idnits 2.17.1 draft-ietf-ldapbis-iana-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. ** The document is more than 15 pages and seems to lack a Table of Contents. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 5 instances of too long lines in the document, the longest one being 2 characters in excess of 72. == There are 121 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 742 has weird spacing: '...for the purpo...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (10 April 2001) is 8417 days in the past. Is this intentional? Checking references for intended status: Best Current Practice ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'LDAPTS' is mentioned on line 319, but not defined == Missing Reference: 'REF' is mentioned on line 388, but not defined == Missing Reference: 'RFC1274' is mentioned on line 611, but not defined ** Obsolete undefined reference: RFC 1274 (Obsoleted by RFC 4524) == Missing Reference: 'RFC2164' is mentioned on line 615, but not defined == Missing Reference: 'RFC2247' is mentioned on line 457, but not defined == Missing Reference: 'RFC2587' is mentioned on line 549, but not defined ** Obsolete undefined reference: RFC 2587 (Obsoleted by RFC 4523) == Missing Reference: 'RFC2293' is mentioned on line 602, but not defined == Missing Reference: 'RFC2589' is mentioned on line 465, but not defined == Missing Reference: 'RFC1488' is mentioned on line 489, but not defined ** Obsolete undefined reference: RFC 1488 (Obsoleted by RFC 1778) == Missing Reference: 'RFC2079' is mentioned on line 493, but not defined == Missing Reference: 'RFC2798' is mentioned on line 499, but not defined == Missing Reference: 'RFC2253' is mentioned on line 605, but not defined ** Obsolete undefined reference: RFC 2253 (Obsoleted by RFC 4510, RFC 4514) == Missing Reference: 'RFC2596' is mentioned on line 630, but not defined ** Obsolete undefined reference: RFC 2596 (Obsoleted by RFC 3866) == Missing Reference: 'RFC2829' is mentioned on line 727, but not defined ** Obsolete undefined reference: RFC 2829 (Obsoleted by RFC 4510, RFC 4513) == Missing Reference: 'RFC1777' is mentioned on line 726, but not defined ** Obsolete undefined reference: RFC 1777 (Obsoleted by RFC 3494) ** Obsolete normative reference: RFC 2222 (Obsoleted by RFC 4422, RFC 4752) ** Obsolete normative reference: RFC 2234 (Obsoleted by RFC 4234) ** Obsolete normative reference: RFC 2251 (Obsoleted by RFC 4510, RFC 4511, RFC 4512, RFC 4513) ** Obsolete normative reference: RFC 2252 (Obsoleted by RFC 4510, RFC 4512, RFC 4517, RFC 4523) ** Obsolete normative reference: RFC 2255 (Obsoleted by RFC 4510, RFC 4516) ** Obsolete normative reference: RFC 2256 (Obsoleted by RFC 4510, RFC 4512, RFC 4517, RFC 4519, RFC 4523) ** Obsolete normative reference: RFC 2279 (Obsoleted by RFC 3629) -- Duplicate reference: RFC2119, mentioned in 'RFC2434', was also mentioned in 'RFC2119'. Summary: 21 errors (**), 0 flaws (~~), 17 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT Editor: Kurt D. Zeilenga 3 Intended Category: BCP OpenLDAP Foundation 4 Expires: 10 October 2001 10 April 2001 6 IANA Considerations for LDAP 7 9 Status of Memo 11 This document is an Internet-Draft and is in full conformance with all 12 provisions of Section 10 of RFC2026. 14 This document is intended to be, after appropriate review and 15 revision, submitted to the RFC Editor as a Best Current Practice 16 document. Distribution of this memo is unlimited. Technical 17 discussion of this document will take place on the IETF LDAP Revision 18 Working Group (LDAPbis) mailing list . 19 Please send editorial comments directly to the document editor 20 . 22 Internet-Drafts are working documents of the Internet Engineering Task 23 Force (IETF), its areas, and its working groups. Note that other 24 groups may also distribute working documents as Internet-Drafts. 25 Internet-Drafts are draft documents valid for a maximum of six months 26 and may be updated, replaced, or obsoleted by other documents at any 27 time. It is inappropriate to use Internet-Drafts as reference 28 material or to cite them other than as ``work in progress.'' 