INTERNET-DRAFT                           Editor:  Kurt D. Zeilenga
Intended Category: Standard Track                 OpenLDAP Foundation
Expires in six months                             24 October 2004
Obsoletes: RFC 1274
Updates: RFC 2798

                     LDAP: Additional Schema Elements
                 <draft-zeilenga-ldap-user-schema-07.txt>

Status of this Memo

  This document is intended to be, after appropriate review and
  revision, submitted to the RFC Editor as a Standard Track document.
  Distribution of this memo is unlimited.  Technical discussion of this
  document will take place on the IETF LDAPEXT mailing list
  <ldapext@ietf.org>.  Please send editorial comments directly to the
  author <Kurt@OpenLDAP.org>.

  By submitting this Internet-Draft, I accept the provisions of Section
  4 of RFC 3667.  By submitting this Internet-Draft, I certify that any
  applicable patent or other IPR claims of which I am aware have been
  disclosed, or will be disclosed, and any of which I become aware will
  be disclosed, in accordance with RFC 3668.

  Internet-Drafts are working documents of the Internet Engineering Task
  Force (IETF), its areas, and its working groups. Note that other
  groups may also distribute working documents as Internet-Drafts.

  Internet-Drafts are draft documents valid for a maximum of six months
  and may be updated, replaced, or obsoleted by other documents at any
  time. It is inappropriate to use Internet-Drafts as reference material
  or to cite them other than as "work in progress."

  The list of current Internet-Drafts can be accessed at
  <http://www.ietf.org/ietf/1id-abstracts.txt>.  The list of
  Internet-Draft Shadow Directories can be accessed at
  <http://www.ietf.org/shadow.html>.

  Copyright (C) The Internet Society (2004).  All Rights Reserved.

  Please see the Full Copyright section near the end of this document
  for more information.

Abstract


Zeilenga           draft-zeilenga-ldap-user-schema-07           [Page 1]


INTERNET-DRAFT      LDAP: Additional Schema Elements   27 September 2004

  This document provides a collection of schema elements for use with
  the Lightweight Directory Access Protocol from COSINE and Internet
  X.500 pilot projects.

Table of Contents (to be expanded by editor)

  Status of this Memo                                  1
  Abstract
  Conventions                                          2
  Table of Contents
  1.     Background and Intended Use                   3
  2.     Terminology and Conventions
  3.     Attribute Types
  3.1.     associatedDomain
  3.2.     associatedName
  3.3.     buildingName
  3.3.     co                                          8
  3.5.     documentAuthor
  3.6.     documentIdentifier
  3.7.     documentLocation
  3.8.     documentPublisher                           9
  3.9.     documentTitle
  3.10.    documentVersion
  3.11.    drink
  3.12.    homePhone                                  10
  3.13.    homePostalAddress
  3.14.    host
  3.16.    info
  3.17.    mail                                       11
  3.18.    manager
  3.19.    mobile
  3.20.    organizationalStatus
  3.21.    pager
  3.22.    personalTitle
  3.23.    roomNumber
  3.24.    secretary                                  13
  3.26.    uniqueIdentifier
  3.27.    userClass                                  14
  4.     Object Classes
  4.1.     account
  4.2.     document
  4.3.     documentSeries                             15
  4.4.     domainRelatedObject
  4.5.     friendlyCountry
  4.6.     rFC822LocalPart
  4.7.     room                                       16
  4.8.     simpleSecurityObject


Zeilenga           draft-zeilenga-ldap-user-schema-07           [Page 2]


INTERNET-DRAFT      LDAP: Additional Schema Elements   27 September 2004

  5.     Security Considerations
  6.     IANA Considerations                          17
  7.     Acknowledgments                              18
  8.     Author's Address
  9.     References                                   19
  Full Copyright                                      20

1. Background and Intended Use

  This document provides descriptions of additional for schema elements
  for use with the Lightweight Directory Access Protocol (LDAP)
  [Roadmap].  The elements were originally introduced for use in the
  COSINE and Internet X.500 pilot projects [RFC1274].  This document
  adapts the schema elements for use in modern directory applications,
  while preserving established syntaxes and semantics.

