| < draft-smith-ldap-inetorgperson-02.txt | draft-smith-ldap-inetorgperson-03.txt > | |||
|---|---|---|---|---|
| The LDAP inetOrgPerson Object Class Mark Smith | The LDAP inetOrgPerson Object Class Mark Smith | |||
| INTERNET-DRAFT Netscape Communications | INTERNET-DRAFT Netscape Communications | |||
| Intended Category: Informational 18 February 1999 | Intended Category: Informational 22 April 1999 | |||
| Expires: 18 August 1999 | Expires: 22 October 1999 | |||
| Definition of the inetOrgPerson LDAP Object Class | Definition of the inetOrgPerson LDAP Object Class | |||
| Filename: draft-smith-ldap-inetorgperson-02.txt | Filename: draft-smith-ldap-inetorgperson-03.txt | |||
| 1. Status of this Memo | 1. Status of this Memo | |||
| This document is an Internet-Draft and is in full conformance with all | This document is an Internet-Draft and is in full conformance with all | |||
| provisions of Section 10 of RFC2026. Internet-Drafts are working docu- | provisions of Section 10 of RFC2026. Internet-Drafts are working docu- | |||
| ments of the Internet Engineering Task Force (IETF), its areas, and its | ments of the Internet Engineering Task Force (IETF), its areas, and its | |||
| working groups. Note that other groups may also distribute working | working groups. Note that other groups may also distribute working | |||
| documents as Internet-Drafts. | documents as Internet-Drafts. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| skipping to change at page 1, line 39 ¶ | skipping to change at page 1, line 38 ¶ | |||
| This draft document will be submitted to the RFC Editor as an Informa- | This draft document will be submitted to the RFC Editor as an Informa- | |||
| tional document. Distribution of this memo is unlimited. Please send | tional document. Distribution of this memo is unlimited. Please send | |||
| comments to the author <mcs@netscape.com>. | comments to the author <mcs@netscape.com>. | |||
| Copyright (C) The Internet Society (1996-1999). All Rights Reserved. | Copyright (C) The Internet Society (1996-1999). All Rights Reserved. | |||
| Please see the Copyright section near the end of this document for more | Please see the Copyright section near the end of this document for more | |||
| information. | information. | |||
| This Internet Draft expires on 18 August 1999. | This Internet Draft expires on 22 October 1999. | |||
| 2. Abstract | 2. Abstract | |||
| While the X.500 standards [X500] define many useful attribute types and | While the X.500 standards define many useful attribute types [X520] and | |||
| object classes, they do not define a person object class that meets the | object classes [X521], they do not define a person object class that | |||
| requirements found in today's Internet and Intranet directory service | meets the requirements found in today's Internet and Intranet directory | |||
| deployments. We define a new object class called inetOrgPerson for use | service deployments. We define a new object class called inetOrgPerson | |||
| in LDAP and X.500 directory services that extends the X.521 standard | for use in LDAP and X.500 directory services that extends the X.521 | |||
| organizationalPerson class to meet these needs. | standard organizationalPerson class to meet these needs. | |||
| 3. Background and Intended Usage | 3. Table of Contents | |||
| 1. Status of this Memo............................................1 | ||||
| 2. Abstract.......................................................1 | ||||
| 3. Table of Contents..............................................2 | ||||
| 4. Background and Intended Usage..................................3 | ||||
| 5. New Attribute Types Used in the inetOrgPerson Object Class.....3 | ||||
| 5.1. Vehicle license or registration plate.......................3 | ||||
| 5.2. Department number...........................................4 | ||||
| 5.3. Display Name................................................4 | ||||
| 5.4. Employee Number.............................................4 | ||||
| 5.5. Employee Type...............................................4 | ||||
| 5.6. JPEG Photograph.............................................5 | ||||
| 5.7. Preferred Language..........................................5 | ||||
| 5.8. User S/MIME Certificate.....................................5 | ||||
| 5.9. User PKCS #12...............................................6 | ||||
| 6. Definition of the inetOrgPerson Object Class...................6 | ||||
| 7. Example of an inetOrgPerson Entry..............................7 | ||||
| 8. Security Considerations........................................8 | ||||
| 9. Acknowledgments................................................8 | ||||
| 10. Copyright......................................................8 | ||||
| 11. Bibliography...................................................9 | ||||
| 12. Author's Address...............................................10 | ||||
| 13. Appendix A - inetOrgPerson Schema Summary......................10 | ||||
| 13.1. Attribute Types.............................................10 | ||||
| 13.1.1. New attribute types that are defined in this document....10 | ||||
| 13.1.2. Attribute types from RFC 2256............................12 | ||||
| 13.1.3. Attribute types from RFC 1274............................15 | ||||
| 13.1.4. Attribute type from RFC 2079.............................17 | ||||
| 13.2. Syntaxes....................................................17 | ||||
| 13.2.1. Syntaxes from RFC 2252...................................17 | ||||
| 13.2.2. Syntaxes from RFC 2256...................................17 | ||||
| 13.3. Matching Rules..............................................18 | ||||
| 13.3.1. Matching rules from RFC 2252.............................18 | ||||
| 13.3.2. Matching rule from RFC 2256..............................18 | ||||
| 13.3.3. Additional matching rules from X.520.....................19 | ||||
| 13.3.4. Matching rules not defined in any referenced document....19 | ||||
