draft-ietf-ldapbis-user-schema-02.txt   draft-ietf-ldapbis-user-schema-03.txt 
INTERNET-DRAFT K. Dally, Editor INTERNET-DRAFT K. Dally, Editor
Intended Category: Standard Track The MITRE Corp. Intended Category: Standard Track The MITRE Corp.
Expires 27 August 2002 27 February 2002 Expires 4 May 2003 4 November 2002
Obsoletes: RFC 2256 Obsoletes: RFC 2256, RFC 2252
A Summary of the X.500(2nd edition) User Schema for use with LDAPv3 LDAP: User Schema
<draft-ietf-ldapbis-user-schema-02> <draft-ietf-ldapbis-user-schema-03>
[Editor's note: [Editor's note:
This Internet-Draft (I-D) is a modified version of the text of This Internet-Draft (I-D) is a modified version of the text of
RFC 2256, in order to bring it up to date. This action is part of RFC 2256, in order to bring it up to date. This action is part of
the maintenance activity that is needed in order to progress the maintenance activity that is needed in order to progress
LDAP (v3) to Draft Standard. The changes are described in Annex A LDAP (v3) to Draft Standard. The changes are described in Annex A
of this document. of this document.
End of Editor's note] End of Editor's note]
Status of this Memo Status of this Memo
skipping to change at page 1, line 44 skipping to change at page 1, line 44
maximum of six months and may be updated, replaced, or obsoleted by maximum of six months and may be updated, replaced, or obsoleted by
other documents at any time. It is inappropriate to use other documents at any time. It is inappropriate to use
Internet-Drafts as reference material or to cite them other than as Internet-Drafts as reference material or to cite them other than as
"work in progress." "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. The list of http://www.ietf.org/ietf/1id-abstracts.txt. The list of
Internet-Draft Shadow Directories can be accessed at Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
Copyright 2000, The Internet Society. All Rights Reserved. Copyright 2002, The Internet Society. All Rights Reserved.
Please see the Copyright section near the end of this document for Please see the Copyright section near the end of this document for
more information. more information.
Abstract Abstract
This document provides an overview of the attribute types and object This document provides an overview of attribute types and object
classes defined by the ISO/IEC JTC1 and ITU-T committees in the classes defined by the ISO/IEC JTC1 and ITU-T committees in the
IS0/IEC 9594 and X.500 documents, in particular those intended for IS0/IEC 9594 and X.500 documents, in particular those intended for
use by directory clients. This is the most widely used schema for use by directory clients. This is the most widely used schema for
LDAP/X.500 directories, and many other schema definitions for white LDAP/X.500 directories. It is used as a basis for many other white
pages objects use it as a basis. This document does not cover pages objects schema definitions. This document does not cover
attributes used for the administration of X.500 directory servers, attributes used for the administration of X.500 directory servers,
nor does it include attributes defined by other ISO/ITU-T documents. nor does it include attributes defined by other ISO/ITU-T documents.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [KEYWD]. document are to be interpreted as described in RFC 2119 [RFC2119].
Table of Contents Table of Contents
Status of this Memo 1 Status of this Memo 1
Abstract 2 Abstract 2
1. General Issues 5 1. General Issues 5
2. Source 5 2. Source 5
3. Attribute Types 6 3. Attribute Types 5
3.1 aliasedObjectName 6 3.1 businessCategory 5
3.2 businessCategory 6 3.2 c 6
3.3 c 6 3.3 cn 6
3.4 cn 7 3.4 description 6
3.5 description 7 3.5 destinationIndicator 6
3.6 destinationIndicator 7 3.6 distinguishedName 6
3.7 distinguishedName 7 3.7 dnQualifier 7
3.8 dnQualifier 8 3.8 enhancedSearchGuide 7
3.9 enhancedSearchGuide 8 3.9 facsimileTelephoneNumber 7
3.10 facsimileTelephoneNumber 8 3.10 generationQualifier 7
3.11 generationQualifier 8 3.11 givenName 8
3.12 givenName 8 3.12 houseIdentifier 8
3.13 houseIdentifier 9 3.13 initials 8
3.14 initials 9 3.14 internationalISDNNumber 8
3.15 internationalISDNNumber 9 3.15 knowledgeInformation 8
3.16 knowledgeInformation 9 3.16 l 9
3.17 l 9 3.17 member 9
3.18 member 10 3.18 name 9
3.19 name 10 3.19 o 9
3.20 o 10 3.20 ou 9
3.21 objectClass 10 3.21 owner 10
3.22 ou 10 3.22 physicalDeliveryOfficeName 10
3.23 owner 11 3.23 postalAddress 10
3.24 physicalDeliveryOfficeName 11 3.24 postalCode 10
3.25 postalAddress 11 3.25 postOfficeBox 10
3.26 postalCode 11 3.26 preferredDeliveryMethod 11
3.27 postOfficeBox 11 3.27 presentationAddress 11
3.28 preferredDeliveryMethod 12 3.28 protocolInformation 11
3.29 presentationAddress 12 3.29 registeredAddress 11
3.30 protocolInformation 12 3.30 roleOccupant 12
3.31 registeredAddress 12 3.31 searchGuide 12
3.32 roleOccupant 13 3.32 seeAlso 12
3.33 searchGuide 13 3.33 serialNumber 12
3.34 seeAlso 13 3.34 sn 12
3.35 serialNumber 13 3.35 st 12
3.36 sn 13 3.36 street 13
3.37 st 13 3.37 supportedApplicationContext 13
3.38 street 14 3.38 telephoneNumber 13
3.39 supportedApplicationContext 14 3.39 teletexTerminalIdentifier 13
3.40 telephoneNumber 14 3.40 telexNumber 13
3.41 teletexTerminalIdentifier 14 3.41 title 14
3.42 uniqueMember 14
3.43 userPassword 14
3.42 telexNumber 15 3.44 x121Address 14
3.43 title 15 3.45 x500UniqueIdentifier 15
3.44 uniqueMember 15
3.45 userPassword 15
3.46 x121Address 16
3.47 x500UniqueIdentifier 16
4. Object Classes 17 4. Object Classes 15
4.1 alias 17 4.1 applicationEntity 15
4.2 applicationEntity 17 4.2 applicationProcess 15
4.3 applicationProcess 17 4.3 country 16
4.4 country 18 4.4 device 16
4.5 device 18 4.5 dSA 16
4.6 dSA 18 4.6 groupOfNames 16
4.7 groupOfNames 18 4.7 groupOfUniqueNames 17
4.8 groupOfUniqueNames 19 4.8 locality 17
4.9 locality 19 4.9 organization 17
4.10 organization 19 4.10 organizationalPerson 18
4.11 organizationalPerson 20 4.11 organizationalRole 18
4.12 organizationalRole 20 4.12 organizationalUnit 18
4.13 organizationalUnit 20 4.13 person 19
4.14 person 21 4.14 residentialPerson 19
4.15 residentialPerson 21
4.16 top 21
5. Security Considerations 22 5. Security Considerations 19
6. Acknowledgements 22 6. Acknowledgements 20
7. References 23 7. References 21
7.1 Normative 23 7.1 Normative 21
7.2 Informative 23 7.2 Informative 21
8. Author's Address 24 8. Author's Address 21
Annex A Change Log 25 Annex A Change Log 22
1. General Issues 1. General Issues
This document references Syntaxes given in Section 3 of [SYNTAX] and This document references Syntaxes given in Section 3 of [Syntaxes]
Matching Rules specified in Section 4 of [SYNTAX]. and Matching Rules specified in Section 4 of [Syntaxes].
