idnits 2.17.1 draft-smith-ldap-inetorgperson-02.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** There are 7 instances of too long lines in the document, the longest one being 5 characters in excess of 72. ** The abstract seems to contain references ([X500]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. == There are 31 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 156: '...s attribute type MUST conform to the d...' RFC 2119 keyword, line 204: '... MAY (...' RFC 2119 keyword, line 219: '... MUST (...' RFC 2119 keyword, line 222: '... MAY (...' Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 294 has weird spacing: '...for the purpo...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (18 February 1999) is 9170 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Missing reference section? 'X500' on line 42 looks like a reference -- Missing reference section? 'RFC2251' on line 340 looks like a reference -- Missing reference section? 'RFC2252' on line 344 looks like a reference -- Missing reference section? 'RFC1274' on line 322 looks like a reference -- Missing reference section? 'RFC2079' on line 335 looks like a reference -- Missing reference section? 'RFC2256' on line 349 looks like a reference -- Missing reference section? 'JFIF' on line 144 looks like a reference -- Missing reference section? 'RFC2068' on line 331 looks like a reference -- Missing reference section? 'RFC1847' on line 326 looks like a reference -- Missing reference section? 'PKCS12' on line 318 looks like a reference -- Missing reference section? 'X521' on line 199 looks like a reference -- Missing reference section? 'LDIF' on line 234 looks like a reference Summary: 8 errors (**), 0 flaws (~~), 2 warnings (==), 14 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 The LDAP inetOrgPerson Object Class Mark Smith 3 INTERNET-DRAFT Netscape Communications 4 Intended Category: Informational 18 February 1999 5 Expires: 18 August 1999 7 Definition of the inetOrgPerson LDAP Object Class 8 Filename: draft-smith-ldap-inetorgperson-02.txt 10 1. Status of this Memo 12 This document is an Internet-Draft and is in full conformance with all 13 provisions of Section 10 of RFC2026. Internet-Drafts are working docu- 14 ments of the Internet Engineering Task Force (IETF), its areas, and its 15 working groups. Note that other groups may also distribute working 16 documents as Internet-Drafts. 18 Internet-Drafts are draft documents valid for a maximum of six months 19 and may be updated, replaced, or obsoleted by other documents at any 20 time. It is inappropriate to use Internet-Drafts as reference material 21 or to cite them other than as "work in progress." 23 The list of current Internet-Drafts can be accessed at 24 http://www.ietf.org/ietf/1id-abstracts.txt. 26 The list of Internet-Draft Shadow Directories can be accessed at 27 http://www.ietf.org/shadow.html. 29 This draft document will be submitted to the RFC Editor as an Informa- 30 tional document. Distribution of this memo is unlimited. Please send 31 comments to the author . 33 Copyright (C) The Internet Society (1996-1999). All Rights Reserved. 35 Please see the Copyright section near the end of this document for more 36 information. 38 This Internet Draft expires on 18 August 1999. 40 2. Abstract 42 While the X.500 standards [X500] define many useful attribute types and 43 object classes, they do not define a person object class that meets the 44 requirements found in today's Internet and Intranet directory service 45 deployments. We define a new object class called inetOrgPerson for use 46 in LDAP and X.500 directory services that extends the X.521 standard 47 organizationalPerson class to meet these needs. 