idnits 2.17.1 

draft-zeilenga-ldap-user-schema-07.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** It looks like you're using RFC 3978 boilerplate.  You should update this
     to the boilerplate described in the IETF Trust License Policy document
     (see https://trustee.ietf.org/license-info), which is required now.

  -- Found old boilerplate from RFC 3667, Section 5.1 on line 23.

  -- Found old boilerplate from RFC 3978, Section 5.5 on line 868.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 841.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 848.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 854.

  ** Found boilerplate matching RFC 3978, Section 5.4, paragraph 1 (on line
     860), which is fine, but *also* found old RFC 2026, Section 10.4C,
     paragraph 1 text on line 39.

  ** The document seems to lack an RFC 3978 Section 5.1 IPR Disclosure
     Acknowledgement -- however, there's a paragraph with a matching
     beginning. Boilerplate error?

  ** This document has an original RFC 3978 Section 5.4 Copyright Line,
     instead of the newer IETF Trust Copyright according to RFC 4748.

  ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead
     of the newer disclaimer which includes the IETF Trust according to RFC
     4748.

  ** The document uses RFC 3667 boilerplate or RFC 3978-like boilerplate
     instead of verbatim RFC 3978 boilerplate.  After 6 May 2005, submission
     of drafts without verbatim RFC 3978 boilerplate is not accepted.

     The following non-3978 patterns matched text found in the document. 
     That text should be removed or replaced:

        By submitting this Internet-Draft, I certify that any applicable patent
        or other IPR claims of which I am aware have been disclosed, or
        will be disclosed, and any of which I become aware will be
        disclosed, in accordance with RFC 3668.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  ** The document seems to lack a 1id_guidelines paragraph about the list of
     current Internet-Drafts -- however, there's a paragraph with a matching
     beginning. Boilerplate error?

  ** The document seems to lack a 1id_guidelines paragraph about the list of
     Shadow Directories. 

  == It seems as if not all pages are separated by form feeds - found 0 form
     feeds but 20 pages


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  == The 'Obsoletes: ' line in the draft header should list only the
     _numbers_ of the RFCs which will be obsoleted by this document (if
     approved); it should not include the word 'RFC' in the list.

  == The 'Updates: ' line in the draft header should list only the _numbers_
     of the RFCs which will be updated by this document (if approved); it
     should not include the word 'RFC' in the list.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  == The document seems to lack the recommended RFC 2119 boilerplate, even if
     it appears to use RFC 2119 keywords -- however, there's a paragraph with
     a matching beginning. Boilerplate error?

     (The document does seem to have the reference to RFC 2119 which the
     ID-Checklist requires).
  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (24 October 2004) is 7123 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Missing Reference: 'RFC2822' is mentioned on line 639, but not defined

  ** Obsolete undefined reference: RFC 2822 (Obsoleted by RFC 5322)

  ** Obsolete normative reference: RFC 2822 (ref. 'RFC2821') (Obsoleted by
     RFC 5322)

  ** Obsolete normative reference: RFC 3490 (Obsoleted by RFC 5890, RFC 5891)

  -- No information found for draft-ietf-ldapbis-roadmap-xx - is the name
     correct?

  -- Possible downref: Normative reference to a draft: ref. 'Roadmap' 

  -- No information found for draft-ietf-ldapbis-models-xx - is the name
     correct?

  -- Possible downref: Normative reference to a draft: ref. 'Models' 

  -- No information found for draft-ietf-ldapbis-syntaxes-xx - is the name
     correct?

  -- Possible downref: Normative reference to a draft: ref. 'Syntaxes' 

  -- No information found for draft-ietf-ldapbis-user-schema-xx - is the name
     correct?

  -- Possible downref: Normative reference to a draft: ref. 'Schema' 

  -- No information found for draft-ietf-ldapbis-authmeth-xx - is the name
     correct?

  -- Possible downref: Normative reference to a draft: ref. 'AuthMeth' 

  -- Obsolete informational reference (is this intentional?): RFC 1274
     (Obsoleted by RFC 4524)

  -- No information found for draft-ietf-ldapbis-bcp64-xx - is the name
     correct?


