1 2 3 4 5 6 7Network Working Group K. Zeilenga, Ed. 8Request for Comments: 4524 OpenLDAP Foundation 9Obsoletes: 1274 June 2006 10Updates: 2247, 2798 11Category: Standards Track 12 13 14 COSINE LDAP/X.500 Schema 15 16Status of This Memo 17 18 This document specifies an Internet standards track protocol for the 19 Internet community, and requests discussion and suggestions for 20 improvements. Please refer to the current edition of the "Internet 21 Official Protocol Standards" (STD 1) for the standardization state 22 and status of this protocol. Distribution of this memo is unlimited. 23 24Copyright Notice 25 26 Copyright (C) The Internet Society (2006). 27 28Abstract 29 30 This document provides a collection of schema elements for use with 31 the Lightweight Directory Access Protocol (LDAP) from the COSINE and 32 Internet X.500 pilot projects. 33 34 This document obsoletes RFC 1274 and updates RFCs 2247 and 2798. 35 36Table of Contents 37 38 1. Introduction ....................................................3 39 1.1. Relationship to Other Documents ............................3 40 1.2. Terminology and Conventions ................................4 41 2. COSINE Attribute Types ..........................................4 42 2.1. associatedDomain ...........................................4 43 2.2. associatedName .............................................5 44 2.3. buildingName ...............................................5 45 2.4. co .........................................................5 46 2.5. documentAuthor .............................................6 47 2.6. documentIdentifier .........................................6 48 2.7. documentLocation ...........................................6 49 2.8. documentPublisher ..........................................7 50 2.9. documentTitle ..............................................7 51 2.10. documentVersion ...........................................7 52 2.11. drink .....................................................8 53 2.12. homePhone .................................................8 54 2.13. homePostalAddress .........................................8 55 56 57 58Zeilenga Standards Track [Page 1] 59 60RFC 4524 COSINE LDAP/X.500 Schema June 2006 61 62 63 2.14. host ......................................................9 64 2.15. info ......................................................9 65 2.16. mail ......................................................9 66 2.17. manager ..................................................10 67 2.18. mobile ...................................................10 68 2.19. organizationalStatus .....................................11 69 2.20. pager ....................................................11 70 2.21. personalTitle ............................................11 71 2.22. roomNumber ...............................................12 72 2.23. secretary ................................................12 73 2.24. uniqueIdentifier .........................................12 74 2.25. userClass ................................................13 75 3. COSINE Object Classes ..........................................13 76 3.1. account ...................................................13 77 3.2. document ..................................................14 78 3.3. documentSeries ............................................14 79 3.4. domain ....................................................15 80 3.5. domainRelatedObject .......................................16 81 3.6. friendlyCountry ...........................................16 82 3.7. rFC822LocalPart ...........................................17 83 3.8. room ......................................................18 84 3.9. simpleSecurityObject ......................................18 85 4. Security Considerations ........................................18 86 5. IANA Considerations ............................................19 87 6. Acknowledgements ...............................................20 88 7. References .....................................................20 89 7.1. Normative References ......................................20 90 7.2. Informative References ....................................21 91 Appendix A. Changes since RFC 1274 ...............................23 92 A.1. LDAP Short Names .........................................23 93 A.2. pilotObject ..............................................23 94 A.3. pilotPerson ..............................................23 95 A.4. dNSDomain ................................................24 96 A.5. pilotDSA and qualityLabelledData .........................24 97 A.6. Attribute Syntaxes .......................................24 98 Appendix B. Changes since RFC 2247 ...............................24 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114Zeilenga Standards Track [Page 2] 115 116RFC 4524 COSINE LDAP/X.500 Schema June 2006 117 118 1191. Introduction 120 121 In the late 1980s, X.500 Directory Services were standardized by the 122 CCITT (Commite' Consultatif International de Telegraphique et 123 Telephonique), now a part of the ITU (International Telephone Union). 124 This lead to Directory Service piloting activities in the early 125 1990s, including the COSINE (Co-operation and Open Systems 126 Interconnection in Europe) PARADISE Project pilot [COSINEpilot] in 127 Europe. Motivated by needs for large-scale directory pilots, RFC 128 1274 was published to standardize the directory schema and naming 129 architecture for use in the COSINE and other Internet X.500 pilots 130 [RFC1274]. 131 132 In the years that followed, X.500 Directory Services have evolved to 133 incorporate new capabilities and even new protocols. In particular, 134 the Lightweight Directory Access Protocol (LDAP) [RFC4510] was 135 introduced in the early 1990s [RFC1487], with Version 3 of LDAP 136 introduced in the late 1990s [RFC2251] and subsequently revised in 137 2005 [RFC4510]. 