idnits 2.17.1 draft-ietf-asid-ldapv3schema-x500-02.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-26) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. ** The document is more than 15 pages and seems to lack a Table of Contents. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 17 longer pages, the longest (page 17) being 61 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** There are 23 instances of too long lines in the document, the longest one being 2 characters in excess of 72. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 76: '...r implementation SHOULD recognize the ...' RFC 2119 keyword, line 378: '... implementations MUST NOT assume that ...' RFC 2119 keyword, line 456: '... implementations MUST NOT assume that ...' RFC 2119 keyword, line 501: '... Servers SHOULD recognize the syntax...' RFC 2119 keyword, line 616: '...e this attribute MUST use "supportedAl...' (42 more instances...) Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 21 has weird spacing: '...listing conta...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Missing reference section? '1' on line 842 looks like a reference -- Missing reference section? '2' on line 847 looks like a reference -- Missing reference section? '3' on line 849 looks like a reference -- Missing reference section? '4' on line 852 looks like a reference -- Missing reference section? '5' on line 855 looks like a reference Summary: 11 errors (**), 0 flaws (~~), 3 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group M. Wahl 2 INTERNET-DRAFT Critical Angle Inc. 3 Expires in six months from 5 Aug. 1997 5 A Summary of the X.500(96) User Schema for use with LDAPv3 6 8 1. Status of this Memo 10 This document is an Internet-Draft. Internet-Drafts are working 11 documents of the Internet Engineering Task Force (IETF), its areas, and 12 its working groups. Note that other groups may also distribute working 13 documents as Internet-Drafts. 15 Internet-Drafts are draft documents valid for a maximum of six months 16 and may be updated, replaced, or obsoleted by other documents at any 17 time. It is inappropriate to use Internet-Drafts as reference material 18 or to cite them other than as "work in progress." 20 To learn the current status of any Internet-Draft, please check the 21 "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow 22 Directories on ds.internic.net (US East Coast), nic.nordu.net (Europe), 23 ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim). 25 2. Abstract 27 This document provides an overview of the attribute types and object 28 classes defined by the ISO and ITU-T committees in the X.500 29 documents, in particular those intended for use by directory clients. 30 This is the most widely used schema for LDAP/X.500 directories, and 31 many other schema definitions for white pages objects use it as a 32 basis. This document does not cover attributes used for the 33 administration of X.500 directory servers, nor does it include 34 attributes defined by other ISO/ITU-T documents. 36 3. General Issues 38 This document references syntaxes given in section 6 of this document 39 and section 6 of [1]. Matching rules are listed in section 8 of this 40 document and section 8 of [1]. 42 The attribute type and object class definitions are written using the 43 BNF form of AttributeTypeDescription and ObjectClassDescription given 44 in [1]. Lines have been folded for readability. 46 4. Source 48 The schema definitions in this document are based on those found in 49 X.500 [2],[3],[4],[5], and updates to these documents, specifically: 51 Sections Source 52 ============ ============ 53 5.1 - 5.2 X.501(93) 54 5.3 - 5.36 X.520(88) 55 5.37 - 5.41 X.509(93) 56 5.42 - 5.52 X.520(93) 57 5.53 - 5.54 X.509(96) 58 5.55 X.520(96) 59 6.1 RFC 1274 60 6.2 (new syntax) 61 6.3 - 6.6 RFC 1274 62 7.1 - 7.2 X.501(93) 63 7.3 - 7.18 X.521(88) 64 7.19 - 7.22 X.501(93) 65 7.23 - 7.25 X.509(96) 66 7.26 X.521(96) 68 Some attribute names are different from those found in X.520(93). 