The Attribute Type and Object Class definitions are written using the The definitions of Attribute Types and Object Classes are written
ABNF form of AttributeTypeDescription and ObjectClassDescription using the ABNF form of AttributeTypeDescription and
given in [SYNTAX]. Lines have been folded for readability. ObjectClassDescription given in [Models]. Lines have been folded
for readability.
2. Source 2. Source
The schema definitions in this document are based on those found in The schema definitions in this document are based on those found in
X.500 [X501], [X509], [X520], and [X521], specifically: the X.500-series [X.509], [X.520], and [X.521], specifically:
Sections Source Sections Source
============ ============ ============ =============
3.1 X.501 [X501] 3.1 - 3.42 X.520 [X.520]
3.2 - 3.20 X.520 [X520] 3.43 X.509 [X.509]
3.21 X.501 [X501] 3.44 - 3.45 X.520 [X.520]
3.22 - 3.44 X.520 [X520] 4.1 - 4.14 X.521 [X.521]
3.45 X.509 [X509]
3.46 - 3.47 X.520 [X520]
4.1 X.501 [X501]
4.2 - 4.15 X.521 [X521]
4.16 X.501 [X501]
3. Attribute Types 3. Attribute Types
The Attribute Types contained in this section hold user information. The Attribute Types contained in this section hold user information.
An LDAP server implementation MUST recognize the objectClass
Attribute Type.
There is no requirement that servers implement the following There is no requirement that servers implement the following
Attribute Types: Attribute Types:
knowledgeInformation knowledgeInformation
searchGuide searchGuide
teletexTerminalIdentifier teletexTerminalIdentifier
In fact, their use is greatly discouraged. In fact, their use is greatly discouraged.
An LDAP server implementation SHOULD recognize the rest of the An LDAP server implementation SHOULD recognize the rest of the
Attribute Types described in this section. Attribute Types described in this section.
3.1 aliasedObjectName 3.1 businessCategory
The aliasedObjectName Attribute Type is used by the directory
service if the entry containing this attribute is an alias. In
X.501 [X501], this Attribute Type is called aliasedEntryName.
( 2.5.4.1 NAME 'aliasedObjectName'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE )
The SYNTAX oid indicates the DN syntax.
3.2 businessCategory
This Attribute Type describes the kind of business performed by This Attribute Type describes the kind of business performed by
an organization. an organization.
( 2.5.4.15 NAME 'businessCategory' ( 2.5.4.15 NAME 'businessCategory'
EQUALITY caseIgnoreMatch EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
The SYNTAX oid indicates the Directory String syntax. The SYNTAX oid indicates the Directory String syntax.
3.3 c 3.2 c
This is the X.520 [X520] countryName Attribute Type, which contains This is the X.520 [X.520] countryName Attribute Type, which contains
a two-letter ISO 3166 [Codes]country code. a two-letter ISO 3166 [ISO3166]country code.
( 2.5.4.6 NAME 'c' ( 2.5.4.6 NAME 'c'
SUP name SUP name
SINGLE-VALUE ) SINGLE-VALUE )
3.4 cn 3.3 cn
This is the X.520 [X520] commonName Attribute Type, which contains This is the X.520 [X.520] commonName Attribute Type, which contains
a name of an object. If the object corresponds to a person, it is a name of an object. If the object corresponds to a person, it is
typically the person's full name. typically the person's full name.
( 2.5.4.3 NAME 'cn' ( 2.5.4.3 NAME 'cn'
SUP name ) SUP name )
3.5 description 3.4 description
This Attribute Type contains a human-readable description of This Attribute Type contains a human-readable description of
the object. the object.
( 2.5.4.13 NAME 'description' ( 2.5.4.13 NAME 'description'
EQUALITY caseIgnoreMatch EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
The SYNTAX oid indicates the Directory String syntax. The SYNTAX oid indicates the Directory String syntax.
3.6 destinationIndicator 3.5 destinationIndicator
This attribute is used for the telegram service. This attribute is used for the telegram service.
( 2.5.4.27 NAME 'destinationIndicator' ( 2.5.4.27 NAME 'destinationIndicator'
EQUALITY caseIgnoreMatch EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
The SYNTAX oid indicates the Printable String syntax. The SYNTAX oid indicates the Printable String syntax.
3.7 distinguishedName 3.6 distinguishedName
This Attribute Type is not used as the name of the object itself, This Attribute Type is not used as the name of the object itself,
but it is instead a base type from which attributes with DN syntax but it is instead a base type from which attributes with DN syntax
inherit. inherit.
It is unlikely that values of this type itself will occur in an It is unlikely that values of this type itself will occur in an
entry. LDAP server implementations which do not support attribute entry. LDAP server implementations which do not support attribute
subtyping need not recognize this attribute in requests. Client subtyping need not recognize this attribute in requests. Client
implementations MUST NOT assume that LDAP servers are capable of implementations MUST NOT assume that LDAP servers are capable of
performing attribute subtyping. performing attribute subtyping.