138 139 While much of the material in RFC 1274 has been superceded by 140 subsequently published ITU-T Recommendations and IETF RFCs, many of 141 the schema elements lack standardized schema descriptions for use in 142 modern X.500 and LDAP directory services despite the fact that these 143 schema elements are in wide use today. As the old schema 144 descriptions cannot be used without adaptation, interoperability 145 issues may arise due to lack of standardized modern schema 146 descriptions. 147 148 This document addresses these issues by offering standardized schema 149 descriptions, where needed, for widely used COSINE schema elements. 150 1511.1. Relationship to Other Documents 152 153 This document, together with [RFC4519] and [RFC4517], obsoletes RFC 154 1274 in its entirety. [RFC4519] replaces Sections 9.3.1 (Userid) and 155 9.3.21 (Domain Component) of RFC 1274. [RFC4517] replaces Section 156 9.4 (Generally useful syntaxes) of RFC 1274. 157 158 This document replaces the remainder of RFC 1274. Appendix A 159 discusses changes since RFC 1274, as well as why certain schema 160 elements were not brought forward in this revision of the COSINE 161 schema. All elements not brought are to be regarded as Historic. 162 163 The description of the 'domain' object class provided in this 164 document supercedes that found in RFC 2247. That is, Section 3.4 of 165 this document replaces Section 5.2 of [RFC2247]. 166 167 168 169 170Zeilenga Standards Track [Page 3] 171 172RFC 4524 COSINE LDAP/X.500 Schema June 2006 173 174 175 Some of the schema elements specified here were described in RFC 2798 176 (inetOrgPerson schema). This document supersedes these descriptions. 177 This document, together with [RFC4519], replaces Section 9.1.3 of RFC 178 2798. 179 1801.2. Terminology and Conventions 181 182 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 183 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 184 document are to be interpreted as described in BCP 14 [RFC2119]. 185 186 DIT stands for Directory Information Tree. 187 DN stands for Distinguished Name. 188 DSA stands for Directory System Agent, a server. 189 DSE stands for DSA-Specific Entry. 190 DUA stands for Directory User Agent, a client. 191 192 These terms are discussed in [RFC4512]. 193 194 Schema definitions are provided using LDAP description formats 195 [RFC4512]. Definitions provided here are formatted (line wrapped) 196 for readability. 197 1982. COSINE Attribute Types 199 200 This section details COSINE attribute types for use in LDAP. 201 2022.1. associatedDomain 203 204 The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181] 205 host names [RFC1123] that are associated with an object. That is, 206 values of this attribute should conform to the following ABNF: 207 208 domain = root / label *( DOT label ) 209 root = SPACE 210 label = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ] 211 LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z" 212 SPACE = %x20 ; space (" ") 213 HYPHEN = %x2D ; hyphen ("-") 214 DOT = %x2E ; period (".") 215 216 For example, the entry in the DIT with a DN <DC=example,DC=com> might 217 have an associated domain of "example.com". 218 219 ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' 220 EQUALITY caseIgnoreIA5Match 221 SUBSTR caseIgnoreIA5SubstringsMatch 222 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 223 224 225 226Zeilenga Standards Track [Page 4] 227 228RFC 4524 COSINE LDAP/X.500 Schema June 2006 229 230 231 The IA5String (1.3.6.1.4.1.1466.115.121.1.26) syntax and the 232 'caseIgnoreIA5Match' and 'caseIgnoreIA5SubstringsMatch' rules are 233 described in [RFC4517]. 234 235 Note that the directory will not ensure that values of this attribute 236 conform to the <domain> production provided above. It is the 237 application's responsibility to ensure that domains it stores in this 238 attribute are appropriately represented. 239 240 Also note that applications supporting Internationalized Domain Names 241 SHALL use the ToASCII method [RFC3490] to produce <label> components 242 of the <domain> production. 243 2442.2. associatedName 245 246 The 'associatedName' attribute specifies names of entries in the 247 organizational DIT associated with a DNS domain [RFC1034][RFC2181]. 248 249 ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' 250 EQUALITY distinguishedNameMatch 251 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 252 253 The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the 254 'distinguishedNameMatch' rule are described in [RFC4517]. 255 2562.3. buildingName 257 258 The 'buildingName' attribute specifies names of the buildings where 259 an organization or organizational unit is based, for example, "The 260 White House". 261 262 ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' 263 EQUALITY caseIgnoreMatch 264 SUBSTR caseIgnoreSubstringsMatch 265 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 266 267 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the 268 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described 269 in [RFC4517]. 270 2712.4. co 272 273 The 'co' (Friendly Country Name) attribute specifies names of 274 countries in human-readable format, for example, "Germany" and 275 "Federal Republic of Germany". It is commonly used in conjunction 276 with the 'c' (Country Name) [RFC4519] attribute (whose values are 277 restricted to the two-letter codes defined in [ISO3166]). 278 279 280 281 282Zeilenga Standards Track [Page 5] 283 284RFC 4524 COSINE LDAP/X.500 Schema June 2006 285 286 287 ( 0.9.2342.19200300.100.1.43 NAME 'co' 288 EQUALITY caseIgnoreMatch 289 SUBSTR caseIgnoreSubstringsMatch 290 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 291 292 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the 293 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described 294 in [RFC4517]. 295 2962.5. documentAuthor 297 298 The 'documentAuthor' attribute specifies the distinguished names of 299 authors (or editors) of a document. For example, 300 301 ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' 302 EQUALITY distinguishedNameMatch 303 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 304 305 The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the 306 'distinguishedNameMatch' rule are described in [RFC4517]. 