draft-ietf-ldapbis-user-schema-07.txt   draft-ietf-ldapbis-user-schema-08.txt 
INTERNET-DRAFT K. Dally, Editor INTERNET-DRAFT K. Dally, Editor
Intended Category: Standard Track The MITRE Corp. Intended Category: Standard Track The MITRE Corp.
Expires: November 2004 May 2004 Expires: January 2005 July 2004
Updates: RFC 2247, RFC 2798 Updates: RFC 2247, RFC 2798
Obsoletes: RFC 2256 Obsoletes: RFC 2256
LDAP: Schema for User Applications LDAP: Schema for User Applications
<draft-ietf-ldapbis-user-schema-07> <draft-ietf-ldapbis-user-schema-08>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC 2026.
This document is intended to be, after appropriate review and This document is intended to be, after appropriate review and
revision, submitted to the RFC Editor as a Standard Track document. revision, submitted to the RFC Editor as a Standard Track document.
Distribution of this memo is unlimited. Technical discussion of Distribution of this memo is unlimited. Technical discussion of
this document will take place on the IETF LDAP Revision Working this document will take place on the IETF LDAP Revision Working
Group (LDAPbis) mailing list <ietf-ldapbis@openldap.org>. Please Group (LDAPbis) mailing list <ietf-ldapbis@openldap.org>. Please
send editorial comments directly to the author <kdally@mitre.org>. send editorial comments directly to the author <kdally@mitre.org>.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as other groups may also distribute working documents as
Internet-Drafts. Internet-Drafts are draft documents valid for a Internet-Drafts.
maximum of six months and may be updated, replaced, or obsoleted by
other documents at any time. It is inappropriate to use Internet-Drafts are draft documents valid for a maximum of six
Internet-Drafts as reference material or to cite them other than as months and may be updated, replaced, or obsoleted by other documents
"work in progress." at any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.html.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
Copyright Notice Copyright Notice
Copyright 2004, The Internet Society. All Rights Reserved.
Copyright 2003, The Internet Society. All Rights Reserved.
Abstract Abstract
This document is a integral part of the Lightweight Directory Access This document is a integral part of the Lightweight Directory Access
Protocol (LDAP) technical specification [ROADMAP]. It provides a Protocol (LDAP) technical specification [ROADMAP]. It provides a
technical specification of attribute types and object classes technical specification of attribute types and object classes
intended for use by LDAP directory clients for many directory intended for use by LDAP directory clients for many directory
services, such as, White Pages. These objects are widely used as a services, such as, White Pages. These objects are widely used as a
basis for the schema in many LDAP directories. This document does basis for the schema in many LDAP directories. This document does
not cover attributes used for the administration of directory not cover attributes used for the administration of directory
skipping to change at page 2, line 23 skipping to change at page 2, line 23
Table of Contents 2 Table of Contents 2
1. Introduction 4 1. Introduction 4
1.1 Situation 4 1.1 Situation 4
1.2 Conventions 4 1.2 Conventions 4
1.3 General Issues 4 1.3 General Issues 4
1.4 Source 5 1.4 Source 5
2. Attribute Types 5 2. Attribute Types 5
2.1 businessCategory 5 2.1 businessCategory 5
2.2 c 5 2.2 c 6
2.3 cn 6 2.3 cn 6
2.4 dc 6 2.4 dc 6
2.5 description 6 2.5 description 7
2.6 destinationIndicator 7 2.6 destinationIndicator 7
2.7 distinguishedName 7 2.7 distinguishedName 7
2.8 dnQualifier 7 2.8 dnQualifier 8
2.9 enhancedSearchGuide 8 2.9 enhancedSearchGuide 8
2.10 facsimileTelephoneNumber 8 2.10 facsimileTelephoneNumber 8
2.11 generationQualifier 8 2.11 generationQualifier 8
2.12 givenName 8 2.12 givenName 9
2.13 houseIdentifier 9 2.13 houseIdentifier 9
2.14 initials 9 2.14 initials 9
2.15 internationalISDNNumber 9 2.15 internationalISDNNumber 9
2.16 l 9 2.16 l 10
2.17 member 10 2.17 member 10
2.18 name 10 2.18 name 10
2.19 o 10 2.19 o 10
2.20 ou 10 2.20 ou 11
2.21 owner 11 2.21 owner 11
2.22 physicalDeliveryOfficeName 11 2.22 physicalDeliveryOfficeName 11
2.23 postalAddress 11 2.23 postalAddress 11
2.24 postalCode 11 2.24 postalCode 12
2.25 postOfficeBox 12 2.25 postOfficeBox 12
2.26 preferredDeliveryMethod 12 2.26 preferredDeliveryMethod 12
2.27 registeredAddress 12 2.27 registeredAddress 13
2.28 roleOccupant 12 2.28 roleOccupant 13
2.29 searchGuide 13 2.29 searchGuide 13
2.30 seeAlso 13 2.30 seeAlso 13
2.31 serialNumber 13 2.31 serialNumber 14