| 14. Appendix B - Change History....................................20 | ||||
| 4. Background and Intended Usage | ||||
| The inetOrgPerson object class is a general purpose object class that | The inetOrgPerson object class is a general purpose object class that | |||
| holds attributes about people. The attributes it holds were chosen to | holds attributes about people. The attributes it holds were chosen to | |||
| accommodate information requirements found in typical Internet and | accommodate information requirements found in typical Internet and | |||
| Intranet directory service deployments. The inetOrgPerson object class | Intranet directory service deployments. The inetOrgPerson object class | |||
| is designed to be used within directory services based on the LDAP | is designed to be used within directory services based on the LDAP | |||
| [RFC2251] and the X.500 family of protocols, and it should be useful in | [RFC2251] and the X.500 family of protocols, and it should be useful in | |||
| other contexts as well. There is no requirement for directory services | other contexts as well. There is no requirement for directory services | |||
| implementors to use the inetOrgPerson object class; it is simply | implementors to use the inetOrgPerson object class; it is simply | |||
| presented as well-documented class that implementors can choose to use | presented as well-documented class that implementors can choose to use | |||
| skipping to change at page 2, line 34 ¶ | skipping to change at page 3, line 32 ¶ | |||
| Attributes that are referenced but not defined in this document are | Attributes that are referenced but not defined in this document are | |||
| included in one of the following documents: | included in one of the following documents: | |||
| The COSINE and Internet X.500 Schema [RFC1274] | The COSINE and Internet X.500 Schema [RFC1274] | |||
| Definition of an X.500 Attribute Type and an Object Class to Hold | Definition of an X.500 Attribute Type and an Object Class to Hold | |||
| Uniform Resource Identifiers (URIs) [RFC2079] | Uniform Resource Identifiers (URIs) [RFC2079] | |||
| A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256] | A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256] | |||
| See Appendix A for a detailed summary that shows where each attribute | See Appendix A for a summary of the attribute types, associated syn- | |||
| type is defined. | taxes, and matching rules used in this document. | |||
| 4. New Attribute Types Used in the inetOrgPerson Object Class | 5. New Attribute Types Used in the inetOrgPerson Object Class | |||
| 4.1. Vehicle license or registration plate. | 5.1. Vehicle license or registration plate. | |||
| This multivalued field is used to record the values of the license or | This multivalued field is used to record the values of the license or | |||
| registration plate associated with an individual. | registration plate associated with an individual. | |||
| ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' | ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' | |||
| DESC 'vehicle license or registration plate' | DESC 'vehicle license or registration plate' | |||
| EQUALITY caseIgnoreMatch | EQUALITY caseIgnoreMatch | |||
| SUBSTRINGS caseIgnoreSubstringsMatch | SUBSTR caseIgnoreSubstringsMatch | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) | |||
| 4.2. Department number | 5.2. Department number | |||
| Code for department to which a person belongs. This can also be | Code for department to which a person belongs. This can also be | |||
| strictly numeric (e.g., 1234) or alphanumeric (e.g., ABC/123). | strictly numeric (e.g., 1234) or alphanumeric (e.g., ABC/123). | |||
| ( 2.16.840.1.113730.3.1.2 | ( 2.16.840.1.113730.3.1.2 | |||
| NAME 'departmentNumber' | NAME 'departmentNumber' | |||
| DESC 'identifies a department within an organization' | DESC 'identifies a department within an organization' | |||
| EQUALITY caseIgnoreMatch | EQUALITY caseIgnoreMatch | |||
| SUBSTRINGS caseIgnoreSubstringsMatch | SUBSTR caseIgnoreSubstringsMatch | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) | |||
| 4.3. Display Name | 5.3. Display Name | |||
| When displaying an entry, especially within a one-line summary list, it | When displaying an entry, especially within a one-line summary list, it | |||
| is useful to be able to identify a name to be used. Since other attri- | is useful to be able to identify a name to be used. Since other attri- | |||
| bute types such as 'cn' are multivalued, an additional attribute type is | bute types such as 'cn' are multivalued, an additional attribute type is | |||
| needed. Display name is defined for this purpose. | needed. Display name is defined for this purpose. | |||
| ( 2.16.840.1.113730.3.1.241 | ( 2.16.840.1.113730.3.1.241 | |||
| NAME 'displayName' | NAME 'displayName' | |||
| DESC 'preferred name of a person to be used when displaying entries' | DESC 'preferred name of a person to be used when displaying entries' | |||
| EQUALITY caseIgnoreMatch | EQUALITY caseIgnoreMatch | |||
| SUBSTRINGS caseIgnoreSubstringsMatch | SUBSTR caseIgnoreSubstringsMatch | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 | |||
| SINGLE-VALUE ) | ||||
| 4.4. Employee Number | 5.4. Employee Number | |||
| Numeric or alphanumeric identifier assigned to a person, typically based | Numeric or alphanumeric identifier assigned to a person, typically based | |||
| on order of hire or association with an organization. Single valued. | on order of hire or association with an organization. Single valued. | |||
| ( 2.16.840.1.113730.3.1.3 | ( 2.16.840.1.113730.3.1.3 | |||
| NAME 'employeeNumber' | NAME 'employeeNumber' | |||
| DESC 'numerically identifies an employee within an organization' | DESC 'numerically identifies an employee within an organization' | |||
| EQUALITY caseIgnoreMatch | EQUALITY caseIgnoreMatch | |||
| SUBSTRINGS caseIgnoreSubstringsMatch | SUBSTR caseIgnoreSubstringsMatch | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 | |||