     Summary: 11 errors (**), 0 flaws (~~), 6 warnings (==), 19 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------

1	INTERNET-DRAFT                           Editor:  Kurt D. Zeilenga
2	Intended Category: Standard Track                 OpenLDAP Foundation
3	Expires in six months                             24 October 2004
4	Obsoletes: RFC 1274
5	Updates: RFC 2798

7	                     LDAP: Additional Schema Elements
8	                 <draft-zeilenga-ldap-user-schema-07.txt>

10	Status of this Memo

12	  This document is intended to be, after appropriate review and
13	  revision, submitted to the RFC Editor as a Standard Track document.
14	  Distribution of this memo is unlimited.  Technical discussion of this
15	  document will take place on the IETF LDAPEXT mailing list
16	  <ldapext@ietf.org>.  Please send editorial comments directly to the
17	  author <Kurt@OpenLDAP.org>.

19	  By submitting this Internet-Draft, I accept the provisions of Section
20	  4 of RFC 3667.  By submitting this Internet-Draft, I certify that any
21	  applicable patent or other IPR claims of which I am aware have been
22	  disclosed, or will be disclosed, and any of which I become aware will
23	  be disclosed, in accordance with RFC 3668.

25	  Internet-Drafts are working documents of the Internet Engineering Task
26	  Force (IETF), its areas, and its working groups. Note that other
27	  groups may also distribute working documents as Internet-Drafts.

29	  Internet-Drafts are draft documents valid for a maximum of six months
30	  and may be updated, replaced, or obsoleted by other documents at any
31	  time. It is inappropriate to use Internet-Drafts as reference material
32	  or to cite them other than as "work in progress."

34	  The list of current Internet-Drafts can be accessed at
35	  <http://www.ietf.org/ietf/1id-abstracts.txt>.  The list of
36	  Internet-Draft Shadow Directories can be accessed at
37	  <http://www.ietf.org/shadow.html>.

39	  Copyright (C) The Internet Society (2004).  All Rights Reserved.

41	  Please see the Full Copyright section near the end of this document
42	  for more information.

44	Abstract
45	  This document provides a collection of schema elements for use with
46	  the Lightweight Directory Access Protocol from COSINE and Internet
47	  X.500 pilot projects.

49	Table of Contents (to be expanded by editor)

51	  Status of this Memo                                  1
52	  Abstract
53	  Conventions                                          2
54	  Table of Contents
55	  1.     Background and Intended Use                   3
56	  2.     Terminology and Conventions
57	  3.     Attribute Types
58	  3.1.     associatedDomain
59	  3.2.     associatedName
60	  3.3.     buildingName
61	  3.3.     co                                          8
62	  3.5.     documentAuthor
63	  3.6.     documentIdentifier
64	  3.7.     documentLocation
65	  3.8.     documentPublisher                           9
66	  3.9.     documentTitle
67	  3.10.    documentVersion
68	  3.11.    drink
69	  3.12.    homePhone                                  10
70	  3.13.    homePostalAddress
71	  3.14.    host
72	  3.16.    info
73	  3.17.    mail                                       11
74	  3.18.    manager
75	  3.19.    mobile
76	  3.20.    organizationalStatus
77	  3.21.    pager
78	  3.22.    personalTitle
79	  3.23.    roomNumber
80	  3.24.    secretary                                  13
81	  3.26.    uniqueIdentifier
82	  3.27.    userClass                                  14
83	  4.     Object Classes
84	  4.1.     account
85	  4.2.     document
86	  4.3.     documentSeries                             15
87	  4.4.     domainRelatedObject
88	  4.5.     friendlyCountry
89	  4.6.     rFC822LocalPart
90	  4.7.     room                                       16
91	  4.8.     simpleSecurityObject
92	  5.     Security Considerations
93	  6.     IANA Considerations                          17
94	  7.     Acknowledgments                              18
95	  8.     Author's Address
96	  9.     References                                   19
97	  Full Copyright                                      20

99	1. Background and Intended Use

101	  This document provides descriptions of additional for schema elements
102	  for use with the Lightweight Directory Access Protocol (LDAP)
103	  [Roadmap].  The elements were originally introduced for use in the
104	  COSINE and Internet X.500 pilot projects [RFC1274].  This document
105	  adapts the schema elements for use in modern directory applications,
106	  while preserving established syntaxes and semantics.

108	  This document, together with RFC 2247 and [Schema], obsoletes RFC
109	  1274.  Some of these items were described in the inetOrgPerson
110	  [RFC2798] schema.  This document supersedes these descriptions.  This
111	  document, together with [Schema], replaces section 9.1.3 of RFC 2798.

113	2. Terminology and Conventions

115	  The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
116	  "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
117	  document are to be interpreted as described in BCP 14 [RFC2119].

