1 2 3 4 5 6 7Network Working Group M. Smith 8Request for Comments: 2798 Netscape Communications 9Category: Informational April 2000 10 11 12 Definition of the inetOrgPerson LDAP Object Class 13 14Status of this Memo 15 16 This memo provides information for the Internet community. It does 17 not specify an Internet standard of any kind. Distribution of this 18 memo is unlimited. 19 20Copyright Notice 21 22 Copyright (C) The Internet Society (2000). All Rights Reserved. 23 24Abstract 25 26 While the X.500 standards define many useful attribute types [X520] 27 and object classes [X521], they do not define a person object class 28 that meets the requirements found in today's Internet and Intranet 29 directory service deployments. We define a new object class called 30 inetOrgPerson for use in LDAP and X.500 directory services that 31 extends the X.521 standard organizationalPerson class to meet these 32 needs. 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58Smith Informational [Page 1] 59 60RFC 2798 The LDAP inetOrgPerson Object Class April 2000 61 62 63Table of Contents 64 65 1. Background and Intended Usage...............................2 66 2. New Attribute Types Used in the inetOrgPerson Object Class..3 67 2.1. Vehicle license or registration plate....................3 68 2.2. Department number........................................3 69 2.3. Display Name.............................................4 70 2.4. Employee Number..........................................4 71 2.5. Employee Type............................................4 72 2.6. JPEG Photograph..........................................5 73 2.7. Preferred Language.......................................5 74 2.8. User S/MIME Certificate..................................5 75 2.9. User PKCS #12............................................6 76 3. Definition of the inetOrgPerson Object Class................6 77 4. Example of an inetOrgPerson Entry...........................7 78 5. Security Considerations.....................................8 79 6. Acknowledgments.............................................8 80 7. Bibliography................................................8 81 8. Author's Address............................................9 82 9. Appendix A - inetOrgPerson Schema Summary..................10 83 9.1. Attribute Types..........................................10 84 9.1.1. New attribute types that are defined in this document.10 85 9.1.2. Attribute types from RFC 2256.........................12 86 9.1.3. Attribute types from RFC 1274.........................15 87 9.1.4. Attribute type from RFC 2079..........................16 88 9.2. Syntaxes.................................................17 89 9.2.1. Syntaxes from RFC 2252................................17 90 9.2.2. Syntaxes from RFC 2256................................17 91 9.3. Matching Rules...........................................17 92 9.3.1. Matching rules from RFC 2252..........................17 93 9.3.2. Matching rule from RFC 2256...........................18 94 9.3.3. Additional matching rules from X.520..................18 95 9.3.4. Matching rules not defined in any referenced document.19 96 10. Full Copyright Statement...................................20 97 981. Background and Intended Usage 99 100 The inetOrgPerson object class is a general purpose object class that 101 holds attributes about people. The attributes it holds were chosen 102 to accommodate information requirements found in typical Internet and 103 Intranet directory service deployments. The inetOrgPerson object 104 class is designed to be used within directory services based on the 105 LDAP [RFC2251] and the X.500 family of protocols, and it should be 106 useful in other contexts as well. There is no requirement for 107 directory services implementors to use the inetOrgPerson object 108 class; it is simply presented as well-documented class that 109 implementors can choose to use if they find it useful. 110 111 112 113 114Smith Informational [Page 2] 115 116RFC 2798 The LDAP inetOrgPerson Object Class April 2000 117 118 119 The attribute type and object class definitions in this document are 120 written using the BNF form of AttributeTypeDescription and 121 ObjectClassDescription given in [RFC2252]. In some cases lines have 122 been folded for readability. 