| SINGLE-VALUE ) | SINGLE-VALUE ) | |||
| 4.5. Employee Type | 5.5. Employee Type | |||
| Used to identify the employer to employee relationship. Typical values | Used to identify the employer to employee relationship. Typical values | |||
| used will be "Contractor", "Employee", "Intern", "Temp", "External", and | used will be "Contractor", "Employee", "Intern", "Temp", "External", and | |||
| "Unknown" but any value may be used. | "Unknown" but any value may be used. | |||
| ( 2.16.840.1.113730.3.1.4 | ( 2.16.840.1.113730.3.1.4 | |||
| NAME 'employeeType' | NAME 'employeeType' | |||
| DESC 'type of employment for a person' | DESC 'type of employment for a person' | |||
| EQUALITY caseIgnoreMatch | EQUALITY caseIgnoreMatch | |||
| SUBSTRINGS caseIgnoreSubstringsMatch | SUBSTR caseIgnoreSubstringsMatch | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) | |||
| 4.6. JPEG Photograph | 5.6. JPEG Photograph | |||
| Used to store one or more images of a person using the JPEG File Inter- | Used to store one or more images of a person using the JPEG File Inter- | |||
| change Format [JFIF]. | change Format [JFIF]. | |||
| ( 0.9.2342.19200300.100.1.60 | ( 0.9.2342.19200300.100.1.60 | |||
| NAME 'jpegPhoto' | NAME 'jpegPhoto' | |||
| DESC 'a JPEG image' | DESC 'a JPEG image' | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) | |||
| Note that the jpegPhoto attribute type was defined for use in the Inter- | Note that the jpegPhoto attribute type was defined for use in the Inter- | |||
| net X.500 pilots but no referencable definition for it could be located. | net X.500 pilots but no referencable definition for it could be located. | |||
| 4.7. Preferred Language | 5.7. Preferred Language | |||
| Used to indicate an individual's preferred written or spoken language. | Used to indicate an individual's preferred written or spoken language. | |||
| This is useful for international correspondence or human-computer | This is useful for international correspondence or human-computer | |||
| interaction. Values for this attribute type MUST conform to the defini- | interaction. Values for this attribute type MUST conform to the defini- | |||
| tion of the Accept-Language header field defined in [RFC2068] with one | tion of the Accept-Language header field defined in [RFC2068] with one | |||
| exception: the sequence "Accept-Language" ":" should be omitted. This | exception: the sequence "Accept-Language" ":" should be omitted. This | |||
| is a single valued attribute type. | is a single valued attribute type. | |||
| ( 2.16.840.1.113730.3.1.39 | ( 2.16.840.1.113730.3.1.39 | |||
| NAME 'preferredLanguage' | NAME 'preferredLanguage' | |||
| DESC 'preferred written or spoken language for a person' | DESC 'preferred written or spoken language for a person' | |||
| EQUALITY caseIgnoreMatch | EQUALITY caseIgnoreMatch | |||
| SUBSTRINGS caseIgnoreSubstringsMatch | SUBSTR caseIgnoreSubstringsMatch | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 | |||
| SINGLE-VALUE ) | SINGLE-VALUE ) | |||
| ) | ) | |||
| 4.8. User S/MIME Certificate | 5.8. User S/MIME Certificate | |||
| An S/MIME [RFC1847] signed message with a zero-length body. This attri- | An S/MIME [RFC1847] signed message with a zero-length body. This attri- | |||
| bute is to be stored and requested in binary form, as | bute is to be stored and requested in binary form, as | |||
| 'userSMIMECertificate;binary'. It contains the person's entire certifi- | 'userSMIMECertificate;binary'. It contains the person's entire certifi- | |||
| cate chain and the signed attribute that describes their algorithm capa- | cate chain and the signed attribute that describes their algorithm capa- | |||
| bilities, stored as an octetString. If available, this attribute is | bilities, stored as binary data. If available, this attribute is | |||
| preferred over the userCertificate attribute for S/MIME applications. | preferred over the userCertificate attribute for S/MIME applications. | |||
| ( 2.16.840.1.113730.3.1.40 | ( 2.16.840.1.113730.3.1.40 | |||
| NAME 'userSMIMECertificate' | NAME 'userSMIMECertificate' | |||
| DESC 'signed message used to support S/MIME' | DESC 'signed message used to support S/MIME' | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) | |||
| 4.9. User PKCS #12 | 5.9. User PKCS #12 | |||
| PKCS #12 [PKCS12] provides a format for exchange of personal identity | PKCS #12 [PKCS12] provides a format for exchange of personal identity | |||
| information. When such information is stored in a directory service, | information. When such information is stored in a directory service, | |||
| the userPKCS12 attribute should be used. This attribute is to be stored | the userPKCS12 attribute should be used. This attribute is to be stored | |||
| and requested in binary form, as 'userPKCS12;binary'. The attribute | and requested in binary form, as 'userPKCS12;binary'. The attribute | |||
| values are PFX PDUs stored as octetStrings. | values are PFX PDUs stored as binary data. | |||
| ( 2.16.840.1.113730.3.1.216 | ( 2.16.840.1.113730.3.1.216 | |||
| NAME 'userPKCS12' | NAME 'userPKCS12' | |||
| DESC 'PKCS #12 PFX PDU for exchange of personal identity information' | DESC 'PKCS #12 PFX PDU for exchange of personal identity information' | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) | |||
| ) | ) | |||
| 5. Definition of the inetOrgPerson Object Class | 6. Definition of the inetOrgPerson Object Class | |||
| The inetOrgPerson represents people who are associated with an organiza- | The inetOrgPerson represents people who are associated with an organiza- | |||
| tion in some way. It is a structural class and is derived from the | tion in some way. It is a structural class and is derived from the | |||
| organizationalPerson class which is defined in [X521]. | organizationalPerson class which is defined in X.521 [X521]. | |||
| ( 2.16.840.1.113730.3.2.2 | ( 2.16.840.1.113730.3.2.2 | |||