307 3082.6. documentIdentifier 309 310 The 'documentIdentifier' attribute specifies unique identifiers for a 311 document. A document may be identified by more than one unique 312 identifier. For example, RFC 3383 and BCP 64 are unique identifiers 313 that (presently) refer to the same document. 314 315 ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' 316 EQUALITY caseIgnoreMatch 317 SUBSTR caseIgnoreSubstringsMatch 318 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 319 320 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the 321 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described 322 in [RFC4517]. 323 3242.7. documentLocation 325 326 The 'documentLocation' attribute specifies locations of the document 327 original. 328 329 ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' 330 EQUALITY caseIgnoreMatch 331 SUBSTR caseIgnoreSubstringsMatch 332 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 333 334 335 336 337 338Zeilenga Standards Track [Page 6] 339 340RFC 4524 COSINE LDAP/X.500 Schema June 2006 341 342 343 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the 344 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described 345 in [RFC4517]. 346 3472.8. documentPublisher 348 349 The 'documentPublisher' attribute is the persons and/or organizations 350 that published the document. Documents that are jointly published 351 have one value for each publisher. 352 353 ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' 354 EQUALITY caseIgnoreMatch 355 SUBSTR caseIgnoreSubstringsMatch 356 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 357 358 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the 359 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described 360 in [RFC4517]. 361 3622.9. documentTitle 363 364 The 'documentTitle' attribute specifies the titles of a document. 365 Multiple values are allowed to accommodate both long and short 366 titles, or other situations where a document has multiple titles, for 367 example, "The Lightweight Directory Access Protocol Technical 368 Specification" and "The LDAP Technical Specification". 369 370 ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' 371 EQUALITY caseIgnoreMatch 372 SUBSTR caseIgnoreSubstringsMatch 373 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 374 375 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the 376 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described 377 in [RFC4517]. 378 3792.10. documentVersion 380 381 The 'documentVersion' attribute specifies the version information of 382 a document. 383 384 ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' 385 EQUALITY caseIgnoreMatch 386 SUBSTR caseIgnoreSubstringsMatch 387 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 388 389 390 391 392 393 394Zeilenga Standards Track [Page 7] 395 396RFC 4524 COSINE LDAP/X.500 Schema June 2006 397 398 399 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the 400 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described 401 in [RFC4517]. 402 4032.11. drink 404 405 The 'drink' (favoriteDrink) attribute specifies the favorite drinks 406 of an object (or person), for instance, "cola" and "beer". 407 408 ( 0.9.2342.19200300.100.1.5 NAME 'drink' 409 EQUALITY caseIgnoreMatch 410 SUBSTR caseIgnoreSubstringsMatch 411 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 412 413 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the 414 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described 415 in [RFC4517]. 416 4172.12. homePhone 418 419 The 'homePhone' (Home Telephone Number) attribute specifies home 420 telephone numbers (e.g., "+1 775 555 1234") associated with a person. 421 422 ( 0.9.2342.19200300.100.1.20 NAME 'homePhone' 423 EQUALITY telephoneNumberMatch 424 SUBSTR telephoneNumberSubstringsMatch 425 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) 426 427 The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and the 428 'telephoneNumberMatch' and 'telephoneNumberSubstringsMatch' rules are 429 described in [RFC4517]. 430 4312.13. homePostalAddress 432 433 The 'homePostalAddress' attribute specifies home postal addresses for 434 an object. Each value should be limited to up to 6 directory strings 435 of 30 characters each. (Note: It is not intended that the directory 436 service enforce these limits.) 437 438 ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' 439 EQUALITY caseIgnoreListMatch 440 SUBSTR caseIgnoreListSubstringsMatch 441 SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) 442 443 The PostalAddress (1.3.6.1.4.1.1466.115.121.1.41) syntax and the 444 'caseIgnoreListMatch' and 'caseIgnoreListSubstringsMatch' rules are 445 described in [RFC4517]. 446 447 448 449 450Zeilenga Standards Track [Page 8] 451 452RFC 4524 COSINE LDAP/X.500 Schema June 2006 453 454 4552.14. host 456 457 The 'host' attribute specifies host computers, generally by their 458 primary fully qualified domain name (e.g., my-host.example.com). 459 460 ( 0.9.2342.19200300.100.1.9 NAME 'host' 461 EQUALITY caseIgnoreMatch 462 SUBSTR caseIgnoreSubstringsMatch 463 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 464 465 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the 466 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described 467 in [RFC4517]. 468 4692.15. info 470 471 The 'info' attribute specifies any general information pertinent to 472 an object. This information is not necessarily descriptive of the 473 object. 474 475 Applications should not attach specific semantics to values of this 476 attribute. The 'description' attribute [RFC4519] is available for 477 specifying descriptive information pertinent to an object. 478 479 ( 0.9.2342.19200300.100.1.4 NAME 'info' 480 EQUALITY caseIgnoreMatch 481 SUBSTR caseIgnoreSubstringsMatch 482 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) 483 484 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the 485 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described 486 in [RFC4517]. 