idnits 2.17.1 draft-ietf-ldapbis-iana-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. ** The document is more than 15 pages and seems to lack a Table of Contents. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 5 instances of too long lines in the document, the longest one being 2 characters in excess of 72. == There are 122 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 925 has weird spacing: '...for the purpo...' == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (29 July 2002) is 7935 days in the past. Is this intentional? Checking references for intended status: Best Current Practice ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'REF' is mentioned on line 566, but not defined == Missing Reference: 'RFC1274' is mentioned on line 801, but not defined ** Obsolete undefined reference: RFC 1274 (Obsoleted by RFC 4524) == Missing Reference: 'RFC2164' is mentioned on line 805, but not defined == Missing Reference: 'RFC2739' is mentioned on line 597, but not defined == Missing Reference: 'RFC2247' is mentioned on line 645, but not defined == Missing Reference: 'RFC2587' is mentioned on line 737, but not defined ** Obsolete undefined reference: RFC 2587 (Obsoleted by RFC 4523) == Missing Reference: 'RFC2293' is mentioned on line 792, but not defined == Missing Reference: 'RFC2589' is mentioned on line 653, but not defined == Missing Reference: 'RFC1488' is mentioned on line 677, but not defined ** Obsolete undefined reference: RFC 1488 (Obsoleted by RFC 1778) == Missing Reference: 'RFC2079' is mentioned on line 681, but not defined == Missing Reference: 'RFC2798' is mentioned on line 687, but not defined == Missing Reference: 'RFC3296' is mentioned on line 748, but not defined == Missing Reference: 'RFC2253' is mentioned on line 795, but not defined ** Obsolete undefined reference: RFC 2253 (Obsoleted by RFC 4510, RFC 4514) == Missing Reference: 'RFC2596' is mentioned on line 822, but not defined ** Obsolete undefined reference: RFC 2596 (Obsoleted by RFC 3866) == Missing Reference: 'RFC2829' is mentioned on line 910, but not defined ** Obsolete undefined reference: RFC 2829 (Obsoleted by RFC 4510, RFC 4513) == Missing Reference: 'RFC1777' is mentioned on line 909, but not defined ** Obsolete undefined reference: RFC 1777 (Obsoleted by RFC 3494) ** Obsolete normative reference: RFC 2234 (Obsoleted by RFC 4234) ** Obsolete normative reference: RFC 2251 (Obsoleted by RFC 4510, RFC 4511, RFC 4512, RFC 4513) ** Obsolete normative reference: RFC 2252 (Obsoleted by RFC 4510, RFC 4512, RFC 4517, RFC 4523) ** Obsolete normative reference: RFC 2255 (Obsoleted by RFC 4510, RFC 4516) ** Obsolete normative reference: RFC 2256 (Obsoleted by RFC 4510, RFC 4512, RFC 4517, RFC 4519, RFC 4523) ** Obsolete normative reference: RFC 2279 (Obsoleted by RFC 3629) ** Obsolete normative reference: RFC 2434 (Obsoleted by RFC 5226) -- No information found for draft-ietf-ldapbis-ldapv3-ts-xx - is the name correct? -- Possible downref: Normative reference to a draft: ref. 'LDAPTS' -- Possible downref: Non-RFC (?) normative reference: ref. 'IANADSN' -- Possible downref: Non-RFC (?) normative reference: ref. 'ISO10646' -- Obsolete informational reference (is this intentional?): RFC 1779 (Obsoleted by RFC 2253, RFC 3494) -- Obsolete informational reference (is this intentional?): RFC 2222 (Obsoleted by RFC 4422, RFC 4752) Summary: 20 errors (**), 0 flaws (~~), 19 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT Kurt D. Zeilenga 3 Intended Category: BCP OpenLDAP Foundation 4 Expires in six months 29 July 2002 6 IANA Considerations for LDAP 7 9 Status of Memo 11 This document is an Internet-Draft and is in full conformance with all 12 provisions of Section 10 of RFC2026. 14 This document is intended to be, after appropriate review and 15 revision, submitted to the RFC Editor as a Best Current Practice 16 document. Distribution of this memo is unlimited. Technical 17 discussion of this document will take place on the IETF LDAP Revision 18 Working Group (LDAPbis) mailing list . 19 Please send editorial comments directly to the document editor 20 . 22 Internet-Drafts are working documents of the Internet Engineering Task 23 Force (IETF), its areas, and its working groups. Note that other 24 groups may also distribute working documents as Internet-Drafts. 25 Internet-Drafts are draft documents valid for a maximum of six months 26 and may be updated, replaced, or obsoleted by other documents at any 27 time. It is inappropriate to use Internet-Drafts as reference 28 material or to cite them other than as ``work in progress.'' 30 The list of current Internet-Drafts can be accessed at 31 . The list of 32 Internet-Draft Shadow Directories can be accessed at 33 . 35 Copyright 2002, The Internet Society. All Rights Reserved. 37 Please see the Copyright section near the end of this document for 38 more information. 