70 Three new attributes supportedAlgorithms, deltaRevocationList and 71 dmdName, and the objectClass dmd, are defined in the X.500(96) 72 documents. 74 5. Attribute Types 76 An LDAP server implementation SHOULD recognize the attribute types 77 described in this section. 79 5.1. objectClass 81 The values of the objectClass attribute describe the kind of object 82 which an entry represents. The objectClass attribute is present in 83 every entry, with at least two values. One of the values is either 84 "top" or "alias". 86 ( 2.5.4.0 NAME 'objectClass' EQUALITY objectIdentifierMatch 87 SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) 89 5.2. aliasedObjectName 91 The aliasedObjectName attribute is used by the directory service if 92 the entry containing this attribute is an alias. 94 ( 2.5.4.1 NAME 'aliasedObjectName' EQUALITY distinguishedNameMatch 95 SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) 97 5.3. knowledgeInformation 99 This attribute is no longer used. 101 ( 2.5.4.2 NAME 'knowledgeInformation' EQUALITY caseIgnoreMatch 102 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{32768}' ) 104 5.4. cn 106 This is the X.500 commonName attribute, which contains a name of 107 an object. If the object corresponds to a person, it is typically the 108 person's full name. 110 ( 2.5.4.3 NAME 'cn' SUP name ) 112 5.5. sn 114 This is the X.500 surname attribute, which contains the family name of 115 a person. 117 ( 2.5.4.4 NAME 'sn' SUP name ) 119 5.6. serialNumber 121 This attribute contains the serial number of a device. 123 ( 2.5.4.5 NAME 'serialNumber' EQUALITY caseIgnoreMatch 124 SUBSTR caseIgnoreSubstringsMatch 125 SYNTAX '1.3.6.1.4.1.1466.115.121.1.44{64}' ) 127 5.7. c 129 This attribute contains a two-letter ISO 3166 country code 130 (countryName). 132 ( 2.5.4.6 NAME 'c' SUP name SINGLE-VALUE ) 134 5.8. l 136 This attribute contains the name of a locality, such as a city, 137 county or other geographic region (localityName). 139 ( 2.5.4.7 NAME 'l' SUP name ) 141 5.9. st 143 This attribute contains the full name of a state or province 144 (stateOrProvinceName). 146 ( 2.5.4.8 NAME 'st' SUP name ) 148 5.10. street 150 This attribute contains the physical address of the object to which 151 the entry corresponds, such as an address for package delivery 152 (streetAddress). 154 ( 2.5.4.9 NAME 'street' EQUALITY caseIgnoreMatch 155 SUBSTR caseIgnoreSubstringsMatch 156 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{128}' ) 158 5.11. o 160 This attribute contains the name of an organization 161 (organizationName). 163 ( 2.5.4.10 NAME 'o' SUP name ) 165 5.12. ou 167 This attribute contains the name of an organizational unit 168 (organizationalUnitName). 170 ( 2.5.4.11 NAME 'ou' SUP name ) 172 5.13. title 174 This attribute contains the title, such as "Vice President", of a 175 person in their organizational context. The "personalTitle" 176 attribute would be used for a person's title independent of their 177 job function. 179 ( 2.5.4.12 NAME 'title' SUP name ) 181 5.14. description 183 This attribute contains a human-readable description of the object. 185 ( 2.5.4.13 NAME 'description' EQUALITY caseIgnoreMatch 186 SUBSTR caseIgnoreSubstringsMatch 187 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{1024}' ) 189 5.15. searchGuide 191 This attribute is for use by X.500 clients in constructing search 192 filters. It is obsoleted by enhancedSearchGuide, described below in 193 5.48. 195 ( 2.5.4.14 NAME 'searchGuide' 196 SYNTAX '1.3.6.1.4.1.1466.115.121.1.25' ) 198 5.16. businessCategory 200 This attribute describes the kind of business performed by an 201 organization. 