idnits 2.17.1 draft-ietf-asid-ldapv3schema-x500-01.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-03-29) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. ** The document is more than 15 pages and seems to lack a Table of Contents. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 17 longer pages, the longest (page 3) being 60 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** There are 23 instances of too long lines in the document, the longest one being 2 characters in excess of 72. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 76: '...r implementation SHOULD recognize the ...' RFC 2119 keyword, line 376: '... implementations MUST NOT assume that ...' RFC 2119 keyword, line 454: '... implementations MUST NOT assume that ...' RFC 2119 keyword, line 499: '... Servers SHOULD recognize the syntax...' RFC 2119 keyword, line 611: '...e this attribute MUST use "supportedAl...' (42 more instances...) Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 21 has weird spacing: '...listing conta...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (11 July 1997) is 9758 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Missing reference section? '1' on line 837 looks like a reference -- Missing reference section? '2' on line 842 looks like a reference -- Missing reference section? '3' on line 844 looks like a reference -- Missing reference section? '4' on line 847 looks like a reference -- Missing reference section? '5' on line 850 looks like a reference Summary: 11 errors (**), 0 flaws (~~), 3 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group M. Wahl 2 INTERNET-DRAFT Critical Angle Inc. 3 Expires in six months from 11 July 1997 5 A Summary of the X.500(96) User Schema for use with LDAPv3 6 8 1. Status of this Memo 10 This document is an Internet-Draft. Internet-Drafts are working 11 documents of the Internet Engineering Task Force (IETF), its areas, and 12 its working groups. Note that other groups may also distribute working 13 documents as Internet-Drafts. 15 Internet-Drafts are draft documents valid for a maximum of six months 16 and may be updated, replaced, or obsoleted by other documents at any 17 time. It is inappropriate to use Internet-Drafts as reference material 18 or to cite them other than as "work in progress." 20 To learn the current status of any Internet-Draft, please check the 21 "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow 22 Directories on ds.internic.net (US East Coast), nic.nordu.net (Europe), 23 ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim). 25 2. Abstract 27 This document provides an overview of the attribute types and object 28 classes defined by the ISO and ITU-T committees in the X.500 29 documents, in particular those intended for use by directory clients. 30 This is the most widely used schema for LDAP/X.500 directories, and 31 many other schema definitions for white pages objects use it as a 32 basis. This document does not cover attributes used for the 33 administration of X.500 directory servers, nor does it include 34 attributes defined by other ISO/ITU-T documents. 36 3. General Issues 38 This document references syntaxes given in section 6 of this document 39 and section 6 of [1]. Matching rules are listed in section 8 of this 40 document and section 8 of [1]. 42 The attribute type and object class definitions are written using the 43 BNF form of AttributeTypeDescription and ObjectClassDescription given 44 in [1]. Lines have been folded for readability. 46 4. Source 48 The schema definitions in this document are based on those found in 49 X.500 [2],[3],[4],[5], and updates to these documents, specifically: 51 Sections Source 52 ============ ============ 53 5.1 - 5.2 X.501(93) 54 5.3 - 5.36 X.520(88) 55 5.37 - 5.41 X.509(93) 56 5.42 - 5.52 X.520(93) 57 5.53 - 5.54 X.509(96) 58 5.55 X.520(96) 59 6.1 RFC 1274 60 6.2 (new syntax) 61 6.3 - 6.6 RFC 1274 62 7.1 - 7.2 X.501(93) 63 7.3 - 7.18 X.521(88) 64 7.19 - 7.22 X.501(93) 65 7.23 - 7.25 X.509(96) 66 7.26 X.521(96) 68 Some attribute names are different from those found in X.520(93). 