idnits 2.17.1 draft-ietf-ldapbis-iana-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. ** The document is more than 15 pages and seems to lack a Table of Contents. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 5 instances of too long lines in the document, the longest one being 2 characters in excess of 72. == There are 122 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 912 has weird spacing: '...for the purpo...' == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (12 May 2002) is 8019 days in the past. Is this intentional? Checking references for intended status: Best Current Practice ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'REF' is mentioned on line 555, but not defined == Missing Reference: 'RFC1274' is mentioned on line 788, but not defined ** Obsolete undefined reference: RFC 1274 (Obsoleted by RFC 4524) == Missing Reference: 'RFC2164' is mentioned on line 792, but not defined == Missing Reference: 'RFC2739' is mentioned on line 586, but not defined == Missing Reference: 'RFC2247' is mentioned on line 634, but not defined == Missing Reference: 'RFC2587' is mentioned on line 726, but not defined ** Obsolete undefined reference: RFC 2587 (Obsoleted by RFC 4523) == Missing Reference: 'RFC2293' is mentioned on line 779, but not defined == Missing Reference: 'RFC2589' is mentioned on line 642, but not defined == Missing Reference: 'RFC1488' is mentioned on line 666, but not defined ** Obsolete undefined reference: RFC 1488 (Obsoleted by RFC 1778) == Missing Reference: 'RFC2079' is mentioned on line 670, but not defined == Missing Reference: 'RFC2798' is mentioned on line 676, but not defined == Missing Reference: 'RFC2253' is mentioned on line 782, but not defined ** Obsolete undefined reference: RFC 2253 (Obsoleted by RFC 4510, RFC 4514) == Missing Reference: 'RFC2596' is mentioned on line 809, but not defined ** Obsolete undefined reference: RFC 2596 (Obsoleted by RFC 3866) == Missing Reference: 'RFC2829' is mentioned on line 897, but not defined ** Obsolete undefined reference: RFC 2829 (Obsoleted by RFC 4510, RFC 4513) == Missing Reference: 'RFC1777' is mentioned on line 896, but not defined ** Obsolete undefined reference: RFC 1777 (Obsoleted by RFC 3494) ** Downref: Normative reference to an Historic RFC: RFC 1157 ** Obsolete normative reference: RFC 2234 (Obsoleted by RFC 4234) ** Obsolete normative reference: RFC 2251 (Obsoleted by RFC 4510, RFC 4511, RFC 4512, RFC 4513) ** Obsolete normative reference: RFC 2252 (Obsoleted by RFC 4510, RFC 4512, RFC 4517, RFC 4523) ** Obsolete normative reference: RFC 2255 (Obsoleted by RFC 4510, RFC 4516) ** Obsolete normative reference: RFC 2256 (Obsoleted by RFC 4510, RFC 4512, RFC 4517, RFC 4519, RFC 4523) ** Obsolete normative reference: RFC 2279 (Obsoleted by RFC 3629) ** Obsolete normative reference: RFC 2434 (Obsoleted by RFC 5226) -- No information found for draft-ietf-ldapbis-ldapv3-ts-xx - is the name correct? -- Possible downref: Normative reference to a draft: ref. 'LDAPTS' -- Possible downref: Non-RFC (?) normative reference: ref. 'IANADSN' -- Possible downref: Non-RFC (?) normative reference: ref. 'ISO10646' -- Obsolete informational reference (is this intentional?): RFC 1779 (Obsoleted by RFC 2253, RFC 3494) -- Obsolete informational reference (is this intentional?): RFC 2222 (Obsoleted by RFC 4422, RFC 4752) Summary: 21 errors (**), 0 flaws (~~), 18 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT Kurt D. Zeilenga 3 Intended Category: BCP OpenLDAP Foundation 4 Expires in six months 12 May 2002 6 IANA Considerations for LDAP 7 9 Status of Memo 11 This document is an Internet-Draft and is in full conformance with all 12 provisions of Section 10 of RFC2026. 14 This document is intended to be, after appropriate review and 15 revision, submitted to the RFC Editor as a Best Current Practice 16 document. Distribution of this memo is unlimited. Technical 17 discussion of this document will take place on the IETF LDAP Revision 18 Working Group (LDAPbis) mailing list . 19 Please send editorial comments directly to the document editor 20 . 22 Internet-Drafts are working documents of the Internet Engineering Task 23 Force (IETF), its areas, and its working groups. Note that other 24 groups may also distribute working documents as Internet-Drafts. 25 Internet-Drafts are draft documents valid for a maximum of six months 26 and may be updated, replaced, or obsoleted by other documents at any 27 time. It is inappropriate to use Internet-Drafts as reference 28 material or to cite them other than as ``work in progress.'' 30 The list of current Internet-Drafts can be accessed at 31 . The list of 32 Internet-Draft Shadow Directories can be accessed at 33 . 35 Copyright 2002, The Internet Society. All Rights Reserved. 37 Please see the Copyright section near the end of this document for 38 more information. 