2.32 sn 13 2.32 sn 14
2.33 st 14 2.33 st 14
2.34 street 14 2.34 street 14
2.35 telephoneNumber 14 2.35 telephoneNumber 15
2.36 teletexTerminalIdentifier 14 2.36 teletexTerminalIdentifier 15
2.37 telexNumber 15 2.37 telexNumber 15
2.38 title 15 2.38 title 15
2.39 uid 15 2.39 uid 15
2.40 uniqueMember 15 2.40 uniqueMember 16
2.41 userPassword 16 2.41 userPassword 16
2.42 x121Address 16 2.42 x121Address 17
2.43 x500UniqueIdentifier 16 2.43 x500UniqueIdentifier 17
3. Object Classes 17 3. Object Classes 18
3.1 applicationProcess 17 3.1 applicationProcess 18
3.2 country 17 3.2 country 18
3.3 device 17 3.3 device 18
3.4 groupOfNames 18 3.4 groupOfNames 19
3.5 groupOfUniqueNames 18 3.5 groupOfUniqueNames 19
3.6 locality 18 3.6 locality 19
3.7 organization 19 3.7 organization 20
3.8 organizationalPerson 19 3.8 organizationalPerson 20
3.9 organizationalRole 19 3.9 organizationalRole 20
3.10 organizationalUnit 20 3.10 organizationalUnit 21
3.11 person 20 3.11 person 21
3.12 residentialPerson 20 3.12 residentialPerson 21
4. IANA Considerations 21 4. IANA Considerations 22
5. Security Considerations 22 5. Security Considerations 23
6. Acknowledgements 23 6. Acknowledgements 24
7. References 23 7. References 24
7.1 Normative 23 7.1 Normative 24
7.2 Informative 24 7.2 Informative 25
8. Author's Address 25 8. Author's Address 26
9. Full Copyright Statement 25 9. Intellectual Property Rights (IPR) Disclosure 26
10. IPR Notice 26
11. Copyright Notice and Disclaimer 27
1. Introduction 1. Introduction
This document provides an overview of attribute types and object This document provides an overview of attribute types and object
classes intended for use by Lightweight Directory Access Protocol classes intended for use by Lightweight Directory Access Protocol
directory clients for many directory services, such as, White Pages. directory clients for many directory services, such as, White Pages.
Originally specified in the X.500 [X.500] documents, these objects Originally specified in the X.500 [X.500] documents, these objects
are widely used as a basis for the schema in many LDAP are widely used as a basis for the schema in many LDAP directories.
directories. This document does not cover attributes used for the This document does not cover attributes used for the administration
administration of directory servers, nor does it include directory of directory servers, nor does it include directory objects defined
objects defined for specific uses in other documents. for specific uses in other documents.
1.1 Situation 1.1 Situation
This document is a integral part of the LDAP technical specification This document is a integral part of the LDAP technical specification
[ROADMAP] which obsoletes the previously defined LDAP technical [ROADMAP] which obsoletes the previously defined LDAP technical
specification [RFC3377] in its entirety. In terms of RFC 2256, specification [RFC3377] in its entirety. In terms of RFC 2256,
Sections 6 and 8 of RFC 2256 are obsoleted by [Syntaxes]. Sections Sections 6 and 8 of RFC 2256 are obsoleted by [Syntaxes]. Sections
5.1, 5.2, 7.1 and 7.2 of RFC 2256 are obsoleted by [Models]. The 5.1, 5.2, 7.1 and 7.2 of RFC 2256 are obsoleted by [Models]. The
remainder of RFC 2256 is obsoleted by this document. Section 3.4 of remainder of RFC 2256 is obsoleted by this document. Section 2.4 of
this document supercedes the technical specification for the 'dc' this document supercedes the technical specification for the 'dc'
attribute type found in RFC 2247.[editor's note: Substitute attribute type found in RFC 2247. The remainder of RFC 2247 remains
replacement RFC at time of publication.] The remainder of RFC 2247 in force.
remains in force.
This document updates RFC 2798 by replacing the informative This document updates RFC 2798 by replacing the informative
description of the 'uid' attribute type, with the definitive description of the 'uid' attribute type, with the definitive
description provided in Section 2.39 of this document. description provided in Section 2.39 of this document.
A number of schema elements which were included in the previous A number of schema elements which were included in the previous
revision of the LDAP Technical Specification are not included in this revision of the LDAP Technical Specification are not included in this
revision of LDAP. PKI-related schema elements are now specified in revision of LDAP. PKI-related schema elements are now specified in
[LDAP-PKI]. Unless reintroduced in future technical specifications, [LDAP-CERT] and [LDAP-CRL]. Unless reintroduced in future technical
the remainder are to be considered Historic. specifications, the remainder are to be considered Historic.