70 Three new attributes supportedAlgorithms, deltaRevocationList and 71 dmdName, and the objectClass dmd, are defined in the X.500(96) 72 documents. 74 5. Attribute Types 76 An LDAP server implementation SHOULD recognize the attribute types 77 described in this section. 79 5.1. objectClass 81 The values of the objectClass attribute describe the kind of object 82 which an entry represents. The objectClass attribute is present in 83 every entry, with at least two values. One of the values is either 84 "top" or "alias". 86 ( 2.5.4.0 NAME 'objectClass' EQUALITY objectIdentifierMatch 87 SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) 89 5.2. aliasedObjectName 91 The aliasedObjectName attribute is used by the directory service if 92 the entry containing this attribute is an alias. 94 ( 2.5.4.1 NAME 'aliasedObjectName' EQUALITY distinguishedNameMatch 95 SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) 97 5.3. knowledgeInformation 99 This attribute is no longer used. 101 ( 2.5.4.2 NAME 'knowledgeInformation' EQUALITY caseIgnoreMatch 102 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{32768}' ) 104 5.4. cn 106 This is the X.500 commonName attribute, which contains a name of 107 an object. If the object corresponds to a person, it is typically the 108 person's full name. 110 ( 2.5.4.3 NAME 'cn' SUP name ) 112 5.5. sn 114 This is the X.500 surname attribute, which contains the family name of 115 a person. 117 ( 2.5.4.4 NAME 'sn' SUP name ) 119 5.6. serialNumber 121 This attribute contains the serial number of a device. 123 ( 2.5.4.5 NAME 'serialNumber' EQUALITY caseIgnoreMatch 124 SUBSTR caseIgnoreSubstringsMatch 125 SYNTAX '1.3.6.1.4.1.1466.115.121.1.44{64}' ) 127 5.7. c 129 This attribute contains a two-letter ISO 3166 country code 130 (countryName). 132 ( 2.5.4.6 NAME 'c' SUP name SINGLE-VALUE ) 134 5.8. l 136 This attribute contains the name of a locality, such as a city, 137 county or other geographic region (localityName). 139 ( 2.5.4.7 NAME 'l' SUP name ) 141 5.9. st 143 This attribute contains the full name of a state or province 144 (stateOrProvinceName). 146 ( 2.5.4.8 NAME 'st' SUP name ) 148 5.10. street 150 This attribute contains the physical address of the object to which 151 the entry corresponds, such as an address for package delivery 152 (streetAddress). 154 ( 2.5.4.9 NAME 'street' EQUALITY caseIgnoreMatch 155 SUBSTR caseIgnoreSubstringsMatch 156 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{128}' ) 158 5.11. o 160 This attribute contains the name of an organization 161 (organizationName). 163 ( 2.5.4.10 NAME 'o' SUP name ) 165 5.12. ou 167 This attribute contains the name of an organizational unit 168 (organizationalUnitName). 170 ( 2.5.4.11 NAME 'ou' SUP name ) 172 5.13. title 174 This attribute contains the title, such as "Vice President", of a 175 person in their organizational context. The "personalTitle" 176 attribute would be used for a person's title independent of their 177 job function. 179 ( 2.5.4.12 NAME 'title' SUP name ) 181 5.14. description 183 This attribute contains a human-readable description of the object. 185 ( 2.5.4.13 NAME 'description' EQUALITY caseIgnoreMatch 186 SUBSTR caseIgnoreSubstringsMatch 187 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{1024}' ) 189 5.15. searchGuide 191 This attribute is for use by X.500 clients in constructing search 192 filters. It is obsoleted by enhancedSearchGuide, described below in 193 5.48. 195 ( 2.5.4.14 NAME 'searchGuide' 196 SYNTAX '1.3.6.1.4.1.1466.115.121.1.25' ) 198 5.16. businessCategory 200 This attribute describes the kind of business performed by an 201 organization. 