487 4882.16. mail 489 490 The 'mail' (rfc822mailbox) attribute type holds Internet mail 491 addresses in Mailbox [RFC2821] form (e.g., user@example.com). 492 493 ( 0.9.2342.19200300.100.1.3 NAME 'mail' 494 EQUALITY caseIgnoreIA5Match 495 SUBSTR caseIgnoreIA5SubstringsMatch 496 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) 497 498 The IA5String (1.3.6.1.4.1.1466.115.121.1.26) syntax and the 499 'caseIgnoreIA5Match' and 'caseIgnoreIA5SubstringsMatch' rules are 500 described in [RFC4517]. 501 502 503 504 505 506Zeilenga Standards Track [Page 9] 507 508RFC 4524 COSINE LDAP/X.500 Schema June 2006 509 510 511 Note that the directory will not ensure that values of this attribute 512 conform to the <Mailbox> production [RFC2821]. It is the 513 application's responsibility to ensure that domains it stores in this 514 attribute are appropriately represented. 515 516 Additionally, the directory will compare values per the matching 517 rules named in the above attribute type description. As these rules 518 differ from rules that normally apply to <Mailbox> comparisons, 519 operational issues may arise. For example, the assertion 520 (mail=joe@example.com) will match "JOE@example.com" even though the 521 <local-parts> differ. Also, where a user has two <Mailbox>es whose 522 addresses differ only by case of the <local-part>, both cannot be 523 listed as values of the user's mail attribute (as they are considered 524 equal by the 'caseIgnoreIA5Match' rule). 525 526 Also note that applications supporting internationalized domain names 527 SHALL use the ToASCII method [RFC3490] to produce <sub-domain> 528 components of the <Mailbox> production. 529 5302.17. manager 531 532 The 'manager' attribute specifies managers, by distinguished name, of 533 the person (or entity). 534 535 ( 0.9.2342.19200300.100.1.10 NAME 'manager' 536 EQUALITY distinguishedNameMatch 537 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 538 539 The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the 540 'distinguishedNameMatch' rule are described in [RFC4517]. 541 5422.18. mobile 543 544 The 'mobile' (mobileTelephoneNumber) attribute specifies mobile 545 telephone numbers (e.g., "+1 775 555 6789") associated with a person 546 (or entity). 547 548 ( 0.9.2342.19200300.100.1.41 NAME 'mobile' 549 EQUALITY telephoneNumberMatch 550 SUBSTR telephoneNumberSubstringsMatch 551 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) 552 553 The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and the 554 'telephoneNumberMatch' and 'telephoneNumberSubstringsMatch' rules are 555 described in [RFC4517]. 556 557 558 559 560 561 562Zeilenga Standards Track [Page 10] 563 564RFC 4524 COSINE LDAP/X.500 Schema June 2006 565 566 5672.19. organizationalStatus 568 569 The 'organizationalStatus' attribute specifies categories by which a 570 person is often referred to in an organization. Examples of usage in 571 academia might include "undergraduate student", "researcher", 572 "professor", and "staff". Multiple values are allowed where the 573 person is in multiple categories. 574 575 Directory administrators and application designers SHOULD consider 576 carefully the distinctions between this and the 'title' and 577 'userClass' attributes. 578 579 ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus' 580 EQUALITY caseIgnoreMatch 581 SUBSTR caseIgnoreSubstringsMatch 582 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 583 584 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the 585 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described 586 in [RFC4517]. 587 5882.20. pager 589 590 The 'pager' (pagerTelephoneNumber) attribute specifies pager 591 telephone numbers (e.g., "+1 775 555 5555") for an object. 592 593 ( 0.9.2342.19200300.100.1.42 NAME 'pager' 594 EQUALITY telephoneNumberMatch 595 SUBSTR telephoneNumberSubstringsMatch 596 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) 597 598 The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and the 599 'telephoneNumberMatch' and 'telephoneNumberSubstringsMatch' rules are 600 described in [RFC4517]. 601 6022.21. personalTitle 603 604 The 'personalTitle' attribute specifies personal titles for a person. 605 Examples of personal titles are "Frau", "Dr.", "Herr", and 606 "Professor". 607 608 ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' 609 EQUALITY caseIgnoreMatch 610 SUBSTR caseIgnoreSubstringsMatch 611 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 612 613 614 615 616 617 618Zeilenga Standards Track [Page 11] 619 620RFC 4524 COSINE LDAP/X.500 Schema June 2006 621 622 623 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the 624 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described 625 in [RFC4517]. 626 6272.22. roomNumber 628 629 The 'roomNumber' attribute specifies the room number of an object. 630 During periods of renumbering, or in other circumstances where a room 631 has multiple valid room numbers associated with it, multiple values 632 may be provided. Note that the 'cn' (commonName) attribute type 633 SHOULD be used for naming room objects. 634 635 ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' 636 EQUALITY caseIgnoreMatch 637 SUBSTR caseIgnoreSubstringsMatch 638 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 639 640 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the 641 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described 642 in [RFC4517]. 643 6442.23. secretary 645 646 The 'secretary' attribute specifies secretaries and/or administrative 647 assistants, by distinguished name. 648 649 ( 0.9.2342.19200300.100.1.21 NAME 'secretary' 650 EQUALITY distinguishedNameMatch 651 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 652 653 The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the 654 'distinguishedNameMatch' rule are described in [RFC4517]. 