idnits 2.17.1 

draft-zeilenga-ldap-cosine-02.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** It looks like you're using RFC 3978 boilerplate.  You should update this
     to the boilerplate described in the IETF Trust License Policy document
     (see https://trustee.ietf.org/license-info), which is required now.

  -- Found old boilerplate from RFC 3978, Section 5.1 on line 23.

  -- Found old boilerplate from RFC 3978, Section 5.5 on line 1127.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 1098.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 1105.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 1111.

  ** Found boilerplate matching RFC 3978, Section 5.4, paragraph 1 (on line
     1115), which is fine, but *also* found old RFC 2026, Section 10.4C,
     paragraph 1 text on line 40.

  ** This document has an original RFC 3978 Section 5.4 Copyright Line,
     instead of the newer IETF Trust Copyright according to RFC 4748.

  ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead
     of the newer disclaimer which includes the IETF Trust according to RFC
     4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** There is 1 instance of too long lines in the document, the longest one
     being 2 characters in excess of 72.

  == The 'Obsoletes: ' line in the draft header should list only the
     _numbers_ of the RFCs which will be obsoleted by this document (if
     approved); it should not include the word 'RFC' in the list.

  == The 'Updates: ' line in the draft header should list only the _numbers_
     of the RFCs which will be updated by this document (if approved); it
     should not include the word 'RFC' in the list.

  -- The abstract seems to indicate that this document obsoletes RFC1274, but
     the header doesn't have an 'Obsoletes:' line to match this.

  -- The abstract seems to indicate that this document updates RFC2798, but
     the header doesn't have an 'Updates:' line to match this.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  == Line 1029 has weird spacing: '...eNumber   mobi...'

  == Line 1030 has weird spacing: '...eNumber    pag...'

  == The document seems to lack the recommended RFC 2119 boilerplate, even if
     it appears to use RFC 2119 keywords -- however, there's a paragraph with
     a matching beginning. Boilerplate error?

     (The document does seem to have the reference to RFC 2119 which the
     ID-Checklist requires).
     (Using the creation date from RFC2247, updated by this document, for
     RFC5378 checks: 1996-08-01)

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (6 February 2006) is 6653 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Missing Reference: 'RFC1487' is mentioned on line 120, but not defined

  ** Obsolete undefined reference: RFC 1487 (Obsoleted by RFC 1777, RFC 3494)

  == Missing Reference: 'RFC2251' is mentioned on line 121, but not defined

  ** Obsolete undefined reference: RFC 2251 (Obsoleted by RFC 4510, RFC 4511,
     RFC 4512, RFC 4513)

  == Missing Reference: 'RFC2822' is mentioned on line 779, but not defined

  ** Obsolete undefined reference: RFC 2822 (Obsoleted by RFC 5322)

  == Missing Reference: 'Historic' is mentioned on line 1035, but not defined

  == Missing Reference: 'RFC1279' is mentioned on line 1062, but not defined

  == Missing Reference: 'QoS' is mentioned on line 1068, but not defined

  == Unused Reference: 'RFC2247' is defined on line 964, but no explicit
     reference was found in the text

  == Unused Reference: 'NamingPlan' is defined on line 998, but no explicit
     reference was found in the text

  ** Obsolete normative reference: RFC 2822 (ref. 'RFC2821') (Obsoleted by
     RFC 5322)

  ** Obsolete normative reference: RFC 3490 (Obsoleted by RFC 5890, RFC 5891)

  -- No information found for draft-ietf-ldapbis-roadmap-xx - is the name
     correct?

  -- Possible downref: Normative reference to a draft: ref. 'Roadmap' 

  -- No information found for draft-ietf-ldapbis-models-xx - is the name
     correct?

  -- Possible downref: Normative reference to a draft: ref. 'Models' 

  -- No information found for draft-ietf-ldapbis-syntaxes-xx - is the name
     correct?

  -- Possible downref: Normative reference to a draft: ref. 'Syntaxes' 

  -- No information found for draft-ietf-ldapbis-user-schema-xx - is the name
     correct?

  -- Possible downref: Normative reference to a draft: ref. 'Schema' 

  -- No information found for draft-ietf-ldapbis-authmeth-xx - is the name
     correct?

  -- Possible downref: Normative reference to a draft: ref. 'AuthMeth' 

  -- No information found for draft-zeilenga-ldap-namingplan-xx - is the name
     correct?

  -- Obsolete informational reference (is this intentional?): RFC 1274
     (Obsoleted by RFC 4524)

  -- No information found for draft-ietf-ldapbis-bcp64-xx - is the name
     correct?


     Summary: 10 errors (**), 0 flaws (~~), 14 warnings (==), 22 comments
     (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	INTERNET-DRAFT                           Editor:  Kurt D. Zeilenga
3	Intended Category: Standard Track                 OpenLDAP Foundation
4	Expires in six months                             6 February 2006
5	Obsoletes: RFC 1274
6	Updates: RFC 2247, RFC 2798

8	                         COSINE LDAP/X.500 Schema
9	                   <draft-zeilenga-ldap-cosine-02.txt>

11	Status of this Memo

13	  This document is intended to be, after appropriate review and
14	  revision, submitted to the RFC Editor as a Standard Track document.
15	  Distribution of this memo is unlimited.  Technical discussion of this
16	  document will take place on the IETF LDAPEXT mailing list
17	  <ldapext@ietf.org>.  Please send editorial comments directly to the
18	  author <Kurt@OpenLDAP.org>.

20	  By submitting this Internet-Draft, each author represents that any
21	  applicable patent or other IPR claims of which he or she is aware have
22	  been or will be disclosed, and any of which he or she becomes aware
23	  will be disclosed, in accordance with Section 6 of BCP 79.

25	  Internet-Drafts are working documents of the Internet Engineering Task
26	  Force (IETF), its areas, and its working groups. Note that other
27	  groups may also distribute working documents as Internet-Drafts.