49 3. Background and Intended Usage 51 The inetOrgPerson object class is a general purpose object class that 52 holds attributes about people. The attributes it holds were chosen to 53 accommodate information requirements found in typical Internet and 54 Intranet directory service deployments. The inetOrgPerson object class 55 is designed to be used within directory services based on the LDAP 56 [RFC2251] and the X.500 family of protocols, and it should be useful in 57 other contexts as well. There is no requirement for directory services 58 implementors to use the inetOrgPerson object class; it is simply 59 presented as well-documented class that implementors can choose to use 60 if they find it useful. 62 The attribute type and object class definitions in this document are 63 written using the BNF form of AttributeTypeDescription and 64 ObjectClassDescription given in [RFC2252]. In some cases lines have 65 been folded for readability. 67 Attributes that are referenced but not defined in this document are 68 included in one of the following documents: 70 The COSINE and Internet X.500 Schema [RFC1274] 72 Definition of an X.500 Attribute Type and an Object Class to Hold 73 Uniform Resource Identifiers (URIs) [RFC2079] 75 A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256] 77 See Appendix A for a detailed summary that shows where each attribute 78 type is defined. 80 4. New Attribute Types Used in the inetOrgPerson Object Class 82 4.1. Vehicle license or registration plate. 84 This multivalued field is used to record the values of the license or 85 registration plate associated with an individual. 87 ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' 88 DESC 'vehicle license or registration plate' 89 EQUALITY caseIgnoreMatch 90 SUBSTRINGS caseIgnoreSubstringsMatch 91 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 93 4.2. Department number 95 Code for department to which a person belongs. This can also be 96 strictly numeric (e.g., 1234) or alphanumeric (e.g., ABC/123). 97 ( 2.16.840.1.113730.3.1.2 98 NAME 'departmentNumber' 99 DESC 'identifies a department within an organization' 100 EQUALITY caseIgnoreMatch 101 SUBSTRINGS caseIgnoreSubstringsMatch 102 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 104 4.3. Display Name 106 When displaying an entry, especially within a one-line summary list, it 107 is useful to be able to identify a name to be used. Since other attri- 108 bute types such as 'cn' are multivalued, an additional attribute type is 109 needed. Display name is defined for this purpose. 110 ( 2.16.840.1.113730.3.1.241 111 NAME 'displayName' 112 DESC 'preferred name of a person to be used when displaying entries' 113 EQUALITY caseIgnoreMatch 114 SUBSTRINGS caseIgnoreSubstringsMatch 115 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 117 4.4. Employee Number 119 Numeric or alphanumeric identifier assigned to a person, typically based 120 on order of hire or association with an organization. Single valued. 121 ( 2.16.840.1.113730.3.1.3 122 NAME 'employeeNumber' 123 DESC 'numerically identifies an employee within an organization' 124 EQUALITY caseIgnoreMatch 125 SUBSTRINGS caseIgnoreSubstringsMatch 126 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 127 SINGLE-VALUE ) 129 4.5. Employee Type 131 Used to identify the employer to employee relationship. Typical values 132 used will be "Contractor", "Employee", "Intern", "Temp", "External", and 133 "Unknown" but any value may be used. 134 ( 2.16.840.1.113730.3.1.4 135 NAME 'employeeType' 136 DESC 'type of employment for a person' 137 EQUALITY caseIgnoreMatch 138 SUBSTRINGS caseIgnoreSubstringsMatch 139 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 141 4.6. JPEG Photograph 143 Used to store one or more images of a person using the JPEG File Inter- 144 change Format [JFIF]. 145 ( 0.9.2342.19200300.100.1.60 146 NAME 'jpegPhoto' 147 DESC 'a JPEG image' 148 SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) 149 Note that the jpegPhoto attribute type was defined for use in the Inter- 150 net X.500 pilots but no referencable definition for it could be located. 152 4.7. Preferred Language 154 Used to indicate an individual's preferred written or spoken language. 