idnits 2.17.1 draft-ietf-ldapbis-iana-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. ** The document is more than 15 pages and seems to lack a Table of Contents. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 5 instances of too long lines in the document, the longest one being 2 characters in excess of 72. == There are 122 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 866 has weird spacing: '...for the purpo...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (20 July 2001) is 8315 days in the past. Is this intentional? Checking references for intended status: Best Current Practice ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'LDAPTS' is mentioned on line 338, but not defined == Missing Reference: 'IANADSN' is mentioned on line 256, but not defined == Missing Reference: 'RFC 1779' is mentioned on line 258, but not defined ** Obsolete undefined reference: RFC 1779 (Obsoleted by RFC 2253, RFC 3494) == Missing Reference: 'REF' is mentioned on line 509, but not defined == Missing Reference: 'RFC1274' is mentioned on line 742, but not defined ** Obsolete undefined reference: RFC 1274 (Obsoleted by RFC 4524) == Missing Reference: 'RFC2164' is mentioned on line 746, but not defined == Missing Reference: 'RFC2739' is mentioned on line 540, but not defined == Missing Reference: 'RFC2247' is mentioned on line 588, but not defined == Missing Reference: 'RFC2587' is mentioned on line 680, but not defined ** Obsolete undefined reference: RFC 2587 (Obsoleted by RFC 4523) == Missing Reference: 'RFC2293' is mentioned on line 733, but not defined == Missing Reference: 'RFC2589' is mentioned on line 596, but not defined == Missing Reference: 'RFC1488' is mentioned on line 620, but not defined ** Obsolete undefined reference: RFC 1488 (Obsoleted by RFC 1778) == Missing Reference: 'RFC2079' is mentioned on line 624, but not defined == Missing Reference: 'RFC2798' is mentioned on line 630, but not defined == Missing Reference: 'RFC2253' is mentioned on line 736, but not defined ** Obsolete undefined reference: RFC 2253 (Obsoleted by RFC 4510, RFC 4514) == Missing Reference: 'RFC2596' is mentioned on line 763, but not defined ** Obsolete undefined reference: RFC 2596 (Obsoleted by RFC 3866) == Missing Reference: 'RFC2829' is mentioned on line 851, but not defined ** Obsolete undefined reference: RFC 2829 (Obsoleted by RFC 4510, RFC 4513) == Missing Reference: 'RFC1777' is mentioned on line 850, but not defined ** Obsolete undefined reference: RFC 1777 (Obsoleted by RFC 3494) ** Obsolete normative reference: RFC 2222 (Obsoleted by RFC 4422, RFC 4752) ** Obsolete normative reference: RFC 2234 (Obsoleted by RFC 4234) ** Obsolete normative reference: RFC 2251 (Obsoleted by RFC 4510, RFC 4511, RFC 4512, RFC 4513) ** Obsolete normative reference: RFC 2252 (Obsoleted by RFC 4510, RFC 4512, RFC 4517, RFC 4523) ** Obsolete normative reference: RFC 2255 (Obsoleted by RFC 4510, RFC 4516) ** Obsolete normative reference: RFC 2256 (Obsoleted by RFC 4510, RFC 4512, RFC 4517, RFC 4519, RFC 4523) ** Obsolete normative reference: RFC 2279 (Obsoleted by RFC 3629) -- Duplicate reference: RFC2119, mentioned in 'RFC2434', was also mentioned in 'RFC2119'. Summary: 22 errors (**), 0 flaws (~~), 20 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT Kurt D. Zeilenga 3 Intended Category: BCP OpenLDAP Foundation 4 Expires: 20 January 2002 20 July 2001 6 IANA Considerations for LDAP 7 9 Status of Memo 11 This document is an Internet-Draft and is in full conformance with all 12 provisions of Section 10 of RFC2026. 14 This document is intended to be, after appropriate review and 15 revision, submitted to the RFC Editor as a Best Current Practice 16 document. Distribution of this memo is unlimited. Technical 17 discussion of this document will take place on the IETF LDAP Revision 18 Working Group (LDAPbis) mailing list . 19 Please send editorial comments directly to the document editor 20 . 22 Internet-Drafts are working documents of the Internet Engineering Task 23 Force (IETF), its areas, and its working groups. Note that other 24 groups may also distribute working documents as Internet-Drafts. 25 Internet-Drafts are draft documents valid for a maximum of six months 26 and may be updated, replaced, or obsoleted by other documents at any 27 time. It is inappropriate to use Internet-Drafts as reference 28 material or to cite them other than as ``work in progress.'' 30 The list of current Internet-Drafts can be accessed at 31 . The list of 32 Internet-Draft Shadow Directories can be accessed at 33 . 35 Copyright 2001, The Internet Society. All Rights Reserved. 