1
2
3
4
5
6
7Network Working Group                                          M. Smith
8Request for Comments: 2798                      Netscape Communications
9Category: Informational                                      April 2000
10
11
12           Definition of the inetOrgPerson LDAP Object Class
13
14Status of this Memo
15
16   This memo provides information for the Internet community.  It does
17   not specify an Internet standard of any kind.  Distribution of this
18   memo is unlimited.
19
20Copyright Notice
21
22   Copyright (C) The Internet Society (2000).  All Rights Reserved.
23
24Abstract
25
26   While the X.500 standards define many useful attribute types [X520]
27   and object classes [X521], they do not define a person object class
28   that meets the requirements found in today's Internet and Intranet
29   directory service deployments.  We define a new object class called
30   inetOrgPerson for use in LDAP and X.500 directory services that
31   extends the X.521 standard organizationalPerson class to meet these
32   needs.
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58Smith                        Informational                      [Page 1]
59
60RFC 2798          The LDAP inetOrgPerson Object Class         April 2000
61
62
63Table of Contents
64
65   1.     Background and Intended Usage...............................2
66   2.     New Attribute Types Used in the inetOrgPerson Object Class..3
67   2.1.      Vehicle license or registration plate....................3
68   2.2.      Department number........................................3
69   2.3.      Display Name.............................................4
70   2.4.      Employee Number..........................................4
71   2.5.      Employee Type............................................4
72   2.6.      JPEG Photograph..........................................5
73   2.7.      Preferred Language.......................................5
74   2.8.      User S/MIME Certificate..................................5
75   2.9.      User PKCS #12............................................6
76   3.     Definition of the inetOrgPerson Object Class................6
77   4.     Example of an inetOrgPerson Entry...........................7
78   5.     Security Considerations.....................................8
79   6.     Acknowledgments.............................................8
80   7.     Bibliography................................................8
81   8.     Author's Address............................................9
82   9.     Appendix A - inetOrgPerson Schema Summary..................10
83   9.1.     Attribute Types..........................................10
84   9.1.1.      New attribute types that are defined in this document.10
85   9.1.2.      Attribute types from RFC 2256.........................12
86   9.1.3.      Attribute types from RFC 1274.........................15
87   9.1.4.      Attribute type from RFC 2079..........................16
88   9.2.     Syntaxes.................................................17
89   9.2.1.      Syntaxes from RFC 2252................................17
90   9.2.2.      Syntaxes from RFC 2256................................17
91   9.3.     Matching Rules...........................................17
92   9.3.1.      Matching rules from RFC 2252..........................17
93   9.3.2.      Matching rule from RFC 2256...........................18
94   9.3.3.      Additional matching rules from X.520..................18
95   9.3.4.      Matching rules not defined in any referenced document.19
96   10.    Full Copyright Statement...................................20
97
981.  Background and Intended Usage
99
100   The inetOrgPerson object class is a general purpose object class that
101   holds attributes about people.  The attributes it holds were chosen
102   to accommodate information requirements found in typical Internet and
103   Intranet directory service deployments.  The inetOrgPerson object
104   class is designed to be used within directory services based on the
105   LDAP [RFC2251] and the X.500 family of protocols, and it should be
106   useful in other contexts as well.  There is no requirement for
107   directory services implementors to use the inetOrgPerson object
108   class; it is simply presented as well-documented class that
109   implementors can choose to use if they find it useful.
110
111
112
113
114Smith                        Informational                      [Page 2]
115
116RFC 2798          The LDAP inetOrgPerson Object Class         April 2000
117
118
119   The attribute type and object class definitions in this document are
120   written using the BNF form of AttributeTypeDescription and
121   ObjectClassDescription given in [RFC2252].  In some cases lines have
122   been folded for readability.
123
124   Attributes that are referenced but not defined in this document are
125   included in one of the following documents:
126
127      The COSINE and Internet X.500 Schema [RFC1274]
128
129      Definition of an X.500 Attribute Type and an Object Class to Hold
130      Uniform Resource Identifiers (URIs) [RFC2079]
131
132      A Summary of the X.500(96) User Schema for use with LDAPv3
133      [RFC2256]
134
135   See Appendix A for a summary of the attribute types, associated
136   syntaxes, and matching rules used in this document.