155 This is useful for international correspondence or human-computer 156 interaction. Values for this attribute type MUST conform to the defini- 157 tion of the Accept-Language header field defined in [RFC2068] with one 158 exception: the sequence "Accept-Language" ":" should be omitted. This 159 is a single valued attribute type. 160 ( 2.16.840.1.113730.3.1.39 161 NAME 'preferredLanguage' 162 DESC 'preferred written or spoken language for a person' 163 EQUALITY caseIgnoreMatch 164 SUBSTRINGS caseIgnoreSubstringsMatch 165 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 166 SINGLE-VALUE ) 167 ) 169 4.8. User S/MIME Certificate 171 An S/MIME [RFC1847] signed message with a zero-length body. This attri- 172 bute is to be stored and requested in binary form, as 173 'userSMIMECertificate;binary'. It contains the person's entire certifi- 174 cate chain and the signed attribute that describes their algorithm capa- 175 bilities, stored as an octetString. If available, this attribute is 176 preferred over the userCertificate attribute for S/MIME applications. 177 ( 2.16.840.1.113730.3.1.40 178 NAME 'userSMIMECertificate' 179 DESC 'signed message used to support S/MIME' 180 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) 182 4.9. User PKCS #12 184 PKCS #12 [PKCS12] provides a format for exchange of personal identity 185 information. When such information is stored in a directory service, 186 the userPKCS12 attribute should be used. This attribute is to be stored 187 and requested in binary form, as 'userPKCS12;binary'. The attribute 188 values are PFX PDUs stored as octetStrings. 189 ( 2.16.840.1.113730.3.1.216 190 NAME 'userPKCS12' 191 DESC 'PKCS #12 PFX PDU for exchange of personal identity information' 192 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) 193 ) 195 5. Definition of the inetOrgPerson Object Class 197 The inetOrgPerson represents people who are associated with an organiza- 198 tion in some way. It is a structural class and is derived from the 199 organizationalPerson class which is defined in [X521]. 200 ( 2.16.840.1.113730.3.2.2 201 NAME 'inetOrgPerson' 202 SUP organizationalPerson 203 STRUCTURAL 204 MAY ( 205 audio $ businessCategory $ carLicense $ departmentNumber $ 206 displayName $ employeeNumber $ employeeType $ givenName $ homePhone $ 207 homePostalAddress $ initials $ jpegPhoto $ labeledURI $ 208 mail $ manager $ mobile $ pager $ 209 photo $ roomNumber $ secretary $ uid $ userCertificate $ 210 x500uniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ 211 userPKCS12 212 ) 213 ) 215 For reference, we list the following additional attribute types that are 216 part of the inetOrgPerson object class. These attribute types are 217 inherited from organizationalPerson (which in turn is derived from the 218 person object class): 219 MUST ( 220 cn $ objectClass $ sn 221 ) 222 MAY ( 223 description $ destinationIndicator $ facsimileTelephoneNumber $ 224 internationaliSDNNumber $ l $ ou $ physicalDeliveryOfficeName $ 225 postalAddress $ postalCode $ postOfficeBox $ 226 preferredDeliveryMethod $ registeredAddress $ seeAlso $ 227 st $ street $ telephoneNumber $ teletexTerminalIdentifier $ 228 telexNumber $ title $ userPassword $ x121Address 229 ) 231 6. Example of an inetOrgPerson Entry 233 The following example is expressed using the LDIF notation defined in 234 [LDIF]. 236 dn: cn=Barbara Jensen, ou=Product Development, o=Ace Industry, c=US 237 objectClass: top 238 objectClass: person 239 objectClass: organizationalPerson 240 objectClass: inetOrgPerson 241 cn: Barbara Jensen 242 cn: Babs Jensen 243 sn: Jensen 244 givenName: Barbara 245 initials: BJJ 246 title: manager, product development 247 uid: bjensen 248 mail: bjensen@aceindustry.com 249 telephoneNumber: +1 408 555 1862 250 facsimileTelephoneNumber: +1 408 555 1992 251 mobile: +1 408 555 1941 252 roomNumber: 0209 253 carLicense: 6ABC246 254 departmentNumber: 2604 255 employeeNumber: 42 256 employeeType: full time 257 preferredLanguage: fr, en-gb;q=0.8, en;q=0.7 258 labeledURI: http://www.aceindustry.com/users/bjensen My Home Page 260 7. Security Considerations 262 Attributes of directory entries are used to provide descriptive informa- 263 tion about the real-world objects they represent, which can be people, 264 organizations or devices. Most countries have privacy laws regarding 265 the publication of information about people. 