idnits 2.17.1 draft-ietf-asid-ldapv3schema-x500-03.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-26) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. ** The document is more than 15 pages and seems to lack a Table of Contents. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 17 longer pages, the longest (page 17) being 61 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** There are 20 instances of too long lines in the document, the longest one being 2 characters in excess of 72. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 75: '...r implementation SHOULD recognize the ...' RFC 2119 keyword, line 377: '... implementations MUST NOT assume that ...' RFC 2119 keyword, line 455: '... implementations MUST NOT assume that ...' RFC 2119 keyword, line 500: '... Servers SHOULD recognize the syntax...' RFC 2119 keyword, line 615: '...e this attribute MUST use "supportedAl...' (40 more instances...) Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 21 has weird spacing: '...listing conta...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Missing reference section? '1' on line 811 looks like a reference -- Missing reference section? '2' on line 816 looks like a reference -- Missing reference section? '3' on line 818 looks like a reference -- Missing reference section? '4' on line 821 looks like a reference -- Missing reference section? '5' on line 824 looks like a reference Summary: 11 errors (**), 0 flaws (~~), 3 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group M. Wahl 2 INTERNET-DRAFT Critical Angle Inc. 3 Expires in six months from 10 Oct. 1997 5 A Summary of the X.500(96) User Schema for use with LDAPv3 6 8 1. Status of this Memo 10 This document is an Internet-Draft. Internet-Drafts are working 11 documents of the Internet Engineering Task Force (IETF), its areas, and 12 its working groups. Note that other groups may also distribute working 13 documents as Internet-Drafts. 15 Internet-Drafts are draft documents valid for a maximum of six months 16 and may be updated, replaced, or obsoleted by other documents at any 17 time. It is inappropriate to use Internet-Drafts as reference material 18 or to cite them other than as "work in progress." 20 To learn the current status of any Internet-Draft, please check the 21 "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow 22 Directories on ds.internic.net (US East Coast), nic.nordu.net (Europe), 23 ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim). 25 2. Abstract 27 This document provides an overview of the attribute types and object 28 classes defined by the ISO and ITU-T committees in the X.500 29 documents, in particular those intended for use by directory clients. 30 This is the most widely used schema for LDAP/X.500 directories, and 31 many other schema definitions for white pages objects use it as a 32 basis. This document does not cover attributes used for the 33 administration of X.500 directory servers, nor does it include 34 attributes defined by other ISO/ITU-T documents. 36 3. General Issues 38 This document references syntaxes given in section 6 of this document 39 and section 6 of [1]. Matching rules are listed in section 8 of this 40 document and section 8 of [1]. 42 The attribute type and object class definitions are written using the 43 BNF form of AttributeTypeDescription and ObjectClassDescription given 44 in [1]. Lines have been folded for readability. 46 4. Source 48 The schema definitions in this document are based on those found in 49 X.500 [2],[3],[4],[5], and updates to these documents, specifically: 51 Sections Source 52 ============ ============ 53 5.1 - 5.2 X.501(93) 54 5.3 - 5.36 X.520(88) 55 5.37 - 5.41 X.509(93) 56 5.42 - 5.52 X.520(93) 57 5.53 - 5.54 X.509(96) 58 5.55 X.520(96) 59 6.1 RFC 1274 60 6.2 (new syntax) 61 6.3 - 6.6 RFC 1274 62 7.1 - 7.2 X.501(93) 63 7.3 - 7.18 X.521(93) 64 7.19 - 7.21 X.509(96) 65 7.22 X.521(96) 67 Some attribute names are different from those found in X.520(93). 