137
1382.  New Attribute Types Used in the inetOrgPerson Object Class
139
1402.1.  Vehicle license or registration plate.
141
142   This multivalued field is used to record the values of the license or
143   registration plate associated with an individual.
144
145    ( 2.16.840.1.113730.3.1.1 NAME 'carLicense'
146      DESC 'vehicle license or registration plate'
147      EQUALITY caseIgnoreMatch
148      SUBSTR caseIgnoreSubstringsMatch
149      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
150
1512.2.  Department number
152
153   Code for department to which a person belongs.  This can also be
154   strictly numeric (e.g., 1234) or alphanumeric (e.g., ABC/123).
155
156    ( 2.16.840.1.113730.3.1.2
157      NAME 'departmentNumber'
158      DESC 'identifies a department within an organization'
159      EQUALITY caseIgnoreMatch
160      SUBSTR caseIgnoreSubstringsMatch
161      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
162
163
164
165
166
167
168
169
170Smith                        Informational                      [Page 3]
171
172RFC 2798          The LDAP inetOrgPerson Object Class         April 2000
173
174
1752.3.  Display Name
176
177   When displaying an entry, especially within a one-line summary list,
178   it is useful to be able to identify a name to be used.  Since other
179   attribute types such as 'cn' are multivalued, an additional attribute
180   type is needed.  Display name is defined for this purpose.
181
182  ( 2.16.840.1.113730.3.1.241
183    NAME 'displayName'
184    DESC 'preferred name of a person to be used when displaying entries'
185    EQUALITY caseIgnoreMatch
186    SUBSTR caseIgnoreSubstringsMatch
187    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
188    SINGLE-VALUE )
189
1902.4.  Employee Number
191
192   Numeric or alphanumeric identifier assigned to a person, typically
193   based on order of hire or association with an organization.  Single
194   valued.
195
196    ( 2.16.840.1.113730.3.1.3
197      NAME 'employeeNumber'
198      DESC 'numerically identifies an employee within an organization'
199      EQUALITY caseIgnoreMatch
200      SUBSTR caseIgnoreSubstringsMatch
201      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
202      SINGLE-VALUE )
203
2042.5.  Employee Type
205
206   Used to identify the employer to employee relationship.  Typical
207   values used will be "Contractor", "Employee", "Intern", "Temp",
208   "External", and "Unknown" but any value may be used.
209
210    ( 2.16.840.1.113730.3.1.4
211      NAME 'employeeType'
212      DESC 'type of employment for a person'
213      EQUALITY caseIgnoreMatch
214      SUBSTR caseIgnoreSubstringsMatch
215      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
216
217
218
219
220
221
222
223
224
225
226Smith                        Informational                      [Page 4]
227
228RFC 2798          The LDAP inetOrgPerson Object Class         April 2000
229
230
2312.6.  JPEG Photograph
232
233   Used to store one or more images of a person using the JPEG File
234   Interchange Format [JFIF].
235
236    ( 0.9.2342.19200300.100.1.60
237      NAME 'jpegPhoto'
238      DESC 'a JPEG image'
239      SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
240
241   Note that the jpegPhoto attribute type was defined for use in the
242   Internet X.500 pilots but no referencable definition for it could be
243   located.
244
2452.7.  Preferred Language
246
247   Used to indicate an individual's preferred written or spoken
248   language.  This is useful for international correspondence or human-
249   computer interaction.  Values for this attribute type MUST conform to
250   the definition of the Accept-Language header field defined in
251   [RFC2068] with one exception:  the sequence "Accept-Language" ":"
252   should be omitted.  This is a single valued attribute type.
253
254    ( 2.16.840.1.113730.3.1.39
255      NAME 'preferredLanguage'
256      DESC 'preferred written or spoken language for a person'
257      EQUALITY caseIgnoreMatch
258      SUBSTR caseIgnoreSubstringsMatch
259      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
260      SINGLE-VALUE )
261   )
262
2632.8.  User S/MIME Certificate
264
265   A PKCS#7 [RFC2315] SignedData, where the content that is signed is
266   ignored by consumers of userSMIMECertificate values.  It is
267   recommended that values have a `contentType' of data with an absent
268   `content' field.  Values of this attribute contain a person's entire
269   certificate chain and an smimeCapabilities field [RFC2633] that at a
270   minimum describes their SMIME algorithm capabilities.  Values for
271   this attribute are to be stored and requested in binary form, as
272   'userSMIMECertificate;binary'.  If available, this attribute is
273   preferred over the userCertificate attribute for S/MIME applications.