1.2 Conventions 1.2 Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
1.3 General Issues 1.3 General Issues
This document references Syntaxes given in Section 3 of [Syntaxes] This document references Syntaxes given in Section 3 of [Syntaxes]
skipping to change at page 5, line 12 skipping to change at page 5, line 12
ObjectClassDescription given in [Models]. Lines have been folded ObjectClassDescription given in [Models]. Lines have been folded
for readability. for readability.
1.4 Source 1.4 Source
The schema definitions in this document are based on those found in The schema definitions in this document are based on those found in
the X.500-series [X.520] and [X.521], RFC 2798 [RFC2798] and the X.500-series [X.520] and [X.521], RFC 2798 [RFC2798] and
RFC 2247 [RFC2247], specifically: RFC 2247 [RFC2247], specifically:
Sections Source Sections Source
============ ============ ==================
==================
2.1 - 2.3 X.520 [X.520] 2.1 - 2.3 X.520 [X.520]
2.4 RFC 2247 [RFC2247] 2.4 RFC 2247 [RFC2247]
2.5 - 2.38 X.520 [X.520] 2.5 - 2.38 X.520 [X.520]
2.39 RFC 2798 [2798] 2.39 RFC 2798 [2798]
2.40 - 2.43 X.520 [X.520] 2.40 - 2.43 X.520 [X.520]
3.1 - 3.12 X.521 [X.521] 3.1 - 3.12 X.521 [X.521]
However, the descriptions in this document SHALL be considered However, the descriptions in this document SHALL be considered
definitive for use in LDAP. definitive for use in LDAP.
skipping to change at page 8, line 24 skipping to change at page 8, line 36
2.9 enhancedSearchGuide 2.9 enhancedSearchGuide
The enhancedSearchGuide attribute type contains sets of information The enhancedSearchGuide attribute type contains sets of information
for use by directory clients in constructing search filters. Each for use by directory clients in constructing search filters. Each
set is one value of this multi-valued attribute. set is one value of this multi-valued attribute.
( 2.5.4.47 NAME 'enhancedSearchGuide' ( 2.5.4.47 NAME 'enhancedSearchGuide'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
1.3.6.1.4.1.1466.115.121.1.21 refers to the Enhanced Guide 1.3.6.1.4.1.1466.115.121.1.21 refers to the Enhanced Guide
syntax [Syntaxes]. syntax [Syntaxes].
2.10 facsimileTelephoneNumber 2.10 facsimileTelephoneNumber
The facsimileTelephoneNumber attribute type contains telephone The facsimileTelephoneNumber attribute type contains telephone
numbers (and, optionally, the parameters) for facsimile terrminals. numbers (and, optionally, the parameters) for facsimile terminals.
Each telephone number is one value of this multi-valued attribute. Each telephone number is one value of this multi-valued attribute.
( 2.5.4.23 NAME 'facsimileTelephoneNumber' ( 2.5.4.23 NAME 'facsimileTelephoneNumber'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
1.3.6.1.4.1.1466.115.121.1.22 refers to the Facsimile Telephone 1.3.6.1.4.1.1466.115.121.1.22 refers to the Facsimile Telephone
Number syntax [Syntaxes]. Number syntax [Syntaxes].
2.11 generationQualifier 2.11 generationQualifier
skipping to change at page 11, line 9 skipping to change at page 11, line 19
Each name is one value of this multi-valued attribute. Each name is one value of this multi-valued attribute.
(Source: X.520) (Source: X.520)
( 2.5.4.11 NAME 'ou' ( 2.5.4.11 NAME 'ou'
SUP name ) SUP name )
2.21 owner 2.21 owner
The owner attribute type contains the Distinguished Names of objects The owner attribute type contains the Distinguished Names of objects
that have an ownership responsibility for the object that is owned. that have an ownership responsibility for the object that is owned.
(e.g., The list object, "cn=All Employees, ou=Mailing List, Each owner's name is one value of this multi-valued attribute.
o=Widget',' Inc.", is owned by the role object, "cn=ou=Human (e.g., The list object which has DN: "cn=All Employees,
Resources ou=Mailing List,o=Widget\, Inc.", is owned by the Human Resources
Director, ou=employee, o=Widget',' Inc.") Each name is one value Director. Therefore, the DN of the director (role) would be a value
of of the owner attribute: "cn=Human Resources Director,
this multi-valued attribute. ou=employee,o=Widget\, Inc.")