40 Abstract 42 This document provides procedures for registering extensible elements 43 of LDAP (Lightweight Directory Access Protocol). The document also 44 provides guidelines to IANA (Internet Assigned Numbers Authority) 45 describing conditions under which new values can be assigned. 47 1. Introduction 49 The Lightweight Directory Access Protocol [LDAPTS] (LDAP) is an 50 extensible protocol. LDAP supports: 51 - addition of new operations, 52 - extension of existing operations, and 53 - extensible schema. 55 This document details procedures for registering values of used to 56 unambiguously identify extensible elements of the protocol including: 57 - LDAP message types, 58 - LDAP result codes, 59 - LDAP authentication methods, 60 - LDAP attribute description options, and 61 - Object Identifier descriptors. 63 These registries are maintained by the Internet Assigned Numbers 64 Authority (IANA). 66 In addition, this document provides guidelines to IANA describing the 67 conditions under which new values can be assigned. 69 2. Terminology and Conventions 71 This section details terms and conventions used in this document. 73 2.1. Policy Terminology 75 The terms "IESG Approval", "Standards Action", "IETF Consensus", 76 "Specification Required", "First Come First Served", "Expert Review", 77 and "Private Use" are used as defined in BCP 26 [RFC2434]. 79 2.2. Requirement Terminology 81 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 82 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 83 document are to be interpreted as described in BCP 14 [RFC2119]. In 84 this case, "the specification" as used by BCP 14 refers to the 85 processing of protocols being submitted to the IETF standards process. 87 2.3. Common ABNF Productions 89 A number of syntaxes in this document are described using ABNF 90 [RFC2234]. These syntaxes rely on the following common productions: 92 ALPHA = %x41-5A / %x61-7A ; A-Z / a-z 94 LDIGIT = %x31-39 ; 1-9 96 DIGIT = %x30 / LDIGIT ; 0-9 98 HYPHEN = %x2D ; "-" 100 DOT = %x2E ; "." 102 number = DIGIT / ( LDIGIT 1*DIGIT ) 104 keychar = ALPHA / DIGIT / HYPHEN 106 leadkeychar = ALPHA 108 keystring = leadkeychar *keychar 110 A keyword is a case-insensitive string of UTF-8 [RFC2279] encoded 111 characters from the Universal Character Set (UCS) [ISO10646] 112 restricted to the production. 114 3. IANA Considerations for LDAP 116 This section details each kind of protocol value which can be 117 registered and provides IANA guidelines on how to assign new values. 119 3.1. Object Identifiers 121 Numerous LDAP schema and protocol elements are identified by Object 122 Identifiers. Specifications which assign OID to elements SHOULD state 123 who delegated the OIDs for its use. 125 For IETF developed elements, OIDs under "Internet Directory Numbers" 126 (1.3.6.1.1.x) SHOULD be used. IANA will assign numbers under this OID 127 arc upon Expert Review with Specification Required. Only one OID per 128 specification SHOULD be assigned. The specification MAY then assign 129 any number of OIDs within this arc without further coordination with 130 IANA. 132 For elements developed by others, any properly delegated OID can be 133 used, including those under "Internet Private Enterprise Numbers" 134 (1.3.6.1.4.1.x) assigned by IANA 135 . 137 To avoid interoperability problems between early implementors of 138 ''works in progress'' and implementors of the published specification 139 (e.g., the RFC), experimental OIDs SHOULD be used in ''works in 140 progress''. Experimental OIDs MUST replaced before publication. 141 OIDs under the Internet Experimental OID arc (1.3.6.1.3.x) may be used 142 for this purpose. 144 Practices for IANA assignment of Internet Enterprise and Experimental 145 OIDs are detailed in STD15 [RFC1157]. 147 3.2. Object Identifier Descriptors 149 LDAP allows short descriptive names (or descriptors) to be used 150 instead of a numeric Object Identifier to identify protocol extensions 151 [RFC2251], schema elements [RFC2252], LDAP URL [RFC2255] extensions, 152 and other objects. Descriptors SHALL be restricted to strings of 153 UTF-8 encoded UCS characters restricted by the following ABNF: 155 name = keystring 157 Descriptors are case-insensitive. 159 Multiple names MAY be assigned to a given OID. For purposes of 160 registration, an OID SHALL be represented in numeric OID form 161 conforming to the ABNF: 163 numericoid = number *( DOT number ) ; e.g. 1.1.0.23.40 165 While the protocol places no maximum length restriction upon 166 descriptors, they SHOULD be short. Descriptors longer than 48 167 characters MAY be viewed as too long to register. IANA MAY reject 168 obviously bogus registrations. 170 Descriptors beginning with "x-" are for Private Use and SHALL NOT be 171 registered. 173 Descriptors beginning with "e-" are reserved for experiments. IANA 174 SHALL register any descriptor beginning with "e-" on a First Come 175 First Served basis. 