655 6562.24. uniqueIdentifier 657 658 The 'uniqueIdentifier' attribute specifies a unique identifier for an 659 object represented in the Directory. The domain within which the 660 identifier is unique and the exact semantics of the identifier are 661 for local definition. For a person, this might be an institution- 662 wide payroll number. For an organizational unit, it might be a 663 department code. 664 665 ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' 666 EQUALITY caseIgnoreMatch 667 SUBSTR caseIgnoreSubstringsMatch 668 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 669 670 671 672 673 674Zeilenga Standards Track [Page 12] 675 676RFC 4524 COSINE LDAP/X.500 Schema June 2006 677 678 679 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the 680 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described 681 in [RFC4517]. 682 683 Note: X.520 also describes an attribute called 'uniqueIdentifier' 684 (2.5.4.45), which is called 'x500UniqueIdentifier' in LDAP 685 [RFC4519]. The attribute detailed here ought not be confused 686 with 'x500UniqueIdentifier'. 687 6882.25. userClass 689 690 The 'userClass' attribute specifies categories of computer or 691 application user. The semantics placed on this attribute are for 692 local interpretation. Examples of current usage of this attribute in 693 academia are "student", "staff", and "faculty". Note that the 694 'organizationalStatus' attribute type is now often preferred, as it 695 makes no distinction between persons as opposed to users. 696 697 ( 0.9.2342.19200300.100.1.8 NAME 'userClass' 698 EQUALITY caseIgnoreMatch 699 SUBSTR caseIgnoreSubstringsMatch 700 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 701 702 The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the 703 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described 704 in [RFC4517]. 705 7063. COSINE Object Classes 707 708 This section details COSINE object classes for use in LDAP. 709 7103.1. account 711 712 The 'account' object class is used to define entries representing 713 computer accounts. The 'uid' attribute SHOULD be used for naming 714 entries of this object class. 715 716 ( 0.9.2342.19200300.100.4.5 NAME 'account' 717 SUP top STRUCTURAL 718 MUST uid 719 MAY ( description $ seeAlso $ l $ o $ ou $ host ) ) 720 721 The 'top' object class is described in [RFC4512]. The 'description', 722 'seeAlso', 'l', 'o', 'ou', and 'uid' attribute types are described in 723 [RFC4519]. The 'host' attribute type is described in Section 2 of 724 this document. 725 726 727 728 729 730Zeilenga Standards Track [Page 13] 731 732RFC 4524 COSINE LDAP/X.500 Schema June 2006 733 734 735 3.3. documentSeriesExample: 736 737 dn: uid=kdz,cn=Accounts,dc=Example,dc=COM 738 objectClass: account 739 uid: kdz 740 seeAlso: cn=Kurt D. Zeilenga,cn=Persons,dc=Example,dc=COM 741 7423.2. document 743 744 The 'document' object class is used to define entries that represent 745 documents. 746 747 ( 0.9.2342.19200300.100.4.6 NAME 'document' 748 SUP top STRUCTURAL 749 MUST documentIdentifier 750 MAY ( cn $ description $ seeAlso $ l $ o $ ou $ 751 documentTitle $ documentVersion $ documentAuthor $ 752 documentLocation $ documentPublisher ) ) 753 754 The 'top' object class is described in [RFC4512]. The 'cn', 755 'description', 'seeAlso', 'l', 'o', and 'ou' attribute types are 756 described in [RFC4519]. The 'documentIdentifier', 'documentTitle', 757 'documentVersion', 'documentAuthor', 'documentLocation', and 758 'documentPublisher' attribute types are described in Section 2 of 759 this document. 760 761 Example: 762 763 dn: documentIdentifier=RFC 4524,cn=RFC,dc=Example,dc=COM 764 objectClass: document 765 documentIdentifier: RFC 4524 766 documentTitle: COSINE LDAP/X.500 Schema 767 documentAuthor: cn=Kurt D. Zeilenga,cn=Persons,dc=Example,dc=COM 768 documentLocation: http://www.rfc-editor.org/rfc/rfc4524.txt 769 documentPublisher: Internet Engineering Task Force 770 description: A collection of schema elements for use in LDAP 771 description: Obsoletes RFC 1274 772 seeAlso: documentIdentifier=RFC 4510,cn=RFC,dc=Example,dc=COM 773 seeAlso: documentIdentifier=RFC 1274,cn=RFC,dc=Example,dc=COM 774 7753.3. documentSeries 776 777 The 'documentSeries' object class is used to define an entry that 778 represents a series of documents (e.g., The Request For Comments 779 memos). 780 781 782 783 784 785 786Zeilenga Standards Track [Page 14] 787 788RFC 4524 COSINE LDAP/X.500 Schema June 2006 789 790 791 ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' 792 SUP top STRUCTURAL 793 MUST cn 794 MAY ( description $ l $ o $ ou $ seeAlso $ 795 telephonenumber ) ) 796 797 The 'top' object class is described in [RFC4512]. The 'description', 798 'l', 'o', 'ou', 'seeAlso', and 'telephoneNumber' attribute types are 799 described in [RFC4519]. 800 801 Example: 802 803 dn: cn=RFC,dc=Example,dc=COM 804 objectClass: documentSeries 805 cn: Request for Comments 806 cn: RFC 807 description: a series of memos about the Internet 808 8093.4. domain 810 811 The 'domain' object class is used to define entries that represent 812 DNS domains for objects that are not organizations, organizational 813 units, or other kinds of objects more appropriately defined using an 814 object class specific to the kind of object being defined (e.g., 815 'organization', 'organizationUnit'). 816 817 The 'dc' attribute should be used for naming entries of the 'domain' 818 object class. 819 820 ( 0.9.2342.19200300.100.4.13 NAME 'domain' 821 SUP top STRUCTURAL 822 MUST dc 823 MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ 824 x121Address $ registeredAddress $ destinationIndicator $ 825 preferredDeliveryMethod $ telexNumber $ 826 teletexTerminalIdentifier $ telephoneNumber $ 827 internationaliSDNNumber $ facsimileTelephoneNumber $ street $ 828 postOfficeBox $ postalCode $ postalAddress $ 829 physicalDeliveryOfficeName $ st $ l $ description $ o $ 830 associatedName ) ) 831 832 The 'top' object class and the 'dc', 'userPassword', 'searchGuide', 833 'seeAlso', 'businessCategory', 'x121Address', 'registeredAddress', 834 'destinationIndicator', 'preferredDeliveryMethod', 'telexNumber', 835 'teletexTerminalIdentifier', 'telephoneNumber', 836 'internationaliSDNNumber', 'facsimileTelephoneNumber', 'street', 837 'postOfficeBox', 'postalCode', 'postalAddress', 838 'physicalDeliveryOfficeName', 'st', 'l', 'description', and 'o' types 839 840 841 842Zeilenga Standards Track [Page 15] 843 844RFC 4524 COSINE LDAP/X.500 Schema June 2006 845 846 847 are described in [RFC4519]. The 'associatedName' attribute type is 848 described in Section 2 of this document. 