37 Please see the Copyright section near the end of this document for 38 more information. 40 Abstract 42 This document provides procedures for registering extensible elements 43 of LDAP. The document also provides guidelines to IANA describing 44 conditions under which new values can be assigned. 46 1. Introduction 48 The Lightweight Directory Access Protocol [LDAPTS] (LDAP) is an 49 extensible protocol. LDAP supports: 50 - addition of new operations, 51 - extension of existing operations, and 52 - extensible schema. 54 This document details procedures for registering values of used to 55 unambiguously identify extensible elements of the protocol including: 56 - LDAP message types, 57 - LDAP result codes, 58 - LDAP authentication methods, 59 - LDAP attribute description options, and 60 - Object Identifiers' descriptors. 62 These registries are maintained by the Internet Assigned Numbers 63 Authority (IANA). 65 In addition, this document provides guidelines to IANA describing the 66 conditions under which new values can be assigned. 68 2. Terminology and Conventions 70 This section details terms and conventions used in this document. 72 2.1. Policy Terminology 74 The terms "IESG Approval", "Standards Action", "IETF Consensus", 75 "Specification Required", "First Come First Served", "Expert Review", 76 and "Private Use" are used as defined in [RFC2434]. 78 2.2. Requirement Terminology 80 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 81 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 82 document are to be interpreted as described in [RFC2119]. 84 2.3. Common ABNF Productions 86 A number of syntaxes in this document are described using ABNF 87 [RFC2234]. These syntaxes rely on the following common productions: 89 ALPHA = %x41-5A / %x61-7A ; A-Z / a-z 90 LDIGIT = %x31-39 ; 1-9 92 DIGIT = %x30 / LDIGIT ; 0-9 94 HYPHEN = %x2D ; "-" 96 PERIOD = %x2E ; "." 98 number = DIGIT / ( LDIGIT 1*DIGIT ) 100 keychar = ( ALPHA / DIGIT / HYPHEN ) 101 leadkeychar = ALPHA 103 keystring = leadkeychar *keychar 105 A keyword is UTF-8 [RFC2279] case-insensitive string restricted to the 106 keystring production. 108 3. IANA Considerations for LDAP 110 This section details each kind of protocol value which can be 111 registered and provides IANA guidelines on how to assign new values. 113 3.1. Object Identifiers 115 Numerous LDAP schema and protocol elements are identified by Object 116 Identifiers. Any properly delegated OID MAY be used, including those 117 under "Internet Private Enterprise Numbers" (1.3.5.1.4.1.x) assigned 118 by IANA . 120 For IETF developed protocol and schema elements, OIDs under "Internet 121 Directory Numbers" (1.3.6.1.1.x) MAY be used. IANA will assign 122 numbers under this OID arc upon Expert Review with Specification 123 Required. In general, only one OID per specification SHOULD be 124 assigned. The specification may then assign any number of OIDs within 125 this arc without further coordination with IANA. 127 3.2. Object Identifiers Descriptors 129 LDAP allows short descriptive names (or descriptors) to be used 130 instead of a numeric Object Identifier to identify protocol extensions 131 [RFC2251], schema elements [RFC2252], protocol extensions, LDAP URL 132 [RFC2255] extensions, and other objects. Descriptors SHALL be 133 restricted to UTF-8 case-insensitive strings limited by the following 134 ABNF: 136 name = keystring 138 Multiple names MAY be assigned to a given OID. For purposes of 139 registration, an OID SHALL be represented in numeric OID form 140 conforming to the ABNF: 142 numericoid = number *( PERIOD number ) ; e.g. 1.1.0.23.40 144 While the protocol places no maximum length restriction upon 145 descriptor, they SHOULD be short. IANA MAY refuse to register any 146 descriptor over 48 characters in length. IANA MAY reject obviously 147 bogus registrations. 149 Descriptors beginning with "x-" are for Private Use and SHALL NOT be 150 registered. 152 Descriptors beginning with "e-" are reserved for experiments. IANA 153 SHALL register any descriptor beginning with "e-" on a First Come 154 First Served basis. 156 Expert Review is REQUIRED before accepting registration of all other 157 descriptors. 159 IANA SHALL NOT verify the registrant "owns" the OID being named. 161 The OID namespace is managed by The ISO/IEC Joint Technical Committee 162 1 - Subcommittee 6. 164 3.3. AttributeDescription Options 166 An AttributeDescription [RFC2251, Section 4.1.5] can contain zero or 167 more options specifying additional semantics. An option SHALL be 168 restricted to UTF-8 case-insensitive string limited by the following 169 ABNF: 171 option = keystring 173 While the protocol places no maximum length restriction upon option 174 strings, they SHOULD be short. IANA MAY refuse to register any option 175 over 16 characters in length. IANA MAY reject obviously bogus 176 registrations. 