idnits 2.17.1 draft-ietf-ldapbis-iana-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. ** The document is more than 15 pages and seems to lack a Table of Contents. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 5 instances of too long lines in the document, the longest one being 2 characters in excess of 72. == There are 122 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 869 has weird spacing: '...for the purpo...' == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (20 November 2001) is 8186 days in the past. Is this intentional? Checking references for intended status: Best Current Practice ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'IANADSN' is mentioned on line 255, but not defined == Missing Reference: 'RFC1779' is mentioned on line 257, but not defined ** Obsolete undefined reference: RFC 1779 (Obsoleted by RFC 2253, RFC 3494) == Missing Reference: 'REF' is mentioned on line 512, but not defined == Missing Reference: 'RFC1274' is mentioned on line 745, but not defined ** Obsolete undefined reference: RFC 1274 (Obsoleted by RFC 4524) == Missing Reference: 'RFC2164' is mentioned on line 749, but not defined == Missing Reference: 'RFC2739' is mentioned on line 543, but not defined == Missing Reference: 'RFC2247' is mentioned on line 591, but not defined == Missing Reference: 'RFC2587' is mentioned on line 683, but not defined ** Obsolete undefined reference: RFC 2587 (Obsoleted by RFC 4523) == Missing Reference: 'RFC2293' is mentioned on line 736, but not defined == Missing Reference: 'RFC2589' is mentioned on line 599, but not defined == Missing Reference: 'RFC1488' is mentioned on line 623, but not defined ** Obsolete undefined reference: RFC 1488 (Obsoleted by RFC 1778) == Missing Reference: 'RFC2079' is mentioned on line 627, but not defined == Missing Reference: 'RFC2798' is mentioned on line 633, but not defined == Missing Reference: 'RFC2253' is mentioned on line 739, but not defined ** Obsolete undefined reference: RFC 2253 (Obsoleted by RFC 4510, RFC 4514) == Missing Reference: 'RFC2596' is mentioned on line 766, but not defined ** Obsolete undefined reference: RFC 2596 (Obsoleted by RFC 3866) == Missing Reference: 'RFC2829' is mentioned on line 854, but not defined ** Obsolete undefined reference: RFC 2829 (Obsoleted by RFC 4510, RFC 4513) == Missing Reference: 'RFC1777' is mentioned on line 853, but not defined ** Obsolete undefined reference: RFC 1777 (Obsoleted by RFC 3494) ** Obsolete normative reference: RFC 2234 (Obsoleted by RFC 4234) ** Obsolete normative reference: RFC 2251 (Obsoleted by RFC 4510, RFC 4511, RFC 4512, RFC 4513) ** Obsolete normative reference: RFC 2252 (Obsoleted by RFC 4510, RFC 4512, RFC 4517, RFC 4523) ** Obsolete normative reference: RFC 2255 (Obsoleted by RFC 4510, RFC 4516) ** Obsolete normative reference: RFC 2256 (Obsoleted by RFC 4510, RFC 4512, RFC 4517, RFC 4519, RFC 4523) ** Obsolete normative reference: RFC 2279 (Obsoleted by RFC 3629) ** Obsolete normative reference: RFC 2434 (Obsoleted by RFC 5226) == Outdated reference: A later version (-01) exists of draft-ietf-ldapbis-ldapv3-ts-00 -- Obsolete informational reference (is this intentional?): RFC 2222 (Obsoleted by RFC 4422, RFC 4752) Summary: 21 errors (**), 0 flaws (~~), 21 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT Kurt D. Zeilenga 3 Intended Category: BCP OpenLDAP Foundation 4 Expires: 20 May 2002 20 November 2001 6 IANA Considerations for LDAP 7 9 Status of Memo 11 This document is an Internet-Draft and is in full conformance with all 12 provisions of Section 10 of RFC2026. 14 This document is intended to be, after appropriate review and 15 revision, submitted to the RFC Editor as a Best Current Practice 16 document. Distribution of this memo is unlimited. Technical 17 discussion of this document will take place on the IETF LDAP Revision 18 Working Group (LDAPbis) mailing list . 19 Please send editorial comments directly to the document editor 20 . 22 Internet-Drafts are working documents of the Internet Engineering Task 23 Force (IETF), its areas, and its working groups. Note that other 24 groups may also distribute working documents as Internet-Drafts. 25 Internet-Drafts are draft documents valid for a maximum of six months 26 and may be updated, replaced, or obsoleted by other documents at any 27 time. It is inappropriate to use Internet-Drafts as reference 28 material or to cite them other than as ``work in progress.'' 30 The list of current Internet-Drafts can be accessed at 31 . The list of 32 Internet-Draft Shadow Directories can be accessed at 33 . 35 Copyright 2001, The Internet Society. All Rights Reserved. 