123 124 Attributes that are referenced but not defined in this document are 125 included in one of the following documents: 126 127 The COSINE and Internet X.500 Schema [RFC1274] 128 129 Definition of an X.500 Attribute Type and an Object Class to Hold 130 Uniform Resource Identifiers (URIs) [RFC2079] 131 132 A Summary of the X.500(96) User Schema for use with LDAPv3 133 [RFC2256] 134 135 See Appendix A for a summary of the attribute types, associated 136 syntaxes, and matching rules used in this document. 137 1382. New Attribute Types Used in the inetOrgPerson Object Class 139 1402.1. Vehicle license or registration plate. 141 142 This multivalued field is used to record the values of the license or 143 registration plate associated with an individual. 144 145 ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' 146 DESC 'vehicle license or registration plate' 147 EQUALITY caseIgnoreMatch 148 SUBSTR caseIgnoreSubstringsMatch 149 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 150 1512.2. Department number 152 153 Code for department to which a person belongs. This can also be 154 strictly numeric (e.g., 1234) or alphanumeric (e.g., ABC/123). 155 156 ( 2.16.840.1.113730.3.1.2 157 NAME 'departmentNumber' 158 DESC 'identifies a department within an organization' 159 EQUALITY caseIgnoreMatch 160 SUBSTR caseIgnoreSubstringsMatch 161 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 162 163 164 165 166 167 168 169 170Smith Informational [Page 3] 171 172RFC 2798 The LDAP inetOrgPerson Object Class April 2000 173 174 1752.3. Display Name 176 177 When displaying an entry, especially within a one-line summary list, 178 it is useful to be able to identify a name to be used. Since other 179 attribute types such as 'cn' are multivalued, an additional attribute 180 type is needed. Display name is defined for this purpose. 181 182 ( 2.16.840.1.113730.3.1.241 183 NAME 'displayName' 184 DESC 'preferred name of a person to be used when displaying entries' 185 EQUALITY caseIgnoreMatch 186 SUBSTR caseIgnoreSubstringsMatch 187 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 188 SINGLE-VALUE ) 189 1902.4. Employee Number 191 192 Numeric or alphanumeric identifier assigned to a person, typically 193 based on order of hire or association with an organization. Single 194 valued. 195 196 ( 2.16.840.1.113730.3.1.3 197 NAME 'employeeNumber' 198 DESC 'numerically identifies an employee within an organization' 199 EQUALITY caseIgnoreMatch 200 SUBSTR caseIgnoreSubstringsMatch 201 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 202 SINGLE-VALUE ) 203 2042.5. Employee Type 205 206 Used to identify the employer to employee relationship. Typical 207 values used will be "Contractor", "Employee", "Intern", "Temp", 208 "External", and "Unknown" but any value may be used. 209 210 ( 2.16.840.1.113730.3.1.4 211 NAME 'employeeType' 212 DESC 'type of employment for a person' 213 EQUALITY caseIgnoreMatch 214 SUBSTR caseIgnoreSubstringsMatch 215 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 216 217 218 219 220 221 222 223 224 225 226Smith Informational [Page 4] 227 228RFC 2798 The LDAP inetOrgPerson Object Class April 2000 229 230 2312.6. JPEG Photograph 232 233 Used to store one or more images of a person using the JPEG File 234 Interchange Format [JFIF]. 235 236 ( 0.9.2342.19200300.100.1.60 237 NAME 'jpegPhoto' 238 DESC 'a JPEG image' 239 SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) 240 241 Note that the jpegPhoto attribute type was defined for use in the 242 Internet X.500 pilots but no referencable definition for it could be 243 located. 