178 Values ending with a hyphen ("-") reserve all option names which start 179 with the name. For example, the registration of the option 180 "optionFamily-" reserves all options which start with "optionFamily-" 181 for some related purpose. 183 Options beginning with "x-" are for Private Use and SHALL NOT 184 registered. 186 Options beginning with "e-" are reserved for experiments. IANA SHALL 187 register any option beginning with "e-" on a First Come First Served 188 basis. 190 IANA SHALL register other options by either Standards Action or Expert 191 Review with Specification Required. 193 3.4. LDAP Message Types 195 Each protocol message is encapsulated in an LDAPMessage envelope 196 [RFC2251, Section 4.1.1]. The protocolOp CHOICE indicates the type of 197 message encapsulated. Each message type consists of a keyword and a 198 non-negative choice number is combined with the class (APPLICATION) 199 and data type (CONSTRUCTED or PRIMITIVE) to construct the BER tag in 200 the message's encoding. The choice numbers for existing protocol 201 messages are implicit in the protocol's ASN.1 defined in [RFC2251]. 203 New values SHALL only be registered by Standards Track action. 205 Note: LDAP provides extensible messages which reduces, but does not 206 eliminate, the need to add new message types. 208 3.5. LDAP Result Codes 210 LDAP result messages carry an resultCode enumerated value to indicate 211 the outcome of the operation [RFC2251, Section 4.1.10]. Each result 212 code consists of a keyword and a non-negative integer. 214 IANA SHALL register new resultCode integers in the range 0-255 upon 215 Standards Action, in the range 256-1023 with Expert Review, and in the 216 range 1024-8191 on a First Come First Served basis. Keywords 217 associated with integers in the range 0-1023 SHALL NOT start with "e-" 218 or "x- the range 1024-8191 SHALL start with "e-". Values greater than 219 or equal to 8192 and keywords starting with "x-" are for Private Use 220 and SHALL NOT be registered. 222 IANA MAY reject obviously bogus registrations. 224 3.6. LDAP Authentication Method 226 The LDAP Bind operation supports multiple authentication methods 227 [RFC2251, Section 4.2]. Each authentication choice consists of a 228 keyword and a non-negative integer. 230 Authentication methods usage SHALL be classified using one of the 231 following terms: 233 COMMON - method is appropriate for common use on the Internet, 234 LIMITED USE - method is appropriate for limited use. 235 OBSOLETE - method has been deprecated or otherwise found to be 236 inappropriate for any use. 238 IANA SHALL NOT register new OBSOLETE authentication methods. Methods 239 without publicly available specifications SHALL NOT be classified as 240 COMMON. IANA MAY reject obviously bogus registrations. 242 IANA SHALL register new authentication method integers in the range 243 0-255 upon Standards Action, in the range 256-1023 with Expert Review 244 with Specification Required, and in the range 1024-8191 on a First 245 Come First Served basis. Keywords associated with integers in the 246 range 0-1023 SHALL NOT start with "e-" or "x-". Keywords associated 247 with integers in the range 1024-8191 SHALL start with "e-". Values 248 greater than or equal to 8192 and keywords starting with "x-" are for 249 Private Use and SHALL NOT be registered. 251 Note: LDAP supports SASL [RFC2222] as an Authentication CHOICE. SASL 252 is an extensible LDAP authentication method. 254 3.7. Directory Systems Names 256 The IANA-maintained "Directory Systems Names" registry [IANADSN] of 257 valid keywords for well known attributes used in the LDAPv2 string 258 represention of a distinguished name [RFC 1779]. RFC 1779 was 259 obsoleted by RFC 2253. 261 Directory systems names are not known to be used in any other context. 262 LDAPv3 uses Object Identifier Descriptors [Section 3.2] (which have a 263 different syntax than directory system names). 265 IANA SHALL NOT register new Directory System Names. For historical 266 purposes, the current list of registrated names SHOULD be remain 267 available. 269 4. Registration Procedure 271 The procedure given here MUST be used by anyone who wishes to use a 272 new value of a type described in Section 3 of this document. 