267 Transfer of cleartext passwords are strongly discouraged where the 268 underlying transport service cannot guarantee confidentiality and may 269 result in disclosure of the password to unauthorized parties. 271 8. Acknowledgments 273 The Netscape Directory Server team created the inetOrgPerson object 274 class based on experience and customer requirements. Anil Bhavnani and 275 John Kristian in particular deserve credit for all of the early design 276 work. 278 Many members of the Internet community, in particular those in the IETF 279 ASID and LDAPEXT groups, also contributed to the design of this object 280 class. 282 9. Copyright 284 Copyright (C) The Internet Society (1996-1999). All Rights Reserved. 286 This document and translations of it may be copied and furnished to oth- 287 ers, and derivative works that comment on or otherwise explain it or 288 assist in its implementation may be prepared, copied, published and dis- 289 tributed, in whole or in part, without restriction of any kind, provided 290 that the above copyright notice and this paragraph are included on all 291 such copies and derivative works. However, this document itself may not 292 be modified in any way, such as by removing the copyright notice or 293 references to the Internet Society or other Internet organizations, 294 except as needed for the purpose of developing Internet standards in 295 which case the procedures for copyrights defined in the Internet Stan- 296 dards process must be followed, or as required to translate it into 297 languages other than English. 299 The limited permissions granted above are perpetual and will not be 300 revoked by the Internet Society or its successors or assigns. 302 This document and the information contained herein is provided on an "AS 303 IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK 304 FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT 305 LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT 306 INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FIT- 307 NESS FOR A PARTICULAR PURPOSE. 309 10. Bibliography 311 [JFIF]E. Hamilton, "JPEG File Interchange Format (Version 1.02)", C-Cube 312 Microsystems, Milpitas, CA, September 1, 1992. 314 [LDIF]G. Good, "The LDAP Data Interchange Format (LDIF) - Technical 315 Specification" INTERNET-DRAFT , 1 316 February 1999. 318 [PKCS12] 319 "PKCS #12: Personal Information Exchange Standard", Version 1.0 320 DRAFT, 30 April 1997. 322 [RFC1274] 323 P. Barker, S. Kille, "The COSINE and Internet X.500 Schema", RFC 324 1274, November 1991. 326 [RFC1847] 327 J. Galvin, S. Murphy, S. Crocker, N. Freed, "Security Multiparts 328 for MIME: Multipart/Signed and Multipart/Encrypted", RFC 1847, 329 October 1995. 331 [RFC2068] 332 R. Fielding, J. Gettys, J. Mogul, H. Frystyk, T. Berners-Lee, 333 "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2068, January 1997. 335 [RFC2079] 336 M. Smith, "Definition of an X.500 Attribute Type and an Object 337 Class to Hold Uniform Resource Identifiers (URIs)", RFC 2079, Janu- 338 ary 1997. 340 [RFC2251] 341 M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access Protocol 342 (v3)", RFC 2251, December 1997. 344 [RFC2252] 345 M. Wahl, A. Coulbeck, T. Howes, S. Kille, W. Yeong, C. Robbins, 346 "Lightweight Directory Access Protocol (v3): Attribute Syntax 347 Definitions", RFC 2252, December 1997. 349 [RFC2256] 350 M. Wahl, "A Summary of the X.500(96) User Schema for use with 351 LDAPv3", RFC 2256, December 1997. 353 [X500]ITU-T Rec. X.500, "The Directory: Overview of Concepts, Models and 354 Service", 1993. 356 [X520]ITU-T Rec. X.520, "The Directory: Selected Attribute Types", 1993. 358 [X521]ITU-T Rec. X.521, "The Directory: Selected Object Classes", 1993. 