( 2.5.4.32 NAME 'owner' ( 2.5.4.32 NAME 'owner'
SUP distinguishedName ) SUP distinguishedName )
2.22 physicalDeliveryOfficeName 2.22 physicalDeliveryOfficeName
The physicalDeliveryOfficeName attribute type contains names that a The physicalDeliveryOfficeName attribute type contains names that a
Postal Service uses to identify a post office (e.g., "Bremerhaven, Postal Service uses to identify a post office (e.g., "Bremerhaven,
Main", "Bremerhaven, Bonnstrasse"). Main", "Bremerhaven, Bonnstrasse").
skipping to change at page 11, line 36 skipping to change at page 11, line 46
EQUALITY caseIgnoreMatch EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String 1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String
syntax [Syntaxes]. syntax [Syntaxes].
2.23 postalAddress 2.23 postalAddress
The postalAddress attribute type contains addresses used by a Postal The postalAddress attribute type contains addresses used by a Postal
Service to perform services for the object (e.g., "15 Main St., Service to perform services for the object. Each address is one
Ottawa, Canada"). Each address is one value of this multi-valued value of this multi-valued attribute.(e.g., one value is "15 Main
attribute. St.$Ottawa$Canada").
( 2.5.4.16 NAME 'postalAddress' ( 2.5.4.16 NAME 'postalAddress'
EQUALITY caseIgnoreListMatch EQUALITY caseIgnoreListMatch
SUBSTR caseIgnoreListSubstringsMatch SUBSTR caseIgnoreListSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
1.3.6.1.4.1.1466.115.121.1.41 refers to the Postal Address 1.3.6.1.4.1.1466.115.121.1.41 refers to the Postal Address
syntax [Syntaxes]. syntax [Syntaxes].
2.24 postalCode 2.24 postalCode
The postalCode attribute type contains codes used by a Postal The postalCode attribute type contains codes used by a Postal
Service to identify a postal service zones, such as the southern Service to identify a postal service zones, such as the southern
quadrant of a city (e.g., "22180"). Each code is one value of this quadrant of a city (e.g., "22180"). Each code is one value of this
multi-valued attribute. multi-valued attribute.
skipping to change at page 12, line 26 skipping to change at page 12, line 41
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String 1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String
syntax [Syntaxes]. syntax [Syntaxes].
2.26 preferredDeliveryMethod 2.26 preferredDeliveryMethod
The preferredDeliveryMethod attribute type contains an indication of The preferredDeliveryMethod attribute type contains an indication of
the preferred method of getting a message to the object. For the preferred method of getting a message to the object. For
example, example, if mhs-delivery is preferred over telephone-delivery, which
if mhs-delivery is preferred over telephone-delivery, which is is preferred over all other methods, the value would be:
preferred over all other methods, the value of the value would mhs $ telephone
be {1, 9}.
( 2.5.4.28 NAME 'preferredDeliveryMethod' ( 2.5.4.28 NAME 'preferredDeliveryMethod'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
SINGLE-VALUE ) SINGLE-VALUE )
1.3.6.1.4.1.1466.115.121.1.14 refers to the Delivery Method 1.3.6.1.4.1.1466.115.121.1.14 refers to the Delivery Method
syntax [Syntaxes]. syntax [Syntaxes].
2.27 registeredAddress 2.27 registeredAddress
The registeredAddress attribute type contains postal addresses The registeredAddress attribute type contains postal addresses
suitable for reception of telegrams or expedited documents, where it suitable for reception of telegrams or expedited documents, where it
is necessary to have the recipient accept delivery (e.g., is necessary to have the recipient accept delivery. Each address is
"Receptionist, Widget Inc., 15 Main St., Ottawa, Canada"). Each one value of this multi-valued attribute. (e.g., one value is
address is one value of this multi-valued attribute. "Receptionist\, Widget Inc.\, 15 Main St.\, Ottawa\, Canada")
( 2.5.4.26 NAME 'registeredAddress' ( 2.5.4.26 NAME 'registeredAddress'
SUP postalAddress SUP postalAddress
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
1.3.6.1.4.1.1466.115.121.1.41 refers to the Postal Address 1.3.6.1.4.1.1466.115.121.1.41 refers to the Postal Address
syntax [Syntaxes]. syntax [Syntaxes].
2.28 roleOccupant 2.28 roleOccupant
The roleOccupant attribute type contains the Distinguished Names of The roleOccupant attribute type contains the Distinguished Names of
objects(normally people) that fulfill the responsibilities of a role objects (normally people) that fulfill the responsibilities of a
object. For example, the role object, "cn=Human Resources role object. For example, the role object, "cn=Human Resources
Director, Director,ou=Position,o=Widget\, Inc.", is fulfilled by two people
ou=Position, o=Widget',' Inc.", is fulfilled by two people whose whose object names are "cn=Mary Smith,ou=employee,o=Widget\, Inc."
object names are "cn=Mary Smith, ou=employee, Widget',' Inc." and and "cn=James Brown,ou=employee,o=Widget\, Inc." The roleOccupant
attribute would have two values, one for each occupant.
