datatracker.ietf.org
Sign in
Version 5.7.4, 2014-11-12
Report a bug

Lightweight Directory Access Protocol (v3)
RFC 2251

Document type: RFC - Proposed Standard (December 1997; No errata)
Updated by RFC 3377, RFC 3771
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Document shepherd: No shepherd assigned

IESG State: RFC 2251 (Proposed Standard)
Responsible AD: (None)
Send notices to: No addresses provided

Network Working Group                                            M. Wahl
Request for Comments: 2251                           Critical Angle Inc.
Category: Standards Track                                       T. Howes
                                           Netscape Communications Corp.
                                                                S. Kille
                                                           Isode Limited
                                                           December 1997

               Lightweight Directory Access Protocol (v3)

1. Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1997).  All Rights Reserved.

IESG Note

   This document describes a directory access protocol that provides
   both read and update access.  Update access requires secure
   authentication, but this document does not mandate implementation of
   any satisfactory authentication mechanisms.

   In accordance with RFC 2026, section 4.4.1, this specification is
   being approved by IESG as a Proposed Standard despite this
   limitation, for the following reasons:

   a. to encourage implementation and interoperability testing of
      these protocols (with or without update access) before they
      are deployed, and

   b. to encourage deployment and use of these protocols in read-only
      applications.  (e.g. applications where LDAPv3 is used as
      a query language for directories which are updated by some
      secure mechanism other than LDAP), and

   c. to avoid delaying the advancement and deployment of other Internet
      standards-track protocols which require the ability to query, but
      not update, LDAPv3 directory servers.

Wahl, et. al.               Standards Track                     [Page 1]
RFC 2251                         LDAPv3                    December 1997

   Readers are hereby warned that until mandatory authentication
   mechanisms are standardized, clients and servers written according to
   this specification which make use of update functionality are
   UNLIKELY TO INTEROPERATE, or MAY INTEROPERATE ONLY IF AUTHENTICATION
   IS REDUCED TO AN UNACCEPTABLY WEAK LEVEL.

   Implementors are hereby discouraged from deploying LDAPv3 clients or
   servers which implement the update functionality, until a Proposed
   Standard for mandatory authentication in LDAPv3 has been approved and
   published as an RFC.

Table of Contents

   1.  Status of this Memo ....................................  1
       Copyright Notice .......................................  1
       IESG Note ..............................................  1
   2.  Abstract ...............................................  3
   3.  Models .................................................  4
   3.1. Protocol Model ........................................  4
   3.2. Data Model ............................................  5
   3.2.1. Attributes of Entries ...............................  5
   3.2.2. Subschema Entries and Subentries ....................  7
   3.3. Relationship to X.500 .................................  8
   3.4. Server-specific Data Requirements .....................  8
   4.  Elements of Protocol ...................................  9
   4.1. Common Elements .......................................  9
   4.1.1. Message Envelope ....................................  9
   4.1.1.1. Message ID ........................................ 11
   4.1.2. String Types ........................................ 11
   4.1.3. Distinguished Name and Relative Distinguished Name .. 11
   4.1.4. Attribute Type ...................................... 12
   4.1.5. Attribute Description ............................... 13
   4.1.5.1. Binary Option ..................................... 14
   4.1.6. Attribute Value ..................................... 14
   4.1.7. Attribute Value Assertion ........................... 15
   4.1.8. Attribute ........................................... 15
   4.1.9. Matching Rule Identifier ............................ 15
   4.1.10. Result Message ..................................... 16
   4.1.11. Referral ........................................... 18
   4.1.12. Controls ........................................... 19
   4.2. Bind Operation ........................................ 20
   4.2.1. Sequencing of the Bind Request ...................... 21
   4.2.2. Authentication and Other Security Services .......... 22
   4.2.3. Bind Response ....................................... 23

[include full document text]