37 Please see the Copyright section near the end of this document for 38 more information. 40 Abstract 42 This document provides procedures for registering extensible elements 43 of LDAP. The document also provides guidelines to IANA describing 44 conditions under which new values can be assigned. 46 1. Introduction 48 The Lightweight Directory Access Protocol [LDAPTS] (LDAP) is an 49 extensible protocol. LDAP supports: 50 - addition of new operations, 51 - extension of existing operations, and 52 - extensible schema. 54 This document details procedures for registering values of used to 55 unambiguously identify extensible elements of the protocol including: 56 - LDAP message types, 57 - LDAP result codes, 58 - LDAP authentication methods, 59 - LDAP attribute description options, and 60 - Object Identifier descriptors. 62 These registries are maintained by the Internet Assigned Numbers 63 Authority (IANA). 65 In addition, this document provides guidelines to IANA describing the 66 conditions under which new values can be assigned. 68 2. Terminology and Conventions 70 This section details terms and conventions used in this document. 72 2.1. Policy Terminology 74 The terms "IESG Approval", "Standards Action", "IETF Consensus", 75 "Specification Required", "First Come First Served", "Expert Review", 76 and "Private Use" are used as defined in BCP 26 [RFC2434]. 78 2.2. Requirement Terminology 80 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 81 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 82 document are to be interpreted as described in BCP 14 [RFC2119]. 84 2.3. Common ABNF Productions 86 A number of syntaxes in this document are described using ABNF 87 [RFC2234]. These syntaxes rely on the following common productions: 89 ALPHA = %x41-5A / %x61-7A ; A-Z / a-z 91 LDIGIT = %x31-39 ; 1-9 93 DIGIT = %x30 / LDIGIT ; 0-9 95 HYPHEN = %x2D ; "-" 97 PERIOD = %x2E ; "." 99 number = DIGIT / ( LDIGIT 1*DIGIT ) 101 keychar = ( ALPHA / DIGIT / HYPHEN ) 102 leadkeychar = ALPHA 104 keystring = leadkeychar *keychar 106 A keyword is UTF-8 [RFC2279] case-insensitive string restricted to the 107 keystring production. 109 3. IANA Considerations for LDAP 111 This section details each kind of protocol value which can be 112 registered and provides IANA guidelines on how to assign new values. 114 3.1. Object Identifiers 116 Numerous LDAP schema and protocol elements are identified by Object 117 Identifiers. Any properly delegated OID MAY be used, including those 118 under "Internet Private Enterprise Numbers" (1.3.5.1.4.1.x) assigned 119 by IANA . 121 For IETF developed protocol and schema elements, OIDs under "Internet 122 Directory Numbers" (1.3.6.1.1.x) MAY be used. IANA will assign 123 numbers under this OID arc upon Expert Review with Specification 124 Required. In general, only one OID per specification SHOULD be 125 assigned. The specification may then assign any number of OIDs within 126 this arc without further coordination with IANA. 128 3.2. Object Identifier Descriptors 130 LDAP allows short descriptive names (or descriptors) to be used 131 instead of a numeric Object Identifier to identify protocol extensions 132 [RFC2251], schema elements [RFC2252], LDAP URL [RFC2255] extensions, 133 and other objects. Descriptors SHALL be restricted to UTF-8 134 case-insensitive strings limited by the following ABNF: 136 name = keystring 138 Multiple names MAY be assigned to a given OID. For purposes of 139 registration, an OID SHALL be represented in numeric OID form 140 conforming to the ABNF: 142 numericoid = number *( PERIOD number ) ; e.g. 1.1.0.23.40 144 While the protocol places no maximum length restriction upon 145 descriptors, they SHOULD be short. IANA MAY refuse to register any 146 descriptor over 48 characters in length. IANA MAY reject obviously 147 bogus registrations. 149 Descriptors beginning with "x-" are for Private Use and SHALL NOT be 150 registered. 152 Descriptors beginning with "e-" are reserved for experiments. IANA 153 SHALL register any descriptor beginning with "e-" on a First Come 154 First Served basis. 156 Expert Review is REQUIRED before accepting registration of all other 157 descriptors. 159 IANA SHALL NOT verify the registrant "owns" the OID being named. 161 The OID namespace is managed by The ISO/IEC Joint Technical Committee 162 1 - Subcommittee 6. 164 3.3. AttributeDescription Options 166 An AttributeDescription [RFC2251, Section 4.1.5] can contain zero or 167 more options specifying additional semantics. An option SHALL be 168 restricted to UTF-8 case-insensitive string limited by the following 169 ABNF: 171 option = keystring 173 While the protocol places no maximum length restriction upon option 174 strings, they SHOULD be short. IANA MAY refuse to register any option 175 over 16 characters in length. IANA MAY reject obviously bogus 176 registrations. 