203 ( 2.5.4.15 NAME 'businessCategory' EQUALITY caseIgnoreMatch 204 SUBSTR caseIgnoreSubstringsMatch 205 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{128}' ) 207 5.17. postalAddress 209 ( 2.5.4.16 NAME 'postalAddress' EQUALITY caseIgnoreListMatch 210 SUBSTR caseIgnoreListSubstringsMatch 211 SYNTAX '1.3.6.1.4.1.1466.115.121.1.41' ) 213 5.18. postalCode 215 ( 2.5.4.17 NAME 'postalCode' EQUALITY caseIgnoreMatch 216 SUBSTR caseIgnoreSubstringsMatch 217 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{40}' ) 219 5.19. postOfficeBox 221 ( 2.5.4.18 NAME 'postOfficeBox' EQUALITY caseIgnoreMatch 222 SUBSTR caseIgnoreSubstringsMatch 223 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{40}' ) 225 5.20. physicalDeliveryOfficeName 227 ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' EQUALITY caseIgnoreMatch 228 SUBSTR caseIgnoreSubstringsMatch 229 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{128}' ) 231 5.21. telephoneNumber 233 ( 2.5.4.20 NAME 'telephoneNumber' EQUALITY telephoneNumberMatch 234 SUBSTR telephoneNumberSubstringsMatch 235 SYNTAX '1.3.6.1.4.1.1466.115.121.1.50{32}' ) 237 5.22. telexNumber 239 ( 2.5.4.21 NAME 'telexNumber' 240 SYNTAX '1.3.6.1.4.1.1466.115.121.1.52' ) 242 5.23. teletexTerminalIdentifier 244 ( 2.5.4.22 NAME 'teletexTerminalIdentifier' 245 SYNTAX '1.3.6.1.4.1.1466.115.121.1.51' ) 247 5.24. facsimileTelephoneNumber 249 ( 2.5.4.23 NAME 'facsimileTelephoneNumber' 250 SYNTAX '1.3.6.1.4.1.1466.115.121.1.22' ) 252 5.25. x121Address 254 ( 2.5.4.24 NAME 'x121Address' EQUALITY numericStringMatch 255 SUBSTR numericStringSubstringsMatch 256 SYNTAX '1.3.6.1.4.1.1466.115.121.1.36{15}' ) 258 5.26. internationaliSDNNumber 260 ( 2.5.4.25 NAME 'internationaliSDNNumber' EQUALITY numericStringMatch 261 SUBSTR numericStringSubstringsMatch 262 SYNTAX '1.3.6.1.4.1.1466.115.121.1.36{16}' ) 264 5.27. registeredAddress 266 This attribute holds a postal address suitable for reception of 267 telegrams or expedited documents, where it is necessary to have the 268 recipient accept delivery. 270 ( 2.5.4.26 NAME 'registeredAddress' SUP postalAddress 271 SYNTAX '1.3.6.1.4.1.1466.115.121.1.41' ) 273 5.28. destinationIndicator 275 This attribute is used for the telegram service. 277 ( 2.5.4.27 NAME 'destinationIndicator' EQUALITY caseIgnoreMatch 278 SUBSTR caseIgnoreSubstringsMatch 279 SYNTAX '1.3.6.1.4.1.1466.115.121.1.44{128}' ) 281 5.29. preferredDeliveryMethod 283 ( 2.5.4.28 NAME 'preferredDeliveryMethod' 284 SYNTAX '1.3.6.1.4.1.1466.115.121.1.14' 285 SINGLE-VALUE ) 287 5.30. presentationAddress 289 This attribute contains an OSI presentation address. 291 ( 2.5.4.29 NAME 'presentationAddress' 292 EQUALITY presentationAddressMatch 293 SYNTAX '1.3.6.1.4.1.1466.115.121.1.43' 294 SINGLE-VALUE ) 296 5.31. supportedApplicationContext 298 This attribute contains the identifiers of OSI application contexts. 300 ( 2.5.4.30 NAME 'supportedApplicationContext' 301 EQUALITY objectIdentifierMatch 302 SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) 304 5.32. member 306 ( 2.5.4.31 NAME 'member' SUP distinguishedName ) 308 5.33. owner 310 ( 2.5.4.32 NAME 'owner' SUP distinguishedName ) 312 5.34. roleOccupant 314 ( 2.5.4.33 NAME 'roleOccupant' SUP distinguishedName ) 316 5.35. seeAlso 318 ( 2.5.4.34 NAME 'seeAlso' SUP distinguishedName ) 320 5.36. userPassword 322 ( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch 323 SYNTAX '1.3.6.1.4.1.1466.115.121.1.40{128}' ) 325 Transfer of cleartext passwords are strongly discouraged where the 326 underlying transport service cannot guarantee confidentiality and may 327 result in disclosure of the password to unauthorized parties. 329 5.37. userCertificate 331 This attribute is to be stored and requested in the binary form, as 332 'userCertificate;binary'. 334 ( 2.5.4.36 NAME 'userCertificate' 335 SYNTAX '1.3.6.1.4.1.1466.115.121.1.8' ) 337 5.38. cACertificate 339 This attribute is to be stored and requested in the binary form, as 340 'cACertificate;binary'. 342 ( 2.5.4.37 NAME 'cACertificate' 343 SYNTAX '1.3.6.1.4.1.1466.115.121.1.8' ) 345 5.39. authorityRevocationList 347 This attribute is to be stored and requested in the binary form, as 348 'authorityRevocationList;binary'. 350 ( 2.5.4.38 NAME 'authorityRevocationList' 351 SYNTAX '1.3.6.1.4.1.1466.115.121.1.9' ) 353 5.40. certificateRevocationList 355 This attribute is to be stored and requested in the binary form, as 356 'certificateRevocationList;binary'. 