29	  Internet-Drafts are draft documents valid for a maximum of six months
30	  and may be updated, replaced, or obsoleted by other documents at any
31	  time. It is inappropriate to use Internet-Drafts as reference material
32	  or to cite them other than as "work in progress."

34	  The list of current Internet-Drafts can be accessed at
35	  http://www.ietf.org/1id-abstracts.html

37	  The list of Internet-Draft Shadow Directories can be accessed at
38	  http://www.ietf.org/shadow.html

40	  Copyright (C) The Internet Society (2006).  All Rights Reserved.

42	  Please see the Full Copyright section near the end of this document
43	  for more information.

45	Abstract
46	  This document provides a collection of schema elements for use with
47	  the Lightweight Directory Access Protocol (LDAP) from the COSINE and
48	  Internet X.500 pilot projects.

50	  This document obsoletes RFC 1274 and updates RFC 2247 and RFC 2798.

52	Table of Contents

54	  Status of this Memo                                  1
55	  Abstract                                             2
56	  Table of Contents
57	  1.     Background and Intended Use                   3
58	  1.1.     Relationship with Other Documents
59	  1.2.     Terminology and Conventions
60	  2.     COSINE Attribute Types                        4
61	  2.1.     associatedDomain
62	  2.2.     associatedName
63	  2.3.     buildingName
64	  2.3.     co
65	  2.5.     documentAuthor
66	  2.6.     documentIdentifier
67	  2.7.     documentLocation
68	  2.8.     documentPublisher
69	  2.9.     documentTitle
70	  2.10.    documentVersion
71	  2.11.    drink
72	  2.12.    homePhone
73	  2.13.    homePostalAddress
74	  2.14.    host
75	  2.16.    info
76	  2.17.    mail
77	  2.18.    manager
78	  2.19.    mobile
79	  2.20.    organizationalStatus
80	  2.21.    pager
81	  2.22.    personalTitle
82	  2.23.    roomNumber
83	  2.24.    secretary
84	  2.26.    uniqueIdentifier
85	  2.27.    userClass
86	  3.     COSINE Object Classes                        14
87	  3.1.     account
88	  3.2.     document
89	  3.3.     documentSeries
90	  3.4.     domain
91	  3.5.     domainRelatedObject
92	  3.6.     friendlyCountry
93	  3.7.     rFC822LocalPart
94	  3.8.     room
95	  3.9.     simpleSecurityObject
96	  4.     Security Considerations                      19
97	  5.     IANA Considerations                          20
98	  6.     Acknowledgments                              21
99	  7.     Editor's Address
100	  8.     References
101	  A.     Changes Since RFC 1274                       23
102	  Intellectual Property Rights                        24
103	  Full Copyright

105	1. Background and Intended Use

107	  In the late 1980s, X.500 Directory Services were standardised by the
108	  CCITT (Commite' Consultatif International de Telegraphique et
109	  Telephonique), now a part of the ITU (International Telephone Union).
110	  This lead to Directory Service piloting activities in the early 1990s,
111	  including the COSINE (Co-operation and Open Systems Interconnection in
112	  Europe) PARADISE Project pilot [COSINEpilot] in Europe.  Motivated by
113	  needs large scale directory pilots, RFC 1274 was published to
114	  standardize directory schema and naming architecture for use in the
115	  COSINE and other Internet X.500 pilots [RFC1274].

117	  In the years that followed, X.500 Directory Services have evolved to
118	  incorporate new capabilities and even new protocols.  In particular,
119	  the Lightweight Directory Access Protocol (LDAP) [Roadmap] was
120	  introduced in the early 1990s [RFC1487], with Version 3 of LDAP
121	  introduced in the late 1990s [RFC2251] and subsequently revised in the
122	  2005 [Roadmap].

124	  While much of the material in RFC 1274 has been superceed by
125	  subsequently published ITU-T Recommendations and IETF RFCs, many of
126	  the schema elements lack standardized schema descriptions for use in
127	  modern X.500 and LDAP directory services despite the fact that these
128	  schema elements are in wide use today.  As the old schema descriptions
129	  cannot be used without adaptation, interoperabilty issues may arise
130	  due to lack of standardized modern schema descriptions.

132	  This document addresses these issues by offering standardized schema
133	  descriptions, where needed, for widely-used COSINE schema elements.

135	1.1.  Relationship to Other Documents

137	  This document, together with [Schema] and [Syntaxes], obsoletes RFC
138	  1274 in its entirety.  [Schema] replaces sections 9.3.1 (Userid) and
139	  9.3.21 (Domain Component) of RFC 1274.  [Syntaxes] replaces section
140	  9.4 (Generally useful syntaxes) of RFC 1274.

142	  This document replaces the remainder of RFC 1274.  Appendix A.
143	  discusses changes since RFC 1274, as well as why certain schema
144	  elements were not brought forward in this revision of the COSINE
145	  schema.  All elements not brought are to be regarded as Historic.

147	  The description of the 'domain' object class provided in this document
148	  supercedes that found in RFC 2247.  That is, section 3.4 of this
149	  document replaces section 5.2 of RFC 2247.

151	  Some of schema elements specified here were described in RFC 2798
152	  (inetOrgPerson schema).  This document supersedes these descriptions.
153	  This document, together with [Schema], replaces section 9.1.3 of RFC
154	  2798.

156	1.2. Terminology and Conventions

158	  The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
159	  "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
160	  document are to be interpreted as described in BCP 14 [RFC2119].

162	  DIT stands for Directory Information Tree.
163	  DN stands for Distinguished Name.
164	  DSA stands for Directory System Agent, a server.
165	  DSE stands for DSA-Specific Entry.
166	  DUA stands for Directory User Agent, a client.

168	  These terms are discussed in [Models].

170	  Schema definitions are provided using LDAP description formats
171	  [Models].  Definitions provided here are formatted (line wrapped) for
172	  readability.