40 Abstract 42 This document provides procedures for registering extensible elements 43 of LDAP (Lightweight Directory Access Protocol). The document also 44 provides guidelines to IANA (Internet Assigned Numbers Authority) 45 describing conditions under which new values can be assigned. 47 1. Introduction 49 The Lightweight Directory Access Protocol [LDAPTS] (LDAP) is an 50 extensible protocol. LDAP supports: 51 - addition of new operations, 52 - extension of existing operations, and 53 - extensible schema. 55 This document details procedures for registering values of used to 56 unambiguously identify extensible elements of the protocol including: 57 - LDAP message types, 58 - LDAP result codes, 59 - LDAP authentication methods, 60 - LDAP attribute description options, and 61 - Object Identifier descriptors. 63 These registries are maintained by the Internet Assigned Numbers 64 Authority (IANA). 66 In addition, this document provides guidelines to IANA describing the 67 conditions under which new values can be assigned. 69 2. Terminology and Conventions 71 This section details terms and conventions used in this document. 73 2.1. Policy Terminology 75 The terms "IESG Approval", "Standards Action", "IETF Consensus", 76 "Specification Required", "First Come First Served", "Expert Review", 77 and "Private Use" are used as defined in BCP 26 [RFC2434]. 79 2.2. Requirement Terminology 81 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 82 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 83 document are to be interpreted as described in BCP 14 [RFC2119]. In 84 this case, "the specification" as used by BCP 14 refers to the 85 processing of protocols being submitted to the IETF standards process. 87 2.3. Common ABNF Productions 89 A number of syntaxes in this document are described using ABNF 90 [RFC2234]. These syntaxes rely on the following common productions: 92 ALPHA = %x41-5A / %x61-7A ; A-Z / a-z 94 LDIGIT = %x31-39 ; 1-9 96 DIGIT = %x30 / LDIGIT ; 0-9 98 HYPHEN = %x2D ; "-" 100 DOT = %x2E ; "." 102 number = DIGIT / ( LDIGIT 1*DIGIT ) 104 keychar = ALPHA / DIGIT / HYPHEN 106 leadkeychar = ALPHA 108 keystring = leadkeychar *keychar 110 A keyword is a case-insensitive string of UTF-8 [RFC2279] encoded 111 characters from the Universal Character Set (UCS) [ISO10646] 112 restricted to the production. 114 3. IANA Considerations for LDAP 116 This section details each kind of protocol value which can be 117 registered and provides IANA guidelines on how to assign new values. 119 3.1. Object Identifiers 121 Numerous LDAP schema and protocol elements are identified by Object 122 Identifiers. Specifications which assign OIDs to elements SHOULD 123 state who delegated the OIDs for its use. 125 For IETF developed elements, specifications SHOULD use OIDs under 126 "Internet Directory Numbers" (1.3.6.1.1.x). Numbers under this OID 127 arc will be assigned upon Expert Review with Specification Required. 128 Only one OID per specification will be assigned. The specification 129 MAY then assign any number of OIDs within this arc without further 130 coordination with IANA. 132 For elements developed by others, any properly delegated OID can be 133 used, including those under "Internet Private Enterprise Numbers" 134 (1.3.6.1.4.1.x) assigned by IANA 135 . 137 To avoid interoperability problems between early implementions of 138 ''works in progress'' and implementions of the published specification 139 (e.g., the RFC), experimental OIDs SHOULD be used in ''works in 140 progress'' and early implementations. OIDs under the Internet 141 Experimental OID arc (1.3.6.1.3.x) may be used for this purpose. 143 Experimental OIDs are not to used in published specifications (e.g. 144 RFCs). 146 Practices for IANA assignment of Internet Enterprise and Experimental 147 OIDs are detailed in STD 16 [RFC1155]. 149 3.2. Object Identifier Descriptors 151 LDAP allows short descriptive names (or descriptors) to be used 152 instead of a numeric Object Identifier to identify protocol extensions 153 [RFC2251], schema elements [RFC2252], LDAP URL [RFC2255] extensions, 154 and other objects. Descriptors are restricted to strings of UTF-8 155 encoded UCS characters restricted by the following ABNF: 157 name = keystring 159 Descriptors are case-insensitive. 161 Multiple names may be assigned to a given OID. For purposes of 162 registration, an OID is to be represented in numeric OID form 163 conforming to the ABNF: 165 numericoid = number *( DOT number ) ; e.g. 1.1.0.23.40 167 While the protocol places no maximum length restriction upon 168 descriptors, they should be short. Descriptors longer than 48 169 characters may be viewed as too long to register. IANA may reject 170 obviously bogus registrations. 172 A values ending with a hyphen ("-") reserve all descriptors which 173 start with the value. For example, the registration of the option 174 "descrFamily-" reserves all options which start with "descrFamily-" 175 for some related purpose. 177 Descriptors beginning with "x-" are for Private Use and cannot be 178 registered. 