative integer.
New operation integers in the range 0-1023 require Standards Action New operation type integers in the range 0-1023 require Standards
to be registered. New operation integers in the range 1024-4095 Action to be registered. New operation type integers in the range
require Expert Review with Specification Required. New integer 1024-4095 require Expert Review with Specification Required. New
integers in the range 4096-16383 will be registered on a First Come operation type integers in the range 4096-16383 will be registered on
First Served basis. Keywords associated with integers in the range a First Come First Served basis. Keywords associated with integers
0-4095 SHALL NOT start with "e-" or "x-". Keywords associated with in the range 0-4095 SHALL NOT start with "e-" or "x-". Keywords
integers in the range 4096-16383 SHALL start with "e-". Values associated with integers in the range 4096-16383 SHALL start with
greater than or equal to 16384 and keywords starting with "x-" are "e-". Values greater than or equal to 16384 and keywords starting
for Private Use and cannot be registered. with "x-" are for Private Use and cannot be registered.
3.12. LDAP authzId Prefixes 3.12. LDAP authzId Prefixes
Authorization Identities in LDAP are strings conforming to the Authorization Identities in LDAP are strings conforming to the
<authzId> production [AuthMeth]. This production is extensible. <authzId> production [AuthMeth]. This production is extensible.
Each new specific authorization form is identified by a prefix string Each new specific authorization form is identified by a prefix string
conforming to the following ABNF: conforming to the following ABNF:
prefix = keystring COLON prefix = keystring COLON
COLON = %x3A ; COLON (":" U+003A) COLON = %x3A ; COLON (":" U+003A)
Prefixes are case-insensitive. Prefixes are case-insensitive.
While the protocol places no maximum length restriction upon option While the protocol places no maximum length restriction upon prefix
strings, they should be short. Options longer than 12 characters may strings, they should be short. Prefixes longer than 12 characters
be viewed as too long to register. may be viewed as too long to register.
Options beginning with "x-" are for Private Use and cannot be Prefixes beginning with "x-" are for Private Use and cannot be
registered. registered.
Options beginning with "e-" are reserved for experiments and will be Prefixes beginning with "e-" are reserved for experiments and will be
registered on a First Come First Served basis. registered on a First Come First Served basis.
All other options require Standards Action or Expert Review with All other prefixes require Standards Action or Expert Review with
Specification Required to be registered. Specification Required to be registered.
3.13. Directory Systems Names 3.13. Directory Systems Names
The IANA-maintained "Directory Systems Names" registry [IANADSN] of The IANA-maintained "Directory Systems Names" registry [IANADSN] of
valid keywords for well known attributes was used in the LDAPv2 valid keywords for well known attributes was used in the LDAPv2
string representation of a distinguished name [RFC1779]. LDAPv2 is string representation of a distinguished name [RFC1779]. LDAPv2 is
now Historic [RFC3494]. now Historic [RFC3494].
Directory systems names are not known to be used in any other Directory systems names are not known to be used in any other
context. LDAPv3 uses Object Identifier Descriptors [Section 3.2] context. LDAPv3 [LDAPDN] uses Object Identifier Descriptors [Section
(which have a different syntax than directory system names). 3.2] (which have a different syntax than directory system names).
New Directory System Names will no longer be accepted. For New Directory System Names will no longer be accepted. For
historical purposes, the current list of registered names should historical purposes, the current list of registered names should
remain publicly available. remain publicly available.
4. Registration Procedure 4. Registration Procedure
The procedure given here MUST be used by anyone who wishes to use a The procedure given here MUST be used by anyone who wishes to use a
new value of a type described in Section 3 of this document. new value of a type described in Section 3 of this document.
skipping to change at page 11, line 31 skipping to change at page 11, line 20
5.1. Lists of Registered Values 5.1. Lists of Registered Values
IANA makes lists of registered values readily available to the IANA makes lists of registered values readily available to the
Internet community on their web site: <http://www.iana.org/>. Internet community on their web site: <http://www.iana.org/>.
5.2. Change Control 5.2. Change Control
The registration owner MAY update the registration subject to the The registration owner MAY update the registration subject to the
same constraints and review as with new registrations. In cases same constraints and review as with new registrations. In cases
where the owner is not unable or unwilling to make necessary updates, where the owner is not unable or unwilling to make necessary updates,
the IESG MAY assert ownership in order to update the registration. the IESG MAY assume ownership in order to update the registration.
