1
2
3
4
5
6
7Network Working Group K. Zeilenga, Ed.
8Request for Comments: 4524 OpenLDAP Foundation
9Obsoletes: 1274 June 2006
10Updates: 2247, 2798
11Category: Standards Track
12
13
14 COSINE LDAP/X.500 Schema
15
16Status of This Memo
17
18 This document specifies an Internet standards track protocol for the
19 Internet community, and requests discussion and suggestions for
20 improvements. Please refer to the current edition of the "Internet
21 Official Protocol Standards" (STD 1) for the standardization state
22 and status of this protocol. Distribution of this memo is unlimited.
23
24Copyright Notice
25
26 Copyright (C) The Internet Society (2006).
27
28Abstract
29
30 This document provides a collection of schema elements for use with
31 the Lightweight Directory Access Protocol (LDAP) from the COSINE and
32 Internet X.500 pilot projects.
33
34 This document obsoletes RFC 1274 and updates RFCs 2247 and 2798.
35
36Table of Contents
37
38 1. Introduction ....................................................3
39 1.1. Relationship to Other Documents ............................3
40 1.2. Terminology and Conventions ................................4
41 2. COSINE Attribute Types ..........................................4
42 2.1. associatedDomain ...........................................4
43 2.2. associatedName .............................................5
44 2.3. buildingName ...............................................5
45 2.4. co .........................................................5
46 2.5. documentAuthor .............................................6
47 2.6. documentIdentifier .........................................6
48 2.7. documentLocation ...........................................6
49 2.8. documentPublisher ..........................................7
50 2.9. documentTitle ..............................................7
51 2.10. documentVersion ...........................................7
52 2.11. drink .....................................................8
53 2.12. homePhone .................................................8
54 2.13. homePostalAddress .........................................8
55
56
57
58Zeilenga Standards Track [Page 1]
59�
60RFC 4524 COSINE LDAP/X.500 Schema June 2006
61
62
63 2.14. host ......................................................9
64 2.15. info ......................................................9
65 2.16. mail ......................................................9
66 2.17. manager ..................................................10
67 2.18. mobile ...................................................10
68 2.19. organizationalStatus .....................................11
69 2.20. pager ....................................................11
70 2.21. personalTitle ............................................11
71 2.22. roomNumber ...............................................12
72 2.23. secretary ................................................12
73 2.24. uniqueIdentifier .........................................12
74 2.25. userClass ................................................13
75 3. COSINE Object Classes ..........................................13
76 3.1. account ...................................................13
77 3.2. document ..................................................14
78 3.3. documentSeries ............................................14
79 3.4. domain ....................................................15
80 3.5. domainRelatedObject .......................................16
81 3.6. friendlyCountry ...........................................16
82 3.7. rFC822LocalPart ...........................................17
83 3.8. room ......................................................18
84 3.9. simpleSecurityObject ......................................18
85 4. Security Considerations ........................................18
86 5. IANA Considerations ............................................19
87 6. Acknowledgements ...............................................20
88 7. References .....................................................20
89 7.1. Normative References ......................................20
90 7.2. Informative References ....................................21
91 Appendix A. Changes since RFC 1274 ...............................23
92 A.1. LDAP Short Names .........................................23
93 A.2. pilotObject ..............................................23
94 A.3. pilotPerson ..............................................23
95 A.4. dNSDomain ................................................24
96 A.5. pilotDSA and qualityLabelledData .........................24
97 A.6. Attribute Syntaxes .......................................24
98 Appendix B. Changes since RFC 2247 ...............................24
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114Zeilenga Standards Track [Page 2]
115�
116RFC 4524 COSINE LDAP/X.500 Schema June 2006
117
118
1191. Introduction
120
121 In the late 1980s, X.500 Directory Services were standardized by the
122 CCITT (Commite' Consultatif International de Telegraphique et
123 Telephonique), now a part of the ITU (International Telephone Union).
124 This lead to Directory Service piloting activities in the early
125 1990s, including the COSINE (Co-operation and Open Systems
126 Interconnection in Europe) PARADISE Project pilot [COSINEpilot] in
127 Europe. Motivated by needs for large-scale directory pilots, RFC
128 1274 was published to standardize the directory schema and naming
129 architecture for use in the COSINE and other Internet X.500 pilots
130 [RFC1274].
131
132 In the years that followed, X.500 Directory Services have evolved to
133 incorporate new capabilities and even new protocols. In particular,
134 the Lightweight Directory Access Protocol (LDAP) [RFC4510] was
135 introduced in the early 1990s [RFC1487], with Version 3 of LDAP
136 introduced in the late 1990s [RFC2251] and subsequently revised in
137 2005 [RFC4510].
138
139 While much of the material in RFC 1274 has been superceded by
140 subsequently published ITU-T Recommendations and IETF RFCs, many of
141 the schema elements lack standardized schema descriptions for use in
142 modern X.500 and LDAP directory services despite the fact that these
143 schema elements are in wide use today. As the old schema
144 descriptions cannot be used without adaptation, interoperability
145 issues may arise due to lack of standardized modern schema
146 descriptions.
147
148 This document addresses these issues by offering standardized schema
149 descriptions, where needed, for widely used COSINE schema elements.
150
1511.1. Relationship to Other Documents
152
153 This document, together with [RFC4519] and [RFC4517], obsoletes RFC
154 1274 in its entirety. [RFC4519] replaces Sections 9.3.1 (Userid) and
155 9.3.21 (Domain Component) of RFC 1274. [RFC4517] replaces Section
156 9.4 (Generally useful syntaxes) of RFC 1274.
157
158 This document replaces the remainder of RFC 1274. Appendix A
159 discusses changes since RFC 1274, as well as why certain schema
160 elements were not brought forward in this revision of the COSINE
161 schema. All elements not brought are to be regarded as Historic.