180 Descriptors beginning with "e-" are reserved for experiments and will 181 be registered on a First Come First Served basis. 183 All other descriptors require Expert Review to be registered. 185 The registrant need not "own" the OID being named. 187 The OID namespace is managed by The ISO/IEC Joint Technical Committee 188 1 - Subcommittee 6. 190 3.3. AttributeDescription Options 192 An AttributeDescription [RFC2251, Section 4.1.5] can contain zero or 193 more options specifying additional semantics. An option SHALL be 194 restricted to a string UTF-8 encoded UCS characters limited by the 195 following ABNF: 197 option = keystring 199 Options are case-insensitive. 201 While the protocol places no maximum length restriction upon option 202 strings, they should be short. Options longer than 24 characters may 203 be viewed as too long to register. IANA may reject obviously bogus 204 registrations. 206 Values ending with a hyphen ("-") reserve all option names which start 207 with the name. For example, the registration of the option 208 "optionFamily-" reserves all options which start with "optionFamily-" 209 for some related purpose. 211 Options beginning with "x-" are for Private Use and cannot be 212 registered. 214 Options beginning with "e-" are reserved for experiments and will be 215 registered on a First Come First Served basis. 217 All other options require Standards Action or Expert Review with 218 Specification Required to be registered. 220 3.4. LDAP Message Types 222 Each protocol message is encapsulated in an LDAPMessage envelope 223 [RFC2251, Section 4.1.1]. The protocolOp CHOICE indicates the type of 224 message encapsulated. Each message type consists of a keyword and a 225 non-negative choice number is combined with the class (APPLICATION) 226 and data type (CONSTRUCTED or PRIMITIVE) to construct the BER tag in 227 the message's encoding. The choice numbers for existing protocol 228 messages are implicit in the protocol's ASN.1 defined in [RFC2251]. 230 New values will be registered upon Standards Action. 232 Note: LDAP provides extensible messages which reduces, but does not 233 eliminate, the need to add new message types. 235 3.5. LDAP Result Codes 237 LDAP result messages carry an resultCode enumerated value to indicate 238 the outcome of the operation [RFC2251, Section 4.1.10]. Each result 239 code consists of a keyword and a non-negative integer. 241 New resultCodes integers in the range 0-1023 require Standards Action 242 to be registered. New resultCode integers in the range 1024-4095 243 require Expert Review with Specification Required. New resultCode 244 integers in the range 4096-16383 will be registered on a First Come 245 First Served basis. Keywords associated with integers in the range 246 0-4095 SHALL NOT start with "e-" or "x-". Keywords associated with 247 integers in the range 4096-16383 SHALL start with "e-". Values 248 greater than or equal to 16384 and keywords starting with "x-" are for 249 Private Use and cannot be registered. 251 IANA may reject obviously bogus registrations. 253 3.6. LDAP Authentication Method 255 The LDAP Bind operation supports multiple authentication methods 256 [RFC2251, Section 4.2]. Each authentication choice consists of a 257 keyword and a non-negative integer. 259 The registrant SHALL classify the authentication method usage using 260 one of the following terms: 262 COMMON - method is appropriate for common use on the Internet, 263 LIMITED USE - method is appropriate for limited use, 264 OBSOLETE - method has been deprecated or otherwise found to be 265 inappropriate for any use. 267 Methods without publicly available specifications SHALL NOT be 268 classified as COMMON. New registrations of class OBSOLETE cannot be 269 registered. IANA may reject obviously bogus registrations. 271 New authentication method integers in the range 0-1023 require 272 Standards Action to be registered. New authentication method integers 273 in the range 1024-4095 require Expert Review with Specification 274 Required. New authenticaiton method integers in the range 4096-16383 275 will be registered on a First Come First Served basis. Keywords 276 associated with integers in the range 0-4095 SHALL NOT start with "e-" 277 or "x-". Keywords associated with integers in the range 4096-16383 278 SHALL start with "e-". Values greater than or equal to 16384 and 279 keywords starting with "x-" are for Private Use and cannot be 280 registered. 282 Note: LDAP supports SASL [RFC2222] as an Authentication CHOICE. SASL 283 is an extensible LDAP authentication method. 285 3.7. Directory Systems Names 287 The IANA-maintained "Directory Systems Names" registry [IANADSN] of 288 valid keywords for well known attributes used in the LDAPv2 string 289 representation of a distinguished name [RFC1779]. RFC 1779 was 290 obsoleted by RFC 2253. 292 Directory systems names are not known to be used in any other context. 293 LDAPv3 uses Object Identifier Descriptors [Section 3.2] (which have a 294 different syntax than directory system names). 