"cn=James Brown, ou=employee, o=Widget',' Inc." Each name is
one
value of this multi-valued attribute.
( 2.5.4.33 NAME 'roleOccupant' ( 2.5.4.33 NAME 'roleOccupant'
SUP distinguishedName ) SUP distinguishedName )
2.29 searchGuide 2.29 searchGuide
The searchGuide attribute type contains sets of information for use The searchGuide attribute type contains sets of information for use
by clients in constructing search filters. It is superseded by by clients in constructing search filters. It is superseded by
enhancedSearchGuide, described above in section 2.9. enhancedSearchGuide, described above in section 2.9.
( 2.5.4.14 NAME 'searchGuide' ( 2.5.4.14 NAME 'searchGuide'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
1.3.6.1.4.1.1466.115.121.1.25 refers to the Guide syntax [Syntaxes]. 1.3.6.1.4.1.1466.115.121.1.25 refers to the Guide syntax [Syntaxes].
2.30 seeAlso 2.30 seeAlso
The seeAlso attribute type contains Distinguished Names of objects The seeAlso attribute type contains Distinguished Names of objects
that are related to the subject object. For example, the person that are related to the subject object. For example, the person
object, "cn=James Brown, ou=employee, o=Widget Inc." is related object, "cn=James Brown,ou=employee,o=Widget Inc." is related to
to the role objects, "cn=Football Team Captain,ou=sponsored activities,
the role objects, "cn=Football Team Captain, ou=sponsored o=Widget Inc." and "cn=Chess Team,ou=sponsored activities,o=Widget
activities, o=Widget Inc." and "cn=Chess Team, ou=sponsored Inc.". Each related object name is one value of this multi-valued
activities, o=Widget Inc.". Each name is one value of this attribute.
multi-valued attribute.
( 2.5.4.34 NAME 'seeAlso' ( 2.5.4.34 NAME 'seeAlso'
SUP distinguishedName ) SUP distinguishedName )
2.31 serialNumber 2.31 serialNumber
The serialNumber attribute type contains the serial numbers of The serialNumber attribute type contains the serial numbers of
devices (e.g., "WI-3005". Each number is one value of this devices (e.g., "WI-3005". Each number is one value of this
multi-valued attribute. multi-valued attribute.
skipping to change at page 14, line 41 skipping to change at page 15, line 8
EQUALITY caseIgnoreMatch EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String 1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String
syntax [Syntaxes]. syntax [Syntaxes].
2.35 telephoneNumber 2.35 telephoneNumber
The telephoneNumber attribute type contains telephone numbers The telephoneNumber attribute type contains telephone numbers
complying with ITU Recommendation E.123 [E.123] complying with ITU Recommendation E.123 [E.123] (e.g.,
(e.g., 1 234 567 8901) Each number is one value of this +1 234 567 8901) Each number is one value of this multi-valued
multi-valued attribute. attribute.
( 2.5.4.20 NAME 'telephoneNumber' ( 2.5.4.20 NAME 'telephoneNumber'
EQUALITY telephoneNumberMatch EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
1.3.6.1.4.1.1466.115.121.1.50 refers to the Telephone Number 1.3.6.1.4.1.1466.115.121.1.50 refers to the Telephone Number
syntax [Syntaxes]. syntax [Syntaxes].
2.36 teletexTerminalIdentifier 2.36 teletexTerminalIdentifier
The withdrawal of Rec. F.200 has resulted in the withdrawal of this The withdrawal of Rec. F.200 has resulted in the withdrawal of this
attribute. attribute.
( 2.5.4.22 NAME 'teletexTerminalIdentifier' ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
2.37 telexNumber 2.37 telexNumber
The telexNumber attribute type contains sets of strings which are a The telexNumber attribute type contains sets of strings which are a
telex number, country code, and answerback code of a telex telex number, country code, and answerback code of a telex terminal.
terminal. Each set is one value of this multi-valued attribute. Each set is one value of this multi-valued attribute.
( 2.5.4.21 NAME 'telexNumber' ( 2.5.4.21 NAME 'telexNumber'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
1.3.6.1.4.1.1466.115.121.1.52 refers to the Telex Number 1.3.6.1.4.1.1466.115.121.1.52 refers to the Telex Number
syntax [Syntaxes]. syntax [Syntaxes].
2.38 title 2.38 title
This attribute contains the title, such as "Vice President", of a This attribute contains the title, such as "Vice President", of a
person in their organizational context. person in their organizational context.
