draft-ietf-ldapbis-user-schema-06.txt   draft-ietf-ldapbis-user-schema-07.txt 
INTERNET-DRAFT K. Dally, Editor INTERNET-DRAFT K. Dally, Editor
Intended Category: Standard Track The MITRE Corp. Intended Category: Standard Track The MITRE Corp.
Expires: December 2003 June 2003 Expires: November 2004 May 2004
Updates: RFC 2247, RFC 2798 Updates: RFC 2247, RFC 2798
Obsoletes: RFC 2256 Obsoletes: RFC 2256
LDAP: Schema for User Applications LDAP: Schema for User Applications
<draft-ietf-ldapbis-user-schema-06> <draft-ietf-ldapbis-user-schema-07>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC 2026. all provisions of Section 10 of RFC 2026.
This document is intended to be, after appropriate review and This document is intended to be, after appropriate review and
revision, submitted to the RFC Editor as a Standard Track document. revision, submitted to the RFC Editor as a Standard Track document.
Distribution of this memo is unlimited. Technical discussion of Distribution of this memo is unlimited. Technical discussion of
this document will take place on the IETF LDAP Revision Working this document will take place on the IETF LDAP Revision Working
skipping to change at page 2, line 49 skipping to change at page 2, line 49
2.18 name 10 2.18 name 10
2.19 o 10 2.19 o 10
2.20 ou 10 2.20 ou 10
2.21 owner 11 2.21 owner 11
2.22 physicalDeliveryOfficeName 11 2.22 physicalDeliveryOfficeName 11
2.23 postalAddress 11 2.23 postalAddress 11
2.24 postalCode 11 2.24 postalCode 11
2.25 postOfficeBox 12 2.25 postOfficeBox 12
2.26 preferredDeliveryMethod 12 2.26 preferredDeliveryMethod 12
2.27 registeredAddress 12 2.27 registeredAddress 12
2.28 roleOccupant 13 2.28 roleOccupant 12
2.29 searchGuide 13 2.29 searchGuide 13
2.30 seeAlso 13 2.30 seeAlso 13
2.31 serialNumber 13 2.31 serialNumber 13
2.32 sn 14 2.32 sn 13
2.33 st 14 2.33 st 14
2.34 street 14 2.34 street 14
2.35 telephoneNumber 14 2.35 telephoneNumber 14
2.36 teletexTerminalIdentifier 14 2.36 teletexTerminalIdentifier 14
2.37 telexNumber 15 2.37 telexNumber 15
2.38 title 15 2.38 title 15
2.39 uid 15 2.39 uid 15
2.40 uniqueMember 15 2.40 uniqueMember 15
2.41 userPassword 16 2.41 userPassword 16
2.42 x121Address 16 2.42 x121Address 16
skipping to change at page 5, line 12 skipping to change at page 5, line 12
ObjectClassDescription given in [Models]. Lines have been folded ObjectClassDescription given in [Models]. Lines have been folded
for readability. for readability.
1.4 Source 1.4 Source
The schema definitions in this document are based on those found in The schema definitions in this document are based on those found in
the X.500-series [X.520] and [X.521], RFC 2798 [RFC2798] and the X.500-series [X.520] and [X.521], RFC 2798 [RFC2798] and
RFC 2247 [RFC2247], specifically: RFC 2247 [RFC2247], specifically:
Sections Source Sections Source
============ ================== ============
==================
2.1 - 2.3 X.520 [X.520] 2.1 - 2.3 X.520 [X.520]
2.4 RFC 2247 [RFC2247] 2.4 RFC 2247 [RFC2247]
2.5 - 2.38 X.520 [X.520] 2.5 - 2.38 X.520 [X.520]
2.39 RFC 2798 [2798] 2.39 RFC 2798 [2798]
2.40 - 2.43 X.520 [X.520] 2.40 - 2.43 X.520 [X.520]
3.1 - 3.12 X.521 [X.521] 3.1 - 3.12 X.521 [X.521]
However, the descriptions in this document SHALL be considered However, the descriptions in this document SHALL be considered
definitive for use in LDAP. definitive for use in LDAP.