30 The list of current Internet-Drafts can be accessed at 31 . The list of 32 Internet-Draft Shadow Directories can be accessed at 33 . 35 Copyright 2001, The Internet Society. All Rights Reserved. 37 Please see the Copyright section near the end of this document for 38 more information. 40 Abstract 42 This document provides procedures for registering extensible elements 43 of LDAP. The document also provides guidelines to IANA describing 44 conditions under which new values can be assigned. 46 1. Introduction 48 The Lightweight Directory Access Protocol [LDAPTS] (LDAP) is an 49 extensible protocol. LDAP supports: 50 - addition of new operations, 51 - extension of existing operations, and 52 - extensible schema. 54 This document details procedures for registering with values of used 55 to unambiguously identify extensible elements of the protocol 56 including: 57 - LDAP message types, 58 - LDAP result codes, 59 - LDAP authentication methods, 60 - LDAP attribute description options, and 61 - Object Identifiers descriptive names. 63 These registries are maintained by the Internet Assigned Numbers 64 Authority (IANA). 66 In addition, this document provides guidelines to IANA describing the 67 conditions under which new values can be assigned. 69 2. Terminology and Conventions 71 This section details terms and conventions are used in this document. 73 2.1. Policy Terminology 75 The terms "IESG Approval", "Standards Action", "IETF Consensus", 76 "Specification Required", "First Come First Served", "Expert Review", 77 and "Private Use" are used as defined in [RFC2434]. 79 2.2. Requirement Terminology 81 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 82 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 83 document are to be interpreted as described in [RFC2119]. 85 2.3. Common ABNF Productions 87 A number of syntaxes in this document are described using ABNF 88 [RFC2234]. These syntaxes rely on the following common productions: 90 ALPHA = %x41-5A / %61-7A ; A-Z / a-z 92 LDIGIT = %x31-39 ; 1-9 94 DIGIT = %x30 / ld ; 0-9 96 HYPHEN = %x2D ; "-" 98 PERIOD = %x2E ; "." 100 number = DIGIT / ( LDIGIT 1*DIGIT ) 102 keychar = ( ALPHA / DIGIT / HYPHEN ) 103 leadkeychar = ALPHA 105 keystring = leadkeychar *keychar 107 A keyword is case-insensitive UTF-8 [RFC2279] string restricted to the 108 keystring production. 110 3. IANA Considerations for LDAP 112 This section details each kind of protocol values which can be 113 registered and provides IANA guidelines on how to assign new values. 115 3.1. Object Identifiers 117 Numerous LDAP schema and protocol elements are identified by Object 118 Identifiers. Any properly delegated OID may be used including those 119 under "Internet Private Enterprise Numbers" (1.3.5.1.4.1.x) assigned 120 by IANA . 122 For IETF developed protocol and schema items, OIDS under "Internet 123 Directory Numbers" (1.3.6.1.1.x) MAY be used. IANA will assign 124 numbers under this OID arc upon Expert Review with Specification 125 Required. In general, only one OID per specification SHOULD be 126 assigned. The specification may then assign any number of OIDs within 127 this arc without further coordination with IANA. 129 3.2. Object Identifiers Descriptive Names 131 LDAP allows short descriptive names to be used instead of an numeric 132 Object Identifier to identify protocol extensions [RFC2251], schema 133 elements [RFC2252], protocol extensions, LDAP URL [RFC2255] 134 extensions, and other objects. These names SHALL be restricted to 135 case-insensitive UTF-8 strings limited by the following ABNF: 137 name = keystring 139 Multiple names MAY be assigned to a given OID. For purposes of 140 registration, an OID SHALL be represented in numeric OID form 141 conforming to the ABNF: 143 numericoid = number *( PERIOD number ) ; e.g. 1.1.0.23.40 145 While the protocol places no maximum length restriction upon 146 descriptive names, they SHOULD be short. IANA MAY refuse to register 147 any name over 48 characters in length. IANA MAY reject obviously 148 bogus registrations. 150 Names beginning with "x-" are for Private Use and SHALL NOT be 151 registered. 153 Names beginning with "e-" are reserved for experiments. IANA SHALL 154 register any name beginning with "e-" on a First Come First Served 155 basis. 