( 2.5.4.12 NAME 'title' ( 2.5.4.12 NAME 'title'
SUP name ) SUP name )
2.39 uid 2.39 uid
The uid attribute type contains computer system login names The uid attribute type contains computer system login names
associated with the object. (Source: RFC 1274, associated with the object. (Source: RFC 1274). Each name is one
RFC 2798). Each name is one value of this multi-valued attribute. value of this multi-valued attribute.
( 0.9.2342.19200300.100.1.1 ( 0.9.2342.19200300.100.1.1
NAME 'uid' NAME 'uid'
EQUALITY caseIgnoreMatch EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String 1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String
syntax [Syntaxes]. syntax [Syntaxes].
2.40 uniqueMember 2.40 uniqueMember
The uniqueMember attribute type contains the Distinguished Names of The uniqueMember attribute type contains the Distinguished Names of
an object that is on a list or in a group, where the Relative an object that is on a list or in a group, where the Relative
Distinguished Names of the object include a value that distinguishs Distinguished Names of the object include a value that distinguishes
between objects when a distinguished name has been reused. For between objects when a distinguished name has been reused. For
example, if "ou=1st Battalion, o=Defense, c=US" is a battalion example, if "ou=1st Battalion,o=Defense,c=US" is a battalion that
that
was disbanded, establishing a new battalion with the "same" name was disbanded, establishing a new battalion with the "same" name
would have a uid value added, resulting in would have a uid value added, resulting in "ou=1st Battalion,
"ou=1st Battalion#'010101', o=Defense, c=US". o=Defense,c=US#'010101'B".
( 2.5.4.50 NAME 'uniqueMember' ( 2.5.4.50 NAME 'uniqueMember'
EQUALITY uniqueMemberMatch EQUALITY uniqueMemberMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
1.3.6.1.4.1.1466.115.121.1.34 refers to the Name and Optional UID 1.3.6.1.4.1.1466.115.121.1.34 refers to the Name and Optional UID
syntax [Syntaxes]. syntax [Syntaxes].
2.41 userPassword 2.41 userPassword
The userPassword attribute type contains character strings that are The userPassword attribute contains octet strings that are known
known only to the user and the system to which the user has access. only to the user and the system to which the user has access. Each
Each string is one value of this multi-valued attribute. string is one value of this multi-valued attribute.
The application SHOULD prepare textual strings used as passwords by The application SHOULD prepare textual strings used as passwords by
transcoding them to Unicode, applying SASLprep [SASLprep], and transcoding them to Unicode, applying SASLprep [SASLprep], and
encoding as UTF-8. encoding as UTF-8.
( 2.5.4.35 NAME 'userPassword' ( 2.5.4.35 NAME 'userPassword'
EQUALITY octetStringMatch EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
1.3.6.1.4.1.1466.115.121.1.40 refers to the Octet String 1.3.6.1.4.1.1466.115.121.1.40 refers to the Octet String
skipping to change at page 17, line 6 skipping to change at page 17, line 33
1.3.6.1.4.1.1466.115.121.1.36 refers to the Numeric String 1.3.6.1.4.1.1466.115.121.1.36 refers to the Numeric String
syntax [Syntaxes]. syntax [Syntaxes].
2.43 x500UniqueIdentifier 2.43 x500UniqueIdentifier
The x500UniqueIdentifier attribute type contains binary strings that The x500UniqueIdentifier attribute type contains binary strings that
are used to distinguish between objects when a distinguished name are used to distinguish between objects when a distinguished name
has been reused. Each string is one value of this multi-valued has been reused. Each string is one value of this multi-valued
attribute. In X.520 [X.520], this attribute type is called attribute. In X.520 [X.520], this attribute type is called
uniqueIdentifier. This is a different attribute type from both the uniqueIdentifier. This is a different attribute type from both the
"uid" and "uniqueIdentifier" attribute types. "uid" and "uniqueIdentifier" LDAP attribute types. The
uniqueIdentifier attribute type is defined in [RFC1274].
( 2.5.4.45 NAME 'x500UniqueIdentifier' ( 2.5.4.45 NAME 'x500UniqueIdentifier'
EQUALITY bitStringMatch EQUALITY bitStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
1.3.6.1.4.1.1466.115.121.1.6 refers to the Bit String 1.3.6.1.4.1.1466.115.121.1.6 refers to the Bit String
syntax [Syntaxes]. syntax [Syntaxes].
3. Object Classes 3. Object Classes
skipping to change at page 21, line 18 skipping to change at page 22, line 18
update the LDAP descriptors registry as indicated in the following update the LDAP descriptors registry as indicated in the following
template: template:
Subject: Request for LDAP Descriptor Registration Update Subject: Request for LDAP Descriptor Registration Update
Descriptor (short name): see comment Descriptor (short name): see comment
Object Identifier: see comment Object Identifier: see comment
Person & email address to contact for further information: Person & email address to contact for further information:
Kathy Dally <kdally@mitre.org> Kathy Dally <kdally@mitre.org>
Usage: (A = attribute type, O = Object Class) see comment Usage: (A = attribute type, O = Object Class) see comment
Specification: RFC XXXX [editor's note: The RFC number will be Specification: RFC XXXX [editor's note: The RFC number will be
the one assigned to this document. the one assigned to this document.]