69 Three new attributes supportedAlgorithms, deltaRevocationList and 70 dmdName, and the objectClass dmd, are defined in the X.500(96) 71 documents. 73 5. Attribute Types 75 An LDAP server implementation SHOULD recognize the attribute types 76 described in this section. 78 5.1. objectClass 80 The values of the objectClass attribute describe the kind of object 81 which an entry represents. The objectClass attribute is present in 82 every entry, with at least two values. One of the values is either 83 "top" or "alias". 85 ( 2.5.4.0 NAME 'objectClass' EQUALITY objectIdentifierMatch 86 SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) 88 5.2. aliasedObjectName 90 The aliasedObjectName attribute is used by the directory service if 91 the entry containing this attribute is an alias. 93 ( 2.5.4.1 NAME 'aliasedObjectName' EQUALITY distinguishedNameMatch 94 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) 96 5.3. knowledgeInformation 98 This attribute is no longer used. 100 ( 2.5.4.2 NAME 'knowledgeInformation' EQUALITY caseIgnoreMatch 101 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) 103 5.4. cn 105 This is the X.500 commonName attribute, which contains a name of 106 an object. If the object corresponds to a person, it is typically the 107 person's full name. 109 ( 2.5.4.3 NAME 'cn' SUP name ) 111 5.5. sn 113 This is the X.500 surname attribute, which contains the family name of 114 a person. 116 ( 2.5.4.4 NAME 'sn' SUP name ) 118 5.6. serialNumber 120 This attribute contains the serial number of a device. 122 ( 2.5.4.5 NAME 'serialNumber' EQUALITY caseIgnoreMatch 123 SUBSTR caseIgnoreSubstringsMatch 124 SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) 126 5.7. c 128 This attribute contains a two-letter ISO 3166 country code 129 (countryName). 131 ( 2.5.4.6 NAME 'c' SUP name SINGLE-VALUE ) 133 5.8. l 135 This attribute contains the name of a locality, such as a city, 136 county or other geographic region (localityName). 138 ( 2.5.4.7 NAME 'l' SUP name ) 140 5.9. st 142 This attribute contains the full name of a state or province 143 (stateOrProvinceName). 145 ( 2.5.4.8 NAME 'st' SUP name ) 147 5.10. street 149 This attribute contains the physical address of the object to which 150 the entry corresponds, such as an address for package delivery 151 (streetAddress). 153 ( 2.5.4.9 NAME 'street' EQUALITY caseIgnoreMatch 154 SUBSTR caseIgnoreSubstringsMatch 155 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) 157 5.11. o 159 This attribute contains the name of an organization 160 (organizationName). 162 ( 2.5.4.10 NAME 'o' SUP name ) 164 5.12. ou 166 This attribute contains the name of an organizational unit 167 (organizationalUnitName). 169 ( 2.5.4.11 NAME 'ou' SUP name ) 171 5.13. title 173 This attribute contains the title, such as "Vice President", of a 174 person in their organizational context. The "personalTitle" 175 attribute would be used for a person's title independent of their 176 job function. 178 ( 2.5.4.12 NAME 'title' SUP name ) 180 5.14. description 182 This attribute contains a human-readable description of the object. 184 ( 2.5.4.13 NAME 'description' EQUALITY caseIgnoreMatch 185 SUBSTR caseIgnoreSubstringsMatch 186 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) 188 5.15. searchGuide 190 This attribute is for use by X.500 clients in constructing search 191 filters. It is obsoleted by enhancedSearchGuide, described below in 192 5.48. 194 ( 2.5.4.14 NAME 'searchGuide' 195 SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) 197 5.16. businessCategory 199 This attribute describes the kind of business performed by an 200 organization. 