119	  DIT stands for Directory Information Tree.
120	  DN stands for Distinguished Name.
121	  DSA stands for Directory System Agent, a server.
122	  DSE stands for DSA-Specific Entry.
123	  DUA stands for Directory User Agent, a client.

125	  These terms are discussed in [Models].

127	  Schema definitions are provided using LDAP description formats
128	  [Models].  Definitions provided here are formatted (line wrapped) for
129	  readability.

131	3. Attribute Types

133	  This section details attribute types for use in LDAP.

135	3.1. associatedDomain
136	  The associatedDomain attribute type specifies DNS domains [RFC1034]
137	  which are associated with an object.  For example, the entry in the
138	  DIT with a DN <DC=example,DC=com> might have an associated domain of
139	  "example.com".

141	      ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
142	        EQUALITY caseIgnoreIA5Match
143	        SUBSTR caseIgnoreIA5SubstringsMatch
144	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

146	  The IA5String (1.3.6.1.4.1.1466.115.121.1.26) syntax and the
147	  caseIgnoreIA5Match and caseIgnoreIA5SubstringsMatch rules are
148	  described in [Syntaxes].

150	  It is noted that the directory will not ensure that values of this
151	  attribute conform to the <domain> production [RFC1034].  It is the
152	  application responsibility to ensure domains it stores in this
153	  attribute are appropriately represented.

155	  It is also noted that applications supporting Internationalized Domain
156	  Names SHALL use the ToASCII method [RFC3490] to produce <label>
157	  components of the <domain> production.

159	3.2. associatedName

161	  The associatedName attribute type specifies entries in the
162	  organizational DIT associated with a DNS domain [RFC1034].

164	      ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
165	        EQUALITY distinguishedNameMatch
166	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )

168	  The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
169	  distinguishedNameMatch rule are described in [Syntaxes].

171	3.3.  buildingName

173	  The buildingName attribute type specifies names of the buildings where
174	  an organization or organizational unit is based.

176	      ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
177	        EQUALITY caseIgnoreMatch
178	        SUBSTR caseIgnoreSubstringsMatch
179	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

181	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
182	  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
183	  [Syntaxes].

185	3.3. co

187	  The co (Friendly Country Name) attribute type specifies names of
188	  countries in human-readable format.  It is commonly used in
189	  conjunction with the c (Country Name) [Schema] attribute type (which
190	  restricted to one of the two-letter codes defined in [ISO3166]).

192	      ( 0.9.2342.19200300.100.1.43
193	        NAME ( 'co' 'friendlyCountryName' )
194	        EQUALITY caseIgnoreMatch
195	        SUBSTR caseIgnoreSubstringsMatch
196	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

198	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
199	  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
200	  [Syntaxes].

202	3.5. documentAuthor

204	  The documentAuthor attribute type specifies the distinguished name of
205	  authors (or editors) of a document.

207	      ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
208	        EQUALITY distinguishedNameMatch
209	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )

211	  The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
212	  distinguishedNameMatch rule are described in [Syntaxes].

214	3.6. documentIdentifier

216	  The documentIdentifier attribute type specifies unique identifiers for
217	  a document.  A document may be identified by more than one unique
218	  identifier.  For example, "RFC 3383" and "BCP 64" are unique
219	  identifers which refer to the same document.

221	      ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
222	        EQUALITY caseIgnoreMatch
223	        SUBSTR caseIgnoreSubstringsMatch
224	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

226	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
227	  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
228	  [Syntaxes].

230	3.7. documentLocation

232	  The documentLocation attribute type specifies locations of the
233	  document original.

235	      ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
236	        EQUALITY caseIgnoreMatch
237	        SUBSTR caseIgnoreSubstringsMatch
238	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

240	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
241	  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
242	  [Syntaxes].

244	3.8. documentPublisher

246	  The documentPublisher attribute is the persons and/or organizations
247	  that published the document.  Documents which are jointly published
248	  have one value for each publisher.

250	      ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
251	        EQUALITY caseIgnoreMatch
252	        SUBSTR caseIgnoreSubstringsMatch
253	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

255	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
256	  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
257	  [Syntaxes].

259	3.9. documentTitle

261	  The documentTitle attribute type specifies the title of a document.

263	      ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
264	        EQUALITY caseIgnoreMatch
265	        SUBSTR caseIgnoreSubstringsMatch
266	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

268	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
269	  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
270	  [Syntaxes].

272	3.10. documentVersion

274	  The documentVersion attribute type specifies the version number of a
275	  document.

277	      ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
278	        EQUALITY caseIgnoreMatch
279	        SUBSTR caseIgnoreSubstringsMatch
280	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

282	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
283	  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
284	  [Syntaxes].