178 Values ending with a hyphen ("-") reserve all option names which start 179 with the name. For example, the registration of the option 180 "optionFamily-" reserves all options which start with "optionFamily-" 181 for some related purpose. 183 Options beginning with "x-" are for Private Use and SHALL NOT 184 registered. 186 Options beginning with "e-" are reserved for experiments. IANA SHALL 187 register any option beginning with "e-" on a First Come First Served 188 basis. 190 IANA SHALL register other options by either Standards Action or Expert 191 Review with Specification Required. 193 3.4. LDAP Message Types 195 Each protocol message is encapsulated in an LDAPMessage envelope 196 [RFC2251, Section 4.1.1]. The protocolOp CHOICE indicates the type of 197 message encapsulated. Each message type consists of a keyword and a 198 non-negative choice number is combined with the class (APPLICATION) 199 and data type (CONSTRUCTED or PRIMITIVE) to construct the BER tag in 200 the message's encoding. The choice numbers for existing protocol 201 messages are implicit in the protocol's ASN.1 defined in [RFC2251]. 203 New values SHALL only be registered by Standards Track action. 205 Note: LDAP provides extensible messages which reduces, but does not 206 eliminate, the need to add new message types. 208 3.5. LDAP Result Codes 210 LDAP result messages carry an resultCode enumerated value to indicate 211 the outcome of the operation [RFC2251, Section 4.1.10]. Each result 212 code consists of a keyword and a non-negative integer. 214 IANA SHALL register new resultCode integers in the range 0-255 upon 215 Standards Action, in the range 256-1023 with Expert Review, and in the 216 range 1024-8191 on a First Come First Served basis. Keywords 217 associated with integers in the range 0-1023 SHALL NOT start with "e-" 218 or "x- the range 1024-8191 SHALL start with "e-". Values greater than 219 or equal to 8192 and keywords starting with "x-" are for Private Use 220 and SHALL NOT be registered. 222 IANA MAY reject obviously bogus registrations. 224 3.6. LDAP Authentication Method 225 The LDAP Bind operation supports multiple authentication methods 226 [RFC2251, Section 4.2]. Each authentication choice consists of a 227 keyword and a non-negative integer. 229 Authentication methods usage SHALL be classified using one of the 230 following terms: 232 COMMON - method is appropriate for common use on the Internet, 233 LIMITED USE - method is appropriate for limited use, 234 OBSOLETE - method has been deprecated or otherwise found to be 235 inappropriate for any use. 237 IANA SHALL NOT register new OBSOLETE authentication methods. Methods 238 without publicly available specifications SHALL NOT be classified as 239 COMMON. IANA MAY reject obviously bogus registrations. 241 IANA SHALL register new authentication method integers in the range 242 0-255 upon Standards Action, in the range 256-1023 with Expert Review 243 with Specification Required, and in the range 1024-8191 on a First 244 Come First Served basis. Keywords associated with integers in the 245 range 0-1023 SHALL NOT start with "e-" or "x-". Keywords associated 246 with integers in the range 1024-8191 SHALL start with "e-". Values 247 greater than or equal to 8192 and keywords starting with "x-" are for 248 Private Use and SHALL NOT be registered. 250 Note: LDAP supports SASL [RFC2222] as an Authentication CHOICE. SASL 251 is an extensible LDAP authentication method. 253 3.7. Directory Systems Names 255 The IANA-maintained "Directory Systems Names" registry [IANADSN] of 256 valid keywords for well known attributes used in the LDAPv2 string 257 representation of a distinguished name [RFC1779]. RFC 1779 was 258 obsoleted by RFC 2253. 260 Directory systems names are not known to be used in any other context. 261 LDAPv3 uses Object Identifier Descriptors [Section 3.2] (which have a 262 different syntax than directory system names). 264 IANA SHALL NOT register new Directory System Names. For historical 265 purposes, the current list of registered names SHOULD be remain 266 available. 268 4. Registration Procedure 270 The procedure given here MUST be used by anyone who wishes to use a 271 new value of a type described in Section 3 of this document. 273 The first step is for the requester to fill out the appropriate form. 274 Templates are provided in Appendix A. 276 If the policy is Standards Action, the completed form SHOULD be 277 provided to the IESG with the request for Standards Action. Upon 278 approval of the Standards Action, the IESG SHALL forward the request 279 (possibly revised) to IANA. The IESG SHALL be viewed as the owner of 280 all values requiring Standards Action. 