  This document, together with RFC 2247 and [Schema], obsoletes RFC
  1274.  Some of these items were described in the inetOrgPerson
  [RFC2798] schema.  This document supersedes these descriptions.  This
  document, together with [Schema], replaces section 9.1.3 of RFC 2798.

2. Terminology and Conventions

  The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
  "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
  document are to be interpreted as described in BCP 14 [RFC2119].

  DIT stands for Directory Information Tree.
  DN stands for Distinguished Name.
  DSA stands for Directory System Agent, a server.
  DSE stands for DSA-Specific Entry.
  DUA stands for Directory User Agent, a client.

  These terms are discussed in [Models].

  Schema definitions are provided using LDAP description formats
  [Models].  Definitions provided here are formatted (line wrapped) for
  readability.

3. Attribute Types

  This section details attribute types for use in LDAP.

3.1. associatedDomain


Zeilenga           draft-zeilenga-ldap-user-schema-07           [Page 3]


INTERNET-DRAFT      LDAP: Additional Schema Elements   27 September 2004

  The associatedDomain attribute type specifies DNS domains [RFC1034]
  which are associated with an object.  For example, the entry in the
  DIT with a DN <DC=example,DC=com> might have an associated domain of
  "example.com".

      ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
        EQUALITY caseIgnoreIA5Match
        SUBSTR caseIgnoreIA5SubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

  The IA5String (1.3.6.1.4.1.1466.115.121.1.26) syntax and the
  caseIgnoreIA5Match and caseIgnoreIA5SubstringsMatch rules are
  described in [Syntaxes].

  It is noted that the directory will not ensure that values of this
  attribute conform to the <domain> production [RFC1034].  It is the
  application responsibility to ensure domains it stores in this
  attribute are appropriately represented.

  It is also noted that applications supporting Internationalized Domain
  Names SHALL use the ToASCII method [RFC3490] to produce <label>
  components of the <domain> production.

3.2. associatedName

  The associatedName attribute type specifies entries in the
  organizational DIT associated with a DNS domain [RFC1034].

      ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
        EQUALITY distinguishedNameMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )

  The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
  distinguishedNameMatch rule are described in [Syntaxes].

3.3.  buildingName

  The buildingName attribute type specifies names of the buildings where
  an organization or organizational unit is based.

      ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the


Zeilenga           draft-zeilenga-ldap-user-schema-07           [Page 4]


INTERNET-DRAFT      LDAP: Additional Schema Elements   27 September 2004

  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
  [Syntaxes].

3.3. co

  The co (Friendly Country Name) attribute type specifies names of
  countries in human-readable format.  It is commonly used in
  conjunction with the c (Country Name) [Schema] attribute type (which
  restricted to one of the two-letter codes defined in [ISO3166]).

      ( 0.9.2342.19200300.100.1.43
        NAME ( 'co' 'friendlyCountryName' )
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
  [Syntaxes].

3.5. documentAuthor

  The documentAuthor attribute type specifies the distinguished name of
  authors (or editors) of a document.

      ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
        EQUALITY distinguishedNameMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )

  The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
  distinguishedNameMatch rule are described in [Syntaxes].

3.6. documentIdentifier

  The documentIdentifier attribute type specifies unique identifiers for
  a document.  A document may be identified by more than one unique
  identifier.  For example, "RFC 3383" and "BCP 64" are unique
  identifers which refer to the same document.

      ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the


Zeilenga           draft-zeilenga-ldap-user-schema-07           [Page 5]


INTERNET-DRAFT      LDAP: Additional Schema Elements   27 September 2004

  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
  [Syntaxes].

3.7. documentLocation

  The documentLocation attribute type specifies locations of the
  document original.

      ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
  [Syntaxes].

3.8. documentPublisher

  The documentPublisher attribute is the persons and/or organizations
  that published the document.  Documents which are jointly published
  have one value for each publisher.

      ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
  [Syntaxes].

3.9. documentTitle

  The documentTitle attribute type specifies the title of a document.

      ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
  [Syntaxes].


Zeilenga           draft-zeilenga-ldap-user-schema-07           [Page 6]


INTERNET-DRAFT      LDAP: Additional Schema Elements   27 September 2004

3.10. documentVersion

  The documentVersion attribute type specifies the version number of a
  document.

      ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
  [Syntaxes].

3.11. drink

  The drink (Favourite Drink) attribute type specifies favorite drinks
  of an object (or person).

      ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDrink' )
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
  [Syntaxes].

3.12. homePhone

  The homePhone (Home Telephone Number) attribute type specifies home
  telephone numbers (e.g., "+44 71 123 4567") associated with a person.

      ( 0.9.2342.19200300.100.1.20
        NAME ( 'homePhone' 'homeTelephoneNumber' )
        EQUALITY telephoneNumberMatch
        SUBSTR telephoneNumberSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )

  The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and the
  telephoneNumberMatch and telephoneNumberSubstringsMatch rules are
  described in [Syntaxes].

3.13. homePostalAddress


Zeilenga           draft-zeilenga-ldap-user-schema-07           [Page 7]


INTERNET-DRAFT      LDAP: Additional Schema Elements   27 September 2004

  The homePostalAddress attribute type specifies home postal addresses
  for an object.  Each SHOULD be limited to up to 6 lines of 30
  characters each.

      ( 0.9.2342.19200300.100.1.39
        NAME 'homePostalAddress'
        EQUALITY caseIgnoreListMatch
        SUBSTR caseIgnoreListSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )

  The PostalAddress (1.3.6.1.4.1.1466.115.121.1.41) syntax and the
  caseIgnoreListMatch rule are described in [Syntaxes].  The
  caseIgnoreListSubstringsMatch rule is described in section 2 of this
  document.

3.14. host

  The host attribute type specifies host computers.  1274)

      ( 0.9.2342.19200300.100.1.9
        NAME 'host'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
  [Syntaxes].

3.16. info

  The info (Information) attribute type specifies any general
  information pertinent to an object.  It is RECOMMENDED that specific
  usage of this attribute type is avoided, and that specific
  requirements are met by other (possibly additional) attribute types.
  Note that the description attribute type [Schema] is available for
  specifying descriptive information pertinent to an object.

      ( 0.9.2342.19200300.100.1.4
        NAME 'info'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )

  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in


Zeilenga           draft-zeilenga-ldap-user-schema-07           [Page 8]


INTERNET-DRAFT      LDAP: Additional Schema Elements   27 September 2004

  [Syntaxes].

3.17. mail

  The mail (rfc822mailbox) attribute type holds Internet mail addresses
  in Mailbox [RFC2821] form (e.g.: user@example.com).  1274)

      ( 0.9.2342.19200300.100.1.3
        NAME ( 'mail' 'rfc822Mailbox' )
        EQUALITY caseIgnoreIA5Match
        SUBSTR caseIgnoreIA5SubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

  The IA5String (1.3.6.1.4.1.1466.115.121.1.26) syntax and the
  caseIgnoreIA5Match and caseIgnoreIA5SubstringsMatch rules are
  described in [Syntaxes].

  It is noted that the directory will not ensure that values of this
  attribute conform to the Mailbox production [RFC2821].  It is the
  application responsibility to ensure domains it stores in this
  attribute are appropriately represented.

  Additionally, the directory will compare values per the matching rules
  named in the above attribute type description.  As these rules differ
  from rules which normally apply to Mailbox comparisons, operational
  issues may arise.  For example, the assertion (mail=joe@example.com)
  will match JOE@example.com even though the local-parts differ.   Also,
  where a user has two mailboxes which whose addresses differ only by
  case of the local-part, both cannot be listed as values of the user's
  mail attribute (as they are considered by the caseIgnoreIA5Match rule
  to be equal).

  It is also noted that applications supporting internationalized domain
  names SHALL use the ToASCII method [RFC3490] to produce <sub-domain>
  components of the <Mailbox> production.

3.18. manager

  The Manager attribute type specifies managers of an object represented
  by an entry.

