< draft-ietf-asid-ldapv3-attributes-06.txt   draft-ietf-asid-ldapv3-attributes-07.txt >
Network Working Group M. Wahl Network Working Group M. Wahl
INTERNET-DRAFT Critical Angle Inc. INTERNET-DRAFT Critical Angle Inc.
Obsoletes: RFC 1778 A. Coulbeck Obsoletes: RFC 1778 A. Coulbeck
Isode Inc. Isode Inc.
T. Howes T. Howes
Netscape Communications Corp. Netscape Communications Corp.
S. Kille S. Kille
Isode Limited Isode Limited
Intended Category: Standards Track 11 July 1997 Intended Category: Standards Track 5 August 1997
Lightweight Directory Access Protocol (v3): Lightweight Directory Access Protocol (v3):
Attribute Syntax Definitions Attribute Syntax Definitions
<draft-ietf-asid-ldapv3-attributes-06.txt> <draft-ietf-asid-ldapv3-attributes-07.txt>
1. Status of this Memo 1. Status of this Memo
This document is an Internet-Draft. Internet-Drafts are working This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, and documents of the Internet Engineering Task Force (IETF), its areas, and
its working groups. Note that other groups may also distribute working its working groups. Note that other groups may also distribute working
documents as Internet-Drafts. documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
skipping to change at page 3, line 15 skipping to change at page 3, line 15
whsp = [ space ] whsp = [ space ]
utf8 = <any sequence of octets formed from the UTF-8 [9] utf8 = <any sequence of octets formed from the UTF-8 [9]
transformation of a character from ISO10646 [10]> transformation of a character from ISO10646 [10]>
dstring = 1*utf8 dstring = 1*utf8
qdstring = whsp "'" dstring "'" whsp qdstring = whsp "'" dstring "'" whsp
qdstringlist = ( qdstringlist qdstring ) / "" qdstringlist = [ qdstring *( qdstring ) ]
qdstrings = qdstring / ( whsp "(" qdstringlist ")" whsp ) qdstrings = qdstring / ( whsp "(" qdstringlist ")" whsp )
In the following BNF for the string representation of OBJECT In the following BNF for the string representation of OBJECT
IDENTIFIERs, descr is the syntactic representation of an object IDENTIFIERs, descr is the syntactic representation of an object
descriptor, which consists of letters and digits, starting with a descriptor, which consists of letters and digits, starting with a
letter. An OBJECT IDENTIFIER in the numericoid format should not letter. An OBJECT IDENTIFIER in the numericoid format should not
have leading zeroes (e.g. "0.9.3" is permitted but "0.09.3" should have leading zeroes (e.g. "0.9.3" is permitted but "0.09.3" should
not be generated). not be generated).
When encoding values in syntax, the descr encoding option SHOULD When encoding 'oid' elements in a value, the descr encoding option
be used in preference to the numericoid. An object descriptor is SHOULD be used in preference to the numericoid. An object descriptor is
a more readable alias for a number OBJECT IDENTIFIER, and these a more readable alias for a number OBJECT IDENTIFIER, and these
(where assigned and known by the implementation) SHOULD be used in (where assigned and known by the implementation) SHOULD be used in
preference to numeric oids to the greatest extent possible. preference to numeric oids to the greatest extent possible.
Examples of object descriptors in LDAP are attribute type, object Examples of object descriptors in LDAP are attribute type, object
class and matching rule names. class and matching rule names.
oid = descr / numericoid oid = descr / numericoid
descr = keystring descr = keystring
skipping to change at page 3, line 50 skipping to change at page 3, line 50
woid = whsp oid whsp woid = whsp oid whsp
; set of oids of either form ; set of oids of either form
oids = woid / ( "(" oidlist ")" ) oids = woid / ( "(" oidlist ")" )
oidlist = woid *( "$" woid ) oidlist = woid *( "$" woid )
; object descriptors used as schema element names ; object descriptors used as schema element names
qdescrs = qdescr / ( whsp "(" qdescrlist ")" whsp ) qdescrs = qdescr / ( whsp "(" qdescrlist ")" whsp )
qdescrlist = ( qdescrlist qdescr ) / "" qdescrlist = [ qdescr *( qdescr ) ]
qdescr = whsp "'" descr "'" whsp qdescr = whsp "'" descr "'" whsp
4.2. Attribute Types 4.2. Attribute Types
The attribute types are described by sample values for the subschema The attribute types are described by sample values for the subschema
"attributeTypes" attribute, which is written in the "attributeTypes" attribute, which is written in the
AttributeTypeDescription syntax. While lines have been folded for AttributeTypeDescription syntax. While lines have been folded for
readability, the values transferred in protocol would not contain readability, the values transferred in protocol would not contain
newlines. newlines.