203 ( 2.5.4.15 NAME 'businessCategory' EQUALITY caseIgnoreMatch 204 SUBSTR caseIgnoreSubstringsMatch 205 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{128}' ) 207 5.17. postalAddress 209 ( 2.5.4.16 NAME 'postalAddress' EQUALITY caseIgnoreListMatch 210 SUBSTR caseIgnoreListSubstringsMatch 211 SYNTAX '1.3.6.1.4.1.1466.115.121.1.41' ) 213 5.18. postalCode 215 ( 2.5.4.17 NAME 'postalCode' EQUALITY caseIgnoreMatch 216 SUBSTR caseIgnoreSubstringsMatch 217 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{40}' ) 219 5.19. postOfficeBox 221 ( 2.5.4.18 NAME 'postOfficeBox' EQUALITY caseIgnoreMatch 222 SUBSTR caseIgnoreSubstringsMatch 223 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{40}' ) 225 5.20. physicalDeliveryOfficeName 227 ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' EQUALITY caseIgnoreMatch 228 SUBSTR caseIgnoreSubstringsMatch 229 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{128}' ) 231 5.21. telephoneNumber 233 ( 2.5.4.20 NAME 'telephoneNumber' EQUALITY telephoneNumberMatch 234 SUBSTR telephoneNumberSubstringsMatch 235 SYNTAX '1.3.6.1.4.1.1466.115.121.1.50{32}' ) 237 5.22. telexNumber 239 ( 2.5.4.21 NAME 'telexNumber' 240 SYNTAX '1.3.6.1.4.1.1466.115.121.1.52' ) 242 5.23. teletexTerminalIdentifier 244 ( 2.5.4.22 NAME 'teletexTerminalIdentifier' 245 SYNTAX '1.3.6.1.4.1.1466.115.121.1.51' ) 247 5.24. facsimileTelephoneNumber 249 ( 2.5.4.23 NAME 'facsimileTelephoneNumber' 250 SYNTAX '1.3.6.1.4.1.1466.115.121.1.22' ) 252 5.25. x121Address 254 ( 2.5.4.24 NAME 'x121Address' EQUALITY numericStringMatch 255 SUBSTR numericStringSubstringsMatch 256 SYNTAX '1.3.6.1.4.1.1466.115.121.1.36{15}' ) 258 5.26. internationaliSDNNumber 260 ( 2.5.4.25 NAME 'internationaliSDNNumber' EQUALITY numericStringMatch 261 SUBSTR numericStringSubstringsMatch 262 SYNTAX '1.3.6.1.4.1.1466.115.121.1.36{16}' ) 264 5.27. registeredAddress 266 This attribute holds a postal address suitable for reception of 267 telegrams or expedited documents, where it is necessary to have the 268 recipient accept delivery. 270 ( 2.5.4.26 NAME 'registeredAddress' SUP postalAddress 271 SYNTAX '1.3.6.1.4.1.1466.115.121.1.41' ) 273 5.28. destinationIndicator 275 This attribute is used for the telegram service. 277 ( 2.5.4.27 NAME 'destinationIndicator' EQUALITY caseIgnoreMatch 278 SUBSTR caseIgnoreSubstringsMatch 279 SYNTAX '1.3.6.1.4.1.1466.115.121.1.44{128}' ) 281 5.29. preferredDeliveryMethod 283 ( 2.5.4.28 NAME 'preferredDeliveryMethod' 284 SYNTAX '1.3.6.1.4.1.1466.115.121.1.14' 285 SINGLE-VALUE ) 287 5.30. presentationAddress 289 This attribute contains an OSI presentation address. 291 ( 2.5.4.29 NAME 'presentationAddress' 292 EQUALITY presentationAddressMatch 293 SYNTAX '1.3.6.1.4.1.1466.115.121.1.43' 294 SINGLE-VALUE ) 296 5.31. supportedApplicationContext 298 This attribute contains the identifiers of OSI application contexts. 300 ( 2.5.4.30 NAME 'supportedApplicationContext' 301 EQUALITY objectIdentifierMatch 302 SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) 304 5.32. member 306 ( 2.5.4.31 NAME 'member' SUP distinguishedName ) 308 5.33. owner 310 ( 2.5.4.32 NAME 'owner' SUP distinguishedName ) 312 5.34. roleOccupant 314 ( 2.5.4.33 NAME 'roleOccupant' SUP distinguishedName ) 316 5.35. seeAlso 318 ( 2.5.4.34 NAME 'seeAlso' SUP distinguishedName ) 320 5.36. userPassword 322 ( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch 323 SYNTAX '1.3.6.1.4.1.1466.115.121.1.40{128}' ) 325 Passwords are stored using an Octet String syntax and are not 326 encrypted. Transfer of cleartext passwords are strongly discouraged 327 where the underlying transport service cannot guarantee 328 confidentiality and may result in disclosure of the password to 329 unauthorized parties. 331 5.37. userCertificate 333 This attribute is to be stored and requested in the binary form, as 334 'userCertificate;binary'. 336 ( 2.5.4.36 NAME 'userCertificate' 337 SYNTAX '1.3.6.1.4.1.1466.115.121.1.8' ) 339 5.38. cACertificate 341 This attribute is to be stored and requested in the binary form, as 342 'cACertificate;binary'. 344 ( 2.5.4.37 NAME 'cACertificate' 345 SYNTAX '1.3.6.1.4.1.1466.115.121.1.8' ) 347 5.39. authorityRevocationList 349 This attribute is to be stored and requested in the binary form, as 350 'authorityRevocationList;binary'. 352 ( 2.5.4.38 NAME 'authorityRevocationList' 353 SYNTAX '1.3.6.1.4.1.1466.115.121.1.9' ) 355 5.40. certificateRevocationList 357 This attribute is to be stored and requested in the binary form, as 358 'certificateRevocationList;binary'. 