849 850 Example: 851 852 dn: dc=com 853 objectClass: domain 854 dc: com 855 description: the .COM TLD 856 8573.5. domainRelatedObject 858 859 The 'domainRelatedObject' object class is used to define entries that 860 represent DNS domains that are "equivalent" to an X.500 domain, e.g., 861 an organization or organizational unit. 862 863 ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' 864 SUP top AUXILIARY 865 MUST associatedDomain ) 866 867 The 'top' object class is described in [RFC4512]. The 868 'associatedDomain' attribute type is described in Section 2 of this 869 document. 870 871 Example: 872 873 dn: dc=example,dc=com 874 objectClass: organization 875 objectClass: dcObject 876 objectClass: domainRelatedObject 877 dc: example 878 associatedDomain: example.com 879 o: Example Organization 880 881 The 'organization' and 'dcObject' object classes and the 'dc' and 'o' 882 attribute types are described in [RFC4519]. 883 8843.6. friendlyCountry 885 886 The 'friendlyCountry' object class is used to define entries 887 representing countries in the DIT. The object class is used to allow 888 friendlier naming of countries than that allowed by the object class 889 'country' [RFC4519]. 890 891 ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' 892 SUP country STRUCTURAL 893 MUST co ) 894 895 896 897 898Zeilenga Standards Track [Page 16] 899 900RFC 4524 COSINE LDAP/X.500 Schema June 2006 901 902 903 The 'country' object class is described in [RFC4519]. The 'co' 904 attribute type is described in Section 2 of this document. 905 906 Example: 907 908 dn: c=DE 909 objectClass: country 910 objectClass: friendlyCountry 911 c: DE 912 co: Deutschland 913 co: Germany 914 co: Federal Republic of Germany 915 co: FRG 916 917 The 'c' attribute type is described in [RFC4519]. 918 9193.7. rFC822LocalPart 920 921 The 'rFC822LocalPart' object class is used to define entries that 922 represent the local part of Internet mail addresses [RFC2822]. This 923 treats the local part of the address as a 'domain' object. 924 925 ( 0.9.2342.19200300.100.4.14 NAME 'rFC822localPart' 926 SUP domain STRUCTURAL 927 MAY ( cn $ description $ destinationIndicator $ 928 facsimileTelephoneNumber $ internationaliSDNNumber $ 929 physicalDeliveryOfficeName $ postalAddress $ postalCode $ 930 postOfficeBox $ preferredDeliveryMethod $ registeredAddress $ 931 seeAlso $ sn $ street $ telephoneNumber $ 932 teletexTerminalIdentifier $ telexNumber $ x121Address ) ) 933 934 The 'domain' object class is described in Section 3.4 of this 935 document. The 'cn', 'description', 'destinationIndicator', 936 'facsimileTelephoneNumber', 'internationaliSDNNumber, 937 'physicalDeliveryOfficeName', 'postalAddress', 'postalCode', 938 'postOfficeBox', 'preferredDeliveryMethod', 'registeredAddress', 939 'seeAlso', 'sn, 'street', 'telephoneNumber', 940 'teletexTerminalIdentifier', 'telexNumber', and 'x121Address' 941 attribute types are described in [RFC4519]. 942 943 Example: 944 945 dn: dc=kdz,dc=example,dc=com 946 objectClass: domain 947 objectClass: rFC822LocalPart 948 dc: kdz 949 associatedName: cn=Kurt D. Zeilenga,cn=Persons,dc=Example,dc=COM 950 951 952 953 954Zeilenga Standards Track [Page 17] 955 956RFC 4524 COSINE LDAP/X.500 Schema June 2006 957 958 959 The 'dc' attribute type is described in [RFC4519]. 960 9613.8. room 962 963 The 'room' object class is used to define entries representing rooms. 964 The 'cn' (commonName) attribute SHOULD be used for naming entries of 965 this object class. 966 967 ( 0.9.2342.19200300.100.4.7 NAME 'room' 968 SUP top STRUCTURAL 969 MUST cn 970 MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) ) 971 972 The 'top' object class is described in [RFC4512]. The 'cn', 973 'description', 'seeAlso', and 'telephoneNumber' attribute types are 974 described in [RFC4519]. The 'roomNumber' attribute type is described 975 in Section 2 of this document. 976 977 dn: cn=conference room,dc=example,dc=com 978 objectClass: room 979 cn: conference room 980 telephoneNumber: +1 755 555 1111 981 9823.9. simpleSecurityObject 983 984 The 'simpleSecurityObject' object class is used to require an entry 985 to have a 'userPassword' attribute when the entry's structural object 986 class does not require (or allow) the 'userPassword attribute'. 987 988 ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' 989 SUP top AUXILIARY 990 MUST userPassword ) 991 992 The 'top' object class is described in [RFC4512]. The 'userPassword' 993 attribute type is described in [RFC4519]. 994 995 dn: dc=kdz,dc=Example,dc=COM 996 objectClass: account 997 objectClass: simpleSecurityObject 998 uid: kdz 999 userPassword: My Password 1000 seeAlso: cn=Kurt D. Zeilenga,cn=Persons,dc=Example,dc=COM 1001 10024. Security Considerations 1003 1004 General LDAP security considerations [RFC4510] are applicable to the 1005 use of this schema. Additional considerations are noted above where 1006 appropriate. 1007 1008 1009 1010Zeilenga Standards Track [Page 18] 1011 1012RFC 4524 COSINE LDAP/X.500 Schema June 2006 1013 1014 1015 Directories administrators should ensure that access to sensitive 1016 information be restricted to authorized entities and that appropriate 1017 data security services, including data integrity and data 1018 confidentiality, are used to protect against eavesdropping. 1019 1020 Simple authentication (e.g., plain text passwords) mechanisms should 1021 only be used when adequate data security services are in place. LDAP 1022 offers reasonably strong authentication and data security services 1023 [RFC4513]. 