244 2452.7. Preferred Language 246 247 Used to indicate an individual's preferred written or spoken 248 language. This is useful for international correspondence or human- 249 computer interaction. Values for this attribute type MUST conform to 250 the definition of the Accept-Language header field defined in 251 [RFC2068] with one exception: the sequence "Accept-Language" ":" 252 should be omitted. This is a single valued attribute type. 253 254 ( 2.16.840.1.113730.3.1.39 255 NAME 'preferredLanguage' 256 DESC 'preferred written or spoken language for a person' 257 EQUALITY caseIgnoreMatch 258 SUBSTR caseIgnoreSubstringsMatch 259 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 260 SINGLE-VALUE ) 261 ) 262 2632.8. User S/MIME Certificate 264 265 A PKCS#7 [RFC2315] SignedData, where the content that is signed is 266 ignored by consumers of userSMIMECertificate values. It is 267 recommended that values have a `contentType' of data with an absent 268 `content' field. Values of this attribute contain a person's entire 269 certificate chain and an smimeCapabilities field [RFC2633] that at a 270 minimum describes their SMIME algorithm capabilities. Values for 271 this attribute are to be stored and requested in binary form, as 272 'userSMIMECertificate;binary'. If available, this attribute is 273 preferred over the userCertificate attribute for S/MIME applications. 274 275 ( 2.16.840.1.113730.3.1.40 276 NAME 'userSMIMECertificate' 277 DESC 'PKCS#7 SignedData used to support S/MIME' 278 SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) 279 280 281 282Smith Informational [Page 5] 283 284RFC 2798 The LDAP inetOrgPerson Object Class April 2000 285 286 2872.9. User PKCS #12 288 289 PKCS #12 [PKCS12] provides a format for exchange of personal identity 290 information. When such information is stored in a directory service, 291 the userPKCS12 attribute should be used. This attribute is to be 292 stored and requested in binary form, as 'userPKCS12;binary'. The 293 attribute values are PFX PDUs stored as binary data. 294 295( 2.16.840.1.113730.3.1.216 296 NAME 'userPKCS12' 297 DESC 'PKCS #12 PFX PDU for exchange of personal identity information' 298 SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) 299 3003. Definition of the inetOrgPerson Object Class 301 302 The inetOrgPerson represents people who are associated with an 303 organization in some way. It is a structural class and is derived 304 from the organizationalPerson class which is defined in X.521 [X521]. 305 306( 2.16.840.1.113730.3.2.2 307 NAME 'inetOrgPerson' 308 SUP organizationalPerson 309 STRUCTURAL 310 MAY ( 311 audio $ businessCategory $ carLicense $ departmentNumber $ 312 displayName $ employeeNumber $ employeeType $ givenName $ 313 homePhone $ homePostalAddress $ initials $ jpegPhoto $ 314 labeledURI $ mail $ manager $ mobile $ o $ pager $ 315 photo $ roomNumber $ secretary $ uid $ userCertificate $ 316 x500uniqueIdentifier $ preferredLanguage $ 317 userSMIMECertificate $ userPKCS12 318 ) 319) 320 321 For reference, we list the following additional attribute types that 322 are part of the inetOrgPerson object class. These attribute types 323 are inherited from organizationalPerson (which in turn is derived 324 from the person object class): 325 326 327 328 329 330 331 332 333 334 335 336 337 338Smith Informational [Page 6] 339 340RFC 2798 The LDAP inetOrgPerson Object Class April 2000 341 342 343 MUST ( 344 cn $ objectClass $ sn 345 ) 346 MAY ( 347 description $ destinationIndicator $ facsimileTelephoneNumber $ 348 internationaliSDNNumber $ l $ ou $ physicalDeliveryOfficeName $ 349 postalAddress $ postalCode $ postOfficeBox $ 350 preferredDeliveryMethod $ registeredAddress $ seeAlso $ 351 st $ street $ telephoneNumber $ teletexTerminalIdentifier $ 352 telexNumber $ title $ userPassword $ x121Address 353 ) 354 3554. Example of an inetOrgPerson Entry 356 357 The following example is expressed using the LDIF notation defined in 358 [LDIF]. 359 360 version: 1 361 dn: cn=Barbara Jensen,ou=Product Development,dc=siroe,dc=com 362 objectClass: top 363 objectClass: person 364 objectClass: organizationalPerson 365 objectClass: inetOrgPerson 366 cn: Barbara Jensen 367 cn: Babs Jensen 368 displayName: Babs Jensen 369 sn: Jensen 370 givenName: Barbara 371 initials: BJJ 372 title: manager, product development 373 uid: bjensen 374 mail: bjensen@siroe.com 375 telephoneNumber: +1 408 555 1862 376 facsimileTelephoneNumber: +1 408 555 1992 377 mobile: +1 408 555 1941 378 roomNumber: 0209 379 carLicense: 6ABC246 380 o: Siroe 381 ou: Product Development 382 departmentNumber: 2604 383 employeeNumber: 42 384 employeeType: full time 385 preferredLanguage: fr, en-gb;q=0.8, en;q=0.7 386 labeledURI: http://www.siroe.com/users/bjensen My Home Page 387 388 389 390 391 392 393 394Smith Informational [Page 7] 395 396RFC 2798 The LDAP inetOrgPerson Object Class April 2000 397 398 3995. Security Considerations 400 401 Attributes of directory entries are used to provide descriptive 402 information about the real-world objects they represent, which can be 403 people, organizations or devices. Most countries have privacy laws 404 regarding the publication of information about people. 