274
275    ( 2.16.840.1.113730.3.1.40
276      NAME 'userSMIMECertificate'
277      DESC 'PKCS#7 SignedData used to support S/MIME'
278      SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
279
280
281
282Smith                        Informational                      [Page 5]
283
284RFC 2798          The LDAP inetOrgPerson Object Class         April 2000
285
286
2872.9.  User PKCS #12
288
289   PKCS #12 [PKCS12] provides a format for exchange of personal identity
290   information.  When such information is stored in a directory service,
291   the userPKCS12 attribute should be used. This attribute is to be
292   stored and requested in binary form, as 'userPKCS12;binary'.  The
293   attribute values are PFX PDUs stored as binary data.
294
295( 2.16.840.1.113730.3.1.216
296  NAME 'userPKCS12'
297  DESC 'PKCS #12 PFX PDU for exchange of personal identity information'
298  SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
299
3003.  Definition of the inetOrgPerson Object Class
301
302   The inetOrgPerson represents people who are associated with an
303   organization in some way.  It is a structural class and is derived
304   from the organizationalPerson class which is defined in X.521 [X521].
305
306( 2.16.840.1.113730.3.2.2
307    NAME 'inetOrgPerson'
308    SUP organizationalPerson
309    STRUCTURAL
310    MAY (
311        audio $ businessCategory $ carLicense $ departmentNumber $
312        displayName $ employeeNumber $ employeeType $ givenName $
313        homePhone $ homePostalAddress $ initials $ jpegPhoto $
314        labeledURI $ mail $ manager $ mobile $ o $ pager $
315        photo $ roomNumber $ secretary $ uid $ userCertificate $
316        x500uniqueIdentifier $ preferredLanguage $
317        userSMIMECertificate $ userPKCS12
318    )
319)
320
321   For reference, we list the following additional attribute types that
322   are part of the inetOrgPerson object class.  These attribute types
323   are inherited from organizationalPerson (which in turn is derived
324   from the person object class):
325
326
327
328
329
330
331
332
333
334
335
336
337
338Smith                        Informational                      [Page 6]
339
340RFC 2798          The LDAP inetOrgPerson Object Class         April 2000
341
342
343    MUST (
344        cn $ objectClass $ sn
345    )
346    MAY (
347        description $ destinationIndicator $ facsimileTelephoneNumber $
348        internationaliSDNNumber $ l $ ou $ physicalDeliveryOfficeName $
349        postalAddress $ postalCode $ postOfficeBox $
350        preferredDeliveryMethod $ registeredAddress $ seeAlso $
351        st $ street $ telephoneNumber $ teletexTerminalIdentifier $
352        telexNumber $ title $ userPassword $ x121Address
353    )
354
3554.  Example of an inetOrgPerson Entry
356
357   The following example is expressed using the LDIF notation defined in
358   [LDIF].
359
360   version: 1
361   dn: cn=Barbara Jensen,ou=Product Development,dc=siroe,dc=com
362   objectClass: top
363   objectClass: person
364   objectClass: organizationalPerson
365   objectClass: inetOrgPerson
366   cn: Barbara Jensen
367   cn: Babs Jensen
368   displayName: Babs Jensen
369   sn: Jensen
370   givenName: Barbara
371   initials: BJJ
372   title: manager, product development
373   uid: bjensen
374   mail: bjensen@siroe.com
375   telephoneNumber: +1 408 555 1862
376   facsimileTelephoneNumber: +1 408 555 1992
377   mobile: +1 408 555 1941
378   roomNumber: 0209
379   carLicense: 6ABC246
380   o: Siroe
381   ou: Product Development
382   departmentNumber: 2604
383   employeeNumber: 42
384   employeeType: full time
385   preferredLanguage: fr, en-gb;q=0.8, en;q=0.7
386   labeledURI: http://www.siroe.com/users/bjensen My Home Page
387
388
389
390
391
392
393
394Smith                        Informational                      [Page 7]
395
396RFC 2798          The LDAP inetOrgPerson Object Class         April 2000
397
398
3995.  Security Considerations
400
401   Attributes of directory entries are used to provide descriptive
402   information about the real-world objects they represent, which can be
403   people, organizations or devices.  Most countries have privacy laws
404   regarding the publication of information about people.