282 If the policy is Expert Review, the requester SHALL post the completed 283 form to the mailing list for public review. 284 The review period is two (2) weeks. If a revised form is later 285 submitted, the review period is restarted. Anyone may subscribe to 286 this list by sending a request to . 287 During the review, objections may be raised by anyone (including the 288 Expert) on the list. After completion of the review, the Expert, 289 based upon public comments, SHALL either approve the request and 290 forward it to the IESG OR deny the request. In either case, the 291 Expert SHALL promptly notify the requester of the action . Actions of 292 the Expert may be appealed [RFC2026]. The Expert is appointed by 293 Applications Area Director(s). The requester is viewed is the owner 294 of values registered under Expert Review. 296 If the policy is First Come First Served, the requester SHALL submit 297 the completed form directly to the IANA . The 298 requester is viewed is the owner of values registered under First Come 299 First Served. 301 Neither the Expert nor IANA will take position on the claims of 302 copyright or trademarks issues regarding completed forms. 304 5. Registration Maintenance 306 This section discusses maintenance of registrations. 308 5.1. Lists of Registered Values 310 IANA makes lists of registered values readily available to the 311 Internet community on their web site . 313 5.2. Change Control 315 The registration owner MAY update the specification subject to the 316 same constraints and review as with new registrations. The IESG MAY 317 assert ownership in cases where the owner is not willing or able to 318 make necessary updates. 320 5.3. Comments 322 For cases where others have significant objections to the claims in a 323 registration and the author does not agree to change the registration, 324 comments MAY be attached to registrations after Expert Review. For 325 registrations owned by the IESG, the objections SHOULD be addressed by 326 initiating a Change Control request. 328 6. Security Considerations 330 The security considerations detailed in [RFC2434] are generally 331 applicable to this document. Additional security considerations 332 specific to each namespace are discussed in Section 3 where 333 appropriate. 335 Security considerations for LDAP are discussed in documents comprising 336 the technical specification [LDAPTS]. 338 7. Acknowledgment 340 This document is a product of the IETF LDAP Revision (LDAPbis) Working 341 Group. Some text was borrowed from "Guidelines for Writing an IANA 342 Considerations Section in RFCs" [RFC2434] by Thomas Narten and Harald 343 Alvestrand. 345 8. Author's Address 347 Kurt D. Zeilenga 348 OpenLDAP Foundation 350 Email: Kurt@OpenLDAP.org 352 9. Normative References 354 [RFC2026] S. Bradner, "The Internet Standards Process -- Revision 3", 355 BCP 9 (also RFC 2026), October 1996. 357 [RFC2119] S. Bradner, "Key words for use in RFCs to Indicate 358 Requirement Levels", BCP 14 (also RFC 2119), March 1997. 360 [RFC2234] D. Crocker, P. Overell, "Augmented BNF for Syntax 361 Specifications: ABNF", RFC 2234, November 1997. 363 [RFC2251] M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access 364 Protocol (v3)", RFC 2251, December 1997. 366 [RFC2252] M. Wahl, A. Coulbeck, T. Howes, S. Kille, "Lightweight 367 Directory Access Protocol (v3): Attribute Syntax 368 Definitions", RFC 2252, December 1997. 370 [RFC2255] T. Howes, M. Smith, "The LDAP URL Format", RFC 2255, 371 December, 1997. 373 [RFC2256] Wahl, M., "A Summary of the X.500(96) User Schema for use 374 with LDAPv3", RFC 2256, December 1997. 376 [RFC2279] F. Yergeau, "UTF-8, a transformation format of ISO 10646", 377 RFC 2279, January 1998. 379 [RFC2434] T. Narten, H. Alvestrand, "Guidelines for Writing an IANA 380 Considerations Section in RFCs", BCP 26 (also RFC 2434), 381 October 1998. 383 [LDAPTS] J. Hodges, R.L. Morgan, "Lightweight Directory Access 384 Protocol (v3): Technical Specification", draft-ietf-ldapbis- 385 ldapv3-ts-00.txt (a work in progress). 387 10. Informative References 389 [RFC2222] J. Myers, "Simple Authentication and Security Layer (SASL)", 390 RFC 2222, October 1997. 392 Appendix A. Registration Templates 394 This appendix provides registration templates for registering new LDAP 395 values. 