358 ( 2.5.4.39 NAME 'certificateRevocationList' 359 SYNTAX '1.3.6.1.4.1.1466.115.121.1.9' ) 361 5.41. crossCertificatePair 363 This attribute is to be stored and requested in the binary form, as 364 'crossCertificatePair;binary'. 366 ( 2.5.4.40 NAME 'crossCertificatePair' 367 SYNTAX '1.3.6.1.4.1.1466.115.121.1.10' ) 369 5.42. name 371 The name attribute type is the attribute supertype from which string 372 attribute types typically used for naming may be formed. It is 373 unlikely that values of this type itself will occur in an entry. 374 LDAP server implementations which do not support attribute subtyping 375 need not recognize this attribute in requests. Client 376 implementations MUST NOT assume that LDAP servers are capable of 377 performing attribute subtyping. 379 ( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch 380 SUBSTR caseIgnoreSubstringsMatch 381 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{32768}' ) 383 5.43. givenName 385 The givenName attribute is used to hold the part of a person's name 386 which is not their surname nor middle name. 388 ( 2.5.4.42 NAME 'givenName' SUP name ) 390 5.44. initials 392 The initials attribute contains the initials of some or all of an 393 individuals names, but not the surname(s). 395 ( 2.5.4.43 NAME 'initials' SUP name ) 397 5.45. generationQualifier 399 The generationQualifier attribute contains the part of the name which 400 typically is the suffix, as in "IIIrd". 402 ( 2.5.4.44 NAME 'generationQualifier' SUP name ) 404 5.46. x500UniqueIdentifier 406 The x500UniqueIdentifier attribute is used to distinguish between 407 objects when a distinguished name has been reused. This is a 408 different attribute type from both the "uid" and "uniqueIdentifier" 409 types. 411 ( 2.5.4.45 NAME 'x500UniqueIdentifier' EQUALITY bitStringMatch 412 SYNTAX '1.3.6.1.4.1.1466.115.121.1.6' ) 414 5.47. dnQualifier 416 The dnQualifier attribute type specifies disambiguating information to 417 add to the relative distinguished name of an entry. It is intended 418 for use when merging data from multiple sources in order to prevent 419 conflicts between entries which would otherwise have the same name. 420 It is recommended that the value of the dnQualifier attribute be the 421 same for all entries from a particular source. 423 ( 2.5.4.46 NAME 'dnQualifier' EQUALITY caseIgnoreMatch 424 ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch 425 SYNTAX '1.3.6.1.4.1.1466.115.121.1.44' ) 427 5.48. enhancedSearchGuide 429 This attribute is for use by X.500 clients in constructing search 430 filters. 432 ( 2.5.4.47 NAME 'enhancedSearchGuide' 433 SYNTAX '1.3.6.1.4.1.1466.115.121.1.21' ) 435 5.49. protocolInformation 437 This attribute is used in conjuction with the presentationAddress 438 attribute, to provide additional information to the OSI network 439 service. 441 ( 2.5.4.48 NAME 'protocolInformation' 442 EQUALITY protocolInformationMatch 443 SYNTAX '1.3.6.1.4.1.1466.115.121.1.42' ) 445 5.50. distinguishedName 447 This attribute type is not used as the name of the object itself, but 448 it is instead a base type from which attributes with DN syntax 449 inherit. 451 It is unlikely that values of this type itself will occur in an entry. 452 LDAP server implementations which do not support attribute subtyping 453 need not recognize this attribute in requests. Client 454 implementations MUST NOT assume that LDAP servers are capable of 455 performing attribute subtyping. 457 ( 2.5.4.49 NAME 'distinguishedName' EQUALITY distinguishedNameMatch 458 SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) 460 5.51. uniqueMember 462 ( 2.5.4.50 NAME 'uniqueMember' EQUALITY uniqueMemberMatch 463 SYNTAX '1.3.6.1.4.1.1466.115.121.1.34' ) 465 5.52. houseIdentifier 467 This attribute is used to identify a building within a location. 469 ( 2.5.4.51 NAME 'houseIdentifier' EQUALITY caseIgnoreMatch 470 SUBSTR caseIgnoreSubstringsMatch 471 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{32768}' ) 473 5.53. supportedAlgorithms 475 This attribute is to be stored and requested in the binary form, as 476 'supportedAlgorithms;binary'. 