405
406   Transfer of cleartext passwords are strongly discouraged where the
407   underlying transport service cannot guarantee confidentiality and may
408   result in disclosure of the password to unauthorized parties.
409
4106.  Acknowledgments
411
412   The Netscape Directory Server team created the inetOrgPerson object
413   class based on experience and customer requirements.  Anil Bhavnani
414   and John Kristian in particular deserve credit for all of the early
415   design work.
416
417   Many members of the Internet community, in particular those in the
418   IETF ASID and LDAPEXT groups, also contributed to the design of this
419   object class.
420
4217.  Bibliography
422
423   [JFIF]    E. Hamilton, "JPEG File Interchange Format (Version 1.02)",
424             C-Cube Microsystems, Milpitas, CA, September 1, 1992.
425
426   [LDIF]    G. Good, "The LDAP Data Interchange Format (LDIF) -
427             Technical Specification", Work in Progress.
428
429   [PKCS12]  "PKCS #12: Personal Information Exchange Standard", Version
430             1.0 Draft, 30 April 1997.
431
432   [RFC1274] Barker, P. and S. Kille, "The COSINE and Internet X.500
433             Schema", RFC 1274, November 1991.
434
435   [RFC1847] Galvin, J., Murphy, S., Crocker, S. and N. Freed, "Security
436             Multiparts for MIME:  Multipart/Signed and
437             Multipart/Encrypted", RFC 1847, October 1995.
438
439   [RFC2068] Fielding, R., Gettys, J., Mogul, J., Frystyk, H. and T.
440             Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC
441             2068, January 1997.
442
443   [RFC2079] Smith, M., "Definition of an X.500 Attribute Type and an
444             Object Class to Hold Uniform Resource Identifiers (URIs)",
445             RFC 2079, January 1997.
446
447
448
449
450Smith                        Informational                      [Page 8]
451
452RFC 2798          The LDAP inetOrgPerson Object Class         April 2000
453
454
455   [RFC2251] Wahl, M., Howes, T. and S. Kille, "Lightweight Directory
456             Access Protocol (v3)", RFC 2251, December 1997.
457
458   [RFC2252] Wahl, M., Coulbeck, A., Howes, T., Kille, S., Yeong, W. and
459             C. Robbins, "Lightweight Directory Access Protocol (v3):
460             Attribute Syntax Definitions", RFC 2252, December 1997.
461
462   [RFC2256] Wahl, M., "A Summary of the X.500(96) User Schema for use
463             with LDAPv3", RFC 2256, December 1997.
464
465   [RFC2315] Kaliski, B., "PKCS #7: Cryptographic Message Syntax Version
466             1.5", RFC 2315, March 1998.
467
468   [RFC2633] Ramsdell, B., "S/MIME Version 3 Message Specification", RFC
469             2633, June 1999.
470
471   [X520]    ITU-T Rec. X.520, "The Directory: Selected Attribute
472             Types", 1996.
473
474   [X521]    ITU-T Rec. X.521, "The Directory: Selected Object Classes",
475             1996.
476
4778.  Author's Address
478
479   Mark Smith
480   Netscape Communications Corp.
481   501 E. Middlefield Rd., Mailstop MV068
482   Mountain View, CA 94043, USA
483
484   Phone:  +1 650 937-3477
485   EMail:  mcs@netscape.com
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506Smith                        Informational                      [Page 9]
507
508RFC 2798          The LDAP inetOrgPerson Object Class         April 2000
509
510
5119.  Appendix A - inetOrgPerson Schema Summary
512
513   This appendix provides definitions of all the attribute types
514   included in the inetOrgPerson object class along with their
515   associated syntaxes and matching rules.