177 Expert Review is REQUIRED before accepting registration of all other 178 descriptors. 180 IANA SHALL NOT verify the registrant "owns" the OID being named. 182 The OID namespace is managed by The ISO/IEC Joint Technical Committee 183 1 - Subcommittee 6. 185 3.3. AttributeDescription Options 187 An AttributeDescription [RFC2251, Section 4.1.5] can contain zero or 188 more options specifying additional semantics. An option SHALL be 189 restricted to a string UTF-8 encoded UCS characters limited by the 190 following ABNF: 192 option = keystring 194 Options are case-insensitive. 196 While the protocol places no maximum length restriction upon option 197 strings, they SHOULD be short. Options longer than 24 characters MAY 198 be viewed as too long to register. IANA MAY reject obviously bogus 199 registrations. 201 Values ending with a hyphen ("-") reserve all option names which start 202 with the name. For example, the registration of the option 203 "optionFamily-" reserves all options which start with "optionFamily-" 204 for some related purpose. 206 Options beginning with "x-" are for Private Use and SHALL NOT 207 registered. 209 Options beginning with "e-" are reserved for experiments. IANA SHALL 210 register any option beginning with "e-" on a First Come First Served 211 basis. 213 IANA SHALL register other options by either Standards Action or Expert 214 Review with Specification Required. 216 3.4. LDAP Message Types 218 Each protocol message is encapsulated in an LDAPMessage envelope 219 [RFC2251, Section 4.1.1]. The protocolOp CHOICE indicates the type of 220 message encapsulated. Each message type consists of a keyword and a 221 non-negative choice number is combined with the class (APPLICATION) 222 and data type (CONSTRUCTED or PRIMITIVE) to construct the BER tag in 223 the message's encoding. The choice numbers for existing protocol 224 messages are implicit in the protocol's ASN.1 defined in [RFC2251]. 226 New values SHALL only be registered by Standards Track action. 228 Note: LDAP provides extensible messages which reduces, but does not 229 eliminate, the need to add new message types. 231 3.5. LDAP Result Codes 233 LDAP result messages carry an resultCode enumerated value to indicate 234 the outcome of the operation [RFC2251, Section 4.1.10]. Each result 235 code consists of a keyword and a non-negative integer. 237 IANA SHALL register new resultCode integers in the range 0-1023 upon 238 Standards Action, in the range 1024-4095 with Expert Review with 239 Specification Required, and in the range 4096-16383 on a First Come 240 First Served basis. Keywords associated with integers in the range 241 0-4095 SHALL NOT start with "e-" or "x-". Keywords associated with 242 integers in the range 4096-16383 SHALL start with "e-". Values 243 greater than or equal to 16384 and keywords starting with "x-" are for 244 Private Use and SHALL NOT be registered. 246 IANA MAY reject obviously bogus registrations. 248 3.6. LDAP Authentication Method 250 The LDAP Bind operation supports multiple authentication methods 251 [RFC2251, Section 4.2]. Each authentication choice consists of a 252 keyword and a non-negative integer. 254 Authentication methods usage SHALL be classified using one of the 255 following terms: 257 COMMON - method is appropriate for common use on the Internet, 258 LIMITED USE - method is appropriate for limited use, 259 OBSOLETE - method has been deprecated or otherwise found to be 260 inappropriate for any use. 262 IANA SHALL NOT register new OBSOLETE authentication methods. Methods 263 without publicly available specifications SHALL NOT be classified as 264 COMMON. IANA MAY reject obviously bogus registrations. 266 IANA SHALL register new authentication method integers in the range 267 0-1023 upon Standards Action, in the range 1024-4095 with Expert 268 Review with Specification Required, and in the range 4096-16383 on a 269 First Come First Served basis. Keywords associated with integers in 270 the range 0-4095 SHALL NOT start with "e-" or "x-". Keywords 271 associated with integers in the range 4096-16383 SHALL start with 272 "e-". Values greater than or equal to 16384 and keywords starting 273 with "x-" are for Private Use and SHALL NOT be registered. 275 Note: LDAP supports SASL [RFC2222] as an Authentication CHOICE. SASL 276 is an extensible LDAP authentication method. 278 3.7. Directory Systems Names 280 The IANA-maintained "Directory Systems Names" registry [IANADSN] of 281 valid keywords for well known attributes used in the LDAPv2 string 282 representation of a distinguished name [RFC1779]. RFC 1779 was 283 obsoleted by RFC 2253. 285 Directory systems names are not known to be used in any other context. 286 LDAPv3 uses Object Identifier Descriptors [Section 3.2] (which have a 287 different syntax than directory system names). 289 IANA SHALL NOT register new Directory System Names. For historical 290 purposes, the current list of registered names SHOULD remain 291 available. 