One document matched: draft-zeilenga-ldap-user-schema-07.txt
Differences from draft-zeilenga-ldap-user-schema-06.txt
INTERNET-DRAFT Editor: Kurt D. Zeilenga
Intended Category: Standard Track OpenLDAP Foundation
Expires in six months 24 October 2004
Obsoletes: RFC 1274
Updates: RFC 2798
LDAP: Additional Schema Elements
<draft-zeilenga-ldap-user-schema-07.txt>
Status of this Memo
This document is intended to be, after appropriate review and
revision, submitted to the RFC Editor as a Standard Track document.
Distribution of this memo is unlimited. Technical discussion of this
document will take place on the IETF LDAPEXT mailing list
<ldapext@ietf.org>. Please send editorial comments directly to the
author <Kurt@OpenLDAP.org>.
By submitting this Internet-Draft, I accept the provisions of Section
4 of RFC 3667. By submitting this Internet-Draft, I certify that any
applicable patent or other IPR claims of which I am aware have been
disclosed, or will be disclosed, and any of which I become aware will
be disclosed, in accordance with RFC 3668.
Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
<http://www.ietf.org/ietf/1id-abstracts.txt>. The list of
Internet-Draft Shadow Directories can be accessed at
<http://www.ietf.org/shadow.html>.
Copyright (C) The Internet Society (2004). All Rights Reserved.
Please see the Full Copyright section near the end of this document
for more information.
Abstract
Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 1]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004
This document provides a collection of schema elements for use with
the Lightweight Directory Access Protocol from COSINE and Internet
X.500 pilot projects.
Table of Contents (to be expanded by editor)
Status of this Memo 1
Abstract
Conventions 2
Table of Contents
1. Background and Intended Use 3
2. Terminology and Conventions
3. Attribute Types
3.1. associatedDomain
3.2. associatedName
3.3. buildingName
3.3. co 8
3.5. documentAuthor
3.6. documentIdentifier
3.7. documentLocation
3.8. documentPublisher 9
3.9. documentTitle
3.10. documentVersion
3.11. drink
3.12. homePhone 10
3.13. homePostalAddress
3.14. host
3.16. info
3.17. mail 11
3.18. manager
3.19. mobile
3.20. organizationalStatus
3.21. pager
3.22. personalTitle
3.23. roomNumber
3.24. secretary 13
3.26. uniqueIdentifier
3.27. userClass 14
4. Object Classes
4.1. account
4.2. document
4.3. documentSeries 15
4.4. domainRelatedObject
4.5. friendlyCountry
4.6. rFC822LocalPart
4.7. room 16
4.8. simpleSecurityObject
Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 2]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004
5. Security Considerations
6. IANA Considerations 17
7. Acknowledgments 18
8. Author's Address
9. References 19
Full Copyright 20
1. Background and Intended Use
This document provides descriptions of additional for schema elements
for use with the Lightweight Directory Access Protocol (LDAP)
[Roadmap]. The elements were originally introduced for use in the
COSINE and Internet X.500 pilot projects [RFC1274]. This document
adapts the schema elements for use in modern directory applications,
while preserving established syntaxes and semantics.
This document, together with RFC 2247 and [Schema], obsoletes RFC
1274. Some of these items were described in the inetOrgPerson
[RFC2798] schema. This document supersedes these descriptions. This
document, together with [Schema], replaces section 9.1.3 of RFC 2798.
2. Terminology and Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14 [RFC2119].
DIT stands for Directory Information Tree.
DN stands for Distinguished Name.
DSA stands for Directory System Agent, a server.
DSE stands for DSA-Specific Entry.
DUA stands for Directory User Agent, a client.
These terms are discussed in [Models].
Schema definitions are provided using LDAP description formats
[Models]. Definitions provided here are formatted (line wrapped) for
readability.
3. Attribute Types
This section details attribute types for use in LDAP.
3.1. associatedDomain
Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 3]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004
The associatedDomain attribute type specifies DNS domains [RFC1034]
which are associated with an object. For example, the entry in the
DIT with a DN <DC=example,DC=com> might have an associated domain of
"example.com".
( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
The IA5String (1.3.6.1.4.1.1466.115.121.1.26) syntax and the
caseIgnoreIA5Match and caseIgnoreIA5SubstringsMatch rules are
described in [Syntaxes].
It is noted that the directory will not ensure that values of this
attribute conform to the <domain> production [RFC1034]. It is the
application responsibility to ensure domains it stores in this
attribute are appropriately represented.
It is also noted that applications supporting Internationalized Domain
Names SHALL use the ToASCII method [RFC3490] to produce <label>
components of the <domain> production.