296 New Directory System Names will no longer be accepted. For historical 297 purposes, the current list of registered names should remain 298 publically available. 300 4. Registration Procedure 302 The procedure given here MUST be used by anyone who wishes to use a 303 new value of a type described in Section 3 of this document. 305 The first step is for the requester to fill out the appropriate form. 306 Templates are provided in Appendix A. 308 If the policy is Standards Action, the completed form SHOULD be 309 provided to the IESG with the request for Standards Action. Upon 310 approval of the Standards Action, the IESG SHALL forward the request 311 (possibly revised) to IANA. The IESG SHALL be viewed as the owner of 312 all values requiring Standards Action. 314 If the policy is Expert Review, the requester SHALL post the completed 315 form to the mailing list for public review. 316 The review period is two (2) weeks. If a revised form is later 317 submitted, the review period is restarted. Anyone may subscribe to 318 this list by sending a request to . 319 During the review, objections may be raised by anyone (including the 320 Expert) on the list. After completion of the review, the Expert, 321 based upon public comments, SHALL either approve the request and 322 forward it to the IESG OR deny the request. In either case, the 323 Expert SHALL promptly notify the requester of the action. Actions of 324 the Expert may be appealed [RFC2026]. The Expert is appointed by 325 Applications Area Director(s). The requester is viewed as the owner 326 of values registered under Expert Review. 328 If the policy is First Come First Served, the requester SHALL submit 329 the completed form directly to the IANA . The 330 requester is viewed as the owner of values registered under First Come 331 First Served. 333 Neither the Expert nor IANA will take position on the claims of 334 copyright or trademarks issues regarding completed forms. 336 Prior to submission of the Internet Draft (I-D) to the RFC Editor but 337 after IESG review and tentative approval, the document editor SHOULD 338 revise the I-D to use registered values. 340 5. Registration Maintenance 342 This section discusses maintenance of registrations. 344 5.1. Lists of Registered Values 346 IANA makes lists of registered values readily available to the 347 Internet community on their web site . 349 5.2. Change Control 351 The registration owner MAY update the registration subject to the same 352 constraints and review as with new registrations. In cases where the 353 owner is not unable or unwilling to make necessary updates, the IESG 354 MAY assert ownership in order to update the registration. 356 5.3. Comments 358 For cases where others (anyone other than the owner) have significant 359 objections to the claims in a registration and the owner does not 360 agree to change the registration, comments MAY be attached to a 361 registration upon Expert Review. For registrations owned by the IESG, 362 the objections SHOULD be addressed by initiating a request for Expert 363 Review. 365 The request form to these requests is ad hoc, but MUST include the 366 specific objections to be reviewed and SHOULD contain (directly or by 367 reference) materials supporting the objections. 369 6. Security Considerations 371 The security considerations detailed in [RFC2434] are generally 372 applicable to this document. Additional security considerations 373 specific to each namespace are discussed in Section 3 where 374 appropriate. 376 Security considerations for LDAP are discussed in documents comprising 377 the technical specification [LDAPTS]. 379 7. Acknowledgment 381 This document is a product of the IETF LDAP Revision (LDAPbis) Working 382 Group. Some text was borrowed from "Guidelines for Writing an IANA 383 Considerations Section in RFCs" [RFC2434] by Thomas Narten and Harald 384 Alvestrand. 386 8. Author's Address 388 Kurt D. Zeilenga 389 OpenLDAP Foundation 391 Email: Kurt@OpenLDAP.org 393 9. Normative References 395 [RFC1155] M. Rose, K. McCloghrie, "Structure and Identification of 396 Management Information for TCP/IP-based Internets", STD 16 397 (also RFC 1155), May 1990. 399 [RFC2026] S. Bradner, "The Internet Standards Process -- Revision 3", 400 BCP 9 (also RFC 2026), October 1996. 402 [RFC2119] S. Bradner, "Key words for use in RFCs to Indicate 403 Requirement Levels", BCP 14 (also RFC 2119), March 1997. 405 [RFC2234] D. Crocker, P. Overell, "Augmented BNF for Syntax 406 Specifications: ABNF", RFC 2234, November 1997. 408 [RFC2251] M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access 409 Protocol (v3)", RFC 2251, December 1997. 411 [RFC2252] M. Wahl, A. Coulbeck, T. Howes, S. Kille, "Lightweight 412 Directory Access Protocol (v3): Attribute Syntax 413 Definitions", RFC 2252, December 1997. 415 [RFC2255] T. Howes, M. Smith, "The LDAP URL Format", RFC 2255, 416 December, 1997. 418 [RFC2256] M. Wahl, "A Summary of the X.500(96) User Schema for use 419 with LDAPv3", RFC 2256, December 1997. 