draft-ietf-ldapbis-models-08.txt   draft-ietf-ldapbis-models-09.txt 
INTERNET-DRAFT Editor: Kurt D. Zeilenga INTERNET-DRAFT Editor: Kurt D. Zeilenga
Intended Category: Standard Track OpenLDAP Foundation Intended Category: Standard Track OpenLDAP Foundation
Expires in six months 30 June 2003 Expires in six months 27 October 2003
Obsoletes: RFC 2251, RFC 2252, RFC 2256 Obsoletes: RFC 2251, RFC 2252, RFC 2256
LDAP: Directory Information Models LDAP: Directory Information Models
<draft-ietf-ldapbis-models-08.txt> <draft-ietf-ldapbis-models-09.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with all This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026. provisions of Section 10 of RFC2026.
This document is intended to be published as a Standard Track RFC. This document is intended to be published as a Standard Track RFC.
Distribution of this memo is unlimited. Technical discussion of this Distribution of this memo is unlimited. Technical discussion of this
document will take place on the IETF LDAP Revision Working Group document will take place on the IETF LDAP Revision Working Group
mailing list <ietf-ldapbis@openldap.org>. Please send editorial mailing list <ietf-ldapbis@openldap.org>. Please send editorial
skipping to change at page 2, line 12 skipping to change at page 2, line 12
accordance with X.500 data and service models. This document accordance with X.500 data and service models. This document
describes the X.500 Directory Information Models, as used in LDAP. describes the X.500 Directory Information Models, as used in LDAP.
Table of Contents Table of Contents
Status of this Memo 1 Status of this Memo 1
Abstract Abstract
Table of Contents 2 Table of Contents 2
1. Introduction 3 1. Introduction 3
1.1. Relationship to Other LDAP Specifications 1.1. Relationship to Other LDAP Specifications
1.2. Relationship to ITU Specifications 1.2. Relationship to X.501 4
1.3. Conventions 4 1.3. Conventions
1.4. Common ABNF Productions 1.4. Common ABNF Productions
2. Model of Directory User Information 6 2. Model of Directory User Information 6
2.1. The Directory Information Tree 2.1. The Directory Information Tree 7
2.2. Naming of Entries 7 2.2. Naming of Entries
2.3. Structure of an Entry 8 2.3. Structure of an Entry 8
2.4. Object Classes 2.4. Object Classes 9
2.5. Attribute Descriptions 11 2.5. Attribute Descriptions 11
2.6. Alias Entries 15 2.6. Alias Entries 15
3. Directory Administrative and Operational Information 16 3. Directory Administrative and Operational Information 17
3.1. Subtrees 3.1. Subtrees
3.2. Subentries 17 3.2. Subentries
3.3. The 'objectClass' attribute 3.3. The 'objectClass' attribute 18
3.4. Operational attributes 18 3.4. Operational attributes
4. Directory Schema 20 4. Directory Schema 21
4.1. Schema Definitions 21 4.1. Schema Definitions 22
4.2. Subschema Subentries 30 4.2. Subschema Subentries 31
4.3. 'extensibleObject' 34 4.3. 'extensibleObject' 34
4.4. Subschema Discovery 4.4. Subschema Discovery 35
5. DSA (Server) Informational Model 5. DSA (Server) Informational Model
5.1. Server-specific Data Requirements 35 5.1. Server-specific Data Requirements 36
6. Other Considerations 38 6. Other Considerations 39
6.1. Preservation of User Information 6.1. Preservation of User Information
6.2. Short Names 6.2. Short Names
6.3. Cache and Shadowing 39 6.3. Cache and Shadowing 40
7. Implementation Guidelines 40 7. Implementation Guidelines
7.1. Server Guidelines 7.1. Server Guidelines
7.2. Client Guidelines 7.2. Client Guidelines 41
8. Security Considerations 41 8. Security Considerations
9. IANA Considerations 9. IANA Considerations
10. Acknowledgments 42 10. Acknowledgments 42
11. Author's Address 11. Author's Address
12. References 12. References 43
12.1. Normative References 12.1. Normative References
12.2. Informative References 43 12.2. Informative References 44
Appendix A. Changes Appendix A. Changes
A.1 Changes to RFC 2251 44 A.1 Changes to RFC 2251 44
A.2 Changes to RFC 2252 46 A.2 Changes to RFC 2252 46
A.3 Changes to RFC 2256 47 A.3 Changes to RFC 2256 48
Copyright Intellectual Property Rights
Full Copyright 49
1. Introduction 1. Introduction
This document discusses the X.500 Directory Information Models This document discusses the X.500 Directory Information Models
[X.501], as used by the Lightweight Directory Access Protocol (LDAP) [X.501], as used by the Lightweight Directory Access Protocol (LDAP)
[Roadmap]. [Roadmap].
The Directory is "a collection of open systems cooperating to provide The Directory is "a collection of open systems cooperating to provide
directory services" [X.500]. The information held in the Directory is directory services" [X.500]. The information held in the Directory is
collectively known as the Directory Information Base (DIB). A collectively known as the Directory Information Base (DIB). A
skipping to change at page 4, line 16 skipping to change at page 4, line 18
summaries changes to these sections. The remainder of RFC 2252 is summaries changes to these sections. The remainder of RFC 2252 is
obsoleted by [Syntaxes]. obsoleted by [Syntaxes].