174	2. COSINE Attribute Types

176	  This section details COSINE attribute types for use in LDAP.

178	2.1. associatedDomain

180	  The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181] host
181	  names [RFC1123] which are associated with an object.   That is, values
182	  of this attribute should conform to the following ABNF:

184	      domain = root / label *( DOT label )
185	      root   = SPACE
186	      label  = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ]
187	      LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z"
188	      SPACE  = %x20                        ; space (" ")
189	      HYPHEN = %x2D                        ; hyphen ("-")
190	      DOT    = %x2E                        ; period (".")

192	  For example, the entry in the DIT with a DN <DC=example,DC=com> might
193	  have an associated domain of "example.com".

195	      ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
196	        EQUALITY caseIgnoreIA5Match
197	        SUBSTR caseIgnoreIA5SubstringsMatch
198	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

200	  The IA5String (1.3.6.1.4.1.1466.115.121.1.26) syntax and the
201	  'caseIgnoreIA5Match' and 'caseIgnoreIA5SubstringsMatch' rules are
202	  described in [Syntaxes].

204	  It is noted that the directory will not ensure that values of this
205	  attribute conform to the <domain> production provided above.  It is
206	  the application responsibility to ensure domains it stores in this
207	  attribute are appropriately represented.

209	  It is also noted that applications supporting Internationalized Domain
210	  Names SHALL use the ToASCII method [RFC3490] to produce <label>
211	  components of the <domain> production.

213	2.2. associatedName

215	  The 'associatedName' attribute specifies names of entries in the
216	  organizational DIT associated with a DNS domain [RFC1034][RFC2181].

218	      ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
219	        EQUALITY distinguishedNameMatch
220	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )

222	  The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
223	  'distinguishedNameMatch' rule are described in [Syntaxes].

225	2.3.  buildingName

227	  The 'buildingName' attribute specifies names of the buildings where an
228	  organization or organizational unit is based.  For example, "The White
229	  House".

231	      ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
232	        EQUALITY caseIgnoreMatch
233	        SUBSTR caseIgnoreSubstringsMatch
234	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

236	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
237	  'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
238	  in [Syntaxes].

240	2.3. co

242	  The 'co' (Friendly Country Name) attribute specifies names of
243	  countries in human-readable format.  For example, "Germany" and
244	  "Federal Republic of Germany".  It is commonly used in conjunction
245	  with the 'c' (Country Name) [Schema] attribute (whose values are
246	  restricted to the two-letter codes defined in [ISO3166]).

248	      ( 0.9.2342.19200300.100.1.43 NAME 'co'
249	        EQUALITY caseIgnoreMatch
250	        SUBSTR caseIgnoreSubstringsMatch
251	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

253	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
254	  'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
255	  in [Syntaxes].

257	2.5. documentAuthor

259	  The 'documentAuthor' attribute specifies the distinguished name of
260	  authors (or editors) of a document.  For example,

262	      ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
263	        EQUALITY distinguishedNameMatch
264	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )

266	  The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
267	  'distinguishedNameMatch' rule are described in [Syntaxes].

269	2.6. documentIdentifier

271	  The 'documentIdentifier' attribute specifies unique identifiers for a
272	  document.  A document may be identified by more than one unique
273	  identifier.  For example, RFC 3383 and BCP 64 are unique identifers
274	  which (presently) refer to the same document.

276	      ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
277	        EQUALITY caseIgnoreMatch
278	        SUBSTR caseIgnoreSubstringsMatch
279	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

281	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
282	  'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
283	  in [Syntaxes].

285	2.7. documentLocation

287	  The 'documentLocation' attribute specifies locations of the document
288	  original.

290	      ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
291	        EQUALITY caseIgnoreMatch
292	        SUBSTR caseIgnoreSubstringsMatch
293	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

295	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
296	  'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
297	  in [Syntaxes].

299	2.8. documentPublisher

301	  The 'documentPublisher' attribute is the persons and/or organizations
302	  that published the document.  Documents which are jointly published
303	  have one value for each publisher.

305	      ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
306	        EQUALITY caseIgnoreMatch
307	        SUBSTR caseIgnoreSubstringsMatch
308	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

310	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
311	  'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
312	  in [Syntaxes].

314	2.9. documentTitle

316	  The 'documentTitle' attribute specifies the titles of a document.
317	  Multiple values are allowed to accomadate both long and short titles,
318	  or other situations where a document has multiple titles.  For
319	  example, "The Lightweight Directory Access Protocol Technical
320	  Specification" and "The LDAP Technical Specification".

322	      ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
323	        EQUALITY caseIgnoreMatch
324	        SUBSTR caseIgnoreSubstringsMatch
325	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

327	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
328	  'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
329	  in [Syntaxes].

331	2.10. documentVersion

333	  The 'documentVersion' attribute specifies the version information of a
334	  document.

336	      ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
337	        EQUALITY caseIgnoreMatch
338	        SUBSTR caseIgnoreSubstringsMatch
339	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

341	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
342	  'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
343	  in [Syntaxes].

345	2.11. drink

347	  The 'drink' (favoriteDrink) attribute specifies favorite drinks of an
348	  object (or person).  For instance, "cola" and "beer".

350	      ( 0.9.2342.19200300.100.1.5 NAME 'drink'
351	        EQUALITY caseIgnoreMatch
352	        SUBSTR caseIgnoreSubstringsMatch
353	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

355	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
356	  'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
357	  in [Syntaxes].

359	2.12. homePhone

361	  The 'homePhone' (Home Telephone Number) attribute specifies home
362	  telephone numbers (e.g., "+1 775 555 1234") associated with a person.

364	      ( 0.9.2342.19200300.100.1.20 NAME 'homePhone'
365	        EQUALITY telephoneNumberMatch
366	        SUBSTR telephoneNumberSubstringsMatch
367	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )

369	  The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and the
370	  'telephoneNumberMatch' and 'telephoneNumberSubstringsMatch' rules are
371	  described in [Syntaxes].

373	2.13. homePostalAddress

375	  The 'homePostalAddress' attribute specifies home postal addresses for
376	  an object.  Each value should be limited to up to 6 directory strings
377	  of 30 characters each.  (Note: it is not intended that the directory
378	  service enforce these limits.)