405 406 Transfer of cleartext passwords are strongly discouraged where the 407 underlying transport service cannot guarantee confidentiality and may 408 result in disclosure of the password to unauthorized parties. 409 4106. Acknowledgments 411 412 The Netscape Directory Server team created the inetOrgPerson object 413 class based on experience and customer requirements. Anil Bhavnani 414 and John Kristian in particular deserve credit for all of the early 415 design work. 416 417 Many members of the Internet community, in particular those in the 418 IETF ASID and LDAPEXT groups, also contributed to the design of this 419 object class. 420 4217. Bibliography 422 423 [JFIF] E. Hamilton, "JPEG File Interchange Format (Version 1.02)", 424 C-Cube Microsystems, Milpitas, CA, September 1, 1992. 425 426 [LDIF] G. Good, "The LDAP Data Interchange Format (LDIF) - 427 Technical Specification", Work in Progress. 428 429 [PKCS12] "PKCS #12: Personal Information Exchange Standard", Version 430 1.0 Draft, 30 April 1997. 431 432 [RFC1274] Barker, P. and S. Kille, "The COSINE and Internet X.500 433 Schema", RFC 1274, November 1991. 434 435 [RFC1847] Galvin, J., Murphy, S., Crocker, S. and N. Freed, "Security 436 Multiparts for MIME: Multipart/Signed and 437 Multipart/Encrypted", RFC 1847, October 1995. 438 439 [RFC2068] Fielding, R., Gettys, J., Mogul, J., Frystyk, H. and T. 440 Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 441 2068, January 1997. 442 443 [RFC2079] Smith, M., "Definition of an X.500 Attribute Type and an 444 Object Class to Hold Uniform Resource Identifiers (URIs)", 445 RFC 2079, January 1997. 446 447 448 449 450Smith Informational [Page 8] 451 452RFC 2798 The LDAP inetOrgPerson Object Class April 2000 453 454 455 [RFC2251] Wahl, M., Howes, T. and S. Kille, "Lightweight Directory 456 Access Protocol (v3)", RFC 2251, December 1997. 457 458 [RFC2252] Wahl, M., Coulbeck, A., Howes, T., Kille, S., Yeong, W. and 459 C. Robbins, "Lightweight Directory Access Protocol (v3): 460 Attribute Syntax Definitions", RFC 2252, December 1997. 461 462 [RFC2256] Wahl, M., "A Summary of the X.500(96) User Schema for use 463 with LDAPv3", RFC 2256, December 1997. 464 465 [RFC2315] Kaliski, B., "PKCS #7: Cryptographic Message Syntax Version 466 1.5", RFC 2315, March 1998. 467 468 [RFC2633] Ramsdell, B., "S/MIME Version 3 Message Specification", RFC 469 2633, June 1999. 470 471 [X520] ITU-T Rec. X.520, "The Directory: Selected Attribute 472 Types", 1996. 473 474 [X521] ITU-T Rec. X.521, "The Directory: Selected Object Classes", 475 1996. 476 4778. Author's Address 478 479 Mark Smith 480 Netscape Communications Corp. 481 501 E. Middlefield Rd., Mailstop MV068 482 Mountain View, CA 94043, USA 483 484 Phone: +1 650 937-3477 485 EMail: mcs@netscape.com 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506Smith Informational [Page 9] 507 508RFC 2798 The LDAP inetOrgPerson Object Class April 2000 509 510 5119. Appendix A - inetOrgPerson Schema Summary 512 513 This appendix provides definitions of all the attribute types 514 included in the inetOrgPerson object class along with their 515 associated syntaxes and matching rules. 