421 [RFC2279] F. Yergeau, "UTF-8, a transformation format of ISO 10646", 422 RFC 2279, January 1998. 424 [RFC2434] T. Narten, H. Alvestrand, "Guidelines for Writing an IANA 425 Considerations Section in RFCs", BCP 26 (also RFC 2434), 426 October 1998. 428 [LDAPTS] J. Hodges, R.L. Morgan, "Lightweight Directory Access 429 Protocol (v3): Technical Specification", 430 draft-ietf-ldapbis-ldapv3-ts-xx.txt (a work in progress). 432 [IANADSN] IANA, "Directory Systems Names", 433 http://www.iana.org/assignments/directory-system-names. 435 [ISO10646] Universal Multiple-Octet Coded Character Set (UCS) - 436 Architecture and Basic Multilingual Plane, ISO/IEC 10646-1 437 : 1993. 439 10. Informative References 441 [RFC1779] S. Kille, "A String Representation of Distinguished Names", 442 RFC 1779, March 1995. 444 [RFC2222] J. Myers, "Simple Authentication and Security Layer 445 (SASL)", RFC 2222, October 1997. 447 Appendix A. Registration Templates 449 This appendix provides registration templates for registering new LDAP 450 values. 452 A.1. LDAP Object Identifier Registration Template 454 Subject: Request for LDAP OID Registration 456 Person & email address to contact for further information: 458 Specification: (I-D) 460 Author/Change Controller: 462 Comments: 464 (Any comments that the requester deems relevant to the request) 466 A.2. LDAP Descriptor Registration Template 468 Subject: Request for LDAP Descriptor Registration 470 Descriptor (short name): 472 Object Identifier: 474 Person & email address to contact for further information: 476 Usage: (One of attribute type, URL extension, 477 object class, or other) 479 Specification: (RFC, I-D, URI) 481 Author/Change Controller: 483 Comments: 485 (Any comments that the requester deems relevant to the request) 487 A.3. LDAP Attribute Description Option Registration Template 489 Subject: Request for LDAP Attribute Description Option Registration 491 Option Name: 493 Family of Options: (YES or NO) 495 Person & email address to contact for further information: 497 Specification: (RFC, I-D, URI) 499 Author/Change Controller: 501 Comments: 503 (Any comments that the requester deems relevant to the request) 505 A.4. LDAP Message Type Registration Template 506 Subject: Request for LDAP Message Type Registration 508 LDAP Message Name: 510 Person & email address to contact for further information: 512 Specification: (Approved I-D) 514 Comments: 516 (Any comments that the requester deems relevant to the request) 518 A.5. LDAP Result Code Registration Template 520 Subject: Request for LDAP Result Code Registration 522 Result Code Name: 524 Person & email address to contact for further information: 526 Specification: (RFC, I-D, URI) 528 Author/Change Controller: 530 Comments: 532 (Any comments that the requester deems relevant to the request) 534 A.6. LDAP Authentication Method Registration Template 536 Subject: Request for LDAP Authentication Method Registration 538 Authentication Method Name: 540 Person & email address to contact for further information: 542 Specification: (RFC, I-D, URI) 544 Intended Usage: (One of COMMON, LIMITED-USE, OBSOLETE) 546 Author/Change Controller: 548 Comments: 550 (Any comments that the requester deems relevant to the request) 552 Appendix B. Assigned Values 554 The following values are currently assigned. 556 B.1. Object Identifiers 558 Currently registered "Internet Private Enterprise Numbers" can be 559 found at . 561 Currently registered "Internet Directory Numbers" can be found at 562 . 564 B.2. Object Identifier Descriptors 566 NAME Type OID [REF] 567 ------------------------ ---- ----------------- 568 account O 0.9.2342.19200300.100.4.5 [RFC1274] 569 alias O 2.5.6.1 [RFC2256] 570 aliasedEntryName A 2.5.4.1 [X.501] 571 aliasedObjectName A 2.5.4.1 [RFC2256] 572 altServer A 1.3.6.1.4.1.1466.101.120.6 [RFC2252] 573 applicationEntity O 2.5.6.12 [RFC2256] 574 applicationProcess O 2.5.6.11 [RFC2256] 575 aRecord A 0.9.2342.19200300.100.1.26 [RFC1274] 576 associatedDomain A 0.9.2342.19200300.100.1.37 [RFC1274] 577 associatedInternetGateway A 1.3.6.1.4.1.453.7.2.8 [RFC2164] 578 associatedName A 0.9.2342.19200300.100.1.38 [RFC1274] 579 associatedORAddress A 1.3.6.1.4.1.453.7.2.6 [RFC2164] 580 associatedX400Gateway A 1.3.6.1.4.1.453.7.2.3 [RFC2164] 581 attributeTypes A 2.5.21.5 [RFC2252] 582 audio A 0.9.2342.19200300.100.1.55 [RFC1274] 583 authorityRevocationList A 2.5.4.38 [RFC2256] 584 bitStringMatch M 2.5.13.16 [RFC2252] 585 buildingName A 0.9.2342.19200300.100.1.48 [RFC1274] 586 businessCategory A 2.5.4.15 [RFC2256] 587 C A 2.5.4.6 [RFC2256] 588 cACertificate A 2.5.4.37 [RFC2256] 589 calCalAdrURI A 1.2.840.113556.1.4.481 [RFC2739] 590 calCalURI A 1.2.840.113556.1.4.478 [RFC2739] 591 calCAPURI A 1.2.840.113556.1.4.480 [RFC2739] 592 calEntry O 1.2.840.113556.1.5.87 [RFC2739] 593 calFBURL A 1.2.840.113556.1.4.479 [RFC2739] 594 calOtherCalAdrURIs A 1.2.840.113556.1.4.485 [RFC2739] 595 calOtherCalURIs A 1.2.840.113556.1.4.482 [RFC2739] 596 calOtherCAPURIs A 1.2.840.113556.1.4.484 [RFC2739] 597 calOtherFBURLs A 1.2.840.113556.1.4.483 [RFC2739] 598 caseExactIA5Match M 1.3.6.1.4.1.1466.109.114.1 [RFC2252] 599 caseIgnoreIA5Match M 1.3.6.1.4.1.1466.109.114.2 [RFC2252] 600 caseIgnoreListMatch M 2.5.13.11 [RFC2252] 601 caseIgnoreMatch M 2.5.13.2 [RFC2252] 602 caseIgnoreOrderingMatch M 2.5.13.3 [RFC2252] 603 caseIgnoreSubstringsMatch M 2.5.13.4 [RFC2252] 604 certificateRevocationList A 2.5.4.39 [RFC2256] 605 certificationAuthority O 2.5.6.16 [RFC2256] 606 certificationAuthority-V2 O 2.5.6.16.2 [RFC2256] 607 CN A 2.5.4.3 [RFC2256] 608 cNAMERecord A 0.9.2342.19200300.100.1.31 [RFC1274] 609 co A 0.9.2342.19200300.100.1.43 [RFC1274] 610 commonName A 2.5.4.3 [RFC2256] 611 country O 2.5.6.2 [RFC2256] 612 countryName A 2.5.4.6 [RFC2256] 613 createTimestamp A 2.5.18.1 [RFC2252] 614 creatorsName A 2.5.18.3 [RFC2252] 615 cRLDistributionPoint O 2.5.6.19 [RFC2256] 616 crossCertificatePair A 2.5.4.40 [RFC2256] 617 DC A 0.9.2342.19200300.100.1.25 [RFC2247] 618 dcObject O 1.3.6.1.4.1.1466.344 [RFC2247] 619 deltaCRL O 2.5.6.23 [RFC2587] 620 deltaRevocationList A 2.5.4.53 [RFC2256] 621 description A 2.5.4.13 [RFC2256] 622 destinationIndicator A 2.5.4.27 [RFC2256] 623 device O 2.5.6.14 [RFC2256] 624 distinguishedName A 2.5.4.49 [RFC2256] 625 distinguishedNameMatch M 2.5.13.1 [RFC2252] 626 distinguishedNameTableEntry O 1.3.6.1.4.1.453.7.1.5 [RFC2293] 627 distinguishedNameTableKey A 1.3.6.1.4.1.453.7.2.3 [RFC2293] 628 dITContentRules A 2.5.21.2 [RFC2252] 629 dITRedirect A 0.9.2342.19200300.100.1.54 [RFC1274] 630 dITStructureRules A 2.5.21.1 [RFC2252] 631 dmd O 2.5.6.20 [RFC2256] 632 dmdName A 2.5.4.54 [RFC2256] 633 dnQualifier A 2.5.4.46 [RFC2256] 634 dNSDomain O 0.9.2342.19200300.100.4.15 [RFC1274] 635 document O 0.9.2342.19200300.100.4.6 [RFC1274] 636 documentAuthor A 0.9.2342.19200300.100.1.14 [RFC1274] 637 documentIdentifier A 0.9.2342.19200300.100.1.11 [RFC1274] 638 documentLocation A 0.9.2342.19200300.100.1.15 [RFC1274] 639 documentPublisher A 0.9.2342.19200300.100.1.56 [RFC1274] 640 documentSeries O 0.9.2342.19200300.100.4.8 [RFC1274] 641 documentTitle A 0.9.2342.19200300.100.1.12 [RFC1274] 642 documentVersion A 0.9.2342.19200300.100.1.13 [RFC1274] 643 domain O 0.9.2342.19200300.100.4.13 [RFC2247] 644 domainComponent A 0.9.2342.19200300.100.1.25 [RFC2247] 645 domainNameForm N 1.3.6.1.4.1.1466.345 [RFC2247] 646 domainRelatedObject O 0.9.2342.19200300.100.4.17 [RFC1274] 647 drink A 0.9.2342.19200300.100.1.5 [RFC1274] 648 dSA O 2.5.6.13 [RFC2256] 649 dSAQuality A 0.9.2342.19200300.100.1.49 [RFC1274] 650 dynamicObject O 1.3.6.1.4.1.1466.101.119.2 [RFC2589] 651 dynamicSubtrees A 1.3.6.1.4.1.1466.101.119.4 [RFC2589] 652 enhancedSearchGuide A 2.5.4.47 [RFC2256] 653 entryTtl A 1.3.6.1.4.1.1466.101.119.3 [RFC2589] 654 extensibleObject O 1.3.6.1.4.1.1466.101.120.111 [RFC2252] 655 facsimileTelephoneNumber A 2.5.4.23 [RFC2256] 656 favouriteDrink A 0.9.2342.19200300.100.1.5 [RFC1274] 657 friendlyCountry O 0.9.2342.19200300.100.4.18 [RFC1274] 658 friendlyCountryName A 0.9.2342.19200300.100.1.43 [RFC1274] 659 generalizedTimeMatch M 2.5.13.27 [RFC2252] 660 generalizedTimeOrderingMatch M 2.5.13.28 [RFC2252] 661 generationQualifier A 2.5.4.44 [RFC2256] 662 givenName A 2.5.4.42 [RFC2256] 663 GN A 2.5.4.42 [RFC2256] 664 groupOfNames O 2.5.6.9 [RFC2256] 665 groupOfUniqueNames O 2.5.6.17 [RFC2256] 666 homePhone A 0.9.2342.19200300.100.1.20 [RFC1274] 667 homePostalAddress A 0.9.2342.19200300.100.1.39 [RFC1274] 668 homeTelephone A 0.9.2342.19200300.100.1.20 [RFC1274] 669 host A 0.9.2342.19200300.100.1.9 [RFC1274] 670 houseIdentifier A 2.5.4.51 [RFC2256] 671 info A 0.9.2342.19200300.100.1.4 [RFC1274] 672 initials A 2.5.4.43 [RFC2256] 673 integerFirstComponentMatch M 2.5.13.29 [RFC2252] 674 integerMatch M 2.5.13.14 [RFC2252] 675 internationaliSDNNumber A 2.5.4.25 [RFC2256] 676 janetMailbox A 0.9.2342.19200300.100.1.46 [RFC1274] 677 jpegPhoto A 0.9.2342.19200300.100.1.60 [RFC1488] 678 knowledgeInformation A 2.5.4.2 [RFC2256] 679 L A 2.5.4.7 [RFC2256] 680 labeledURI A 1.3.6.1.4.1.250.1.57 [RFC2079] 681 labeledURIObject A 1.3.6.1.4.1.250.3.15 [RFC2079] 682 lastModifiedBy A 0.9.2342.19200300.100.1.24 [RFC1274] 683 lastModifiedTime A 0.9.2342.19200300.100.1.23 [RFC1274] 684 ldapSyntaxes A 1.3.6.1.4.1.1466.101.120.16 [RFC2252] 685 locality O 2.5.6.3 [RFC2256] 686 localityName A 2.5.4.7 [RFC2256] 687 mail A 0.9.2342.19200300.100.1.3 [RFC2798] 688 mailPreferenceOption A 0.9.2342.19200300.100.1.47 [RFC1274] 689 manager A 0.9.2342.19200300.100.1.10 [RFC1274] 690 matchingRules A 2.5.21.4 [RFC2252] 691 matchingRuleUse A 2.5.21.8 [RFC2252] 692 mcgamTables A 1.3.6.1.4.1.453.7.2.9 [RFC2164] 693 mDRecord A 0.9.2342.19200300.100.1.27 [RFC1274] 694 member A 2.5.4.31 [RFC2256] 695 mixerGateway O 1.3.6.1.4.1.453.7.1.4 [RFC2164] 696 mobile A 0.9.2342.19200300.100.1.41 [RFC1274] 697 mobileTelephoneNumber A 0.9.2342.19200300.100.1.41 [RFC1274] 698 modifiersName A 2.5.18.4 [RFC2252] 699 modifyTimestamp A 