3.2. associatedName
The associatedName attribute type specifies entries in the
organizational DIT associated with a DNS domain [RFC1034].
( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
distinguishedNameMatch rule are described in [Syntaxes].
3.3. buildingName
The buildingName attribute type specifies names of the buildings where
an organization or organizational unit is based.
( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 4]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004
caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
[Syntaxes].
3.3. co
The co (Friendly Country Name) attribute type specifies names of
countries in human-readable format. It is commonly used in
conjunction with the c (Country Name) [Schema] attribute type (which
restricted to one of the two-letter codes defined in [ISO3166]).
( 0.9.2342.19200300.100.1.43
NAME ( 'co' 'friendlyCountryName' )
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
[Syntaxes].
3.5. documentAuthor
The documentAuthor attribute type specifies the distinguished name of
authors (or editors) of a document.
( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
distinguishedNameMatch rule are described in [Syntaxes].
3.6. documentIdentifier
The documentIdentifier attribute type specifies unique identifiers for
a document. A document may be identified by more than one unique
identifier. For example, "RFC 3383" and "BCP 64" are unique
identifers which refer to the same document.
( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 5]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004
caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
[Syntaxes].
3.7. documentLocation
The documentLocation attribute type specifies locations of the
document original.
( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
[Syntaxes].
3.8. documentPublisher
The documentPublisher attribute is the persons and/or organizations
that published the document. Documents which are jointly published
have one value for each publisher.
( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
[Syntaxes].
3.9. documentTitle
The documentTitle attribute type specifies the title of a document.
( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
[Syntaxes].
Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 6]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004
3.10. documentVersion
The documentVersion attribute type specifies the version number of a
document.
( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
[Syntaxes].
3.11. drink
The drink (Favourite Drink) attribute type specifies favorite drinks
of an object (or person).
( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDrink' )
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
[Syntaxes].
3.12. homePhone
The homePhone (Home Telephone Number) attribute type specifies home
telephone numbers (e.g., "+44 71 123 4567") associated with a person.
( 0.9.2342.19200300.100.1.20
NAME ( 'homePhone' 'homeTelephoneNumber' )
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and the
telephoneNumberMatch and telephoneNumberSubstringsMatch rules are
described in [Syntaxes].
3.13. homePostalAddress
Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 7]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004
The homePostalAddress attribute type specifies home postal addresses
for an object. Each SHOULD be limited to up to 6 lines of 30
characters each.
( 0.9.2342.19200300.100.1.39
NAME 'homePostalAddress'
EQUALITY caseIgnoreListMatch
SUBSTR caseIgnoreListSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
The PostalAddress (1.3.6.1.4.1.1466.115.121.1.41) syntax and the
caseIgnoreListMatch rule are described in [Syntaxes]. The
caseIgnoreListSubstringsMatch rule is described in section 2 of this
document.
3.14. host
The host attribute type specifies host computers. 1274)
( 0.9.2342.19200300.100.1.9
NAME 'host'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
[Syntaxes].
3.16. info
The info (Information) attribute type specifies any general
information pertinent to an object. It is RECOMMENDED that specific
usage of this attribute type is avoided, and that specific
requirements are met by other (possibly additional) attribute types.
Note that the description attribute type [Schema] is available for
specifying descriptive information pertinent to an object.
( 0.9.2342.19200300.100.1.4
NAME 'info'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 8]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004
[Syntaxes].
3.17. mail
The mail (rfc822mailbox) attribute type holds Internet mail addresses
in Mailbox [RFC2821] form (e.g.: user@example.com). 1274)
( 0.9.2342.19200300.100.1.3
NAME ( 'mail' 'rfc822Mailbox' )
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
The IA5String (1.3.6.1.4.1.1466.115.121.1.26) syntax and the
caseIgnoreIA5Match and caseIgnoreIA5SubstringsMatch rules are
described in [Syntaxes].
It is noted that the directory will not ensure that values of this
attribute conform to the Mailbox production [RFC2821]. It is the
application responsibility to ensure domains it stores in this
attribute are appropriately represented.
Additionally, the directory will compare values per the matching rules
named in the above attribute type description. As these rules differ
from rules which normally apply to Mailbox comparisons, operational
issues may arise. For example, the assertion (mail=joe@example.com)
will match JOE@example.com even though the local-parts differ. Also,
where a user has two mailboxes which whose addresses differ only by
case of the local-part, both cannot be listed as values of the user's
mail attribute (as they are considered by the caseIgnoreIA5Match rule
to be equal).