360 ( 2.5.4.39 NAME 'certificateRevocationList' 361 SYNTAX '1.3.6.1.4.1.1466.115.121.1.9' ) 363 5.41. crossCertificatePair 365 This attribute is to be stored and requested in the binary form, as 366 'crossCertificatePair;binary'. 368 ( 2.5.4.40 NAME 'crossCertificatePair' 369 SYNTAX '1.3.6.1.4.1.1466.115.121.1.10' ) 371 5.42. name 373 The name attribute type is the attribute supertype from which string 374 attribute types typically used for naming may be formed. It is 375 unlikely that values of this type itself will occur in an entry. 376 LDAP server implementations which do not support attribute subtyping 377 need not recognize this attribute in requests. Client 378 implementations MUST NOT assume that LDAP servers are capable of 379 performing attribute subtyping. 381 ( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch 382 SUBSTR caseIgnoreSubstringsMatch 383 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{32768}' ) 385 5.43. givenName 387 The givenName attribute is used to hold the part of a person's name 388 which is not their surname nor middle name. 390 ( 2.5.4.42 NAME 'givenName' SUP name ) 392 5.44. initials 394 The initials attribute contains the initials of some or all of an 395 individuals names, but not the surname(s). 397 ( 2.5.4.43 NAME 'initials' SUP name ) 399 5.45. generationQualifier 401 The generationQualifier attribute contains the part of the name which 402 typically is the suffix, as in "IIIrd". 404 ( 2.5.4.44 NAME 'generationQualifier' SUP name ) 406 5.46. x500UniqueIdentifier 408 The x500UniqueIdentifier attribute is used to distinguish between 409 objects when a distinguished name has been reused. This is a 410 different attribute type from both the "uid" and "uniqueIdentifier" 411 types. 413 ( 2.5.4.45 NAME 'x500UniqueIdentifier' EQUALITY bitStringMatch 414 SYNTAX '1.3.6.1.4.1.1466.115.121.1.6' ) 416 5.47. dnQualifier 418 The dnQualifier attribute type specifies disambiguating information to 419 add to the relative distinguished name of an entry. It is intended 420 for use when merging data from multiple sources in order to prevent 421 conflicts between entries which would otherwise have the same name. 422 It is recommended that the value of the dnQualifier attribute be the 423 same for all entries from a particular source. 425 ( 2.5.4.46 NAME 'dnQualifier' EQUALITY caseIgnoreMatch 426 ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch 427 SYNTAX '1.3.6.1.4.1.1466.115.121.1.44' ) 429 5.48. enhancedSearchGuide 431 This attribute is for use by X.500 clients in constructing search 432 filters. 434 ( 2.5.4.47 NAME 'enhancedSearchGuide' 435 SYNTAX '1.3.6.1.4.1.1466.115.121.1.21' ) 437 5.49. protocolInformation 439 This attribute is used in conjuction with the presentationAddress 440 attribute, to provide additional information to the OSI network 441 service. 443 ( 2.5.4.48 NAME 'protocolInformation' 444 EQUALITY protocolInformationMatch 445 SYNTAX '1.3.6.1.4.1.1466.115.121.1.42' ) 447 5.50. distinguishedName 449 This attribute type is not used as the name of the object itself, but 450 it is instead a base type from which attributes with DN syntax 451 inherit. 453 It is unlikely that values of this type itself will occur in an entry. 454 LDAP server implementations which do not support attribute subtyping 455 need not recognize this attribute in requests. Client 456 implementations MUST NOT assume that LDAP servers are capable of 457 performing attribute subtyping. 459 ( 2.5.4.49 NAME 'distinguishedName' EQUALITY distinguishedNameMatch 460 SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) 462 5.51. uniqueMember 464 ( 2.5.4.50 NAME 'uniqueMember' EQUALITY uniqueMemberMatch 465 SYNTAX '1.3.6.1.4.1.1466.115.121.1.34' ) 467 5.52. houseIdentifier 469 This attribute is used to identify a building within a location. 471 ( 2.5.4.51 NAME 'houseIdentifier' EQUALITY caseIgnoreMatch 472 SUBSTR caseIgnoreSubstringsMatch 473 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{32768}' ) 475 5.53. supportedAlgorithms 477 This attribute is to be stored and requested in the binary form, as 478 'supportedAlgorithms;binary'. 