286	3.11. drink

288	  The drink (Favourite Drink) attribute type specifies favorite drinks
289	  of an object (or person).

291	      ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDrink' )
292	        EQUALITY caseIgnoreMatch
293	        SUBSTR caseIgnoreSubstringsMatch
294	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

296	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
297	  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
298	  [Syntaxes].

300	3.12. homePhone

302	  The homePhone (Home Telephone Number) attribute type specifies home
303	  telephone numbers (e.g., "+44 71 123 4567") associated with a person.

305	      ( 0.9.2342.19200300.100.1.20
306	        NAME ( 'homePhone' 'homeTelephoneNumber' )
307	        EQUALITY telephoneNumberMatch
308	        SUBSTR telephoneNumberSubstringsMatch
309	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )

311	  The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and the
312	  telephoneNumberMatch and telephoneNumberSubstringsMatch rules are
313	  described in [Syntaxes].

315	3.13. homePostalAddress
316	  The homePostalAddress attribute type specifies home postal addresses
317	  for an object.  Each SHOULD be limited to up to 6 lines of 30
318	  characters each.

320	      ( 0.9.2342.19200300.100.1.39
321	        NAME 'homePostalAddress'
322	        EQUALITY caseIgnoreListMatch
323	        SUBSTR caseIgnoreListSubstringsMatch
324	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )

326	  The PostalAddress (1.3.6.1.4.1.1466.115.121.1.41) syntax and the
327	  caseIgnoreListMatch rule are described in [Syntaxes].  The
328	  caseIgnoreListSubstringsMatch rule is described in section 2 of this
329	  document.

331	3.14. host

333	  The host attribute type specifies host computers.  1274)

335	      ( 0.9.2342.19200300.100.1.9
336	        NAME 'host'
337	        EQUALITY caseIgnoreMatch
338	        SUBSTR caseIgnoreSubstringsMatch
339	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

341	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
342	  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
343	  [Syntaxes].

345	3.16. info

347	  The info (Information) attribute type specifies any general
348	  information pertinent to an object.  It is RECOMMENDED that specific
349	  usage of this attribute type is avoided, and that specific
350	  requirements are met by other (possibly additional) attribute types.
351	  Note that the description attribute type [Schema] is available for
352	  specifying descriptive information pertinent to an object.

354	      ( 0.9.2342.19200300.100.1.4
355	        NAME 'info'
356	        EQUALITY caseIgnoreMatch
357	        SUBSTR caseIgnoreSubstringsMatch
358	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )

360	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
361	  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in

363	  [Syntaxes].

365	3.17. mail

367	  The mail (rfc822mailbox) attribute type holds Internet mail addresses
368	  in Mailbox [RFC2821] form (e.g.: user@example.com).  1274)

370	      ( 0.9.2342.19200300.100.1.3
371	        NAME ( 'mail' 'rfc822Mailbox' )
372	        EQUALITY caseIgnoreIA5Match
373	        SUBSTR caseIgnoreIA5SubstringsMatch
374	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

376	  The IA5String (1.3.6.1.4.1.1466.115.121.1.26) syntax and the
377	  caseIgnoreIA5Match and caseIgnoreIA5SubstringsMatch rules are
378	  described in [Syntaxes].

380	  It is noted that the directory will not ensure that values of this
381	  attribute conform to the Mailbox production [RFC2821].  It is the
382	  application responsibility to ensure domains it stores in this
383	  attribute are appropriately represented.

385	  Additionally, the directory will compare values per the matching rules
386	  named in the above attribute type description.  As these rules differ
387	  from rules which normally apply to Mailbox comparisons, operational
388	  issues may arise.  For example, the assertion (mail=joe@example.com)
389	  will match JOE@example.com even though the local-parts differ.   Also,
390	  where a user has two mailboxes which whose addresses differ only by
391	  case of the local-part, both cannot be listed as values of the user's
392	  mail attribute (as they are considered by the caseIgnoreIA5Match rule
393	  to be equal).

395	  It is also noted that applications supporting internationalized domain
396	  names SHALL use the ToASCII method [RFC3490] to produce <sub-domain>
397	  components of the <Mailbox> production.

399	3.18. manager

401	  The Manager attribute type specifies managers of an object represented
402	  by an entry.

404	      ( 0.9.2342.19200300.100.1.10
405	        NAME 'manager'
406	        EQUALITY distinguishedNameMatch
407	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )

409	  The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
410	  distinguishedNameMatch rule are described in [Syntaxes].