516 5179.1. Attribute Types 518 5199.1.1. New attribute types that are defined in this document 520 521 ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' 522 DESC 'vehicle license or registration plate' 523 EQUALITY caseIgnoreMatch 524 SUBSTR caseIgnoreSubstringsMatch 525 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 526 527 ( 2.16.840.1.113730.3.1.2 528 NAME 'departmentNumber' 529 DESC 'identifies a department within an organization' 530 EQUALITY caseIgnoreMatch 531 SUBSTR caseIgnoreSubstringsMatch 532 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 533 534 ( 2.16.840.1.113730.3.1.241 535 NAME 'displayName' 536 DESC 'preferred name of a person to be used when displaying entries' 537 EQUALITY caseIgnoreMatch 538 SUBSTR caseIgnoreSubstringsMatch 539 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 540 SINGLE-VALUE ) 541 542 ( 2.16.840.1.113730.3.1.3 543 NAME 'employeeNumber' 544 DESC 'numerically identifies an employee within an organization' 545 EQUALITY caseIgnoreMatch 546 SUBSTR caseIgnoreSubstringsMatch 547 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 548 SINGLE-VALUE ) 549 550 ( 2.16.840.1.113730.3.1.4 551 NAME 'employeeType' 552 DESC 'type of employment for a person' 553 EQUALITY caseIgnoreMatch 554 SUBSTR caseIgnoreSubstringsMatch 555 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 556 557 558 559 560 561 562Smith Informational [Page 10] 563 564RFC 2798 The LDAP inetOrgPerson Object Class April 2000 565 566 567 ( 0.9.2342.19200300.100.1.60 568 NAME 'jpegPhoto' 569 DESC 'a JPEG image' 570 SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) 571 Note: The jpegPhoto attribute type was defined for use in the 572 Internet X.500 pilots but no referencable definition for it 573 could be located. 574 575 ( 2.16.840.1.113730.3.1.39 576 NAME 'preferredLanguage' 577 DESC 'preferred written or spoken language for a person' 578 EQUALITY caseIgnoreMatch 579 SUBSTR caseIgnoreSubstringsMatch 580 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 581 SINGLE-VALUE ) 582 583 ( 2.16.840.1.113730.3.1.40 584 NAME 'userSMIMECertificate' 585 DESC 'signed message used to support S/MIME' 586 SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) 587 588 ( 2.16.840.1.113730.3.1.216 589 NAME 'userPKCS12' 590 DESC 'PKCS #12 PFX PDU for exchange of personal identity information' 591 SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) 592 5939.1.2. Attribute types from RFC 2256 594 595 Note that the original definitions of these types can be found in 596 X.520. 597 598 ( 2.5.4.15 599 NAME 'businessCategory' 600 EQUALITY caseIgnoreMatch 601 SUBSTR caseIgnoreSubstringsMatch 602 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) 603 604 ( 2.5.4.3 605 NAME 'cn' 606 SUP name ) 607 608 ( 2.5.4.13 609 NAME 'description' 610 EQUALITY caseIgnoreMatch 611 SUBSTR caseIgnoreSubstringsMatch 612 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) 613 614 615 616 617 618Smith Informational [Page 11] 619 620RFC 2798 The LDAP inetOrgPerson Object Class April 2000 621 622 623 ( 2.5.4.27 624 NAME 'destinationIndicator' 625 EQUALITY caseIgnoreMatch 626 SUBSTR caseIgnoreSubstringsMatch 627 SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) 628 629 ( 2.5.4.23 630 NAME 'facsimileTelephoneNumber' 631 SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ) 632 633 ( 2.5.4.42 634 NAME 'givenName' 635 SUP name ) 636 637 ( 2.5.4.43 638 NAME 'initials' 639 SUP name ) 640 641 ( 2.5.4.25 642 NAME 'internationaliSDNNumber' 643 EQUALITY numericStringMatch 644 SUBSTR numericStringSubstringsMatch 645 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) 646 647 ( 2.5.4.7 648 NAME 'l' 649 SUP name ) 650 651 ( 2.5.4.0 652 NAME 'objectClass' 653 EQUALITY objectIdentifierMatch 654 SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) 655 656 ( 2.5.4.10 657 NAME 'o' 658 SUP name ) 659 660 ( 2.5.4.11 661 NAME 'ou' 662 SUP name ) 663 664 ( 2.5.4.19 665 NAME 'physicalDeliveryOfficeName' 666 EQUALITY caseIgnoreMatch 667 SUBSTR caseIgnoreSubstringsMatch 668 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) 669 670 671 672 673 674Smith Informational [Page 12] 675 676RFC 2798 The LDAP inetOrgPerson Object Class April 2000 677 678 679 ( 2.5.4.18 680 NAME 'postOfficeBox' 681 EQUALITY caseIgnoreMatch 682 SUBSTR caseIgnoreSubstringsMatch 683 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) 684 685 ( 2.5.4.16 686 NAME 'postalAddress' 687 EQUALITY caseIgnoreListMatch 688 SUBSTR caseIgnoreListSubstringsMatch 689 SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) 690 691 ( 2.5.4.17 692 NAME 'postalCode' 693 EQUALITY caseIgnoreMatch 694 SUBSTR