380	      ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress'
381	        EQUALITY caseIgnoreListMatch
382	        SUBSTR caseIgnoreListSubstringsMatch
383	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )

385	  The PostalAddress (1.3.6.1.4.1.1466.115.121.1.41) syntax and the
386	  'caseIgnoreListMatch' and 'caseIgnoreListSubstringsMatch' rules are
387	  described in [Syntaxes].

389	2.14. host

391	  The 'host' attribute specifies host computers, generally by their
392	  primary fully-qualified domain name (e.g., my-host.example.com).

394	      ( 0.9.2342.19200300.100.1.9 NAME 'host'
395	        EQUALITY caseIgnoreMatch
396	        SUBSTR caseIgnoreSubstringsMatch
397	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

399	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
400	  'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
401	  in [Syntaxes].

403	2.16. info

405	  The 'info' attribute specifies any general information pertinent to an
406	  object.  This information is not necessarily descriptive of the
407	  object.

409	  Applications should not attach specific semantics to values of this
410	  attribute.  The 'description' attribute [Schema] is available for
411	  specifying descriptive information pertinent to an object.

413	      ( 0.9.2342.19200300.100.1.4 NAME 'info'
414	        EQUALITY caseIgnoreMatch
415	        SUBSTR caseIgnoreSubstringsMatch
416	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )

418	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
419	  'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
420	  in [Syntaxes].

422	2.17. mail

424	  The 'mail' (rfc822mailbox) attribute type holds Internet mail
425	  addresses in Mailbox [RFC2821] form (e.g.: user@example.com).

427	      ( 0.9.2342.19200300.100.1.3 NAME 'mail'
428	        EQUALITY caseIgnoreIA5Match
429	        SUBSTR caseIgnoreIA5SubstringsMatch
430	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

432	  The IA5String (1.3.6.1.4.1.1466.115.121.1.26) syntax and the
433	  'caseIgnoreIA5Match' and 'caseIgnoreIA5SubstringsMatch' rules are
434	  described in [Syntaxes].

436	  It is noted that the directory will not ensure that values of this
437	  attribute conform to the <Mailbox> production [RFC2821].  It is the
438	  application responsibility to ensure domains it stores in this
439	  attribute are appropriately represented.

441	  Additionally, the directory will compare values per the matching rules
442	  named in the above attribute type description.  As these rules differ
443	  from rules which normally apply to <Mailbox> comparisons, operational
444	  issues may arise.  For example, the assertion (mail=joe@example.com)
445	  will match "JOE@example.com" even though the <local-parts> differ.
446	  Also, where a user has two <Mailbox>es which whose addresses differ
447	  only by case of the <local-part>, both cannot be listed as values of
448	  the user's mail attribute (as they are considered by the
449	  'caseIgnoreIA5Match' rule to be equal).

451	  It is also noted that applications supporting internationalized domain
452	  names SHALL use the ToASCII method [RFC3490] to produce <sub-domain>
453	  components of the <Mailbox> production.

455	2.18. manager
456	  The 'manager' attribute specifies managers, by distinguished name, of
457	  the person (or entity).

459	      ( 0.9.2342.19200300.100.1.10 NAME 'manager'
460	        EQUALITY distinguishedNameMatch
461	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )

463	  The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
464	  'distinguishedNameMatch' rule are described in [Syntaxes].

466	2.19. mobile

468	  The 'mobile' (mobileTelephoneNumber) attribute specifies mobile
469	  telephone numbers (e.g., "+1 775 555 6789") associated with a person
470	  (or entity).

472	      ( 0.9.2342.19200300.100.1.41 NAME 'mobile'
473	        EQUALITY telephoneNumberMatch
474	        SUBSTR telephoneNumberSubstringsMatch
475	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )

477	  The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and the
478	  'telephoneNumberMatch' and 'telephoneNumberSubstringsMatch' rules are
479	  described in [Syntaxes].

481	2.20. organizationalStatus

483	  The 'organizationalStatus' attribute specifies categories by which a
484	  person is often referred to in an organization.  Examples of usage in
485	  academia might include "undergraduate student", "researcher",
486	  "professor", "staff", etc..  Multiple values are allowed were the
487	  person is in multiple categories.

489	  Directory administrators and application designers SHOULD consider
490	  carefully the distinctions between this and the 'title' and
491	  'userClass' attributes.

493	      ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus'
494	        EQUALITY caseIgnoreMatch
495	        SUBSTR caseIgnoreSubstringsMatch
496	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

498	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
499	  'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
500	  in [Syntaxes].

502	2.21. pager

504	  The 'pager' (pagerTelephoneNumber) attribute specifies pager telephone
505	  numbers (e.g., "+1 775 555 5555") for an object.

507	      ( 0.9.2342.19200300.100.1.42 NAME 'pager'
508	        EQUALITY telephoneNumberMatch
509	        SUBSTR telephoneNumberSubstringsMatch
510	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )

512	  The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and the
513	  'telephoneNumberMatch' and 'telephoneNumberSubstringsMatch' rules are
514	  described in [Syntaxes].

516	2.22. personalTitle

518	  The 'personalTitle' attribute specifies personal titles for a person.
519	  Examples of personal titles are "Frau", "Dr.", "Herr", and
520	  "Professor".

522	      ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
523	        EQUALITY caseIgnoreMatch
524	        SUBSTR caseIgnoreSubstringsMatch
525	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

527	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
528	  'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
529	  in [Syntaxes].

531	2.23. roomNumber

533	  The 'roomNumber' attribute specifies the room number of an object.
534	  During periods of renumbering or in other circumstances where a room
535	  has multiple valid room numbers associated with it, multiple values
536	  may be provided.  Note that the 'cn' (commonName) attribute type
537	  SHOULD be used for naming room objects.

539	      ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber'
540	        EQUALITY caseIgnoreMatch
541	        SUBSTR caseIgnoreSubstringsMatch
542	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

544	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
545	  'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
546	  in [Syntaxes].