This document obsoletes RFC 2256 sections 5.1, 5.2, 7.1 and 7.2. This document obsoletes RFC 2256 sections 5.1, 5.2, 7.1 and 7.2.
Appendix A.3 summarizes changes to these sections. The remainder of Appendix A.3 summarizes changes to these sections. The remainder of
RFC 2256 is obsoleted by [Schema] and [Syntaxes]. RFC 2256 is obsoleted by [Schema] and [Syntaxes].
1.2. Relationship to X.501 1.2. Relationship to X.501
This document includes material, with and without adaptation, from the This document includes material, with and without adaptation, from the
[X.501]. Due to the adaptation, the material included in this [X.501]. The material in this document takes precedence over that in
document takes precedence. [X.501].
1.3. Conventions 1.3. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14 [RFC2119]. document are to be interpreted as described in BCP 14 [RFC2119].
Schema definitions are provided using LDAP description formats (as Schema definitions are provided using LDAP description formats (as
defined in Section 4.1). Definitions provided here are formatted defined in Section 4.1). Definitions provided here are formatted
(line wrapped) for readability. Matching rules and LDAP syntaxes (line wrapped) for readability. Matching rules and LDAP syntaxes
skipping to change at page 5, line 42 skipping to change at page 5, line 45
UTF1 = %x00-7F UTF1 = %x00-7F
UTF2 = %xC2-DF UTF0 UTF2 = %xC2-DF UTF0
UTF3 = %xE0 %xA0-BF UTF0 / %xE1-EC 2(UTF0) / UTF3 = %xE0 %xA0-BF UTF0 / %xE1-EC 2(UTF0) /
%xED %x80-9F UTF0 / %xEE-EF 2(UTF0) %xED %x80-9F UTF0 / %xEE-EF 2(UTF0)
UTF4 = %xF0 %x90-BF 2(UTF0) / %xF1-F3 3(UTF0) / UTF4 = %xF0 %x90-BF 2(UTF0) / %xF1-F3 3(UTF0) /
%xF4 %x80-8F 2(UTF0) %xF4 %x80-8F 2(UTF0)
; Any octet ; Any octet
OCTET = %x00-FF OCTET = %x00-FF
Object identifiers are represented in LDAP using a dot-decimal format Object identifiers (OIDs) [X.680] are represented in LDAP using a dot-
conforming to the ABNF: decimal format conforming to the ABNF:
numericoid = number *( DOT number ) numericoid = number *( DOT number )
Short names, also known as descriptors, are used as more readable Short names, also known as descriptors, are used as more readable
aliases for object identifiers. Short names are case insensitive and aliases for object identifiers. Short names are case insensitive and
conform to the ABNF: conform to the ABNF:
descr = keystring descr = keystring
Where either an object identifier or a short name may be specified, Where either an object identifier or a short name may be specified,
the following production is used: the following production is used:
oid = descr / numericoid oid = descr / numericoid
While the <descr> form is generally preferred when the usage is While the <descr> form is generally preferred when the usage is
restricted to short names referring to object identifiers which restricted to short names referring to object identifiers which
identify like kinds of objects (e.g., attribute type descriptions, identify like kinds of objects (e.g., attribute type descriptions,
matching rule descriptions, object class descriptions), the matching rule descriptions, object class descriptions), the
<numericoid> form should be used when the object identifiers may <numericoid> form should be used when the object identifiers may
skipping to change at page 24, line 28 skipping to change at page 24, line 28
4.1.2. Attribute Types 4.1.2. Attribute Types
Attribute Type definitions are written according to the ABNF: Attribute Type definitions are written according to the ABNF:
AttributeTypeDescription = LPAREN WSP AttributeTypeDescription = LPAREN WSP
numericoid ; object identifier numericoid ; object identifier
[ SP "NAME" SP qdescrs ] ; short names (descriptors) [ SP "NAME" SP qdescrs ] ; short names (descriptors)
[ SP "DESC" SP qdstring ] ; description [ SP "DESC" SP qdstring ] ; description
[ SP "OBSOLETE" ] ; not active [ SP "OBSOLETE" ] ; not active
[ SP "SUP" SP oid ] ; subtype [ SP "SUP" SP oid ] ; supertype
[ SP "EQUALITY" SP oid ] ; equality matching rule [ SP "EQUALITY" SP oid ] ; equality matching rule
[ SP "ORDERING" SP oid ] ; ordering matching rule [ SP "ORDERING" SP oid ] ; ordering matching rule
[ SP "SUBSTR" SP oid ] ; substrings matching rule [ SP "SUBSTR" SP oid ] ; substrings matching rule
[ SP "SYNTAX" SP noidlen ] ; value syntax [ SP "SYNTAX" SP noidlen ] ; value syntax
[ SP "SINGLE-VALUE" ] ; single-value [ SP "SINGLE-VALUE" ] ; single-value
[ SP "COLLECTIVE" ] ; collective [ SP "COLLECTIVE" ] ; collective
[ SP "NO-USER-MODIFICATION" ] ; not user modifiable [ SP "NO-USER-MODIFICATION" ] ; not user modifiable
[ SP "USAGE" SP usage ] ; usage [ SP "USAGE" SP usage ] ; usage
extensions WSP RPAREN ; extensions extensions WSP RPAREN ; extensions
skipping to change at page 36, line 37 skipping to change at page 36, line 37
- altServer: alternative servers; - altServer: alternative servers;
- namingContexts: naming contexts; - namingContexts: naming contexts;
- supportedControl: recognized LDAP controls; - supportedControl: recognized LDAP controls;
- supportedExtension: recognized LDAP extended operations; - supportedExtension: recognized LDAP extended operations;
- supportedLDAPVersion: LDAP versions supported; and - supportedLDAPVersion: LDAP versions supported; and
- supportedSASLMechanisms: recognized SASL mechanisms. - supportedSASLMechanisms: recognized Simple Authentication and
Security Layers (SASL) [SASL] mechanisms.