caseIgnoreSubstringsMatch 695 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) 696 697 ( 2.5.4.28 698 NAME 'preferredDeliveryMethod' 699 SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 700 SINGLE-VALUE ) 701 702 ( 2.5.4.26 703 NAME 'registeredAddress' 704 SUP postalAddress 705 SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) 706 707 ( 2.5.4.34 708 NAME 'seeAlso' 709 SUP distinguishedName ) 710 711 ( 2.5.4.4 712 NAME 'sn' 713 SUP name ) 714 715 ( 2.5.4.8 716 NAME 'st' 717 SUP name ) 718 719 ( 2.5.4.9 720 NAME 'street' 721 EQUALITY caseIgnoreMatch 722 SUBSTR caseIgnoreSubstringsMatch 723 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) 724 725 726 727 728 729 730Smith Informational [Page 13] 731 732RFC 2798 The LDAP inetOrgPerson Object Class April 2000 733 734 735 ( 2.5.4.20 736 NAME 'telephoneNumber' 737 EQUALITY telephoneNumberMatch 738 SUBSTR telephoneNumberSubstringsMatch 739 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) 740 741 ( 2.5.4.22 742 NAME 'teletexTerminalIdentifier' 743 SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) 744 745 ( 2.5.4.21 746 NAME 'telexNumber' 747 SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) 748 749 ( 2.5.4.12 750 NAME 'title' 751 SUP name ) 752 753 ( 2.5.4.36 754 NAME 'userCertificate' 755 SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) 756 757 ( 2.5.4.35 758 NAME 'userPassword' 759 EQUALITY octetStringMatch 760 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) 761 762 ( 2.5.4.24 763 NAME 'x121Address' 764 EQUALITY numericStringMatch 765 SUBSTR numericStringSubstringsMatch 766 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ) 767 768 ( 2.5.4.45 769 NAME 'x500UniqueIdentifier' 770 EQUALITY bitStringMatch 771 SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) 772 773 Some attribute types included in inetOrgPerson are derived from the 774 'name' and 'distinguishedName' attribute supertypes: 775 776 ( 2.5.4.41 777 NAME 'name' 778 EQUALITY caseIgnoreMatch 779 SUBSTR caseIgnoreSubstringsMatch 780 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) 781 782 783 784 785 786Smith Informational [Page 14] 787 788RFC 2798 The LDAP inetOrgPerson Object Class April 2000 789 790 791 ( 2.5.4.49 792 NAME 'distinguishedName' 793 EQUALITY distinguishedNameMatch 794 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 795 7969.1.3. Attribute types from RFC 1274 797 798 ( 0.9.2342.19200300.100.1.55 799 NAME 'audio' 800 EQUALITY octetStringMatch 801 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{250000} ) 802 Note: The syntax used here for the audio attribute type is Octet 803 String. RFC 1274 uses a syntax called audio which is not defined 804 in RFC 1274. 805 806 ( 0.9.2342.19200300.100.1.20 807 NAME 'homePhone' 808 EQUALITY telephoneNumberMatch 809 SUBSTR telephoneNumberSubstringsMatch 810 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) 811 Note: RFC 1274 uses the longer name 'homeTelephoneNumber'. 812 813 ( 0.9.2342.19200300.100.1.39 814 NAME 'homePostalAddress' 815 EQUALITY caseIgnoreListMatch 816 SUBSTR caseIgnoreListSubstringsMatch 817 SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) 818 819 ( 0.9.2342.19200300.100.1.3 820 NAME 'mail' 821 EQUALITY caseIgnoreIA5Match 822 SUBSTR caseIgnoreIA5SubstringsMatch 823 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) 824 Note: RFC 1274 uses the longer name 'rfc822Mailbox' and syntax OID 825 of 0.9.2342.19200300.100.3.5. All recent LDAP documents and most 826 deployed LDAP implementations refer to this attribute as 'mail' 827 and define the IA5 String syntax using using the OID 828 1.3.6.1.4.1.1466.115.121.1.26, as is done here. 829 830 ( 0.9.2342.19200300.100.1.10 831 NAME 'manager' 832 EQUALITY distinguishedNameMatch 833 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 834 835 836 837 838 839 840 841 842Smith Informational [Page 15] 843 844RFC 2798 The LDAP inetOrgPerson Object Class April 2000 845 846 847 ( 0.9.2342.19200300.100.1.41 848 NAME 'mobile' 849 EQUALITY telephoneNumberMatch 850 SUBSTR telephoneNumberSubstringsMatch 851 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) 852 Note: RFC 1274 uses the longer name 'mobileTelephoneNumber'. 