The AttributeTypeDescription is encoded according to the following The AttributeTypeDescription is encoded according to the following
BNF, and the productions for oid, qdsescrs and qdstring are given BNF, and the productions for oid, qdescrs and qdstring are given
in section 4.1. Implementors should note that future versions of this in section 4.1. Implementors should note that future versions of
document may have expanded this BNF to include additional terms. this document may have expanded this BNF to include additional terms.
Terms which begin with the characters "X-" are reserved for private
experiments.
AttributeTypeDescription = "(" whsp AttributeTypeDescription = "(" whsp
numericoid whsp ; AttributeType identifier numericoid whsp ; AttributeType identifier
[ "NAME" qdescrs ] ; name used in AttributeType [ "NAME" qdescrs ] ; name used in AttributeType
[ "DESC" qdstring ] ; description [ "DESC" qdstring ] ; description
[ "OBSOLETE" whsp ] [ "OBSOLETE" whsp ]
[ "SUP" woid ] ; derived from this other [ "SUP" woid ] ; derived from this other
; AttributeType ; AttributeType
[ "EQUALITY" woid ; Matching Rule name [ "EQUALITY" woid ; Matching Rule name
[ "ORDERING" woid ; Matching Rule name [ "ORDERING" woid ; Matching Rule name
[ "SUBSTR" woid ] ; Matching Rule name [ "SUBSTR" woid ] ; Matching Rule name
[ "SYNTAX" whsp noidlen whsp ] ; see section 4.3 [ "SYNTAX" whsp noidlen whsp ] ; see section 4.3
[ "SINGLE-VALUE" whsp ] ; default multi-valued [ "SINGLE-VALUE" whsp ] ; default multi-valued
[ "COLLECTIVE" whsp ] ; default not collective [ "COLLECTIVE" whsp ] ; default not collective
[ "NO-USER-MODIFICATION" whsp ]; default user modifiable [ "NO-USER-MODIFICATION" whsp ]; default user modifiable
[ "USAGE" whsp AttributeUsage ]; default user applications [ "USAGE" whsp AttributeUsage ]; default userApplications
whsp ")" whsp ")"
AttributeUsage = AttributeUsage =
"userApplications" / "userApplications" /
"directoryOperation" / "directoryOperation" /
"distributedOperation" / ; DSA-shared "distributedOperation" / ; DSA-shared
"dSAOperation" ; DSA-specific, value depends on server "dSAOperation" ; DSA-specific, value depends on server
Servers are not required to provide the same or any text Servers are not required to provide the same or any text
in the description part of the subschema values they maintain. in the description part of the subschema values they maintain.
Servers SHOULD provide at least one of the "SUP" and "SYNTAX" fields Servers SHOULD provide at least one of the "SUP" and "SYNTAX" fields
for each AttributeTypeDescription. for each AttributeTypeDescription.
Servers SHOULD implement all the attribute types referenced in Servers MUST implement all the attribute types referenced in
section 5. Servers MUST be able to evaluate presence filters, sections 5.1, 5.2 and 5.3.
SHOULD be able to perform equality matching of values of all user
attributes known to the server, and MAY be able to perform matching
with the other kinds of filters. If a server allows values of an
attribute of a particular type to be added or removed over protocol,
the server MUST be able to perform equality matching of values of
that attribute, but need not perform any additional validity checks
on attribute values.
Servers MAY recognize additional names and attributes not listed in Servers MAY recognize additional names and attributes not listed in
this document, and if they do so, MUST publish the definitions of this document, and if they do so, MUST publish the definitions of
the types in the attributeTypes attribute of their subschema the types in the attributeTypes attribute of their subschema
entries. entries.
Schema developers MUST NOT create attribute definitions whose names Schema developers MUST NOT create attribute definitions whose names
conflict with attributes defined for use with LDAP in existing conflict with attributes defined for use with LDAP in existing
standards-track RFCs. standards-track RFCs.