( 2.5.4.49 NAME 'distinguishedName' ( 2.5.4.49 NAME 'distinguishedName'
EQUALITY distinguishedNameMatch EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
The SYNTAX oid indicates the DN syntax. The SYNTAX oid indicates the DN syntax.
3.8 dnQualifier 3.7 dnQualifier
The dnQualifier Attribute Type specifies disambiguating information The dnQualifier Attribute Type specifies disambiguating information
to add to the relative distinguished name of an entry. It is to add to the relative distinguished name of an entry. It is
intended for use when merging data from multiple sources in order to intended for use when merging data from multiple sources in order to
prevent conflicts between entries which would otherwise have the same prevent conflicts between entries which would otherwise have the same
name. It is recommended that the value of the dnQualifier attribute name. It is recommended that the value of the dnQualifier attribute
be the same for all entries from a particular source. be the same for all entries from a particular source.
( 2.5.4.46 NAME 'dnQualifier' ( 2.5.4.46 NAME 'dnQualifier'
EQUALITY caseIgnoreMatch EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
The SYNTAX oid indicates the Printable String syntax. The SYNTAX oid indicates the Printable String syntax.
3.9 enhancedSearchGuide 3.8 enhancedSearchGuide
This attribute is for use by X.500 clients in constructing search This attribute is for use by X.500 clients in constructing search
filters. filters.
( 2.5.4.47 NAME 'enhancedSearchGuide' ( 2.5.4.47 NAME 'enhancedSearchGuide'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
The SYNTAX oid indicates the Enhanced Guide syntax. The SYNTAX oid indicates the Enhanced Guide syntax.
3.10 facsimileTelephoneNumber 3.9 facsimileTelephoneNumber
A value of this Attribute Type is a telephone number for a facsimile A value of this Attribute Type is a telephone number for a facsimile
terminal (and, optionally, its parameters). terminal (and, optionally, its parameters).
( 2.5.4.23 NAME 'facsimileTelephoneNumber' ( 2.5.4.23 NAME 'facsimileTelephoneNumber'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
The SYNTAX oid indicates the Facsimile Telephone Number syntax. The SYNTAX oid indicates the Facsimile Telephone Number syntax.
3.11 generationQualifier 3.10 generationQualifier
The generationQualifier Attribute Type contains the part of a The generationQualifier Attribute Type contains the part of a
person's name which typically is the suffix, as in "IIIrd". person's name which typically is the suffix, as in "IIIrd".
( 2.5.4.44 NAME 'generationQualifier' ( 2.5.4.44 NAME 'generationQualifier'
SUP name ) SUP name )
3.12 givenName 3.11 givenName
The givenName Attribute Type is used to hold the part of a person's The givenName Attribute Type is used to hold the part of a person's
name which is not their surname nor middle name. name which is not their surname nor middle name.
( 2.5.4.42 NAME 'givenName' ( 2.5.4.42 NAME 'givenName'
SUP name ) SUP name )
3.13 houseIdentifier 3.12 houseIdentifier
This Attribute Type is used to identify a building within a location. This Attribute Type is used to identify a building within a location.
( 2.5.4.51 NAME 'houseIdentifier' ( 2.5.4.51 NAME 'houseIdentifier'
EQUALITY caseIgnoreMatch EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
The SYNTAX oid indicates the Directory String syntax. The SYNTAX oid indicates the Directory String syntax.
3.14 initials 3.13 initials
The initials Attribute Type contains the initials of some or all of The initials Attribute Type contains the initials of some or all of
an individuals names, except the surname(s). an individuals names, except the surname(s).
( 2.5.4.43 NAME 'initials' ( 2.5.4.43 NAME 'initials'
SUP name ) SUP name )
3.15 internationalISDNNumber 3.14 internationalISDNNumber
A value of this Attribute Type is an ISDN address, as defined in A value of this Attribute Type is an ISDN address, as defined in
ITU Recommendation E.164 [ISDN]. ITU Recommendation E.164 [E.164].
( 2.5.4.25 NAME 'internationalISDNNumber' ( 2.5.4.25 NAME 'internationalISDNNumber'
EQUALITY numericStringMatch EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) i SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) i
The SYNTAX oid indicates the Numeric String syntax. The SYNTAX oid indicates the Numeric String syntax.
3.16 knowledgeInformation 3.15 knowledgeInformation
This attribute is superseded by the system schema attributes which This attribute is superseded by the system schema attributes which
hold the pointers to other LDAP servers. hold the pointers to other LDAP servers.
( 2.5.4.2 NAME 'knowledgeInformation' ( 2.5.4.2 NAME 'knowledgeInformation'
EQUALITY caseIgnoreMatch EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
The SYNTAX oid indicates the Directory String syntax. The SYNTAX oid indicates the Directory String syntax.
3.17 l 3.16 l
This is the X.520 [X520] localityName Attribute Type, which contains This is the X.520 [X.520] localityName Attribute Type, which
the name of a locality or place, such as a city, county or other contains the name of a locality or place, such as a city, county or
geographic region. other geographic region.
( 2.5.4.7 NAME 'l' ( 2.5.4.7 NAME 'l'
SUP name ) SUP name )
3.18 member 3.17 member
A value of this Attribute Type is the Distinguished Name of an A value of this Attribute Type is the Distinguished Name of an
object that is on a list or in a group. object that is on a list or in a group.
( 2.5.4.31 NAME 'member' ( 2.5.4.31 NAME 'member'
SUP distinguishedName ) SUP distinguishedName )
3.19 name 3.18 name
The name Attribute Type is the attribute supertype from which string The name Attribute Type is the attribute supertype from which string
Attribute Types typically used for naming may be formed. It is Attribute Types typically used for naming may be formed. It is
unlikely that values of this type itself will occur in an entry. unlikely that values of this type itself will occur in an entry.
LDAP server implementations which do not support attribute subtyping LDAP server implementations which do not support attribute subtyping
need not recognize this attribute in requests. Client need not recognize this attribute in requests. Client
implementations MUST NOT assume that LDAP servers are capable of implementations MUST NOT assume that LDAP servers are capable of
performing attribute subtyping. performing attribute subtyping.
( 2.5.4.41 NAME 'name' ( 2.5.4.41 NAME 'name'
EQUALITY caseIgnoreMatch EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
The SYNTAX oid indicates the Directory String syntax. The SYNTAX oid indicates the Directory String syntax.