162
163 The description of the 'domain' object class provided in this
164 document supercedes that found in RFC 2247. That is, Section 3.4 of
165 this document replaces Section 5.2 of [RFC2247].
166
167
168
169
170Zeilenga Standards Track [Page 3]
171�
172RFC 4524 COSINE LDAP/X.500 Schema June 2006
173
174
175 Some of the schema elements specified here were described in RFC 2798
176 (inetOrgPerson schema). This document supersedes these descriptions.
177 This document, together with [RFC4519], replaces Section 9.1.3 of RFC
178 2798.
179
1801.2. Terminology and Conventions
181
182 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
183 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
184 document are to be interpreted as described in BCP 14 [RFC2119].
185
186 DIT stands for Directory Information Tree.
187 DN stands for Distinguished Name.
188 DSA stands for Directory System Agent, a server.
189 DSE stands for DSA-Specific Entry.
190 DUA stands for Directory User Agent, a client.
191
192 These terms are discussed in [RFC4512].
193
194 Schema definitions are provided using LDAP description formats
195 [RFC4512]. Definitions provided here are formatted (line wrapped)
196 for readability.
197
1982. COSINE Attribute Types
199
200 This section details COSINE attribute types for use in LDAP.
201
2022.1. associatedDomain
203
204 The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181]
205 host names [RFC1123] that are associated with an object. That is,
206 values of this attribute should conform to the following ABNF:
207
208 domain = root / label *( DOT label )
209 root = SPACE
210 label = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ]
211 LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z"
212 SPACE = %x20 ; space (" ")
213 HYPHEN = %x2D ; hyphen ("-")
214 DOT = %x2E ; period (".")
215
216 For example, the entry in the DIT with a DN <DC=example,DC=com> might
217 have an associated domain of "example.com".
218
219 ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
220 EQUALITY caseIgnoreIA5Match
221 SUBSTR caseIgnoreIA5SubstringsMatch
222 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
223
224
225
226Zeilenga Standards Track [Page 4]
227�
228RFC 4524 COSINE LDAP/X.500 Schema June 2006
229
230
231 The IA5String (1.3.6.1.4.1.1466.115.121.1.26) syntax and the
232 'caseIgnoreIA5Match' and 'caseIgnoreIA5SubstringsMatch' rules are
233 described in [RFC4517].
234
235 Note that the directory will not ensure that values of this attribute
236 conform to the <domain> production provided above. It is the
237 application's responsibility to ensure that domains it stores in this
238 attribute are appropriately represented.
239
240 Also note that applications supporting Internationalized Domain Names
241 SHALL use the ToASCII method [RFC3490] to produce <label> components
242 of the <domain> production.
243
2442.2. associatedName
245
246 The 'associatedName' attribute specifies names of entries in the
247 organizational DIT associated with a DNS domain [RFC1034][RFC2181].
248
249 ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
250 EQUALITY distinguishedNameMatch
251 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
252
253 The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
254 'distinguishedNameMatch' rule are described in [RFC4517].
255
2562.3. buildingName
257
258 The 'buildingName' attribute specifies names of the buildings where
259 an organization or organizational unit is based, for example, "The
260 White House".
261
262 ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
263 EQUALITY caseIgnoreMatch
264 SUBSTR caseIgnoreSubstringsMatch
265 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
266
267 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
268 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
269 in [RFC4517].
270
2712.4. co
272
273 The 'co' (Friendly Country Name) attribute specifies names of
274 countries in human-readable format, for example, "Germany" and
275 "Federal Republic of Germany". It is commonly used in conjunction
276 with the 'c' (Country Name) [RFC4519] attribute (whose values are
277 restricted to the two-letter codes defined in [ISO3166]).
278
279
280
281
282Zeilenga Standards Track [Page 5]
283�
284RFC 4524 COSINE LDAP/X.500 Schema June 2006
285
286
287 ( 0.9.2342.19200300.100.1.43 NAME 'co'
288 EQUALITY caseIgnoreMatch
289 SUBSTR caseIgnoreSubstringsMatch
290 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
291
292 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
293 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
294 in [RFC4517].
295
2962.5. documentAuthor
297
298 The 'documentAuthor' attribute specifies the distinguished names of
299 authors (or editors) of a document. For example,
300
301 ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
302 EQUALITY distinguishedNameMatch
303 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
304
305 The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
306 'distinguishedNameMatch' rule are described in [RFC4517].
307
3082.6. documentIdentifier
309
310 The 'documentIdentifier' attribute specifies unique identifiers for a
311 document. A document may be identified by more than one unique
312 identifier. For example, RFC 3383 and BCP 64 are unique identifiers
313 that (presently) refer to the same document.
314
315 ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
316 EQUALITY caseIgnoreMatch
317 SUBSTR caseIgnoreSubstringsMatch
318 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
319
320 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
321 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
322 in [RFC4517].
323
3242.7. documentLocation
325
326 The 'documentLocation' attribute specifies locations of the document
327 original.
328
329 ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
330 EQUALITY caseIgnoreMatch
331 SUBSTR caseIgnoreSubstringsMatch
332 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
333
334
335
336
337
338Zeilenga Standards Track [Page 6]
339�
340RFC 4524 COSINE LDAP/X.500 Schema June 2006
341
342
343 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
344 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
345 in [RFC4517].
346
3472.8. documentPublisher
348
349 The 'documentPublisher' attribute is the persons and/or organizations
350 that published the document. Documents that are jointly published
351 have one value for each publisher.
352
353 ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
354 EQUALITY caseIgnoreMatch
355 SUBSTR caseIgnoreSubstringsMatch
356 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
357
358 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
359 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
360 in [RFC4517].
361
3622.9. documentTitle
363
364 The 'documentTitle' attribute specifies the titles of a document.
365 Multiple values are allowed to accommodate both long and short
366 titles, or other situations where a document has multiple titles, for
367 example, "The Lightweight Directory Access Protocol Technical
368 Specification" and "The LDAP Technical Specification".
369
370 ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
371 EQUALITY caseIgnoreMatch
372 SUBSTR caseIgnoreSubstringsMatch
373 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
374
375 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
376 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
377 in [RFC4517].