skipping to change at page 11, line 10 skipping to change at page 11, line 10
(Source: X.520) (Source: X.520)
( 2.5.4.11 NAME 'ou' ( 2.5.4.11 NAME 'ou'
SUP name ) SUP name )
2.21 owner 2.21 owner
The owner attribute type contains the Distinguished Names of objects The owner attribute type contains the Distinguished Names of objects
that have an ownership responsibility for the object that is owned. that have an ownership responsibility for the object that is owned.
(e.g., The list object, "cn=All Employees, ou=Mailing List, (e.g., The list object, "cn=All Employees, ou=Mailing List,
o=Widget, Inc.", is owned by the role object, "cn=ou=Human Resources o=Widget',' Inc.", is owned by the role object, "cn=ou=Human
Director, ou=employee, o=Widget, Inc.") Each name is one value of Resources
Director, ou=employee, o=Widget',' Inc.") Each name is one value
of
this multi-valued attribute. this multi-valued attribute.
( 2.5.4.32 NAME 'owner' ( 2.5.4.32 NAME 'owner'
SUP distinguishedName ) SUP distinguishedName )
2.22 physicalDeliveryOfficeName 2.22 physicalDeliveryOfficeName
The physicalDeliveryOfficeName attribute type contains names that a The physicalDeliveryOfficeName attribute type contains names that a
Postal Service uses to identify a post office (e.g., "Bremerhaven, Postal Service uses to identify a post office (e.g., "Bremerhaven,
Main", "Bremerhaven, Bonnstrasse"). Main", "Bremerhaven, Bonnstrasse").
skipping to change at page 12, line 25 skipping to change at page 12, line 25
EQUALITY caseIgnoreMatch EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String 1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String
syntax [Syntaxes]. syntax [Syntaxes].
2.26 preferredDeliveryMethod 2.26 preferredDeliveryMethod
The preferredDeliveryMethod attribute type contains an indication of The preferredDeliveryMethod attribute type contains an indication of
the preferred method of getting a message to the object. For example, the preferred method of getting a message to the object. For
example,
if mhs-delivery is preferred over telephone-delivery, which is if mhs-delivery is preferred over telephone-delivery, which is
preferred over all other methods, the value of the value would preferred over all other methods, the value of the value would
be {1, 9}. be {1, 9}.
( 2.5.4.28 NAME 'preferredDeliveryMethod' ( 2.5.4.28 NAME 'preferredDeliveryMethod'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
SINGLE-VALUE ) SINGLE-VALUE )
1.3.6.1.4.1.1466.115.121.1.14 refers to the Delivery Method 1.3.6.1.4.1.1466.115.121.1.14 refers to the Delivery Method
syntax [Syntaxes]. syntax [Syntaxes].
skipping to change at page 13, line 9 skipping to change at page 13, line 4
SUP postalAddress SUP postalAddress
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
1.3.6.1.4.1.1466.115.121.1.41 refers to the Postal Address 1.3.6.1.4.1.1466.115.121.1.41 refers to the Postal Address
syntax [Syntaxes]. syntax [Syntaxes].
2.28 roleOccupant 2.28 roleOccupant
The roleOccupant attribute type contains the Distinguished Names of The roleOccupant attribute type contains the Distinguished Names of
objects(normally people) that fulfill the responsibilities of a role objects(normally people) that fulfill the responsibilities of a role
object. For example, the role object, "cn=Human Resources Director, object. For example, the role object, "cn=Human Resources
ou=Position, o=Widget, Inc.", is fulfilled by two people whose Director,
object names are "cn=Mary Smith, ou=employee, o=Widget, Inc." and ou=Position, o=Widget',' Inc.", is fulfilled by two people whose
"cn=James Brown, ou=employee, o=Widget, Inc." Each name is one object names are "cn=Mary Smith, ou=employee, Widget',' Inc." and
"cn=James Brown, ou=employee, o=Widget',' Inc." Each name is
one
value of this multi-valued attribute. value of this multi-valued attribute.