480 ( 2.5.4.52 NAME 'supportedAlgorithms' 481 SYNTAX '1.3.6.1.4.1.1466.115.121.1.49' ) 483 5.54. deltaRevocationList 485 This attribute is to be stored and requested in the binary form, as 486 'deltaRevocationList;binary'. 488 ( 2.5.4.53 NAME 'deltaRevocationList' 489 SYNTAX '1.3.6.1.4.1.1466.115.121.1.9' ) 491 5.55. dmdName 493 The value of this attribute specifies a directory management 494 domain (DMD), the administrative authority which operates the 495 directory server. 497 ( 2.5.4.54 NAME 'dmdName' SUP name ) 499 6. Syntaxes 501 Servers SHOULD recognize the syntaxes defined in this section. 502 Each syntax begins with a sample value of the ldapSyntaxes attribute 503 which defines the OBJECT IDENTIFIER of the syntax. The descriptions 504 of syntax names are not carried in protocol, and are not guaranteed 505 to be unique. 507 6.1. Delivery Method 509 ( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' ) 511 Values in this syntax are encoded according to the following BNF: 513 delivery-value = pdm / ( pdm "$" delivery-value ) 515 pdm = "any" / "mhs" / "physical" / "telex" / "teletex" / 516 "g3fax" / "g4fax" / "ia5" / "videotex" / "telephone" 518 Example: 520 telephone 522 6.2. Enhanced Guide 524 ( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' ) 526 Values in this syntax are encoded according to the following BNF: 528 EnhancedGuide = objectclass "#" criteria "#" subset 530 subset = "baseobject" / "oneLevel" / "wholeSubtree" 532 The criteria production is defined in the Guide syntax below. 533 This syntax has been added subsequent to RFC 1778. 535 Example: 537 person#(sn)#oneLevel 539 6.3. Guide 541 ( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' ) 543 Values in this syntax are encoded according to the following BNF: 545 guide-value = [ object-class "#" ] criteria 547 object-class = 549 criteria = criteria-item / criteria-set / ( "!" criteria ) 551 criteria-set = ( [ "(" ] criteria "&" criteria-set [ ")" ] ) / 552 ( [ "(" ] criteria "|" criteria-set [ ")" ] ) 554 criteria-item = [ "(" ] attributetype "$" match-type [ ")" ] 556 match-type = "EQ" / "SUBSTR" / "GE" / "LE" / "APPROX" 558 This syntax should not be used for defining new attributes. 560 6.4. Octet String 562 ( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'Octet String' ) 564 Values in this syntax are encoded as octet strings. 566 Example: 568 secret 570 6.5. Teletex Terminal Identifier 572 ( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'Teletex Terminal Identifier' ) 574 Values in this syntax are encoded according to the following BNF: 576 teletex-id = ttx-term 0*("$" ttx-param) 578 ttx-term = printablestring 580 ttx-param = ttx-key ":" ttx-value 582 ttx-key = "graphic" / "control" / "misc" / "page" / "private" 584 ttx-value = octetstring 586 In the above, the first printablestring is the encoding of the 587 first portion of the teletex terminal identifier to be encoded, and 588 the subsequent 0 or more octetstrings are subsequent portions 589 of the teletex terminal identifier. 591 6.6. Telex Number 593 ( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' ) 595 Values in this syntax are encoded according to the following BNF: 597 telex-number = actual-number "$" country "$" answerback 599 actual-number = printablestring 601 country = printablestring 603 answerback = printablestring 605 In the above, actual-number is the syntactic representation of the 606 number portion of the TELEX number being encoded, country is the 607 TELEX country code, and answerback is the answerback code of a 608 TELEX terminal. 610 6.7. Supported Algorithm 612 ( 1.3.6.1.4.1.1466.115.121.1.49 DESC 'Supported Algorithm' ) 614 No printable representation of values of the supportedAlgorithms 615 attribute is defined in this document. Clients which wish to store 616 and retrieve this attribute MUST use "supportedAlgorithms;binary", in 617 which the value is transferred as a binary encoding. 619 7. Object Classes 621 LDAP servers MUST recognize the object classes "top" and "subschema". 622 LDAP servers SHOULD recognize all the other object classes listed here 623 as values of the objectClass attribute. 