157 Expert Review is REQUIRED before accepting registration of all other 158 names. 160 IANA SHALL NOT verify the registrant "owns" the OID being named. 162 The OID namespace is managed by The ISO/IEC Joint Technical Committee 163 1 - Subcommittee 6. 165 3.3. AttributeDescription Options 167 An AttributeDescription [RFC2251, Section 4.1.5] can contain zero or 168 options specifying additional semantics. An option SHALL be 169 restricted to case-insensitive UTF-8 string limited by the following 170 ABNF: 172 option = keystring 174 While the protocol places no maximum length restriction upon option 175 strings, they SHOULD be short. IANA MAY refuse to register any option 176 over 16 characters in length. IANA MAY reject obviously bogus 177 registrations. 179 Values ending with a hyphen ("-") reserve all option names which start 180 with the name. For example, the registration of the option 181 "optionFamily-" reserves all options which start with "optionFamily-" 182 for some related purpose. 184 Options beginning with "x-" are for Private Use and SHALL NOT 185 registered. 187 Options beginning with "e-" are reserved for experiments. IANA SHALL 188 register any option beginning with "e-" on a First Come First Served 189 basis. 191 IANA SHALL register other options by either Standards Action or Expert 192 Review with Specification Required. 194 3.4. LDAP Message Types 196 Each protocol message is encapsulated in an LDAPMessage envelope 197 [RFC2251, Section 4.1.1]. The protocolOp CHOICE indicates the type of 198 message encapsulated. Each message type consists of a keyword and a 199 non-negative choice number is combined with the class (APPLICATION) 200 and data type (CONSTRUCTED or PRIMITIVE) to construct the BER tag in 201 the message's encoding. The choice numbers for existing protocol 202 messages are implicit in the protocol's ASN.1 defined in [RFC2251]. 204 New values SHALL only be registered by Standards Track action. 206 Note: LDAP provides extensible messages which reduces, but does not 207 eliminate, the need to add new message types. 209 3.5. LDAP Result Codes 211 LDAP result messages carry an resultCode enumerated value to indicate 212 the outcome of the operation [RFC2251, Section 4.1.10]. Each result 213 code consists of a keyword and a non-negative integer. 215 IANA SHALL register new resultCode integers in the range 0-255 upon 216 Standards Action, in the range 256-1023 with Expert Review, and in the 217 range 1024-8191 on a First Come First Served basis. Keywords 218 associated with integers in the range 1024-8191 SHALL start with "e-". 219 Values greater than or equal to 8192 are for Private Use and SHALL NOT 220 be registered. 222 IANA MAY reject obviously bogus registrations. 224 3.6. LDAP Authentication Method 226 The LDAP Bind operation supports multiple authentication methods 228 [RFC2251, Section 4.2]. Each authentication choice consists of a 229 keyword and a non-negative integer. 231 Authentication methods usage SHALL be classified using one of the 232 following terms: 234 COMMON - method is appropriate for common use on the Internet, 235 LIMITED USE - method is appropriate for limited use. 236 OBSOLETE - method has been deprecated or otherwise found to be 237 inappropriate for any use. 239 IANA SHALL NOT register new OBSOLETE authentication methods. Methods 240 without publicly available specifications SHALL NOT be classified as 241 COMMON. IANA MAY reject obviously bogus registrations. 243 IANA SHALL register new authentication method integers in the range 244 0-255 upon Standards Action, in the range 256-1023 with Expert Review 245 with Specification Required, and in the range 1024-8191 on a First 246 Come First Served basis. Keywords associated with integers in the 247 range 1024-8191 SHALL start with "e-". Values greater than or equal 248 to 8192 are for Private Use and SHALL NOT be registered. 250 Note: LDAP supports SASL [RFC2222] as an Authentication CHOICE. SASL 251 is an extensible LDAP authentication method. 