5.3. Comments 5.3. Comments
For cases where others (anyone other than the owner) have significant For cases where others (anyone other than the owner) have significant
objections to the claims in a registration and the owner does not objections to the claims in a registration and the owner does not
agree to change the registration, comments MAY be attached to a agree to change the registration, comments MAY be attached to a
registration upon Expert Review. For registrations owned by the registration upon Expert Review. For registrations owned by the
IESG, the objections SHOULD be addressed by initiating a request for IESG, the objections SHOULD be addressed by initiating a request for
Expert Review. Expert Review.
skipping to change at page 12, line 32 skipping to change at page 12, line 22
8. Author's Address 8. Author's Address
Kurt D. Zeilenga Kurt D. Zeilenga
OpenLDAP Foundation OpenLDAP Foundation
Email: Kurt@OpenLDAP.org Email: Kurt@OpenLDAP.org
9. References 9. References
[[Note to the RFC Editor: please replace the citation tags used in [[Note to the RFC Editor: please replace the citation tags used in
referencing Internet-Drafts with tags of the form RFCnnnn.]] referencing Internet-Drafts with tags of the form RFCnnnn where
possible.]]
9.1. Normative References 9.1. Normative References
[RFC1155] Rose, M. and K. McCloghrie, "Structure and [RFC1155] Rose, M. and K. McCloghrie, "Structure and
Identification of Management Information for TCP/IP- Identification of Management Information for TCP/IP-
based Internets", STD 16 (also RFC 1155), May 1990. based Internets", STD 16 (also RFC 1155), May 1990.
[RFC2026] Bradner, S., "The Internet Standards Process -- Revision [RFC2026] Bradner, S., "The Internet Standards Process -- Revision
3", BCP 9 (also RFC 2026), October 1996. 3", BCP 9 (also RFC 2026), October 1996.
skipping to change at page 13, line 12 skipping to change at page 12, line 47
[RFC2234] Crocker, D. and P. Overell, "Augmented BNF for Syntax [RFC2234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", RFC 2234, November 1997. Specifications: ABNF", RFC 2234, November 1997.
[RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26 (also RFC IANA Considerations Section in RFCs", BCP 26 (also RFC
2434), October 1998. 2434), October 1998.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", RFC 3629 (also STD 63), November 2003. 10646", RFC 3629 (also STD 63), November 2003.
[Features] Zeilenga, K., "Feature Discovery in LDAP", RFC 3674,
December 2003.
[Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
progress. progress.
[Protocol] Sermersheim, J. (editor), "LDAP: The Protocol", [AuthMeth] Harrison, R. (editor), "LDAP: Authentication Methods and
draft-ietf-ldapbis-protocol-xx.txt, a work in progress. Connection Level Security Mechanisms",
draft-ietf-ldapbis-authmeth-xx.txt, a work in progress.
[Models] Zeilenga, K. (editor), "LDAP: Directory Information [Models] Zeilenga, K. (editor), "LDAP: Directory Information
Models", draft-ietf-ldapbis-models-xx.txt, a work in Models", draft-ietf-ldapbis-models-xx.txt, a work in
progress. progress.
[Syntaxes] Legg, S. (editor), "LDAP: Syntaxes and Matching Rules", [Protocol] Sermersheim, J. (editor), "LDAP: The Protocol",
draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress. draft-ietf-ldapbis-protocol-xx.txt, a work in progress.
[LDAPURL] Smith, M. (editor), "LDAP: Uniform Resource Locator", [LDAPURL] Smith, M. (editor), "LDAP: Uniform Resource Locator",
draft-ietf-ldapbis-url-xx.txt, a work in progress. draft-ietf-ldapbis-url-xx.txt, a work in progress.
[Unicode] The Unicode Consortium, "The Unicode Standard, Version [Unicode] The Unicode Consortium, "The Unicode Standard, Version
3.2.0" is defined by "The Unicode Standard, Version 3.0" 3.2.0" is defined by "The Unicode Standard, Version 3.0"
(Reading, MA, Addison-Wesley, 2000. ISBN 0-201-61633-5), (Reading, MA, Addison-Wesley, 2000. ISBN 0-201-61633-5),
as amended by the "Unicode Standard Annex #27: Unicode as amended by the "Unicode Standard Annex #27: Unicode
3.1" (http://www.unicode.org/reports/tr27/) and by the 3.1" (http://www.unicode.org/reports/tr27/) and by the
"Unicode Standard Annex #28: Unicode 3.2" "Unicode Standard Annex #28: Unicode 3.2"
(http://www.unicode.org/reports/tr28/). (http://www.unicode.org/reports/tr28/).
[X.680] International Telecommunication Union - [X.680] International Telecommunication Union -
Telecommunication Standardization Sector, "Abstract Telecommunication Standardization Sector, "Abstract
Syntax Notation One (ASN.1) - Specification of Basic Syntax Notation One (ASN.1) - Specification of Basic
Notation", X.680(1997) (also ISO/IEC 8824-1:1998). Notation", X.680(2002) (also ISO/IEC 8824-1:2002).