548	2.24. secretary

550	  The 'secretary' attribute specifies secretaries and/or administrative
551	  assistants, by distinguish name, of a person.

553	      ( 0.9.2342.19200300.100.1.21 NAME 'secretary'
554	        EQUALITY distinguishedNameMatch
555	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )

557	  The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
558	  'distinguishedNameMatch' rule are described in [Syntaxes].

560	2.26. uniqueIdentifier

562	  The 'uniqueIdentifier' attribute specifies a unique identifier for an
563	  object represented in the Directory.  The domain within which the
564	  identifier is unique, and the exact semantics of the identifier, are
565	  for local definition.  For a person, this might be an institution-wide
566	  payroll number.  For an organizational unit, it might be a department
567	  code.

569	      ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
570	        EQUALITY caseIgnoreMatch
571	        SUBSTR caseIgnoreSubstringsMatch
572	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

574	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
575	  'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
576	  in [Syntaxes].

578	  Note: X.520 also describes an attribute called 'uniqueIdentifier'
579	        (2.5.4.45) which is called 'x500UniqueIdentifier' in LDAP
580	        [Schema].  The attribute detailed here ought not be confused
581	        with 'x500UniqueIdentifier'.

583	2.27. userClass

585	  The 'userClass' attribute specifies categories of computer or
586	  application user.  The semantics placed on this attribute are for
587	  local interpretation.  Examples of current usage of this attribute in
588	  academia are "student", "staff", "faculty", etc..  Note that the
589	  'organizationalStatus' attribute type is now often be preferred as it
590	  makes no distinction between persons as opposed to users.

592	      ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
593	        EQUALITY caseIgnoreMatch
594	        SUBSTR caseIgnoreSubstringsMatch
595	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

597	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
598	  'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
599	  in [Syntaxes].

601	3. COSINE Object Classes

603	  This section details COSINE object classes for use in LDAP.

605	3.1. account

607	  The 'account' object class is used to define entries representing
608	  computer accounts.  The 'uid' attribute SHOULD be used for naming
609	  entries of this object class.

611	      ( 0.9.2342.19200300.100.4.5 NAME 'account'
612	        SUP top STRUCTURAL
613	        MUST uid
614	        MAY ( description $ seeAlso $ l $ o $ ou $ host ) )

616	  The 'top' object class is described in [Models].  The 'description',
617	  'seeAlso', 'l', 'o', 'ou', and 'uid' attribute types are described in
618	  [Schema].  The 'host' attribute type is described in Section 2 of this
619	  document.

621	  Example:

623	      dn: uid=kdz,cn=Accounts,dc=Example,dc=COM
624	      objectClass: account
625	      uid: kdz
626	      seeAlso: cn=Kurt D. Zeilenga,cn=Persons,dc=Example,dc=COM

628	3.2. document

630	  The 'document' object class is used to define entries which represent
631	  documents.

633	      ( 0.9.2342.19200300.100.4.6 NAME 'document'
634	        SUP top STRUCTURAL
635	        MUST documentIdentifier
636	        MAY ( cn $ description $ seeAlso $ l $ o $ ou $
637	          documentTitle $ documentVersion $ documentAuthor $
638	          documentLocation $ documentPublisher ) )

640	  The 'top' object class is described in [Models].  The 'cn',
641	  'description', 'seeAlso', 'l', 'o', and 'ou' attribute types are
642	  described in [Schema].  The 'documentIdentifier', 'documentTitle',
643	  'documentVersion', 'documentAuthor', 'documentLocation', and
644	  'documentPublisher' attribute types are described in Section 2 of this
645	  document.

647	  Example:

649	      dn: documentIdentifier=RFCXXXX,cn=RFC,dc=Example,dc=COM
650	      objectClass: document
651	      documentIdentifier: RFC XXXXX
652	      documentTitle: COSINE LDAP/X.500 Schema
653	      documentAuthor: cn=Kurt D. Zeilenga,cn=Persons,dc=Example,dc=COM
654	      documentLocation: http://www.rfc-editor.org/rfc/rfcXXXX.txt
655	      documentPublisher: Internet Engineering Task Force
656	      description: A collection of schema elements for use in LDAP
657	      description: Obsoletes RFC 1274
658	      seeAlso: documentIdentifier=[Roadmap],cn=RFC,dc=Example,dc=COM
659	      seeAlso: documentIdentifier=RFC 1274,cn=RFC,dc=Example,dc=COM

661	3.3. documentSeries

663	  The documentSeries object class is used to define an entry which
664	  represents a series of documents (e.g., The Request For Comments
665	  memos).

667	      ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries'
668	        SUP top STRUCTURAL
669	        MUST cn
670	        MAY ( description $ l $ o $ ou $ seeAlso $
671	          telephonenumber ) )

673	  The 'top' object class is described in [Models].  The 'description',
674	  'l', 'o', 'ou', 'seeAlso', and 'telephoneNumber' attribute types are
675	  described in [Schema].

677	  Example:

679	      dn: cn=RFC,dc=Example,dc=COM
680	      objectClass: documentSeries
681	      cn: Request for Comments
682	      cn: RFC
683	      description: a series of memos about the Internet

685	3.4. domain
686	  The 'domain' object class is used to define entries which represent
687	  DNS domains for objects which are not organizations, organizational
688	  units, or other kinds of objects more approproiately defined using an
689	  object class specific to the kind of object being defined (e.g.,
690	  'organization', 'organizationUnit', etc.).