412	3.19. mobile

414	  The mobile (Mobile Telephone Number) attribute type specifies mobile
415	  telephone numbers (e.g., "+44 71 123 4567") associated with a person.

417	      ( 0.9.2342.19200300.100.1.41
418	        NAME ( 'mobile' 'mobileTelephoneNumber' )
419	        EQUALITY telephoneNumberMatch
420	        SUBSTR telephoneNumberSubstringsMatch
421	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )

423	  The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and the
424	  telephoneNumberMatch and telephoneNumberSubstringsMatch rules are
425	  described in [Syntaxes].

427	3.20. organizationalStatus

429	  The organizationalStatus attribute type specifies categories by which
430	  a person is often referred to in an organization.  Examples of usage
431	  in academia might include undergraduate student, researcher, lecturer,
432	  etc.

434	  A Directory administrator SHOULD consider carefully the distinctions
435	  between this and the title and userClass attributes.  1274)

437	      ( 0.9.2342.19200300.100.1.45
438	        NAME 'organizationalStatus'
439	        EQUALITY caseIgnoreMatch
440	        SUBSTR caseIgnoreSubstringsMatch
441	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

443	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
444	  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
445	  [Syntaxes].

447	3.21. pager

449	  The pager (Pager Telephone Number) attribute type specifies pager
450	  telephone numbers (e.g., "+44 71 123 4567") for an object.

452	      ( 0.9.2342.19200300.100.1.42
453	        NAME ( 'pager' 'pagerTelephoneNumber' )
454	        EQUALITY telephoneNumberMatch
455	        SUBSTR telephoneNumberSubstringsMatch
456	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )

458	  The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and the
459	  telephoneNumberMatch and telephoneNumberSubstringsMatch rules are
460	  described in [Syntaxes].

462	3.22. personalTitle

464	  The personalTitle attribute type specifies personal titles for a
465	  person.  Examples of personal titles are "Frau", "Dr", "Herr", and
466	  "Prof".

468	      ( 0.9.2342.19200300.100.1.40
469	        NAME 'personalTitle'
470	        EQUALITY caseIgnoreMatch
471	        SUBSTR caseIgnoreSubstringsMatch
472	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

474	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
475	  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
476	  [Syntaxes].

478	3.23. roomNumber

480	  The roomNumber attribute type specifies the room number of an object.
481	  During periods of renumbering or in other circumstances where a room
482	  has multiple valid room numbers associated with it, multiple values
483	  may be provided.  Note that the cn (commonName) attribute type SHOULD
484	  be used for naming room objects.

486	      ( 0.9.2342.19200300.100.1.6
487	        NAME 'roomNumber'
488	        EQUALITY caseIgnoreMatch
489	        SUBSTR caseIgnoreSubstringsMatch
490	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

492	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
493	  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
494	  [Syntaxes].

496	3.24. secretary

498	  The secretary attribute type specifies secretaries and/or
499	  administrative assistants of a person.  The attribute values are a
500	  distinguished name.

502	      ( 0.9.2342.19200300.100.1.21
503	        NAME 'secretary'
504	        EQUALITY distinguishedNameMatch
505	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )

507	  The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
508	  distinguishedNameMatch rule are described in [Syntaxes].

510	3.26. uniqueIdentifier

512	  The Unique Identifier attribute type specifies a "unique identifier"
513	  for an object represented in the Directory.  The domain within which
514	  the identifier is unique, and the exact semantics of the identifier,
515	  are for local definition.  For a person, this might be an institution-
516	  wide payroll number.  For an organizational unit, it might be a
517	  department code.  An attribute value for uniqueIdentifier is a
518	  DirectoryString.

520	      ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
521	        EQUALITY caseIgnoreMatch
522	        SUBSTR caseIgnoreSubstringsMatch
523	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

525	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
526	  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
527	  [Syntaxes].

529	  Note: X.520 describes an attribute also called 'uniqueIdentifier'
530	        (2.5.4.45) which is called 'x500UniqueIdentifier' in LDAP
531	        [Schema].  The attribute detailed here ought not be confused
532	        with x500UniqueIdentifier.

534	3.27. userClass

536	  The userClass attribute type specifies categories of computer user.
537	  The semantics placed on this attribute are for local interpretation.
538	  Examples of current usage of this attribute in academia are
539	  undergraduate student, researcher, lecturer, etc.  Note that the
540	  organizationalStatus attribute type is now often be preferred as it
541	  makes no distinction between computer users and others.