478 ( 2.5.4.52 NAME 'supportedAlgorithms' 479 SYNTAX '1.3.6.1.4.1.1466.115.121.1.49' ) 481 5.54. deltaRevocationList 483 This attribute is to be stored and requested in the binary form, as 484 'deltaRevocationList;binary'. 486 ( 2.5.4.53 NAME 'deltaRevocationList' 487 SYNTAX '1.3.6.1.4.1.1466.115.121.1.9' ) 489 5.55. dmdName 491 The value of this attribute specifies a directory management 492 domain (DMD), the administrative authority which operates the 493 directory server. 495 ( 2.5.4.54 NAME 'dmdName' SUP name ) 497 6. Syntaxes 499 Servers SHOULD recognize the syntaxes defined in this section. 501 6.1. Delivery Method 503 This syntax has OBJECT IDENTIFIER 1.3.6.1.4.1.1466.115.121.1.14. 505 Values in this syntax are encoded according to the following BNF: 507 delivery-value = pdm / ( pdm "$" delivery-value ) 509 pdm = "any" / "mhs" / "physical" / "telex" / "teletex" / 510 "g3fax" / "g4fax" / "ia5" / "videotex" / "telephone" 512 Example: 514 telephone 516 6.2. Enhanced Guide 518 This syntax has OBJECT IDENTIFIER 1.3.6.1.4.1.1466.115.121.1.21. 520 Values in this syntax are encoded according to the following BNF: 522 EnhancedGuide = objectclass "#" criteria "#" subset 524 subset = "baseobject" / "oneLevel" / "wholeSubtree" 526 The criteria production is defined in the Guide syntax below. 527 This syntax has been added subsequent to RFC 1778. 529 Example: 531 person#(sn)#oneLevel 533 6.3. Guide 535 This syntax has OBJECT IDENTIFIER 1.3.6.1.4.1.1466.115.121.1.25. 537 Values in this syntax are encoded according to the following BNF: 539 guide-value = [ object-class "#" ] criteria 541 object-class = 543 criteria = criteria-item / criteria-set / ( "!" criteria ) 545 criteria-set = ( [ "(" ] criteria "&" criteria-set [ ")" ] ) / 546 ( [ "(" ] criteria "|" criteria-set [ ")" ] ) 548 criteria-item = [ "(" ] attributetype "$" match-type [ ")" ] 550 match-type = "EQ" / "SUBSTR" / "GE" / "LE" / "APPROX" 552 This syntax should not be used for defining new attributes. 554 6.4. Password 556 This syntax has OBJECT IDENTIFIER 1.3.6.1.4.1.1466.115.121.1.40. 558 Values in this syntax are encoded as octet strings. They are not 559 encrypted. 561 Example: 563 secret 565 6.5. Teletex Terminal Identifier 567 This syntax has OBJECT IDENTIFIER 1.3.6.1.4.1.1466.115.121.1.51. 569 Values in this syntax are encoded according to the following BNF: 571 teletex-id = ttx-term 0*("$" ttx-param) 573 ttx-term = printablestring 575 ttx-param = ttx-key ":" ttx-value 577 ttx-key = "graphic" / "control" / "misc" / "page" / "private" 579 ttx-value = octetstring 581 In the above, the first printablestring is the encoding of the 582 first portion of the teletex terminal identifier to be encoded, and 583 the subsequent 0 or more octetstrings are subsequent portions 584 of the teletex terminal identifier. 586 6.6. Telex Number 588 This syntax has OBJECT IDENTIFIER 1.3.6.1.4.1.1466.115.121.1.52. 590 Values in this syntax are encoded according to the following BNF: 592 telex-number = actual-number "$" country "$" answerback 594 actual-number = printablestring 596 country = printablestring 598 answerback = printablestring 600 In the above, actual-number is the syntactic representation of the 601 number portion of the TELEX number being encoded, country is the 602 TELEX country code, and answerback is the answerback code of a 603 TELEX terminal. 605 6.7. Supported Algorithm 607 This syntax has OBJECT IDENTIFIER 1.3.6.1.4.1.1466.115.121.1.49. 609 No printable representation of values of the supportedAlgorithms 610 attribute is defined in this document. Clients which wish to store 611 and retrieve this attribute MUST use "supportedAlgorithms;binary", in 612 which the value is transferred as a binary encoding. 614 7. Object Classes 616 LDAP servers MUST recognize the object classes "top" and "subschema". 617 LDAP servers SHOULD recognize all the other object classes listed here 618 as values of the objectClass attribute. 