397 A.1. LDAP Object Identifier Registration Template 399 Subject: Request for LDAP OID Registration 401 Person & email address to contact for further information: 403 Specification: (I-D) 405 Author/Change Controller: 407 Comments: 409 (Any comments that the requester deems relevant to the request) 411 A.2. LDAP Descriptor Registration Template 413 Subject: Request for LDAP Descriptor Registration 415 Descriptor (short name): 417 Object Identifier: 419 Person & email address to contact for further information: 421 Usage: (One of attribute type, URL extension, 422 object class, or other) 424 Specification: (RFC, I-D, URI) 426 Author/Change Controller: 428 Comments: 430 (Any comments that the requester deems relevant to the request) 432 A.3. LDAP Attribute Description Option Registration Template 434 Subject: Request for LDAP Attribute Description Option Registration 436 Option Name: 438 Family of Options: (YES or NO) 440 Person & email address to contact for further information: 442 Specification: (RFC, I-D, URI) 444 Author/Change Controller: 446 Comments: 448 (Any comments that the requester deems relevant to the request) 450 A.4. LDAP Message Type Registration Template 451 Subject: Request for LDAP Message Type Registration 453 LDAP Message Name: 455 Person & email address to contact for further information: 457 Specification: (Approved I-D) 459 Comments: 461 (Any comments that the requester deems relevant to the request) 463 A.5. LDAP Result Code Registration Template 465 Subject: Request for LDAP Result Code Registration 467 Result Code Name: 469 Person & email address to contact for further information: 471 Specification: (RFC, I-D, URI) 473 Author/Change Controller: 475 Comments: 477 (Any comments that the requester deems relevant to the request) 479 A.6. LDAP Authentication Method Registration Template 481 Subject: Request for LDAP Authentication Method Registration 483 Authentication Method Name: 485 Person & email address to contact for further information: 487 Specification: (RFC, I-D, URI) 489 Intended Usage: (One of COMMON, LIMITED-USE, OBSOLETE) 491 Author/Change Controller: 493 Comments: 495 (Any comments that the requester deems relevant to the request) 497 Appendix B. Assigned Values 499 The following values are currently assigned. 501 B.1. Object Identifiers 503 Currently registered "Internet Private Enterprise Numbers" can be 504 found at: http://www.isi.edu/in-notes/iana/assignments/enterprise- 505 numbers 507 Currently registered "Internet Directory Numbers" can be found at: 508 http://www.iana.org/assignments/smi-numbers 510 B.2. Object Identifier Descriptors 512 NAME Type OID [REF] 513 ------------------------ ---- ----------------- 514 account O 0.9.2342.19200300.100.4.5 [RFC1274] 515 alias O 2.5.6.1 [RFC2256] 516 aliasedEntryName A 2.5.4.1 [X.501] 517 aliasedObjectName A 2.5.4.1 [RFC2256] 518 altServer A 1.3.6.1.4.1.1466.101.120.6 [RFC2252] 519 applicationEntity O 2.5.6.12 [RFC2256] 520 applicationProcess O 2.5.6.11 [RFC2256] 521 aRecord A 0.9.2342.19200300.100.1.26 [RFC1274] 522 associatedDomain A 0.9.2342.19200300.100.1.37 [RFC2164] 523 associatedInternetGateway A 1.3.6.1.4.1.453.7.2.8 [RFC2164] 524 associatedName A 0.9.2342.19200300.100.1.38 [RFC1274] 525 associatedORAddress A 1.3.6.1.4.1.453.7.2.6 [RFC2164] 526 associatedX400Gateway A 1.3.6.1.4.1.453.7.2.3 [RFC2164] 527 attributeTypes A 2.5.21.5 [RFC2252] 528 audio A 0.9.2342.19200300.100.1.55 [RFC1274] 529 authorityRevocationList A 2.5.4.38 [RFC2256] 530 bitStringMatch M 2.5.13.16 [RFC2252] 531 buildingName A 0.9.2342.19200300.100.1.48 [RFC1274] 532 businessCategory A 2.5.4.15 [RFC2256] 533 C A 2.5.4.6 [RFC2256] 534 cACertificate A 2.5.4.37 [RFC2256] 535 calCalAdrURI A 1.2.840.113556.1.4.481 [RFC2739] 536 calCalURI A 1.2.840.113556.1.4.478 [RFC2739] 537 calCAPURI A 1.2.840.113556.1.4.480 [RFC2739] 538 calEntry O 1.2.840.113556.1.5.87 [RFC2739] 539 calFBURL A 1.2.840.113556.1.4.479 [RFC2739] 540 calOtherCalAdrURIs A 1.2.840.113556.1.4.485 [RFC2739] 541 calOtherCalURIs A 1.2.840.113556.1.4.482 [RFC2739] 542 calOtherCAPURIs A 1.2.840.113556.1.4.484 [RFC2739] 543 calOtherFBURLs A 1.2.840.113556.1.4.483 [RFC2739] 544 caseExactIA5Match M 1.3.6.1.4.1.1466.109.114.1 [RFC2252] 545 caseIgnoreIA5Match M 1.3.6.1.4.1.1466.109.114.2 [RFC2252] 546 caseIgnoreListMatch M 2.5.13.11 [RFC2252] 547 caseIgnoreMatch M 2.5.13.2 [RFC2252] 548 caseIgnoreOrderingMatch M 2.5.13.3 [RFC2252] 549 caseIgnoreSubstringsMatch M 2.5.13.4 [RFC2252] 550 certificateRevocationList A 2.5.4.39 [RFC2256] 551 certificationAuthority O 2.5.6.16 [RFC2256] 552 certificationAuthority-V2 O 2.5.6.16.2 [RFC2256] 553 CN A 2.5.4.3 [RFC2256] 554 cNAMERecord A 0.9.2342.19200300.100.1.31 [RFC1274] 555 co A 0.9.2342.19200300.100.1.43 [RFC1274] 556 commonName A 2.5.4.3 [RFC2256] 557 country O 2.5.6.2 [RFC2256] 558 countryName A 2.5.4.6 [RFC2256] 559 createTimestamp A 2.5.18.1 [RFC2252] 560 