853 854 ( 0.9.2342.19200300.100.1.42 855 NAME 'pager' 856 EQUALITY telephoneNumberMatch 857 SUBSTR telephoneNumberSubstringsMatch 858 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) 859 Note: RFC 1274 uses the longer name 'pagerTelephoneNumber'. 860 861 ( 0.9.2342.19200300.100.1.7 862 NAME 'photo' ) 863 Note: Photo attribute values are encoded in G3 fax format with an 864 ASN.1 wrapper. Please refer to RFC 1274 section 9.3.7 for 865 detailed syntax information for this attribute. 866 867 ( 0.9.2342.19200300.100.1.6 868 NAME 'roomNumber' 869 EQUALITY caseIgnoreMatch 870 SUBSTR caseIgnoreSubstringsMatch 871 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 872 873 ( 0.9.2342.19200300.100.1.21 874 NAME 'secretary' 875 EQUALITY distinguishedNameMatch 876 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 877 878 ( 0.9.2342.19200300.100.1.1 879 NAME 'uid' 880 EQUALITY caseIgnoreMatch 881 SUBSTR caseIgnoreSubstringsMatch 882 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 883 Note: RFC 1274 uses the longer name 'userid'. 884 8859.1.4. Attribute type from RFC 2079 886 887 ( 1.3.6.1.4.1.250.1.57 888 NAME 'labeledURI' 889 EQUALITY caseExactMatch 890 SUBSTR caseExactSubstringsMatch 891 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 892 893 894 895 896 897 898Smith Informational [Page 16] 899 900RFC 2798 The LDAP inetOrgPerson Object Class April 2000 901 902 9039.2. Syntaxes 904 9059.2.1. Syntaxes from RFC 2252 906 907 ( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' ) 908 909 ( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' ) 910 911 ( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' ) 912 913 ( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'DN' ) 914 915 ( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'Directory String' ) 916 917 ( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'Facsimile Telephone Number' ) 918 919 ( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5 String' ) 920 921 ( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' ) 922 923 ( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' ) 924 925 ( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' ) 926 927 ( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' ) 928 929 ( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' ) 930 931 ( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'Telephone Number' ) 932 9339.2.2. Syntaxes from RFC 2256 934 935 ( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' ) 936 937 ( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'Octet String' ) 938 939 ( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'Teletex Terminal Identifier' ) 940 941 ( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' ) 942 9439.3. Matching Rules 944 9459.3.1. Matching rules from RFC 2252 946 947 Note that the original definition of many of these matching rules can 948 be found in X.520. 949 950 951 952 953 954Smith Informational [Page 17] 955 956RFC 2798 The LDAP inetOrgPerson Object Class April 2000 957 958 959 ( 2.5.13.16 NAME 'bitStringMatch' 960 SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) 961 962 ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' 963 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 964 965 ( 2.5.13.11 NAME 'caseIgnoreListMatch' 966 SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) 967 968 ( 2.5.13.2 NAME 'caseIgnoreMatch' 969 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 970 971 ( 2.5.13.1 NAME 'distinguishedNameMatch' 972 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 973 974 ( 2.5.13.8 NAME 'numericStringMatch' 975 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 ) 976 977 ( 2.5.13.0 NAME 'objectIdentifierMatch' 978 SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) 979 980 ( 2.5.13.20 NAME 'telephoneNumberMatch' 981 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) 982 9839.3.2. Matching rule from RFC 2256 984 985 Note that the original definition of this matching rule can be found 986 in X.520. 