543	      ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
544	        EQUALITY caseIgnoreMatch
545	        SUBSTR caseIgnoreSubstringsMatch
546	        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

548	  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
549	  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
550	  [Syntaxes].

552	4. Object Classes

554	  This section details object classes for use in LDAP.

556	4.1. account

558	  The account object class is used to define entries representing
559	  computer accounts.  The uid attribute SHOULD be used for naming
560	  entries of this object class.

562	      ( 0.9.2342.19200300.100.4.5
563	        NAME 'account'
564	        SUP top STRUCTURAL
565	        MUST uid
566	        MAY ( description $ seeAlso $ l $ o $ ou $ host ) )

568	  The top object class is described in [Models].  The description,
569	  seeAlso, l, o, ou, and uid attribute types are described in [Schema].
570	  The host attribute type is described in Section 3 of this document.

572	4.2. document

574	  The document object class is used to define entries which represent
575	  documents.

577	      ( 0.9.2342.19200300.100.4.6
578	        NAME 'document'
579	        SUP top STRUCTURAL
580	        MUST documentIdentifier
581	        MAY ( cn $ description $ seeAlso $ l $ o $ ou $
582	              documentTitle $ documentVersion $ documentAuthor $
583	              documentLocation $ documentPublisher ) )

585	  The top object class is described in [Models].  The cn, description,
586	  seeAlso, l, o, and ou attribute types are described in [Schema].  The
587	  documentIdentifier, documentTitle, documentVersion, documentAuthor,
588	  documentLocation, and documentPublisher attribute types are described
589	  in Section 3 of this document.

591	4.3. documentSeries

593	  The documentSeries object class is used to define an entry which
594	  represents a series of documents (e.g., The Request For Comments
595	  memos).

597	      ( 0.9.2342.19200300.100.4.9
598	        NAME 'documentSeries'
599	        SUP top STRUCTURAL
600	        MUST cn
601	        MAY ( description $ l $ o $ ou $ seeAlso $
602	              telephonenumber ) )

604	  The top object class is described in [Models].  The cn, description,
605	  l, o, ou, seeAlso, and telephone attribute types are described in
606	  [Schema].

608	4.4.  domainRelatedObject

610	  The domainRelatedObject object class is used to define entries which
611	  represent DNS domains which are "equivalent" to an X.500 domain: e.g.,
612	  an organization or organizational unit.

614	      ( 0.9.2342.19200300.100.4.17
615	        NAME 'domainRelatedObject'
616	        SUP top AUXILIARY
617	        MUST associatedDomain )

619	  The top object class is described in [Models].  The associatedDomain
620	  attribute type is described in Section 3 of this document.

622	4.5.  friendlyCountry

624	  The friendlyCountry object class is used to define country entries in
625	  the DIT.  The object class is used to allow friendlier naming of
626	  countries than that allowed by the object class country [Schema].

628	      ( 0.9.2342.19200300.100.4.18
629	        NAME 'friendlyCountry'
630	        SUP country STRUCTURAL
631	        MUST co )

633	  The country object class is described in [Schema].  The co attribute
634	  type is described in Section 3 of this document.

636	4.6.  rFC822LocalPart

638	  The rFC822LocalPart object class is used to define entries which
639	  represent the local part of Internet mail addresses [RFC2822].  This
640	  treats the local part of the address as a domain object [RFC2247].

642	      ( 0.9.2342.19200300.100.4.14
643	        NAME 'rFC822localPart'
644	        SUP domain STRUCTURAL
645	        MAY ( cn $ description $ destinationIndicator $
646	              facsimileTelephoneNumber $ internationaliSDNNumber $
647	              physicalDeliveryOfficeName $ postalAddress $
648	              postalCode $ postOfficeBox $ preferredDeliveryMethod $
649	              registeredAddress $ seeAlso $ sn $ street $
650	              telephoneNumber $ teletexTerminalIdentifier $
651	              telexNumber $ x121Address ) )

653	  The domain object class is described in [RFC2247].  The cn,
654	  description, destinationIndicator, facsimileTelephoneNumber,
655	  internationaliSDNNumber, physicalDeliveryOfficeName, postalAddress,
656	  postalCode, postOfficeBox, preferredDeliveryMethod, registeredAddress,
657	  seeAlso, sn, street, telephoneNumber, teletexTerminalIdentifier,
658	  telexNumber and x121Address are described in [Schema].

660	4.7.  room

662	  The room object class is used to define entries representing rooms.
663	  The cn (commonName) attribute SHOULD be used for naming entries of
664	  this object class.