360 11. Author's Address 362 Mark Smith 363 Netscape Communications Corp. 364 501 E. Middlefield Rd., Mailstop MV068 365 Mountain View, CA 94043, USA 366 Phone: +1 650 937-3477 367 EMail: mcs@netscape.com 369 12. Appendix A - Summary of Attribute Types Included in inetOrgPerson 371 This appendix provides definitions of all the attribute types included 372 in the inetOrgPerson object class. 374 12.1. Attribute types defined in this document 375 ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' 376 DESC 'vehicle license or registration plate' 377 EQUALITY caseIgnoreMatch 378 SUBSTRINGS caseIgnoreSubstringsMatch 379 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 381 ( 2.16.840.1.113730.3.1.2 382 NAME 'departmentNumber' 383 DESC 'identifies a department within an organization' 384 EQUALITY caseIgnoreMatch 385 SUBSTRINGS caseIgnoreSubstringsMatch 386 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 388 ( 2.16.840.1.113730.3.1.241 389 NAME 'displayName' 390 DESC 'preferred name of a person to be used when displaying entries' 391 EQUALITY caseIgnoreMatch 392 SUBSTRINGS caseIgnoreSubstringsMatch 393 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 395 ( 2.16.840.1.113730.3.1.3 396 NAME 'employeeNumber' 397 DESC 'numerically identifies an employee within an organization' 398 EQUALITY caseIgnoreMatch 399 SUBSTRINGS caseIgnoreSubstringsMatch 400 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 401 SINGLE-VALUE ) 403 ( 2.16.840.1.113730.3.1.4 404 NAME 'employeeType' 405 DESC 'type of employment for a person' 406 EQUALITY caseIgnoreMatch 407 SUBSTRINGS caseIgnoreSubstringsMatch 408 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 410 ( 0.9.2342.19200300.100.1.60 411 NAME 'jpegPhoto' 412 DESC 'a JPEG image' 413 SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) 414 Note: The jpegPhoto attribute type was defined for use in the 415 Internet X.500 pilots but no referencable definition for it 416 could be located. 418 ( 2.16.840.1.113730.3.1.39 419 NAME 'preferredLanguage' 420 DESC 'preferred written or spoken language for a person' 421 EQUALITY caseIgnoreMatch 422 SUBSTRINGS caseIgnoreSubstringsMatch 423 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 424 SINGLE-VALUE ) 426 ( 2.16.840.1.113730.3.1.40 427 NAME 'userSMIMECertificate' 428 DESC 'signed message used to support S/MIME' 429 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) 431 ( 2.16.840.1.113730.3.1.216 432 NAME 'userPKCS12' 433 DESC 'PKCS #12 PFX PDU for exchange of personal identity information' 434 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) 436 12.2. Attribute types defined in the X.500 series of documents 438 Note that these attribute types are also documented in RFC 2256. 440 ( 2.5.4.15 441 NAME 'businessCategory' 442 EQUALITY caseIgnoreMatch 443 SUBSTR caseIgnoreSubstringsMatch 444 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) 446 ( 2.5.4.3 447 NAME 'cn' 448 SUP name ) 450 ( 2.5.4.13 451 NAME 'description' 452 EQUALITY caseIgnoreMatch 453 SUBSTR caseIgnoreSubstringsMatch 454 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) 456 ( 2.5.4.27 457 NAME 'destinationIndicator' 458 EQUALITY caseIgnoreMatch 459 SUBSTR caseIgnoreSubstringsMatch 460 SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) 462 ( 2.5.4.23 463 NAME 'facsimileTelephoneNumber' 464 SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ) 466 ( 2.5.4.42 467 NAME 'givenName' 468 SUP name ) 470 ( 2.5.4.43 471 NAME 'initials' 472 SUP name ) 474 ( 2.5.4.25 475 NAME 'internationaliSDNNumber' 476 EQUALITY numericStringMatch 477 SUBSTR numericStringSubstringsMatch 478 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) 480 ( 2.5.4.7 481 NAME 'l' 482 SUP name ) 484 ( 2.5.4.0 485 NAME 'objectClass' 486 EQUALITY objectIdentifierMatch 487 SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) 489 ( 2.5.4.11 490 NAME 'ou' 491 SUP name ) 493 ( 2.5.4.19 494 NAME 'physicalDeliveryOfficeName' 495 EQUALITY caseIgnoreMatch 496 SUBSTR caseIgnoreSubstringsMatch 497 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) 499 ( 2.5.4.18 500 NAME 'postOfficeBox' 501 