| NAME 'inetOrgPerson' | NAME 'inetOrgPerson' | |||
| SUP organizationalPerson | SUP organizationalPerson | |||
| STRUCTURAL | STRUCTURAL | |||
| MAY ( | MAY ( | |||
| audio $ businessCategory $ carLicense $ departmentNumber $ | audio $ businessCategory $ carLicense $ departmentNumber $ | |||
| displayName $ employeeNumber $ employeeType $ givenName $ homePhone $ | displayName $ employeeNumber $ employeeType $ givenName $ homePhone $ | |||
| homePostalAddress $ initials $ jpegPhoto $ labeledURI $ | homePostalAddress $ initials $ jpegPhoto $ labeledURI $ | |||
| mail $ manager $ mobile $ pager $ | mail $ manager $ mobile $ o $ pager $ | |||
| photo $ roomNumber $ secretary $ uid $ userCertificate $ | photo $ roomNumber $ secretary $ uid $ userCertificate $ | |||
| x500uniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ | x500uniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ | |||
| userPKCS12 | userPKCS12 | |||
| ) | ) | |||
| ) | ) | |||
| For reference, we list the following additional attribute types that are | For reference, we list the following additional attribute types that are | |||
| part of the inetOrgPerson object class. These attribute types are | part of the inetOrgPerson object class. These attribute types are | |||
| inherited from organizationalPerson (which in turn is derived from the | inherited from organizationalPerson (which in turn is derived from the | |||
| person object class): | person object class): | |||
| skipping to change at page 5, line 42 ¶ | skipping to change at page 7, line 5 ¶ | |||
| photo $ roomNumber $ secretary $ uid $ userCertificate $ | photo $ roomNumber $ secretary $ uid $ userCertificate $ | |||
| x500uniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ | x500uniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ | |||
| userPKCS12 | userPKCS12 | |||
| ) | ) | |||
| ) | ) | |||
| For reference, we list the following additional attribute types that are | For reference, we list the following additional attribute types that are | |||
| part of the inetOrgPerson object class. These attribute types are | part of the inetOrgPerson object class. These attribute types are | |||
| inherited from organizationalPerson (which in turn is derived from the | inherited from organizationalPerson (which in turn is derived from the | |||
| person object class): | person object class): | |||
| MUST ( | MUST ( | |||
| cn $ objectClass $ sn | cn $ objectClass $ sn | |||
| ) | ) | |||
| MAY ( | MAY ( | |||
| description $ destinationIndicator $ facsimileTelephoneNumber $ | description $ destinationIndicator $ facsimileTelephoneNumber $ | |||
| internationaliSDNNumber $ l $ ou $ physicalDeliveryOfficeName $ | internationaliSDNNumber $ l $ ou $ physicalDeliveryOfficeName $ | |||
| postalAddress $ postalCode $ postOfficeBox $ | postalAddress $ postalCode $ postOfficeBox $ | |||
| preferredDeliveryMethod $ registeredAddress $ seeAlso $ | preferredDeliveryMethod $ registeredAddress $ seeAlso $ | |||
| st $ street $ telephoneNumber $ teletexTerminalIdentifier $ | st $ street $ telephoneNumber $ teletexTerminalIdentifier $ | |||
| telexNumber $ title $ userPassword $ x121Address | telexNumber $ title $ userPassword $ x121Address | |||
| ) | ) | |||
| 6. Example of an inetOrgPerson Entry | 7. Example of an inetOrgPerson Entry | |||
| The following example is expressed using the LDIF notation defined in | The following example is expressed using the LDIF notation defined in | |||
| [LDIF]. | [LDIF]. | |||
| dn: cn=Barbara Jensen, ou=Product Development, o=Ace Industry, c=US | dn: cn=Barbara Jensen,ou=Product Development,dc=airius,dc=com | |||
| objectClass: top | objectClass: top | |||
| objectClass: person | objectClass: person | |||
| objectClass: organizationalPerson | objectClass: organizationalPerson | |||
| objectClass: inetOrgPerson | objectClass: inetOrgPerson | |||
| cn: Barbara Jensen | cn: Barbara Jensen | |||
| cn: Babs Jensen | cn: Babs Jensen | |||
| displayName: Babs Jensen | ||||
| sn: Jensen | sn: Jensen | |||
| givenName: Barbara | givenName: Barbara | |||
| initials: BJJ | initials: BJJ | |||
| title: manager, product development | title: manager, product development | |||
| uid: bjensen | uid: bjensen | |||
| mail: bjensen@aceindustry.com | mail: bjensen@airius.com | |||
| telephoneNumber: +1 408 555 1862 | telephoneNumber: +1 408 555 1862 | |||
| facsimileTelephoneNumber: +1 408 555 1992 | facsimileTelephoneNumber: +1 408 555 1992 | |||
| mobile: +1 408 555 1941 | mobile: +1 408 555 1941 | |||
| roomNumber: 0209 | roomNumber: 0209 | |||
| carLicense: 6ABC246 | carLicense: 6ABC246 | |||
| o: Airius | ||||
| ou: Product Development | ||||
| departmentNumber: 2604 | departmentNumber: 2604 | |||
| employeeNumber: 42 | employeeNumber: 42 | |||
| employeeType: full time | employeeType: full time | |||
| preferredLanguage: fr, en-gb;q=0.8, en;q=0.7 | preferredLanguage: fr, en-gb;q=0.8, en;q=0.7 | |||
| labeledURI: http://www.aceindustry.com/users/bjensen My Home Page | labeledURI: http://www.airius.com/users/bjensen My Home Page | |||
| 8. Security Considerations | ||||
| 7. Security Considerations | ||||
| Attributes of directory entries are used to provide descriptive informa- | Attributes of directory entries are used to provide descriptive informa- | |||
| tion about the real-world objects they represent, which can be people, | tion about the real-world objects they represent, which can be people, | |||
| organizations or devices. Most countries have privacy laws regarding | organizations or devices. Most countries have privacy laws regarding | |||
| the publication of information about people. | the publication of information about people. | |||
| Transfer of cleartext passwords are strongly discouraged where the | Transfer of cleartext passwords are strongly discouraged where the | |||
| underlying transport service cannot guarantee confidentiality and may | underlying transport service cannot guarantee confidentiality and may | |||