creatorsName A 2.5.18.3 [RFC2252] 561 cRLDistributionPoint O 2.5.6.19 [RFC2256] 562 crossCertificatePair A 2.5.4.40 [RFC2256] 563 DC A 0.9.2342.19200300.100.1.25 [RFC2247] 564 dcObject O 1.3.6.1.4.1.1466.344 [RFC2247] 565 deltaCRL O 2.5.6.23 [RFC2587] 566 deltaRevocationList A 2.5.4.53 [RFC2256] 567 description A 2.5.4.13 [RFC2256] 568 destinationIndicator A 2.5.4.27 [RFC2256] 569 device O 2.5.6.14 [RFC2256] 570 distinguishedName A 2.5.4.49 [RFC2256] 571 distinguishedNameMatch M 2.5.13.1 [RFC2252] 572 distinguishedNameTableEntry O 1.3.6.1.4.1.453.7.1.5 [RFC2293] 573 distinguishedNameTableKey A 1.3.6.1.4.1.453.7.2.3 [RFC2293] 574 dITContentRules A 2.5.21.2 [RFC2252] 575 dITRedirect A 0.9.2342.19200300.100.1.54 [RFC1274] 576 dITStructureRules A 2.5.21.1 [RFC2252] 577 dmd O 2.5.6.20 [RFC2256] 578 dmdName A 2.5.4.54 [RFC2256] 579 dnQualifier A 2.5.4.46 [RFC2256] 580 dNSDomain O 0.9.2342.19200300.100.4.15 [RFC1274] 581 document O 0.9.2342.19200300.100.4.6 [RFC1274] 582 documentAuthor A 0.9.2342.19200300.100.1.14 [RFC1274] 583 documentIdentifier A 0.9.2342.19200300.100.1.11 [RFC1274] 584 documentLocation A 0.9.2342.19200300.100.1.15 [RFC1274] 585 documentPublisher A 0.9.2342.19200300.100.1.56 [RFC1274] 586 documentSeries O 0.9.2342.19200300.100.4.8 [RFC1274] 587 documentTitle A 0.9.2342.19200300.100.1.12 [RFC1274] 588 documentVersion A 0.9.2342.19200300.100.1.13 [RFC1274] 589 domain O 0.9.2342.19200300.100.4.13 [RFC2247] 590 domainComponent A 0.9.2342.19200300.100.1.25 [RFC2247] 591 domainNameForm N 1.3.6.1.4.1.1466.345 [RFC2247] 592 domainRelatedObject O 0.9.2342.19200300.100.4.17 [RFC1274] 593 drink A 0.9.2342.19200300.100.1.5 [RFC1274] 594 dSA O 2.5.6.13 [RFC2256] 595 dSAQuality A 0.9.2342.19200300.100.1.49 [RFC1274] 596 dynamicObject O 1.3.6.1.4.1.1466.101.119.2 [RFC2589] 597 dynamicSubtrees A 1.3.6.1.4.1.1466.101.119.4 [RFC2589] 598 enhancedSearchGuide A 2.5.4.47 [RFC2256] 599 entryTtl A 1.3.6.1.4.1.1466.101.119.3 [RFC2589] 600 extensibleObject O 1.3.6.1.4.1.1466.101.120.111 [RFC2252] 601 facsimileTelephoneNumber A 2.5.4.23 [RFC2256] 602 favouriteDrink A 0.9.2342.19200300.100.1.5 [RFC1274] 603 friendlyCountry O 0.9.2342.19200300.100.4.18 [RFC1274] 604 friendlyCountryName A 0.9.2342.19200300.100.1.43 [RFC1274] 605 generalizedTimeMatch M 2.5.13.27 [RFC2252] 606 generalizedTimeOrderingMatch M 2.5.13.28 [RFC2252] 607 generationQualifier A 2.5.4.44 [RFC2256] 608 givenName A 2.5.4.42 [RFC2256] 609 GN A 2.5.4.42 [RFC2256] 610 groupOfNames O 2.5.6.9 [RFC2256] 611 groupOfUniqueNames O 2.5.6.17 [RFC2256] 612 homePhone A 0.9.2342.19200300.100.1.20 [RFC1274] 613 homePostalAddress A 0.9.2342.19200300.100.1.39 [RFC1274] 614 homeTelephone A 0.9.2342.19200300.100.1.20 [RFC1274] 615 host A 0.9.2342.19200300.100.1.9 [RFC1274] 616 houseIdentifier A 2.5.4.51 [RFC2256] 617 info A 0.9.2342.19200300.100.1.4 [RFC1274] 618 initials A 2.5.4.43 [RFC2256] 619 integerFirstComponentMatch M 2.5.13.29 [RFC2252] 620 integerMatch M 2.5.13.14 [RFC2252] 621 internationaliSDNNumber A 2.5.4.25 [RFC2256] 622 janetMailbox A 0.9.2342.19200300.100.1.46 [RFC1274] 623 jpegPhoto A 0.9.2342.19200300.100.1.60 [RFC1488] 624 knowledgeInformation A 2.5.4.2 [RFC2256] 625 L A 2.5.4.7 [RFC2256] 626 labeledURI A 1.3.6.1.4.1.250.1.57 [RFC2079] 627 labeledURIObject A 1.3.6.1.4.1.250.3.15 [RFC2079] 628 lastModifiedBy A 0.9.2342.19200300.100.1.24 [RFC1274] 629 lastModifiedTime A 0.9.2342.19200300.100.1.23 [RFC1274] 630 ldapSyntaxes A 1.3.6.1.4.1.1466.101.120.16 [RFC2251] 631 locality O 2.5.6.3 [RFC2256] 632 localityName A 2.5.4.7 [RFC2256] 633 mail A 0.9.2342.19200300.100.1.3 [RFC2798] 634 mailPreferenceOption A 0.9.2342.19200300.100.1.47 [RFC1274] 635 manager A 0.9.2342.19200300.100.1.10 [RFC1274] 636 matchingRules A 2.5.21.4 [RFC2252] 637 matchingRuleUse A 2.5.21.8 [RFC2252] 638 mcgamTables A 1.3.6.1.4.1.453.7.2.9 [RFC2164] 639 mDRecord A 0.9.2342.19200300.100.1.27 [RFC1274] 640 member A 2.5.4.31 [RFC2256] 641 mixerGateway O 1.3.6.1.4.1.453.7.1.4 [RFC2164] 642 mobile A 0.9.2342.19200300.100.1.41 [RFC1274] 643 mobileTelephoneNumber A 0.9.2342.19200300.100.1.41 [RFC1274] 644 modifiersName A 2.5.18.4 [RFC2252] 645 modifyTimestamp A 2.5.18.2 [RFC2252] 646 mXRecord A 0.9.2342.19200300.100.1.28 [RFC1274] 647 name A 2.5.4.41 [RFC2256] 648 nameForms A 2.5.21.7 [RFC2252] 649 namingContexts A 1.3.6.1.4.1.1466.101.120.5 [RFC2252] 650 nSRecord A 0.9.2342.19200300.100.1.29 [RFC1274] 651 numericStringMatch M 2.5.13.8 [RFC2252] 652 numericStringSubstringsMatch M 2.5.13.10 [RFC2252] 653 O A 2.5.4.10 [RFC2256] 654 objectClass A 2.5.4.0 [RFC2256] 655 objectClasses A 2.5.21.6 [RFC2252] 656 objectIdentifierFirstComponentMatch M 2.5.13.30 [RFC2252] 657 objectIdentifiersMatch M 