666	      ( 0.9.2342.19200300.100.4.7 NAME 'room'
667	        SUP top STRUCTURAL
668	        MUST cn
669	        MAY ( roomNumber $ description $
670	              seeAlso $ telephoneNumber ) )

672	  The top object class is described in [Models].  The cn, description,
673	  seeAlso and telephoneNumber attribute types are described in [Schema].
674	  The roomNumber attribute type is described in Section 3 of this
675	  document.

677	4.8.  simpleSecurityObject

679	  The simpleSecurityObject object class is used to require an entry to
680	  have a userPassword attribute when the entry's structural object class
681	  does not require (or allow) the userPassword attribute.

683	      ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
684	        SUP top AUXILIARY
685	        MUST userPassword )

687	  The top object class is described in [Models].  The userPassword
688	  attribute type are described in [Schema].

690	  Note: Security considerations related to the use of simple
691	        authentication mechanisms in LDAP are discussed in [AuthMeth].

693	5. Security Considerations

695	  General LDAP security considerations [Roadmap] is applicable to the
696	  use of this schema.  Additional considerations are noted above where
697	  appropriate.

699	6. IANA Considerations

701	  It is requested that the Internet Assigned Numbers Authority (IANA)
702	  update upon Standard Action the LDAP descriptors registry [BCP64bis]
703	  as indicated the following template:

705	      Subject: Request for LDAP Descriptor Registration Update
706	      Descriptor (short name): see comment
707	      Object Identifier: see comments
708	      Person & email address to contact for further information:
709	          Kurt Zeilenga <kurt@OpenLDAP.org>
710	      Usage: see comments
711	      Specification: RFC XXXX
712	      Author/Change Controller: IESG
713	      Comments:

715	      The following descriptors should be updated to refer to RFC XXXX.

717	        NAME                           Type OID
718	        ------------------------       ---- --------------------------
719	        account                        O    0.9.2342.19200300.100.4.5
720	        associatedDomain               A    0.9.2342.19200300.100.1.37
721	        associatedName                 A    0.9.2342.19200300.100.1.38
722	        buildingName                   A    0.9.2342.19200300.100.1.48
723	        co                             A    0.9.2342.19200300.100.1.43
724	        document                       O    0.9.2342.19200300.100.4.6
725	        documentAuthor                 A    0.9.2342.19200300.100.1.14
726	        documentIdentifier             A    0.9.2342.19200300.100.1.11
727	        documentLocation               A    0.9.2342.19200300.100.1.15
728	        documentPublisher              A    0.9.2342.19200300.100.1.56
729	        documentSeries                 O    0.9.2342.19200300.100.4.8
730	        documentTitle                  A    0.9.2342.19200300.100.1.12
731	        documentVersion                A    0.9.2342.19200300.100.1.13
732	        domainRelatedObject            O    0.9.2342.19200300.100.4.17
733	        drink                          A    0.9.2342.19200300.100.1.5
734	        favouriteDrink                 A    0.9.2342.19200300.100.1.5
735	        friendlyCountry                O    0.9.2342.19200300.100.4.18
736	        friendlyCountryName            A    0.9.2342.19200300.100.1.43
737	        homePhone                      A    0.9.2342.19200300.100.1.20
738	        homePostalAddress              A    0.9.2342.19200300.100.1.39
739	        homeTelephone                  A    0.9.2342.19200300.100.1.20
740	        host                           A    0.9.2342.19200300.100.1.9
741	        info                           A    0.9.2342.19200300.100.1.4
742	        mail                           A    0.9.2342.19200300.100.1.3
743	        manager                        A    0.9.2342.19200300.100.1.10
744	        mobile                         A    0.9.2342.19200300.100.1.41
745	        mobileTelephoneNumber          A    0.9.2342.19200300.100.1.41
746	        organizationalStatus           A    0.9.2342.19200300.100.1.45
747	        pager                          A    0.9.2342.19200300.100.1.42
748	        pagerTelephoneNumber           A    0.9.2342.19200300.100.1.42
749	        personalTitle                  A    0.9.2342.19200300.100.1.40
750	        RFC822LocalPart                O    0.9.2342.19200300.100.4.14
751	        RFC822Mailbox                  A    0.9.2342.19200300.100.1.3
752	        room                           O    0.9.2342.19200300.100.4.7
753	        roomNumber                     A    0.9.2342.19200300.100.1.6
754	        secretary                      A    0.9.2342.19200300.100.1.21
755	        simpleSecurityObject           O    0.9.2342.19200300.100.4.19
756	        singleLevelQuality             A    0.9.2342.19200300.100.1.50
757	        uniqueIdentifier               A    0.9.2342.19200300.100.1.44
758	        userClass                      A    0.9.2342.19200300.100.1.8

760	      where Type A is Attribute, Type O is ObjectClass, and Type M
761	      is Matching Rule.