202 ( 2.5.4.15 NAME 'businessCategory' EQUALITY caseIgnoreMatch 203 SUBSTR caseIgnoreSubstringsMatch 204 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) 206 5.17. postalAddress 208 ( 2.5.4.16 NAME 'postalAddress' EQUALITY caseIgnoreListMatch 209 SUBSTR caseIgnoreListSubstringsMatch 210 SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) 212 5.18. postalCode 214 ( 2.5.4.17 NAME 'postalCode' EQUALITY caseIgnoreMatch 215 SUBSTR caseIgnoreSubstringsMatch 216 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) 218 5.19. postOfficeBox 220 ( 2.5.4.18 NAME 'postOfficeBox' EQUALITY caseIgnoreMatch 221 SUBSTR caseIgnoreSubstringsMatch 222 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) 224 5.20. physicalDeliveryOfficeName 226 ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' EQUALITY caseIgnoreMatch 227 SUBSTR caseIgnoreSubstringsMatch 228 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) 230 5.21. telephoneNumber 232 ( 2.5.4.20 NAME 'telephoneNumber' EQUALITY telephoneNumberMatch 233 SUBSTR telephoneNumberSubstringsMatch 234 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) 236 5.22. telexNumber 238 ( 2.5.4.21 NAME 'telexNumber' 239 SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) 241 5.23. teletexTerminalIdentifier 243 ( 2.5.4.22 NAME 'teletexTerminalIdentifier' 244 SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) 246 5.24. facsimileTelephoneNumber 248 ( 2.5.4.23 NAME 'facsimileTelephoneNumber' 249 SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ) 251 5.25. x121Address 253 ( 2.5.4.24 NAME 'x121Address' EQUALITY numericStringMatch 254 SUBSTR numericStringSubstringsMatch 255 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ) 257 5.26. internationaliSDNNumber 259 ( 2.5.4.25 NAME 'internationaliSDNNumber' EQUALITY numericStringMatch 260 SUBSTR numericStringSubstringsMatch 261 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) 263 5.27. registeredAddress 265 This attribute holds a postal address suitable for reception of 266 telegrams or expedited documents, where it is necessary to have the 267 recipient accept delivery. 269 ( 2.5.4.26 NAME 'registeredAddress' SUP postalAddress 270 SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) 272 5.28. destinationIndicator 274 This attribute is used for the telegram service. 276 ( 2.5.4.27 NAME 'destinationIndicator' EQUALITY caseIgnoreMatch 277 SUBSTR caseIgnoreSubstringsMatch 278 SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) 280 5.29. preferredDeliveryMethod 282 ( 2.5.4.28 NAME 'preferredDeliveryMethod' 283 SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 284 SINGLE-VALUE ) 286 5.30. presentationAddress 288 This attribute contains an OSI presentation address. 290 ( 2.5.4.29 NAME 'presentationAddress' 291 EQUALITY presentationAddressMatch 292 SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 293 SINGLE-VALUE ) 295 5.31. supportedApplicationContext 297 This attribute contains the identifiers of OSI application contexts. 299 ( 2.5.4.30 NAME 'supportedApplicationContext' 300 EQUALITY objectIdentifierMatch 301 SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) 303 5.32. member 305 ( 2.5.4.31 NAME 'member' SUP distinguishedName ) 307 5.33. owner 309 ( 2.5.4.32 NAME 'owner' SUP distinguishedName ) 311 5.34. roleOccupant 313 ( 2.5.4.33 NAME 'roleOccupant' SUP distinguishedName ) 315 5.35. seeAlso 317 ( 2.5.4.34 NAME 'seeAlso' SUP distinguishedName ) 319 5.36. userPassword 321 ( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch 322 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) 324 Passwords are stored using an Octet String syntax and are not 325 encrypted. Transfer of cleartext passwords are strongly discouraged 326 where the underlying transport service cannot guarantee 327 confidentiality and may result in disclosure of the password to 328 unauthorized parties. 330 5.37. userCertificate 332 This attribute is to be stored and requested in the binary form, as 333 'userCertificate;binary'. 335 ( 2.5.4.36 NAME 'userCertificate' 336 SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) 338 5.38. cACertificate 340 This attribute is to be stored and requested in the binary form, as 341 'cACertificate;binary'. 