378
3792.10. documentVersion
380
381 The 'documentVersion' attribute specifies the version information of
382 a document.
383
384 ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
385 EQUALITY caseIgnoreMatch
386 SUBSTR caseIgnoreSubstringsMatch
387 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
388
389
390
391
392
393
394Zeilenga Standards Track [Page 7]
395�
396RFC 4524 COSINE LDAP/X.500 Schema June 2006
397
398
399 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
400 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
401 in [RFC4517].
402
4032.11. drink
404
405 The 'drink' (favoriteDrink) attribute specifies the favorite drinks
406 of an object (or person), for instance, "cola" and "beer".
407
408 ( 0.9.2342.19200300.100.1.5 NAME 'drink'
409 EQUALITY caseIgnoreMatch
410 SUBSTR caseIgnoreSubstringsMatch
411 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
412
413 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
414 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
415 in [RFC4517].
416
4172.12. homePhone
418
419 The 'homePhone' (Home Telephone Number) attribute specifies home
420 telephone numbers (e.g., "+1 775 555 1234") associated with a person.
421
422 ( 0.9.2342.19200300.100.1.20 NAME 'homePhone'
423 EQUALITY telephoneNumberMatch
424 SUBSTR telephoneNumberSubstringsMatch
425 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
426
427 The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and the
428 'telephoneNumberMatch' and 'telephoneNumberSubstringsMatch' rules are
429 described in [RFC4517].
430
4312.13. homePostalAddress
432
433 The 'homePostalAddress' attribute specifies home postal addresses for
434 an object. Each value should be limited to up to 6 directory strings
435 of 30 characters each. (Note: It is not intended that the directory
436 service enforce these limits.)
437
438 ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress'
439 EQUALITY caseIgnoreListMatch
440 SUBSTR caseIgnoreListSubstringsMatch
441 SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
442
443 The PostalAddress (1.3.6.1.4.1.1466.115.121.1.41) syntax and the
444 'caseIgnoreListMatch' and 'caseIgnoreListSubstringsMatch' rules are
445 described in [RFC4517].
446
447
448
449
450Zeilenga Standards Track [Page 8]
451�
452RFC 4524 COSINE LDAP/X.500 Schema June 2006
453
454
4552.14. host
456
457 The 'host' attribute specifies host computers, generally by their
458 primary fully qualified domain name (e.g., my-host.example.com).
459
460 ( 0.9.2342.19200300.100.1.9 NAME 'host'
461 EQUALITY caseIgnoreMatch
462 SUBSTR caseIgnoreSubstringsMatch
463 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
464
465 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
466 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
467 in [RFC4517].
468
4692.15. info
470
471 The 'info' attribute specifies any general information pertinent to
472 an object. This information is not necessarily descriptive of the
473 object.
474
475 Applications should not attach specific semantics to values of this
476 attribute. The 'description' attribute [RFC4519] is available for
477 specifying descriptive information pertinent to an object.
478
479 ( 0.9.2342.19200300.100.1.4 NAME 'info'
480 EQUALITY caseIgnoreMatch
481 SUBSTR caseIgnoreSubstringsMatch
482 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
483
484 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
485 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
486 in [RFC4517].
487
4882.16. mail
489
490 The 'mail' (rfc822mailbox) attribute type holds Internet mail
491 addresses in Mailbox [RFC2821] form (e.g., user@example.com).
492
493 ( 0.9.2342.19200300.100.1.3 NAME 'mail'
494 EQUALITY caseIgnoreIA5Match
495 SUBSTR caseIgnoreIA5SubstringsMatch
496 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
497
498 The IA5String (1.3.6.1.4.1.1466.115.121.1.26) syntax and the
499 'caseIgnoreIA5Match' and 'caseIgnoreIA5SubstringsMatch' rules are
500 described in [RFC4517].
501
502
503
504
505
506Zeilenga Standards Track [Page 9]
507�
508RFC 4524 COSINE LDAP/X.500 Schema June 2006
509
510
511 Note that the directory will not ensure that values of this attribute
512 conform to the <Mailbox> production [RFC2821]. It is the
513 application's responsibility to ensure that domains it stores in this
514 attribute are appropriately represented.
515
516 Additionally, the directory will compare values per the matching
517 rules named in the above attribute type description. As these rules
518 differ from rules that normally apply to <Mailbox> comparisons,
519 operational issues may arise. For example, the assertion
520 (mail=joe@example.com) will match "JOE@example.com" even though the
521 <local-parts> differ. Also, where a user has two <Mailbox>es whose
522 addresses differ only by case of the <local-part>, both cannot be
523 listed as values of the user's mail attribute (as they are considered
524 equal by the 'caseIgnoreIA5Match' rule).
525
526 Also note that applications supporting internationalized domain names
527 SHALL use the ToASCII method [RFC3490] to produce <sub-domain>
528 components of the <Mailbox> production.
529
5302.17. manager
531
532 The 'manager' attribute specifies managers, by distinguished name, of
533 the person (or entity).
534
535 ( 0.9.2342.19200300.100.1.10 NAME 'manager'
536 EQUALITY distinguishedNameMatch
537 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
538
539 The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
540 'distinguishedNameMatch' rule are described in [RFC4517].
541
5422.18. mobile
543
544 The 'mobile' (mobileTelephoneNumber) attribute specifies mobile
545 telephone numbers (e.g., "+1 775 555 6789") associated with a person
546 (or entity).
547
548 ( 0.9.2342.19200300.100.1.41 NAME 'mobile'
549 EQUALITY telephoneNumberMatch
550 SUBSTR telephoneNumberSubstringsMatch
551 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
552
553 The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and the
554 'telephoneNumberMatch' and 'telephoneNumberSubstringsMatch' rules are
555 described in [RFC4517].