( 2.5.4.33 NAME 'roleOccupant' ( 2.5.4.33 NAME 'roleOccupant'
SUP distinguishedName ) SUP distinguishedName )
2.29 searchGuide 2.29 searchGuide
The searchGuide attribute type contains sets of information for use The searchGuide attribute type contains sets of information for use
by clients in constructing search filters. It is superseded by by clients in constructing search filters. It is superseded by
enhancedSearchGuide, described above in section 2.9. enhancedSearchGuide, described above in section 2.9.
( 2.5.4.14 NAME 'searchGuide' ( 2.5.4.14 NAME 'searchGuide'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
1.3.6.1.4.1.1466.115.121.1.25 refers to the Guide syntax [Syntaxes]. 1.3.6.1.4.1.1466.115.121.1.25 refers to the Guide syntax [Syntaxes].
2.30 seeAlso 2.30 seeAlso
The seeAlso attribute type contains Distinguished Names of objects The seeAlso attribute type contains Distinguished Names of objects
that are related to the subject object. For example, the person that are related to the subject object. For example, the person
object, "cn=James Brown, ou=employee, o=Widget Inc." is related to object, "cn=James Brown, ou=employee, o=Widget Inc." is related
to
the role objects, "cn=Football Team Captain, ou=sponsored the role objects, "cn=Football Team Captain, ou=sponsored
activities, o=Widget Inc." and "cn=Chess Team, ou=sponsored activities, o=Widget Inc." and "cn=Chess Team, ou=sponsored
activities, o=Widget Inc.". Each name is one value of this activities, o=Widget Inc.". Each name is one value of this
multi-valued attribute. multi-valued attribute.
( 2.5.4.34 NAME 'seeAlso' ( 2.5.4.34 NAME 'seeAlso'
SUP distinguishedName ) SUP distinguishedName )
2.31 serialNumber 2.31 serialNumber
skipping to change at page 15, line 49 skipping to change at page 15, line 49
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String 1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String
syntax [Syntaxes]. syntax [Syntaxes].
2.40 uniqueMember 2.40 uniqueMember
The uniqueMember attribute type contains the Distinguished Names of The uniqueMember attribute type contains the Distinguished Names of
an object that is on a list or in a group, where the Relative an object that is on a list or in a group, where the Relative
Distinguished Names of the object include a value that distinguishs Distinguished Names of the object include a value that distinguishs
between objects when a distinguished name has been reused. For between objects when a distinguished name has been reused. For
example, if "ou=1st Battalion, o=Defense, c=US" is a battalion that example, if "ou=1st Battalion, o=Defense, c=US" is a battalion
that
was disbanded, establishing a new battalion with the "same" name was disbanded, establishing a new battalion with the "same" name
would have a uid value added, resulting in would have a uid value added, resulting in
"ou=1st Battalion#'010101', o=Defense, c=US". "ou=1st Battalion#'010101', o=Defense, c=US".
( 2.5.4.50 NAME 'uniqueMember' ( 2.5.4.50 NAME 'uniqueMember'
EQUALITY uniqueMemberMatch EQUALITY uniqueMemberMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
1.3.6.1.4.1.1466.115.121.1.34 refers to the Name and Optional UID 1.3.6.1.4.1.1466.115.121.1.34 refers to the Name and Optional UID
syntax [Syntaxes]. syntax [Syntaxes].
skipping to change at page 20, line 38 skipping to change at page 20, line 38
The person object class is the basis of an entry which represents a The person object class is the basis of an entry which represents a
human being. human being.