| result in disclosure of the password to unauthorized parties. | result in disclosure of the password to unauthorized parties. | |||
| 8. Acknowledgments | 9. Acknowledgments | |||
| The Netscape Directory Server team created the inetOrgPerson object | The Netscape Directory Server team created the inetOrgPerson object | |||
| class based on experience and customer requirements. Anil Bhavnani and | class based on experience and customer requirements. Anil Bhavnani and | |||
| John Kristian in particular deserve credit for all of the early design | John Kristian in particular deserve credit for all of the early design | |||
| work. | work. | |||
| Many members of the Internet community, in particular those in the IETF | Many members of the Internet community, in particular those in the IETF | |||
| ASID and LDAPEXT groups, also contributed to the design of this object | ASID and LDAPEXT groups, also contributed to the design of this object | |||
| class. | class. | |||
| 9. Copyright | 10. Copyright | |||
| Copyright (C) The Internet Society (1996-1999). All Rights Reserved. | Copyright (C) The Internet Society (1996-1999). All Rights Reserved. | |||
| This document and translations of it may be copied and furnished to oth- | This document and translations of it may be copied and furnished to oth- | |||
| ers, and derivative works that comment on or otherwise explain it or | ers, and derivative works that comment on or otherwise explain it or | |||
| assist in its implementation may be prepared, copied, published and dis- | assist in its implementation may be prepared, copied, published and dis- | |||
| tributed, in whole or in part, without restriction of any kind, provided | tributed, in whole or in part, without restriction of any kind, provided | |||
| that the above copyright notice and this paragraph are included on all | that the above copyright notice and this paragraph are included on all | |||
| such copies and derivative works. However, this document itself may not | such copies and derivative works. However, this document itself may not | |||
| be modified in any way, such as by removing the copyright notice or | be modified in any way, such as by removing the copyright notice or | |||
| skipping to change at page 7, line 43 ¶ | skipping to change at page 9, line 7 ¶ | |||
| The limited permissions granted above are perpetual and will not be | The limited permissions granted above are perpetual and will not be | |||
| revoked by the Internet Society or its successors or assigns. | revoked by the Internet Society or its successors or assigns. | |||
| This document and the information contained herein is provided on an "AS | This document and the information contained herein is provided on an "AS | |||
| IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK | IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK | |||
| FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT | FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT | |||
| LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT | LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT | |||
| INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FIT- | INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FIT- | |||
| NESS FOR A PARTICULAR PURPOSE. | NESS FOR A PARTICULAR PURPOSE. | |||
| 10. Bibliography | 11. Bibliography | |||
| [JFIF]E. Hamilton, "JPEG File Interchange Format (Version 1.02)", C-Cube | [JFIF] | |||
| E. Hamilton, "JPEG File Interchange Format (Version 1.02)", C-Cube | ||||
| Microsystems, Milpitas, CA, September 1, 1992. | Microsystems, Milpitas, CA, September 1, 1992. | |||
| [LDIF]G. Good, "The LDAP Data Interchange Format (LDIF) - Technical | [LDIF] | |||
| G. Good, "The LDAP Data Interchange Format (LDIF) - Technical | ||||
| Specification" INTERNET-DRAFT <draft-good-ldap-ldif-02.txt>, 1 | Specification" INTERNET-DRAFT <draft-good-ldap-ldif-02.txt>, 1 | |||
| February 1999. | February 1999. | |||
| [PKCS12] | [PKCS12] | |||
| "PKCS #12: Personal Information Exchange Standard", Version 1.0 | "PKCS #12: Personal Information Exchange Standard", Version 1.0 | |||
| DRAFT, 30 April 1997. | DRAFT, 30 April 1997. | |||
| [RFC1274] | [RFC1274] | |||
| P. Barker, S. Kille, "The COSINE and Internet X.500 Schema", RFC | P. Barker, S. Kille, "The COSINE and Internet X.500 Schema", RFC | |||
| 1274, November 1991. | 1274, November 1991. | |||
| skipping to change at page 8, line 41 ¶ | skipping to change at page 10, line 9 ¶ | |||
| [RFC2252] | [RFC2252] | |||
| M. Wahl, A. Coulbeck, T. Howes, S. Kille, W. Yeong, C. Robbins, | M. Wahl, A. Coulbeck, T. Howes, S. Kille, W. Yeong, C. Robbins, | |||
| "Lightweight Directory Access Protocol (v3): Attribute Syntax | "Lightweight Directory Access Protocol (v3): Attribute Syntax | |||
| Definitions", RFC 2252, December 1997. | Definitions", RFC 2252, December 1997. | |||
| [RFC2256] | [RFC2256] | |||
| M. Wahl, "A Summary of the X.500(96) User Schema for use with | M. Wahl, "A Summary of the X.500(96) User Schema for use with | |||
| LDAPv3", RFC 2256, December 1997. | LDAPv3", RFC 2256, December 1997. | |||
| [X500]ITU-T Rec. X.500, "The Directory: Overview of Concepts, Models and | [X520] | |||
| Service", 1993. | ITU-T Rec. X.520, "The Directory: Selected Attribute Types", 1996. | |||
| [X520]ITU-T Rec. X.520, "The Directory: Selected Attribute Types", 1993. | ||||
| [X521]ITU-T Rec. X.521, "The Directory: Selected Object Classes", 1993. | [X521] | |||
| ITU-T Rec. X.521, "The Directory: Selected Object Classes", | ||||
| 1996. | ||||
| 11. Author's Address | 12. Author's Address | |||
| Mark Smith | Mark Smith | |||
| Netscape Communications Corp. | Netscape Communications Corp. | |||
| 501 E. Middlefield Rd., Mailstop MV068 | 501 E. Middlefield Rd., Mailstop MV068 | |||
| Mountain View, CA 94043, USA | Mountain View, CA 94043, USA | |||
| Phone: +1 650 937-3477 | Phone: +1 650 937-3477 | |||
| EMail: mcs@netscape.com | EMail: mcs@netscape.com | |||
| 12. Appendix A - Summary of Attribute Types Included in inetOrgPerson | 13. Appendix A - inetOrgPerson Schema Summary | |||