274 The first step is for the requester to fill out the appropriate form. 276 Templates are provided in Appendix A. 278 If the policy is Standards Action, the completed form SHOULD be 279 provided to the IESG with the request for Standards Action. Upon 280 approval of the Standards Action, the IESG SHALL forward the request 281 (possibly revised) to IANA. The IESG SHALL be viewed as the owner of 282 all values requiring Standards Action. 284 If the policy is Expert Review, the requester SHALL post the completed 285 form to the mailing list for public review. 286 The review period is two (2) weeks. If a revised form is later 287 submitted, the review period is restarted. Anyone may subscribe to 288 this list by sending a request to . 289 During the review, objections may be raised by anyone (including the 290 Expert) on the list. After completion of the review, the Expert, 291 based upon public comments, SHALL either approve the request and 292 forward it to the IESG OR deny the request. In either case, the 293 Expert SHALL promptly notify the requester of the action . Actions of 294 the Expert may be appealed [RFC2026]. The Expert is appointed by 295 Applications Area Director(s). The requester is viewed is the owner 296 of values registered under Expert Review. 298 If the policy is First Come First Served, the requester SHALL submit 299 the completed form directly to the IANA . The 300 requester is viewed is the owner of values registered under First Come 301 First Served. 303 Neither the Expert nor IANA will take position on the claims of 304 copyright or trademarks issues regarding completed forms. 306 5. Registration Maintenance 308 This section discusses maintenance of registrations. 310 5.1. Lists of Registered Values 312 IANA makes lists of registered values readily available to the 313 Internet community on their web site . 315 5.2. Change Control 317 The registration owner MAY update the specification subject to the 318 same constraints and review as with new registrations. The IESG MAY 319 assert ownership in cases where the owner is not willing or able to 320 make necessary updates. 322 5.3. Comments 324 For cases where others have significant objections to the claims in a 325 registration and the author does not agree to change the registration, 326 comments MAY be attached to registrations after Expert Review. For 327 registrations owned by the IESG, the objections SHOULD be addressed by 328 initiating a Change Control request. 330 6. Security Considerations 332 The security considerations detailed in [RFC2434] are generally 333 applicable to this document. Additional security considerations 334 specific to each namespace are discussed in Section 3 where 335 appropriate. 337 Security considerations for LDAP are detailed in documents comprising 338 the technical specification [LDAPTS]. 340 7. Acknowledgment 342 This document is a product of the IETF LDAP Revision (LDAPbis) Working 343 Group. Some text was borrowed from "Guidelines for Writing an IANA 344 Considerations Section in RFCs" [RFC2434] by Thomas Narten and Harald 345 Alvestrand. 347 8. Author's Address 349 Kurt D. Zeilenga 350 OpenLDAP Foundation 352 Email: Kurt@OpenLDAP.org 354 9. References 356 [RFC2026] S. Bradner, "The Internet Standards Process -- Revision 3", 357 RFC 2026, October 1996. 359 [RFC2119] S. Bradner, "Key words for use in RFCs to Indicate 360 Requirement Levels", RFC 2119, March 1997. 362 [RFC2222] J. Myers, "Simple Authentication and Security Layer (SASL)", 363 RFC 2222, October 1997. 365 [RFC2234] D. Crocker, P. Overell, "Augmented BNF for Syntax 366 Specifications: ABNF", RFC 2234, November 1997. 368 [RFC2251] M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access 369 Protocol (v3)", RFC 2251, December 1997. 371 [RFC2252] M. Wahl, A. Coulbeck, T. Howes, S. Kille, "Lightweight 372 Directory Access Protocol (v3): Attribute Syntax 373 Definitions", RFC 2252, December 1997. 375 [RFC2255] T. Howes, M. Smith, "The LDAP URL Format", RFC 2255, 376 December, 1997. 378 [RFC2256] Wahl, M., "A Summary of the X.500(96) User Schema for use 379 with LDAPv3", RFC 2256, December 1997. 381 [RFC2279] F. Yergeau, "UTF-8, a transformation format of ISO 10646", 382 RFC 2279, January 1998. 384 [RFC2434] T. Narten, H. Alvestrand, "Guidelines for Writing an IANA 385 Considerations Section in RFCs", RFC 2119, October 1998. 387 Appendix A. Registration Templates 389 This appendix provides registration templates for registering new LDAP 390 values. 