3.20 o 3.19 o
This is the X.520 [X520] organizationName Attribute Type, which This is the X.520 [X.520] organizationName Attribute Type, which
contains the name of an organization. contains the name of an organization.
( 2.5.4.10 NAME 'o' ( 2.5.4.10 NAME 'o'
SUP name ) SUP name )
3.21 objectClass 3.20 ou
The values of the objectClass Attribute Type describe the kind of
object which an entry represents. The objectClass attribute is
present in every entry.
( 2.5.4.0 NAME 'objectClass'
EQUALITY objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
The SYNTAX oid indicates the OID syntax.
3.22 ou
This is the X.520 [X520] organizationalUnitName Attribute Type, This is the X.520 [X.520] organizationalUnitName Attribute Type,
which contains the name of an organizational unit. which contains the name of an organizational unit.
( 2.5.4.11 NAME 'ou' ( 2.5.4.11 NAME 'ou'
SUP name ) SUP name )
3.23 owner 3.21 owner
A value of this Attribute Type is the Distinguished Name of an A value of this Attribute Type is the Distinguished Name of an
object that has an ownership responsibility for the object that object that has an ownership responsibility for the object that
is owned. is owned.
( 2.5.4.32 NAME 'owner' ( 2.5.4.32 NAME 'owner'
SUP distinguishedName ) SUP distinguishedName )
3.24 physicalDeliveryOfficeName 3.22 physicalDeliveryOfficeName
This attribute contains the name that a Postal Service uses to This attribute contains the name that a Postal Service uses to
identify a post office. identify a post office.
( 2.5.4.19 NAME 'physicalDeliveryOfficeName' ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
EQUALITY caseIgnoreMatch EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
The SYNTAX oid indicates the Directory String syntax. The SYNTAX oid indicates the Directory String syntax.
3.25 postalAddress 3.23 postalAddress
This attribute contains an address used by a Postal Service to This attribute contains an address used by a Postal Service to
perform services for the object. perform services for the object.
( 2.5.4.16 NAME 'postalAddress' ( 2.5.4.16 NAME 'postalAddress'
EQUALITY caseIgnoreListMatch EQUALITY caseIgnoreListMatch
SUBSTR caseIgnoreListSubstringsMatch SUBSTR caseIgnoreListSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
The SYNTAX oid indicates the Postal Address syntax. The SYNTAX oid indicates the Postal Address syntax.
3.26 postalCode 3.24 postalCode
This attribute contains a code used by a Postal Service to identify This attribute contains a code used by a Postal Service to identify
a postal service zone, such as the southern quadrant of a city. a postal service zone, such as the southern quadrant of a city.
( 2.5.4.17 NAME 'postalCode' ( 2.5.4.17 NAME 'postalCode'
EQUALITY caseIgnoreMatch EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
The SYNTAX oid indicates the Directory String syntax. The SYNTAX oid indicates the Directory String syntax.
3.27 postOfficeBox 3.25 postOfficeBox
This attribute contains the number that a Postal Service uses when a This attribute contains the number that a Postal Service uses when a
customer arranges to receive mail at a box on premises of the Postal customer arranges to receive mail at a box on premises of the Postal
Service. Service.
( 2.5.4.18 NAME 'postOfficeBox' ( 2.5.4.18 NAME 'postOfficeBox'
EQUALITY caseIgnoreMatch EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
The SYNTAX oid indicates the Directory String syntax. The SYNTAX oid indicates the Directory String syntax.
3.28 preferredDeliveryMethod 3.26 preferredDeliveryMethod
This attribute contains an indication of the preferred method of This attribute contains an indication of the preferred method of
getting a message to the object. getting a message to the object.
( 2.5.4.28 NAME 'preferredDeliveryMethod' ( 2.5.4.28 NAME 'preferredDeliveryMethod'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
SINGLE-VALUE ) SINGLE-VALUE )
The SYNTAX oid indicates the Delivery Method syntax. The SYNTAX oid indicates the Delivery Method syntax.
3.29 presentationAddress 3.27 presentationAddress
This attribute contains an OSI presentation layer address. This attribute contains an OSI presentation layer address.
( 2.5.4.29 NAME 'presentationAddress' ( 2.5.4.29 NAME 'presentationAddress'
EQUALITY presentationAddressMatch EQUALITY presentationAddressMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
SINGLE-VALUE ) SINGLE-VALUE )
The SYNTAX oid indicates the Presentation Address syntax. The SYNTAX oid indicates the Presentation Address syntax.
3.30 protocolInformation 3.28 protocolInformation
This Attribute Type is used in conjunction with the This Attribute Type is used in conjunction with the
presentationAddress Attribute Type, to provide additional presentationAddress Attribute Type, to provide additional
information to the OSI network service. information to the OSI network service.
( 2.5.4.48 NAME 'protocolInformation' ( 2.5.4.48 NAME 'protocolInformation'
EQUALITY protocolInformationMatch EQUALITY protocolInformationMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
The SYNTAX oid indicates the Protocol Information syntax. The SYNTAX oid indicates the Protocol Information syntax.
3.31 registeredAddress 3.29 registeredAddress
This attribute holds a postal address suitable for reception of This attribute holds a postal address suitable for reception of
telegrams or expedited documents, where it is necessary to have the telegrams or expedited documents, where it is necessary to have the
recipient accept delivery. recipient accept delivery.
( 2.5.4.26 NAME 'registeredAddress' ( 2.5.4.26 NAME 'registeredAddress'
SUP postalAddress SUP postalAddress
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
The SYNTAX oid indicates the Postal Address syntax. The SYNTAX oid indicates the Postal Address syntax.
3.32 roleOccupant 3.30 roleOccupant
A value of this Attribute Type is the Distinguished Name of an A value of this Attribute Type is the Distinguished Name of an
object (normally a person) that fulfills the responsibilities of a object (normally a person) that fulfills the responsibilities of a
role object. role object.
( 2.5.4.33 NAME 'roleOccupant' ( 2.5.4.33 NAME 'roleOccupant'
SUP distinguishedName ) SUP distinguishedName )
3.33 searchGuide 3.31 searchGuide
This Attribute Type is for use by clients in constructing search This Attribute Type is for use by clients in constructing search
filters. It is superseded by enhancedSearchGuide, described above filters. It is superseded by enhancedSearchGuide, described above
in section 3.9. in section 3.9.