AttributeDescriptions can be used as the value in a NAME part of an An AttributeDescription can be used as the value in a NAME part of an
AttributeTypeDescription. Note that these are case insensitive. AttributeTypeDescription. Note that these are case insensitive.
Note that the AttributeTypeDescription does not list the matching Note that the AttributeTypeDescription does not list the matching
rules which can can be used with that attribute type in an rules which can can be used with that attribute type in an
extensibleMatch search filter. This is done using the matchingRuleUse extensibleMatch search filter. This is done using the matchingRuleUse
attribute described in section 4.5. attribute described in section 4.5.
This document refines the schema description of X.501 by requiring This document refines the schema description of X.501 by requiring
that the syntax field in an AttributeTypeDescription be a string that the syntax field in an AttributeTypeDescription be a string
representation of an OBJECT IDENTIFIER for the LDAP string syntax representation of an OBJECT IDENTIFIER for the LDAP string syntax
skipping to change at page 5, line 39 skipping to change at page 5, line 39
The encoding rules defined for a given attribute syntax must produce The encoding rules defined for a given attribute syntax must produce
octet strings. To the greatest extent possible, encoded octet octet strings. To the greatest extent possible, encoded octet
strings should be usable in their native encoded form for display strings should be usable in their native encoded form for display
purposes. In particular, encoding rules for attribute syntaxes purposes. In particular, encoding rules for attribute syntaxes
defining non-binary values should produce strings that can be defining non-binary values should produce strings that can be
displayed with little or no translation by clients implementing displayed with little or no translation by clients implementing
LDAP. There are a few cases (e.g. audio) however, when it is not LDAP. There are a few cases (e.g. audio) however, when it is not
sensible to produce a printable representation, and clients MUST NOT sensible to produce a printable representation, and clients MUST NOT
assume that an unrecognized syntax is a string representation. assume that an unrecognized syntax is a string representation.
In encodings where an arbitrary string is used as part of a larger In encodings where an arbitrary string, not a Distinguished Name, is
production (other than a Distinguished Name), a backslash quoting used as part of a larger production, and other than as part of a
mechanism is used to encode the following separator symbol character Distinguished Name, a backslash quoting mechanism is used to escape
(such as "'", "$" or "#") if it should occur in that string. The the following separator symbol character (such as "'", "$" or "#") if
backslash is followed by a pair of hexadecimal digits representing the it should occur in that string. The backslash is followed by a pair
next character. A backslash itself in the string which forms part of of hexadecimal digits representing the next character. A backslash
a larger syntax is always transmitted as '\5C' or '\5c'. itself in the string which forms part of a larger syntax is always
transmitted as '\5C' or '\5c'. An example is given in section 6.27.
Syntaxes are also defined for matching rules whose assertion value Syntaxes are also defined for matching rules whose assertion value
syntax is different from the attribute value syntax. syntax is different from the attribute value syntax.
4.3.1 Binary Transfer of Values 4.3.1 Binary Transfer of Values
This encoding format is used if the binary encoding is requested by This encoding format is used if the binary encoding is requested by
the client for an attribute, or if the attribute syntax name is the client for an attribute, or if the attribute syntax name is
"1.3.6.1.4.1.1466.115.121.1.5". The value, an instance of the ASN.1 "1.3.6.1.4.1.1466.115.121.1.5". The value, an instance of the ASN.1
AttributeValue type, is BER-encoded, subject to the restrictions of AttributeValue type, is BER-encoded, and the result is used as the
section 5.1 of [1], and this sequence of octets is used as the value. value: the first byte inside the OCTET STRING wrapper is a tag byte.
(E.g. the first byte inside the OCTET STRING wrapper is a tag byte.
However the OCTET STRING is still encoded in primitive form.) However the OCTET STRING is still encoded in primitive form.)
All servers MUST implement this form for both generating attribute All servers MUST implement this form for both generating attribute
values in search responses, and parsing attribute values in add, values in search responses, and parsing attribute values in add,
compare and modify requests, if the attribute type is recognized and compare and modify requests, if the attribute type is recognized and
the attribute syntax name is that of Binary. Clients which request the attribute syntax name is that of Binary. Clients which request
that all attributes be returned from entries MUST be prepared that all attributes be returned from entries MUST be prepared
to receive values in binary (e.g. userCertificate), and SHOULD NOT to receive values in binary (e.g. userCertificate), and SHOULD NOT
simply display binary or unrecognized values to users. simply display binary or unrecognized values to users.