343 ( 2.5.4.37 NAME 'cACertificate' 344 SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) 346 5.39. authorityRevocationList 348 This attribute is to be stored and requested in the binary form, as 349 'authorityRevocationList;binary'. 351 ( 2.5.4.38 NAME 'authorityRevocationList' 352 SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) 354 5.40. certificateRevocationList 356 This attribute is to be stored and requested in the binary form, as 357 'certificateRevocationList;binary'. 359 ( 2.5.4.39 NAME 'certificateRevocationList' 360 SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) 362 5.41. crossCertificatePair 364 This attribute is to be stored and requested in the binary form, as 365 'crossCertificatePair;binary'. 367 ( 2.5.4.40 NAME 'crossCertificatePair' 368 SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 ) 370 5.42. name 372 The name attribute type is the attribute supertype from which string 373 attribute types typically used for naming may be formed. It is 374 unlikely that values of this type itself will occur in an entry. 375 LDAP server implementations which do not support attribute subtyping 376 need not recognize this attribute in requests. Client 377 implementations MUST NOT assume that LDAP servers are capable of 378 performing attribute subtyping. 380 ( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch 381 SUBSTR caseIgnoreSubstringsMatch 382 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) 384 5.43. givenName 386 The givenName attribute is used to hold the part of a person's name 387 which is not their surname nor middle name. 389 ( 2.5.4.42 NAME 'givenName' SUP name ) 391 5.44. initials 393 The initials attribute contains the initials of some or all of an 394 individuals names, but not the surname(s). 396 ( 2.5.4.43 NAME 'initials' SUP name ) 398 5.45. generationQualifier 400 The generationQualifier attribute contains the part of the name which 401 typically is the suffix, as in "IIIrd". 403 ( 2.5.4.44 NAME 'generationQualifier' SUP name ) 405 5.46. x500UniqueIdentifier 407 The x500UniqueIdentifier attribute is used to distinguish between 408 objects when a distinguished name has been reused. This is a 409 different attribute type from both the "uid" and "uniqueIdentifier" 410 types. 412 ( 2.5.4.45 NAME 'x500UniqueIdentifier' EQUALITY bitStringMatch 413 SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) 415 5.47. dnQualifier 417 The dnQualifier attribute type specifies disambiguating information to 418 add to the relative distinguished name of an entry. It is intended 419 for use when merging data from multiple sources in order to prevent 420 conflicts between entries which would otherwise have the same name. 421 It is recommended that the value of the dnQualifier attribute be the 422 same for all entries from a particular source. 424 ( 2.5.4.46 NAME 'dnQualifier' EQUALITY caseIgnoreMatch 425 ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch 426 SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) 428 5.48. enhancedSearchGuide 430 This attribute is for use by X.500 clients in constructing search 431 filters. 433 ( 2.5.4.47 NAME 'enhancedSearchGuide' 434 SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) 436 5.49. protocolInformation 438 This attribute is used in conjunction with the presentationAddress 439 attribute, to provide additional information to the OSI network 440 service. 442 ( 2.5.4.48 NAME 'protocolInformation' 443 EQUALITY protocolInformationMatch 444 SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 ) 446 5.50. distinguishedName 448 This attribute type is not used as the name of the object itself, but 449 it is instead a base type from which attributes with DN syntax 450 inherit. 452 It is unlikely that values of this type itself will occur in an entry. 453 LDAP server implementations which do not support attribute subtyping 454 need not recognize this attribute in requests. Client 455 implementations MUST NOT assume that LDAP servers are capable of 456 performing attribute subtyping. 