From 30af73da75408c025b224999e0c3bac9acec2a69 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Fri, 26 Oct 2001 02:10:30 +0000 Subject: [PATCH] draft 04 --- .../draft-zeilenga-ldap-user-schema-xx.txt | 660 ++++++++++-------- 1 file changed, 386 insertions(+), 274 deletions(-) diff --git a/doc/drafts/draft-zeilenga-ldap-user-schema-xx.txt b/doc/drafts/draft-zeilenga-ldap-user-schema-xx.txt index 618a8c866a..940e9e18e3 100644 --- a/doc/drafts/draft-zeilenga-ldap-user-schema-xx.txt +++ b/doc/drafts/draft-zeilenga-ldap-user-schema-xx.txt @@ -6,13 +6,14 @@ INTERNET-DRAFT Editor: Kurt D. Zeilenga Intended Category: Standard Track OpenLDAP Foundation -Expires: 26 December 2001 26 June 2001 +Expires: 22 April 2002 22 October 2001 Obsoletes: RFC 1274 +Updates: RFC 2798 LDAPv3: A Collection of User Schema - + Status of this Memo @@ -23,9 +24,9 @@ Status of this Memo This document is intended to be, after appropriate review and revision, submitted to the RFC Editor as a Standard Track document. Distribution of this memo is unlimited. Technical discussion of this - document will take place on the IETF LDAP Extension Working Group - mailing list . Please send editorial - comments directly to the author . + document will take place on the IETF Directory Interest mailing list + . Please send editorial comments directly to + the author . Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other @@ -49,15 +50,99 @@ Status of this Memo Abstract This document provides a collection of user schema elements for use - with LDAP collected from numerous sources. + with LDAP collected from numerous sources including RFC 1274, X.501, + and X.520. - - -Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 1] +Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 1] -INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 +INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001 + + +Conventions + + Schema definitions are provided using LDAPv3 description formats + [RFC2252]. Definitions provided here are formatted (line wrapped) for + readability. + + The key words "SHALL", "SHALL NOT", "MUST", "MUST NOT", "SHOULD", + "SHOULD NOT", "MAY" and "MAY NOT" used in this document are to be + interpreted as described in [RFC2119]. + + +Table of Contents (to be expanded by editor) + + Status of this Memo 1 + Abstract + Conventions 2 + Table of Contents + 1. Background and Intended Use 3 + 2. Matching Rules + 2.1. booleanMatch 4 + 2.2. caseExactMatch + 2.3. caseExactOrderingMatch + 2.4. caseExactSubstringsMatch + 2.5. caseIgnoreListSubstringsMatch + 2.6. directoryStringFirstComponentMatch 5 + 2.7. integerOrderingMatch + 2.7. keywordMatch + 2.9. numericStringOrderingMatch 6 + 2.10. octetStringOrderingMatch + 2.11. storedPrefixMatch + 2.12. wordMatch 7 + 3. Attribute Types + 3.1. associatedDomain + 3.2. associatedName + 3.3. buildingName + 3.3. co 8 + 3.4. destinationIndicator + 3.5. documentAuthor + 3.6. documentIdentifier 9 + 3.7. documentLocation + 3.8. documentPublisher + 3.9. documentTitle + 3.10. documentVersion + 3.11. drink 10 + 3.12. houseIdentifier + 3.13. homePhone + 3.14. homePostalAddress + 3.15. host 11 + + + +Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 2] + +INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001 + + + 3.16. info + 3.17. mail + 3.18. manager 12 + 3.19. mobile + 3.20. organizationalStatus + 3.21. otherMailbox + 3.22. pager 13 + 3.23. personalTitle + 3.24. roomNumber + 3.25. secretary + 3.26. uid 14 + 3.27. uniqueIdentifier + 3.28. userClass + 4. Object Classes 15 + 4.1. account + 4.2. document + 4.3. documentSeries + 4.4. domainRelatedObject 16 + 4.5. friendlyCountry + 4.6. rFC822LocalPart + 4.7. room 17 + 4.8. simpleSecurityObject + 5. Security Considerations + 6. Acknowledgements + 7. Author's Address + References 18 + Full Copyright 19 1. Background and Intended Use @@ -65,33 +150,45 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 This document provides descriptions [RFC2252] of user schema for use with LDAP [LDAPTS] collected from numerous sources. - The document includes a summary of select schema introduced for the + This document includes a summary of select schema introduced for the COSINE and Internet X.500 pilot projects [RFC1274]. This document obsoletes RFC 1274. - The document also contains a summary of X.500 user schema [X.520] not - included in LDAPv3 [RFC2256]. - - The key words ``MUST'', ``MUST NOT'', ``REQUIRED'', ``SHALL'', ``SHALL - NOT'', ``SHOULD'', ``SHOULD NOT'', ``RECOMMENDED'', and ``MAY'' in - this document are to be interpreted as described in RFC 2119 - [RFC2119]. + This document contains a summary of X.500 user schema [X.520] not + included in LDAPv3 [RFC2252][RFC2256]. Some of these items were + described in the inetOrgPerson [RFC2798] schema. This document + supercedes these descriptions, replacing sections 9.1.3 and 9.3.3 of + RFC 2798. -2. Syntaxes - - None (yet). - - -3. Matching Rules +2. Matching Rules This section introduces LDAP matching rules based upon descriptions of + + + +Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 3] + +INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001 + + their X.500 counterparts. -3.1. caseExactMatch +2.1. booleanMatch - CaseExactMatch compares for equality the