516
5179.1.  Attribute Types
518
5199.1.1.  New attribute types that are defined in this document
520
521  ( 2.16.840.1.113730.3.1.1 NAME 'carLicense'
522    DESC 'vehicle license or registration plate'
523    EQUALITY caseIgnoreMatch
524    SUBSTR caseIgnoreSubstringsMatch
525    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
526
527  ( 2.16.840.1.113730.3.1.2
528    NAME 'departmentNumber'
529    DESC 'identifies a department within an organization'
530    EQUALITY caseIgnoreMatch
531    SUBSTR caseIgnoreSubstringsMatch
532    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
533
534  ( 2.16.840.1.113730.3.1.241
535    NAME 'displayName'
536    DESC 'preferred name of a person to be used when displaying entries'
537    EQUALITY caseIgnoreMatch
538    SUBSTR caseIgnoreSubstringsMatch
539    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
540    SINGLE-VALUE )
541
542  ( 2.16.840.1.113730.3.1.3
543    NAME 'employeeNumber'
544    DESC 'numerically identifies an employee within an organization'
545    EQUALITY caseIgnoreMatch
546    SUBSTR caseIgnoreSubstringsMatch
547    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
548    SINGLE-VALUE )
549
550  ( 2.16.840.1.113730.3.1.4
551    NAME 'employeeType'
552    DESC 'type of employment for a person'
553    EQUALITY caseIgnoreMatch
554    SUBSTR caseIgnoreSubstringsMatch
555    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
556
557
558
559
560
561
562Smith                        Informational                     [Page 10]
563
564RFC 2798          The LDAP inetOrgPerson Object Class         April 2000
565
566
567  ( 0.9.2342.19200300.100.1.60
568    NAME 'jpegPhoto'
569    DESC 'a JPEG image'
570    SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
571  Note: The jpegPhoto attribute type was defined for use in the
572    Internet X.500 pilots but no referencable definition for it
573    could be located.
574
575  ( 2.16.840.1.113730.3.1.39
576    NAME 'preferredLanguage'
577    DESC 'preferred written or spoken language for a person'
578    EQUALITY caseIgnoreMatch
579    SUBSTR caseIgnoreSubstringsMatch
580    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
581    SINGLE-VALUE )
582
583  ( 2.16.840.1.113730.3.1.40
584    NAME 'userSMIMECertificate'
585    DESC 'signed message used to support S/MIME'
586    SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
587
588  ( 2.16.840.1.113730.3.1.216
589    NAME 'userPKCS12'
590    DESC 'PKCS #12 PFX PDU for exchange of personal identity information'
591    SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
592
5939.1.2.  Attribute types from RFC 2256
594
595   Note that the original definitions of these types can be found in
596   X.520.
597
598    ( 2.5.4.15
599      NAME 'businessCategory'
600      EQUALITY caseIgnoreMatch
601      SUBSTR caseIgnoreSubstringsMatch
602      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
603
604    ( 2.5.4.3
605      NAME 'cn'
606      SUP name )
607
608    ( 2.5.4.13
609      NAME 'description'
610      EQUALITY caseIgnoreMatch
611      SUBSTR caseIgnoreSubstringsMatch
612      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
613
614
615
616
617
618Smith                        Informational                     [Page 11]
619
620RFC 2798          The LDAP inetOrgPerson Object Class         April 2000
621
622
623    ( 2.5.4.27
624      NAME 'destinationIndicator'
625      EQUALITY caseIgnoreMatch
626      SUBSTR caseIgnoreSubstringsMatch
627      SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
628
629    ( 2.5.4.23
630      NAME 'facsimileTelephoneNumber'
631      SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
632
633    ( 2.5.4.42
634      NAME 'givenName'
635      SUP name )
636
637    ( 2.5.4.43
638      NAME 'initials'
639      SUP name )
640
641    ( 2.5.4.25
642      NAME 'internationaliSDNNumber'
643      EQUALITY numericStringMatch
644      SUBSTR numericStringSubstringsMatch
645      SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
646
647    ( 2.5.4.7
648      NAME 'l'
649      SUP name )
650
651    ( 2.5.4.0
652      NAME 'objectClass'
653      EQUALITY objectIdentifierMatch