The values of these attributes provided may depend on session specific The values of these attributes provided may depend on session specific
and other factors. For example, a server supporting the SASL EXTERNAL and other factors. For example, a server supporting the SASL EXTERNAL
mechanism might only list "EXTERNAL" when the client's identity has mechanism might only list "EXTERNAL" when the client's identity has
been established by a lower level. See [AuthMeth]. been established by a lower level. See [AuthMeth].
The root DSE may also include a 'subschemaSubentry' attribute. If so, The root DSE may also include a 'subschemaSubentry' attribute. If so,
it refers to the subschema (sub)entry holding schema controlling it refers to the subschema (sub)entry holding schema controlling
attributes of the root DSE. Client SHOULD NOT assume that the attributes of the root DSE. Client SHOULD NOT assume that the
subschema (sub)entry controlling the root DSE controls any entry held subschema (sub)entry controlling the root DSE controls any entry held
skipping to change at page 43, line 40 skipping to change at page 43, line 40
Distinguished Names", draft-ietf-ldapbis-dn-xx.txt, a Distinguished Names", draft-ietf-ldapbis-dn-xx.txt, a
work in progress. work in progress.
[Filters] Smith, M. (editor), LDAPbis WG, "LDAP: String [Filters] Smith, M. (editor), LDAPbis WG, "LDAP: String
Representation of Search Filters", Representation of Search Filters",
draft-ietf-ldapbis-filter-xx.txt, a work in progress. draft-ietf-ldapbis-filter-xx.txt, a work in progress.
[LDAPURL] Smith, M. (editor), "LDAP: Uniform Resource Locator", [LDAPURL] Smith, M. (editor), "LDAP: Uniform Resource Locator",
draft-ietf-ldapbis-url-xx.txt, a work in progress. draft-ietf-ldapbis-url-xx.txt, a work in progress.
[SASL] Melnikov, A. (Editor), "Simple Authentication and
Security Layer (SASL)",
draft-ietf-sasl-rfc2222bis-xx.txt, a work in progress.
[Syntaxes] Legg, S. (editor), "LDAP: Syntaxes and Matching Rules", [Syntaxes] Legg, S. (editor), "LDAP: Syntaxes and Matching Rules",
draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress. draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress.
[Schema] Dally, K. (editor), "LDAP: User Schema", [Schema] Dally, K. (editor), "LDAP: User Schema",
draft-ietf-ldapbis-user-schema-xx.txt, a work in draft-ietf-ldapbis-user-schema-xx.txt, a work in
progress. progress.
[UTF-8] Yergeau, F., "UTF-8, a transformation [UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO
format of ISO 10646", draft-yergeau-rfc2279bis, a work 10646", draft-yergeau-rfc2279bis-xx.txt, a work in
in progress. progress.
[ISO10646] International Organization for Standardization, [ISO10646] International Organization for Standardization,
"Universal Multiple-Octet Coded Character Set (UCS) - "Universal Multiple-Octet Coded Character Set (UCS) -
Architecture and Basic Multilingual Plane", ISO/IEC Architecture and Basic Multilingual Plane", ISO/IEC
10646-1 : 1993. 10646-1 : 1993.
[ASCII] Coded Character Set--7-bit American Standard Code for
Information Interchange, ANSI X3.4-1986.
[X.500] International Telecommunication Union - [X.500] International Telecommunication Union -
Telecommunication Standardization Sector, "The Directory Telecommunication Standardization Sector, "The Directory
-- Overview of concepts, models and services," -- Overview of concepts, models and services,"
X.500(1993) (also ISO/IEC 9594-1:1994). X.500(1993) (also ISO/IEC 9594-1:1994).
[X.501] International Telecommunication Union - [X.501] International Telecommunication Union -
Telecommunication Standardization Sector, "The Directory Telecommunication Standardization Sector, "The Directory
-- Models," X.501(1993) (also ISO/IEC 9594-2:1994). -- Models," X.501(1993) (also ISO/IEC 9594-2:1994).
[X.680] International Telecommunication Union - [X.680] International Telecommunication Union -
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/