EQUALITY caseIgnoreMatch 502 SUBSTR caseIgnoreSubstringsMatch 503 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) 505 ( 2.5.4.16 506 NAME 'postalAddress' 507 EQUALITY caseIgnoreListMatch 508 SUBSTR caseIgnoreListSubstringsMatch 509 SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) 511 ( 2.5.4.17 512 NAME 'postalCode' 513 EQUALITY caseIgnoreMatch 514 SUBSTR caseIgnoreSubstringsMatch 515 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) 517 ( 2.5.4.28 518 NAME 'preferredDeliveryMethod' 519 SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 520 SINGLE-VALUE ) 522 ( 2.5.4.26 523 NAME 'registeredAddress' 524 SUP postalAddress 525 SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) 527 ( 2.5.4.34 528 NAME 'seeAlso' 529 SUP distinguishedName ) 531 ( 2.5.4.4 532 NAME 'sn' 533 SUP name ) 535 ( 2.5.4.8 536 NAME 'st' 537 SUP name ) 539 ( 2.5.4.9 540 NAME 'street' 541 EQUALITY caseIgnoreMatch 542 SUBSTR caseIgnoreSubstringsMatch 543 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) 545 ( 2.5.4.20 546 NAME 'telephoneNumber' 547 EQUALITY telephoneNumberMatch 548 SUBSTR telephoneNumberSubstringsMatch 549 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) 551 ( 2.5.4.22 552 NAME 'teletexTerminalIdentifier' 553 SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) 555 ( 2.5.4.21 556 NAME 'telexNumber' 557 SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) 559 ( 2.5.4.12 560 NAME 'title' 561 SUP name ) 563 ( 2.5.4.36 564 NAME 'userCertificate' 565 SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) 567 ( 2.5.4.35 568 NAME 'userPassword' 569 EQUALITY octetStringMatch 570 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) 572 ( 2.5.4.24 573 NAME 'x121Address' 574 EQUALITY numericStringMatch 575 SUBSTR numericStringSubstringsMatch 576 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ) 578 ( 2.5.4.45 579 NAME 'x500UniqueIdentifier' 580 EQUALITY bitStringMatch 581 SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) 583 Some attribute types included in inetOrgPerson are derived from the 584 'name' and 'distinguishedName' attribute supertypes: 585 ( 2.5.4.41 586 NAME 'name' 587 EQUALITY caseIgnoreMatch 588 SUBSTR caseIgnoreSubstringsMatch 589 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) 591 ( 2.5.4.49 592 NAME 'distinguishedName' 593 EQUALITY distinguishedNameMatch 594 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 596 12.3. Attribute types defined in RFC 1274 597 ( 0.9.2342.19200300.100.1.55 598 NAME 'audio' 599 EQUALITY octetStringMatch 600 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{250000} ) 601 Note: The syntax used here for the audio attribute type is Octet 602 String. RFC 1274 uses a syntax called audio which is not defined 603 in RFC 1274. 605 ( 0.9.2342.19200300.100.1.20 606 NAME 'homePhone' 607 EQUALITY telephoneNumberMatch 608 SUBSTR telephoneNumberSubstringsMatch 609 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) 610 Note: RFC 1274 uses the longer name 'homeTelephoneNumber'. 612 ( 0.9.2342.19200300.100.1.39 613 NAME 'homePostalAddress' 614 EQUALITY caseIgnoreListMatch 615 SUBSTR caseIgnoreListSubstringsMatch 616 SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) 618 ( 0.9.2342.19200300.100.1.3 619 NAME 'mail' 620 EQUALITY caseIgnoreIA5Match 621 SUBSTR caseIgnoreIA5SubstringsMatch 622 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) 623 Note: RFC 1274 uses the longer name 'rfc822Mailbox' and syntax OID 624 of 0.9.2342.19200300.100.3.5. The newer LDAP RFCs refer to this 625 this attribute as 'mail' and define the IA5 String syntax using 626 using the OID 1.3.6.1.4.1.1466.115.121.1.26, as is done here. 628 ( 0.9.2342.19200300.100.1.10 629 NAME 'manager' 630 EQUALITY distinguishedNameMatch 631 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 633 ( 0.9.2342.19200300.100.1.41 634 NAME 'mobile' 635 EQUALITY telephoneNumberMatch 636 SUBSTR telephoneNumberSubstringsMatch 637 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) 638 Note: RFC 1274 uses the longer name 'mobileTelephoneNumber'. 