asserted string with an + BooleanMatch compares for equality a asserted Boolean value with an + attribute value of BOOLEAN syntax. The rule returns TRUE if and only + if the values are the same, i.e. both are TRUE or both are FALSE. + (Source: X.520) + + ( 2.5.13.13 NAME 'booleanMatch' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + + +2.2. caseExactMatch + + CaseExactMatch compares for equality the asserted value with an attribute value of DirectoryString syntax. The rule is identical to the caseIgnoreMatch [RFC2252] rule except that case is not ignored. (Source: X.520) @@ -100,7 +197,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -3.2. caseExactOrderingMatch +2.3. caseExactOrderingMatch CaseExactOrderingMatch compares the collation order of the asserted string with an attribute value of DirectoryString syntax. The rule is @@ -108,21 +205,13 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 letters are not folded. (Source: X.520) ( 2.5.13.6 NAME 'caseExactOrderingMatch' - - - -Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 2] - -INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 - - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -3.3. caseExactSubstringsMatch +2.3. caseExactSubstringsMatch - CaseExactSubstringsMatch determines whether the asserted value is a - substring of an attribute value of DirectoryString syntax. The rule + CaseExactSubstringsMatch determines whether the asserted value are + substrings of an attribute value of DirectoryString syntax. The rule is identical to the caseIgnoreSubstringsMatch [RFC2252] rule except that case is not ignored. (Source: X.520) @@ -130,19 +219,14 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) -3.4. numericStringOrderingMatch - - NumericStringOrderingMatch compares the collation order of the - asserted string with an attribute value of NumericString syntax. The - rule is identical to the caseIgnoreOrderingMatch [RFC2252] rule except - that all space characters are skipped during comparison (case is - irrelevant as characters are numeric). (Source: X.520) - - ( 2.5.13.9 NAME 'NumericStringOrderingMatch' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 ) +2.4. caseIgnoreListSubstringsMatch -3.5. caseIgnoreListSubstringsMatch + +Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 4] + +INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001 + CaseIgnoreListSubstringMatch compares the asserted substring with an attribute value which is a sequence of DirectoryStrings, but where the @@ -159,19 +243,85 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) -3.6. storedPrefixMatch +2.5. directoryStringFirstComponentMatch + + DirectoryStringFirstComponentMatch compares for equality the asserted + DirectoryString value with an attribute value of type SEQUENCE whose + first component is mandatory and of type DirectoryString. The rule + returns TRUE if and only if the attribute value has a first component + whose value matches the asserted DirectoryString using the rules of + caseIgnoreMatch [RFC2252]. A value of the assertion syntax is derived + from a value of the attribute syntax by using the value of the first + component of the SEQUENCE. (Source: X.520) + + ( 2.5.13.31 NAME 'directoryStringFirstComponentMatch' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + + +2.6. integerOrderingMatch + + The integerOrderingMatch rule compares the ordering of the asserted + integer with an attribute value of Integer syntax. The rule returns + True if the attribute value is less than the asserted value. (Source: + X.520) + + ( 2.5.13.15 NAME 'integerOrderingMatch' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + + +2.7. keywordMatch + + The keywordMatch rule compares the asserted string with keywords in an + attribute value of DirectoryString syntax. The rule returns TRUE if + and only if the asserted value matches any keyword in the attribute + value. The identification of keywords in an attribute value and of + the exactness of match are both implementation specific. (Source: + + + +Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 5] + +INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001 + + + X.520) + + ( 2.5.13.32 NAME 'keywordMatch' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + + +2.8. numericStringOrderingMatch + + NumericStringOrderingMatch compares the collation order of the + asserted string with an attribute value of NumericString syntax. The + rule is identical to the caseIgnoreOrderingMatch [RFC2252] rule except + that all space characters are skipped during comparison (case is + irrelevant as characters are numeric). (Source: X.520) + + ( 2.5.13.9 NAME 'NumericStringOrderingMatch' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 ) + + +2.9. octetStringOrderingMatch + + OctetStringOrderingMatch compares the collation order of the asserted + octet string with an attribute value of OCTET STRING syntax. The rule + compares octet strings from first octet to last octet, and from the + most significant bit to the least significant bit within the octet. + The first occurrence of a different bit determines the ordering of the + strings. A zero bit precedes a one bit. If the strings are identical + but contain different numbers of octets, the shorter