( 2.5.4.14 NAME 'searchGuide' ( 2.5.4.14 NAME 'searchGuide'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) ; Guide SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) ; Guide
The SYNTAX oid indicates the Guide syntax. The SYNTAX oid indicates the Guide syntax.
3.34 seeAlso 3.32 seeAlso
A value of this Attribute Type is the Distinguished Name of an A value of this Attribute Type is the Distinguished Name of an
object that is related to the subject object. object that is related to the subject object.
( 2.5.4.34 NAME 'seeAlso' ( 2.5.4.34 NAME 'seeAlso'
SUP distinguishedName ) SUP distinguishedName )
3.35 serialNumber 3.33 serialNumber
This attribute contains the serial number of a device. This attribute contains the serial number of a device.
( 2.5.4.5 NAME 'serialNumber' ( 2.5.4.5 NAME 'serialNumber'
EQUALITY caseIgnoreMatch EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
The SYNTAX oid indicates the Printable String syntax. The SYNTAX oid indicates the Printable String syntax.
3.36 sn 3.34 sn
This is the X.520 [X520] surname Attribute Type, which contains the This is the X.520 [X.520] surname Attribute Type, which contains the
family name of a person. family name of a person.
( 2.5.4.4 NAME 'sn' ( 2.5.4.4 NAME 'sn'
SUP name ) SUP name )
3.37 st 3.35 st
This is the X.520 [X520] stateOrProvinceName attribute, which This is the X.520 [X.520] stateOrProvinceName attribute, which
contains the full name of a state or province. contains the full name of a state or province.
( 2.5.4.8 NAME 'st' ( 2.5.4.8 NAME 'st'
SUP name ) SUP name )
3.44 street 3.36 street
This is the X.520 [X520] streetAddress attribute, which contains the This is the X.520 [X.520] streetAddress attribute, which contains the
physical address of the object to which the entry corresponds, such physical address of the object to which the entry corresponds, such
as an address for package delivery. as an address for package delivery.
( 2.5.4.9 NAME 'street' ( 2.5.4.9 NAME 'street'
EQUALITY caseIgnoreMatch EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
The SYNTAX oid indicates the Directory String syntax. The SYNTAX oid indicates the Directory String syntax.
3.39 supportedApplicationContext 3.37 supportedApplicationContext
This attribute contains the identifiers of OSI application This attribute contains the identifiers of OSI application
contexts. contexts.
( 2.5.4.30 NAME 'supportedApplicationContext' ( 2.5.4.30 NAME 'supportedApplicationContext'
EQUALITY objectIdentifierMatch EQUALITY objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
The SYNTAX oid indicates the OID syntax. The SYNTAX oid indicates the OID syntax.
3.40 telephoneNumber 3.38 telephoneNumber
A value of this Attribute Type is a telephone number complying with A value of this Attribute Type is a telephone number complying with
ITU Recommendation E.123 [E123]. ITU Recommendation E.123 [E.123].
( 2.5.4.20 NAME 'telephoneNumber' ( 2.5.4.20 NAME 'telephoneNumber'
EQUALITY telephoneNumberMatch EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) ; TelephoneNumber SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) ; TelephoneNumber
The SYNTAX oid indicates the Telephone Number syntax. The SYNTAX oid indicates the Telephone Number syntax.
3.41 teletexTerminalIdentifier 3.39 teletexTerminalIdentifier
The withdrawal of Rec. F.200 has resulted in the withdrawal of this The withdrawal of Rec. F.200 has resulted in the withdrawal of this
attribute. attribute.
( 2.5.4.22 NAME 'teletexTerminalIdentifier' ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
The SYNTAX oid indicates the Teletex Terminal Identifier syntax. The SYNTAX oid indicates the Teletex Terminal Identifier syntax.
3.42 telexNumber 3.40 telexNumber
A value of this Attribute Type is a telex number, country code, and A value of this Attribute Type is a telex number, country code, and
answerback code of a telex terminal. answerback code of a telex terminal.
( 2.5.4.21 NAME 'telexNumber' ( 2.5.4.21 NAME 'telexNumber'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
The SYNTAX oid indicates the Telex Number syntax. The SYNTAX oid indicates the Telex Number syntax.
3.43 title 3.41 title
This attribute contains the title, such as "Vice President", of a This attribute contains the title, such as "Vice President", of a
person in their organizational context. The "personalTitle" person in their organizational context. The "personalTitle"
attribute would be used for a person's title independent of their attribute would be used for a person's title independent of their
job function. job function.
( 2.5.4.12 NAME 'title' ( 2.5.4.12 NAME 'title'
SUP name ) SUP name )
3.44 uniqueMember 3.42 uniqueMember
A value of this Attribute Type is the Distinguished Name of an A value of this Attribute Type is the Distinguished Name of an
object that is on a list or in a group, where the Relative object that is on a list or in a group, where the Relative
Distinguished Name of the object includes a value that distinguishs Distinguished Name of the object includes a value that distinguishs
between objects when a distinguished name has been reused. between objects when a distinguished name has been reused.
( 2.5.4.50 NAME 'uniqueMember' ( 2.5.4.50 NAME 'uniqueMember'
EQUALITY uniqueMemberMatch EQUALITY uniqueMemberMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
The SYNTAX oid indicates the Name and Optional UID syntax. The SYNTAX oid indicates the Name and Optional UID syntax.
3.45 userPassword 3.43 userPassword
A value of this Attribute Type is a character string that is known A value of this Attribute Type is a character string that is known
only to the user and the system to which the user has access. only to the user and the system to which the user has access.
( 2.5.4.35 NAME 'userPassword' ( 2.5.4.35 NAME 'userPassword'
EQUALITY octetStringMatch EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
The SYNTAX oid indicates the Octet String syntax. The SYNTAX oid indicates the Octet String syntax.
Passwords are stored using an Octet String syntax and are not Passwords are stored using an Octet String syntax and are not
encrypted. Transfer of cleartext passwords is strongly discouraged encrypted. Transfer of cleartext passwords is strongly discouraged
where the underlying transport service cannot guarantee where the underlying transport service cannot guarantee
confidentiality and may result in disclosure of the password to confidentiality and may result in disclosure of the password to
unauthorized parties. unauthorized parties.
3.46 x121Address 3.44 x121Address
A value of this Attribute Type is a data network address as defined A value of this Attribute Type is a data network address as defined
by ITU Recommendation X.121 [X121]. by ITU Recommendation X.121 [X.121].