763	7. Acknowledgments

765	  This document is based upon RFC 1274 by Paul Barker and Steve Kille.

767	8. Author's Address

769	  Kurt D. Zeilenga
770	  OpenLDAP Foundation

772	  Email: Kurt@OpenLDAP.org

774	9. References

776	  [[Note to the RFC Editor: please replace the citation tags used in
777	  referencing Internet-Drafts with tags of the form RFCnnnn where
778	  possible.]]

780	9.1. Normative References

782	                [RFC1034]     Mockapetris, P., "Domain names - concepts
783	                and facilities", STD 13 (also RFC 1034), November 1987.

785	  [RFC2119]     Bradner, S., "Key words for use in RFCs to Indicate
786	                Requirement Levels", BCP 14 (also RFC 2119), March 1997.

788	  [RFC2247]     Kille, S., M. Wahl, A. Grimstad, R. Huber and S.
789	                Sataluri, "Using Domains in LDAP/X.500 Distinguished
790	                Names", January 1998.

792	  [RFC2821]     Klensin, J. (editor), "Simple Mail Transfer Protocol",
793	                RFC 2822, April 2001.

795	  [RFC3490]     Faltstrom, P., P. Hoffman, and A. Costello,
796	                "Internationalizing Domain Names in Applications
797	                (INDA)", RFC 3490, March 2003.

799	  [Roadmap]     Zeilenga, K. (editor), "LDAP: Technical Specification
800	                Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
801	                progress.

803	  [Models]      Zeilenga, K. (editor), "LDAP: Directory Information
804	                Models", draft-ietf-ldapbis-models-xx.txt, a work in
805	                progress.

807	  [Syntaxes]    Legg, S. (editor), "LDAP: Syntaxes and Matching Rules",
808	                draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress.

810	  [Schema]      Dally, K. (editor), "LDAP: User Schema",
811	                draft-ietf-ldapbis-user-schema-xx.txt, a work in
812	                progress.

814	  [AuthMeth]    Harrison, R. (editor), "LDAP: Authentication Methods and
815	                Connection Level Security Mechanisms",
816	                draft-ietf-ldapbis-authmeth-xx.txt, a work in progress.

818	9.2. Informative References

820	  [ISO3166]     International Organization for Standardization, "Codes
821	                for the representation of names of countries", ISO 3166.

823	  [RFC1274]     Barker, P. and S. Kille, "The COSINE and Internet X.500
824	                Schema", November 1991.

826	  [RFC2798]     Smith, M., "The LDAP inetOrgPerson Object Class", RFC
827	                2798, April 2000.

829	  [BCP64bis]    Zeilenga, K., "IANA Considerations for LDAP",
830	                draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.

832	Intellectual Property Rights

834	  The IETF takes no position regarding the validity or scope of any
835	  Intellectual Property Rights or other rights that might be claimed to
836	  pertain to the implementation or use of the technology described in
837	  this document or the extent to which any license under such rights
838	  might or might not be available; nor does it represent that it has
839	  made any independent effort to identify any such rights.  Information
840	  on the procedures with respect to rights in RFC documents can be found
841	  in BCP 78 and BCP 79.

843	  Copies of IPR disclosures made to the IETF Secretariat and any
844	  assurances of licenses to be made available, or the result of an
845	  attempt made to obtain a general license or permission for the use of
846	  such proprietary rights by implementers or users of this specification
847	  can be obtained from the IETF on-line IPR repository at
848	  http://www.ietf.org/ipr.

850	  The IETF invites any interested party to bring to its attention any
851	  copyrights, patents or patent applications, or other proprietary
852	  rights that may cover technology that may be required to implement
853	  this standard.  Please address the information to the IETF at
854	  ietf-ipr@ietf.org.

856	Full Copyright

858	  Copyright (C) The Internet Society (2004).  This document is subject
859	  to the rights, licenses and restrictions contained in BCP 78, and
860	  except as set forth therein, the authors retain all their rights.

862	  This document and the information contained herein are provided on an
863	  "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
864	  OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
865	  ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
866	  INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
867	  INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
868	  WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.