string precedes + the longer string. (Source: X.520) + + ( 2.5.13.18 NAME 'octetStringOrderingMatch' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) + + +2.10. storedPrefixMatch StoredPrefixMatch determines whether an attribute value, whose syntax is DirectoryString, is a prefix (i.e. initial substring) of the asserted value, without regard to the case (upper or lower) of the - - - -Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 3] - -INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 - - strings. The rule returns TRUE if and only if the attribute value is an initial substring of the asserted value with corresponding characters identical except possibly with regard to case. (Source: @@ -182,58 +332,18 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 Note: This rule can be used, for example, to compare values in the Directory which are telephone area codes with a purported value + + + +Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 6] + +INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001 + + which is a telephone number. -3.7. booleanMatch - - BooleanMatch compares for equality a asserted Boolean value with an - attribute value of BOOLEAN syntax. The rule returns TRUE if and only - if the values are the same, i.e. both are TRUE or both are FALSE. - (Source: X.520) - - ( 2.5.13.13 NAME 'booleanMatch' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) - - -3.8. octetStringOrderingMatch - - OctetStringOrderingMatch compares the collation order of the asserted - octet string with an attribute value of OCTET STRING syntax. The rule - compares octet strings from first octet to last octet, and from the - most significant bit to the least significant bit within the octet. - The first occurrence of a different bit determines the ordering of the - strings. A zero bit precedes a one bit. If the strings are identical - but contain different numbers of octets, the shorter string precedes - the longer string. (Source: X.520) - - ( 2.5.13.18 NAME 'octetStringOrderingMatch' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) - - -3.9. directoryStringFirstComponentMatch - - DirectoryStringFirstComponentMatch compares for equality the asserted - DirectoryString value with an attribute value of type SEQUENCE whose - first component is mandatory and of type DirectoryString. The rule - returns TRUE if and only if the attribute value has a first component - whose value matches the asserted DirectoryString using the rules of - caseIgnoreMatch [RFC2252]. A value of the assertion syntax is derived - from a value of the attribute syntax by using the value of the first - - - -Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 4] - -INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 - - - component of the SEQUENCE. (Source: X.520) - - ( 2.5.13.31 NAME 'directoryStringFirstComponentMatch' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -3.10. wordMatch +2.11. wordMatch The wordMatch rule compares the asserted string with words in an attribute value of DirectoryString syntax. The rule returns TRUE if @@ -246,22 +356,13 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -3.11. keywordMatch +3. Attribute Types - The keywordMatch rule compares the asserted string with keywords in an - attribute value of DirectoryString syntax. The rule returns TRUE if - and only if the asserted value matches any keyword in the attribute - value. The identification of keywords in an attribute value and of - the exactness of match are both implementation specific. (Source: - X.520) - - ( 2.5.13.32 NAME 'keywordMatch' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + This section details attribute types for use in LDAP based upon their + X.500 descriptions. -4. Attribute Types - -4.1. associatedDomain +3.1. associatedDomain The associatedDomain attribute type specifies a DNS domain [RFC1034] which is associated with an object. For example, the entry in the DIT @@ -274,17 +375,9 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -4.2. associatedName +3.2. associatedName - - - -Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 5] - -INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 - - - The Associated Name attribute type specifies an entry in the + The associatedName attribute type specifies an entry in the organizational DIT associated with a DNS domain [RFC1034]. (Source: RFC 1274) @@ -293,7 +386,15 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) -4.4. buildingName +3.3. buildingName + + + + +Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 7] + +INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001 + The buildingName attribute type specifies the name of the building where an organization or organizational unit is based. (Source: RFC @@ -305,7 +406,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -4.5. co +3.3. co The co (Friendly Country Name) attribute type specifies names of countries in human readable format. The standard attribute country @@ -319,7 +420,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -4.6. destinationIndicator +3.4. destinationIndicator The destinationIndicator attribute type specifies (according to CCITT Recommendation F.1 and CCITT Recommendation F.31) the country and city @@ -330,17 +431,11 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 ( 2.5.4.27 NAME 'destinationIndicator' EQUALITY caseIgnoreMatch - SUBSTRINGS caseIgnoreSubstringsMatch + SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) - -Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 6] - -INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 - - -4.7. documentAuthor +3.5. documentAuthor The documentAuthor attribute type specifies the distinguished name of the author of a document. (Source: RFC 1274) @@ -350,7 +445,14 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) -4.8. documentIdentifier + + +Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 8] + +INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001 + + +3.6. documentIdentifier The documentIdentifier attribute type specifies a unique identifier for a document. (Source: RFC 1274) @@ -361,7 +463,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -4.9. documentLocation +3.7. documentLocation The documentLocation attribute type specifies the location of the document original. (Source: RFC 1274) @@ -372,7 +474,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -4.10. documentPublisher +3.8. documentPublisher The documentPublisher attribute is the person and/or organization that published a document. (Source: RFC 1274) @@ -383,37 +485,36 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -4.11. documentTitle +3.9. documentTitle The documentTitle attribute type specifies the title of a document. (Source: RFC 1274) - - - -Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 7] - -INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 - - ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -4.12. documentVersion +3.10. documentVersion The documentVersion attribute type specifies the version number of a document. (Source: RFC 1274) + + +Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 9] + +INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001 + + ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -4.13. drink +3.11. drink The drink (Favourite Drink) attribute type specifies the favorite drink of an object (or person). (Source: RFC 1274) @@ -424,7 +525,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -4.14. houseIdentifier +3.12. houseIdentifier The houseIdentifier attribute type specifies a linguistic construct used to identify a particular building, for example a house number or @@ -438,20 +539,12 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) -4.15. homePhone +3.13. homePhone The homePhone (Home Telephone Number) attribute type specifies a home telephone number (e.g., "+44 71 123 4567") associated with a person. (Source: RFC 1274) - - - -Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 8] - -INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 - - ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTelephoneNumber' ) EQUALITY telephoneNumberMatch @@ -459,10 +552,18 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) -4.16. homePostalAddress +3.14. homePostalAddress The homePostalAddress attribute type specifies a home postal address for an object. This should be limited to up to 6 lines of 30 + + + +Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 10] + +INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001 + + characters each. (Source: RFC 1274) ( 0.9.2342.19200300.100.1.39 @@ -472,7 +573,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) -4.17. host +3.15. host The host attribute type specifies a host computer. (Source: RFC 1274) @@ -482,7 +583,8 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -4.18. info + +3.16. info The info (Information) attribute type specifies any general information pertinent to an object. It is RECOMMENDED that specific @@ -498,29 +600,30 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) -4.19. mail - - - - -Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 9] - -INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 - +3.17. mail The mail (rfc822mailbox) attribute type holds an the electronic mail address in RFC822 form (e.g.: user@example.com). Note that this attribute SHOULD NOT be used to hold non-Internet addresses. (Source: RFC 1274) + ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' ) EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch + + + +Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 11] + +INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001 + + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) -4.20. manager +3.18. manager The Manager attribute type specifies the manager of an object represented by an entry. (Source: RFC 1274) @@ -531,7 +634,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) -4.21. mobile +3.19. mobile The mobile (Mobile Telephone Number) attribute type specifies a mobile telephone number (e.g., "+44 71 123 4567") associated with a person. @@ -544,7 +647,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) -4.22. organizationalStatus +3.20. organizationalStatus The organizationalStatus attribute type specifies a category by which a person is often referred to in an organization. Examples of usage @@ -556,23 +659,23 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 (Source: RFC 1274) ( 0.9.2342.19200300.100.1.45 - - - -Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 10] - -INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 - - NAME 'organizationalStatus' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -4.23. otherMailbox +3.21. otherMailbox The otherMailbox attribute type specifies values for electronic + + + +Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 12] + +INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001 + + mailbox types other than X.400 and RFC822. (Source: RFC 1274) ( 0.9.2342.19200300.100.1.22 @@ -580,7 +683,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 ) -4.24. pager +3.22. pager The pager (Pager Telephone Number) attribute type specifies a pager telephone number (e.g., "+44 71 123 4567") for an object. (Source: @@ -593,7 +696,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) -4.25. personalTitle +3.23. personalTitle The personalTitle attribute type specifies a personal title for a person. Examples of personal titles are "Frau", "Dr", "Herr", and @@ -606,20 +709,12 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -4.26. roomNumber +3.24. roomNumber The roomNumber attribute type specifies the room number of an object. Note that the cn (commonName) attribute should be used for naming room objects. (Source: RFC 1274) - - - -Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 11] - -INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 - - ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' EQUALITY caseIgnoreMatch @@ -627,7 +722,15 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -4.27. secretary +3.25. secretary + + + + +Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 13] + +INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001 + The secretary attribute type specifies the secretary of a person. The attribute value for Secretary is a distinguished name. (Source: RFC @@ -639,7 +742,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) -4.28. uid +3.26. uid The uid (userid) attribute type specifies a computer system login name. (Source: RFC 1274) @@ -651,39 +754,40 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -4.29. uniqueIdentifier +3.27. uniqueIdentifier - The uniqueIdentifier attribute type specifies an identifier which may - be used to distinguish between object references when a distinguished - name has been reused. It may be, for example, an encoded object - identifier, certificate, date, timestamp, or some other form of - certification on the validity of the distinguished name. - - An attribute value for uniqueIdentifier is a bitString. (Source: - X.520) + The Unique Identifier attribute type specifies a "unique identifier" + for an object represented in the Directory. The domain within which + the identifier is unique, and the exact semantics of the identifier, + are for local definition. For a person, this might be an institution- + wide payroll number. For an organizational unit, it might be a + department code. An attribute value for uniqueIdentifier is a + directoryString. (Source: RFC 1274) ( 2.5.4.45 NAME 'uniqueIdentifier' - EQUALITY bitStringMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + + Note: X.520 describes an attribute also called 'uniqueIdentifier' + (2.5.4.45) which is called 'x500UniqueIdentifier' in LDAP + [RFC2256]. The attribute detailed here ought not be confused + with x500UniqueIdentifier. - Note: RFC 1274 describes a variant of this attribute which is not - - - -Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 12] - -INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 - - - used. - - -4.30. userClass +3.28. userClass The userClass attribute type specifies a category of computer user. The semantics placed on this attribute are for local interpretation. Examples of current usage od this attribute in academia are + + + +Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 14] + +INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001 + + undergraduate student, researcher, lecturer, etc. Note that the organizationalStatus attribute may now often be preferred as it makes no distinction between computer users and others. (Source: RFC 1274) @@ -694,9 +798,12 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -5. Object Classes +4. Object Classes -5.1. account + This section details attribute types for use in LDAP based upon their + X.500 descriptions. + +4.1. account The account object class is used to define entries representing computer accounts. The uid (userid) attribute should be used for @@ -709,7 +816,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 MAY ( description $ seeAlso $ l $ o $ ou $ host ) ) -5.2. document +4.2. document The document object class is used to define entries which represent documents. (Source: RFC 1274) @@ -723,19 +830,20 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 documentLocation $ documentPublisher ) ) -5.3. documentSeries - - - -Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 13] - -INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 - +4.3. documentSeries The documentSeries object class is used to define an entry which represents a series of documents (e.g., The Request For Comments memos). (Source: RFC 1274) + + + +Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 