625 7.1. top 627 ( 2.5.6.0 NAME 'top' ABSTRACT MUST objectClass ) 629 7.2. alias 631 ( 2.5.6.1 NAME 'alias' SUP top STRUCTURAL MUST aliasedObjectName ) 633 7.3. country 635 ( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c 636 MAY ( searchGuide $ description ) ) 638 7.4. locality 640 ( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL 641 MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) ) 643 7.5. organization 645 ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST o 646 MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ 647 x121Address $ registeredAddress $ destinationIndicator $ 648 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 649 telephoneNumber $ internationaliSDNNumber $ 650 facsimileTelephoneNumber $ 651 street $ postOfficeBox $ postalCode $ postalAddress $ 652 physicalDeliveryOfficeName $ st $ l $ description ) ) 654 7.6. organizationalUnit 656 ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST ou 657 MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ 658 x121Address $ registeredAddress $ destinationIndicator $ 659 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 660 telephoneNumber $ internationaliSDNNumber $ 661 facsimileTelephoneNumber $ 662 street $ postOfficeBox $ postalCode $ postalAddress $ 663 physicalDeliveryOfficeName $ st $ l $ description ) ) 665 7.7. person 667 ( 2.5.6.6 NAME 'person' SUP top STRUCTURAL MUST ( sn $ cn ) 668 MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ) 670 7.8. organizationalPerson 672 ( 2.5.6.7 NAME 'organizationalPerson' SUP person STRUCTURAL 673 MAY ( title $ x121Address $ registeredAddress $ 674 destinationIndicator $ 675 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 676 telephoneNumber $ internationaliSDNNumber $ 677 facsimileTelephoneNumber $ 678 street $ postOfficeBox $ postalCode $ postalAddress $ 679 physicalDeliveryOfficeName $ ou $ st $ l ) ) 681 7.9. organizationalRole 683 ( 2.5.6.8 NAME 'organizationalRole' SUP top STRUCTURAL MUST cn 684 MAY ( x121Address $ registeredAddress $ destinationIndicator $ 685 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 686 telephoneNumber $ internationaliSDNNumber $ 687 facsimileTelephoneNumber $ 688 seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ 689 postOfficeBox $ postalCode $ postalAddress $ 690 physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) 692 7.10. groupOfNames 694 ( 2.5.6.9 NAME 'groupOfNames' SUP top STRUCTURAL MUST ( member $ cn ) 695 MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) 697 7.11. residentialPerson 699 ( 2.5.6.10 NAME 'residentialPerson' SUP person STRUCTURAL MUST l 700 MAY ( businessCategory $ x121Address $ registeredAddress $ 701 destinationIndicator $ preferredDeliveryMethod $ telexNumber $ 702 teletexTerminalIdentifier $ telephoneNumber $ 703 internationaliSDNNumber $ 704 facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ 705 postOfficeBox $ postalCode $ postalAddress $ 706 physicalDeliveryOfficeName $ st $ l ) ) 708 7.12. applicationProcess 710 ( 2.5.6.11 NAME 'applicationProcess' SUP top STRUCTURAL MUST cn 711 MAY ( seeAlso $ ou $ l $ description ) ) 713 7.13. applicationEntity 715 ( 2.5.6.12 NAME 'applicationEntity' SUP top STRUCTURAL 716 MUST ( presentationAddress $ cn ) 717 MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ 718 description ) ) 720 7.14. dSA 722 ( 2.5.6.13 NAME 'dSA' SUP applicationEntity STRUCTURAL 723 MAY knowledgeInformation ) 725 7.15. device 727 ( 2.5.6.14 NAME 'device' SUP top STRUCTURAL MUST cn 728 MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) ) 730 7.16. strongAuthenticationUser 732 ( 2.5.6.15 NAME 'strongAuthenticationUser' SUP top AUXILIARY 733 MUST userCertificate ) 735 7.17. certificationAuthority 737 ( 2.5.6.16 NAME 'certificationAuthority' SUP top AUXILIARY 738 MUST ( authorityRevocationList $ certificateRevocationList $ 739 cACertificate ) MAY crossCertificatePair ) 741 7.18. groupOfUniqueNames 743 ( 2.5.6.17 NAME 'groupOfUniqueNames' SUP top STRUCTURAL 744 MUST ( uniqueMember $ cn ) 745 MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) 747 7.19. subentry 749 This object class has special significance for administering X.500(93) 750 servers, as described in section 13.2 of X.501 [2]. 