556
557
558
559
560
561
562Zeilenga Standards Track [Page 10]
563�
564RFC 4524 COSINE LDAP/X.500 Schema June 2006
565
566
5672.19. organizationalStatus
568
569 The 'organizationalStatus' attribute specifies categories by which a
570 person is often referred to in an organization. Examples of usage in
571 academia might include "undergraduate student", "researcher",
572 "professor", and "staff". Multiple values are allowed where the
573 person is in multiple categories.
574
575 Directory administrators and application designers SHOULD consider
576 carefully the distinctions between this and the 'title' and
577 'userClass' attributes.
578
579 ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus'
580 EQUALITY caseIgnoreMatch
581 SUBSTR caseIgnoreSubstringsMatch
582 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
583
584 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
585 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
586 in [RFC4517].
587
5882.20. pager
589
590 The 'pager' (pagerTelephoneNumber) attribute specifies pager
591 telephone numbers (e.g., "+1 775 555 5555") for an object.
592
593 ( 0.9.2342.19200300.100.1.42 NAME 'pager'
594 EQUALITY telephoneNumberMatch
595 SUBSTR telephoneNumberSubstringsMatch
596 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
597
598 The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and the
599 'telephoneNumberMatch' and 'telephoneNumberSubstringsMatch' rules are
600 described in [RFC4517].
601
6022.21. personalTitle
603
604 The 'personalTitle' attribute specifies personal titles for a person.
605 Examples of personal titles are "Frau", "Dr.", "Herr", and
606 "Professor".
607
608 ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
609 EQUALITY caseIgnoreMatch
610 SUBSTR caseIgnoreSubstringsMatch
611 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
612
613
614
615
616
617
618Zeilenga Standards Track [Page 11]
619�
620RFC 4524 COSINE LDAP/X.500 Schema June 2006
621
622
623 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
624 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
625 in [RFC4517].
626
6272.22. roomNumber
628
629 The 'roomNumber' attribute specifies the room number of an object.
630 During periods of renumbering, or in other circumstances where a room
631 has multiple valid room numbers associated with it, multiple values
632 may be provided. Note that the 'cn' (commonName) attribute type
633 SHOULD be used for naming room objects.
634
635 ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber'
636 EQUALITY caseIgnoreMatch
637 SUBSTR caseIgnoreSubstringsMatch
638 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
639
640 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
641 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
642 in [RFC4517].
643
6442.23. secretary
645
646 The 'secretary' attribute specifies secretaries and/or administrative
647 assistants, by distinguished name.
648
649 ( 0.9.2342.19200300.100.1.21 NAME 'secretary'
650 EQUALITY distinguishedNameMatch
651 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
652
653 The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
654 'distinguishedNameMatch' rule are described in [RFC4517].
655
6562.24. uniqueIdentifier
657
658 The 'uniqueIdentifier' attribute specifies a unique identifier for an
659 object represented in the Directory. The domain within which the
660 identifier is unique and the exact semantics of the identifier are
661 for local definition. For a person, this might be an institution-
662 wide payroll number. For an organizational unit, it might be a
663 department code.
664
665 ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
666 EQUALITY caseIgnoreMatch
667 SUBSTR caseIgnoreSubstringsMatch
668 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
669
670
671
672
673
674Zeilenga Standards Track [Page 12]
675�
676RFC 4524 COSINE LDAP/X.500 Schema June 2006
677
678
679 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
680 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
681 in [RFC4517].
682
683 Note: X.520 also describes an attribute called 'uniqueIdentifier'
684 (2.5.4.45), which is called 'x500UniqueIdentifier' in LDAP
685 [RFC4519]. The attribute detailed here ought not be confused
686 with 'x500UniqueIdentifier'.
687
6882.25. userClass
689
690 The 'userClass' attribute specifies categories of computer or
691 application user. The semantics placed on this attribute are for
692 local interpretation. Examples of current usage of this attribute in
693 academia are "student", "staff", and "faculty". Note that the
694 'organizationalStatus' attribute type is now often preferred, as it
695 makes no distinction between persons as opposed to users.
696
697 ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
698 EQUALITY caseIgnoreMatch
699 SUBSTR caseIgnoreSubstringsMatch
700 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
701
702 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
703 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
704 in [RFC4517].
705
7063. COSINE Object Classes
707
708 This section details COSINE object classes for use in LDAP.
709
7103.1. account
711
712 The 'account' object class is used to define entries representing
713 computer accounts. The 'uid' attribute SHOULD be used for naming
714 entries of this object class.
715
716 ( 0.9.2342.19200300.100.4.5 NAME 'account'
717 SUP top STRUCTURAL
718 MUST uid
719 MAY ( description $ seeAlso $ l $ o $ ou $ host ) )
720
721 The 'top' object class is described in [RFC4512]. The 'description',
722 'seeAlso', 'l', 'o', 'ou', and 'uid' attribute types are described in
723 [RFC4519]. The 'host' attribute type is described in Section 2 of
724 this document.
725
726
727
728
729
730Zeilenga Standards Track [Page 13]
731�
732RFC 4524 COSINE LDAP/X.500 Schema June 2006
733
734
735 3.3. documentSeriesExample:
736
737 dn: uid=kdz,cn=Accounts,dc=Example,dc=COM
738 objectClass: account
739 uid: kdz
740 seeAlso: cn=Kurt D. Zeilenga,cn=Persons,dc=Example,dc=COM
741
7423.2. document
743
744 The 'document' object class is used to define entries that represent
745 documents.