Author/Change Controller: IESG Author/Change Controller: IESG
Comments Comments
In the LDAP descriptors registry, the following descriptors (short In the LDAP descriptors registry, the following descriptors (short
names) should be updated to refer to RFC XXXX [editor's note: This names) should be updated to refer to RFC XXXX [editor's note: This
document]. document].
NAME Type OID NAME Type OID
------------------------ ---- ---------------------------- ------------------------ ---- ----------------------------
applicationProcess O 2.5.6.11 applicationProcess O 2.5.6.11
skipping to change at page 23, line 47 skipping to change at page 24, line 48
[E.164] The international public telecommunication numbering plan, [E.164] The international public telecommunication numbering plan,
ITU-T Recommendation E.164, 1997 ITU-T Recommendation E.164, 1997
[ISO3166] ISO 3166, "Codes for the representation of names of [ISO3166] ISO 3166, "Codes for the representation of names of
countries". countries".
[Models] K. Zeilenga, "LDAP: The Models", draft-ietf-ldapbis- [Models] K. Zeilenga, "LDAP: The Models", draft-ietf-ldapbis-
models-xx (a work in progress) models-xx (a work in progress)
[RFC1034] P. Mockapetris, " DOMAIN NAMES - CONCEPTS AND [RFC1034] P. Mockapetris, " DOMAIN NAMES - CONCEPTS AND
FACILITIES", RFC 1034, November 1987 FACILITIES", RFC 1034, January 1987
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", RFC 2119, March 1997 Requirement Levels", RFC 2119, March 1997
[RFC2234] Crocker, D., Overell P., "Augmented BNF for Syntax
Specifications: ABNF", RFC 2234, November 1997
[RFC3490] Faltstrom P., Hoffman P., Costello A., [RFC3490] Faltstrom P., Hoffman P., Costello A.,
"Internationalizing Domain Names in Applications (IDNA)", "Internationalizing Domain Names in Applications (IDNA)",
RFC 3490, March 2003 RFC 3490, March 2003
...[ROADMAP] Zeilenga, K., "LDAP: Technical Specification Road Map", [ROADMAP] Zeilenga, K., "LDAP: Technical Specification Road Map",
draft-ietf-ldapbis-roadmap-xx (a work in progress) draft-ietf-ldapbis-roadmap-xx (a work in progress)
[Syntaxes] S. Legg (editor), "LDAP: Syntaxes", draft-ietf-ldapbis- [Syntaxes] S. Legg (editor), "LDAP: Syntaxes", draft-ietf-ldapbis-
syntaxes-xx (a work in progress) syntaxes-xx (a work in progress)
[X.121] International numbering plan for public data networks, [X.121] International numbering plan for public data networks,
ITU-T Recommendation X.121, 1996 ITU-T Recommendation X.121, 1996
[X.509] The Directory: Authentication Framework, ITU-T [X.509] The Directory: Authentication Framework, ITU-T
Recommendation X.509, 1993 Recommendation X.509, 1993
skipping to change at page 24, line 44 skipping to change at page 25, line 50
[LDAP-CERT] Klasen, N., Gietz, P. "An LDAPv3 Schema for X.509 [LDAP-CERT] Klasen, N., Gietz, P. "An LDAPv3 Schema for X.509
Certificates", Internet Draft draft-klasen-ldap- Certificates", Internet Draft draft-klasen-ldap-
x509certificate-schema-xx (a work in progress) x509certificate-schema-xx (a work in progress)
[LDAP-CRL] Chadwick, D. W. and M. V. Sahalayev, "Internet X.509 [LDAP-CRL] Chadwick, D. W. and M. V. Sahalayev, "Internet X.509
Public Key Infrastructure - LDAP Schema for X.509 CRLs", Public Key Infrastructure - LDAP Schema for X.509 CRLs",
Internet Draft draft-ietf-pkix-ldap-crl-schema-xx (a Internet Draft draft-ietf-pkix-ldap-crl-schema-xx (a
work in progress) work in progress)
[RFC1274] Barker, P, Kille, S.,"The COSINE and Internet X.500
Schema", RFC 1274, November 1991
[RFC2247] Kille, S., Wahl, M., Grimstad, A., Huber, R., and [RFC2247] Kille, S., Wahl, M., Grimstad, A., Huber, R., and
Sataluri, S., "Using Domains in LDAP/X.500 Distinguished Sataluri, S., "Using Domains in LDAP/X.500 Distinguished
Names", RFC 2247, January 1998 Names", RFC 2247, January 1998
[RFC2798] Smith, M., "Definition of the inetOrgPerson LDAP Object
Class", RFC 2798, April 2000
[RFC3377] Hodges, J., Morgan, R., "Lightweight Directory Access [RFC3377] Hodges, J., Morgan, R., "Lightweight Directory Access
Protocol (v3): Technical Specification", RFC 3377, Protocol (v3): Technical Specification", RFC 3377,
September 2002 September 2002
[SASLprep] Zeilenga K., "SASLprep: Stringprep profile for user [SASLprep] Zeilenga K., "SASLprep: Stringprep profile for user
names and passwords", draft-ietf-sasl-saslprep-xx (a names and passwords", draft-ietf-sasl-saslprep-xx (a
work in progress) work in progress)
[X.500] The Directory, ITU-T Recommendations X.501-X.525, 1993 [X.500] The Directory, ITU-T Recommendations X.501-X.525, 1993
skipping to change at page 25, line 16 skipping to change at page 26, line 32
Kathy Dally Kathy Dally
The MITRE Corp. The MITRE Corp.
