INTERNET-DRAFT K. Dally, Editor Intended Category: Standard Track The MITRE Corp. Expires: January 2005 July 2004 Updates: RFC 2247, RFC 2798 Obsoletes: RFC 2256 LDAP: Schema for User Applications Status of this Memo This document is intended to be, after appropriate review and revision, submitted to the RFC Editor as a Standard Track document. Distribution of this memo is unlimited. Technical discussion of this document will take place on the IETF LDAP Revision Working Group (LDAPbis) mailing list . Please send editorial comments directly to the author . Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.html. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Copyright Notice Copyright 2004, The Internet Society. All Rights Reserved. Abstract This document is a integral part of the Lightweight Directory Access Protocol (LDAP) technical specification [ROADMAP]. It provides a technical specification of attribute types and object classes intended for use by LDAP directory clients for many directory services, such as, White Pages. These objects are widely used as a basis for the schema in many LDAP directories. This document does not cover attributes used for the administration of directory servers, nor does it include directory objects defined for specific uses in other documents. Dally Expires January 2005 [Page 1] INTERNET-DRAFT draft-ietf-ldapbis-user-schema-08 July 2004 Table of Contents Status of this Memo 1 Copyright Notice 1 Abstract 1 Table of Contents 2 1. Introduction 4 1.1 Situation 4 1.2 Conventions 4 1.3 General Issues 4 1.4 Source 5 2. Attribute Types 5 2.1 businessCategory 5 2.2 c 6 2.3 cn 6 2.4 dc 6 2.5 description 7 2.6 destinationIndicator 7 2.7 distinguishedName 7 2.8 dnQualifier 8 2.9 enhancedSearchGuide 8 2.10 facsimileTelephoneNumber 8 2.11 generationQualifier 8 2.12 givenName 9 2.13 houseIdentifier 9 2.14 initials 9 2.15 internationalISDNNumber 9 2.16 l 10 2.17 member 10 2.18 name 10 2.19 o 10 2.20 ou 11 2.21 owner 11 2.22 physicalDeliveryOfficeName 11 2.23 postalAddress 11 2.24 postalCode 12 2.25 postOfficeBox 12 2.26 preferredDeliveryMethod 12 2.27 registeredAddress 13 2.28 roleOccupant 13 2.29 searchGuide 13 2.30 seeAlso 13 2.31 serialNumber 14 2.32 sn 14 2.33 st 14 Dally Expires January 2005 [Page 2] INTERNET-DRAFT draft-ietf-ldapbis-user-schema-08 July 2004 2.34 street 14 2.35 telephoneNumber 15 2.36 teletexTerminalIdentifier 15 2.37 telexNumber 15 2.38 title 15 2.39 uid 15 2.40 uniqueMember 16 2.41 userPassword 16 2.42 x121Address 17 2.43 x500UniqueIdentifier 17 3. Object Classes 18 3.1 applicationProcess 18 3.2 country 18 3.3 device 18 3.4 groupOfNames 19 3.5 groupOfUniqueNames 19 3.6 locality 19 3.7 organization 20 3.8 organizationalPerson 20 3.9 organizationalRole 20 3.10 organizationalUnit 21 3.11 person 21 3.12 residentialPerson 21 4. IANA Considerations 22 5. Security Considerations 23 6. Acknowledgements 24 7. References 24 7.1 Normative 24 7.2 Informative 25 8. Author's Address 26 9. Intellectual Property Rights (IPR) Disclosure 26 10. IPR Notice 26 11. Copyright Notice and Disclaimer 27 Dally Expires January 2005 [Page 3] INTERNET-DRAFT draft-ietf-ldapbis-user-schema-08 July 2004 1. Introduction This document provides an overview of attribute types and object classes intended for use by Lightweight Directory Access Protocol directory clients for many directory services, such as, White Pages. Originally specified in the X.500 [X.500] documents, these objects are widely used as a basis for the schema in many LDAP directories. This document does not cover attributes used for the administration of directory servers, nor does it include directory objects defined for specific uses in other documents. 1.1 Situation This document is a integral part of the LDAP technical specification [ROADMAP] which obsoletes the previously defined LDAP technical specification [RFC3377] in its entirety. In terms of RFC 2256, Sections 6 and 8 of RFC 2256 are obsoleted by [Syntaxes]. Sections 5.1, 5.2, 7.1 and 7.2 of RFC 2256 are obsoleted by [Models]. The remainder of RFC 2256 is obsoleted by this document. Section 2.4 of this document supercedes the technical specification for the 'dc' attribute type found in RFC 2247. The remainder of RFC 2247 remains in force. This document updates RFC 2798 by replacing the informative description of the 'uid' attribute type, with the definitive description provided in Section 2.39 of this document. A number of schema elements which were included in the previous revision of the LDAP Technical Specification are not included in this revision of LDAP. PKI-related schema elements are now specified in [LDAP-CERT] and [LDAP-CRL]. Unless reintroduced in future technical specifications, the remainder are to be considered Historic. 1.2 Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 1.3 General Issues This document references Syntaxes given in Section 3 of [Syntaxes] and Matching Rules specified in Section 4 of [Syntaxes]. The definitions of Attribute Types and Object Classes are written using the ABNF form of AttributeTypeDescription and ObjectClassDescription given in [Models]. Lines have been folded for readability. Dally Expires January 2005 [Page 4] INTERNET-DRAFT draft-ietf-ldapbis-user-schema-08 July 2004 1.4 Source The schema definitions in this document are based on those found in the X.500-series [X.520] and [X.521], RFC 2798 [RFC2798] and RFC 2247 [RFC2247], specifically: Sections Source ============ ================== 2.1 - 2.3 X.520 [X.520] 2.4 RFC 2247 [RFC2247] 2.5 - 2.38 X.520 [X.520] 2.39 RFC 2798 [2798] 2.40 - 2.43 X.520 [X.520] 3.1 - 3.12 X.521 [X.521] However, the descriptions in this document SHALL be considered definitive for use in LDAP. 2. Attribute Types The Attribute Types contained in this section hold user information. There is no requirement that servers implement the following attribute types: searchGuide teletexTerminalIdentifier In fact, their use is greatly discouraged. An LDAP server implementation SHOULD recognize the rest of the attribute types described in this section. 2.1 businessCategory The businessCategory attribute type describes the kinds of business performed by an organization (e.g., "banking", "transportation"). Each kind is one value of this multi-valued attribute. ( 2.5.4.15 NAME 'businessCategory' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax [Syntaxes]. Dally Expires January 2005 [Page 5] INTERNET-DRAFT draft-ietf-ldapbis-user-schema-08 July 2004 2.2 c The c (countryName) attribute type contains a two-letter ISO 3166 [ISO3166] country code (e.g., "DE"). (Source: X.520) ( 2.5.4.6 NAME 'c' SUP name SINGLE-VALUE ) 2.3 cn The cn (commonName) attribute type contains names of an object (e.g., "Martin K Smith", "Marty Smith", "printer12"). Each name is one value of this multi-valued attribute. If the object corresponds to a person, it is typically the person's full name. (Source: X.520) ( 2.5.4.3 NAME 'cn' SUP name ) 2.4 dc The dc (short for domainComponent) attribute type is a string holding one component, a