746
747 ( 0.9.2342.19200300.100.4.6 NAME 'document'
748 SUP top STRUCTURAL
749 MUST documentIdentifier
750 MAY ( cn $ description $ seeAlso $ l $ o $ ou $
751 documentTitle $ documentVersion $ documentAuthor $
752 documentLocation $ documentPublisher ) )
753
754 The 'top' object class is described in [RFC4512]. The 'cn',
755 'description', 'seeAlso', 'l', 'o', and 'ou' attribute types are
756 described in [RFC4519]. The 'documentIdentifier', 'documentTitle',
757 'documentVersion', 'documentAuthor', 'documentLocation', and
758 'documentPublisher' attribute types are described in Section 2 of
759 this document.
760
761 Example:
762
763 dn: documentIdentifier=RFC 4524,cn=RFC,dc=Example,dc=COM
764 objectClass: document
765 documentIdentifier: RFC 4524
766 documentTitle: COSINE LDAP/X.500 Schema
767 documentAuthor: cn=Kurt D. Zeilenga,cn=Persons,dc=Example,dc=COM
768 documentLocation: http://www.rfc-editor.org/rfc/rfc4524.txt
769 documentPublisher: Internet Engineering Task Force
770 description: A collection of schema elements for use in LDAP
771 description: Obsoletes RFC 1274
772 seeAlso: documentIdentifier=RFC 4510,cn=RFC,dc=Example,dc=COM
773 seeAlso: documentIdentifier=RFC 1274,cn=RFC,dc=Example,dc=COM
774
7753.3. documentSeries
776
777 The 'documentSeries' object class is used to define an entry that
778 represents a series of documents (e.g., The Request For Comments
779 memos).
780
781
782
783
784
785
786Zeilenga Standards Track [Page 14]
787�
788RFC 4524 COSINE LDAP/X.500 Schema June 2006
789
790
791 ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries'
792 SUP top STRUCTURAL
793 MUST cn
794 MAY ( description $ l $ o $ ou $ seeAlso $
795 telephonenumber ) )
796
797 The 'top' object class is described in [RFC4512]. The 'description',
798 'l', 'o', 'ou', 'seeAlso', and 'telephoneNumber' attribute types are
799 described in [RFC4519].
800
801 Example:
802
803 dn: cn=RFC,dc=Example,dc=COM
804 objectClass: documentSeries
805 cn: Request for Comments
806 cn: RFC
807 description: a series of memos about the Internet
808
8093.4. domain
810
811 The 'domain' object class is used to define entries that represent
812 DNS domains for objects that are not organizations, organizational
813 units, or other kinds of objects more appropriately defined using an
814 object class specific to the kind of object being defined (e.g.,
815 'organization', 'organizationUnit').
816
817 The 'dc' attribute should be used for naming entries of the 'domain'
818 object class.
819
820 ( 0.9.2342.19200300.100.4.13 NAME 'domain'
821 SUP top STRUCTURAL
822 MUST dc
823 MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
824 x121Address $ registeredAddress $ destinationIndicator $
825 preferredDeliveryMethod $ telexNumber $
826 teletexTerminalIdentifier $ telephoneNumber $
827 internationaliSDNNumber $ facsimileTelephoneNumber $ street $
828 postOfficeBox $ postalCode $ postalAddress $
829 physicalDeliveryOfficeName $ st $ l $ description $ o $
830 associatedName ) )
831
832 The 'top' object class and the 'dc', 'userPassword', 'searchGuide',
833 'seeAlso', 'businessCategory', 'x121Address', 'registeredAddress',
834 'destinationIndicator', 'preferredDeliveryMethod', 'telexNumber',
835 'teletexTerminalIdentifier', 'telephoneNumber',
836 'internationaliSDNNumber', 'facsimileTelephoneNumber', 'street',
837 'postOfficeBox', 'postalCode', 'postalAddress',
838 'physicalDeliveryOfficeName', 'st', 'l', 'description', and 'o' types
839
840
841
842Zeilenga Standards Track [Page 15]
843�
844RFC 4524 COSINE LDAP/X.500 Schema June 2006
845
846
847 are described in [RFC4519]. The 'associatedName' attribute type is
848 described in Section 2 of this document.
849
850 Example:
851
852 dn: dc=com
853 objectClass: domain
854 dc: com
855 description: the .COM TLD
856
8573.5. domainRelatedObject
858
859 The 'domainRelatedObject' object class is used to define entries that
860 represent DNS domains that are "equivalent" to an X.500 domain, e.g.,
861 an organization or organizational unit.
862
863 ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
864 SUP top AUXILIARY
865 MUST associatedDomain )
866
867 The 'top' object class is described in [RFC4512]. The
868 'associatedDomain' attribute type is described in Section 2 of this
869 document.
870
871 Example:
872
873 dn: dc=example,dc=com
874 objectClass: organization
875 objectClass: dcObject
876 objectClass: domainRelatedObject
877 dc: example
878 associatedDomain: example.com
879 o: Example Organization
880
881 The 'organization' and 'dcObject' object classes and the 'dc' and 'o'
882 attribute types are described in [RFC4519].
883
8843.6. friendlyCountry
885
886 The 'friendlyCountry' object class is used to define entries
887 representing countries in the DIT. The object class is used to allow
888 friendlier naming of countries than that allowed by the object class
889 'country' [RFC4519].
890
891 ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry'
892 SUP country STRUCTURAL
893 MUST co )
894
895
896
897
898Zeilenga Standards Track [Page 16]
899�
900RFC 4524 COSINE LDAP/X.500 Schema June 2006
901
902
903 The 'country' object class is described in [RFC4519]. The 'co'
904 attribute type is described in Section 2 of this document.
905
906 Example:
907
908 dn: c=DE
909 objectClass: country
910 objectClass: friendlyCountry
911 c: DE
912 co: Deutschland
913 co: Germany
914 co: Federal Republic of Germany
915 co: FRG
916
917 The 'c' attribute type is described in [RFC4519].
918
9193.7. rFC822LocalPart
920
921 The 'rFC822LocalPart' object class is used to define entries that
922 represent the local part of Internet mail addresses [RFC2822]. This
923 treats the local part of the address as a 'domain' object.