( 2.5.6.6 NAME 'person' ( 2.5.6.6 NAME 'person'
SUP top SUP top
STRUCTURAL STRUCTURAL
MUST ( sn $ MUST ( sn $
cn ) cn )
MAY ( userPassword $ MAY ( userPassword $
telephoneNumber $ telephoneNumber $
seeAlso $ seeAlso $ description ) )
description ) )
3.12 residentialPerson 3.12 residentialPerson
The residentialPerson object class is the basis of an entry which The residentialPerson object class is the basis of an entry which
includes a person's residence in the representation of the person. includes a person's residence in the representation of the person.
( 2.5.6.10 NAME 'residentialPerson' ( 2.5.6.10 NAME 'residentialPerson'
SUP person SUP person
STRUCTURAL STRUCTURAL
MUST l MUST l
skipping to change at page 24, line 4 skipping to change at page 23, line 51
countries". countries".
[Models] K. Zeilenga, "LDAP: The Models", draft-ietf-ldapbis- [Models] K. Zeilenga, "LDAP: The Models", draft-ietf-ldapbis-
models-xx (a work in progress) models-xx (a work in progress)
[RFC1034] P. Mockapetris, " DOMAIN NAMES - CONCEPTS AND [RFC1034] P. Mockapetris, " DOMAIN NAMES - CONCEPTS AND
FACILITIES", RFC 1034, November 1987 FACILITIES", RFC 1034, November 1987
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", RFC 2119, March 1997 Requirement Levels", RFC 2119, March 1997
[RFC3490] Faltstrom P., Hoffman P., Costello A. "Internationalizing
Domain Names in Applications (IDNA)", RFC 3490, March 2003 [RFC3490] Faltstrom P., Hoffman P., Costello A.,
"Internationalizing Domain Names in Applications (IDNA)",
RFC 3490, March 2003
...[ROADMAP] Zeilenga, K., "LDAP: Technical Specification Road Map", ...[ROADMAP] Zeilenga, K., "LDAP: Technical Specification Road Map",
draft-ietf-ldapbis-roadmap-xx (a work in progress) draft-ietf-ldapbis-roadmap-xx (a work in progress)
[Syntaxes] S. Legg (editor), "LDAP: Syntaxes", draft-ietf-ldapbis- [Syntaxes] S. Legg (editor), "LDAP: Syntaxes", draft-ietf-ldapbis-
syntaxes-xx (a work in progress) syntaxes-xx (a work in progress)
[X.121] International numbering plan for public data networks, [X.121] International numbering plan for public data networks,
ITU-T Recommendation X.121, 1996 ITU-T Recommendation X.121, 1996
skipping to change at page 24, line 37 skipping to change at page 24, line 35
[AUTHMETH] Harrison R., "LDAP: Authentication Methods and [AUTHMETH] Harrison R., "LDAP: Authentication Methods and
Connection Level Security Mechanisms", draft-ietf- Connection Level Security Mechanisms", draft-ietf-
ldapbis-authmeth-xx (a work in progress) ldapbis-authmeth-xx (a work in progress)
[F.1] Operational Provisions For The International Public Telegram [F.1] Operational Provisions For The International Public Telegram
Service Transmission System, CCITT Recommmendation F.1, 1992 Service Transmission System, CCITT Recommmendation F.1, 1992
[F.31] Telegram Retransmission System, CCITT Recommendation [F.31] Telegram Retransmission System, CCITT Recommendation
F.31, 1988 F.31, 1988
[LDAP-PKI] Chadwick, D. W., Legg S., "LDAP Schema and Syntaxes for [LDAP-CERT] Klasen, N., Gietz, P. "An LDAPv3 Schema for X.509
PKIs", draft-ietf-pkix-ldap-pki-schema-xx (a work in Certificates", Internet Draft draft-klasen-ldap-
progress) x509certificate-schema-xx (a work in progress)
[LDAP-CRL] Chadwick, D. W. and M. V. Sahalayev, "Internet X.509
Public Key Infrastructure - LDAP Schema for X.509 CRLs",
Internet Draft draft-ietf-pkix-ldap-crl-schema-xx (a
work in progress)
[RFC2247] Kille, S., Wahl, M., Grimstad, A., Huber, R., and [RFC2247] Kille, S., Wahl, M., Grimstad, A., Huber, R., and