620 7.1. top 622 ( 2.5.6.0 NAME 'top' ABSTRACT MUST objectClass ) 624 7.2. alias 626 ( 2.5.6.1 NAME 'alias' SUP top STRUCTURAL MUST aliasedObjectName ) 628 7.3. country 630 ( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c 631 MAY ( searchGuide $ description ) ) 633 7.4. locality 635 ( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL 636 MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) ) 638 7.5. organization 640 ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST o 641 MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ 642 x121Address $ registeredAddress $ destinationIndicator $ 643 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 644 telephoneNumber $ internationaliSDNNumber $ 645 facsimileTelephoneNumber $ 646 street $ postOfficeBox $ postalCode $ postalAddress $ 647 physicalDeliveryOfficeName $ st $ l $ description ) ) 649 7.6. organizationalUnit 651 ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST ou 652 MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ 653 x121Address $ registeredAddress $ destinationIndicator $ 654 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 655 telephoneNumber $ internationaliSDNNumber $ 656 facsimileTelephoneNumber $ 657 street $ postOfficeBox $ postalCode $ postalAddress $ 658 physicalDeliveryOfficeName $ st $ l $ description ) ) 660 7.7. person 662 ( 2.5.6.6 NAME 'person' SUP top STRUCTURAL MUST ( sn $ cn ) 663 MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ) 665 7.8. organizationalPerson 667 ( 2.5.6.7 NAME 'organizationalPerson' SUP person STRUCTURAL 668 MAY ( title $ x121Address $ registeredAddress $ 669 destinationIndicator $ 670 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 671 telephoneNumber $ internationaliSDNNumber $ 672 facsimileTelephoneNumber $ 673 street $ postOfficeBox $ postalCode $ postalAddress $ 674 physicalDeliveryOfficeName $ ou $ st $ l ) ) 676 7.9. organizationalRole 678 ( 2.5.6.8 NAME 'organizationalRole' SUP top STRUCTURAL MUST cn 679 MAY ( x121Address $ registeredAddress $ destinationIndicator $ 680 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 681 telephoneNumber $ internationaliSDNNumber $ 682 facsimileTelephoneNumber $ 683 seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ 684 postOfficeBox $ postalCode $ postalAddress $ 685 physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) 687 7.10. groupOfNames 689 ( 2.5.6.9 NAME 'groupOfNames' SUP top STRUCTURAL MUST ( member $ cn ) 690 MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) 692 7.11. residentialPerson 694 ( 2.5.6.10 NAME 'residentialPerson' SUP person STRUCTURAL MUST l 695 MAY ( businessCategory $ x121Address $ registeredAddress $ 696 destinationIndicator $ preferredDeliveryMethod $ telexNumber $ 697 teletexTerminalIdentifier $ telephoneNumber $ 698 internationaliSDNNumber $ 699 facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ 700 postOfficeBox $ postalCode $ postalAddress $ 701 physicalDeliveryOfficeName $ st $ l ) ) 703 7.12. applicationProcess 705 ( 2.5.6.11 NAME 'applicationProcess' SUP top STRUCTURAL MUST cn 706 MAY ( seeAlso $ ou $ l $ description ) ) 708 7.13. applicationEntity 710 ( 2.5.6.12 NAME 'applicationEntity' SUP top STRUCTURAL 711 MUST ( presentationAddress $ cn ) 712 MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ 713 description ) ) 715 7.14. dSA 717 ( 2.5.6.13 NAME 'dSA' SUP applicationEntity STRUCTURAL 718 MAY knowledgeInformation ) 720 7.15. device 722 ( 2.5.6.14 NAME 'device' SUP top STRUCTURAL MUST cn 723 MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) ) 725 7.16. strongAuthenticationUser 727 ( 2.5.6.15 NAME 'strongAuthenticationUser' SUP top AUXILIARY 728 MUST userCertificate ) 730 7.17. certificationAuthority 732 ( 2.5.6.16 NAME 'certificationAuthority' SUP top AUXILIARY 733 MUST ( authorityRevocationList $ certificateRevocationList $ 734 cACertificate ) MAY crossCertificatePair ) 736 7.18. groupOfUniqueNames 738 ( 2.5.6.17 NAME 'groupOfUniqueNames' SUP top STRUCTURAL 739 MUST ( uniqueMember $ cn ) 740 MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) 742 7.19. subentry 744 This object class has special significance for administering X.500(93) 745 servers, as described in section 13.2 of X.501 [2]. 