2.5.13.0 [RFC2252] 658 octetStringMatch M 2.5.13.17 [RFC2252] 659 omittedORAddressComponent O 1.3.6.1.4.1.453.7.1.3 [RFC2164] 660 oRAddressComponentType A 1.3.6.1.4.1.453.7.2.7 [RFC2164] 661 organization O 2.5.6.4 [RFC2256] 662 organizationalPerson O 2.5.6.7 [RFC2256] 663 organizationalRole O 2.5.6.8 [RFC2256] 664 organizationalStatus A 0.9.2342.19200300.100.1.45 [RFC1274] 665 organizationalUnit O 2.5.6.5 [RFC2256] 666 organizationalUnitName A 2.5.4.11 [RFC2256] 667 organizationName A 2.5.4.10 [RFC2256] 668 otherMailbox A 0.9.2342.19200300.100.1.22 [RFC1274] 669 OU A 2.5.4.11 [RFC2256] 670 owner A 2.5.4.32 [RFC2256] 671 pager A 0.9.2342.19200300.100.1.42 [RFC1274] 672 pagerTelephoneNumber A 0.9.2342.19200300.100.1.42 [RFC1274] 673 person O 2.5.6.6 [RFC2256] 674 personalSignature A 0.9.2342.19200300.100.1.53 [RFC1274] 675 personalTitle A 0.9.2342.19200300.100.1.40 [RFC1274] 676 photo A 0.9.2342.19200300.100.1.7 [RFC1274] 677 physicalDeliveryOfficeName A 2.5.4.19 [RFC2256] 678 pilotDSA O 0.9.2342.19200300.100.4.21 [RFC1274] 679 pilotObject O 0.9.2342.19200300.100.4.3 [RFC1274] 680 pilotOrganization O 0.9.2342.19200300.100.4.20 [RFC1274] 681 pilotPerson O 0.9.2342.19200300.100.4.4 [RFC1274] 682 pkiCA O 2.5.6.22 [RFC2587] 683 pkiUser O 2.5.6.21 [RFC2587] 684 postalAddress A 2.5.4.16 [RFC2256] 685 postalCode A 2.5.4.17 [RFC2256] 686 postOfficeBox A 2.5.4.18 [RFC2256] 687 preferredDeliveryMethod A 2.5.4.28 [RFC2256] 688 presentationAddress A 2.5.4.29 [RFC2256] 689 presentationAddressMatch M 2.5.13.22 [RFC2252] 690 protocolInformation A 2.5.4.48 [RFC2256] 691 protocolInformationMatch M 2.5.13.24 [RFC2252] 692 qualityLabelledData O 0.9.2342.19200300.100.4.22 [RFC1274] 693 registeredAddress A 2.5.4.26 [RFC2256] 694 residentialPerson O 2.5.6.10 [RFC2256] 695 RFC822LocalPart O 0.9.2342.19200300.100.4.14 [RFC1274] 696 RFC822Mailbox A 0.9.2342.19200300.100.1.3 [RFC1274] 697 rFC822ToX400Mapping O 1.3.6.1.4.1.453.7.1.1 [RFC2164] 698 roleOccupant A 2.5.4.33 [RFC2256] 699 room O 0.9.2342.19200300.100.4.7 [RFC1274] 700 roomNumber A 0.9.2342.19200300.100.1.6 [RFC1274] 701 searchGuide A 2.5.4.14 [RFC2256] 702 secretary A 0.9.2342.19200300.100.1.21 [RFC1274] 703 seeAlso A 2.5.4.34 [RFC2256] 704 serialNumber A 2.5.4.5 [RFC2256] 705 simpleSecurityObject O 0.9.2342.19200300.100.4.19 [RFC1274] 706 singleLevelQuality A 0.9.2342.19200300.100.1.50 [RFC1274] 707 SN A 2.5.4.4 [RFC2256] 708 sOARecord A 0.9.2342.19200300.100.1.30 [RFC1274] 709 ST A 2.5.4.8 [RFC2256] 710 stateOrProvinceName A 2.5.4.8 [RFC2256] 711 street A 2.5.4.9 [RFC2256] 712 streetAddress A 2.5.4.9 [RFC2256] 713 strongAuthenticationUser O 2.5.6.15 [RFC2256] 714 subschema O 2.5.20.1 [RFC2252] 715 subschemaSubentry A 2.5.18.10 [RFC2252] 716 subtree O 1.3.6.1.4.1.453.7.1.1 [RFC2293] 717 subtreeMaximumQuality A 0.9.2342.19200300.100.1.52 [RFC1274] 718 subtreeMinimumQuality A 0.9.2342.19200300.100.1.51 [RFC1274] 719 supportedAlgorithms A 2.5.4.52 [RFC2256] 720 supportedApplicationContext A 2.5.4.30 [RFC2256] 721 supportedControl A 1.3.6.1.4.1.1466.101.120.13 [RFC2252] 722 supportedExtension A 1.3.6.1.4.1.1466.101.120.7 [RFC2252] 723 supportedLDAPVersion A 1.3.6.1.4.1.1466.101.120.15 [RFC2252] 724 supportedSASLMechanisms A 1.3.6.1.4.1.1466.101.120.14 [RFC2252] 725 surname A 2.5.4.4 [RFC2256] 726 table O 1.3.6.1.4.1.453.7.1.2 [RFC2293] 727 tableEntry O 1.3.6.1.4.1.453.7.1.3 [RFC2293] 728 telephoneNumber A 2.5.4.20 [RFC2256] 729 telephoneNumberMatch M 2.5.13.20 [RFC2252] 730 telephoneNumberSubstringsMatch M 2.5.13.21 [RFC2252] 731 teletexTerminalIdentifier A 2.5.4.22 [RFC2256] 732 telexNumber A 2.5.4.21 [RFC2256] 733 textEncodedORAddress A 0.9.2342.19200300.100.1.2 [RFC1274] 734 textTableEntry O 1.3.6.1.4.1.453.7.1.4 [RFC2293] 735 textTableKey A 1.3.6.1.4.1.453.7.2.1 [RFC2293] 736 textTableValue A 1.3.6.1.4.1.453.7.2.2 [RFC2293] 737 title A 2.5.4.12 [RFC2256] 738 top O 2.5.6.0 [RFC2256] 739 uid A 0.9.2342.19200300.100.1.1 [RFC2253] 740 uniqueIdentifier A 0.9.2342.19200300.100.1.44 [RFC1274] 741 uniqueMember A 2.5.4.50 [RFC2256] 742 uniqueMemberMatch M 2.5.13.23 [RFC2252] 743 userCertificate A 2.5.4.36 [RFC2256] 744 userClass A 0.9.2342.19200300.100.1.8 [RFC1274] 745 userId A 0.9.2342.19200300.100.1.1 [RFC1274] 746 userPassword A 2.5.4.35 [RFC2256] 747 userSecurityInformation O 2.5.6.18 [RFC2256] 748 x121Address A 2.5.4.24 [RFC2256] 749 x400ToRFC822Mapping O 1.3.6.1.4.1.453.7.1.2 [RFC2164] 750 x500UniqueIdentifier A 2.5.4.45 [RFC2256] 752 Legend 753 ------------------------ 754 A => Attribute Type 755 C => DIT Content Rule 756 E => LDAP URL Extension 757 M => Matching Rule 758 N => Name Form 759 O => Object Class 761 B.3. Attribute Description Options 763 Option Owner Reference 