293 4. Registration Procedure 295 The procedure given here MUST be used by anyone who wishes to use a 296 new value of a type described in Section 3 of this document. 298 The first step is for the requester to fill out the appropriate form. 299 Templates are provided in Appendix A. 301 If the policy is Standards Action, the completed form SHOULD be 302 provided to the IESG with the request for Standards Action. Upon 303 approval of the Standards Action, the IESG SHALL forward the request 304 (possibly revised) to IANA. The IESG SHALL be viewed as the owner of 305 all values requiring Standards Action. 307 If the policy is Expert Review, the requester SHALL post the completed 308 form to the mailing list for public review. 309 The review period is two (2) weeks. If a revised form is later 310 submitted, the review period is restarted. Anyone may subscribe to 311 this list by sending a request to . 312 During the review, objections may be raised by anyone (including the 313 Expert) on the list. After completion of the review, the Expert, 314 based upon public comments, SHALL either approve the request and 315 forward it to the IESG OR deny the request. In either case, the 316 Expert SHALL promptly notify the requester of the action . Actions of 317 the Expert may be appealed [RFC2026]. The Expert is appointed by 318 Applications Area Director(s). The requester is viewed as the owner 319 of values registered under Expert Review. 321 If the policy is First Come First Served, the requester SHALL submit 322 the completed form directly to the IANA . The 323 requester is viewed as the owner of values registered under First Come 324 First Served. 326 Neither the Expert nor IANA will take position on the claims of 327 copyright or trademarks issues regarding completed forms. 329 5. Registration Maintenance 331 This section discusses maintenance of registrations. 333 5.1. Lists of Registered Values 335 IANA makes lists of registered values readily available to the 336 Internet community on their web site . 338 5.2. Change Control 340 The registration owner MAY update the registration subject to the same 341 constraints and review as with new registrations. In cases where the 342 owner is not unable or unwilling to make necessary updates, the IESG 343 MAY assert ownership in order to update the registration. 345 5.3. Comments 347 For cases where others (anyone other than the owner) have significant 348 objections to the claims in a registration and the owner does not 349 agree to change the registration, comments MAY be attached to a 350 registration upon Expert Review. For registrations owned by the IESG, 351 the objections SHOULD be addressed by initiating a request for Expert 352 Review. 354 The request form to these requests is ad hoc, but MUST include the 355 specific objections to be reviewed and SHOULD contain (directly or by 356 reference) materials supporting the objections. 358 6. Security Considerations 360 The security considerations detailed in [RFC2434] are generally 361 applicable to this document. Additional security considerations 362 specific to each namespace are discussed in Section 3 where 363 appropriate. 365 Security considerations for LDAP are discussed in documents comprising 366 the technical specification [LDAPTS]. 368 7. Acknowledgment 370 This document is a product of the IETF LDAP Revision (LDAPbis) Working 371 Group. Some text was borrowed from "Guidelines for Writing an IANA 372 Considerations Section in RFCs" [RFC2434] by Thomas Narten and Harald 373 Alvestrand. 375 8. Author's Address 377 Kurt D. Zeilenga 378 OpenLDAP Foundation 380 Email: Kurt@OpenLDAP.org 382 9. Normative References 384 [RFC1157] J. Case, M. Fedor, M. Schoffstall, J. Davin, "A Simple 385 Network Management Protocol (SNMP)", STD 15 (also RFC 386 1157), May 1990. 388 [RFC2026] S. Bradner, "The Internet Standards Process -- Revision 3", 389 BCP 9 (also RFC 2026), October 1996. 391 [RFC2119] S. Bradner, "Key words for use in RFCs to Indicate 392 Requirement Levels", BCP 14 (also RFC 2119), March 1997. 394 [RFC2234] D. Crocker, P. Overell, "Augmented BNF for Syntax 395 Specifications: ABNF", RFC 2234, November 1997. 397 [RFC2251] M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access 398 Protocol (v3)", RFC 2251, December 1997. 400 [RFC2252] M. Wahl, A. Coulbeck, T. Howes, S. Kille, "Lightweight 401 Directory Access Protocol (v3): Attribute Syntax 402 Definitions", RFC 2252, December 1997. 404 [RFC2255] T. Howes, M. Smith, "The LDAP URL Format", RFC 2255, 405 December, 1997. 407 [RFC2256] M. Wahl, "A Summary of the X.500(96) User Schema for use 408 with LDAPv3", RFC 2256, December 1997. 410 [RFC2279] F. Yergeau, "UTF-8, a transformation format of ISO 10646", 411 RFC 2279, January 1998. 413 [RFC2434] T. Narten, H. Alvestrand, "Guidelines for Writing an IANA 414 Considerations Section in RFCs", BCP 26 (also RFC 2434), 415 October 1998. 