It is also noted that applications supporting internationalized domain
names SHALL use the ToASCII method [RFC3490] to produce <sub-domain>
components of the <Mailbox> production.
3.18. manager
The Manager attribute type specifies managers of an object represented
by an entry.
( 0.9.2342.19200300.100.1.10
NAME 'manager'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 9]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004
The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
distinguishedNameMatch rule are described in [Syntaxes].
3.19. mobile
The mobile (Mobile Telephone Number) attribute type specifies mobile
telephone numbers (e.g., "+44 71 123 4567") associated with a person.
( 0.9.2342.19200300.100.1.41
NAME ( 'mobile' 'mobileTelephoneNumber' )
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and the
telephoneNumberMatch and telephoneNumberSubstringsMatch rules are
described in [Syntaxes].
3.20. organizationalStatus
The organizationalStatus attribute type specifies categories by which
a person is often referred to in an organization. Examples of usage
in academia might include undergraduate student, researcher, lecturer,
etc.
A Directory administrator SHOULD consider carefully the distinctions
between this and the title and userClass attributes. 1274)
( 0.9.2342.19200300.100.1.45
NAME 'organizationalStatus'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
[Syntaxes].
3.21. pager
The pager (Pager Telephone Number) attribute type specifies pager
telephone numbers (e.g., "+44 71 123 4567") for an object.
( 0.9.2342.19200300.100.1.42
NAME ( 'pager' 'pagerTelephoneNumber' )
Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 10]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and the
telephoneNumberMatch and telephoneNumberSubstringsMatch rules are
described in [Syntaxes].
3.22. personalTitle
The personalTitle attribute type specifies personal titles for a
person. Examples of personal titles are "Frau", "Dr", "Herr", and
"Prof".
( 0.9.2342.19200300.100.1.40
NAME 'personalTitle'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
[Syntaxes].
3.23. roomNumber
The roomNumber attribute type specifies the room number of an object.
During periods of renumbering or in other circumstances where a room
has multiple valid room numbers associated with it, multiple values
may be provided. Note that the cn (commonName) attribute type SHOULD
be used for naming room objects.
( 0.9.2342.19200300.100.1.6
NAME 'roomNumber'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
[Syntaxes].
3.24. secretary
The secretary attribute type specifies secretaries and/or
Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 11]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004
administrative assistants of a person. The attribute values are a
distinguished name.
( 0.9.2342.19200300.100.1.21
NAME 'secretary'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
distinguishedNameMatch rule are described in [Syntaxes].
3.26. uniqueIdentifier
The Unique Identifier attribute type specifies a "unique identifier"
for an object represented in the Directory. The domain within which
the identifier is unique, and the exact semantics of the identifier,
are for local definition. For a person, this might be an institution-
wide payroll number. For an organizational unit, it might be a
department code. An attribute value for uniqueIdentifier is a
DirectoryString.
( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
[Syntaxes].
Note: X.520 describes an attribute also called 'uniqueIdentifier'
(2.5.4.45) which is called 'x500UniqueIdentifier' in LDAP
[Schema]. The attribute detailed here ought not be confused
with x500UniqueIdentifier.
3.27. userClass
The userClass attribute type specifies categories of computer user.
The semantics placed on this attribute are for local interpretation.
Examples of current usage of this attribute in academia are
undergraduate student, researcher, lecturer, etc. Note that the
organizationalStatus attribute type is now often be preferred as it
makes no distinction between computer users and others.
( 0.9.2342.19200300.100.1.8 NAME 'userClass'
EQUALITY caseIgnoreMatch
Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 12]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
[Syntaxes].
4. Object Classes
This section details object classes for use in LDAP.
4.1. account
The account object class is used to define entries representing
computer accounts. The uid attribute SHOULD be used for naming
entries of this object class.
( 0.9.2342.19200300.100.4.5
NAME 'account'
SUP top STRUCTURAL
MUST uid
MAY ( description $ seeAlso $ l $ o $ ou $ host ) )
The top object class is described in [Models]. The description,
seeAlso, l, o, ou, and uid attribute types are described in [Schema].
The host attribute type is described in Section 3 of this document.
4.2. document
The document object class is used to define entries which represent
documents.
( 0.9.2342.19200300.100.4.6
NAME 'document'
SUP top STRUCTURAL
MUST documentIdentifier
MAY ( cn $ description $ seeAlso $ l $ o $ ou $
documentTitle $ documentVersion $ documentAuthor $
documentLocation $ documentPublisher ) )
The top object class is described in [Models]. The cn, description,
seeAlso, l, o, and ou attribute types are described in [Schema]. The
documentIdentifier, documentTitle, documentVersion, documentAuthor,
documentLocation, and documentPublisher attribute types are described
in Section 3 of this document.
Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 13]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004
4.3. documentSeries
The documentSeries object class is used to define an entry which
represents a series of documents (e.g., The Request For Comments
memos).
( 0.9.2342.19200300.100.4.9
NAME 'documentSeries'
SUP top STRUCTURAL
MUST cn
MAY ( description $ l $ o $ ou $ seeAlso $
telephonenumber ) )
The top object class is described in [Models]. The cn, description,
l, o, ou, seeAlso, and telephone attribute types are described in
[Schema].
4.4. domainRelatedObject
The domainRelatedObject object class is used to define entries which
represent DNS domains which are "equivalent" to an X.500 domain: e.g.,
an organization or organizational unit.
( 0.9.2342.19200300.100.4.17
NAME 'domainRelatedObject'
SUP top AUXILIARY
MUST associatedDomain )
The top object class is described in [Models]. The associatedDomain
attribute type is described in Section 3 of this document.
4.5. friendlyCountry
The friendlyCountry object class is used to define country entries in
the DIT. The object class is used to allow friendlier naming of
countries than that allowed by the object class country [Schema].
( 0.9.2342.19200300.100.4.18
NAME 'friendlyCountry'
SUP country STRUCTURAL
MUST co )
The country object class is described in [Schema]. The co attribute
type is described in Section 3 of this document.
Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 14]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004
4.6. rFC822LocalPart
The rFC822LocalPart object class is used to define entries which
represent the local part of Internet mail addresses [RFC2822]. This
treats the local part of the address as a domain object [RFC2247].
( 0.9.2342.19200300.100.4.14
NAME 'rFC822localPart'
SUP domain STRUCTURAL
MAY ( cn $ description $ destinationIndicator $
facsimileTelephoneNumber $ internationaliSDNNumber $
physicalDeliveryOfficeName $ postalAddress $
postalCode $ postOfficeBox $ preferredDeliveryMethod $
registeredAddress $ seeAlso $ sn $ street $
telephoneNumber $ teletexTerminalIdentifier $
telexNumber $ x121Address ) )
The domain object class is described in [RFC2247]. The cn,
description, destinationIndicator, facsimileTelephoneNumber,
internationaliSDNNumber, physicalDeliveryOfficeName, postalAddress,
postalCode, postOfficeBox, preferredDeliveryMethod, registeredAddress,
seeAlso, sn, street, telephoneNumber, teletexTerminalIdentifier,
telexNumber and x121Address are described in [Schema].
4.7. room
The room object class is used to define entries representing rooms.
The cn (commonName) attribute SHOULD be used for naming entries of
this object class.
( 0.9.2342.19200300.100.4.7 NAME 'room'
SUP top STRUCTURAL
MUST cn
MAY ( roomNumber $ description $
seeAlso $ telephoneNumber ) )
The top object class is described in [Models]. The cn, description,
seeAlso and telephoneNumber attribute types are described in [Schema].
The roomNumber attribute type is described in Section 3 of this
document.
4.8. simpleSecurityObject
The simpleSecurityObject object class is used to require an entry to
have a userPassword attribute when the entry's structural object class
does not require (or allow) the userPassword attribute.
Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 15]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004
( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
SUP top AUXILIARY
MUST userPassword )
The top object class is described in [Models]. The userPassword
attribute type are described in [Schema].
Note: Security considerations related to the use of simple
authentication mechanisms in LDAP are discussed in [AuthMeth].
5. Security Considerations
General LDAP security considerations [Roadmap] is applicable to the
use of this schema. Additional considerations are noted above where
appropriate.
6. IANA Considerations
It is requested that the Internet Assigned Numbers Authority (IANA)
update upon Standard Action the LDAP descriptors registry [BCP64bis]
as indicated the following template:
Subject: Request for LDAP Descriptor Registration Update
Descriptor (short name): see comment
Object Identifier: see comments
Person & email address to contact for further information:
Kurt Zeilenga <kurt@OpenLDAP.org>
Usage: see comments
Specification: RFC XXXX
Author/Change Controller: IESG
Comments:
The following descriptors should be updated to refer to RFC XXXX.