4.3.2. Syntax Object Identifiers 4.3.2. Syntax Object Identifiers
skipping to change at page 6, line 29 skipping to change at page 6, line 29
len = numericstring len = numericstring
The following table lists some of the syntaxes that have been defined The following table lists some of the syntaxes that have been defined
for LDAP thus far. The H-R column suggests whether a value in that for LDAP thus far. The H-R column suggests whether a value in that
syntax would likely be a human readable string. Clients and servers syntax would likely be a human readable string. Clients and servers
need not implement all the syntaxes listed here, and MAY implement need not implement all the syntaxes listed here, and MAY implement
other syntaxes. other syntaxes.
Other documents may define additional syntaxes. However, the Other documents may define additional syntaxes. However, the
definition of additional arbitrary syntaxes is strongly depreciated definition of additional arbitrary syntaxes is strongly deprecated
since it will hinder interoperability: today's client and server since it will hinder interoperability: today's client and server
implementations generally do not have the ability to dynamically implementations generally do not have the ability to dynamically
recognize new syntaxes. In most cases attributes will be defined recognize new syntaxes. In most cases attributes will be defined
with the syntax for directory strings. with the syntax for directory strings.
Value being represented H-R OBJECT IDENTIFIER Value being represented H-R OBJECT IDENTIFIER
================================================================= =================================================================
ACI Item N 1.3.6.1.4.1.1466.115.121.1.1 ACI Item N 1.3.6.1.4.1.1466.115.121.1.1
Access Point Y 1.3.6.1.4.1.1466.115.121.1.2 Access Point Y 1.3.6.1.4.1.1466.115.121.1.2
Attribute Type Description Y 1.3.6.1.4.1.1466.115.121.1.3 Attribute Type Description Y 1.3.6.1.4.1.1466.115.121.1.3
skipping to change at page 7, line 22 skipping to change at page 7, line 22
Master And Shadow Access Points Y 1.3.6.1.4.1.1466.115.121.1.29 Master And Shadow Access Points Y 1.3.6.1.4.1.1466.115.121.1.29
Matching Rule Description Y 1.3.6.1.4.1.1466.115.121.1.30 Matching Rule Description Y 1.3.6.1.4.1.1466.115.121.1.30
Matching Rule Use Description Y 1.3.6.1.4.1.1466.115.121.1.31 Matching Rule Use Description Y 1.3.6.1.4.1.1466.115.121.1.31
Mail Preference Y 1.3.6.1.4.1.1466.115.121.1.32 Mail Preference Y 1.3.6.1.4.1.1466.115.121.1.32
MHS OR Address Y 1.3.6.1.4.1.1466.115.121.1.33 MHS OR Address Y 1.3.6.1.4.1.1466.115.121.1.33
Modify Rights Y 1.3.6.1.4.1.1466.115.121.1.55 Modify Rights Y 1.3.6.1.4.1.1466.115.121.1.55
Name And Optional UID Y 1.3.6.1.4.1.1466.115.121.1.34 Name And Optional UID Y 1.3.6.1.4.1.1466.115.121.1.34
Name Form Description Y 1.3.6.1.4.1.1466.115.121.1.35 Name Form Description Y 1.3.6.1.4.1.1466.115.121.1.35
Numeric String Y 1.3.6.1.4.1.1466.115.121.1.36 Numeric String Y 1.3.6.1.4.1.1466.115.121.1.36
Object Class Description Y 1.3.6.1.4.1.1466.115.121.1.37 Object Class Description Y 1.3.6.1.4.1.1466.115.121.1.37
Octet String Y 1.3.6.1.4.1.1466.115.121.1.40
OID Y 1.3.6.1.4.1.1466.115.121.1.38 OID Y 1.3.6.1.4.1.1466.115.121.1.38
Other Mailbox Y 1.3.6.1.4.1.1466.115.121.1.39 Other Mailbox Y 1.3.6.1.4.1.1466.115.121.1.39
Password Y 1.3.6.1.4.1.1466.115.121.1.40
Postal Address Y 1.3.6.1.4.1.1466.115.121.1.41 Postal Address Y 1.3.6.1.4.1.1466.115.121.1.41
Protocol Information Y 1.3.6.1.4.1.1466.115.121.1.42 Protocol Information Y 1.3.6.1.4.1.1466.115.121.1.42