417 [LDAPTS] J. Hodges, R.L. Morgan, "Lightweight Directory Access 418 Protocol (v3): Technical Specification", 419 draft-ietf-ldapbis-ldapv3-ts-xx.txt (a work in progress). 421 [IANADSN] IANA, "Directory Systems Names", 422 http://www.iana.org/assignments/directory-system-names. 424 [ISO10646] Universal Multiple-Octet Coded Character Set (UCS) - 425 Architecture and Basic Multilingual Plane, ISO/IEC 10646-1 426 : 1993. 428 10. Informative References 430 [RFC1779] S. Kille, "A String Representation of Distinguished Names", 431 RFC 1779, March 1995. 433 [RFC2222] J. Myers, "Simple Authentication and Security Layer 434 (SASL)", RFC 2222, October 1997. 436 Appendix A. Registration Templates 438 This appendix provides registration templates for registering new LDAP 439 values. 441 A.1. LDAP Object Identifier Registration Template 443 Subject: Request for LDAP OID Registration 445 Person & email address to contact for further information: 447 Specification: (I-D) 449 Author/Change Controller: 451 Comments: 453 (Any comments that the requester deems relevant to the request) 455 A.2. LDAP Descriptor Registration Template 457 Subject: Request for LDAP Descriptor Registration 458 Descriptor (short name): 460 Object Identifier: 462 Person & email address to contact for further information: 464 Usage: (One of attribute type, URL extension, 465 object class, or other) 467 Specification: (RFC, I-D, URI) 469 Author/Change Controller: 471 Comments: 473 (Any comments that the requester deems relevant to the request) 475 A.3. LDAP Attribute Description Option Registration Template 477 Subject: Request for LDAP Attribute Description Option Registration 479 Option Name: 481 Family of Options: (YES or NO) 483 Person & email address to contact for further information: 485 Specification: (RFC, I-D, URI) 487 Author/Change Controller: 489 Comments: 491 (Any comments that the requester deems relevant to the request) 493 A.4. LDAP Message Type Registration Template 495 Subject: Request for LDAP Message Type Registration 497 LDAP Message Name: 499 Person & email address to contact for further information: 501 Specification: (Approved I-D) 503 Comments: 505 (Any comments that the requester deems relevant to the request) 507 A.5. LDAP Result Code Registration Template 509 Subject: Request for LDAP Result Code Registration 511 Result Code Name: 513 Person & email address to contact for further information: 515 Specification: (RFC, I-D, URI) 517 Author/Change Controller: 519 Comments: 521 (Any comments that the requester deems relevant to the request) 523 A.6. LDAP Authentication Method Registration Template 525 Subject: Request for LDAP Authentication Method Registration 527 Authentication Method Name: 529 Person & email address to contact for further information: 531 Specification: (RFC, I-D, URI) 533 Intended Usage: (One of COMMON, LIMITED-USE, OBSOLETE) 535 Author/Change Controller: 537 Comments: 539 (Any comments that the requester deems relevant to the request) 541 Appendix B. Assigned Values 543 The following values are currently assigned. 545 B.1. Object Identifiers 547 Currently registered "Internet Private Enterprise Numbers" can be 548 found at . 550 Currently registered "Internet Directory Numbers" can be found at 551 . 553 B.2. Object Identifier Descriptors 555 NAME Type OID [REF] 556 ------------------------ ---- ----------------- 557 account O 0.9.2342.19200300.100.4.5 [RFC1274] 558 alias O 2.5.6.1 [RFC2256] 559 aliasedEntryName A 2.5.4.1 [X.501] 560 aliasedObjectName A 2.5.4.1 [RFC2256] 561 altServer A 1.3.6.1.4.1.1466.101.120.6 [RFC2252] 562 applicationEntity O 2.5.6.12 [RFC2256] 563 applicationProcess O 2.5.6.11 [RFC2256] 564 aRecord A 0.9.2342.19200300.100.1.26 [RFC1274] 565 associatedDomain A 0.9.2342.19200300.100.1.37 [RFC2164] 566 associatedInternetGateway A 1.3.6.1.4.1.453.7.2.8 [RFC2164] 567 associatedName A 0.9.2342.19200300.100.1.38 [RFC1274] 568 associatedORAddress A 1.3.6.1.4.1.453.7.2.6 [RFC2164] 569 associatedX400Gateway A 1.3.6.1.4.1.453.7.2.3 [RFC2164] 570 attributeTypes A 2.5.21.5 [RFC2252] 571 audio A 0.9.2342.19200300.100.1.55 [RFC1274] 572 authorityRevocationList A 2.5.4.38 [RFC2256] 573 bitStringMatch M 2.5.13.16 [RFC2252] 574 buildingName A 0.9.2342.19200300.100.1.48 [RFC1274] 575 businessCategory A 2.5.4.15 [RFC2256] 576 C A 2.5.4.6 [RFC2256] 577 cACertificate A 2.5.4.37 [RFC2256] 578 calCalAdrURI A 1.2.840.113556.1.4.481 [RFC2739] 579 calCalURI A 1.2.840.113556.1.4.478 [RFC2739] 580 calCAPURI A 1.2.840.113556.1.4.480 [RFC2739] 581 calEntry O 1.2.840.113556.1.5.87 [RFC2739] 582 calFBURL A 1.2.840.113556.1.4.479 [RFC2739] 583 calOtherCalAdrURIs A 1.2.840.113556.1.4.485 [RFC2739] 584 calOtherCalURIs A 1.2.840.113556.1.4.482 [RFC2739] 585 calOtherCAPURIs A 1.2.840.113556.1.4.484 [RFC2739] 586 calOtherFBURLs A 1.2.840.113556.1.4.483 [RFC2739] 587 caseExactIA5Match M 1.3.6.1.4.1.1466.109.114.1 [RFC2252] 588 caseIgnoreIA5Match M 1.3.6.1.4.1.1466.109.114.2 [RFC2252] 589 caseIgnoreListMatch M 2.5.13.11 [RFC2252] 590 caseIgnoreMatch M 2.5.13.2 [RFC2252] 591 caseIgnoreOrderingMatch M 2.5.13.3 [RFC2252] 592 caseIgnoreSubstringsMatch M 2.5.13.4 [RFC2252] 593 certificateRevocationList A 2.5.4.39 [RFC2256] 594 certificationAuthority O 2.5.6.16 [RFC2256] 595 certificationAuthority-V2 O 2.5.6.16.2 [RFC2256] 596 CN A 2.5.4.3 [RFC2256] 597 cNAMERecord A 0.9.2342.19200300.100.1.31 [RFC1274] 598 co A 0.9.2342.19200300.100.1.43 [RFC1274] 599 commonName A 2.5.4.3 [RFC2256] 600 country O 2.5.6.2 [RFC2256] 601 countryName A 2.5.4.6 [RFC2256] 602 createTimestamp A 2.5.18.1 [RFC2252] 603 creatorsName A 2.5.18.3 [RFC2252] 604 cRLDistributionPoint O 2.5.6.19 [RFC2256] 605 crossCertificatePair A 2.5.4.40 [RFC2256] 606 DC A 0.9.2342.19200300.100.1.25 [RFC2247] 607 dcObject O 1.3.6.1.4.1.1466.344 [RFC2247] 608 deltaCRL O 2.5.6.23 [RFC2587] 609 deltaRevocationList A 2.5.4.53 [RFC2256] 610 description A 2.5.4.13 [RFC2256] 611 destinationIndicator A 2.5.4.27 [RFC2256] 612 device O 2.5.6.14 [RFC2256] 613 distinguishedName A 2.5.4.49 [RFC2256] 614 distinguishedNameMatch M 2.5.13.1 [RFC2252] 615 distinguishedNameTableEntry O 1.3.6.1.4.1.453.7.1.5 [RFC2293] 616 distinguishedNameTableKey A 1.3.6.1.4.1.453.7.2.3 [RFC2293] 617 dITContentRules A 2.5.21.2 [RFC2252] 618 dITRedirect A 0.9.2342.19200300.100.1.54 [RFC1274] 619 dITStructureRules A 2.5.21.1 [RFC2252] 620 dmd O 2.5.6.20 [RFC2256] 621 dmdName A 2.5.4.54 [RFC2256] 622 dnQualifier A 2.5.4.46 [RFC2256] 623 dNSDomain O 0.9.2342.19200300.100.4.15 [RFC1274] 624 document O 0.9.2342.19200300.100.4.6 [RFC1274] 625 documentAuthor A 0.9.2342.19200300.100.1.14 [RFC1274] 626 documentIdentifier A 0.9.2342.19200300.100.1.11 [RFC1274] 627 documentLocation A 0.9.2342.19200300.100.1.15 [RFC1274] 628 documentPublisher A 0.9.2342.19200300.100.1.56 [RFC1274] 629 documentSeries O 0.9.2342.19200300.100.4.8 [RFC1274] 630 documentTitle A 0.9.2342.19200300.100.1.12 [RFC1274] 631 documentVersion A 0.9.2342.19200300.100.1.13 [RFC1274] 632 domain O 0.9.2342.19200300.100.4.13 [RFC2247] 633 domainComponent A 0.9.2342.19200300.100.1.25 [RFC2247] 634 domainNameForm N 1.3.6.1.4.1.1466.345 [RFC2247] 635 domainRelatedObject O 0.9.2342.19200300.100.4.17 [RFC1274] 636 drink A 0.9.2342.19200300.100.1.5 [RFC1274] 637 dSA O 2.5.6.13 [RFC2256] 638 dSAQuality A 0.9.2342.19200300.100.1.49 [RFC1274] 639 dynamicObject O 1.3.6.1.4.1.1466.101.119.2 [RFC2589] 640 dynamicSubtrees A 1.3.6.1.4.1.1466.101.119.4 [RFC2589] 641 enhancedSearchGuide A 2.5.4.47 [RFC2256] 642 entryTtl A 1.3.6.1.4.1.1466.101.119.3 [RFC2589] 643 extensibleObject O 1.3.6.1.4.1.1466.101.120.111 [RFC2252] 644 facsimileTelephoneNumber A 2.5.4.23 [RFC2256] 645 favouriteDrink A 0.9.2342.19200300.100.1.5 [RFC1274] 646 friendlyCountry O 0.9.2342.19200300.100.4.18 [RFC1274] 647 friendlyCountryName A 0.9.2342.19200300.100.1.43 [RFC1274] 648 generalizedTimeMatch M 2.5.13.27 [RFC2252] 649 generalizedTimeOrderingMatch M 2.5.13.28 [RFC2252] 650 generationQualifier A 2.5.4.44 [RFC2256] 651 givenName A 2.5.4.42 [RFC2256] 652 GN A 2.5.4.42 [RFC2256] 653 groupOfNames O 2.5.6.9 [RFC2256] 654 groupOfUniqueNames O 2.5.6.17 [RFC2256] 655 homePhone A 0.9.2342.19200300.100.1.20 [RFC1274] 656 homePostalAddress A 0.9.2342.19200300.100.1.39 [RFC1274] 657 homeTelephone A 0.9.2342.19200300.100.1.20 [RFC1274] 658 host A 0.9.2342.19200300.100.1.9 [RFC1274] 659 houseIdentifier A 2.5.4.51 [RFC2256] 660 info A 0.9.2342.19200300.100.1.4 [RFC1274] 661 initials A 2.5.4.43 [RFC2256] 662 integerFirstComponentMatch M 2.5.13.29 [RFC2252] 663 integerMatch M 2.5.13.14 [RFC2252] 664 internationaliSDNNumber A 2.5.4.25 [RFC2256] 665 janetMailbox A 0.9.2342.19200300.100.1.46 [RFC1274] 666 jpegPhoto A 0.9.2342.19200300.100.1.60 [RFC1488] 667 knowledgeInformation A 2.5.4.2 [RFC2256] 668 L A 2.5.4.7 [RFC2256] 669 labeledURI A 1.3.6.1.4.1.250.1.57 [RFC2079] 670 labeledURIObject A 1.3.6.1.4.1.250.3.15 [RFC2079] 671 lastModifiedBy A 0.9.2342.19200300.100.1.24 [RFC1274] 672 lastModifiedTime A 0.9.2342.19200300.100.1.23 [RFC1274] 673 ldapSyntaxes A 1.3.6.1.4.1.1466.101.120.16 [RFC2251] 674 locality O 2.5.6.3 [RFC2256] 675 localityName A 2.5.4.7 [RFC2256] 676 mail A 0.9.2342.19200300.100.1.3 [RFC2798] 677 mailPreferenceOption A 0.9.2342.19200300.100.1.47 [RFC1274] 678 manager A 0.9.2342.19200300.100.1.10 [RFC1274] 679 matchingRules A 2.5.21.4 [RFC2252] 680 matchingRuleUse A 2.5.21.8 [RFC2252] 681 mcgamTables A 1.3.6.1.4.1.453.7.2.9 [RFC2164] 682 mDRecord A 0.9.2342.19200300.100.1.27 [RFC1274] 683 member A 2.5.4.31 [RFC2256] 684 mixerGateway O 1.3.6.1.4.1.453.7.1.4 [RFC2164] 685 mobile A 0.9.2342.19200300.100.1.41 [RFC1274] 686 mobileTelephoneNumber A 0.9.2342.19200300.100.1.41 [RFC1274] 687 modifiersName A 2.5.18.4 [RFC2252] 688 modifyTimestamp A 2.5.18.2 [RFC2252] 689 mXRecord A 0.9.2342.19200300.100.1.28 [RFC1274] 690 name