692	  The 'dc' attribute should be used for naming entries of 'domain'
693	  object class.

695	      ( 0.9.2342.19200300.100.4.13 NAME 'domain'
696	        SUP top STRUCTURAL
697	        MUST dc
698	        MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
699	          x121Address $ registeredAddress $ destinationIndicator $
700	          preferredDeliveryMethod $ telexNumber $
701	          teletexTerminalIdentifier $ telephoneNumber $
702	          internationaliSDNNumber $ facsimileTelephoneNumber $ street $
703	          postOfficeBox $ postalCode $ postalAddress $
704	          physicalDeliveryOfficeName $ st $ l $ description $ o $
705	          associatedName ) )

707	  The 'top' object class and the 'dc', 'userPassword', 'searchGuide
708	  'seeAlso', 'businessCategory', 'x121Address', 'registeredAddress
709	  'destinationIndicator', 'preferredDeliveryMethod', 'telexNumber',
710	  'teletexTerminalIdentifier', 'telephoneNumber',
711	  'internationaliSDNNumber', 'facsimileTelephoneNumber', 'street',
712	  'postOfficeBox', 'postalCode', 'postalAddress',
713	  'physicalDeliveryOfficeName', 'st', 'l', 'description', 'o', types are
714	  described in [Schema].  The 'associatedName' attribute type is
715	  described in Section 2 of this document.

717	  Example:
718	      dn: dc=com
719	      objectClass: domain
720	      dc: com
721	      description: the .COM TLD

723	3.5.  domainRelatedObject

725	  The 'domainRelatedObject' object class is used to define entries which
726	  represent DNS domains which are "equivalent" to an X.500 domain: e.g.,
727	  an organization or organizational unit.

729	      ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
730	        SUP top AUXILIARY
731	        MUST associatedDomain )

733	  The 'top' object class is described in [Models].  The
734	  'associatedDomain' attribute type is described in Section 2 of this
735	  document.

737	  Example:

739	      dn: dc=example,dc=com
740	      objectClass: organization
741	      objectClass: dcObject
742	      objectClass: domainRelatedObject
743	      dc: example
744	      associatedDomain: example.com
745	      o: Example Organization

747	  The 'organization' and 'dcObject' object classes and the 'dc' and 'o'
748	  attribute types are described in [Schema].

750	3.5.  friendlyCountry

752	  The 'friendlyCountry' object class is used to define entries
753	  representing countries in the DIT.  The object class is used to allow
754	  friendlier naming of countries than that allowed by the object class
755	  'country' [Schema].

757	      ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry'
758	        SUP country STRUCTURAL
759	        MUST co )

761	  The 'country' object class is described in [Schema].  The 'co'
762	  attribute type is described in Section 2 of this document.

764	  Example:

766	      dn: c=DE
767	      objectClass: country
768	      objectClass: friendlyCountry
769	      c: DE
770	      co: Deutschland
771	      co: Germany
772	      co: Federal Republic of Germany
773	      co: FRG

775	  The 'c' attribute type is described in [Schema].

777	3.6.  rFC822LocalPart
778	  The 'rFC822LocalPart' object class is used to define entries which
779	  represent the local part of Internet mail addresses [RFC2822].  This
780	  treats the local part of the address as a 'domain' object.

782	      ( 0.9.2342.19200300.100.4.14 NAME 'rFC822localPart'
783	        SUP domain STRUCTURAL
784	        MAY ( cn $ description $ destinationIndicator $
785	          facsimileTelephoneNumber $ internationaliSDNNumber $
786	          physicalDeliveryOfficeName $ postalAddress $ postalCode $
787	          postOfficeBox $ preferredDeliveryMethod $ registeredAddress $
788	          seeAlso $ sn $ street $ telephoneNumber $
789	          teletexTerminalIdentifier $ telexNumber $ x121Address ) )

791	  The 'domain' object class is described in Section 3.4 of this
792	  document.  The 'cn', 'description', 'destinationIndicator',
793	  'facsimileTelephoneNumber', 'internationaliSDNNumber,
794	  'physicalDeliveryOfficeName', 'postalAddress', 'postalCode',
795	  'postOfficeBox', 'preferredDeliveryMethod', 'registeredAddress',
796	  'seeAlso', 'sn, 'street', 'telephoneNumber',
797	  'teletexTerminalIdentifier', 'telexNumber' and 'x121Address' attribute
798	  types are described in [Schema].

800	  Example:

802	      dn: dc=kdz,dc=example,dc=com
803	      objectClass: domain
804	      objectClass: rFC822LocalPart
805	      dc: kdz
806	      associatedName: cn=Kurt D. Zeilenga,cn=Persons,dc=Example,dc=COM

808	  The 'dc' attribute type is described in [Schema].

810	3.7.  room

812	  The 'room' object class is used to define entries representing rooms.
813	  The 'cn' (commonName) attribute SHOULD be used for naming entries of
814	  this object class.

816	      ( 0.9.2342.19200300.100.4.7 NAME 'room'
817	        SUP top STRUCTURAL
818	        MUST cn
819	        MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) )

821	  The 'top' object class is described in [Models].  The 'cn',
822	  'description', 'seeAlso' and 'telephoneNumber' attribute types are
823	  described in [Schema].  The 'roomNumber' attribute type is described
824	  in Section 2 of this document.

826	      dn: cn=conference room,dc=example,dc=com
827	      objectClass: room
828	      cn: conference room
829	      telephoneNumber: +1 755 555 1111

831	3.8.  simpleSecurityObject

833	  The 'simpleSecurityObject' object class is used to require an entry to
834	  have an 'userPassword' attribute when the entry's structural object
835	  class does not require (or allow) the 'userPassword attribute'.

837	      ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
838	        SUP top AUXILIARY
839	        MUST userPassword )

841	  The 'top' object class is described in [Models].  The 'userPassword'
842	  attribute type is described in [Schema].

844	      dn: dc=kdz,dc=Example,dc=COM
845	      objectClass: account
846	      objectClass: simpleSecurityObject
847	      uid: kdz
848	      userPassword: My Password
849	      seeAlso: cn=Kurt D. Zeilenga,cn=Persons,dc=Example,dc=COM

851	4. Security Considerations

853	  General LDAP security considerations [Roadmap] is applicable to the
854	  use of this schema.  Additional considerations are noted above where
855	  appropriate.

857	  Directories administrators should ensure that access to sensitive
858	  information is restricted to authorized entities, but ensure that
859	  appropriate data security services, including data integrity and data
860	  confidentiality, are used to protect against eavesdropping.