1024 10255. IANA Considerations 1026 1027 The Internet Assigned Numbers Authority (IANA) has updated the LDAP 1028 descriptors registry [RFC4520] as indicated in the following 1029 template: 1030 1031 Subject: Request for LDAP Descriptor Registration Update 1032 Descriptor (short name): see comment 1033 Object Identifier: see comments 1034 Person & email address to contact for further information: 1035 Kurt Zeilenga <kurt@OpenLDAP.org> 1036 Usage: see comments 1037 Specification: RFC 4524 1038 Author/Change Controller: IESG 1039 Comments: 1040 1041 The following descriptors have been updated to refer to RFC 4524. 1042 1043 NAME Type OID 1044 ------------------------ ---- -------------------------- 1045 account O 0.9.2342.19200300.100.4.5 1046 associatedDomain A 0.9.2342.19200300.100.1.37 1047 associatedName A 0.9.2342.19200300.100.1.38 1048 buildingName A 0.9.2342.19200300.100.1.48 1049 co A 0.9.2342.19200300.100.1.43 1050 document O 0.9.2342.19200300.100.4.6 1051 documentAuthor A 0.9.2342.19200300.100.1.14 1052 documentIdentifier A 0.9.2342.19200300.100.1.11 1053 documentLocation A 0.9.2342.19200300.100.1.15 1054 documentPublisher A 0.9.2342.19200300.100.1.56 1055 documentSeries O 0.9.2342.19200300.100.4.8 1056 documentTitle A 0.9.2342.19200300.100.1.12 1057 documentVersion A 0.9.2342.19200300.100.1.13 1058 domain O 0.9.2342.19200300.100.4.13 1059 domainRelatedObject O 0.9.2342.19200300.100.4.17 1060 drink A 0.9.2342.19200300.100.1.5 1061 favouriteDrink A* 0.9.2342.19200300.100.1.5 1062 friendlyCountry O 0.9.2342.19200300.100.4.18 1063 1064 1065 1066Zeilenga Standards Track [Page 19] 1067 1068RFC 4524 COSINE LDAP/X.500 Schema June 2006 1069 1070 1071 friendlyCountryName A* 0.9.2342.19200300.100.1.43 1072 homePhone A 0.9.2342.19200300.100.1.20 1073 homePostalAddress A 0.9.2342.19200300.100.1.39 1074 homeTelephone A* 0.9.2342.19200300.100.1.20 1075 host A 0.9.2342.19200300.100.1.9 1076 info A 0.9.2342.19200300.100.1.4 1077 mail A 0.9.2342.19200300.100.1.3 1078 manager A 0.9.2342.19200300.100.1.10 1079 mobile A 0.9.2342.19200300.100.1.41 1080 mobileTelephoneNumber A* 0.9.2342.19200300.100.1.41 1081 organizationalStatus A 0.9.2342.19200300.100.1.45 1082 pager A 0.9.2342.19200300.100.1.42 1083 pagerTelephoneNumber A* 0.9.2342.19200300.100.1.42 1084 personalTitle A 0.9.2342.19200300.100.1.40 1085 rFC822LocalPart O 0.9.2342.19200300.100.4.14 1086 rfc822Mailbox A* 0.9.2342.19200300.100.1.3 1087 room O 0.9.2342.19200300.100.4.7 1088 roomNumber A 0.9.2342.19200300.100.1.6 1089 secretary A 0.9.2342.19200300.100.1.21 1090 simpleSecurityObject O 0.9.2342.19200300.100.4.19 1091 singleLevelQuality A 0.9.2342.19200300.100.1.50 1092 uniqueIdentifier A 0.9.2342.19200300.100.1.44 1093 userClass A 0.9.2342.19200300.100.1.8 1094 1095 where Type A is Attribute, Type O is ObjectClass, and * 1096 indicates that the registration is historic in nature. 1097 10986. Acknowledgements 1099 1100 This document is based on RFC 1274, by Paul Barker and Steve Kille, 1101 as well as on RFC 2247, by Steve Kill, Mark Wahl, Al Grimstad, Rick 1102 Huber, and Sri Satulari. 1103 11047. References 1105 11067.1. Normative References 1107 1108 [RFC1034] Mockapetris, P., "Domain names - concepts and 1109 facilities", STD 13, RFC 1034, November 1987. 1110 1111 [RFC1123] Braden, R., "Requirements for Internet Hosts - 1112 Application and Support", STD 3, RFC 1123, October 1113 1989. 1114 1115 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1116 Requirement Levels", BCP 14, RFC 2119, March 1997. 1117 1118 1119 1120 1121 1122Zeilenga Standards Track [Page 20] 1123 1124RFC 4524 COSINE LDAP/X.500 Schema June 2006 1125 1126 1127 [RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS 1128 Specification", RFC 2181, July 1997. 1129 1130 [RFC2247] Kille, S., Wahl, M., Grimstad, A., Huber, R., and S. 1131 Sataluri, "Using Domains in LDAP/X.500 Distinguished 1132 Names", RFC 2247, January 1998. 1133 1134 [RFC2821] Klensin, J., Ed., "Simple Mail Transfer Protocol", RFC 1135 2821, April 2001. 1136 1137 [RFC2822] Resnick, P., "Internet Message Format", RFC 2822, April 1138 2001. 1139 1140 [RFC3490] Faltstrom, P., Hoffman, P., and A. Costello, 1141 "Internationalizing Domain Names in Applications 1142 (IDNA)", RFC 3490, March 2003. 1143 1144 [RFC4510] Zeilenga, K., Ed., "Lightweight Directory Access 1145 Protocol (LDAP): Technical Specification Road Map", RFC 1146 4510, June 2006. 1147 1148 [RFC4512] Zeilenga, K., "Lightweight Directory Access Protocol 1149 (LDAP): Directory Information Models", RFC 4512, June 1150 2006. 1151 1152 [RFC4513] Harrison, R., "Lightweight Directory Access Protocol 1153 (LDAP): Authentication Methods and Security 1154 Mechanisms", RFC 4513, June 2006. 1155 1156 [RFC4517] Legg, S., Ed., "Lightweight Directory Access Protocol 1157 (LDAP): Syntaxes and Matching Rules", RC 4517, June 1158 2006. 1159 1160 [RFC4519] Sciberras, A., Ed., "Lightweight Directory Access 1161 Protocol (LDAP): Schema for User Applications", RFC 1162 4519, June 2006. 1163 1164 [X.501] International Telecommunication Union - 1165 Telecommunication Standardization Sector, "The 1166 Directory -- Models," X.501(1993) (also ISO/IEC 9594- 1167 2:1994). 1168 11697.2. Informative References 1170 1171 [COSINEpilot] Goodman, D., "PARADISE" section of the March 1991 1172 INTERNET MONTHLY REPORTS (p. 28-29), 1173 http://www.iana.org/periodic-reports/imr-mar91.txt 1174 1175 1176 1177 1178Zeilenga Standards Track [Page 21] 1179 1180RFC 4524 COSINE LDAP/X.500 Schema June 2006 1181 1182 1183 [ISO3166] International Organization for Standardization, "Codes 1184 for the representation of names of countries", ISO 1185 3166. 1186 1187 [RFC1274] Barker, P. and S. Kille, "The COSINE and Internet X.500 1188 Schema", RFC 1274, November 1991. 1189 1190 [RFC1279] Hardcastle-Kille, S., "X.500 and Domains", RFC 1279, 1191 November 1991. 1192 1193 [RFC1487] Yeong, W., Howes, T., and S. Kille, "X.500 Lightweight 1194 Directory Access Protocol", RFC 1487, July 1993. 1195 1196 [RFC2251] Wahl, M., Howes, T., and S. Kille, "Lightweight 1197 Directory Access Protocol (v3)", RFC 2251, December 1198 1997. 