987 988 ( 2.5.13.17 NAME 'octetStringMatch' 989 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) 990 9919.3.3. Additional matching rules from X.520 992 993 caseExactMatch 994 995 ( 2.5.13.5 NAME 'caseExactMatch' 996 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 997 998 This rule determines whether a presented string exactly matches an 999 attribute value of syntax DirectoryString. It is identical to 1000 caseIgnoreMatch except that case is not ignored. Multiple adjoining 1001 whitespace characters are treated the same as an individual space, 1002 and leading and trailing whitespace is ignored. 1003 1004 1005 1006 1007 1008 1009 1010Smith Informational [Page 18] 1011 1012RFC 2798 The LDAP inetOrgPerson Object Class April 2000 1013 1014 1015 caseExactSubstringsMatch 1016 1017 ( 2.5.13.7 NAME 'caseExactSubstringsMatch' 1018 SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) 1019 1020 This rules determines whether the initial, any and final substring 1021 elements in a presented value are present in an attribute value of 1022 syntax DirectoryString. It is identical to caseIgnoreSubstringsMatch 1023 except that case is not ignored. 1024 1025 caseIgnoreListSubstringsMatch 1026 1027 ( 2.5.13.12 NAME 'caseIgnoreListSubstringsMatch' 1028 SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) 1029 1030 This rule compares a presented substring with an attribute value 1031 which is a sequence of DirectoryStrings, but where the case of 1032 letters is not significant for comparison purposes. A presented 1033 value matches a stored value if and only if the presented value 1034 matches the string formed by concatenating the strings of the stored 1035 value. Matching is done according to the caseIgnoreSubstringsMatch 1036 rule except that none of the initial, final, or any values of the 1037 presented value match a substring of the concatenated string which 1038 spans more than one of the strings of the stored value. 1039 10409.3.4. Matching rules not defined in any referenced document 1041 1042 caseIgnoreIA5SubstringsMatch 1043 1044 ( 1.3.6.1.4.1.1466.109.114.3 NAME 'caseIgnoreIA5SubstringsMatch' 1045 SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) 1046 1047 This rules determines whether the initial, any and final substring 1048 elements in a presented value are present in an attribute value of 1049 syntax IA5 String without regard to the case of the letters in the 1050 strings. It is expected that this matching rule will be added to an 1051 update of RFC 2252. 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066Smith Informational [Page 19] 1067 1068RFC 2798 The LDAP inetOrgPerson Object Class April 2000 1069 1070 107110. Full Copyright Statement 1072 1073 Copyright (C) The Internet Society (2000). All Rights Reserved. 1074 1075 This document and translations of it may be copied and furnished to 1076 others, and derivative works that comment on or otherwise explain it 1077 or assist in its implementation may be prepared, copied, published 1078 and distributed, in whole or in part, without restriction of any 1079 kind, provided that the above copyright notice and this paragraph are 1080 included on all such copies and derivative works. However, this 1081 document itself may not be modified in any way, such as by removing 1082 the copyright notice or references to the Internet Society or other 1083 Internet organizations, except as needed for the purpose of 1084 developing Internet standards in which case the procedures for 1085 copyrights defined in the Internet Standards process must be 1086 followed, or as required to translate it into languages other than 1087 English. 1088 1089 The limited permissions granted above are perpetual and will not be 1090 revoked by the Internet Society or its successors or assigns. 1091 1092 This document and the information contained herein is provided on an 1093 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 1094 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 1095 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 1096 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 1097 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1098 1099Acknowledgement 1100 1101 Funding for the RFC Editor function is currently provided by the 1102 Internet Society. 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122Smith Informational [Page 20] 1123 1124