924
925 ( 0.9.2342.19200300.100.4.14 NAME 'rFC822localPart'
926 SUP domain STRUCTURAL
927 MAY ( cn $ description $ destinationIndicator $
928 facsimileTelephoneNumber $ internationaliSDNNumber $
929 physicalDeliveryOfficeName $ postalAddress $ postalCode $
930 postOfficeBox $ preferredDeliveryMethod $ registeredAddress $
931 seeAlso $ sn $ street $ telephoneNumber $
932 teletexTerminalIdentifier $ telexNumber $ x121Address ) )
933
934 The 'domain' object class is described in Section 3.4 of this
935 document. The 'cn', 'description', 'destinationIndicator',
936 'facsimileTelephoneNumber', 'internationaliSDNNumber,
937 'physicalDeliveryOfficeName', 'postalAddress', 'postalCode',
938 'postOfficeBox', 'preferredDeliveryMethod', 'registeredAddress',
939 'seeAlso', 'sn, 'street', 'telephoneNumber',
940 'teletexTerminalIdentifier', 'telexNumber', and 'x121Address'
941 attribute types are described in [RFC4519].
942
943 Example:
944
945 dn: dc=kdz,dc=example,dc=com
946 objectClass: domain
947 objectClass: rFC822LocalPart
948 dc: kdz
949 associatedName: cn=Kurt D. Zeilenga,cn=Persons,dc=Example,dc=COM
950
951
952
953
954Zeilenga Standards Track [Page 17]
955�
956RFC 4524 COSINE LDAP/X.500 Schema June 2006
957
958
959 The 'dc' attribute type is described in [RFC4519].
960
9613.8. room
962
963 The 'room' object class is used to define entries representing rooms.
964 The 'cn' (commonName) attribute SHOULD be used for naming entries of
965 this object class.
966
967 ( 0.9.2342.19200300.100.4.7 NAME 'room'
968 SUP top STRUCTURAL
969 MUST cn
970 MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) )
971
972 The 'top' object class is described in [RFC4512]. The 'cn',
973 'description', 'seeAlso', and 'telephoneNumber' attribute types are
974 described in [RFC4519]. The 'roomNumber' attribute type is described
975 in Section 2 of this document.
976
977 dn: cn=conference room,dc=example,dc=com
978 objectClass: room
979 cn: conference room
980 telephoneNumber: +1 755 555 1111
981
9823.9. simpleSecurityObject
983
984 The 'simpleSecurityObject' object class is used to require an entry
985 to have a 'userPassword' attribute when the entry's structural object
986 class does not require (or allow) the 'userPassword attribute'.
987
988 ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
989 SUP top AUXILIARY
990 MUST userPassword )
991
992 The 'top' object class is described in [RFC4512]. The 'userPassword'
993 attribute type is described in [RFC4519].
994
995 dn: dc=kdz,dc=Example,dc=COM
996 objectClass: account
997 objectClass: simpleSecurityObject
998 uid: kdz
999 userPassword: My Password
1000 seeAlso: cn=Kurt D. Zeilenga,cn=Persons,dc=Example,dc=COM
1001
10024. Security Considerations
1003
1004 General LDAP security considerations [RFC4510] are applicable to the
1005 use of this schema. Additional considerations are noted above where
1006 appropriate.
1007
1008
1009
1010Zeilenga Standards Track [Page 18]
1011�
1012RFC 4524 COSINE LDAP/X.500 Schema June 2006
1013
1014
1015 Directories administrators should ensure that access to sensitive
1016 information be restricted to authorized entities and that appropriate
1017 data security services, including data integrity and data
1018 confidentiality, are used to protect against eavesdropping.
1019
1020 Simple authentication (e.g., plain text passwords) mechanisms should
1021 only be used when adequate data security services are in place. LDAP
1022 offers reasonably strong authentication and data security services
1023 [RFC4513].
1024
10255. IANA Considerations
1026
1027 The Internet Assigned Numbers Authority (IANA) has updated the LDAP
1028 descriptors registry [RFC4520] as indicated in the following
1029 template:
1030
1031 Subject: Request for LDAP Descriptor Registration Update
1032 Descriptor (short name): see comment
1033 Object Identifier: see comments
1034 Person & email address to contact for further information:
1035 Kurt Zeilenga <kurt@OpenLDAP.org>
1036 Usage: see comments
1037 Specification: RFC 4524
1038 Author/Change Controller: IESG
1039 Comments:
1040
1041 The following descriptors have been updated to refer to RFC 4524.
1042
1043 NAME Type OID
1044 ------------------------ ---- --------------------------
1045 account O 0.9.2342.19200300.100.4.5
1046 associatedDomain A 0.9.2342.19200300.100.1.37
1047 associatedName A 0.9.2342.19200300.100.1.38
1048 buildingName A 0.9.2342.19200300.100.1.48
1049 co A 0.9.2342.19200300.100.1.43
1050 document O 0.9.2342.19200300.100.4.6
1051 documentAuthor A 0.9.2342.19200300.100.1.14
1052 documentIdentifier A 0.9.2342.19200300.100.1.11
1053 documentLocation A 0.9.2342.19200300.100.1.15
1054 documentPublisher A 0.9.2342.19200300.100.1.56
1055 documentSeries O 0.9.2342.19200300.100.4.8
1056 documentTitle A 0.9.2342.19200300.100.1.12
1057 documentVersion A 0.9.2342.19200300.100.1.13
1058 domain O 0.9.2342.19200300.100.4.13
1059 domainRelatedObject O 0.9.2342.19200300.100.4.17
1060 drink A 0.9.2342.19200300.100.1.5
1061 favouriteDrink A* 0.9.2342.19200300.100.1.5
1062 friendlyCountry O 0.9.2342.19200300.100.4.18
1063
1064
1065
1066Zeilenga Standards Track [Page 19]
1067�
1068RFC 4524 COSINE LDAP/X.500 Schema June 2006
1069
1070
1071 friendlyCountryName A* 0.9.2342.19200300.100.1.43
1072 homePhone A 0.9.2342.19200300.100.1.20
1073 homePostalAddress A 0.9.2342.19200300.100.1.39
1074 homeTelephone A* 0.9.2342.19200300.100.1.20
1075 host A 0.9.2342.19200300.100.1.9
1076 info A 0.9.2342.19200300.100.1.4
1077 mail A 0.9.2342.19200300.100.1.3
1078 manager A 0.9.2342.19200300.100.1.10
1079 mobile A 0.9.2342.19200300.100.1.41
1080 mobileTelephoneNumber A* 0.9.2342.19200300.100.1.41
1081 organizationalStatus A 0.9.2342.19200300.100.1.45
1082 pager A 0.9.2342.19200300.100.1.42
1083 pagerTelephoneNumber A* 0.9.2342.19200300.100.1.42
1084 personalTitle A 0.9.2342.19200300.100.1.40
1085 rFC822LocalPart O 0.9.2342.19200300.100.4.14
1086 rfc822Mailbox A* 0.9.2342.19200300.100.1.3
1087 room O 0.9.2342.19200300.100.4.7
1088 roomNumber A 0.9.2342.19200300.100.1.6
1089 secretary A 0.9.2342.19200300.100.1.21
1090 simpleSecurityObject O 0.9.2342.19200300.100.4.19
1091 singleLevelQuality A 0.9.2342.19200300.100.1.50
1092 uniqueIdentifier A 0.9.2342.19200300.100.1.44
1093 userClass A 0.9.2342.19200300.100.1.8
1094
1095 where Type A is Attribute, Type O is ObjectClass, and *
1096 indicates that the registration is historic in nature.
1097
10986. Acknowledgements
1099
1100 This document is based on RFC 1274, by Paul Barker and Steve Kille,
1101 as well as on RFC 2247, by Steve Kill, Mark Wahl, Al Grimstad, Rick
1102 Huber, and Sri Satulari.
1103
11047. References
1105
11067.1. Normative References
1107
1108 [RFC1034] Mockapetris, P., "Domain names - concepts and
1109 facilities", STD 13, RFC 1034, November 1987.
1110
1111 [RFC1123] Braden, R., "Requirements for Internet Hosts -
1112 Application and Support", STD 3, RFC 1123, October
1113 1989.
1114
1115 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
1116 Requirement Levels", BCP 14, RFC 2119, March 1997.
1117
1118
1119
1120
1121
1122Zeilenga Standards Track [Page 20]
1123�
1124RFC 4524 COSINE LDAP/X.500 Schema June 2006
1125
1126
1127 [RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS
1128 Specification", RFC 2181, July 1997.
1129
1130 [RFC2247] Kille, S., Wahl, M., Grimstad, A., Huber, R., and S.
1131 Sataluri, "Using Domains in LDAP/X.500 Distinguished
1132 Names", RFC 2247, January 1998.
1133
1134 [RFC2821] Klensin, J., Ed., "Simple Mail Transfer Protocol", RFC
1135 2821, April 2001.
1136
1137 [RFC2822] Resnick, P., "Internet Message Format", RFC 2822, April
1138 2001.
1139
1140 [RFC3490] Faltstrom, P., Hoffman, P., and A. Costello,
1141 "Internationalizing Domain Names in Applications
1142 (IDNA)", RFC 3490, March 2003.
1143
1144 [RFC4510] Zeilenga, K., Ed., "Lightweight Directory Access
1145 Protocol (LDAP): Technical Specification Road Map", RFC
1146 4510, June 2006.
1147
1148 [RFC4512] Zeilenga, K., "Lightweight Directory Access Protocol
1149 (LDAP): Directory Information Models", RFC 4512, June
1150 2006.
1151
1152 [RFC4513] Harrison, R., "Lightweight Directory Access Protocol
1153 (LDAP): Authentication Methods and Security
1154 Mechanisms", RFC 4513, June 2006.
1155
1156 [RFC4517] Legg, S., Ed., "Lightweight Directory Access Protocol
1157 (LDAP): Syntaxes and Matching Rules", RC 4517, June
1158 2006.
1159
1160 [RFC4519] Sciberras, A., Ed., "Lightweight Directory Access
1161 Protocol (LDAP): Schema for User Applications", RFC
1162 4519, June 2006.
1163
1164 [X.501] International Telecommunication Union -
1165 Telecommunication Standardization Sector, "The
1166 Directory -- Models," X.501(1993) (also ISO/IEC 9594-
1167 2:1994).
1168
11697.2. Informative References
1170
1171 [COSINEpilot] Goodman, D., "PARADISE" section of the March 1991
1172 INTERNET MONTHLY REPORTS (p. 28-29),
1173 http://www.iana.org/periodic-reports/imr-mar91.txt
1174
1175
1176
1177
1178Zeilenga Standards Track [Page 21]
1179�
1180RFC 4524 COSINE LDAP/X.500 Schema June 2006
1181
1182
1183 [ISO3166] International Organization for Standardization, "Codes
1184 for the representation of names of countries", ISO
1185 3166.
1186
1187 [RFC1274] Barker, P. and S. Kille, "The COSINE and Internet X.500
1188 Schema", RFC 1274, November 1991.
1189
1190 [RFC1279] Hardcastle-Kille, S., "X.500 and Domains", RFC 1279,
1191 November 1991.
1192
1193 [RFC1487] Yeong, W., Howes, T., and S. Kille, "X.500 Lightweight
1194 Directory Access Protocol", RFC 1487, July 1993.
1195
1196 [RFC2251] Wahl, M., Howes, T., and S. Kille, "Lightweight
1197 Directory Access Protocol (v3)", RFC 2251, December
1198 1997.