862	  Simple authentication (e.g., plain text passwords) mechanisms should
863	  only be used when adequate data security services are in place.  LDAP
864	  offers reasonable strong authentication and data security services
865	  [AuthMeth].

867	5. IANA Considerations
868	  It is requested that the Internet Assigned Numbers Authority (IANA)
869	  update upon Standard Action the LDAP descriptors registry [BCP64bis]
870	  as indicated the following template:

872	      Subject: Request for LDAP Descriptor Registration Update
873	      Descriptor (short name): see comment
874	      Object Identifier: see comments
875	      Person & email address to contact for further information:
876	          Kurt Zeilenga <kurt@OpenLDAP.org>
877	      Usage: see comments
878	      Specification: RFC XXXX
879	      Author/Change Controller: IESG
880	      Comments:

882	      The following descriptors should be updated to refer to RFC XXXX.

884	        NAME                           Type OID
885	        ------------------------       ---- --------------------------
886	        account                        O    0.9.2342.19200300.100.4.5
887	        associatedDomain               A    0.9.2342.19200300.100.1.37
888	        associatedName                 A    0.9.2342.19200300.100.1.38
889	        buildingName                   A    0.9.2342.19200300.100.1.48
890	        co                             A    0.9.2342.19200300.100.1.43
891	        document                       O    0.9.2342.19200300.100.4.6
892	        documentAuthor                 A    0.9.2342.19200300.100.1.14
893	        documentIdentifier             A    0.9.2342.19200300.100.1.11
894	        documentLocation               A    0.9.2342.19200300.100.1.15
895	        documentPublisher              A    0.9.2342.19200300.100.1.56
896	        documentSeries                 O    0.9.2342.19200300.100.4.8
897	        documentTitle                  A    0.9.2342.19200300.100.1.12
898	        documentVersion                A    0.9.2342.19200300.100.1.13
899	        domain                         O    0.9.2342.19200300.100.4.13
900	        domainRelatedObject            O    0.9.2342.19200300.100.4.17
901	        drink                          A    0.9.2342.19200300.100.1.5
902	        favouriteDrink                 A*   0.9.2342.19200300.100.1.5
903	        friendlyCountry                O    0.9.2342.19200300.100.4.18
904	        friendlyCountryName            A*   0.9.2342.19200300.100.1.43
905	        homePhone                      A    0.9.2342.19200300.100.1.20
906	        homePostalAddress              A    0.9.2342.19200300.100.1.39
907	        homeTelephone                  A*   0.9.2342.19200300.100.1.20
908	        host                           A    0.9.2342.19200300.100.1.9
909	        info                           A    0.9.2342.19200300.100.1.4
910	        mail                           A    0.9.2342.19200300.100.1.3
911	        manager                        A    0.9.2342.19200300.100.1.10
912	        mobile                         A    0.9.2342.19200300.100.1.41
913	        mobileTelephoneNumber          A*   0.9.2342.19200300.100.1.41
914	        organizationalStatus           A    0.9.2342.19200300.100.1.45
915	        pager                          A    0.9.2342.19200300.100.1.42
916	        pagerTelephoneNumber           A*   0.9.2342.19200300.100.1.42
917	        personalTitle                  A    0.9.2342.19200300.100.1.40
918	        rFC822LocalPart                O    0.9.2342.19200300.100.4.14
919	        rfc822Mailbox                  A*   0.9.2342.19200300.100.1.3
920	        room                           O    0.9.2342.19200300.100.4.7
921	        roomNumber                     A    0.9.2342.19200300.100.1.6
922	        secretary                      A    0.9.2342.19200300.100.1.21
923	        simpleSecurityObject           O    0.9.2342.19200300.100.4.19
924	        singleLevelQuality             A    0.9.2342.19200300.100.1.50
925	        uniqueIdentifier               A    0.9.2342.19200300.100.1.44
926	        userClass                      A    0.9.2342.19200300.100.1.8

928	      where Type A is Attribute and Type O is ObjectClass, and *
929	      indicates the registration is historic in nature.

931	6. Acknowledgments

933	  This document is based upon RFC 1274 by Paul Barker and Steve Kille,
934	  as well as RFC 2247 by Steve Kill, Mark Wahl, Al Grimstad, Rick Huber,
935	  and Sri Satulari.

937	7. Editor's Address

939	  Kurt D. Zeilenga
940	  OpenLDAP Foundation

942	  Email: Kurt@OpenLDAP.org

944	8. References

946	  [[Note to the RFC Editor: please replace the citation tags used in
947	  referencing Internet-Drafts with tags of the form RFCnnnn where
948	  possible.]]

950	8.1. Normative References

952	                [RFC1034]     Mockapetris, P., "Domain names - concepts
953	                and facilities", STD 13 (also RFC 1034), November 1987.

955	  [RFC1123]     Braden, R., "Requirements for Internet Hosts -
956	                Application and Support", STD 3, RFC 1123, October 1989

958	  [RFC2119]     Bradner, S., "Key words for use in RFCs to Indicate
959	                Requirement Levels", BCP 14 (also RFC 2119), March 1997.

961	  [RFC2181]     Elz, R. and R. Bush, "Clarifications to the DNS
962	                Specification", RFC 2181, July 1997.

964	  [RFC2247]     Kille, S., M. Wahl, A. Grimstad, R. Huber and S.
965	                Sataluri, "Using Domains in LDAP/X.500 Distinguished
966	                Names", January 1998.

968	  [RFC2821]     Klensin, J. (editor), "Simple Mail Transfer Protocol",
969	                RFC 2822, April 2001.

971	  [RFC3490]     Faltstrom, P., P. Hoffman, and A. Costello,
972	                "Internationalizing Domain Names in Applications
973	                (INDA)", RFC 3490, March 2003.

975	  [Roadmap]     Zeilenga, K. (editor), "LDAP: Technical Specification
976	                Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
977	                progress.