9.2. Informative References 9.2. Informative References
[RFC1779] Kille, S., "A String Representation of Distinguished [RFC1779] Kille, S., "A String Representation of Distinguished
Names", RFC 1779, March 1995. Names", RFC 1779, March 1995.
[RFC3494] Zeilenga, K., "Lightweight Directory Access Protocol [RFC3494] Zeilenga, K., "Lightweight Directory Access Protocol
version 2 (LDAPv2) to Historic Status", RFC 3494, March version 2 (LDAPv2) to Historic Status", RFC 3494, March
2003. 2003.
[Syntaxes] Legg, S. (editor), "LDAP: Syntaxes and Matching Rules",
draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress.
[LDAPDN] Zeilenga, K. (editor), "LDAP: String Representation of
Distinguished Names", draft-ietf-ldapbis-dn-xx.txt, a
work in progress.
[SASL] Melnikov, A. (Editor), "Simple Authentication and [SASL] Melnikov, A. (Editor), "Simple Authentication and
Security Layer (SASL)", Security Layer (SASL)",
draft-ietf-sasl-rfc2222bis-xx.txt, a work in progress. draft-ietf-sasl-rfc2222bis-xx.txt, a work in progress.
[IANADSN] IANA, "Directory Systems Names", [IANADSN] IANA, "Directory Systems Names",
http://www.iana.org/assignments/directory-system-names. http://www.iana.org/assignments/directory-system-names.
Appendix A. Registration Templates Appendix A. Registration Templates
This appendix provides registration templates for registering new This appendix provides registration templates for registering new
skipping to change at page 19, line 12 skipping to change at page 19, line 7
- References to ISO 10646 have been replaced with [Unicode]. - References to ISO 10646 have been replaced with [Unicode].
- The "Assigned Values" appendix providing initial registry values - The "Assigned Values" appendix providing initial registry values
was removed. was removed.
- Numerous editorial changes were made. - Numerous editorial changes were made.
Appendix C. Initial Values for new registries Appendix C. Initial Values for new registries
This appendix is to be removed by the RFC Editor before publication as This appendix provides initial values for new registries.
an RFC.
C.1. LDAP Syntaxes C.1. LDAP Syntaxes
See [Syntaxes]. Object Identifier Syntax Owner Reference
----------------------------- -------------------------- ----- ---
1.3.6.1.4.1.1466.115.121.1.3 Attribute Type Description IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.6 Bit String IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.7 Boolean IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.11 Country String IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.12 DN IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.14 Delivery Method IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.15 Directory String IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.16 DIT Content Rule Description IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.17 DIT Structure Rule Description IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.21 Enhanced Guide IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.22 Facsimile Telephone Number IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.23 Fax IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.24 Generalized Time IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.25 Guide IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.26 IA5 String IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.27 Integer IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.28 JPEG IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.30 Matching Rule Description IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.31 Matching Rule Use Description IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.34 Name And Optional UID IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.35 Name Form Description IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.36 Numeric String IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.37 Object Class Description IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.38 OID IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.39 Other Mailbox IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.40 Octet String IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.41 Postal Address IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.44 Printable String IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.50 Telephone Number IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.51 Teletex Terminal Identifier IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.52 Telex Number IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.53 UTC Time IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.54 LDAP Syntax Description IESG [Syntaxes]
1.3.6.1.4.1.1466.115.121.1.58 Substring Assertion IESG [Syntaxes]
C.2. LDAP Search Scopes C.2. LDAP Search Scopes
Name URLString Value Owner Reference Name URLString Value Owner Reference
---------------- --------- ----- ----- ------------------- ---------------- --------- ----- ----- -------------------
baseObject base 0 IESG [Protocol][LDAPURL] baseObject base 0 IESG [Protocol][LDAPURL]
singleLevel one 1 IESG [Protocol][LDAPURL] singleLevel one 1 IESG [Protocol][LDAPURL]
wholeSubtree sub 2 IESG [Protocol][LDAPURL] wholeSubtree sub 2 IESG [Protocol][LDAPURL]
C.3. LDAP Filter Choices C.3. LDAP Filter Choices
skipping to change at page 20, line 15 skipping to change at page 20, line 41
C.5. LDAP authzId prefixes C.5. LDAP authzId prefixes
Name Prefix Owner Reference Name Prefix Owner Reference
---------------- ------ ----- --------- ---------------- ------ ----- ---------
dnAuthzId dn: IESG [AuthMeth] dnAuthzId dn: IESG [AuthMeth]
uAuthzId u: IESG [AuthMeth] uAuthzId u: IESG [AuthMeth]
Full Copyright Full Copyright
Copyright (C) The Internet Society (2004). This document is subject Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights. except as set forth therein, the authors retain all their rights.
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/