Presentation Address Y 1.3.6.1.4.1.1466.115.121.1.43 Presentation Address Y 1.3.6.1.4.1.1466.115.121.1.43
Printable String Y 1.3.6.1.4.1.1466.115.121.1.44 Printable String Y 1.3.6.1.4.1.1466.115.121.1.44
Subtree Specification Y 1.3.6.1.4.1.1466.115.121.1.45 Subtree Specification Y 1.3.6.1.4.1.1466.115.121.1.45
Supplier Information Y 1.3.6.1.4.1.1466.115.121.1.46 Supplier Information Y 1.3.6.1.4.1.1466.115.121.1.46
Supplier Or Consumer Y 1.3.6.1.4.1.1466.115.121.1.47 Supplier Or Consumer Y 1.3.6.1.4.1.1466.115.121.1.47
Supplier And Consumer Y 1.3.6.1.4.1.1466.115.121.1.48 Supplier And Consumer Y 1.3.6.1.4.1.1466.115.121.1.48
Supported Algorithm N 1.3.6.1.4.1.1466.115.121.1.49 Supported Algorithm N 1.3.6.1.4.1.1466.115.121.1.49
Telephone Number Y 1.3.6.1.4.1.1466.115.121.1.50 Telephone Number Y 1.3.6.1.4.1.1466.115.121.1.50
skipping to change at page 7, line 55 skipping to change at page 7, line 55
implementations should allow a string to be 64 characters long, implementations should allow a string to be 64 characters long,
although they may allow longer strings. Note that a single character although they may allow longer strings. Note that a single character
of the Directory String syntax may be encoded in more than one byte of the Directory String syntax may be encoded in more than one byte
since UTF-8 is a variable-length encoding. since UTF-8 is a variable-length encoding.
4.3.3. Syntax Description 4.3.3. Syntax Description
The following BNF may be used to associate a short description with The following BNF may be used to associate a short description with
a syntax OBJECT IDENTIFIER. Implementors should note that future a syntax OBJECT IDENTIFIER. Implementors should note that future
versions of this document may expand this definition to include versions of this document may expand this definition to include
additional terms. additional terms. Terms whose identifier begins with "X-" are
reserved for private experiments.
SyntaxDescription = "(" whsp SyntaxDescription = "(" whsp
numericoid whsp numericoid whsp
[ "DESC" qdstring ] [ "DESC" qdstring ]
whsp ")" whsp ")"
4.4. Object Classes 4.4. Object Classes
The format for representation of object classes is defined in X.501 The format for representation of object classes is defined in X.501
[3]. In general every entry will contain an abstract class ("top" or [3]. In general every entry will contain an abstract class ("top" or
"alias"), at least one structural object class, and zero or more "alias"), at least one structural object class, and zero or more
auxiliary object classes. Whether an object class is abstract, auxiliary object classes. Whether an object class is abstract,
structural or auxiliary is defined when the object class identifier structural or auxiliary is defined when the object class identifier
is assigned. An object class definition should not be changed is assigned. An object class definition should not be changed
without having a new identifier assigned to it. without having a new identifier assigned to it.
Object class descriptions are written according to the following BNF. Object class descriptions are written according to the following BNF.
Implementors should note that future versions of this document may Implementors should note that future versions of this document may
expand this definition to include additional terms. expand this definition to include additional terms. Terms whose
identifier begins with "X-" are reserved for private experiments.