752 ( 2.5.17.0 NAME 'subentry' SUP top STRUCTURAL 753 MUST ( cn $ subtreeSpecification ) ) 755 7.20. accessControlSubentry 757 This object class has special significance for administering X.500(93) 758 servers. It is used in conjunction with the "subentry" object class. 760 ( 2.5.17.1 NAME 'accessControlSubentry' AUXILIARY ) 762 7.21. collectiveAttributeSubentry 764 This object class has special significance for administering X.500(93) 765 servers. It is used in conjunction with the "subentry" object class. 767 ( 2.5.17.2 NAME 'collectiveAttributeSubentry' AUXILIARY ) 769 7.22. subschema 771 This object class is used for the subschema subentry in X.500(93) 772 servers. 774 ( 2.5.20.1 NAME 'subschema' AUXILIARY 775 MAY ( dITStructureRules $ nameForms $ ditContentRules $ 776 objectClasses $ attributeTypes $ matchingRules $ 777 matchingRuleUse ) ) 779 7.23. userSecurityInformation 781 ( 2.5.6.18 NAME 'userSecurityInformation' SUP top AUXILIARY 782 MAY ( supportedAlgorithms ) ) 784 7.24. certificationAuthority-V2 786 ( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP 787 certificationAuthority 788 AUXILIARY MAY ( deltaRevocationList ) ) 790 7.25. cRLDistributionPoint 792 ( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL 793 MUST ( cn ) MAY ( certificateRevocationList $ 794 authorityRevocationList $ 795 deltaRevocationList ) ) 797 7.26. dmd 799 ( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdName ) 800 MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ 801 x121Address $ registeredAddress $ destinationIndicator $ 802 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 803 telephoneNumber $ internationaliSDNNumber $ 804 facsimileTelephoneNumber $ 805 street $ postOfficeBox $ postalCode $ postalAddress $ 806 physicalDeliveryOfficeName $ st $ l $ description ) ) 808 8. Matching Rule 810 Servers which implement the extensibleMatch filter SHOULD allow 811 the matching rule listed in this section to be used in the 812 extensibleMatch. In general these servers SHOULD allow matching 813 rules to be used with all attribute types known to the server, when 814 the assertion syntax of the matching rule is the same as the value 815 syntax of the attribute. 817 Servers MAY implement additional matching rules. 819 ( 2.5.13.17 NAME 'octetStringMatch' 820 SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) 822 9. Security Considerations 824 Attributes of directory entries are used to provide descriptive 825 information about the real-world objects they represent, which can 826 be people, organizations or devices. Most countries have privacy 827 laws regarding the publication of information about people. 829 Transfer of cleartext passwords are strongly discouraged where the 830 underlying transport service cannot guarantee confidentiality and may 831 result in disclosure of the password to unauthorized parties. 833 10. Acknowledgements 835 The definitions on which this document have been developed by 836 committees for telecommunications and international standards. 837 No new attribute definitions have been added. The syntax definitions 838 are based on the ISODE "QUIPU" implementation of X.500. 840 11. Bibliography 842 [1] M. Wahl, A. Coulbeck, T. Howes, S. Kille, W. Yeong, C. Robbins, 843 "Lightweight X.500 Directory Access Protocol Attribute Syntax 844 Definitions", INTERNET-DRAFT 845 , July 1997. 847 [2] The Directory: Models. ITU-T Recommendation X.501, 1993. 849 [3] The Directory: Authentication Framework. ITU-T Recommendation 850 X.509, 1993. 852 [4] The Directory: Selected Attribute Types. ITU-T Recommendation 853 X.520, 1993. 855 [5] The Directory: Selected Object Classes. ITU-T Recommendation 856 X.521, 1993. 858 12. Author's Address 860 Mark Wahl 861 Critical Angle Inc. 862 4815 West Braker Lane #502-385 863 Austin, TX 78759 864 USA 866 Phone: +1 512 372 3160 867 EMail: M.Wahl@critical-angle.com