2.5.18.2 [RFC2252] 700 mXRecord A 0.9.2342.19200300.100.1.28 [RFC1274] 701 name A 2.5.4.41 [RFC2256] 702 nameForms A 2.5.21.7 [RFC2252] 703 namingContexts A 1.3.6.1.4.1.1466.101.120.5 [RFC2252] 704 nSRecord A 0.9.2342.19200300.100.1.29 [RFC1274] 705 numericStringMatch M 2.5.13.8 [RFC2252] 706 numericStringSubstringsMatch M 2.5.13.10 [RFC2252] 707 O A 2.5.4.10 [RFC2256] 708 objectClass A 2.5.4.0 [RFC2256] 709 objectClasses A 2.5.21.6 [RFC2252] 710 objectIdentifierFirstComponentMatch M 2.5.13.30 [RFC2252] 711 objectIdentifiersMatch M 2.5.13.0 [RFC2252] 712 octetStringMatch M 2.5.13.17 [RFC2252] 713 omittedORAddressComponent O 1.3.6.1.4.1.453.7.1.3 [RFC2164] 714 oRAddressComponentType A 1.3.6.1.4.1.453.7.2.7 [RFC2164] 715 organization O 2.5.6.4 [RFC2256] 716 organizationalPerson O 2.5.6.7 [RFC2256] 717 organizationalRole O 2.5.6.8 [RFC2256] 718 organizationalStatus A 0.9.2342.19200300.100.1.45 [RFC1274] 719 organizationalUnit O 2.5.6.5 [RFC2256] 720 organizationalUnitName A 2.5.4.11 [RFC2256] 721 organizationName A 2.5.4.10 [RFC2256] 722 otherMailbox A 0.9.2342.19200300.100.1.22 [RFC1274] 723 OU A 2.5.4.11 [RFC2256] 724 owner A 2.5.4.32 [RFC2256] 725 pager A 0.9.2342.19200300.100.1.42 [RFC1274] 726 pagerTelephoneNumber A 0.9.2342.19200300.100.1.42 [RFC1274] 727 person O 2.5.6.6 [RFC2256] 728 personalSignature A 0.9.2342.19200300.100.1.53 [RFC1274] 729 personalTitle A 0.9.2342.19200300.100.1.40 [RFC1274] 730 photo A 0.9.2342.19200300.100.1.7 [RFC1274] 731 physicalDeliveryOfficeName A 2.5.4.19 [RFC2256] 732 pilotDSA O 0.9.2342.19200300.100.4.21 [RFC1274] 733 pilotObject O 0.9.2342.19200300.100.4.3 [RFC1274] 734 pilotOrganization O 0.9.2342.19200300.100.4.20 [RFC1274] 735 pilotPerson O 0.9.2342.19200300.100.4.4 [RFC1274] 736 pkiCA O 2.5.6.22 [RFC2587] 737 pkiUser O 2.5.6.21 [RFC2587] 738 postalAddress A 2.5.4.16 [RFC2256] 739 postalCode A 2.5.4.17 [RFC2256] 740 postOfficeBox A 2.5.4.18 [RFC2256] 741 preferredDeliveryMethod A 2.5.4.28 [RFC2256] 742 presentationAddress A 2.5.4.29 [RFC2256] 743 presentationAddressMatch M 2.5.13.22 [RFC2252] 744 protocolInformation A 2.5.4.48 [RFC2256] 745 protocolInformationMatch M 2.5.13.24 [RFC2252] 746 qualityLabelledData O 0.9.2342.19200300.100.4.22 [RFC1274] 747 ref A 2.16.840.1.113730.3.1.34 [RFC3296] 748 referral 0 2.16.840.1.113730.3.2.6 [RFC3296] 749 registeredAddress A 2.5.4.26 [RFC2256] 750 residentialPerson O 2.5.6.10 [RFC2256] 751 RFC822LocalPart O 0.9.2342.19200300.100.4.14 [RFC1274] 752 RFC822Mailbox A 0.9.2342.19200300.100.1.3 [RFC1274] 753 rFC822ToX400Mapping O 1.3.6.1.4.1.453.7.1.1 [RFC2164] 754 roleOccupant A 2.5.4.33 [RFC2256] 755 room O 0.9.2342.19200300.100.4.7 [RFC1274] 756 roomNumber A 0.9.2342.19200300.100.1.6 [RFC1274] 757 searchGuide A 2.5.4.14 [RFC2256] 758 secretary A 0.9.2342.19200300.100.1.21 [RFC1274] 759 seeAlso A 2.5.4.34 [RFC2256] 760 serialNumber A 2.5.4.5 [RFC2256] 761 simpleSecurityObject O 0.9.2342.19200300.100.4.19 [RFC1274] 762 singleLevelQuality A 0.9.2342.19200300.100.1.50 [RFC1274] 763 SN A 2.5.4.4 [RFC2256] 764 sOARecord A 0.9.2342.19200300.100.1.30 [RFC1274] 765 ST A 2.5.4.8 [RFC2256] 766 stateOrProvinceName A 2.5.4.8 [RFC2256] 767 street A 2.5.4.9 [RFC2256] 768 streetAddress A 2.5.4.9 [RFC2256] 769 strongAuthenticationUser O 2.5.6.15 [RFC2256] 770 subschema O 2.5.20.1 [RFC2252] 771 subschemaSubentry A 2.5.18.10 [RFC2252] 772 subtree O 1.3.6.1.4.1.453.7.1.1 [RFC2293] 773 subtreeMaximumQuality A 0.9.2342.19200300.100.1.52 [RFC1274] 774 subtreeMinimumQuality A 0.9.2342.19200300.100.1.51 [RFC1274] 775 supportedAlgorithms A 2.5.4.52 [RFC2256] 776 supportedApplicationContext A 2.5.4.30 [RFC2256] 777 supportedControl A 1.3.6.1.4.1.1466.101.120.13 [RFC2252] 778 supportedExtension A 1.3.6.1.4.1.1466.101.120.7 [RFC2252] 779 supportedLDAPVersion A 1.3.6.1.4.1.1466.101.120.15 [RFC2252] 780 supportedSASLMechanisms A 1.3.6.1.4.1.1466.101.120.14 [RFC2252] 781 surname A 2.5.4.4 [RFC2256] 782 table O 1.3.6.1.4.1.453.7.1.2 [RFC2293] 783 tableEntry O 1.3.6.1.4.1.453.7.1.3 [RFC2293] 784 telephoneNumber A 2.5.4.20 [RFC2256] 785 telephoneNumberMatch M 2.5.13.20 [RFC2252] 786 telephoneNumberSubstringsMatch M 2.5.13.21 [RFC2252] 787 teletexTerminalIdentifier A 2.5.4.22 [RFC2256] 788 telexNumber A 2.5.4.21 [RFC2256] 789 textEncodedORAddress A 0.9.2342.19200300.100.1.2 [RFC1274] 790 textTableEntry O 1.3.6.1.4.1.453.7.1.4 [RFC2293] 791 textTableKey A 1.3.6.1.4.1.453.7.2.1 [RFC2293] 792 textTableValue A 1.3.6.1.4.1.453.7.2.2 [RFC2293] 793 title A 2.5.4.12 [RFC2256] 794 top O 2.5.6.0 [RFC2256] 795 uid A 0.9.2342.19200300.100.1.1 [RFC2253] 796 uniqueIdentifier A 0.9.2342.19200300.100.1.44 [RFC1274] 797 uniqueMember A 2.5.4.50 [RFC2256] 798 uniqueMemberMatch M 2.5.13.23 [RFC2252] 799 userCertificate A 2.5.4.36 [RFC2256] 800 userClass A 0.9.2342.19200300.100.1.8 [RFC1274] 801 userId A 0.9.2342.19200300.100.1.1 [RFC1274] 802 userPassword A 2.5.4.35 [RFC2256] 803 userSecurityInformation O 2.5.6.18 [RFC2256] 804 x121Address A 2.5.4.24 [RFC2256] 805 x400ToRFC822Mapping O 