979	  [Models]      Zeilenga, K. (editor), "LDAP: Directory Information
980	                Models", draft-ietf-ldapbis-models-xx.txt, a work in
981	                progress.

983	  [Syntaxes]    Legg, S. (editor), "LDAP: Syntaxes and Matching Rules",
984	                draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress.

986	  [Schema]      Dally, K. (editor), "LDAP: User Schema",
987	                draft-ietf-ldapbis-user-schema-xx.txt, a work in
988	                progress.

990	  [AuthMeth]    Harrison, R. (editor), "LDAP: Authentication Methods and
991	                Connection Level Security Mechanisms",
992	                draft-ietf-ldapbis-authmeth-xx.txt, a work in progress.

994	8.2. Informative References

996	                [COSINEpilot]

998	  [NamingPlan]  Zeilenga, K., "The Internet Naming Plan for LDAP/X.500
999	                Directories", draft-zeilenga-ldap-namingplan-xx.txt, a
1000	                work in progress.

1002	  [ISO3166]     International Organization for Standardization, "Codes
1003	                for the representation of names of countries", ISO 3166.

1005	  [RFC1274]     Barker, P. and S. Kille, "The COSINE and Internet X.500
1006	                Schema", November 1991.

1008	  [RFC2798]     Smith, M., "The LDAP inetOrgPerson Object Class", RFC
1009	                2798, April 2000.

1011	  [BCP64bis]    Zeilenga, K., "IANA Considerations for LDAP",
1012	                draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.

1014	Appendix A.  Changes since RFC 1274

1016	  This document represents a substantial rewrite of RFC 1274.  The
1017	  following sections summarize the substantive changes.

1019	A.1. LDAP Short Names

1021	  A number of COSINE attribute types have short names in LDAP.

1023	  X.500 Name              LDAP Short Name
1024	  -------------           ---------------
1025	  domainComponent         dc
1026	  favoriteDrink           drink
1027	  friendCountryName       co
1028	  homeTelephoneNumber     homePhone
1029	  mobileTelephoneNumber   mobile
1030	  pagerTelephoneNumber    pager
1031	  rfc822Mailbox           mail
1032	  userid                  uid

1034	  While the LDAP short names are generally used in LDAP, some
1035	  implementations may (for legacy reasons [Historic]) recognize the
1036	  attribute type by its X.500 name.  Hence, the X.500 names have been
1037	  reserved solely for this purpose.

1039	  Note: 'uid' and 'dc' are described in [Schema].

1041	A.2. pilotObject

1043	  The 'pilotObject' object class was not brought forward as its function
1044	  is largely replaced by operational attributes introduced in X.500(93)
1045	  [X.501] and version 3 of LDAP [Models].   For instance, the function
1046	  of the 'lastModifiedBy' and 'lastModifiedTime' attribute types is now
1047	  served by the 'creatorsName', 'createTimestamp', 'modifiersName', and
1048	  'modifyTimestamp' operational attributes [Models].

1050	A.3. pilotPerson

1052	  The 'pilotPerson' object class was not brought forward as its function
1053	  is largely replaced by the 'organizationalPerson' [Models] object
1054	  class and its subclasses, such as 'inetOrgPerson' [RFC2798].

1056	  Most of the related attribute types (e.g., 'mail', 'manager', etc.)
1057	  were brought forward as they are used in other object classes.

1059	A.4. dNSDomain

1061	  The 'dNSDomain' object class and related attribute types were not
1062	  brought forward as its use is primarily experimental [RFC1279].

1064	A.5. pilotDSA and qualityLabelledData

1066	  The 'pilotDSA' and 'qualityLabelledData' object classes, as well as
1067	  related attribute types, were not brought forward as it as its use is
1068	  primarily experimental [QoS].

1070	A.6. Attribute syntaxes

1072	  RFC 1274 defined and used caseIgnoreIA5StringSyntax attribute syntax.
1073	  This has been replaced with the IA5String syntax and approrpiate
1074	  matching rules in 'mail' and 'associatedDomain'.

1076	  RFC 1274 restricted 'mail' to have non-zero length values.  This
1077	  restriction is not reflected in the IA5String syntax used in the
1078	  definitions provided in this specification.   However, as values are
1079	  to conform to the <Mailbox> production, the 'mail' should not contain
1080	  zero-length values.  Unfornuately, the directory service will not
1081	  enforce this restriction.

1083	Appendix B. Changes since RFC 2247

1085	  The 'domainNameForm' name form was not brought forward as
1086	  specification of name forms used in LDAP is left to a future
1087	  specification.

1089	Intellectual Property Rights

1091	  The IETF takes no position regarding the validity or scope of any
1092	  Intellectual Property Rights or other rights that might be claimed to
1093	  pertain to the implementation or use of the technology described in
1094	  this document or the extent to which any license under such rights
1095	  might or might not be available; nor does it represent that it has
1096	  made any independent effort to identify any such rights.  Information
1097	  on the procedures with respect to rights in RFC documents can be found
1098	  in BCP 78 and BCP 79.

1100	  Copies of IPR disclosures made to the IETF Secretariat and any
1101	  assurances of licenses to be made available, or the result of an
1102	  attempt made to obtain a general license or permission for the use of
1103	  such proprietary rights by implementers or users of this specification
1104	  can be obtained from the IETF on-line IPR repository at
1105	  http://www.ietf.org/ipr.

1107	  The IETF invites any interested party to bring to its attention any
1108	  copyrights, patents or patent applications, or other proprietary
1109	  rights that may cover technology that may be required to implement
1110	  this standard.  Please address the information to the IETF at
1111	  ietf-ipr@ietf.org.

1113	Full Copyright

1115	  Copyright (C) The Internet Society (2006).

1117	  This document is subject to the rights, licenses and restrictions
1118	  contained in BCP 78, and except as set forth therein, the authors
1119	  retain all their rights.

1121	  This document and the information contained herein are provided on an
1122	  "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
1123	  OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
1124	  ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
1125	  INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
1126	  INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
1127	  WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.