392 A.1. LDAP Object Identifier Registration Template 394 Subject: Request for LDAP OID Registration 396 Person & email address to contact for further information: 398 Specification: (I-D) 400 Author/Change Controller: 402 Comments: 404 (Any comments that the requester deems relevant to the request) 406 A.2. LDAP Descriptor Registration Template 408 Subject: Request for LDAP Descriptor Registration 410 Descriptor (short name): 412 Object Identifier: 414 Person & email address to contact for further information: 416 Usage: (One of attribute type, URL extension, 417 object class, or other) 419 Specification: (RFC, I-D, URI) 421 Author/Change Controller: 423 Comments: 425 (Any comments that the requester deems relevant to the request) 427 A.3. LDAP Attribute Description Option Registration Template 429 Subject: Request for LDAP Attribute Description Option Registration 431 Option Name: 433 Family of Options: (YES or NO) 435 Person & email address to contact for further information: 437 Specification: (RFC, I-D, URI) 439 Author/Change Controller: 441 Comments: 443 (Any comments that the requester deems relevant to the request) 445 A.4. LDAP Message Type Registration Template 447 Subject: Request for LDAP Message Type Registration 449 LDAP Message Name: 451 Person & email address to contact for further information: 453 Specification: (Approved I-D) 455 Comments: 457 (Any comments that the requester deems relevant to the request) 459 A.5. LDAP Result Code Registration Template 461 Subject: Request for LDAP Result Code Registration 463 Result Code Name: 465 Person & email address to contact for further information: 467 Specification: (RFC, I-D, URI) 469 Author/Change Controller: 471 Comments: 473 (Any comments that the requester deems relevant to the request) 475 A.6. LDAP Authentication Method Registration Template 477 Subject: Request for LDAP Authentication Method Registration 479 Authentication Method Name: 481 Person & email address to contact for further information: 483 Specification: (RFC, I-D, URI) 485 Intended Usage: (One of COMMON, LIMITED-USE, OBSOLETE) 487 Author/Change Controller: 489 Comments: 491 (Any comments that the requester deems relevant to the request) 493 Appendix B. Assigned Values 495 The following values are currently assigned. 497 B.1. Object Identifiers 499 Currently registered "Internet Private Enterprise Numbers" can be 500 found at: 501 ftp://ftp.isi.edu/in-notes/iana/assignments/enterprise-numbers 503 Currently registered "Internet Directory Numbers" can be found at: 505 ftp://ftp.isi.edu/in-notes/iana/assignments/smi-numbers 507 B.2. Object Identifiers Descriptors 509 NAME Type OID [REF] 510 ------------------------ ---- ----------------- 511 account O 0.9.2342.19200300.100.4.5 [RFC1274] 512 alias O 2.5.6.1 [RFC2256] 513 aliasedEntryName A 2.5.4.1 [X.501] 514 aliasedObjectName A 2.5.4.1 [RFC2256] 515 altServer A 1.3.6.1.4.1.1466.101.120.6 [RFC2252] 516 applicationEntity O 2.5.6.12 [RFC2256] 517 applicationProcess O 2.5.6.11 [RFC2256] 518 aRecord A 0.9.2342.19200300.100.1.26 [RFC1274] 519 associatedDomain A 0.9.2342.19200300.100.1.37 [RFC2164] 520 associatedInternetGateway A 1.3.6.1.4.1.453.7.2.8 [RFC2164] 521 associatedName A 0.9.2342.19200300.100.1.38 [RFC1274] 522 associatedORAddress A 1.3.6.1.4.1.453.7.2.6 [RFC2164] 523 associatedX400Gateway A 1.3.6.1.4.1.453.7.2.3 [RFC2164] 524 attributeTypes A 2.5.21.5 [RFC2252] 525 audio A 0.9.2342.19200300.100.1.55 [RFC1274] 526 authorityRevocationList A 2.5.4.38 [RFC2256] 527 bitStringMatch M 2.5.13.16 [RFC2252] 528 buildingName A 0.9.2342.19200300.100.1.48 [RFC1274] 529 businessCategory A 2.5.4.15 [RFC2256] 530 C A 2.5.4.6 [RFC2256] 531 cACertificate A 2.5.4.37 [RFC2256] 532 calCalAdrURI A 1.2.840.113556.1.4.481 [RFC2739] 533 calCalURI A 1.2.840.113556.1.4.478 [RFC2739] 534 calCAPURI A 1.2.840.113556.1.4.480 [RFC2739] 535 calEntry O 1.2.840.113556.1.5.87 [RFC2739] 536 calFBURL A 1.2.840.113556.1.4.479 [RFC2739] 537 calOtherCalAdrURIs A 1.2.840.113556.1.4.485 [RFC2739] 538 calOtherCalURIs A 1.2.840.113556.1.4.482 [RFC2739] 539 calOtherCAPURIs A 1.2.840.113556.1.4.484 [RFC2739] 540 calOtherFBURLs A 1.2.840.113556.1.4.483 [RFC2739] 541 caseExactIA5Match M 1.3.6.1.4.1.1466.109.114.1 [RFC2252] 542 caseIgnoreIA5Match M 1.3.6.1.4.1.1466.109.114.2 [RFC2252] 543 caseIgnoreListMatch M 2.5.13.11 [RFC2252] 544 caseIgnoreMatch M 2.5.13.2 [RFC2252] 545 caseIgnoreOrderingMatch M 2.5.13.3 [RFC2252] 546 caseIgnoreSubstringsMatch M 2.5.13.4 [RFC2252] 547 certificateRevocationList A 2.5.4.39 [RFC2256] 548 certificationAuthority O 2.5.6.16 [RFC2256] 549 certificationAuthority-V2 O 2.5.6.16.2 [RFC2256] 550 CN A 2.5.4.3 [RFC2256] 551 cNAMERecord A 0.9.2342.19200300.100.1.31 [RFC1274] 552 co A 0.9.2342.19200300.100.1.43 [RFC1274] 553 commonName A 2.5.4.3 [RFC2256] 554 country O 2.5.6.2 [RFC2256] 555 countryName A 2.5.4.6 [RFC2256] 556 createTimestamp A 2.5.18.1 [RFC2252] 557 creatorsName A 2.5.18.3 [RFC2252] 558 cRLDistributionPoint O 2.5.6.19 [RFC2256] 559 crossCertificatePair