747 ( 2.5.17.0 NAME 'subentry' SUP top STRUCTURAL 748 MUST ( cn $ subtreeSpecification ) ) 750 7.20. accessControlSubentry 752 This object class has special significance for administering X.500(93) 753 servers. It is used in conjunction with the "subentry" object class. 755 ( 2.5.17.1 NAME 'accessControlSubentry' AUXILIARY ) 757 7.21. collectiveAttributeSubentry 759 This object class has special significance for administering X.500(93) 760 servers. It is used in conjunction with the "subentry" object class. 762 ( 2.5.17.2 NAME 'collectiveAttributeSubentry' AUXILIARY ) 764 7.22. subschema 766 This object class is used for the subschema subentry in X.500(93) 767 servers. 769 ( 2.5.20.1 NAME 'subschema' AUXILIARY 770 MAY ( dITStructureRules $ nameForms $ ditContentRules $ 771 objectClasses $ attributeTypes $ matchingRules $ 772 matchingRuleUse ) ) 774 7.23. userSecurityInformation 776 ( 2.5.6.18 NAME 'userSecurityInformation' SUP top AUXILIARY 777 MAY ( supportedAlgorithms ) ) 779 7.24. certificationAuthority-V2 781 ( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP 782 certificationAuthority 783 AUXILIARY MAY ( deltaRevocationList ) ) 785 7.25. cRLDistributionPoint 787 ( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL 788 MUST ( cn ) MAY ( certificateRevocationList $ 789 authorityRevocationList $ 790 deltaRevocationList ) ) 792 7.26. dmd 794 ( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdName ) 795 MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ 796 x121Address $ registeredAddress $ destinationIndicator $ 797 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 798 telephoneNumber $ internationaliSDNNumber $ 799 facsimileTelephoneNumber $ 800 street $ postOfficeBox $ postalCode $ postalAddress $ 801 physicalDeliveryOfficeName $ st $ l $ description ) ) 803 8. Matching Rule 805 Servers which implement the extensibleMatch filter SHOULD allow 806 the matching rule listed in this section to be used in the 807 extensibleMatch. In general these servers SHOULD allow matching 808 rules to be used with all attribute types known to the server, when 809 the assertion syntax of the matching rule is the same as the value 810 syntax of the attribute. 812 Servers MAY implement additional matching rules. 814 ( 2.5.13.17 NAME 'octetStringMatch' 815 SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) 817 9. Security Considerations 819 Attributes of directory entries are used to provide descriptive 820 information about the real-world objects they represent, which can 821 be people, organizations or devices. Most countries have privacy 822 laws regarding the publication of information about people. 824 Transfer of cleartext passwords are strongly discouraged where the 825 underlying transport service cannot guarantee confidentiality and may 826 result in disclosure of the password to unauthorized parties. 828 10. Acknowledgements 830 The definitions on which this document have been developed by 831 committees for telecommunications and international standards. 832 No new schema definitions have been added. The syntax definitions 833 are based on the ISODE "QUIPU" implementation of X.500. 835 11. Bibliography 837 [1] M. Wahl, A. Coulbeck, T. Howes, S. Kille, W. Yeong, C. Robbins, 838 "Lightweight X.500 Directory Access Protocol Attribute Syntax 839 Definitions", INTERNET-DRAFT 840 , July 1997. 842 [2] The Directory: Models. ITU-T Recommendation X.501, 1993. 844 [3] The Directory: Authentication Framework. ITU-T Recommendation 845 X.509, 1993. 847 [4] The Directory: Selected Attribute Types. ITU-T Recommendation 848 X.520, 1993. 850 [5] The Directory: Selected Object Classes. ITU-T Recommendation 851 X.521, 1993. 853 12. Author's Address 855 Mark Wahl 856 Critical Angle Inc. 857 4815 West Braker Lane #502-385 858 Austin, TX 78759 859 USA 861 Phone: +1 512 372 3160 862 EMail: M.Wahl@critical-angle.com