458 ( 2.5.4.49 NAME 'distinguishedName' EQUALITY distinguishedNameMatch 459 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 461 5.51. uniqueMember 463 ( 2.5.4.50 NAME 'uniqueMember' EQUALITY uniqueMemberMatch 464 SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) 466 5.52. houseIdentifier 468 This attribute is used to identify a building within a location. 470 ( 2.5.4.51 NAME 'houseIdentifier' EQUALITY caseIgnoreMatch 471 SUBSTR caseIgnoreSubstringsMatch 472 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) 474 5.53. supportedAlgorithms 476 This attribute is to be stored and requested in the binary form, as 477 'supportedAlgorithms;binary'. 479 ( 2.5.4.52 NAME 'supportedAlgorithms' 480 SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) 482 5.54. deltaRevocationList 484 This attribute is to be stored and requested in the binary form, as 485 'deltaRevocationList;binary'. 487 ( 2.5.4.53 NAME 'deltaRevocationList' 488 SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) 490 5.55. dmdName 492 The value of this attribute specifies a directory management 493 domain (DMD), the administrative authority which operates the 494 directory server. 496 ( 2.5.4.54 NAME 'dmdName' SUP name ) 498 6. Syntaxes 500 Servers SHOULD recognize the syntaxes defined in this section. 501 Each syntax begins with a sample value of the ldapSyntaxes attribute 502 which defines the OBJECT IDENTIFIER of the syntax. The descriptions 503 of syntax names are not carried in protocol, and are not guaranteed 504 to be unique. 506 6.1. Delivery Method 508 ( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' ) 510 Values in this syntax are encoded according to the following BNF: 512 delivery-value = pdm / ( pdm whsp "$" whsp delivery-value ) 514 pdm = "any" / "mhs" / "physical" / "telex" / "teletex" / 515 "g3fax" / "g4fax" / "ia5" / "videotex" / "telephone" 517 Example: 519 telephone 521 6.2. Enhanced Guide 523 ( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' ) 525 Values in this syntax are encoded according to the following BNF: 527 EnhancedGuide = woid whsp "#" whsp criteria whsp "#" whsp subset 529 subset = "baseobject" / "oneLevel" / "wholeSubtree" 531 The criteria production is defined in the Guide syntax below. 532 This syntax has been added subsequent to RFC 1778. 534 Example: 536 person#(sn)#oneLevel 538 6.3. Guide 540 ( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' ) 542 Values in this syntax are encoded according to the following BNF: 544 guide-value = [ object-class "#" ] criteria 546 object-class = woid 548 criteria = criteria-item / criteria-set / ( "!" criteria ) 550 criteria-set = ( [ "(" ] criteria "&" criteria-set [ ")" ] ) / 551 ( [ "(" ] criteria "|" criteria-set [ ")" ] ) 553 criteria-item = [ "(" ] attributetype "$" match-type [ ")" ] 555 match-type = "EQ" / "SUBSTR" / "GE" / "LE" / "APPROX" 557 This syntax should not be used for defining new attributes. 559 6.4. Octet String 561 ( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'Octet String' ) 563 Values in this syntax are encoded as octet strings. 565 Example: 567 secret 569 6.5. Teletex Terminal Identifier 571 ( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'Teletex Terminal Identifier' ) 573 Values in this syntax are encoded according to the following BNF: 575 teletex-id = ttx-term 0*("$" ttx-param) 577 ttx-term = printablestring 579 ttx-param = ttx-key ":" ttx-value 581 ttx-key = "graphic" / "control" / "misc" / "page" / "private" 583 ttx-value = octetstring 585 In the above, the first printablestring is the encoding of the 586 first portion of the teletex terminal identifier to be encoded, and 587 the subsequent 0 or more octetstrings are subsequent portions 588 of the teletex terminal identifier. 