LDAP Schema for supporting XMPP in White Pages
Isode Ltd14 Castle MewsHamptonMiddlesexTW12 2NPUKSteve.Kille@isode.com
The Extensible Messaging and Presence Protocol (XMPP)
identifies users by use of JID (Jabber IDs). Lightweight Directory Access Protocol (LDAP) enables provision of a white pages service with schema relating to users and support for internet protocols. This specification defines schema to enable XMPP JIDs to be associated with objects in an LDAP directory so that this information can be used with white pages applications.
Extensible Messaging and Presence Protocol (XMPP)
identifies users by use of JID (Jabber IDs). Lightweight Directory Access Protocol (LDAP) enables provision of a white pages service with schema relating to users and support for internet protocols defined in . This specification defines schema to enable XMPP JIDs to be associated with LDAP directory objects so that this information can be used with white pages applications.
The LDAP schema for storing JIDs is defined to enable JIDs to be associated with any object stored in the directory. This is done by associating the new JID Attribute with a new Auxiliary Object Class (JIDObject).The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
this document are to be interpreted as described in
.This section defines the schema used to store JIDs in the directory.This section defines a new Auxiliary Object Class (JIDObject) which MAY be associated with any structural Object Class.
This Object Class is used to augment entries for objects that act or may act as an XMPP client. The JID attribute is optional, to enable configuring an object that is allowed to have an associated JID but does not currently have one.
This section defines the JID attribute referenced by the JIDObject Auxiliary Object Class. The syntax of the JID attribute MUST follow the rules of . The JID stored MUST be a bare JID (e.g., a JID such as romeo@shakespeare.example.com representing a user) and not a full JID (e.g. a JID such as romeo@shakespare.example.com/AABBCC representing a specific client identified by the resource AABBCC). Note that the LDAP directory server is not expected to enforce this syntax. The syntax rules are for LDAP clients setting this attribute, noting that human usage is a key target. Applications using this attribute should format that string in a manner appropriate to the application and XMPP applications SHOULD apply to the attribute. The directory service doesn't enforce the JID syntax and values are compared according to the matching rules specified in the attribute definition.
NOTE: The directory string syntax and the caseIgnoreMatch matching rule are chosen to allow entry and matching of values according to common rules used within the directory, for convenience for users and administrators as well as implementers. As this syntax and matching rules differs from false positive and false negative can possibly occur. This is not anticipated to cause operational issues (based on implementation experience with similar syntax/matching rule mismatches).
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax defined in .
The following registrations are requested in the LDAP Registry
<https://www.iana.org/assignments/ldap-parameters/ldap-parameters.xhtml> in line with BP 64 . This will lead to assignment of the two Object Identifiers, referenced as TBA.1 and TBA.2 in this draft.
Object Identifier RegistrationIn the following two registrations, TBA is replaced with the OID assigned in the preceding registration.NOTE TO RFC EDITOR: TBA in this document should be replaced with the IANA assigned OID.'JIDObject' Descriptor Registration'jid' Descriptor RegistrationXMPP JIDs are often personal identifiers enabling electronic communication, with similar considerations to email addresses. This schema enables publishing of this information in LDAP directories which may be corporate or public services.
Care should be taken to only publish JID information which is acceptable to be linked to the LDAP object and be made accessible to all LDAP users.
The general LDAP Security Considerations specified in also apply.Thanks to Alexey Melnikov for suggestions on preparing this draft. Thanks to Alan Murdock, Yoav Nir, Peter Saint-Andre and Kurt Zeilenga for review comments.