764 ---------------- ----- --------- 765 binary IESG [RFC2251] 766 lang-* IESG [RFC2596] 768 * family of options 770 B.4. LDAPMessage types 772 Name Code Owner Reference 773 --------------------------- ---- ----- --------- 774 bindRequest 0 IESG [RFC2251] 775 bindResponse 1 IESG [RFC2251] 776 unbindRequest 2 IESG [RFC2251] 777 searchRequest 3 IESG [RFC2251] 778 searchResEntry 4 IESG [RFC2251] 779 searchResDone 5 IESG [RFC2251] 780 modifyRequest 6 IESG [RFC2251] 781 modifyResponse 7 IESG [RFC2251] 782 addRequest 8 IESG [RFC2251] 783 addResponse 9 IESG [RFC2251] 784 delRequest 10 IESG [RFC2251] 785 delResponse 11 IESG [RFC2251] 786 modDNRequest 12 IESG [RFC2251] 787 modDNResponse 13 IESG [RFC2251] 788 compareRequest 14 IESG [RFC2251] 789 compareResponse 15 IESG [RFC2251] 790 abandonRequest 16 IESG [RFC2251] 791 reserved 17-18 IESG 792 searchResRef 19 IESG [RFC2251] 793 reserved 20-22 IESG 794 extendedReq 23 IESG [RFC2251] 795 extendedResp 24 IESG [RFC2251] 797 B.5. resultCode values 799 Name Code Owner Reference 800 --------------------------- ---- ----- --------- 801 success 0 IESG [RFC2251] 802 operationsError 1 IESG [RFC2251] 803 protocolError 2 IESG [RFC2251] 804 timeLimitExceeded 3 IESG [RFC2251] 805 sizeLimitExceeded 4 IESG [RFC2251] 806 compareFalse 5 IESG [RFC2251] 807 compareTrue 6 IESG [RFC2251] 808 authMethodNotSupported 7 IESG [RFC2251] 809 strongAuthRequired 8 IESG [RFC2251] 810 reserved (partialResults) 9 IESG [RFC2251] 811 referral 10 IESG [RFC2251] 812 adminLimitExceeded 11 IESG [RFC2251] 813 unavailableCriticalExtension 12 IESG [RFC2251] 814 confidentialityRequired 13 IESG [RFC2251] 815 saslBindInProgress 14 IESG [RFC2251] 816 noSuchAttribute 16 IESG [RFC2251] 817 undefinedAttributeType 17 IESG [RFC2251] 818 inappropriateMatching 18 IESG [RFC2251] 819 constraintViolation 19 IESG [RFC2251] 820 attributeOrValueExists 20 IESG [RFC2251] 821 invalidAttributeSyntax 21 IESG [RFC2251] 822 noSuchObject 32 IESG [RFC2251] 823 aliasProblem 33 IESG [RFC2251] 824 invalidDNSyntax 34 IESG [RFC2251] 825 reserved (isLeaf) 35 IESG [RFC2251] 826 aliasDereferencingProblem 36 IESG [RFC2251] 827 reserved 37-47 IESG 828 inappropriateAuthentication 48 IESG [RFC2251] 829 invalidCredentials 49 IESG [RFC2251] 830 insufficientAccessRights 50 IESG [RFC2251] 831 busy 51 IESG [RFC2251] 832 unavailable 52 IESG [RFC2251] 833 unwillingToPerform 53 IESG [RFC2251] 834 loopDetect 54 IESG [RFC2251] 835 reserved 55-63 IESG 836 namingViolation 64 IESG [RFC2251] 837 objectClassViolation 65 IESG [RFC2251] 838 notAllowedOnNonLeaf 66 IESG [RFC2251] 839 notAllowedOnRDN 67 IESG [RFC2251] 840 entryAlreadyExists 68 IESG [RFC2251] 841 objectClassModsProhibited 69 IESG [RFC2251] 842 reserved (resultsTooLarge) 70 IESG [RFC2251] 843 reserved 71-79 IESG 844 other 80 IESG [RFC2251] 845 reserved (APIs) 81-90 IESG [RFC2251] 847 B.6. Bind Authentication Method 849 Method Value Owner Usage Reference 850 ------ ----- ----- ----------- ----------------- 851 simple 0 IESG LIMITED USE [RFC2251,RFC2829] 852 krbv42LDAP 1 IESG OBSOLETE* [RFC1777] 853 krbv42DSA 2 IESG OBSOLETE* [RFC1777] 854 sasl 3 IESG COMMON [RFC2251,RFC2829] 856 * These LDAPv2-only mechanisms were deprecated in favor LDAPv3 SASL 857 authentication method, specifically the GSSAPI mechanism. 859 Copyright 2001, The Internet Society. All Rights Reserved. 861 This document and translations of it may be copied and furnished to 862 others, and derivative works that comment on or otherwise explain it 863 or assist in its implementation may be prepared, copied, published and 864 distributed, in whole or in part, without restriction of any kind, 865 provided that the above copyright notice and this paragraph are 866 included on all such copies and derivative works. However, this 867 document itself may not be modified in any way, such as by removing 868 the copyright notice or references to the Internet Society or other 869 Internet organizations, except as needed for the purpose of 870 developing Internet standards in which case the procedures for 871 copyrights defined in the Internet Standards process must be followed, 872 or as required to translate it into languages other than English. 874 The limited permissions granted above are perpetual and will not be 875 revoked by the Internet Society or its successors or assigns. 877 This document and the information contained herein is provided on an 878 "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE INTERNET 879 ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, 880 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 881 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 882 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.