15] + +INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001 + + ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top STRUCTURAL @@ -744,7 +852,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 telephonenumber ) ) -5.4. domainRelatedObject +4.4. domainRelatedObject The domainRelatedObject object class is used to define entries which represent DNS domains which are "equivalent" to an X.500 domain: e.g., @@ -756,7 +864,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 MUST associatedDomain ) -5.5. friendlyCountry +4.5. friendlyCountry The friendlyCountry object class is used to define country entries in the DIT. The object class is used to allow friendlier naming of @@ -770,7 +878,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 MUST co ) -5.6. rFC822LocalPart +4.6. rFC822LocalPart The rFC822LocalPart object class is used to define entries which represent the local part of RFC822 mail addresses. This treats this @@ -780,23 +888,23 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 NAME 'rFC822localPart' SUP domain STRUCTURAL MAY ( cn $ description $ destinationIndicator $ - - - -Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 14] - -INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 - - facsimileTelephoneNumber $ internationaliSDNNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ preferredDeliveryMethod $ registeredAddress $ seeAlso $ sn $ street $ + + + +Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 16] + +INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001 + + telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ x121Address ) ) -5.7. room +4.7. room The room object class is used to define entries representing rooms. The cn (commonName) attribute should be used for naming entries of @@ -809,7 +917,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 seeAlso $ telephoneNumber ) ) -5.8. simpleSecurityObject +4.8. simpleSecurityObject The simpleSecurityObject object class is used to allow an entry to have a userPassword attribute when an entry's principal object classes @@ -819,33 +927,35 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 SUP top AUXILIARY MUST userPassword ) - Note: Security considerations related to simple authentication - mechanisms in LDAP are discussed in RFC 2829 [RFC2829]. + Note: Security considerations related to the use of simple + authentication mechanisms in LDAP are discussed in RFC 2829 + [RFC2829]. -6. Security Considerations +5. Security Considerations - General LDAP security considerations [RFC2251][RFC2252][RFC2256] is - applicable to the use of this schema. Additional considerations are - noted above where appropriate. + General LDAP security considerations [LDAPTS] is applicable to the use + of this schema. Additional considerations are noted above where + appropriate. -7. Acknowledgements +6. Acknowledgements This document borrows from a number of IETF documents including RFC - 1274 and RFC 2252. This document also borrows from a number of ITU - documents including X.501 and X.520. + 1274 by Paul Barker and Steve Kille. This document also borrows from + a number of ITU documents including X.520. + + +7. Author's Address -Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 15] +Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 17] -INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 +INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001 -8. Author's Address - Kurt D. Zeilenga OpenLDAP Foundation @@ -866,15 +976,12 @@ References November 1991. [RFC2219] S. Bradner, "Key words for use in RFCs to Indicate - Requirement Levels", RFC 2119, March 1997. + Requirement Levels", RFC 2119 (also BCP 14), March 1997. [RFC2247] S. Kille, M. Wahl, A. Grimstad, R. Huber, S. Sataluri, "Using Domains in LDAP/X.500 Distinguished Names", January 1998. - [RFC2251] M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access - Protocol (v3)", RFC 2251, December 1997. - [RFC2252] M. Wahl, A. Coulbeck, T. Howes, S. Kille, "Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions", RFC 2252, December 1997. @@ -882,11 +989,14 @@ References [RFC2256] M. Wahl, "A Summary of the X.500(96) User Schema for use with LDAPv3", RFC 2256, December 1997. - [RFC2829] M. Wahl, H. Alvestrand, J. Hodges, R. Morgan, - "Authentication Methods for LDAP", May 2000 + [RFC2798] M. Smith, "The LDAP inetOrgPerson Object Class", RFC 2798, + April 2000. - [LDAPTS] J. Hodges, R.L. Morgan, "Lightweight Directory Access - Protocol (v3): Technical Specification", draft-ietf-ldapbis- + [RFC2829] M. Wahl, H. Alvestrand, J. Hodges, R. Morgan, + "Authentication Methods for LDAP", RFC 2829, May 2000. + + [LDAPTS] J. Hodges, R. Morgan, "Lightweight Directory Access Protocol + (v3): Technical Specification", draft-ietf-ldapbis- ldapv3-ts-00.txt. [X.520] "The Directory: Selected Attribute Types", ITU @@ -895,9 +1005,11 @@ References -Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 16] + + +Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 18] -INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001 +INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001 Full Copyright @@ -951,5 +1063,5 @@ Full Copyright -Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 17] +Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 19]