NAME Type OID
------------------------ ---- --------------------------
account O 0.9.2342.19200300.100.4.5
associatedDomain A 0.9.2342.19200300.100.1.37
associatedName A 0.9.2342.19200300.100.1.38
buildingName A 0.9.2342.19200300.100.1.48
co A 0.9.2342.19200300.100.1.43
document O 0.9.2342.19200300.100.4.6
documentAuthor A 0.9.2342.19200300.100.1.14
documentIdentifier A 0.9.2342.19200300.100.1.11
documentLocation A 0.9.2342.19200300.100.1.15
documentPublisher A 0.9.2342.19200300.100.1.56
Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 16]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004
documentSeries O 0.9.2342.19200300.100.4.8
documentTitle A 0.9.2342.19200300.100.1.12
documentVersion A 0.9.2342.19200300.100.1.13
domainRelatedObject O 0.9.2342.19200300.100.4.17
drink A 0.9.2342.19200300.100.1.5
favouriteDrink A 0.9.2342.19200300.100.1.5
friendlyCountry O 0.9.2342.19200300.100.4.18
friendlyCountryName A 0.9.2342.19200300.100.1.43
homePhone A 0.9.2342.19200300.100.1.20
homePostalAddress A 0.9.2342.19200300.100.1.39
homeTelephone A 0.9.2342.19200300.100.1.20
host A 0.9.2342.19200300.100.1.9
info A 0.9.2342.19200300.100.1.4
mail A 0.9.2342.19200300.100.1.3
manager A 0.9.2342.19200300.100.1.10
mobile A 0.9.2342.19200300.100.1.41
mobileTelephoneNumber A 0.9.2342.19200300.100.1.41
organizationalStatus A 0.9.2342.19200300.100.1.45
pager A 0.9.2342.19200300.100.1.42
pagerTelephoneNumber A 0.9.2342.19200300.100.1.42
personalTitle A 0.9.2342.19200300.100.1.40
RFC822LocalPart O 0.9.2342.19200300.100.4.14
RFC822Mailbox A 0.9.2342.19200300.100.1.3
room O 0.9.2342.19200300.100.4.7
roomNumber A 0.9.2342.19200300.100.1.6
secretary A 0.9.2342.19200300.100.1.21
simpleSecurityObject O 0.9.2342.19200300.100.4.19
singleLevelQuality A 0.9.2342.19200300.100.1.50
uniqueIdentifier A 0.9.2342.19200300.100.1.44
userClass A 0.9.2342.19200300.100.1.8
where Type A is Attribute, Type O is ObjectClass, and Type M
is Matching Rule.
7. Acknowledgments
This document is based upon RFC 1274 by Paul Barker and Steve Kille.
8. Author's Address
Kurt D. Zeilenga
OpenLDAP Foundation
Email: Kurt@OpenLDAP.org
Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 17]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004
9. References
[[Note to the RFC Editor: please replace the citation tags used in
referencing Internet-Drafts with tags of the form RFCnnnn where
possible.]]
9.1. Normative References
[RFC1034] Mockapetris, P., "Domain names - concepts
and facilities", STD 13 (also RFC 1034), November 1987.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14 (also RFC 2119), March 1997.
[RFC2247] Kille, S., M. Wahl, A. Grimstad, R. Huber and S.
Sataluri, "Using Domains in LDAP/X.500 Distinguished
Names", January 1998.
[RFC2821] Klensin, J. (editor), "Simple Mail Transfer Protocol",
RFC 2822, April 2001.
[RFC3490] Faltstrom, P., P. Hoffman, and A. Costello,
"Internationalizing Domain Names in Applications
(INDA)", RFC 3490, March 2003.
[Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
progress.
[Models] Zeilenga, K. (editor), "LDAP: Directory Information
Models", draft-ietf-ldapbis-models-xx.txt, a work in
progress.
[Syntaxes] Legg, S. (editor), "LDAP: Syntaxes and Matching Rules",
draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress.
[Schema] Dally, K. (editor), "LDAP: User Schema",
draft-ietf-ldapbis-user-schema-xx.txt, a work in
progress.
[AuthMeth] Harrison, R. (editor), "LDAP: Authentication Methods and
Connection Level Security Mechanisms",
draft-ietf-ldapbis-authmeth-xx.txt, a work in progress.
9.2. Informative References
[ISO3166] International Organization for Standardization, "Codes
Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 18]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004
for the representation of names of countries", ISO 3166.
[RFC1274] Barker, P. and S. Kille, "The COSINE and Internet X.500
Schema", November 1991.
[RFC2798] Smith, M., "The LDAP inetOrgPerson Object Class", RFC
2798, April 2000.
[BCP64bis] Zeilenga, K., "IANA Considerations for LDAP",
draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.
Intellectual Property Rights
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be found
in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this specification
can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Full Copyright
Copyright (C) The Internet Society (2004). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 19]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 20]
| PAFTECH AB 2003-2026 | 2026-04-23 09:01:12 |