590 6.6. Telex Number 592 ( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' ) 594 Values in this syntax are encoded according to the following BNF: 596 telex-number = actual-number "$" country "$" answerback 598 actual-number = printablestring 600 country = printablestring 602 answerback = printablestring 604 In the above, actual-number is the syntactic representation of the 605 number portion of the TELEX number being encoded, country is the 606 TELEX country code, and answerback is the answerback code of a 607 TELEX terminal. 609 6.7. Supported Algorithm 611 ( 1.3.6.1.4.1.1466.115.121.1.49 DESC 'Supported Algorithm' ) 613 No printable representation of values of the supportedAlgorithms 614 attribute is defined in this document. Clients which wish to store 615 and retrieve this attribute MUST use "supportedAlgorithms;binary", in 616 which the value is transferred as a binary encoding. 618 7. Object Classes 620 LDAP servers MUST recognize the object classes "top" and "subschema". 621 LDAP servers SHOULD recognize all the other object classes listed here 622 as values of the objectClass attribute. 624 7.1. top 626 ( 2.5.6.0 NAME 'top' ABSTRACT MUST objectClass ) 628 7.2. alias 630 ( 2.5.6.1 NAME 'alias' SUP top STRUCTURAL MUST aliasedObjectName ) 632 7.3. country 634 ( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c 635 MAY ( searchGuide $ description ) ) 637 7.4. locality 639 ( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL 640 MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) ) 642 7.5. organization 644 ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST o 645 MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ 646 x121Address $ registeredAddress $ destinationIndicator $ 647 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 648 telephoneNumber $ internationaliSDNNumber $ 649 facsimileTelephoneNumber $ 650 street $ postOfficeBox $ postalCode $ postalAddress $ 651 physicalDeliveryOfficeName $ st $ l $ description ) ) 653 7.6. organizationalUnit 655 ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST ou 656 MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ 657 x121Address $ registeredAddress $ destinationIndicator $ 658 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 659 telephoneNumber $ internationaliSDNNumber $ 660 facsimileTelephoneNumber $ 661 street $ postOfficeBox $ postalCode $ postalAddress $ 662 physicalDeliveryOfficeName $ st $ l $ description ) ) 664 7.7. person 666 ( 2.5.6.6 NAME 'person' SUP top STRUCTURAL MUST ( sn $ cn ) 667 MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ) 669 7.8. organizationalPerson 671 ( 2.5.6.7 NAME 'organizationalPerson' SUP person STRUCTURAL 672 MAY ( title $ x121Address $ registeredAddress $ 673 destinationIndicator $ 674 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 675 telephoneNumber $ internationaliSDNNumber $ 676 facsimileTelephoneNumber $ 677 street $ postOfficeBox $ postalCode $ postalAddress $ 678 physicalDeliveryOfficeName $ ou $ st $ l ) ) 680 7.9. organizationalRole 682 ( 2.5.6.8 NAME 'organizationalRole' SUP top STRUCTURAL MUST cn 683 MAY ( x121Address $ registeredAddress $ destinationIndicator $ 684 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 685 telephoneNumber $ internationaliSDNNumber $ 686 facsimileTelephoneNumber $ 687 seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ 688 postOfficeBox $ postalCode $ postalAddress $ 689 physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) 691 7.10. groupOfNames 693 ( 2.5.6.9 NAME 'groupOfNames' SUP top STRUCTURAL MUST ( member $ cn ) 694 MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) 696 7.11. residentialPerson 698 ( 2.5.6.10 NAME 'residentialPerson' SUP person STRUCTURAL MUST l 699 MAY ( businessCategory $ x121Address $ registeredAddress $ 700 destinationIndicator $ preferredDeliveryMethod $ telexNumber $ 701 teletexTerminalIdentifier $ telephoneNumber $ 702 internationaliSDNNumber $ 703 facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ 704 postOfficeBox $ postalCode $ postalAddress $ 705 physicalDeliveryOfficeName $ st $ l ) ) 707 7.12. applicationProcess 709 ( 2.5.6.11 NAME 'applicationProcess' SUP top STRUCTURAL MUST cn 710 MAY ( seeAlso $ ou $ l $ description ) ) 712 