1199
1200 [RFC2798] Smith, M., "Definition of the inetOrgPerson LDAP Object
1201 Class", RFC 2798, April 2000.
1202
1203 [RFC3494] Zeilenga, K., "Lightweight Directory Access Protocol
1204 version 2 (LDAPv2) to Historic Status", RFC 3494, March
1205 2003.
1206
1207 [RFC4520] Zeilenga, K., "Internet Assigned Numbers Authority
1208 (IANA) Considerations for the Lightweight Directory
1209 Access Protocol (LDAP)", BCP 64, RFC 4520.
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234Zeilenga Standards Track [Page 22]
1235�
1236RFC 4524 COSINE LDAP/X.500 Schema June 2006
1237
1238
1239Appendix A. Changes since RFC 1274
1240
1241 This document represents a substantial rewrite of RFC 1274. The
1242 following sections summarize the substantive changes.
1243
1244A.1. LDAP Short Names
1245
1246 A number of COSINE attribute types have short names in LDAP.
1247
1248 X.500 Name LDAP Short Name
1249 ------------- ---------------
1250 domainComponent dc
1251 favoriteDrink drink
1252 friendCountryName co
1253 homeTelephoneNumber homePhone
1254 mobileTelephoneNumber mobile
1255 pagerTelephoneNumber pager
1256 rfc822Mailbox mail
1257 userid uid
1258
1259 While the LDAP short names are generally used in LDAP, some
1260 implementations may (for legacy reasons [RFC3494]) recognize the
1261 attribute type by its X.500 name. Hence, the X.500 names have been
1262 reserved solely for this purpose.
1263
1264 Note: 'uid' and 'dc' are described in [RFC4519].
1265
1266A.2. pilotObject
1267
1268 The 'pilotObject' object class was not brought forward as its
1269 function is largely replaced by operational attributes introduced in
1270 X.500(93) [X.501] and version 3 of LDAP [RFC4512]. For instance, the
1271 function of the 'lastModifiedBy' and 'lastModifiedTime' attribute
1272 types is now served by the 'creatorsName', 'createTimestamp',
1273 'modifiersName', and 'modifyTimestamp' operational attributes
1274 [RFC4512].
1275
1276A.3. pilotPerson
1277
1278 The 'pilotPerson' object class was not brought forward as its
1279 function is largely replaced by the 'organizationalPerson' [RFC4512]
1280 object class and its subclasses, such as 'inetOrgPerson' [RFC2798].
1281
1282 Most of the related attribute types (e.g., 'mail', 'manager') were
1283 brought forward as they are used in other object classes.
1284
1285
1286
1287
1288
1289
1290Zeilenga Standards Track [Page 23]
1291�
1292RFC 4524 COSINE LDAP/X.500 Schema June 2006
1293
1294
1295A.4. dNSDomain
1296
1297 The 'dNSDomain' object class and related attribute types were not
1298 brought forward as its use is primarily experimental [RFC1279].
1299
1300A.5. pilotDSA and qualityLabelledData
1301
1302 The 'pilotDSA' and 'qualityLabelledData' object classes, as well as
1303 related attribute types, were not brought forward as its use is
1304 primarily experimental [QoS].
1305
1306A.6. Attribute Syntaxes
1307
1308 RFC 1274 defined and used caseIgnoreIA5StringSyntax attribute syntax.
1309 This has been replaced with the IA5String syntax and appropriate
1310 matching rules in 'mail' and 'associatedDomain'.
1311
1312 RFC 1274 restricted 'mail' to have non-zero length values. This
1313 restriction is not reflected in the IA5String syntax used in the
1314 definitions provided in this specification. However, as values are
1315 to conform to the <Mailbox> production, the 'mail' should not contain
1316 zero-length values. Unfortunately, the directory service will not
1317 enforce this restriction.
1318
1319Appendix B. Changes since RFC 2247
1320
1321 The 'domainNameForm' name form was not brought forward as
1322 specification of name forms used in LDAP is left to a future
1323 specification.
1324
1325Editor's Address
1326
1327 Kurt D. Zeilenga
1328 OpenLDAP Foundation
1329
1330 EMail: Kurt@OpenLDAP.org
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346Zeilenga Standards Track [Page 24]
1347�
1348RFC 4524 COSINE LDAP/X.500 Schema June 2006
1349
1350
1351Full Copyright Statement
1352
1353 Copyright (C) The Internet Society (2006).
1354
1355 This document is subject to the rights, licenses and restrictions
1356 contained in BCP 78, and except as set forth therein, the authors
1357 retain all their rights.
1358
1359 This document and the information contained herein are provided on an
1360 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
1361 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
1362 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
1363 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
1364 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
1365 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
1366
1367Intellectual Property
1368
1369 The IETF takes no position regarding the validity or scope of any
1370 Intellectual Property Rights or other rights that might be claimed to
1371 pertain to the implementation or use of the technology described in
1372 this document or the extent to which any license under such rights
1373 might or might not be available; nor does it represent that it has
1374 made any independent effort to identify any such rights. Information
1375 on the procedures with respect to rights in RFC documents can be
1376 found in BCP 78 and BCP 79.
1377
1378 Copies of IPR disclosures made to the IETF Secretariat and any
1379 assurances of licenses to be made available, or the result of an
1380 attempt made to obtain a general license or permission for the use of
1381 such proprietary rights by implementers or users of this
1382 specification can be obtained from the IETF on-line IPR repository at
1383 http://www.ietf.org/ipr.
1384
1385 The IETF invites any interested party to bring to its attention any
1386 copyrights, patents or patent applications, or other proprietary
1387 rights that may cover technology that may be required to implement
1388 this standard. Please address the information to the IETF at
1389 ietf-ipr@ietf.org.
1390
1391Acknowledgement
1392
1393 Funding for the RFC Editor function is provided by the IETF
1394 Administrative Support Activity (IASA).
1395
1396
1397
1398
1399
1400
1401
1402Zeilenga Standards Track [Page 25]
1403�
1404