| This appendix provides definitions of all the attribute types included | This appendix provides definitions of all the attribute types included | |||
| in the inetOrgPerson object class. | in the inetOrgPerson object class along with their associated syntaxes | |||
| and matching rules. | ||||
| 13.1. Attribute Types | ||||
| 13.1.1. New attribute types that are defined in this document | ||||
| 12.1. Attribute types defined in this document | ||||
| ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' | ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' | |||
| DESC 'vehicle license or registration plate' | DESC 'vehicle license or registration plate' | |||
| EQUALITY caseIgnoreMatch | EQUALITY caseIgnoreMatch | |||
| SUBSTRINGS caseIgnoreSubstringsMatch | SUBSTR caseIgnoreSubstringsMatch | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) | |||
| ( 2.16.840.1.113730.3.1.2 | ( 2.16.840.1.113730.3.1.2 | |||
| NAME 'departmentNumber' | NAME 'departmentNumber' | |||
| DESC 'identifies a department within an organization' | DESC 'identifies a department within an organization' | |||
| EQUALITY caseIgnoreMatch | EQUALITY caseIgnoreMatch | |||
| SUBSTRINGS caseIgnoreSubstringsMatch | SUBSTR caseIgnoreSubstringsMatch | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) | |||
| ( 2.16.840.1.113730.3.1.241 | ( 2.16.840.1.113730.3.1.241 | |||
| NAME 'displayName' | NAME 'displayName' | |||
| DESC 'preferred name of a person to be used when displaying entries' | DESC 'preferred name of a person to be used when displaying entries' | |||
| EQUALITY caseIgnoreMatch | EQUALITY caseIgnoreMatch | |||
| SUBSTRINGS caseIgnoreSubstringsMatch | SUBSTR caseIgnoreSubstringsMatch | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 | |||
| SINGLE-VALUE ) | ||||
| ( 2.16.840.1.113730.3.1.3 | ( 2.16.840.1.113730.3.1.3 | |||
| NAME 'employeeNumber' | NAME 'employeeNumber' | |||
| DESC 'numerically identifies an employee within an organization' | DESC 'numerically identifies an employee within an organization' | |||
| EQUALITY caseIgnoreMatch | EQUALITY caseIgnoreMatch | |||
| SUBSTRINGS caseIgnoreSubstringsMatch | SUBSTR caseIgnoreSubstringsMatch | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 | |||
| SINGLE-VALUE ) | SINGLE-VALUE ) | |||
| ( 2.16.840.1.113730.3.1.4 | ( 2.16.840.1.113730.3.1.4 | |||
| NAME 'employeeType' | NAME 'employeeType' | |||
| DESC 'type of employment for a person' | DESC 'type of employment for a person' | |||
| EQUALITY caseIgnoreMatch | EQUALITY caseIgnoreMatch | |||
| SUBSTRINGS caseIgnoreSubstringsMatch | SUBSTR caseIgnoreSubstringsMatch | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) | |||
| ( 0.9.2342.19200300.100.1.60 | ( 0.9.2342.19200300.100.1.60 | |||
| NAME 'jpegPhoto' | NAME 'jpegPhoto' | |||
| DESC 'a JPEG image' | DESC 'a JPEG image' | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) | |||
| Note: The jpegPhoto attribute type was defined for use in the | Note: The jpegPhoto attribute type was defined for use in the | |||
| Internet X.500 pilots but no referencable definition for it | Internet X.500 pilots but no referencable definition for it | |||
| could be located. | could be located. | |||
| ( 2.16.840.1.113730.3.1.39 | ( 2.16.840.1.113730.3.1.39 | |||
| NAME 'preferredLanguage' | NAME 'preferredLanguage' | |||
| DESC 'preferred written or spoken language for a person' | DESC 'preferred written or spoken language for a person' | |||
| EQUALITY caseIgnoreMatch | EQUALITY caseIgnoreMatch | |||
| SUBSTRINGS caseIgnoreSubstringsMatch | SUBSTR caseIgnoreSubstringsMatch | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 | |||
| SINGLE-VALUE ) | SINGLE-VALUE ) | |||
| ( 2.16.840.1.113730.3.1.40 | ( 2.16.840.1.113730.3.1.40 | |||
| NAME 'userSMIMECertificate' | NAME 'userSMIMECertificate' | |||
| DESC 'signed message used to support S/MIME' | DESC 'signed message used to support S/MIME' | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) | |||
| ( 2.16.840.1.113730.3.1.216 | ( 2.16.840.1.113730.3.1.216 | |||
| NAME 'userPKCS12' | NAME 'userPKCS12' | |||
| DESC 'PKCS #12 PFX PDU for exchange of personal identity information' | DESC 'PKCS #12 PFX PDU for exchange of personal identity information' | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) | |||
| 12.2. Attribute types defined in the X.500 series of documents | 13.1.2. Attribute types from RFC 2256 | |||
| Note that these attribute types are also documented in RFC 2256. | Note that the original definitions of these types can be found in X.520. | |||
| ( 2.5.4.15 | ( 2.5.4.15 | |||
| NAME 'businessCategory' | NAME 'businessCategory' | |||
| EQUALITY caseIgnoreMatch | EQUALITY caseIgnoreMatch | |||
| SUBSTR caseIgnoreSubstringsMatch | SUBSTR caseIgnoreSubstringsMatch | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) | |||
| ( 2.5.4.3 | ( 2.5.4.3 | |||
| NAME 'cn' | NAME 'cn' | |||
| SUP name ) | SUP name ) | |||
| skipping to change at page 11, line 39 ¶ | skipping to change at page 13, line 10 ¶ | |||
| ( 2.5.4.7 | ( 2.5.4.7 | |||
| NAME 'l' | NAME 'l' | |||
| SUP name ) | SUP name ) | |||
| ( 2.5.4.0 | ( 2.5.4.0 | |||
| NAME 'objectClass' | NAME 'objectClass' | |||
| EQUALITY objectIdentifierMatch | EQUALITY objectIdentifierMatch | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) | |||
| ( 2.5.4.10 | ||||
| NAME 'o' | ||||
| SUP name ) | ||||
| ( 2.5.4.11 | ( 2.5.4.11 | |||
| NAME 'ou' | NAME 'ou' | |||
| SUP name ) | SUP name ) | |||
| ( 2.5.4.19 | ( 2.5.4.19 | |||
| NAME 'physicalDeliveryOfficeName' | NAME 'physicalDeliveryOfficeName' | |||
| EQUALITY caseIgnoreMatch | EQUALITY caseIgnoreMatch | |||
| SUBSTR caseIgnoreSubstringsMatch | SUBSTR caseIgnoreSubstringsMatch | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) | |||
| skipping to change at page 13, line 39 ¶ | skipping to change at page 15, line 13 ¶ | |||
| SUBSTR numericStringSubstringsMatch | SUBSTR numericStringSubstringsMatch | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ) | |||