7.13. applicationEntity 714 ( 2.5.6.12 NAME 'applicationEntity' SUP top STRUCTURAL 715 MUST ( presentationAddress $ cn ) 716 MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ 717 description ) ) 719 7.14. dSA 721 ( 2.5.6.13 NAME 'dSA' SUP applicationEntity STRUCTURAL 722 MAY knowledgeInformation ) 724 7.15. device 726 ( 2.5.6.14 NAME 'device' SUP top STRUCTURAL MUST cn 727 MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) ) 729 7.16. strongAuthenticationUser 731 ( 2.5.6.15 NAME 'strongAuthenticationUser' SUP top AUXILIARY 732 MUST userCertificate ) 734 7.17. certificationAuthority 736 ( 2.5.6.16 NAME 'certificationAuthority' SUP top AUXILIARY 737 MUST ( authorityRevocationList $ certificateRevocationList $ 738 cACertificate ) MAY crossCertificatePair ) 740 7.18. groupOfUniqueNames 742 ( 2.5.6.17 NAME 'groupOfUniqueNames' SUP top STRUCTURAL 743 MUST ( uniqueMember $ cn ) 744 MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) 746 7.19. userSecurityInformation 748 ( 2.5.6.18 NAME 'userSecurityInformation' SUP top AUXILIARY 749 MAY ( supportedAlgorithms ) ) 751 7.20. certificationAuthority-V2 753 ( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP 754 certificationAuthority 755 AUXILIARY MAY ( deltaRevocationList ) ) 757 7.21. cRLDistributionPoint 759 ( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL 760 MUST ( cn ) MAY ( certificateRevocationList $ 761 authorityRevocationList $ 762 deltaRevocationList ) ) 764 7.22. dmd 766 ( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdName ) 767 MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ 768 x121Address $ registeredAddress $ destinationIndicator $ 769 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 770 telephoneNumber $ internationaliSDNNumber $ 771 facsimileTelephoneNumber $ 772 street $ postOfficeBox $ postalCode $ postalAddress $ 773 physicalDeliveryOfficeName $ st $ l $ description ) ) 775 8. Matching Rules 777 Servers MAY implement additional matching rules. 779 8.1. octetStringMatch 781 Servers which implement the extensibleMatch filter SHOULD allow 782 the matching rule listed in this section to be used in the 783 extensibleMatch. In general these servers SHOULD allow matching 784 rules to be used with all attribute types known to the server, when 785 the assertion syntax of the matching rule is the same as the value 786 syntax of the attribute. 788 ( 2.5.13.17 NAME 'octetStringMatch' 789 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) 791 9. Security Considerations 793 Attributes of directory entries are used to provide descriptive 794 information about the real-world objects they represent, which can 795 be people, organizations or devices. Most countries have privacy 796 laws regarding the publication of information about people. 798 Transfer of cleartext passwords are strongly discouraged where the 799 underlying transport service cannot guarantee confidentiality and may 800 result in disclosure of the password to unauthorized parties. 802 10. Acknowledgements 804 The definitions on which this document have been developed by 805 committees for telecommunications and international standards. 806 No new attribute definitions have been added. The syntax definitions 807 are based on the ISODE "QUIPU" implementation of X.500. 809 11. Bibliography 811 [1] M. Wahl, A. Coulbeck, T. Howes, S. Kille, 812 "Lightweight X.500 Directory Access Protocol Attribute Syntax 813 Definitions", INTERNET-DRAFT 814 , October 1997. 816 [2] The Directory: Models. ITU-T Recommendation X.501, 1996. 818 [3] The Directory: Authentication Framework. ITU-T Recommendation 819 X.509, 1996. 821 [4] The Directory: Selected Attribute Types. ITU-T Recommendation 822 X.520, 1996. 824 [5] The Directory: Selected Object Classes. ITU-T Recommendation 825 X.521, 1996. 827 12. Author's Address 829 Mark Wahl 830 Critical Angle Inc. 831 4815 West Braker Lane #502-385 832 Austin, TX 78759 833 USA 835 Phone: +1 512 372 3160 836 EMail: M.Wahl@critical-angle.com