ObjectClassDescription = "(" whsp ObjectClassDescription = "(" whsp
numericoid whsp ; ObjectClass identifier numericoid whsp ; ObjectClass identifier
[ "NAME" qdescrs ] [ "NAME" qdescrs ]
[ "DESC" qdstring ] [ "DESC" qdstring ]
[ "OBSOLETE" whsp ] [ "OBSOLETE" whsp ]
[ "SUP" oids ] ; Superior ObjectClasses [ "SUP" oids ] ; Superior ObjectClasses
[ ( "ABSTRACT" / "STRUCTURAL" / "AUXILIARY" ) whsp ] [ ( "ABSTRACT" / "STRUCTURAL" / "AUXILIARY" ) whsp ]
; default structural ; default structural
[ "MUST" oids ] ; AttributeTypes [ "MUST" oids ] ; AttributeTypes
skipping to change at page 9, line 58 skipping to change at page 9, line 58
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
If this matching rule could be used with the attributes 2.5.4.41 and If this matching rule could be used with the attributes 2.5.4.41 and
2.5.4.15, the following would also be present: 2.5.4.15, the following would also be present:
matchingRuleUse: ( 1.2.3.4.5 APPLIES (2.5.4.41 $ 2.5.4.15) ) matchingRuleUse: ( 1.2.3.4.5 APPLIES (2.5.4.41 $ 2.5.4.15) )
A client could then make use of this matching rule by sending a A client could then make use of this matching rule by sending a
search operation in which the filter is of the extensibleMatch choice, search operation in which the filter is of the extensibleMatch choice,
the matchingRule field is "soundAlikeMatch", and the type field is the matchingRule field is "soundAlikeMatch", and the type field is
"2.5.4.41" of "2.5.4.15". "2.5.4.41" or "2.5.4.15".
5. Attribute Types 5. Attribute Types
All LDAP server implementations MUST recognize the attribute types All LDAP server implementations MUST recognize the attribute types
defined in this section. These types are based on definitions in defined in this section.
X.501(93) [3].
Servers SHOULD also recognize all the attributes from section 5 of Servers SHOULD also recognize all the attributes from section 5 of
[12]. [12].
5.1. Standard Operational Attributes 5.1. Standard Operational Attributes
Servers MUST maintain values of these attributes in accordance with Servers MUST maintain values of these attributes in accordance with
the definitions in X.501(93). the definitions in X.501(93).
5.1.1. createTimestamp 5.1.1. createTimestamp
skipping to change at page 12, line 43 skipping to change at page 12, line 43
supported extended operations which the server supports. supported extended operations which the server supports.
If the server does not support any extensions this attribute will be If the server does not support any extensions this attribute will be
absent. absent.
( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' USAGE dSAOperation ) SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' USAGE dSAOperation )
5.2.4. supportedControl 5.2.4. supportedControl
The values of this attribute are the OBJECT IDENTIFIERS identifying The values of this attribute are the OBJECT IDENTIFIERs identifying
controls which the server supports. If the server does not controls which the server supports. If the server does not
support any controls, this attribute will be absent. support any controls, this attribute will be absent.
( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' USAGE dSAOperation ) SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' USAGE dSAOperation )
5.2.5. supportedSASLMechanisms 5.2.5. supportedSASLMechanisms
The values of this attribute are the names of supported SASL The values of this attribute are the names of supported SASL
mechanisms which the server supports. If the server does not mechanisms which the server supports. If the server does not
skipping to change at page 13, line 29 skipping to change at page 13, line 29
Servers MAY use this attribute to list the syntaxes which are Servers MAY use this attribute to list the syntaxes which are
implemented. Each value corresponds to one syntax. implemented. Each value corresponds to one syntax.
( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes'
EQUALITY objectIdentifierFirstComponentMatch EQUALITY objectIdentifierFirstComponentMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.54' USAGE directoryOperation ) SYNTAX '1.3.6.1.4.1.1466.115.121.1.54' USAGE directoryOperation )
6. Syntaxes 6. Syntaxes
Servers SHOULD recognize all the syntaxes described in this section. Servers SHOULD recognize all the syntaxes described in this section.
Each syntax begins with a sample value of the ldapSyntaxes attribute
which defines the OBJECT IDENTIFIER of the syntax. The descriptions
of syntax names are not carried in protocol, and are not guaranteed
to be unique.
6.1. Attribute Type Description 6.1. Attribute Type Description
( 1.3.6.1.4.1.1466.115.121.1.3 DESC 'Attribute Type Description' ) ( 1.3.6.1.4.1.1466.115.121.1.3 DESC 'Attribute Type Description' )
Values in this syntax are encoded according to the BNF given at the Values in this syntax are encoded according to the BNF given at the
start of section 4.2. For example, start of section 4.2. For example,
( 2.5.4.0 NAME 'objectClass' ( 2.5.4.0 NAME 'objectClass'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' )
skipping to change at page 14, line 59 skipping to change at page 14, line 59
or returning the attribute description "crossCertificatePair;binary". or returning the attribute description "crossCertificatePair;binary".