| ( 2.5.4.45 | ( 2.5.4.45 | |||
| NAME 'x500UniqueIdentifier' | NAME 'x500UniqueIdentifier' | |||
| EQUALITY bitStringMatch | EQUALITY bitStringMatch | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) | |||
| Some attribute types included in inetOrgPerson are derived from the | Some attribute types included in inetOrgPerson are derived from the | |||
| 'name' and 'distinguishedName' attribute supertypes: | 'name' and 'distinguishedName' attribute supertypes: | |||
| ( 2.5.4.41 | ( 2.5.4.41 | |||
| NAME 'name' | NAME 'name' | |||
| EQUALITY caseIgnoreMatch | EQUALITY caseIgnoreMatch | |||
| SUBSTR caseIgnoreSubstringsMatch | SUBSTR caseIgnoreSubstringsMatch | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) | |||
| ( 2.5.4.49 | ( 2.5.4.49 | |||
| NAME 'distinguishedName' | NAME 'distinguishedName' | |||
| EQUALITY distinguishedNameMatch | EQUALITY distinguishedNameMatch | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) | |||
| 12.3. Attribute types defined in RFC 1274 | 13.1.3. Attribute types from RFC 1274 | |||
| ( 0.9.2342.19200300.100.1.55 | ( 0.9.2342.19200300.100.1.55 | |||
| NAME 'audio' | NAME 'audio' | |||
| EQUALITY octetStringMatch | EQUALITY octetStringMatch | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{250000} ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{250000} ) | |||
| Note: The syntax used here for the audio attribute type is Octet | Note: The syntax used here for the audio attribute type is Octet | |||
| String. RFC 1274 uses a syntax called audio which is not defined | String. RFC 1274 uses a syntax called audio which is not defined | |||
| in RFC 1274. | in RFC 1274. | |||
| ( 0.9.2342.19200300.100.1.20 | ( 0.9.2342.19200300.100.1.20 | |||
| NAME 'homePhone' | NAME 'homePhone' | |||
| skipping to change at page 15, line 29 ¶ | skipping to change at page 17, line 4 ¶ | |||
| ( 0.9.2342.19200300.100.1.21 | ( 0.9.2342.19200300.100.1.21 | |||
| NAME 'secretary' | NAME 'secretary' | |||
| EQUALITY distinguishedNameMatch | EQUALITY distinguishedNameMatch | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) | |||
| ( 0.9.2342.19200300.100.1.1 | ( 0.9.2342.19200300.100.1.1 | |||
| NAME 'uid' | NAME 'uid' | |||
| EQUALITY caseIgnoreMatch | EQUALITY caseIgnoreMatch | |||
| SUBSTR caseIgnoreSubstringsMatch | SUBSTR caseIgnoreSubstringsMatch | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) | |||
| Note: RFC 1274 uses the longer name 'userid'. | Note: RFC 1274 uses the longer name 'userid'. | |||
| 12.4. Attribute types defined in RFC 2079 | 13.1.4. Attribute type from RFC 2079 | |||
| ( 1.3.6.1.4.1.250.1.57 | ( 1.3.6.1.4.1.250.1.57 | |||
| NAME 'labeledURI' | NAME 'labeledURI' | |||
| EQUALITY caseExactMatch | EQUALITY caseExactMatch | |||
| SUBSTR caseExactSubstringsMatch | SUBSTR caseExactSubstringsMatch | |||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) | |||
| 13. Appendix B - Change History | 13.2. Syntaxes | |||
| Changes since draft-smith-ldap-inetorgperson-01.txt: | 13.2.1. Syntaxes from RFC 2252 | |||
| "Status of Memo" section: added a statement that this document is in | ( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' ) | |||
| full conformance with all provisions of Section 10 of RFC2026. Also | ||||
| revised the text about the Internet Draft current and shadow direc- | ||||
| tories as recommended by the latest I-D guidelines. | ||||
| "Definition of the inetOrgPerson Object Class" section: added | ( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' ) | |||
| displayName to the list of attribute types in the inetOrgPerson | ||||
| definition. The displayName attribute was added the last time this | ||||
| document was revised but inadvertently omitted from the object class | ||||
| definition. | ||||
| "Bibliography" section: updated LDIF Internet Draft reference. | ( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' ) | |||
| Appendix A: corrected the syntax OID for the mail attribute type to | ( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'DN' ) | |||
| match that specified for IA5 String in RFC 2252. | ||||
| This Internet Draft expires on 18 August 1999. | ( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'Directory String' ) | |||
| 1. Status of this Memo............................................1 | ( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'Facsimile Telephone Number' ) | |||
| 2. Abstract.......................................................1 | ||||
| 3. Background and Intended Usage..................................2 | ( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5 String' ) | |||
| 4. New Attribute Types Used in the inetOrgPerson Object Class.....2 | ||||
| 4.1. Vehicle license or registration plate.......................2 | ( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' ) | |||
| 4.2. Department number...........................................3 | ||||
| 4.3. Display Name................................................3 | ( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' ) | |||
| 4.4. Employee Number.............................................3 | ||||
| 4.5. Employee Type...............................................3 | ( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' ) | |||
| 4.6. JPEG Photograph.............................................4 | ||||
| 4.7. Preferred Language..........................................4 | ( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' ) | |||
| 4.8. User S/MIME Certificate.....................................4 | ||||
| 4.9. User PKCS #12...............................................5 | ( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' ) | |||
| 5. Definition of the inetOrgPerson Object Class...................5 | ||||
| 6. Example of an inetOrgPerson Entry..............................6 | ( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'Telephone Number' ) | |||
| 7. Security Considerations........................................6 | ||||