640 ( 0.9.2342.19200300.100.1.42 641 NAME 'pager' 642 EQUALITY telephoneNumberMatch 643 SUBSTR telephoneNumberSubstringsMatch 644 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) 645 Note: RFC 1274 uses the longer name 'pagerTelephoneNumber'. 647 ( 0.9.2342.19200300.100.1.7 648 NAME 'photo' ) 649 Note: Photo attribute values are encoded in G3 fax format with an 650 ASN.1 wrapper. Please refer to RFC 1274 section 9.3.7 for 651 detailed syntax information for this attribute. 653 ( 0.9.2342.19200300.100.1.6 654 NAME 'roomNumber' 655 EQUALITY caseIgnoreMatch 656 SUBSTR caseIgnoreSubstringsMatch 657 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 659 ( 0.9.2342.19200300.100.1.21 660 NAME 'secretary' 661 EQUALITY distinguishedNameMatch 662 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 664 ( 0.9.2342.19200300.100.1.1 665 NAME 'uid' 666 EQUALITY caseIgnoreMatch 667 SUBSTR caseIgnoreSubstringsMatch 668 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 669 Note: RFC 1274 uses the longer name 'userid'. 671 12.4. Attribute types defined in RFC 2079 672 ( 1.3.6.1.4.1.250.1.57 673 NAME 'labeledURI' 674 EQUALITY caseExactMatch 675 SUBSTR caseExactSubstringsMatch 676 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 678 13. Appendix B - Change History 680 Changes since draft-smith-ldap-inetorgperson-01.txt: 682 "Status of Memo" section: added a statement that this document is in 683 full conformance with all provisions of Section 10 of RFC2026. Also 684 revised the text about the Internet Draft current and shadow direc- 685 tories as recommended by the latest I-D guidelines. 687 "Definition of the inetOrgPerson Object Class" section: added 688 displayName to the list of attribute types in the inetOrgPerson 689 definition. The displayName attribute was added the last time this 690 document was revised but inadvertently omitted from the object class 691 definition. 693 "Bibliography" section: updated LDIF Internet Draft reference. 695 Appendix A: corrected the syntax OID for the mail attribute type to 696 match that specified for IA5 String in RFC 2252. 698 This Internet Draft expires on 18 August 1999. 700 1. Status of this Memo............................................1 701 2. Abstract.......................................................1 702 3. Background and Intended Usage..................................2 703 4. New Attribute Types Used in the inetOrgPerson Object Class.....2 704 4.1. Vehicle license or registration plate.......................2 705 4.2. Department number...........................................3 706 4.3. Display Name................................................3 707 4.4. Employee Number.............................................3 708 4.5. Employee Type...............................................3 709 4.6. JPEG Photograph.............................................4 710 4.7. Preferred Language..........................................4 711 4.8. User S/MIME Certificate.....................................4 712 4.9. User PKCS #12...............................................5 713 5. Definition of the inetOrgPerson Object Class...................5 714 6. Example of an inetOrgPerson Entry..............................6 715 7. Security Considerations........................................6 716 8. Acknowledgments................................................7 717 9. Copyright......................................................7 718 10. Bibliography...................................................7 719 11. Author's Address...............................................9 720 12. Appendix A - Summary of Attribute Types Included in inetOrgPerson9 721 12.1. Attribute types defined in this document....................9 722 12.2. Attribute types defined in the X.500 series of documents....10 723 12.3. Attribute types defined in RFC 1274.........................14 724 12.4. Attribute types defined in RFC 2079.........................15 725 13. Appendix B - Change History....................................15