1199 1200 [RFC2798] Smith, M., "Definition of the inetOrgPerson LDAP Object 1201 Class", RFC 2798, April 2000. 1202 1203 [RFC3494] Zeilenga, K., "Lightweight Directory Access Protocol 1204 version 2 (LDAPv2) to Historic Status", RFC 3494, March 1205 2003. 1206 1207 [RFC4520] Zeilenga, K., "Internet Assigned Numbers Authority 1208 (IANA) Considerations for the Lightweight Directory 1209 Access Protocol (LDAP)", BCP 64, RFC 4520. 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234Zeilenga Standards Track [Page 22] 1235 1236RFC 4524 COSINE LDAP/X.500 Schema June 2006 1237 1238 1239Appendix A. Changes since RFC 1274 1240 1241 This document represents a substantial rewrite of RFC 1274. The 1242 following sections summarize the substantive changes. 1243 1244A.1. LDAP Short Names 1245 1246 A number of COSINE attribute types have short names in LDAP. 1247 1248 X.500 Name LDAP Short Name 1249 ------------- --------------- 1250 domainComponent dc 1251 favoriteDrink drink 1252 friendCountryName co 1253 homeTelephoneNumber homePhone 1254 mobileTelephoneNumber mobile 1255 pagerTelephoneNumber pager 1256 rfc822Mailbox mail 1257 userid uid 1258 1259 While the LDAP short names are generally used in LDAP, some 1260 implementations may (for legacy reasons [RFC3494]) recognize the 1261 attribute type by its X.500 name. Hence, the X.500 names have been 1262 reserved solely for this purpose. 1263 1264 Note: 'uid' and 'dc' are described in [RFC4519]. 1265 1266A.2. pilotObject 1267 1268 The 'pilotObject' object class was not brought forward as its 1269 function is largely replaced by operational attributes introduced in 1270 X.500(93) [X.501] and version 3 of LDAP [RFC4512]. For instance, the 1271 function of the 'lastModifiedBy' and 'lastModifiedTime' attribute 1272 types is now served by the 'creatorsName', 'createTimestamp', 1273 'modifiersName', and 'modifyTimestamp' operational attributes 1274 [RFC4512]. 1275 1276A.3. pilotPerson 1277 1278 The 'pilotPerson' object class was not brought forward as its 1279 function is largely replaced by the 'organizationalPerson' [RFC4512] 1280 object class and its subclasses, such as 'inetOrgPerson' [RFC2798]. 1281 1282 Most of the related attribute types (e.g., 'mail', 'manager') were 1283 brought forward as they are used in other object classes. 1284 1285 1286 1287 1288 1289 1290Zeilenga Standards Track [Page 23] 1291 1292RFC 4524 COSINE LDAP/X.500 Schema June 2006 1293 1294 1295A.4. dNSDomain 1296 1297 The 'dNSDomain' object class and related attribute types were not 1298 brought forward as its use is primarily experimental [RFC1279]. 1299 1300A.5. pilotDSA and qualityLabelledData 1301 1302 The 'pilotDSA' and 'qualityLabelledData' object classes, as well as 1303 related attribute types, were not brought forward as its use is 1304 primarily experimental [QoS]. 1305 1306A.6. Attribute Syntaxes 1307 1308 RFC 1274 defined and used caseIgnoreIA5StringSyntax attribute syntax. 1309 This has been replaced with the IA5String syntax and appropriate 1310 matching rules in 'mail' and 'associatedDomain'. 1311 1312 RFC 1274 restricted 'mail' to have non-zero length values. This 1313 restriction is not reflected in the IA5String syntax used in the 1314 definitions provided in this specification. However, as values are 1315 to conform to the <Mailbox> production, the 'mail' should not contain 1316 zero-length values. Unfortunately, the directory service will not 1317 enforce this restriction. 1318 1319Appendix B. Changes since RFC 2247 1320 1321 The 'domainNameForm' name form was not brought forward as 1322 specification of name forms used in LDAP is left to a future 1323 specification. 1324 1325Editor's Address 1326 1327 Kurt D. Zeilenga 1328 OpenLDAP Foundation 1329 1330 EMail: Kurt@OpenLDAP.org 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346Zeilenga Standards Track [Page 24] 1347 1348RFC 4524 COSINE LDAP/X.500 Schema June 2006 1349 1350 1351Full Copyright Statement 1352 1353 Copyright (C) The Internet Society (2006). 1354 1355 This document is subject to the rights, licenses and restrictions 1356 contained in BCP 78, and except as set forth therein, the authors 1357 retain all their rights. 1358 1359 This document and the information contained herein are provided on an 1360 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 1361 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 1362 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 1363 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 1364 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 1365 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1366 1367Intellectual Property 1368 1369 The IETF takes no position regarding the validity or scope of any 1370 Intellectual Property Rights or other rights that might be claimed to 1371 pertain to the implementation or use of the technology described in 1372 this document or the extent to which any license under such rights 1373 might or might not be available; nor does it represent that it has 1374 made any independent effort to identify any such rights. Information 1375 on the procedures with respect to rights in RFC documents can be 1376 found in BCP 78 and BCP 79. 1377 1378 Copies of IPR disclosures made to the IETF Secretariat and any 1379 assurances of licenses to be made available, or the result of an 1380 attempt made to obtain a general license or permission for the use of 1381 such proprietary rights by implementers or users of this 1382 specification can be obtained from the IETF on-line IPR repository at 1383 http://www.ietf.org/ipr. 1384 1385 The IETF invites any interested party to bring to its attention any 1386 copyrights, patents or patent applications, or other proprietary 1387 rights that may cover technology that may be required to implement 1388 this standard. Please address the information to the IETF at 1389 ietf-ipr@ietf.org. 1390 1391Acknowledgement 1392 1393 Funding for the RFC Editor function is provided by the IETF 1394 Administrative Support Activity (IASA). 1395 1396 1397 1398 1399 1400 1401 1402Zeilenga Standards Track [Page 25] 1403 1404