7515 Colshire Dr., H300 7515 Colshire Dr., H300
McLean VA 22102 McLean VA 22102
USA USA
Phone: +1 703 883 6058 Phone: +1 703 883 6058
Email: kdally@mitre.org Email: kdally@mitre.org
9. Full Copyright Statement 9. Intellectual Property Rights (IPR) Disclosure
Copyright (C) The Internet Society (2002). All Rights Reserved. By submitting this Internet-Draft, I certify that any applicable
patent or other IPR claims of which I am aware have been disclosed,
or will be disclosed, and any of which I become aware will be
disclosed, in accordance with RFC 3668.
This document and translations of it may be copied and furnished to 10. IPR Notice
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be The IETF takes no position regarding the validity or scope of any
revoked by the Internet Society or its successors or assigns. Intellectual Property Rights or other rights that might be claimed
to pertain to the implementation or use of the technology
described in this document or the extent to which any license
under such rights might or might not be available; nor does it
represent that it has made any independent effort to identify any
such rights. Information on the procedures with respect to rights
in RFC documents can be found in BCP 78 and BCP 79.
This document and the information contained herein is provided on an Copies of IPR disclosures made to the IETF Secretariat and any
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING assurances of licenses to be made available, or the result of an
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING attempt made to obtain a general license or permission for the use
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION of such proprietary rights by implementers or users of this
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF specification can be obtained from the IETF on-line IPR repository
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. at http://www.ietf.org/ipr.
Appendix A Changes RFC 2256 The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or otherproprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at:
ietf-ipr@ietf.org.
11. Copyright Notice and Disclaimer
Copyright (C) The Internet Society (2004). This document is
subject to the rights, licenses and restrictions contained in BCP
78, and except as set forth therein, the authors retain all their
rights.
This document and the information contained herein are provided on
an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT
THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR
ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE.
Appendix A Changes Made Since RFC 2256
This appendix lists the changes that have been made from RFC 2256 to This appendix lists the changes that have been made from RFC 2256 to
this I-D. this I-D.
1. Replaced the document title. 1. Replaced the document title.
2. Removed the IESG Note. 2. Removed the IESG Note.
3. Dependencies on RFC 1274 have been eliminated. 3. Dependencies on RFC 1274 have been eliminated.
skipping to change at line 1318 skipping to change at page 29, line 6
supportedApplicationContext attribute types and the dmd, supportedApplicationContext attribute types and the dmd,
applicationEntity, and dSA object classes. applicationEntity, and dSA object classes.
10. Deleted the aliasedObjectName and objectClass attribute 10. Deleted the aliasedObjectName and objectClass attribute
type definitions. Deleted the alias and top object class type definitions. Deleted the alias and top object class
definitions. They are included in [Models]. definitions. They are included in [Models].
11. Added the 'dc' attribute type from RFC 2247. 11. Added the 'dc' attribute type from RFC 2247.
12. Numerous edititorial changes. 12. Numerous edititorial changes.
13. Removed upper bound after the SYNTAX oid in all attribute
definitions where it appeared.
14. Added text about Unicode, SASLprep and UTF-8 for userPassword.
changes since 07:
15. Corrected examples in preferredDeliveryMethod, uniqueMember,
postalAddress, and registeredAddress attribute types.
16. Clarified and corrected examples in owner and roleOccupant
attribute types.
17. Added RFC 2234 to normative references.
18. Added RFC 1274 and RFC 2798 to informative references.
19. Removed the statement about RFC 2026 conformance.
20. Added the IPR Disclosure and Notice
21. Updated the Copyright text.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/