253 4. Registration Procedure 255 The procedure given here MUST be used by anyone who to use a new value 256 of a type described in Section 3 of this document which is not 257 currently registered with IANA. 259 The first step is for the request to fill out the appropriate form. 260 Templates are provided in Appendix A. 262 If the policy is Standards Action, the completed form SHOULD be 263 provided to the IESG with the request for Standards Action. Upon 264 approval of the Standards Action, the IESG SHALL forward the request 265 (possibly revised) to IANA. The IESG SHALL be viewed as the owner of 266 all values requiring Standards Action. 268 If the policy is Expert Review, the requester SHALL post the completed 269 form to the mailing list for public review. 270 The review period is two (2) weeks. If a revised form is later 271 submitted, the review period is restarted. Anyone may subscribe to 272 this list my sending a request to . 273 During the review, objections may be raised by anyone (including the 274 Expert) on the list. After completion of the review, the Expert, 275 based upon public comments, SHALL either approve the request and 276 forward it to the IESG OR deny the request. In either case, the 277 Expert SHALL promptly notify the requester of the action . Actions of 278 the Expert may be appealed [RFC2026]. The Expert is appointed by 279 Applications Area Director(s). The requestor is viewed is the owner 280 of values registered under Expert Review, but the IESG MAY assert 281 ownership in cases where the owner is not willing or able to make 282 necessary updates. 284 If the policy is First Come First Served, the requester SHALL submit 285 the completed form directly to the IESG . The 286 requestor is viewed is the owner of values registered under First Come 287 First Served, but the IESG MAY assert ownership in cases where the 288 owner is not willing or able to make necessary updates. 290 5. Registration Maintenance 292 This section discusses maintenance of registrations. 294 5.1. Lists of Registered Values 296 IANA makes lists of registered values readily available to the 297 Internet community on their web site . 299 5.2. Change Control 301 The registration owner MAY update the specification subject to the 302 same constraints and review as with new registrations. 304 5.3. Comments 306 For cases where others have significant objectiions to the claims in a 307 registration and the author does not agree to change the registration, 308 comments MAY be attached to registrations after Expert Review. For 309 registrations owned by the IESG, the objections SHOULD be addressed by 310 initiating a Change Control request. 312 6. Security Considerations 314 The security considerations detailed in [RFC2434] are generally 315 applicable to this document. Security considerations to each 316 namespace are discussed in Section 3. 318 Security considerations for LDAP are detailed in documents comprising 319 the technical specification [LDAPTS]. 321 7. Acknowledgment 323 This document is a product of the IETF LDAP Revision (LDAPbis) WG. 324 Some text was borrowed from "Guidelines for Writing an IANA 325 Considerations Section in RFCs" [RFC2434] by Thomas Narten and Harald 326 Alvestrand. 328 8. Author's Address 330 Kurt D. Zeilenga 331 OpenLDAP Foundation 333 Email: Kurt@OpenLDAP.org 335 9. References 337 [RFC2026] S. Bradner, "The Internet Standards Process -- Revision 3", 338 RFC 2026, October 1996. 340 [RFC2119] S. Bradner, "Key words for use in RFCs to Indicate 341 Requirement Levels", RFC 2119, March 1997. 343 [RFC2222] J. Myers, "Simple Authentication and Security Layer (SASL)", 344 RFC 2222, October 1997. 346 [RFC2234] D. Crocker, P. Overell, "Augmented BNF for Syntax 347 Specifications: ABNF", RFC 2234, November 1997. 349 [RFC2251] M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access 350 Protocol (v3)", RFC 2251, December 1997. 352 [RFC2252] M. Wahl, A. Coulbeck, T. Howes, S. Kille, "Lightweight 353 Directory Access Protocol (v3): Attribute Syntax 354 Definitions", RFC 2252, December 1997. 356 [RFC2255] T. Howes, M. Smith, "The LDAP URL Format", RFC 2255, 357 December, 1997. 359 [RFC2256] Wahl, M., "A Summary of the X.500(96) User Schema for use 360 with LDAPv3", RFC 2256, December 1997. 362 [RFC2279] F. Yergeau, "UTF-8, a transformation format of ISO 10646", 363 RFC 2279, January 1998. 