| 8. Acknowledgments................................................7 | 13.2.2. Syntaxes from RFC 2256 | |||
| 9. Copyright......................................................7 | ||||
| 10. Bibliography...................................................7 | ( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' ) | |||
| 11. Author's Address...............................................9 | ( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'Octet String' ) | |||
| 12. Appendix A - Summary of Attribute Types Included in inetOrgPerson9 | ||||
| 12.1. Attribute types defined in this document....................9 | ( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'Teletex Terminal Identifier' ) | |||
| 12.2. Attribute types defined in the X.500 series of documents....10 | ||||
| 12.3. Attribute types defined in RFC 1274.........................14 | ( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' ) | |||
| 12.4. Attribute types defined in RFC 2079.........................15 | ||||
| 13. Appendix B - Change History....................................15 | 13.3. Matching Rules | |||
| 13.3.1. Matching rules from RFC 2252 | ||||
| Note that the original definition of many of these matching rules can be | ||||
| found in X.520. | ||||
| ( 2.5.13.16 NAME 'bitStringMatch' | ||||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) | ||||
| ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' | ||||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) | ||||
| ( 2.5.13.11 NAME 'caseIgnoreListMatch' | ||||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) | ||||
| ( 2.5.13.2 NAME 'caseIgnoreMatch' | ||||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) | ||||
| ( 2.5.13.1 NAME 'distinguishedNameMatch' | ||||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) | ||||
| ( 2.5.13.8 NAME 'numericStringMatch' | ||||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 ) | ||||
| ( 2.5.13.0 NAME 'objectIdentifierMatch' | ||||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) | ||||
| ( 2.5.13.20 NAME 'telephoneNumberMatch' | ||||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) | ||||
| 13.3.2. Matching rule from RFC 2256 | ||||
| Note that the original definition of this matching rule can be found in | ||||
| X.520. | ||||
| ( 2.5.13.17 NAME 'octetStringMatch' | ||||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) | ||||
| 13.3.3. Additional matching rules from X.520 | ||||
| caseExactMatch | ||||
| ( 2.5.13.5 NAME 'caseExactMatch' | ||||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) | ||||
| This rule determines whether a presented string exactly matches an | ||||
| attribute value of syntax DirectoryString. It is identical to caseIg- | ||||
| noreMatch except that case is not ignored. Multiple adjoining whi- | ||||
| tespace characters are treated the same as an individual space, and | ||||
| leading and trailing whitespace is ignored. | ||||
| caseExactSubstringsMatch | ||||
| ( 2.5.13.7 NAME 'caseExactSubstringsMatch' | ||||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) | ||||
| This rules determines whether the initial, any and final substring ele- | ||||
| ments in a presented value are present in an attribute value of syntax | ||||
| DirectoryString. It is identical to caseIgnoreSubstringsMatch except | ||||
| that case is not ignored. | ||||
| caseIgnoreListSubstringsMatch | ||||
| ( 2.5.13.12 NAME 'caseIgnoreListSubstringsMatch' | ||||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) | ||||
| This rule compares a presented substring with an attribute value which | ||||
| is a sequence of DirectoryStrings, but where the case of letters is not | ||||
| significant for comparison purposes. A presented value matches a stored | ||||
| value if and only if the presented value matches the string formed by | ||||
| concatenating the strings of the stored value. Matching is done accord- | ||||
| ing to the caseIgnoreSubstringsMatch rule except that none of the ini- | ||||
| tial, final, or any values of the presented value match a substring of | ||||
| the concatenated string which spans more than one of the strings of the | ||||
| stored value. | ||||
| 13.3.4. Matching rules not defined in any referenced document | ||||
| caseIgnoreIA5SubstringsMatch | ||||
| ( 1.3.6.1.4.1.1466.109.114.3 NAME 'caseIgnoreIA5SubstringsMatch' | ||||
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) | ||||
| This rules determines whether the initial, any and final substring ele- | ||||
| ments in a presented value are present in an attribute value of syntax | ||||
| IA5 String without regard to the case of the letters in the strings. It | ||||
| is expected that this matching rule will be added to an update of RFC | ||||
| 2252. | ||||
| 14. Appendix B - Change History | ||||
| Changes since draft-smith-ldap-inetorgperson-02.txt: | ||||
| Added the 'o' (organization) attribute as an optional attribute type. | ||||
| Changed the displayName attribute type from multi-valued to single- | ||||
| valued. | ||||
| Changed the syntax of the userPKCS12 and userSMIMECertificate attri- | ||||
| bute types from Octet String to Binary. | ||||
| Added syntaxes and matching rules to Appendix A. | ||||
| Replaced "SUBSTRINGS" with "SUBSTR" in attribute type definitions in | ||||
| order to comply with the syntax defined in RFC 2252. | ||||
| Updated the example to remove spaces from the DN, to show sample use | ||||
| of the o, ou, and displayName types and to replace the domain names | ||||
| in the mail and labeledURI sample values with a legally cleaner | ||||
| value. | ||||
| Updated the X.500 references in the bibliography from 1993 to 1996; | ||||
| removed reference to X.500. | ||||
| Improved the formatting of the document slightly by adding vertical | ||||
| white space and my moving the table of contents close to the begin- | ||||
| ning. | ||||
| This Internet Draft expires on 22 October 1999. | ||||
| End of changes. 77 change blocks. | ||||
| 84 lines changed or deleted | 142 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||