654      SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
655
656    ( 2.5.4.10
657      NAME 'o'
658      SUP name )
659
660    ( 2.5.4.11
661      NAME 'ou'
662      SUP name )
663
664    ( 2.5.4.19
665      NAME 'physicalDeliveryOfficeName'
666      EQUALITY caseIgnoreMatch
667      SUBSTR caseIgnoreSubstringsMatch
668      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
669
670
671
672
673
674Smith                        Informational                     [Page 12]
675
676RFC 2798          The LDAP inetOrgPerson Object Class         April 2000
677
678
679    ( 2.5.4.18
680      NAME 'postOfficeBox'
681      EQUALITY caseIgnoreMatch
682      SUBSTR caseIgnoreSubstringsMatch
683      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
684
685    ( 2.5.4.16
686      NAME 'postalAddress'
687      EQUALITY caseIgnoreListMatch
688      SUBSTR caseIgnoreListSubstringsMatch
689      SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
690
691    ( 2.5.4.17
692      NAME 'postalCode'
693      EQUALITY caseIgnoreMatch
694      SUBSTR caseIgnoreSubstringsMatch
695      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
696
697    ( 2.5.4.28
698      NAME 'preferredDeliveryMethod'
699      SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
700      SINGLE-VALUE )
701
702    ( 2.5.4.26
703      NAME 'registeredAddress'
704      SUP postalAddress
705      SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
706
707    ( 2.5.4.34
708      NAME 'seeAlso'
709      SUP distinguishedName )
710
711    ( 2.5.4.4
712      NAME 'sn'
713      SUP name )
714
715    ( 2.5.4.8
716      NAME 'st'
717      SUP name )
718
719    ( 2.5.4.9
720      NAME 'street'
721      EQUALITY caseIgnoreMatch
722      SUBSTR caseIgnoreSubstringsMatch
723      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
724
725
726
727
728
729
730Smith                        Informational                     [Page 13]
731
732RFC 2798          The LDAP inetOrgPerson Object Class         April 2000
733
734
735    ( 2.5.4.20
736      NAME 'telephoneNumber'
737      EQUALITY telephoneNumberMatch
738      SUBSTR telephoneNumberSubstringsMatch
739      SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
740
741    ( 2.5.4.22
742      NAME 'teletexTerminalIdentifier'
743      SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
744
745    ( 2.5.4.21
746      NAME 'telexNumber'
747      SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
748
749    ( 2.5.4.12
750      NAME 'title'
751      SUP name )
752
753    ( 2.5.4.36
754      NAME 'userCertificate'
755      SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
756
757    ( 2.5.4.35
758      NAME 'userPassword'
759      EQUALITY octetStringMatch
760      SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
761
762    ( 2.5.4.24
763      NAME 'x121Address'
764      EQUALITY numericStringMatch
765      SUBSTR numericStringSubstringsMatch
766      SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
767
768    ( 2.5.4.45
769      NAME 'x500UniqueIdentifier'
770      EQUALITY bitStringMatch
771      SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
772
773   Some attribute types included in inetOrgPerson are derived from the
774   'name' and 'distinguishedName' attribute supertypes:
775
776    ( 2.5.4.41
777      NAME 'name'
778      EQUALITY caseIgnoreMatch
779      SUBSTR caseIgnoreSubstringsMatch
780      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
781
782
783
784
785
786Smith                        Informational                     [Page 14]
787
788RFC 2798          The LDAP inetOrgPerson Object Class         April 2000
789
790
791    ( 2.5.4.49
792      NAME 'distinguishedName'
793      EQUALITY distinguishedNameMatch
794      SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
795
7969.1.3.  Attribute types from RFC 1274
797
798    ( 0.9.2342.19200300.100.1.55
799      NAME 'audio'
800      EQUALITY octetStringMatch
801      SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{250000} )
802    Note: The syntax used here for the audio attribute type is Octet
803      String. RFC 1274 uses a syntax called audio which is not defined
804      in RFC 1274.