365 [RFC2434] T. Narten, H. Alvestrand, "Guidelines for Writing an IANA 366 Considerations Section in RFCs", RFC 2119, October 1998. 368 Appendix A. Registration Templates 370 This appendix provides registration templates for registering new LDAP 371 values. <> 373 Appendix B. Assigned Values 375 The following values are currently assigned. 377 B.1. Object Identifiers 379 Currently registered "Internet Private Enterprise Numbers" can be 380 found at: 381 ftp://ftp.isi.edu/in-notes/iana/assignments/enterprise-numbers 383 Currently registered "Internet Directory Numbers" can be found at: 384 ftp://ftp.isi.edu/in-notes/iana/assignments/smi-numbers 386 B.2. Object Identifiers Descriptive Names 388 NAME Type OID [REF] 389 ------------------------ ---- ----------------- 390 account O 0.9.2342.19200300.100.4.5 [RFC1274] 391 alias O 2.5.6.1 [RFC2256] 392 aliasedObjectName T 2.5.4.1 [RFC2256] 393 altServer T 1.3.6.1.4.1.1466.101.120.6 [RFC2252] 394 applicationEntity O 2.5.6.12 [RFC2256] 395 applicationProcess O 2.5.6.11 [RFC2256] 396 aRecord T 0.9.2342.19200300.100.1.26 [RFC1274] 397 associatedDomain T 0.9.2342.19200300.100.1.37 [RFC2164] 398 associatedInternetGateway T 1.3.6.1.4.1.453.7.2.8 [RFC2164] 399 associatedName T 0.9.2342.19200300.100.1.38 [RFC1274] 400 associatedORAddress T 1.3.6.1.4.1.453.7.2.6 [RFC2164] 401 associatedX400Gateway T 1.3.6.1.4.1.453.7.2.3 [RFC2164] 402 attributeTypes T 2.5.21.5 [RFC2252] 403 audio T 0.9.2342.19200300.100.1.55 [RFC1274] 404 authorityRevocationList T 2.5.4.38 [RFC2256] 405 bitStringMatch M 2.5.13.16 [RFC2252] 406 buildingName T 0.9.2342.19200300.100.1.48 [RFC1274] 407 businessCategory T 2.5.4.15 [RFC2256] 408 C T 2.5.4.6 [RFC2256] 409 cACertificate T 2.5.4.37 [RFC2256] 410 caseExactIA5Match M 1.3.6.1.4.1.1466.109.114.1 [RFC2252] 411 caseIgnoreIA5Match M 1.3.6.1.4.1.1466.109.114.2 [RFC2252] 412 caseIgnoreListMatch M 2.5.13.11 [RFC2252] 413 caseIgnoreMatch M 2.5.13.2 [RFC2252] 414 caseIgnoreOrderingMatch M 2.5.13.3 [RFC2252] 415 caseIgnoreSubstringsMatch M 2.5.13.4 [RFC2252] 416 certificateRevocationList T 2.5.4.39 [RFC2256] 417 certificationAuthority O 2.5.6.16 [RFC2256] 418 certificationAuthority-V2 O 2.5.6.16.2 [RFC2256] 419 CN T 2.5.4.3 [RFC2256] 420 cNAMERecord T 0.9.2342.19200300.100.1.31 [RFC1274] 421 co T 0.9.2342.19200300.100.1.43 [RFC1274] 422 commonName T 2.5.4.3 [RFC2256] 423 country O 2.5.6.2 [RFC2256] 424 countryName T 2.5.4.6 [RFC2256] 425 createTimestamp T 2.5.18.1 [RFC2252] 426 creatorsName T 2.5.18.3 [RFC2252] 427 cRLDistributionPoint O 2.5.6.19 [RFC2256] 428 crossCertificatePair T 2.5.4.40 [RFC2256] 429 DC T 0.9.2342.19200300.100.1.25 [RFC2247] 430 dcObject O 1.3.6.1.4.1.1466.344 [RFC2247] 431 deltaCRL O 2.5.6.23 [RFC2587] 432 deltaRevocationList T 2.5.4.53 [RFC2256] 433 description T 2.5.4.13 [RFC2256] 434 destinationIndicator T 2.5.4.27 [RFC2256] 435 device O 2.5.6.14 [RFC2256] 436 distinguishedName T 2.5.4.49 [RFC2256] 437 distinguishedNameMatch M 2.5.13.1 [RFC2252] 438 distinguishedNameTableEntry O 1.3.6.1.4.1.453.7.1.5 [RFC2293] 439 distinguishedNameTableKey T 1.3.6.1.4.1.453.7.2.3 [RFC2293] 440 dITContentRules T 2.5.21.2 [RFC2252] 441 dITRedirect T 0.9.2342.19200300.100.1.54 [RFC1274] 442 dITStructureRules T 2.5.21.1 [RFC2252] 443 dmd O 2.5.6.20 [RFC2256] 444 dmdName T 2.5.4.54 [RFC2256] 445 dnQualifier T 2.5.4.46 [RFC2256] 446 dNSDomain O 0.9.2342.19200300.100.4.15 [RFC1274] 447 document O 0.9.2342.19200300.100.4.6 [RFC1274] 448 documentAuthor T 0.9.2342.19200300.100.1.14 [RFC1274] 449 documentIdentifier T 0.9.2342.19200300.100.1.11 [RFC1274] 450 documentLocation T 0.9.2342.19200300.100.1.15 [RFC1274] 451 documentPublisher T 0.9.2342.19200300.100.1.56 [RFC1274] 452 documentSeries O 0.9.2342.19200300.100.4.8 [RFC1274] 453 documentTitle T 0.9.2342.19200300.100.1.12 [RFC1274] 454 documentVersion T 0.9.2342.19200300.100.1.13 [RFC1274] 455 domain O 0.9.2342.19200300.100.4.13 [RFC2247] 456 domainComponent T 0.9.2342.19200300.100.1.25 [RFC2247] 457 domainNameForm N 1.3.6.1.4.1.1466.345 [RFC2247] 458 domainRelatedObject O 0.9.2342.19200300.100.4.17 [RFC1274] 459 drink T 0.9.2342.19200300.100.1.5 [RFC1274] 460 dSA O 2.5.6.13 [RFC2256] 461 dSAQuality T 0.9.2342.19200300.100.1.49 [RFC1274] 462 dynamicObject O 1.3.6.1.4.1.1466.101.119.2 [RFC2589] 463 dynamicSubtrees T 1.3.6.1.4.1.1466.101.119.4 [RFC2589] 464 enhancedSearchGuide T 2.5.4.47 [RFC2256] 465 entryTtl T 1.3.6.1.4.1.1466.101.119.3 [RFC2589] 466 extensibleObject O 1.3.6.1.4.1.1466.101.120.111 [RFC2252] 467 facsimileTelephoneNumber T 2.5.4.23 [RFC2256] 468 favouriteDrink T 0.9.2342.19200300.100.1.5 [RFC1274] 469 friendlyCountry O 0.9.2342.19200300.100.4.18 [RFC1274] 470 friendlyCountryName T 0.9.2342.19200300.100.1.43 [RFC1274] 471 generalizedTimeMatch M 2.5.13.27 [RFC2252] 472 generalizedTimeOrderingMatch M 2.5.13.28 [RFC2252] 473 generationQualifier T 2.5.4.44 [RFC2256] 474 givenName T 2.5.4.42 [RFC2256] 475 GN T 2.5.4.42 [RFC2256] 476 groupOfNames O 2.5.6.9 [RFC2256] 477 groupOfUniqueNames O 2.5.6.17 [RFC2256] 478 homePhone T 0.9.2342.19200300.100.1.20 [RFC1274] 479 homePostalAddress T 0.9.2342.19200300.100.1.39 [RFC1274] 480 homeTelephone T 0.9.2342.19200300.100.1.20 [RFC1274] 481 host T 0.9.2342.19200300.100.1.9 [RFC1274] 482 houseIdentifier T 2.5.4.51 [RFC2256] 483 info T 0.9.2342.19200300.100.1.4 [RFC1274] 484 initials T 2.5.4.43 [RFC2256] 485 integerFirstComponentMatch M 2.5.13.29 [RFC2252] 486 integerMatch M 2.5.13.14 [RFC2252] 487 internationaliSDNNumber T 2.5.4.25 [RFC2256] 488 janetMailbox T 0.9.2342.19200300.100.1.46 [RFC1274] 489 jpegPhoto T 0.9.2342.19200300.100.1.60 [RFC1488] 490 knowledgeInformation T 2.5.4.2 [RFC2256] 491 L T 2.5.4.7 [RFC2256] 492 labeledURI T 1.3.6.1.4.1.250.1.57 [RFC2079] 493 labeledURIObject T 1.3.6.1.4.1.250.3.15 [RFC2079] 494 lastModifiedBy T 0.9.2342.19200300.100.1.24 [RFC1274] 495 lastModifiedTime T 0.9.2342.19200300.100.1.23 [RFC1274] 496 ldapSyntaxes T 1.3.6.1.4.1.1466.101.120.16 [RFC2251] 497 locality O 2.5.6.3 [RFC2256] 498 localityName T 2.5.4.7 [RFC2256] 499 mail T 0.9.2342.19200300.100.1.3 [RFC2798] 500 mailPreferenceOption T 0.9.2342.19200300.100.1.47 [RFC1274] 501 manager T 0.9.2342.19200300.100.1.10 [RFC1274] 502 matchingRules T 2.5.21.4 [RFC2252] 503 matchingRuleUse T 2.5.21.8 [RFC2252] 504 mcgamTables T 1.3.6.1.4.1.453.7.2.9 [RFC2164] 505 mDRecord T 0.9.2342.19200300.100.1.27 [RFC1274] 506 member T 2.5.4.31 [RFC2256] 507 mixerGateway O 1.3.6.1.4.1.453.7.1.4 [RFC2164] 508 mobile T 0.9.2342.19200300.100.1.41 [RFC1274] 509 mobileTelephoneNumber T 0.9.2342.19200300.100.1.41 [RFC1274] 510 modifiersName T 2.5.18.4 [RFC2252] 511 modifyTimestamp T 2.5.18.2 [RFC2252] 512 mXRecord T 0.9.2342.19200300.100.1.28 [RFC1274] 513 name T 2.5.4.41 [RFC2256] 514 nameForms T 2.5.21.7 [RFC2252] 515 namingContexts T 1.3.6.1.4.1.1466.101.120.5 [RFC2252] 516 nSRecord T 0.9.2342.19200300.100.1.29 [RFC1274] 517 numericStringMatch M 2.5.13.8 [RFC2252] 518 numericStringSubstringsMatch M 2.5.13.10 [RFC2252] 519 O T 2.5.4.10 [RFC2256] 520 objectClass T 2.5.4.0 [RFC2256] 521 objectClasses T 2.5.21.6 [RFC2252] 522 objectIdentifierFirstComponentMatch M 2.5.13.30 [RFC2252] 523 objectIdentifiersMatch M 2.5.13.0 [RFC2252] 524 octetStringMatch M 2.5.13.17 [RFC2252] 525 omittedORAddressComponent O 1.3.6.1.4.1.453.7.1.3 [RFC2164] 526 oRAddressComponentType T 1.3.6.1.4.1.453.7.2.7 [RFC2164] 527 organization O 2.5.6.4 [RFC2256] 528 organizationalPerson O 2.5.6.7 [RFC2256] 529 organizationalRole O 2.5.6.8 [RFC2256] 530 organizationalStatus T 0.9.2342.19200300.100.1.45 [RFC1274] 531 organizationalUnit O 2.5.6.5 [RFC2256] 532 organizationalUnitName T 2.5.4.11 [RFC2256] 533 organizationName T 2.5.4.10 [RFC2256] 534 otherMailbox T 0.9.2342.19200300.100.1.22 [RFC1274] 535 OU T 2.5.4.11 [RFC2256] 536 owner T 2.5.4.32 [RFC2256] 537 pager T 0.9.2342.19200300.100.1.42 [RFC1274] 538 pagerTelephoneNumber T 0.9.2342.19200300.100.1.42 [RFC1274] 539 person O 2.5.6.6 [RFC2256] 540 personalSignature T 0.9.2342.19200300.100.1.53 [RFC1274] 541 personalTitle T 0.9.2342.19200300.100.1.40 [RFC1274] 542 photo T 0.9.2342.19200300.100.1.7 [RFC1274] 543 physicalDeliveryOfficeName T 2.5.4.19 [RFC2256] 544 pilotDSA O 0.9.2342.19200300.100.4.21 [RFC1274] 545 pilotObject O 0.9.2342.19200300.100.4.3 [RFC1274] 546 pilotOrganization O 0.9.2342.19200300.100.4.20 [RFC1274] 547 pilotPerson O 0.9.2342.19200300.100.4.4 [RFC1274] 548 pkiCA O 2.5.6.22 [RFC2587] 549 pkiUser O 