The BNF notation in RFC 1778 for "Certificate Pair" is not The BNF notation in RFC 1778 for "Certificate Pair" is not
recommended to be used. recommended to be used.
6.8. Country String 6.8. Country String
( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' ) ( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' )
A value in this syntax is encoded the same as a value of A value in this syntax is encoded the same as a value of
Directory String syntax. Note that this syntax is limited to values Directory String syntax. Note that this syntax is limited to values
of exactly two printable string characters. of exactly two printable string characters, as listed in ISO 3166 [14].
CountryString = p p CountryString = p p
Example: Example:
US US
6.9. DN 6.9. DN
( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'DN' ) ( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'DN' )
skipping to change at page 16, line 38 skipping to change at page 16, line 38
Values in this syntax are encoded according to the following BNF: Values in this syntax are encoded according to the following BNF:
fax-number = printablestring [ "$" faxparameters ] fax-number = printablestring [ "$" faxparameters ]
faxparameters = faxparm / ( faxparm "$" faxparameters ) faxparameters = faxparm / ( faxparm "$" faxparameters )
faxparm = "twoDimensional" / "fineResolution" / faxparm = "twoDimensional" / "fineResolution" /
"unlimitedLength" / "unlimitedLength" /
"b4Length" / "a3Width" / "b4Width" / "uncompressed" "b4Length" / "a3Width" / "b4Width" / "uncompressed"
In the above, the first printablestring is the actual fax number, In the above, the first printablestring is the telephone number,
and the faxparm tokens represent fax parameters. based on E.123 [15], and the faxparm tokens represent fax parameters.
6.13. Fax 6.13. Fax
( 1.3.6.1.4.1.1466.115.121.1.23 DESC 'Fax' ) ( 1.3.6.1.4.1.1466.115.121.1.23 DESC 'Fax' )
Values in this syntax are encoded as if they were octet strings Values in this syntax are encoded as if they were octet strings
containing Group 3 Fax images as defined in [7]. containing Group 3 Fax images as defined in [7].
6.14. Generalized Time 6.14. Generalized Time
skipping to change at page 17, line 57 skipping to change at page 17, line 57
6.21. Name And Optional UID 6.21. Name And Optional UID
( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional UID' ) ( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional UID' )
Values in this syntax are encoded according to the following BNF: Values in this syntax are encoded according to the following BNF:
NameAndOptionalUID = DistinguishedName [ "#" bitstring ] NameAndOptionalUID = DistinguishedName [ "#" bitstring ]
Although the '#' character may occur in a string representation of a Although the '#' character may occur in a string representation of a
distinguished name, no additional special quoting is done. distinguished name, no additional special quoting is done. This
syntax has been added subsequent to RFC 1778.
This syntax has been added subsequent to RFC 1778.
Example: Example:
1.3.6.1.4.1.1466.0=#04024869,O=Test,C=GB#'0101'B 1.3.6.1.4.1.1466.0=#04024869,O=Test,C=GB#'0101'B
6.22. Name Form Description 6.22. Name Form Description
( 1.3.6.1.4.1.1466.115.121.1.35 DESC 'Name Form Description' ) ( 1.3.6.1.4.1.1466.115.121.1.35 DESC 'Name Form Description' )
Values in this syntax are encoded according to the following BNF. Values in this syntax are encoded according to the following BNF.
skipping to change at page 19, line 32 skipping to change at page 19, line 32
( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' ) ( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' )
Values in this syntax are encoded according to the following BNF: Values in this syntax are encoded according to the following BNF:
postal-address = dstring *( "$" dstring ) postal-address = dstring *( "$" dstring )
In the above, each dstring component of a postal address value is In the above, each dstring component of a postal address value is
encoded as a value of type Directory String syntax. Backslashes and encoded as a value of type Directory String syntax. Backslashes and
dollar characters, if they occur in the component, are quoted as dollar characters, if they occur in the component, are quoted as
described in section 4. described in section 4.3. Many servers limit the postal address to
six lines of up to thirty characters.