805
806    ( 0.9.2342.19200300.100.1.20
807      NAME 'homePhone'
808      EQUALITY telephoneNumberMatch
809      SUBSTR telephoneNumberSubstringsMatch
810      SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
811    Note: RFC 1274 uses the longer name 'homeTelephoneNumber'.
812
813    ( 0.9.2342.19200300.100.1.39
814      NAME 'homePostalAddress'
815      EQUALITY caseIgnoreListMatch
816      SUBSTR caseIgnoreListSubstringsMatch
817      SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
818
819    ( 0.9.2342.19200300.100.1.3
820      NAME 'mail'
821      EQUALITY caseIgnoreIA5Match
822      SUBSTR caseIgnoreIA5SubstringsMatch
823      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
824    Note: RFC 1274 uses the longer name 'rfc822Mailbox' and syntax OID
825      of 0.9.2342.19200300.100.3.5.  All recent LDAP documents and most
826      deployed LDAP implementations refer to this attribute as 'mail'
827      and define the IA5 String syntax using using the OID
828      1.3.6.1.4.1.1466.115.121.1.26, as is done here.
829
830    ( 0.9.2342.19200300.100.1.10
831      NAME 'manager'
832      EQUALITY distinguishedNameMatch
833      SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
834
835
836
837
838
839
840
841
842Smith                        Informational                     [Page 15]
843
844RFC 2798          The LDAP inetOrgPerson Object Class         April 2000
845
846
847    ( 0.9.2342.19200300.100.1.41
848      NAME 'mobile'
849      EQUALITY telephoneNumberMatch
850      SUBSTR telephoneNumberSubstringsMatch
851      SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
852    Note: RFC 1274 uses the longer name 'mobileTelephoneNumber'.
853
854    ( 0.9.2342.19200300.100.1.42
855      NAME 'pager'
856      EQUALITY telephoneNumberMatch
857      SUBSTR telephoneNumberSubstringsMatch
858      SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
859    Note: RFC 1274 uses the longer name 'pagerTelephoneNumber'.
860
861    ( 0.9.2342.19200300.100.1.7
862      NAME 'photo' )
863    Note: Photo attribute values are encoded in G3 fax format with an
864      ASN.1 wrapper. Please refer to RFC 1274 section 9.3.7 for
865      detailed syntax information for this attribute.
866
867    ( 0.9.2342.19200300.100.1.6
868      NAME 'roomNumber'
869      EQUALITY caseIgnoreMatch
870      SUBSTR caseIgnoreSubstringsMatch
871      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
872
873    ( 0.9.2342.19200300.100.1.21
874      NAME 'secretary'
875      EQUALITY distinguishedNameMatch
876      SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
877
878    ( 0.9.2342.19200300.100.1.1
879      NAME 'uid'
880      EQUALITY caseIgnoreMatch
881      SUBSTR caseIgnoreSubstringsMatch
882      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
883    Note: RFC 1274 uses the longer name 'userid'.
884
8859.1.4.  Attribute type from RFC 2079
886
887    ( 1.3.6.1.4.1.250.1.57
888      NAME 'labeledURI'
889      EQUALITY caseExactMatch
890      SUBSTR caseExactSubstringsMatch
891      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
892
893
894
895
896
897
898Smith                        Informational                     [Page 16]
899
900RFC 2798          The LDAP inetOrgPerson Object Class         April 2000
901
902
9039.2.  Syntaxes
904
9059.2.1.  Syntaxes from RFC 2252
906
907    ( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' )
908
909    ( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' )
910
911    ( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' )
912
913    ( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'DN' )
914
915    ( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'Directory String' )
916
917    ( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'Facsimile Telephone Number' )
918
919    ( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5 String' )
920
921    ( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' )
922
923    ( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' )
924
925    ( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' )
926
927    ( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' )
928
929    ( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' )
930
931    ( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'Telephone Number' )
932
9339.2.2.  Syntaxes from RFC 2256
934
935    ( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' )
936
937    ( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'Octet String' )
938
939    ( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'Teletex Terminal Identifier' )
940
941    ( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' )
942
9439.3.  Matching Rules
944
9459.3.1.  Matching rules from RFC 2252
946
947   Note that the original definition of many of these matching rules can
948   be found in X.520.