Sataluri, S., "Using Domains in LDAP/X.500 Distinguished Sataluri, S., "Using Domains in LDAP/X.500 Distinguished
Names", RFC 2247, January 1998 Names", RFC 2247, January 1998
[RFC3377] Hodges, J., Morgan, R., "Lightweight Directory Access [RFC3377] Hodges, J., Morgan, R., "Lightweight Directory Access
Protocol (v3): Technical Specification", RFC 3377, Protocol (v3): Technical Specification", RFC 3377,
September 2002 September 2002
[SASLprep] Zeilenga K., "SASLprep: Stringprep profile for user [SASLprep] Zeilenga K., "SASLprep: Stringprep profile for user
skipping to change at page 26, line 16 skipping to change at page 26, line 16
This appendix lists the changes that have been made from RFC 2256 to This appendix lists the changes that have been made from RFC 2256 to
this I-D. this I-D.
1. Replaced the document title. 1. Replaced the document title.
2. Removed the IESG Note. 2. Removed the IESG Note.
3. Dependencies on RFC 1274 have been eliminated. 3. Dependencies on RFC 1274 have been eliminated.
4. Added a Security Considerations section. 4. Added a Security Considerations section and an IANA
considerations section.
5. Deleted the conformance requirement for subschema object 5. Deleted the conformance requirement for subschema object
classes in favor of a statement in [Syntaxes]. classes in favor of a statement in [Syntaxes].
6. Added explanations to many attribute types and to each object 6. Added explanation to attribute types and to each object class.
class.
7. Removed Section 4, Syntaxes, and Section 6, Matching Rules, 7. Removed Section 4, Syntaxes, and Section 6, Matching Rules,
(moved to [Syntaxes]). (moved to [Syntaxes]).
8. Removed the certificate-related attribute types: 8. Removed the certificate-related attribute types:
authorityRevocationList, authorityRevocationList,
cACertificate, cACertificate,
certificateRevocationList, certificateRevocationList,
crossCertificatePair, crossCertificatePair,
deltaRevocationList, deltaRevocationList,
supportedAlgorithms, and supportedAlgorithms, and
userCertificate. userCertificate.
Removed the certificate-related Object Classes: Removed the certificate-related Object Classes:
certificationAuthority, certificationAuthority,
certificationAuthority-V2, certificationAuthority-V2,
cRLDistributionPoint, cRLDistributionPoint,
strongAuthenticationUser, and strongAuthenticationUser, and
userSecurityInformation userSecurityInformation
LDAP PKI is now discussed in [LDAP-PKI]. LDAP PKI is now discussed in [LDAP-CRL] and {LDAP-CERT].
9. Removed the dmdName, knowledgeInformation, 9. Removed the dmdName, knowledgeInformation,
presentationAddress, protocolInformation, and presentationAddress, protocolInformation, and
supportedApplicationContext attribute types and the dmd, supportedApplicationContext attribute types and the dmd,
applicationEntity, and dSA object classes. applicationEntity, and dSA object classes.
10. Deleted the aliasedObjectName and objectClass attribute 10. Deleted the aliasedObjectName and objectClass attribute
type definitions. Deleted the alias and top object class type definitions. Deleted the alias and top object class
definitions. They are included in [Models]. definitions. They are included in [Models].
11. Added the 'dc' attribute type from RFC 2247. 11. Added the 'dc' attribute type from RFC 2247.
12. Added an IANA Considerations section. 12. Numerous edititorial changes.
13. Numerous edititorial changes.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/