( 2.5.4.24 NAME 'x121Address' ( 2.5.4.24 NAME 'x121Address'
EQUALITY numericStringMatch EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
The SYNTAX oid indicates the Numeric String syntax. The SYNTAX oid indicates the Numeric String syntax.
3.55 x500UniqueIdentifier 3.45 x500UniqueIdentifier
The x500UniqueIdentifier Attribute Type is used to distinguish The x500UniqueIdentifier Attribute Type is used to distinguish
between objects when a distinguished name has been reused. In X.520 between objects when a distinguished name has been reused. In X.520
[X520], this Attribute Type is called uniqueIdentifier. This is a [X.520], this Attribute Type is called uniqueIdentifier. This is a
different Attribute Type from both the "uid" and "uniqueIdentifier" different Attribute Type from both the "uid" and "uniqueIdentifier"
Attribute Types. Attribute Types.
( 2.5.4.45 NAME 'x500UniqueIdentifier' ( 2.5.4.45 NAME 'x500UniqueIdentifier'
EQUALITY bitStringMatch EQUALITY bitStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
The SYNTAX oid indicates the Bit String syntax. The SYNTAX oid indicates the Bit String syntax.
4. Object Classes 4. Object Classes
LDAP servers MUST recognize the Object Class "top". LDAP servers LDAP servers
SHOULD recognize all the other Object Classes listed here as values SHOULD recognize all the Object Classes listed here as values
of the objectClass attribute. of the objectClass attribute.
4.1 alias 4.1 applicationEntity
The alias Object Class enables more than one Distinguished Name to
designate an entry by providing an alias entry. The alias entry
contains a pointer to the other entry. The pointer is automatically
followed when the alias entry is found in the process of locating
the target entry(s) of an operation.
( 2.5.6.1 NAME 'alias'
SUP top
STRUCTURAL
MUST aliasedObjectName )
4.2 applicationEntity
The applicationEntity Object Class definition is the basis of an The applicationEntity Object Class definition is the basis of an
entry which represents the interconnection aspects of an application entry which represents the interconnection aspects of an application
process in a distributed environment. process in a distributed environment.
( 2.5.6.12 NAME 'applicationEntity' ( 2.5.6.12 NAME 'applicationEntity'
SUP top SUP top
STRUCTURAL STRUCTURAL
MUST ( presentationAddress $ MUST ( presentationAddress $
cn ) cn )
MAY ( supportedApplicationContext $ MAY ( supportedApplicationContext $
seeAlso $ seeAlso $
ou $ ou $
o $ o $
l $ l $
description ) ) description ) )
4.3 applicationProcess 4.2 applicationProcess
The applicationProcess Object Class definition is the basis of an The applicationProcess Object Class definition is the basis of an
entry which represents an application executing in a computer system. entry which represents an application executing in a computer system.
( 2.5.6.11 NAME 'applicationProcess' ( 2.5.6.11 NAME 'applicationProcess'
SUP top SUP top
STRUCTURAL STRUCTURAL
MUST cn MUST cn
MAY ( seeAlso $ MAY ( seeAlso $
ou $ ou $
l $ l $
description ) ) description ) )
4.4 country 4.3 country
The country Object Class definition is the basis of an entry which The country Object Class definition is the basis of an entry which
represents a country. represents a country.
( 2.5.6.2 NAME 'country' ( 2.5.6.2 NAME 'country'
SUP top SUP top
STRUCTURAL STRUCTURAL
MUST c MUST c
MAY ( searchGuide $ MAY ( searchGuide $
description ) ) description ) )
4.5 device 4.4 device
The device Object Class is the basis of an entry which represents The device Object Class is the basis of an entry which represents
an appliance or computer or network element. an appliance or computer or network element.
( 2.5.6.14 NAME 'device' ( 2.5.6.14 NAME 'device'
SUP top SUP top
STRUCTURAL STRUCTURAL
MUST cn MUST cn
MAY ( serialNumber $ MAY ( serialNumber $
seeAlso $ seeAlso $
owner $ owner $
ou $ ou $
o $ o $
l $ l $
description ) ) description ) )
4.6 dSA 4.5 dSA
The dSA (Directory System Agent) Object Class is the basis of an The dSA (Directory System Agent) Object Class is the basis of an
entry which represents a server in a directory system. entry which represents a server in a directory system.
( 2.5.6.13 NAME 'dSA' ( 2.5.6.13 NAME 'dSA'
SUP applicationEntity SUP applicationEntity
STRUCTURAL STRUCTURAL
MAY knowledgeInformation ) MAY knowledgeInformation )
4.7 groupOfNames 4.6 groupOfNames
The groupOfNames Object Class is the basis of an entry which The groupOfNames Object Class is the basis of an entry which
represents a set of named objects including information related to represents a set of named objects including information related to
the purpose or maintenance of the set. the purpose or maintenance of the set.
( 2.5.6.9 NAME 'groupOfNames' ( 2.5.6.9 NAME 'groupOfNames'
SUP top SUP top
STRUCTURAL STRUCTURAL
MUST ( member $ MUST ( member $
cn ) cn )
MAY ( businessCategory $ MAY ( businessCategory $
seeAlso $ seeAlso $
owner $ owner $
ou $ ou $
o $ o $
description ) ) description ) )
4.8 groupOfUniqueNames 4.7 groupOfUniqueNames
The groupOfUniqueNames Object Class is the same as the groupOfNames The groupOfUniqueNames Object Class is the same as the groupOfNames
object class except that the object names are not repeated or object class except that the object names are not repeated or
reassigned within a set scope. reassigned within a set scope.
( 2.5.6.17 NAME 'groupOfUniqueNames' ( 2.5.6.17 NAME 'groupOfUniqueNames'
SUP top SUP top
STRUCTURAL STRUCTURAL
MUST ( uniqueMember $ MUST ( uniqueMember $
cn ) cn )
MAY ( businessCategory $ MAY ( businessCategory $
seeAlso $ seeAlso $
owner $ owner $
ou $ ou $
o $ o $
description ) ) description ) )
4.9 locality 4.8 locality
The locality Object Class is the basis of an entry which The locality Object Class is the basis of an entry which
represents a place in the physical world. represents a place in the physical world.