A 2.5.4.40 [RFC2256] 560 DC A 0.9.2342.19200300.100.1.25 [RFC2247] 561 dcObject O 1.3.6.1.4.1.1466.344 [RFC2247] 562 deltaCRL O 2.5.6.23 [RFC2587] 563 deltaRevocationList A 2.5.4.53 [RFC2256] 564 description A 2.5.4.13 [RFC2256] 565 destinationIndicator A 2.5.4.27 [RFC2256] 566 device O 2.5.6.14 [RFC2256] 567 distinguishedName A 2.5.4.49 [RFC2256] 568 distinguishedNameMatch M 2.5.13.1 [RFC2252] 569 distinguishedNameTableEntry O 1.3.6.1.4.1.453.7.1.5 [RFC2293] 570 distinguishedNameTableKey A 1.3.6.1.4.1.453.7.2.3 [RFC2293] 571 dITContentRules A 2.5.21.2 [RFC2252] 572 dITRedirect A 0.9.2342.19200300.100.1.54 [RFC1274] 573 dITStructureRules A 2.5.21.1 [RFC2252] 574 dmd O 2.5.6.20 [RFC2256] 575 dmdName A 2.5.4.54 [RFC2256] 576 dnQualifier A 2.5.4.46 [RFC2256] 577 dNSDomain O 0.9.2342.19200300.100.4.15 [RFC1274] 578 document O 0.9.2342.19200300.100.4.6 [RFC1274] 579 documentAuthor A 0.9.2342.19200300.100.1.14 [RFC1274] 580 documentIdentifier A 0.9.2342.19200300.100.1.11 [RFC1274] 581 documentLocation A 0.9.2342.19200300.100.1.15 [RFC1274] 582 documentPublisher A 0.9.2342.19200300.100.1.56 [RFC1274] 583 documentSeries O 0.9.2342.19200300.100.4.8 [RFC1274] 584 documentTitle A 0.9.2342.19200300.100.1.12 [RFC1274] 585 documentVersion A 0.9.2342.19200300.100.1.13 [RFC1274] 586 domain O 0.9.2342.19200300.100.4.13 [RFC2247] 587 domainComponent A 0.9.2342.19200300.100.1.25 [RFC2247] 588 domainNameForm N 1.3.6.1.4.1.1466.345 [RFC2247] 589 domainRelatedObject O 0.9.2342.19200300.100.4.17 [RFC1274] 590 drink A 0.9.2342.19200300.100.1.5 [RFC1274] 591 dSA O 2.5.6.13 [RFC2256] 592 dSAQuality A 0.9.2342.19200300.100.1.49 [RFC1274] 593 dynamicObject O 1.3.6.1.4.1.1466.101.119.2 [RFC2589] 594 dynamicSubtrees A 1.3.6.1.4.1.1466.101.119.4 [RFC2589] 595 enhancedSearchGuide A 2.5.4.47 [RFC2256] 596 entryTtl A 1.3.6.1.4.1.1466.101.119.3 [RFC2589] 597 extensibleObject O 1.3.6.1.4.1.1466.101.120.111 [RFC2252] 598 facsimileTelephoneNumber A 2.5.4.23 [RFC2256] 599 favouriteDrink A 0.9.2342.19200300.100.1.5 [RFC1274] 600 friendlyCountry O 0.9.2342.19200300.100.4.18 [RFC1274] 601 friendlyCountryName A 0.9.2342.19200300.100.1.43 [RFC1274] 602 generalizedTimeMatch M 2.5.13.27 [RFC2252] 603 generalizedTimeOrderingMatch M 2.5.13.28 [RFC2252] 604 generationQualifier A 2.5.4.44 [RFC2256] 605 givenName A 2.5.4.42 [RFC2256] 606 GN A 2.5.4.42 [RFC2256] 607 groupOfNames O 2.5.6.9 [RFC2256] 608 groupOfUniqueNames O 2.5.6.17 [RFC2256] 609 homePhone A 0.9.2342.19200300.100.1.20 [RFC1274] 610 homePostalAddress A 0.9.2342.19200300.100.1.39 [RFC1274] 611 homeTelephone A 0.9.2342.19200300.100.1.20 [RFC1274] 612 host A 0.9.2342.19200300.100.1.9 [RFC1274] 613 houseIdentifier A 2.5.4.51 [RFC2256] 614 info A 0.9.2342.19200300.100.1.4 [RFC1274] 615 initials A 2.5.4.43 [RFC2256] 616 integerFirstComponentMatch M 2.5.13.29 [RFC2252] 617 integerMatch M 2.5.13.14 [RFC2252] 618 internationaliSDNNumber A 2.5.4.25 [RFC2256] 619 janetMailbox A 0.9.2342.19200300.100.1.46 [RFC1274] 620 jpegPhoto A 0.9.2342.19200300.100.1.60 [RFC1488] 621 knowledgeInformation A 2.5.4.2 [RFC2256] 622 L A 2.5.4.7 [RFC2256] 623 labeledURI A 1.3.6.1.4.1.250.1.57 [RFC2079] 624 labeledURIObject A 1.3.6.1.4.1.250.3.15 [RFC2079] 625 lastModifiedBy A 0.9.2342.19200300.100.1.24 [RFC1274] 626 lastModifiedTime A 0.9.2342.19200300.100.1.23 [RFC1274] 627 ldapSyntaxes A 1.3.6.1.4.1.1466.101.120.16 [RFC2251] 628 locality O 2.5.6.3 [RFC2256] 629 localityName A 2.5.4.7 [RFC2256] 630 mail A 0.9.2342.19200300.100.1.3 [RFC2798] 631 mailPreferenceOption A 0.9.2342.19200300.100.1.47 [RFC1274] 632 manager A 0.9.2342.19200300.100.1.10 [RFC1274] 633 matchingRules A 2.5.21.4 [RFC2252] 634 matchingRuleUse A 2.5.21.8 [RFC2252] 635 mcgamTables A 1.3.6.1.4.1.453.7.2.9 [RFC2164] 636 mDRecord A 0.9.2342.19200300.100.1.27 [RFC1274] 637 member A 2.5.4.31 [RFC2256] 638 mixerGateway O 1.3.6.1.4.1.453.7.1.4 [RFC2164] 639 mobile A 0.9.2342.19200300.100.1.41 [RFC1274] 640 mobileTelephoneNumber A 0.9.2342.19200300.100.1.41 [RFC1274] 641 modifiersName A 2.5.18.4 [RFC2252] 642 modifyTimestamp A 2.5.18.2 [RFC2252] 643 mXRecord A 0.9.2342.19200300.100.1.28 [RFC1274] 644 name A 2.5.4.41 [RFC2256] 645 nameForms A 2.5.21.7 [RFC2252] 646 namingContexts A 1.3.6.1.4.1.1466.101.120.5 [RFC2252] 647 nSRecord A 0.9.2342.19200300.100.1.29 [RFC1274] 648 numericStringMatch M 2.5.13.8 [RFC2252] 649 numericStringSubstringsMatch M 2.5.13.10 [RFC2252] 650 O A 2.5.4.10 [RFC2256] 651 objectClass A 2.5.4.0 [RFC2256] 652 objectClasses A 2.5.21.6 [RFC2252] 653 objectIdentifierFirstComponentMatch M 2.5.13.30 [RFC2252] 654 objectIdentifiersMatch M 2.5.13.0 [RFC2252] 655 octetStringMatch M 2.5.13.17 [RFC2252] 656 