2.5.6.21 [RFC2587] 550 postalAddress T 2.5.4.16 [RFC2256] 551 postalCode T 2.5.4.17 [RFC2256] 552 postOfficeBox T 2.5.4.18 [RFC2256] 553 preferredDeliveryMethod T 2.5.4.28 [RFC2256] 554 presentationAddress T 2.5.4.29 [RFC2256] 555 presentationAddressMatch M 2.5.13.22 [RFC2252] 556 protocolInformation T 2.5.4.48 [RFC2256] 557 protocolInformationMatch M 2.5.13.24 [RFC2252] 558 qualityLabelledData O 0.9.2342.19200300.100.4.22 [RFC1274] 559 registeredAddress T 2.5.4.26 [RFC2256] 560 residentialPerson O 2.5.6.10 [RFC2256] 561 RFC822LocalPart O 0.9.2342.19200300.100.4.14 [RFC1274] 562 RFC822Mailbox T 0.9.2342.19200300.100.1.3 [RFC1274] 563 rFC822ToX400Mapping O 1.3.6.1.4.1.453.7.1.1 [RFC2164] 564 roleOccupant T 2.5.4.33 [RFC2256] 565 room O 0.9.2342.19200300.100.4.7 [RFC1274] 566 roomNumber T 0.9.2342.19200300.100.1.6 [RFC1274] 567 searchGuide T 2.5.4.14 [RFC2256] 568 secretary T 0.9.2342.19200300.100.1.21 [RFC1274] 569 seeAlso T 2.5.4.34 [RFC2256] 570 serialNumber T 2.5.4.5 [RFC2256] 571 simpleSecurityObject O 0.9.2342.19200300.100.4.19 [RFC1274] 572 singleLevelQuality T 0.9.2342.19200300.100.1.50 [RFC1274] 573 SN T 2.5.4.4 [RFC2256] 574 sOARecord T 0.9.2342.19200300.100.1.30 [RFC1274] 575 ST T 2.5.4.8 [RFC2256] 576 stateOrProvinceName T 2.5.4.8 [RFC2256] 577 street T 2.5.4.9 [RFC2256] 578 streetAddress T 2.5.4.9 [RFC2256] 579 strongAuthenticationUser O 2.5.6.15 [RFC2256] 580 subschema O 2.5.20.1 [RFC2252] 581 subschemaSubentry T 2.5.18.10 [RFC2252] 582 subtree O 1.3.6.1.4.1.453.7.1.1 [RFC2293] 583 subtreeMaximumQuality T 0.9.2342.19200300.100.1.52 [RFC1274] 584 subtreeMinimumQuality T 0.9.2342.19200300.100.1.51 [RFC1274] 585 supportedAlgorithms T 2.5.4.52 [RFC2256] 586 supportedApplicationContext T 2.5.4.30 [RFC2256] 587 supportedControl T 1.3.6.1.4.1.1466.101.120.13 [RFC2252] 588 supportedExtension T 1.3.6.1.4.1.1466.101.120.7 [RFC2252] 589 supportedLDAPVersion T 1.3.6.1.4.1.1466.101.120.15 [RFC2252] 590 supportedSASLMechanisms T 1.3.6.1.4.1.1466.101.120.14 [RFC2252] 591 surname T 2.5.4.4 [RFC2256] 592 table O 1.3.6.1.4.1.453.7.1.2 [RFC2293] 593 tableEntry O 1.3.6.1.4.1.453.7.1.3 [RFC2293] 594 telephoneNumber T 2.5.4.20 [RFC2256] 595 telephoneNumberMatch M 2.5.13.20 [RFC2252] 596 telephoneNumberSubstringsMatch M 2.5.13.21 [RFC2252] 597 teletexTerminalIdentifier T 2.5.4.22 [RFC2256] 598 telexNumber T 2.5.4.21 [RFC2256] 599 textEncodedORAddress T 0.9.2342.19200300.100.1.2 [RFC1274] 600 textTableEntry O 1.3.6.1.4.1.453.7.1.4 [RFC2293] 601 textTableKey T 1.3.6.1.4.1.453.7.2.1 [RFC2293] 602 textTableValue T 1.3.6.1.4.1.453.7.2.2 [RFC2293] 603 title T 2.5.4.12 [RFC2256] 604 top O 2.5.6.0 [RFC2256] 605 uid T 0.9.2342.19200300.100.1.1 [RFC2253] 606 uniqueIdentifier T 0.9.2342.19200300.100.1.44 [RFC1274] 607 uniqueMember T 2.5.4.50 [RFC2256] 608 uniqueMemberMatch M 2.5.13.23 [RFC2252] 609 userCertificate T 2.5.4.36 [RFC2256] 610 userClass T 0.9.2342.19200300.100.1.8 [RFC1274] 611 userId T 0.9.2342.19200300.100.1.1 [RFC1274] 612 userPassword T 2.5.4.35 [RFC2256] 613 userSecurityInformation O 2.5.6.18 [RFC2256] 614 x121Address T 2.5.4.24 [RFC2256] 615 x400ToRFC822Mapping O 1.3.6.1.4.1.453.7.1.2 [RFC2164] 616 x500UniqueIdentifier T 2.5.4.45 [RFC2256] 618 Legend 619 ----------------------- 620 M => Matching Rule 621 O => Object Class 622 U => LDAP URL Extension 623 T => Attribute Type 625 B.3. Attribute Description Options 627 Option Owner Reference 628 ------ ----- --------- 629 binary IESG [RFC2251] 630 lang-* IESG [RFC2596] 632 * family of options 634 B.4. LDAPMessage types 636 Name Code Owner Reference 637 --------------------------- ---- ----- --------- 638 bindRequest 0 IESG [RFC2251] 639 bindResponse 1 IESG [RFC2251] 640 unbindRequest 2 IESG [RFC2251] 641 searchRequest 3 IESG [RFC2251] 642 searchResEntry 4 IESG [RFC2251] 643 searchResDone 5 IESG [RFC2251] 644 modifyRequest 6 IESG [RFC2251] 645 modifyResponse 7 IESG [RFC2251] 646 addRequest 8 IESG [RFC2251] 647 addResponse 9 IESG [RFC2251] 648 delRequest 10 IESG [RFC2251] 649 delResponse 11 IESG [RFC2251] 650 modDNRequest 12 IESG [RFC2251] 651 modDNResponse 13 IESG [RFC2251] 652 compareRequest 14 IESG [RFC2251] 653 compareResponse 15 IESG [RFC2251] 654 abandonRequest 16 IESG [RFC2251] 655 