( 2.5.6.3 NAME 'locality' ( 2.5.6.3 NAME 'locality'
SUP top SUP top
STRUCTURAL STRUCTURAL
MAY ( street $ MAY ( street $
seeAlso $ seeAlso $
searchGuide $ searchGuide $
st $ st $
l $ l $
description ) ) description ) )
4.10 organization 4.9 organization
The organization Object Class is the basis of an entry which The organization Object Class is the basis of an entry which
represents a structured group of people. represents a structured group of people.
( 2.5.6.4 NAME 'organization' ( 2.5.6.4 NAME 'organization'
SUP top SUP top
STRUCTURAL STRUCTURAL
MUST o MUST o
MAY ( userPassword $ searchGuide $ seeAlso $ MAY ( userPassword $ searchGuide $ seeAlso $
businessCategory $ x121Address $ registeredAddress $ businessCategory $ x121Address $ registeredAddress $
destinationIndicator $ preferredDeliveryMethod $ destinationIndicator $ preferredDeliveryMethod $
telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $
internationaliSDNNumber $ facsimileTelephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
street $ postOfficeBox $ postalCode $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ postalAddress $ physicalDeliveryOfficeName $ st $
l $ description ) ) l $ description ) )
4.11 organizationalPerson 4.10 organizationalPerson
The organizationalPerson Object Class is the basis of an entry which The organizationalPerson Object Class is the basis of an entry which
represents a person in relation to an organization. represents a person in relation to an organization.
( 2.5.6.7 NAME 'organizationalPerson' ( 2.5.6.7 NAME 'organizationalPerson'
SUP person SUP person
STRUCTURAL STRUCTURAL
MAY ( title $ x121Address $ registeredAddress $ MAY ( title $ x121Address $ registeredAddress $
destinationIndicator $ preferredDeliveryMethod $ destinationIndicator $ preferredDeliveryMethod $
telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $
internationaliSDNNumber $ facsimileTelephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
street $ postOfficeBox $ postalCode $ postalAddress $ street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ ou $ st $ l ) ) physicalDeliveryOfficeName $ ou $ st $ l ) )
4.12 organizationalRole 4.11 organizationalRole
The organizationalRole Object Class is the basis of an entry which The organizationalRole Object Class is the basis of an entry which
represents a job or function or position in an organization. represents a job or function or position in an organization.
( 2.5.6.8 NAME 'organizationalRole' ( 2.5.6.8 NAME 'organizationalRole'
SUP top SUP top
STRUCTURAL STRUCTURAL
MUST cn MUST cn
MAY ( x121Address $ registeredAddress $ destinationIndicator $ MAY ( x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ preferredDeliveryMethod $ telexNumber $
teletexTerminalIdentifier $ telephoneNumber $ teletexTerminalIdentifier $ telephoneNumber $
internationaliSDNNumber $ facsimileTelephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
seeAlso $ roleOccupant $ preferredDeliveryMethod $ seeAlso $ roleOccupant $ preferredDeliveryMethod $
street $ postOfficeBox $ postalCode $ postalAddress $ street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
4.13 organizationalUnit 4.12 organizationalUnit
The organizationalUnit Object Class is the basis of an entry which The organizationalUnit Object Class is the basis of an entry which
represents a piece of an organization. represents a piece of an organization.
( 2.5.6.5 NAME 'organizationalUnit' ( 2.5.6.5 NAME 'organizationalUnit'
SUP top SUP top
STRUCTURAL STRUCTURAL
MUST ou MUST ou
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ MAY ( businessCategory $ description $ destinationIndicator $
x121Address $ registeredAddress $ destinationIndicator $ facsimileTelephoneNumber $ internationaliSDNNumber $ l $
preferredDeliveryMethod $ telexNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $
teletexTerminalIdentifier $ telephoneNumber $ postOfficeBox $ preferredDeliveryMethod $
internationaliSDNNumber $ facsimileTelephoneNumber $ registeredAddress $ searchGuide $ seeAlso $ st $ street $
street $ postOfficeBox $ postalCode $ postalAddress $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $
physicalDeliveryOfficeName $ st $ l $ description ) ) userPassword $ x121Address ) )
4.14 person 4.13 person
The person Object Class is the basis of an entry which represents a The person Object Class is the basis of an entry which represents a
human being. human being.
( 2.5.6.6 NAME 'person' ( 2.5.6.6 NAME 'person'
SUP top SUP top
STRUCTURAL STRUCTURAL
MUST ( sn $ MUST ( sn $
cn ) cn )
MAY ( userPassword $ MAY ( userPassword $
telephoneNumber $ telephoneNumber $
seeAlso $ seeAlso $
description ) ) description ) )
4.15 residentialPerson 4.14 residentialPerson
The residentialPerson Object Class is the basis of an entry which The residentialPerson Object Class is the basis of an entry which
includes a person's residence in the representation of the person. includes a person's residence in the representation of the person.
( 2.5.6.10 NAME 'residentialPerson' ( 2.5.6.10 NAME 'residentialPerson'
SUP person SUP person
STRUCTURAL STRUCTURAL
MUST l MUST l
MAY ( businessCategory $ x121Address $ registeredAddress $ MAY ( businessCategory $ x121Address $ registeredAddress $
destinationIndicator $ preferredDeliveryMethod $ destinationIndicator $ preferredDeliveryMethod $
telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $
internationaliSDNNumber $ facsimileTelephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
preferredDeliveryMethod $ street $ postOfficeBox $ preferredDeliveryMethod $ street $ postOfficeBox $
postalCode $ postalAddress $ physicalDeliveryOfficeName $ postalCode $ postalAddress $ physicalDeliveryOfficeName $
st $ l ) ) st $ l ) )
4.16 top
The top Object Class is the conceptual beginning of the inheritance
hierarchy of object classes. Top guarantees that every entry has
the objectClass attribute, which identifies the type of the entry.
( 2.5.6.0 NAME 'top'
ABSTRACT
MUST objectClass )
5. Security Considerations 5. Security Considerations
Attributes of directory entries are used to provide descriptive Attributes of directory entries are used to provide descriptive
information about the real-world objects they represent, which can be information about the real-world objects they represent, which can be
people, organizations or devices. Most countries have privacy laws people, organizations or devices. Most countries have privacy laws
regarding the publication of information about people. regarding the publication of information about people.