949
950
951
952
953
954Smith                        Informational                     [Page 17]
955
956RFC 2798          The LDAP inetOrgPerson Object Class         April 2000
957
958
959    ( 2.5.13.16 NAME 'bitStringMatch'
960      SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
961
962    ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match'
963      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
964
965    ( 2.5.13.11 NAME 'caseIgnoreListMatch'
966      SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
967
968    ( 2.5.13.2 NAME 'caseIgnoreMatch'
969      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
970
971    ( 2.5.13.1 NAME 'distinguishedNameMatch'
972      SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
973
974    ( 2.5.13.8 NAME 'numericStringMatch'
975      SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )
976
977    ( 2.5.13.0 NAME 'objectIdentifierMatch'
978      SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
979
980    ( 2.5.13.20 NAME 'telephoneNumberMatch'
981      SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
982
9839.3.2.  Matching rule from RFC 2256
984
985   Note that the original definition of this matching rule can be found
986   in X.520.
987
988    ( 2.5.13.17 NAME 'octetStringMatch'
989      SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
990
9919.3.3.  Additional matching rules from X.520
992
993   caseExactMatch
994
995       ( 2.5.13.5 NAME 'caseExactMatch'
996         SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
997
998   This rule determines whether a presented string exactly matches an
999   attribute value of syntax DirectoryString.  It is identical to
1000   caseIgnoreMatch except that case is not ignored.  Multiple adjoining
1001   whitespace characters are treated the same as an individual space,
1002   and leading and trailing whitespace is ignored.
1003
1004
1005
1006
1007
1008
1009
1010Smith                        Informational                     [Page 18]
1011
1012RFC 2798          The LDAP inetOrgPerson Object Class         April 2000
1013
1014
1015   caseExactSubstringsMatch
1016
1017       ( 2.5.13.7 NAME 'caseExactSubstringsMatch'
1018         SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
1019
1020   This rules determines whether the initial, any and final substring
1021   elements in a presented value are present in an attribute value of
1022   syntax DirectoryString.  It is identical to caseIgnoreSubstringsMatch
1023   except that case is not ignored.
1024
1025   caseIgnoreListSubstringsMatch
1026
1027       ( 2.5.13.12 NAME 'caseIgnoreListSubstringsMatch'
1028         SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
1029
1030   This rule compares a presented substring with an attribute value
1031   which is a sequence of DirectoryStrings, but where the case of
1032   letters is not significant for comparison purposes.  A presented
1033   value matches a stored value if and only if the presented value
1034   matches the string formed by concatenating the strings of the stored
1035   value.  Matching is done according to the caseIgnoreSubstringsMatch
1036   rule except that none of the initial, final, or any values of the
1037   presented value match a substring of the concatenated string which
1038   spans more than one of the strings of the stored value.
1039
10409.3.4.  Matching rules not defined in any referenced document
1041
1042   caseIgnoreIA5SubstringsMatch
1043
1044       ( 1.3.6.1.4.1.1466.109.114.3 NAME 'caseIgnoreIA5SubstringsMatch'
1045         SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
1046
1047   This rules determines whether the initial, any and final substring
1048   elements in a presented value are present in an attribute value of
1049   syntax IA5 String without regard to the case of the letters in the
1050   strings.  It is expected that this matching rule will be added to an
1051   update of RFC 2252.
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066Smith                        Informational                     [Page 19]
1067
1068RFC 2798          The LDAP inetOrgPerson Object Class         April 2000
1069
1070
107110.  Full Copyright Statement
1072
1073   Copyright (C) The Internet Society (2000).  All Rights Reserved.
1074
1075   This document and translations of it may be copied and furnished to
1076   others, and derivative works that comment on or otherwise explain it
1077   or assist in its implementation may be prepared, copied, published
1078   and distributed, in whole or in part, without restriction of any
1079   kind, provided that the above copyright notice and this paragraph are
1080   included on all such copies and derivative works.  However, this
1081   document itself may not be modified in any way, such as by removing
1082   the copyright notice or references to the Internet Society or other
1083   Internet organizations, except as needed for the purpose of
1084   developing Internet standards in which case the procedures for
1085   copyrights defined in the Internet Standards process must be
1086   followed, or as required to translate it into languages other than
1087   English.
1088
1089   The limited permissions granted above are perpetual and will not be
1090   revoked by the Internet Society or its successors or assigns.
1091
1092   This document and the information contained herein is provided on an
1093   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
1094   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
1095   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
1096   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
1097   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
1098
1099Acknowledgement
1100
1101   Funding for the RFC Editor function is currently provided by the
1102   Internet Society.
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122Smith                        Informational                     [Page 20]
1123
1124