omittedORAddressComponent O 1.3.6.1.4.1.453.7.1.3 [RFC2164] 657 oRAddressComponentType A 1.3.6.1.4.1.453.7.2.7 [RFC2164] 658 organization O 2.5.6.4 [RFC2256] 659 organizationalPerson O 2.5.6.7 [RFC2256] 660 organizationalRole O 2.5.6.8 [RFC2256] 661 organizationalStatus A 0.9.2342.19200300.100.1.45 [RFC1274] 662 organizationalUnit O 2.5.6.5 [RFC2256] 663 organizationalUnitName A 2.5.4.11 [RFC2256] 664 organizationName A 2.5.4.10 [RFC2256] 665 otherMailbox A 0.9.2342.19200300.100.1.22 [RFC1274] 666 OU A 2.5.4.11 [RFC2256] 667 owner A 2.5.4.32 [RFC2256] 668 pager A 0.9.2342.19200300.100.1.42 [RFC1274] 669 pagerTelephoneNumber A 0.9.2342.19200300.100.1.42 [RFC1274] 670 person O 2.5.6.6 [RFC2256] 671 personalSignature A 0.9.2342.19200300.100.1.53 [RFC1274] 672 personalTitle A 0.9.2342.19200300.100.1.40 [RFC1274] 673 photo A 0.9.2342.19200300.100.1.7 [RFC1274] 674 physicalDeliveryOfficeName A 2.5.4.19 [RFC2256] 675 pilotDSA O 0.9.2342.19200300.100.4.21 [RFC1274] 676 pilotObject O 0.9.2342.19200300.100.4.3 [RFC1274] 677 pilotOrganization O 0.9.2342.19200300.100.4.20 [RFC1274] 678 pilotPerson O 0.9.2342.19200300.100.4.4 [RFC1274] 679 pkiCA O 2.5.6.22 [RFC2587] 680 pkiUser O 2.5.6.21 [RFC2587] 681 postalAddress A 2.5.4.16 [RFC2256] 682 postalCode A 2.5.4.17 [RFC2256] 683 postOfficeBox A 2.5.4.18 [RFC2256] 684 preferredDeliveryMethod A 2.5.4.28 [RFC2256] 685 presentationAddress A 2.5.4.29 [RFC2256] 686 presentationAddressMatch M 2.5.13.22 [RFC2252] 687 protocolInformation A 2.5.4.48 [RFC2256] 688 protocolInformationMatch M 2.5.13.24 [RFC2252] 689 qualityLabelledData O 0.9.2342.19200300.100.4.22 [RFC1274] 690 registeredAddress A 2.5.4.26 [RFC2256] 691 residentialPerson O 2.5.6.10 [RFC2256] 692 RFC822LocalPart O 0.9.2342.19200300.100.4.14 [RFC1274] 693 RFC822Mailbox A 0.9.2342.19200300.100.1.3 [RFC1274] 694 rFC822ToX400Mapping O 1.3.6.1.4.1.453.7.1.1 [RFC2164] 695 roleOccupant A 2.5.4.33 [RFC2256] 696 room O 0.9.2342.19200300.100.4.7 [RFC1274] 697 roomNumber A 0.9.2342.19200300.100.1.6 [RFC1274] 698 searchGuide A 2.5.4.14 [RFC2256] 699 secretary A 0.9.2342.19200300.100.1.21 [RFC1274] 700 seeAlso A 2.5.4.34 [RFC2256] 701 serialNumber A 2.5.4.5 [RFC2256] 702 simpleSecurityObject O 0.9.2342.19200300.100.4.19 [RFC1274] 703 singleLevelQuality A 0.9.2342.19200300.100.1.50 [RFC1274] 704 SN A 2.5.4.4 [RFC2256] 705 sOARecord A 0.9.2342.19200300.100.1.30 [RFC1274] 706 ST A 2.5.4.8 [RFC2256] 707 stateOrProvinceName A 2.5.4.8 [RFC2256] 708 street A 2.5.4.9 [RFC2256] 709 streetAddress A 2.5.4.9 [RFC2256] 710 strongAuthenticationUser O 2.5.6.15 [RFC2256] 711 subschema O 2.5.20.1 [RFC2252] 712 subschemaSubentry A 2.5.18.10 [RFC2252] 713 subtree O 1.3.6.1.4.1.453.7.1.1 [RFC2293] 714 subtreeMaximumQuality A 0.9.2342.19200300.100.1.52 [RFC1274] 715 subtreeMinimumQuality A 0.9.2342.19200300.100.1.51 [RFC1274] 716 supportedAlgorithms A 2.5.4.52 [RFC2256] 717 supportedApplicationContext A 2.5.4.30 [RFC2256] 718 supportedControl A 1.3.6.1.4.1.1466.101.120.13 [RFC2252] 719 supportedExtension A 1.3.6.1.4.1.1466.101.120.7 [RFC2252] 720 supportedLDAPVersion A 1.3.6.1.4.1.1466.101.120.15 [RFC2252] 721 supportedSASLMechanisms A 1.3.6.1.4.1.1466.101.120.14 [RFC2252] 722 surname A 2.5.4.4 [RFC2256] 723 table O 1.3.6.1.4.1.453.7.1.2 [RFC2293] 724 tableEntry O 1.3.6.1.4.1.453.7.1.3 [RFC2293] 725 telephoneNumber A 2.5.4.20 [RFC2256] 726 telephoneNumberMatch M 2.5.13.20 [RFC2252] 727 telephoneNumberSubstringsMatch M 2.5.13.21 [RFC2252] 728 teletexTerminalIdentifier A 2.5.4.22 [RFC2256] 729 telexNumber A 2.5.4.21 [RFC2256] 730 textEncodedORAddress A 0.9.2342.19200300.100.1.2 [RFC1274] 731 textTableEntry O 1.3.6.1.4.1.453.7.1.4 [RFC2293] 732 textTableKey A 1.3.6.1.4.1.453.7.2.1 [RFC2293] 733 textTableValue A 1.3.6.1.4.1.453.7.2.2 [RFC2293] 734 title A 2.5.4.12 [RFC2256] 735 top O 2.5.6.0 [RFC2256] 736 uid A 0.9.2342.19200300.100.1.1 [RFC2253] 737 uniqueIdentifier A 0.9.2342.19200300.100.1.44 [RFC1274] 738 uniqueMember A 2.5.4.50 [RFC2256] 739 uniqueMemberMatch M 2.5.13.23 [RFC2252] 740 userCertificate A 2.5.4.36 [RFC2256] 741 userClass A 0.9.2342.19200300.100.1.8 [RFC1274] 742 userId A 0.9.2342.19200300.100.1.1 [RFC1274] 743 userPassword A 2.5.4.35 [RFC2256] 744 userSecurityInformation O 2.5.6.18 [RFC2256] 745 x121Address A 2.5.4.24 [RFC2256] 746 x400ToRFC822Mapping O 1.3.6.1.4.1.453.7.1.2 [RFC2164] 747 x500UniqueIdentifier A 2.5.4.45 [RFC2256] 749 Legend 750 ------------------------ 751 A => Attribute Type 752 C => DIT Content Rule 753 E => LDAP URL Extension 754 M => Matching Rule 755 N => Name Form 756 O => Object Class 758 B.3. Attribute Description Options 760 Option Owner Reference 761 ---------------- ----- --------- 