Transfer of cleartext passwords is strongly discouraged where the Transfer of cleartext passwords is strongly discouraged where the
underlying transport service cannot guarantee confidentiality and may underlying transport service cannot guarantee confidentiality and may
result in disclosure of the password to unauthorized parties. result in disclosure of the password to unauthorized parties.
skipping to change at page 22, line 43 skipping to change at page 20, line 36
certificationAuthority certificationAuthority
certificationAuthority-V2 certificationAuthority-V2
cRLDistributionPoint cRLDistributionPoint
strongAuthenticationUser strongAuthenticationUser
userSecurityInformation userSecurityInformation
These Attribute Types and Object Classes are specified for LDAP by These Attribute Types and Object Classes are specified for LDAP by
the PKIX Working Group, and so, are not included in this document. the PKIX Working Group, and so, are not included in this document.
The BNF notation in RFC 1778 [Syn String] for User Certificate, It is recommended that the BNF notation in RFC 1778 [Syn String] not
Authority Revocation List, and Certificate Pair are not recommended be used for User Certificate, Authority Revocation List, and
to be used. Certificate Pair.
6. Acknowledgements 6. Acknowledgements
The definitions, on which this document is based, have been developed The definitions, on which this document is based, have been developed
by committees for telecommunications and international standards. by committees for telecommunications and international standards.
No new attribute definitions have been added. No new attribute definitions have been added.
This document is an update of RFC 2256 by Mark Wahl. RFC 2256 was a This document is an update of RFC 2256 by Mark Wahl. RFC 2256 was a
product of the IETF ASID Working Group. product of the IETF ASID Working Group.
skipping to change at page 23, line 10 skipping to change at page 21, line 6
No new attribute definitions have been added. No new attribute definitions have been added.
This document is an update of RFC 2256 by Mark Wahl. RFC 2256 was a This document is an update of RFC 2256 by Mark Wahl. RFC 2256 was a
product of the IETF ASID Working Group. product of the IETF ASID Working Group.
This document is based upon input of the IETF LDAPBIS working group. This document is based upon input of the IETF LDAPBIS working group.
The author wishes to thank S. Legg and K. Zeilenga for their The author wishes to thank S. Legg and K. Zeilenga for their
significant contribution to this update. significant contribution to this update.
7. References 7. References
7.1 Normative 7.1 Normative
[Codes] ISO 3166, "Codes for the representation of names [E.123] Notation for national and international telephone numbers,
of countries".
[E123] Notation for national and international telephone numbers,
ITU-T Recommendation E.123, 1988 ITU-T Recommendation E.123, 1988
[ISDN] The international public telecommunication numbering plan, [E.164] The international public telecommunication numbering plan,
ITU-T Recommendation E.164, 1997 ITU-T Recommendation E.164, 1997
[KEYWD] Bradner, S., "Key words for use in RFCs to Indicate [ISO3166] ISO 3166, "Codes for the representation of names of
countries".
[Models] K. Zeilenga, "LDAP: The Models", draft-ietf-ldapbis-
models-xx.txt (a work in progress).
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", RFC 2119, March 1997 Requirement Levels", RFC 2119, March 1997
[SYNTAX] replacement (draft-ietf-ldapbis-syntaxes-02) for Wahl, M., [Syntaxes] K. Dally (editor), "LDAP: Syntaxes",
Coulbeck, A., Howes, T., and S. Kille, "Lightweight X.500 draft-ietf-ldapbis-syntaxes-xx, a work in progress
Directory Access Protocol(v3): Attribute Syntax Definitions",
RFC 2252, December 1997
[X121] International numbering plan for public data networks, [X.121] International numbering plan for public data networks,
ITU-T Recommendation X.121, 1996 ITU-T Recommendation X.121, 1996
[X501] The Directory: Models, ITU-T Recommendation X.501, 1995 [X.509] The Directory: Authentication Framework, ITU-T
Recommendation X.509, 1995
[X509] The Directory: Authentication Framework, ITU-T Recommendation
X.509, 1995
[X520] The Directory: Selected Attribute Types, ITU-T Recommendation [X.520] The Directory: Selected Attribute Types, ITU-T Recommendation
X.520, 1995 X.520, 1995
[X521] The Directory: Selected Object Classes. ITU-T Recommendation [X.521] The Directory: Selected Object Classes. ITU-T Recommendation
X.521, 1995 X.521, 1995
7.2 Informative 7.2 Informative
[Syn String] Howes, T., Kille, S., Yeong, W., Robbins, C., "The [Syn String] Howes, T., Kille, S., Yeong, W., Robbins, C., "The
String Representation of Standard Attribute Syntaxes", RFC 1778, String Representation of Standard Attribute Syntaxes", RFC 1778,
March 1995. March 1995.
[RFC2252] Wahl, M., Coulbeck, A., Howes, T., and S. Kille,
"Lightweight X.500 Directory Access Protocol(v3): Attribute
Syntax Definitions", RFC 2252, December 1997
8. Author's Address 8. Author's Address
Kathy Dally Kathy Dally
The MITRE Corp. The MITRE Corp.
1575 Colshire Dr., ms-W650 1575 Colshire Dr., ms-W650
McLean VA 22102 McLean VA 22102
USA USA
Phone: +1 703 883 6058 Phone: +1 703 883 6058
Email: kdally@mitre.org Email: kdally@mitre.org
skipping to change at line 1189 skipping to change at page 24, line 11
22. Removed the dmdName Attribute Type and dmd Object Class 22. Removed the dmdName Attribute Type and dmd Object Class
because they are not in the version of X.500 which because they are not in the version of X.500 which
is referenced. is referenced.
23. Removed embedded comments from the ABNF productions 23. Removed embedded comments from the ABNF productions
throughout the document. throughout the document.
24. Cleaned up the references; adopted word instead of number 24. Cleaned up the references; adopted word instead of number
tags; split Section 7 into normative and informative tags; split Section 7 into normative and informative
subsections. subsections.
Changes to draft-ietf-ldapbis-user-schema-02.txt, resulting in draft-
ietf-ldapbis-user-schema-03.txt:
......25. Deleted the 'aliasedObjectName' and 'objectClass' attribute
type definitions. They are included in [Models].
26. Deleted the 'alias' and 'top' object class definitions. They
are included in [Models].
27. Replaced the document title.
28. Changed reference citations to be consistent with the rest of
the LDAPbis documents.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/