A 2.5.4.41 [RFC2256] 691 nameForms A 2.5.21.7 [RFC2252] 692 namingContexts A 1.3.6.1.4.1.1466.101.120.5 [RFC2252] 693 nSRecord A 0.9.2342.19200300.100.1.29 [RFC1274] 694 numericStringMatch M 2.5.13.8 [RFC2252] 695 numericStringSubstringsMatch M 2.5.13.10 [RFC2252] 696 O A 2.5.4.10 [RFC2256] 697 objectClass A 2.5.4.0 [RFC2256] 698 objectClasses A 2.5.21.6 [RFC2252] 699 objectIdentifierFirstComponentMatch M 2.5.13.30 [RFC2252] 700 objectIdentifiersMatch M 2.5.13.0 [RFC2252] 701 octetStringMatch M 2.5.13.17 [RFC2252] 702 omittedORAddressComponent O 1.3.6.1.4.1.453.7.1.3 [RFC2164] 703 oRAddressComponentType A 1.3.6.1.4.1.453.7.2.7 [RFC2164] 704 organization O 2.5.6.4 [RFC2256] 705 organizationalPerson O 2.5.6.7 [RFC2256] 706 organizationalRole O 2.5.6.8 [RFC2256] 707 organizationalStatus A 0.9.2342.19200300.100.1.45 [RFC1274] 708 organizationalUnit O 2.5.6.5 [RFC2256] 709 organizationalUnitName A 2.5.4.11 [RFC2256] 710 organizationName A 2.5.4.10 [RFC2256] 711 otherMailbox A 0.9.2342.19200300.100.1.22 [RFC1274] 712 OU A 2.5.4.11 [RFC2256] 713 owner A 2.5.4.32 [RFC2256] 714 pager A 0.9.2342.19200300.100.1.42 [RFC1274] 715 pagerTelephoneNumber A 0.9.2342.19200300.100.1.42 [RFC1274] 716 person O 2.5.6.6 [RFC2256] 717 personalSignature A 0.9.2342.19200300.100.1.53 [RFC1274] 718 personalTitle A 0.9.2342.19200300.100.1.40 [RFC1274] 719 photo A 0.9.2342.19200300.100.1.7 [RFC1274] 720 physicalDeliveryOfficeName A 2.5.4.19 [RFC2256] 721 pilotDSA O 0.9.2342.19200300.100.4.21 [RFC1274] 722 pilotObject O 0.9.2342.19200300.100.4.3 [RFC1274] 723 pilotOrganization O 0.9.2342.19200300.100.4.20 [RFC1274] 724 pilotPerson O 0.9.2342.19200300.100.4.4 [RFC1274] 725 pkiCA O 2.5.6.22 [RFC2587] 726 pkiUser O 2.5.6.21 [RFC2587] 727 postalAddress A 2.5.4.16 [RFC2256] 728 postalCode A 2.5.4.17 [RFC2256] 729 postOfficeBox A 2.5.4.18 [RFC2256] 730 preferredDeliveryMethod A 2.5.4.28 [RFC2256] 731 presentationAddress A 2.5.4.29 [RFC2256] 732 presentationAddressMatch M 2.5.13.22 [RFC2252] 733 protocolInformation A 2.5.4.48 [RFC2256] 734 protocolInformationMatch M 2.5.13.24 [RFC2252] 735 qualityLabelledData O 0.9.2342.19200300.100.4.22 [RFC1274] 736 registeredAddress A 2.5.4.26 [RFC2256] 737 residentialPerson O 2.5.6.10 [RFC2256] 738 RFC822LocalPart O 0.9.2342.19200300.100.4.14 [RFC1274] 739 RFC822Mailbox A 0.9.2342.19200300.100.1.3 [RFC1274] 740 rFC822ToX400Mapping O 1.3.6.1.4.1.453.7.1.1 [RFC2164] 741 roleOccupant A 2.5.4.33 [RFC2256] 742 room O 0.9.2342.19200300.100.4.7 [RFC1274] 743 roomNumber A 0.9.2342.19200300.100.1.6 [RFC1274] 744 searchGuide A 2.5.4.14 [RFC2256] 745 secretary A 0.9.2342.19200300.100.1.21 [RFC1274] 746 seeAlso A 2.5.4.34 [RFC2256] 747 serialNumber A 2.5.4.5 [RFC2256] 748 simpleSecurityObject O 0.9.2342.19200300.100.4.19 [RFC1274] 749 singleLevelQuality A 0.9.2342.19200300.100.1.50 [RFC1274] 750 SN A 2.5.4.4 [RFC2256] 751 sOARecord A 0.9.2342.19200300.100.1.30 [RFC1274] 752 ST A 2.5.4.8 [RFC2256] 753 stateOrProvinceName A 2.5.4.8 [RFC2256] 754 street A 2.5.4.9 [RFC2256] 755 streetAddress A 2.5.4.9 [RFC2256] 756 strongAuthenticationUser O 2.5.6.15 [RFC2256] 757 subschema O 2.5.20.1 [RFC2252] 758 subschemaSubentry A 2.5.18.10 [RFC2252] 759 subtree O 1.3.6.1.4.1.453.7.1.1 [RFC2293] 760 subtreeMaximumQuality A 0.9.2342.19200300.100.1.52 [RFC1274] 761 subtreeMinimumQuality A 0.9.2342.19200300.100.1.51 [RFC1274] 762 supportedAlgorithms A 2.5.4.52 [RFC2256] 763 supportedApplicationContext A 2.5.4.30 [RFC2256] 764 supportedControl A 1.3.6.1.4.1.1466.101.120.13 [RFC2252] 765 supportedExtension A 1.3.6.1.4.1.1466.101.120.7 [RFC2252] 766 supportedLDAPVersion A 1.3.6.1.4.1.1466.101.120.15 [RFC2252] 767 supportedSASLMechanisms A 1.3.6.1.4.1.1466.101.120.14 [RFC2252] 768 surname A 2.5.4.4 [RFC2256] 769 table O 1.3.6.1.4.1.453.7.1.2 [RFC2293] 770 tableEntry O 1.3.6.1.4.1.453.7.1.3 [RFC2293] 771 telephoneNumber A 2.5.4.20 [RFC2256] 772 telephoneNumberMatch M 2.5.13.20 [RFC2252] 773 telephoneNumberSubstringsMatch M 2.5.13.21 [RFC2252] 774 teletexTerminalIdentifier A 2.5.4.22 [RFC2256] 775 telexNumber A 2.5.4.21 [RFC2256] 776 textEncodedORAddress A 0.9.2342.19200300.100.1.2 [RFC1274] 777 textTableEntry O 1.3.6.1.4.1.453.7.1.4 [RFC2293] 778 textTableKey A 1.3.6.1.4.1.453.7.2.1 [RFC2293] 779 textTableValue A 1.3.6.1.4.1.453.7.2.2 [RFC2293] 780 title A 2.5.4.12 [RFC2256] 781 top O 2.5.6.0 [RFC2256] 782 uid A 0.9.2342.19200300.100.1.1 [RFC2253] 783 uniqueIdentifier A 0.9.2342.19200300.100.1.44 [RFC1274] 784 uniqueMember A 2.5.4.50 [RFC2256] 785 uniqueMemberMatch M 2.5.13.23 [RFC2252] 786 userCertificate A 2.5.4.36 [RFC2256] 787 userClass A 0.9.2342.19200300.100.1.8 [RFC1274] 788 userId A 0.9.2342.19200300.100.1.1 [RFC1274] 789 userPassword A 2.5.4.35 [RFC2256] 790 userSecurityInformation O 2.5.6.18 [RFC2256] 791 x121Address A 2.5.4.24 [RFC2256] 792 x400ToRFC822Mapping O 1.3.6.1.4.1.453.7.1.2 [RFC2164] 793 x500UniqueIdentifier A 2.5.4.45 [RFC2256] 795 Legend 796 ------------------------ 797 A => Attribute Type 798 C => DIT Content Rule 799 E => LDAP URL Extension 800 M => Matching Rule 801 N => Name Form 802 O => Object Class 804 B.3. Attribute Description Options 806 Option Owner Reference 807 ---------------- ----- --------- 808 binary IESG [RFC2251] 809 lang-* IESG [RFC2596] 811 * family of options 813 B.4. LDAPMessage types 815 Name Code Owner Reference 816 --------------------------- ---- ----- --------- 817 bindRequest 0 IESG [RFC2251] 818 bindResponse 1 IESG [RFC2251] 819 unbindRequest 2 IESG [RFC2251] 820 searchRequest 3 IESG [RFC2251] 821 searchResEntry 4 IESG [RFC2251] 822 searchResDone 5 IESG [RFC2251] 823 modifyRequest 6 IESG [RFC2251] 824 modifyResponse 7 IESG [RFC2251] 825 addRequest 8 IESG [RFC2251] 826 addResponse 9 IESG [RFC2251] 827 delRequest 10 IESG [RFC2251] 828 delResponse 11 IESG [RFC2251] 829 modDNRequest 12 IESG [RFC2251] 830 modDNResponse 13 IESG [RFC2251] 831 compareRequest 14 IESG [RFC2251] 832 compareResponse 15 IESG [RFC2251] 833 abandonRequest 16 IESG [RFC2251] 834 reserved 17-18 IESG 835 searchResRef 19 IESG [RFC2251] 836 reserved 20-22 IESG 837 extendedReq 23 IESG [RFC2251] 838 extendedResp 24 IESG [RFC2251] 840 B.5. resultCode values 842 Name Code Owner Reference 843 --------------------------- ---- ----- --------- 844 success 0 IESG [RFC2251] 845 operationsError 1 IESG [RFC2251] 846 protocolError 2 IESG [RFC2251] 847 timeLimitExceeded 3 IESG [RFC2251] 848 sizeLimitExceeded 4 IESG [RFC2251] 849 compareFalse 5 IESG [RFC2251] 850 compareTrue 6 IESG [RFC2251] 851 authMethodNotSupported 7 IESG [RFC2251] 852 strongAuthRequired 8 IESG [RFC2251] 853 reserved (partialResults) 9 IESG [RFC2251] 854 referral 10 IESG [RFC2251] 855 adminLimitExceeded 11 IESG [RFC2251] 856 unavailableCriticalExtension 12 IESG [RFC2251] 857 confidentialityRequired 13 IESG [RFC2251] 858 saslBindInProgress 14 IESG [RFC2251] 859 noSuchAttribute 16 IESG [RFC2251] 860 undefinedAttributeType 17 IESG [RFC2251] 861 inappropriateMatching 18 IESG [RFC2251] 862 constraintViolation 19 IESG [RFC2251] 863 attributeOrValueExists 20 IESG [RFC2251] 864 invalidAttributeSyntax 21 IESG [RFC2251] 865 noSuchObject 32 IESG [RFC2251] 866 aliasProblem 33 IESG [RFC2251] 867 invalidDNSyntax 34 IESG [RFC2251] 868 reserved (isLeaf) 35 IESG [RFC2251] 869 aliasDereferencingProblem 36 IESG [RFC2251] 870 reserved 37-47 IESG 871 inappropriateAuthentication 48 IESG [RFC2251] 872 invalidCredentials 49 IESG [RFC2251] 873 insufficientAccessRights 50 IESG [RFC2251] 874 busy 51 IESG [RFC2251] 875 unavailable 52 IESG [RFC2251] 876 unwillingToPerform 53 IESG [RFC2251] 877 loopDetect 54 IESG [RFC2251] 878 reserved 55-63 IESG 879 namingViolation 64 IESG [RFC2251] 880 objectClassViolation 65 IESG [RFC2251] 881 notAllowedOnNonLeaf 66 IESG [RFC2251] 882 notAllowedOnRDN 67 IESG [RFC2251] 883 entryAlreadyExists 68 IESG [RFC2251] 884 objectClassModsProhibited 69 IESG [RFC2251] 885 reserved (resultsTooLarge) 70 IESG [RFC2251] 886 reserved 71-79 IESG 887 other 80 IESG [RFC2251] 888 reserved (APIs) 81-90 IESG [RFC2251] 890 B.6. Bind Authentication Method 892 Method Value Owner Usage Reference 893 ------ ----- ----- ----------- ----------------- 894 simple 0 IESG LIMITED USE [RFC2251,RFC2829] 895 krbv42LDAP 1 IESG OBSOLETE* [RFC1777] 896 krbv42DSA 2 IESG OBSOLETE* [RFC1777] 897 sasl 3 IESG COMMON [RFC2251,RFC2829] 899 * These LDAPv2-only mechanisms were deprecated in favor LDAPv3 SASL 900 authentication method, specifically the GSSAPI mechanism. 902 Copyright 2002, The Internet Society. All Rights Reserved. 904 This document and translations of it may be copied and furnished to 905 others, and derivative works that comment on or otherwise explain it 906 or assist in its implementation may be prepared, copied, published and 907 distributed, in whole or in part, without restriction of any kind, 908 provided that the above copyright notice and this paragraph are 909 included on all such copies and derivative works. However, this 910 document itself may not be modified in any way, such as by removing 911 the copyright notice or references to the Internet Society or other 912 Internet organizations, except as needed for the purpose of 913 developing Internet standards in which case the procedures for 914 copyrights defined in the Internet Standards process must be followed, 915 or as required to translate it into languages other than English. 917 The limited permissions granted above are perpetual and will not be 918 revoked by the Internet Society or its successors or assigns. 920 This document and the information contained herein is provided on an 921 "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE INTERNET 922 ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, 923 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 924 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 925 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.