1.3.6.1.4.1.453.7.1.2 [RFC2164] 806 x500UniqueIdentifier A 2.5.4.45 [RFC2256] 808 Legend 809 ------------------------ 810 A => Attribute Type 811 C => DIT Content Rule 812 E => LDAP URL Extension 813 M => Matching Rule 814 N => Name Form 815 O => Object Class 817 B.3. Attribute Description Options 819 Option Owner Reference 820 ---------------- ----- --------- 821 binary IESG [RFC2251] 822 lang-* IESG [RFC2596] 824 * family of options 826 B.4. LDAPMessage types 828 Name Code Owner Reference 829 --------------------------- ---- ----- --------- 830 bindRequest 0 IESG [RFC2251] 831 bindResponse 1 IESG [RFC2251] 832 unbindRequest 2 IESG [RFC2251] 833 searchRequest 3 IESG [RFC2251] 834 searchResEntry 4 IESG [RFC2251] 835 searchResDone 5 IESG [RFC2251] 836 modifyRequest 6 IESG [RFC2251] 837 modifyResponse 7 IESG [RFC2251] 838 addRequest 8 IESG [RFC2251] 839 addResponse 9 IESG [RFC2251] 840 delRequest 10 IESG [RFC2251] 841 delResponse 11 IESG [RFC2251] 842 modDNRequest 12 IESG [RFC2251] 843 modDNResponse 13 IESG [RFC2251] 844 compareRequest 14 IESG [RFC2251] 845 compareResponse 15 IESG [RFC2251] 846 abandonRequest 16 IESG [RFC2251] 847 reserved 17-18 IESG 848 searchResRef 19 IESG [RFC2251] 849 reserved 20-22 IESG 850 extendedReq 23 IESG [RFC2251] 851 extendedResp 24 IESG [RFC2251] 853 B.5. resultCode values 855 Name Code Owner Reference 856 --------------------------- ---- ----- --------- 857 success 0 IESG [RFC2251] 858 operationsError 1 IESG [RFC2251] 859 protocolError 2 IESG [RFC2251] 860 timeLimitExceeded 3 IESG [RFC2251] 861 sizeLimitExceeded 4 IESG [RFC2251] 862 compareFalse 5 IESG [RFC2251] 863 compareTrue 6 IESG [RFC2251] 864 authMethodNotSupported 7 IESG [RFC2251] 865 strongAuthRequired 8 IESG [RFC2251] 866 reserved (partialResults) 9 IESG [RFC2251] 867 referral 10 IESG [RFC2251] 868 adminLimitExceeded 11 IESG [RFC2251] 869 unavailableCriticalExtension 12 IESG [RFC2251] 870 confidentialityRequired 13 IESG [RFC2251] 871 saslBindInProgress 14 IESG [RFC2251] 872 noSuchAttribute 16 IESG [RFC2251] 873 undefinedAttributeType 17 IESG [RFC2251] 874 inappropriateMatching 18 IESG [RFC2251] 875 constraintViolation 19 IESG [RFC2251] 876 attributeOrValueExists 20 IESG [RFC2251] 877 invalidAttributeSyntax 21 IESG [RFC2251] 878 noSuchObject 32 IESG [RFC2251] 879 aliasProblem 33 IESG [RFC2251] 880 invalidDNSyntax 34 IESG [RFC2251] 881 reserved (isLeaf) 35 IESG [RFC2251] 882 aliasDereferencingProblem 36 IESG [RFC2251] 883 reserved 37-47 IESG 884 inappropriateAuthentication 48 IESG [RFC2251] 885 invalidCredentials 49 IESG [RFC2251] 886 insufficientAccessRights 50 IESG [RFC2251] 887 busy 51 IESG [RFC2251] 888 unavailable 52 IESG [RFC2251] 889 unwillingToPerform 53 IESG [RFC2251] 890 loopDetect 54 IESG [RFC2251] 891 reserved 55-63 IESG 892 namingViolation 64 IESG [RFC2251] 893 objectClassViolation 65 IESG [RFC2251] 894 notAllowedOnNonLeaf 66 IESG [RFC2251] 895 notAllowedOnRDN 67 IESG [RFC2251] 896 entryAlreadyExists 68 IESG [RFC2251] 897 objectClassModsProhibited 69 IESG [RFC2251] 898 reserved (resultsTooLarge) 70 IESG [RFC2251] 899 reserved 71-79 IESG 900 other 80 IESG [RFC2251] 901 reserved (APIs) 81-90 IESG [RFC2251] 903 B.6. Bind Authentication Method 905 Method Value Owner Usage Reference 906 ------ ----- ----- ----------- ----------------- 907 simple 0 IESG LIMITED USE [RFC2251,RFC2829] 908 krbv42LDAP 1 IESG OBSOLETE* [RFC1777] 909 krbv42DSA 2 IESG OBSOLETE* [RFC1777] 910 sasl 3 IESG COMMON [RFC2251,RFC2829] 912 * These LDAPv2-only mechanisms were deprecated in favor LDAPv3 SASL 913 authentication method, specifically the GSSAPI mechanism. 915 Copyright 2002, The Internet Society. All Rights Reserved. 917 This document and translations of it may be copied and furnished to 918 others, and derivative works that comment on or otherwise explain it 919 or assist in its implementation may be prepared, copied, published and 920 distributed, in whole or in part, without restriction of any kind, 921 provided that the above copyright notice and this paragraph are 922 included on all such copies and derivative works. However, this 923 document itself may not be modified in any way, such as by removing 924 the copyright notice or references to the Internet Society or other 925 Internet organizations, except as needed for the purpose of 926 developing Internet standards in which case the procedures for 927 copyrights defined in the Internet Standards process must be followed, 928 or as required to translate it into languages other than English. 930 The limited permissions granted above are perpetual and will not be 931 revoked by the Internet Society or its successors or assigns. 933 This document and the information contained herein is provided on an 934 "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE INTERNET 935 ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, 936 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 937 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 938 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.