reserved 17-18 IESG 656 searchResRef 19 IESG [RFC2251] 657 reserved 20-22 IESG 658 extendedReq 23 IESG [RFC2251] 659 extendedResp 24 IESG [RFC2251] 661 B.5. resultCode values 663 Name Code Owner Reference 664 --------------------------- ---- ----- --------- 665 success 0 IESG [RFC2251] 666 operationsError 1 IESG [RFC2251] 667 protocolError 2 IESG [RFC2251] 668 timeLimitExceeded 3 IESG [RFC2251] 669 sizeLimitExceeded 4 IESG [RFC2251] 670 compareFalse 5 IESG [RFC2251] 671 compareTrue 6 IESG [RFC2251] 672 authMethodNotSupported 7 IESG [RFC2251] 673 strongAuthRequired 8 IESG [RFC2251] 674 reserved (partialResults) 9 IESG [RFC2251] 675 referral 10 IESG [RFC2251] 676 adminLimitExceeded 11 IESG [RFC2251] 677 unavailableCriticalExtension 12 IESG [RFC2251] 678 confidentialityRequired 13 IESG [RFC2251] 679 saslBindInProgress 14 IESG [RFC2251] 680 noSuchAttribute 16 IESG [RFC2251] 681 undefinedAttributeType 17 IESG [RFC2251] 682 inappropriateMatching 18 IESG [RFC2251] 683 constraintViolation 19 IESG [RFC2251] 684 attributeOrValueExists 20 IESG [RFC2251] 685 invalidAttributeSyntax 21 IESG [RFC2251] 686 noSuchObject 32 IESG [RFC2251] 687 aliasProblem 33 IESG [RFC2251] 688 invalidDNSyntax 34 IESG [RFC2251] 689 reserved (isLeaf) 35 IESG [RFC2251] 690 aliasDereferencingProblem 36 IESG [RFC2251] 691 reserved 37-47 IESG 692 inappropriateAuthentication 48 IESG [RFC2251] 693 invalidCredentials 49 IESG [RFC2251] 694 insufficientAccessRights 50 IESG [RFC2251] 695 busy 51 IESG [RFC2251] 696 unavailable 52 IESG [RFC2251] 697 unwillingToPerform 53 IESG [RFC2251] 698 loopDetect 54 IESG [RFC2251] 699 reserved 55-63 IESG 700 namingViolation 64 IESG [RFC2251] 701 objectClassViolation 65 IESG [RFC2251] 702 notAllowedOnNonLeaf 66 IESG [RFC2251] 703 notAllowedOnRDN 67 IESG [RFC2251] 704 entryAlreadyExists 68 IESG [RFC2251] 705 objectClassModsProhibited 69 IESG [RFC2251] 706 reserved (resultsTooLarge) 70 IESG [RFC2251] 707 reserved 71-79 IESG 708 other 80 IESG [RFC2251] 709 reserved (APIs) 81 IESG [RFC2251] 710 reserved (APIs) 82 IESG [RFC2251] 711 reserved (APIs) 83 IESG [RFC2251] 712 reserved (APIs) 84 IESG [RFC2251] 713 reserved (APIs) 85 IESG [RFC2251] 714 reserved (APIs) 86 IESG [RFC2251] 715 reserved (APIs) 87 IESG [RFC2251] 716 reserved (APIs) 88 IESG [RFC2251] 717 reserved (APIs) 89 IESG [RFC2251] 718 reserved (APIs) 90 IESG [RFC2251] 720 B.6. Bind Authentication Method 722 Method Value Owner Usage Reference 723 ------ ----- ----- ----------- ----------------- 724 simple 0 IESG LIMITED USE [RFC2251,RFC2829] 725 krbv42LDAP 1 IESG OBSOLETE* [RFC1777] 726 krbv42DSA 2 IESG OBSOLETE* [RFC1777] 727 sasl 3 IESG COMMON [RFC2251,RFC2829] 729 * These LDAPv2-only mechanisms were deprecated in favor LDAPv3 SASL 730 authentication method, specifically the GSSAPI mechanism. 732 Copyright 2001, The Internet Society. All Rights Reserved. 734 This document and translations of it may be copied and furnished to 735 others, and derivative works that comment on or otherwise explain it 736 or assist in its implementation may be prepared, copied, published and 737 distributed, in whole or in part, without restriction of any kind, 738 provided that the above copyright notice and this paragraph are 739 included on all such copies and derivative works. However, this 740 document itself may not be modified in any way, such as by removing 741 the copyright notice or references to the Internet Society or other 742 Internet organizations, except as needed for the purpose of 743 developing Internet standards in which case the procedures for 744 copyrights defined in the Internet Standards process must be followed, 745 or as required to translate it into languages other than English. 747 The limited permissions granted above are perpetual and will not be 748 revoked by the Internet Society or its successors or assigns. 750 This document and the information contained herein is provided on an 751 "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE INTERNET 752 ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, 753 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 754 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 755 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.