762 binary IESG [RFC2251] 763 lang-* IESG [RFC2596] 765 * family of options 767 B.4. LDAPMessage types 769 Name Code Owner Reference 770 --------------------------- ---- ----- --------- 771 bindRequest 0 IESG [RFC2251] 772 bindResponse 1 IESG [RFC2251] 773 unbindRequest 2 IESG [RFC2251] 774 searchRequest 3 IESG [RFC2251] 775 searchResEntry 4 IESG [RFC2251] 776 searchResDone 5 IESG [RFC2251] 777 modifyRequest 6 IESG [RFC2251] 778 modifyResponse 7 IESG [RFC2251] 779 addRequest 8 IESG [RFC2251] 780 addResponse 9 IESG [RFC2251] 781 delRequest 10 IESG [RFC2251] 782 delResponse 11 IESG [RFC2251] 783 modDNRequest 12 IESG [RFC2251] 784 modDNResponse 13 IESG [RFC2251] 785 compareRequest 14 IESG [RFC2251] 786 compareResponse 15 IESG [RFC2251] 787 abandonRequest 16 IESG [RFC2251] 788 reserved 17-18 IESG 789 searchResRef 19 IESG [RFC2251] 790 reserved 20-22 IESG 791 extendedReq 23 IESG [RFC2251] 792 extendedResp 24 IESG [RFC2251] 794 B.5. resultCode values 796 Name Code Owner Reference 797 --------------------------- ---- ----- --------- 798 success 0 IESG [RFC2251] 799 operationsError 1 IESG [RFC2251] 800 protocolError 2 IESG [RFC2251] 801 timeLimitExceeded 3 IESG [RFC2251] 802 sizeLimitExceeded 4 IESG [RFC2251] 803 compareFalse 5 IESG [RFC2251] 804 compareTrue 6 IESG [RFC2251] 805 authMethodNotSupported 7 IESG [RFC2251] 806 strongAuthRequired 8 IESG [RFC2251] 807 reserved (partialResults) 9 IESG [RFC2251] 808 referral 10 IESG [RFC2251] 809 adminLimitExceeded 11 IESG [RFC2251] 810 unavailableCriticalExtension 12 IESG [RFC2251] 811 confidentialityRequired 13 IESG [RFC2251] 812 saslBindInProgress 14 IESG [RFC2251] 813 noSuchAttribute 16 IESG [RFC2251] 814 undefinedAttributeType 17 IESG [RFC2251] 815 inappropriateMatching 18 IESG [RFC2251] 816 constraintViolation 19 IESG [RFC2251] 817 attributeOrValueExists 20 IESG [RFC2251] 818 invalidAttributeSyntax 21 IESG [RFC2251] 819 noSuchObject 32 IESG [RFC2251] 820 aliasProblem 33 IESG [RFC2251] 821 invalidDNSyntax 34 IESG [RFC2251] 822 reserved (isLeaf) 35 IESG [RFC2251] 823 aliasDereferencingProblem 36 IESG [RFC2251] 824 reserved 37-47 IESG 825 inappropriateAuthentication 48 IESG [RFC2251] 826 invalidCredentials 49 IESG [RFC2251] 827 insufficientAccessRights 50 IESG [RFC2251] 828 busy 51 IESG [RFC2251] 829 unavailable 52 IESG [RFC2251] 830 unwillingToPerform 53 IESG [RFC2251] 831 loopDetect 54 IESG [RFC2251] 832 reserved 55-63 IESG 833 namingViolation 64 IESG [RFC2251] 834 objectClassViolation 65 IESG [RFC2251] 835 notAllowedOnNonLeaf 66 IESG [RFC2251] 836 notAllowedOnRDN 67 IESG [RFC2251] 837 entryAlreadyExists 68 IESG [RFC2251] 838 objectClassModsProhibited 69 IESG [RFC2251] 839 reserved (resultsTooLarge) 70 IESG [RFC2251] 840 reserved 71-79 IESG 841 other 80 IESG [RFC2251] 842 reserved (APIs) 81-90 IESG [RFC2251] 844 B.6. Bind Authentication Method 846 Method Value Owner Usage Reference 847 ------ ----- ----- ----------- ----------------- 848 simple 0 IESG LIMITED USE [RFC2251,RFC2829] 849 krbv42LDAP 1 IESG OBSOLETE* [RFC1777] 850 krbv42DSA 2 IESG OBSOLETE* [RFC1777] 851 sasl 3 IESG COMMON [RFC2251,RFC2829] 853 * These LDAPv2-only mechanisms were deprecated in favor LDAPv3 SASL 854 authentication method, specifically the GSSAPI mechanism. 856 Copyright 2001, The Internet Society. All Rights Reserved. 858 This document and translations of it may be copied and furnished to 859 others, and derivative works that comment on or otherwise explain it 860 or assist in its implementation may be prepared, copied, published and 861 distributed, in whole or in part, without restriction of any kind, 862 provided that the above copyright notice and this paragraph are 863 included on all such copies and derivative works. However, this 864 document itself may not be modified in any way, such as by removing 865 the copyright notice or references to the Internet Society or other 866 Internet organizations, except as needed for the purpose of 867 developing Internet standards in which case the procedures for 868 copyrights defined in the Internet Standards process must be followed, 869 or as required to translate it into languages other than English. 871 The limited permissions granted above are perpetual and will not be 872 revoked by the Internet Society or its successors or assigns. 874 This document and the information contained herein is provided on an 875 "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE INTERNET 876 ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, 877 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 878 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 879 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.