Example: Example:
1234 Main St.$Anytown, CA 12345$USA 1234 Main St.$Anytown, CA 12345$USA
\241,000,000 Sweepstakes$PO Box 1000000$Anytown, CA 12345$USA \241,000,000 Sweepstakes$PO Box 1000000$Anytown, CA 12345$USA
6.28. Presentation Address 6.28. Presentation Address
( 1.3.6.1.4.1.1466.115.121.1.43 DESC 'Presentation Address' ) ( 1.3.6.1.4.1.1466.115.121.1.43 DESC 'Presentation Address' )
skipping to change at page 20, line 11 skipping to change at page 20, line 11
Example: Example:
This is a PrintableString This is a PrintableString
6.30. Telephone Number 6.30. Telephone Number
( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'Telephone Number' ) ( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'Telephone Number' )
Values in this syntax are encoded as if they were Printable String Values in this syntax are encoded as if they were Printable String
types. Telephone numbers are recommended in X.520 to be in types. Telephone numbers are recommended in X.520 to be in
international form. international form, as described in E.123 [15].
Example: Example:
+1 512 305 0280 +1 512 305 0280
6.31. UTC Time 6.31. UTC Time
( 1.3.6.1.4.1.1466.115.121.1.53 DESC 'UTC Time' ) ( 1.3.6.1.4.1.1466.115.121.1.53 DESC 'UTC Time' )
Values in this syntax are encoded as if they were printable Values in this syntax are encoded as if they were printable
skipping to change at page 24, line 36 skipping to change at page 24, line 36
TW9 1DT TW9 1DT
UK UK
Phone: +44-181-332-9091 Phone: +44-181-332-9091
EMail: S.Kille@isode.com EMail: S.Kille@isode.com
12. Bibliography 12. Bibliography
[1] M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access [1] M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access
Protocol (Version 3)", INTERNET-DRAFT Protocol (Version 3)", INTERNET-DRAFT
<draft-ietf-asid-ldapv3-protocol-06.txt>, July 1997. <draft-ietf-asid-ldapv3-protocol-07.txt>, Aug. 1997.
[2] The Directory: Selected Attribute Types. ITU-T Recommendation [2] The Directory: Selected Attribute Types. ITU-T Recommendation
X.520, 1993. X.520, 1993.
[3] The Directory: Models. ITU-T Recommendation X.501, 1993. [3] The Directory: Models. ITU-T Recommendation X.501, 1993.
[4] S. Bradner, "Key words for use in RFCs to Indicate Requirement [4] S. Bradner, "Key words for use in RFCs to Indicate Requirement
Levels", RFC 2119. Levels", RFC 2119.
[5] M. Wahl, S. Kille, "A UTF-8 String Representation of [5] M. Wahl, S. Kille, "A UTF-8 String Representation of
skipping to change at page 25, line 16 skipping to change at page 25, line 16
10646", RFC 2044, October 1996. 10646", RFC 2044, October 1996.
[10] Universal Multiple-Octet Coded Character Set (UCS) - [10] Universal Multiple-Octet Coded Character Set (UCS) -
Architecture and Basic Multilingual Plane, ISO/IEC 10646-1 : Architecture and Basic Multilingual Plane, ISO/IEC 10646-1 :
1993 (With amendments). 1993 (With amendments).
[11] S. Hardcastle-Kille, "Mapping between X.400(1988) / ISO 10021 [11] S. Hardcastle-Kille, "Mapping between X.400(1988) / ISO 10021
and RFC 822", RFC 1327, May 1992. and RFC 822", RFC 1327, May 1992.
[12] M. Wahl, "X.500(96) User Schema for use with LDAP", [12] M. Wahl, "X.500(96) User Schema for use with LDAP",
INTERNET-DRAFT <draft-ietf-asid-ldapv3schema-x500-01.txt>, INTERNET-DRAFT <draft-ietf-asid-ldapv3schema-x500-02.txt>,
July 1997. Aug. 1997.
[13] D. Crocker, "Standard of the Format of ARPA-Internet Text [13] D. Crocker, "Standard of the Format of ARPA-Internet Text
Messages", STD 11, RFC 822, August 1982. Messages", STD 11, RFC 822, August 1982.
<draft-ietf-asid-ldapv3-attributes-06.txt> Expires: December 1997 [14] ISO 3166, "Codes for the representation of names of countries".
[15] ITU-T Rec. E.123, Notation for national and international
telephone numbers, 1988.
<draft-ietf-asid-ldapv3-attributes-07.txt> Expires: February 1998
 End of changes. 28 change blocks. 
53 lines changed or deleted 45 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/