      ( 0.9.2342.19200300.100.1.10
        NAME 'manager'
        EQUALITY distinguishedNameMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )


Zeilenga           draft-zeilenga-ldap-user-schema-07           [Page 9]


INTERNET-DRAFT      LDAP: Additional Schema Elements   27 September 2004

  The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
  distinguishedNameMatch rule are described in [Syntaxes].

3.19. mobile

  The mobile (Mobile Telephone Number) attribute type specifies mobile
  telephone numbers (e.g., "+44 71 123 4567") associated with a person.

      ( 0.9.2342.19200300.100.1.41
        NAME ( 'mobile' 'mobileTelephoneNumber' )
        EQUALITY telephoneNumberMatch
        SUBSTR telephoneNumberSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )

  The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and the
  telephoneNumberMatch and telephoneNumberSubstringsMatch rules are
  described in [Syntaxes].

3.20. organizationalStatus

  The organizationalStatus attribute type specifies categories by which
  a person is often referred to in an organization.  Examples of usage
  in academia might include undergraduate student, researcher, lecturer,
  etc.

  A Directory administrator SHOULD consider carefully the distinctions
  between this and the title and userClass attributes.  1274)

      ( 0.9.2342.19200300.100.1.45
        NAME 'organizationalStatus'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
  [Syntaxes].

3.21. pager

  The pager (Pager Telephone Number) attribute type specifies pager
  telephone numbers (e.g., "+44 71 123 4567") for an object.

      ( 0.9.2342.19200300.100.1.42
        NAME ( 'pager' 'pagerTelephoneNumber' )


Zeilenga           draft-zeilenga-ldap-user-schema-07          [Page 10]


INTERNET-DRAFT      LDAP: Additional Schema Elements   27 September 2004

        EQUALITY telephoneNumberMatch
        SUBSTR telephoneNumberSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )

  The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and the
  telephoneNumberMatch and telephoneNumberSubstringsMatch rules are
  described in [Syntaxes].

3.22. personalTitle

  The personalTitle attribute type specifies personal titles for a
  person.  Examples of personal titles are "Frau", "Dr", "Herr", and
  "Prof".

      ( 0.9.2342.19200300.100.1.40
        NAME 'personalTitle'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
  [Syntaxes].

3.23. roomNumber

  The roomNumber attribute type specifies the room number of an object.
  During periods of renumbering or in other circumstances where a room
  has multiple valid room numbers associated with it, multiple values
  may be provided.  Note that the cn (commonName) attribute type SHOULD
  be used for naming room objects.

      ( 0.9.2342.19200300.100.1.6
        NAME 'roomNumber'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
  [Syntaxes].

3.24. secretary

  The secretary attribute type specifies secretaries and/or


Zeilenga           draft-zeilenga-ldap-user-schema-07          [Page 11]


INTERNET-DRAFT      LDAP: Additional Schema Elements   27 September 2004

  administrative assistants of a person.  The attribute values are a
  distinguished name.

      ( 0.9.2342.19200300.100.1.21
        NAME 'secretary'
        EQUALITY distinguishedNameMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )

  The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
  distinguishedNameMatch rule are described in [Syntaxes].

3.26. uniqueIdentifier

  The Unique Identifier attribute type specifies a "unique identifier"
  for an object represented in the Directory.  The domain within which
  the identifier is unique, and the exact semantics of the identifier,
  are for local definition.  For a person, this might be an institution-
  wide payroll number.  For an organizational unit, it might be a
  department code.  An attribute value for uniqueIdentifier is a
  DirectoryString.

      ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
  [Syntaxes].

  Note: X.520 describes an attribute also called 'uniqueIdentifier'
        (2.5.4.45) which is called 'x500UniqueIdentifier' in LDAP
        [Schema].  The attribute detailed here ought not be confused
        with x500UniqueIdentifier.

3.27. userClass

  The userClass attribute type specifies categories of computer user.
  The semantics placed on this attribute are for local interpretation.
  Examples of current usage of this attribute in academia are
  undergraduate student, researcher, lecturer, etc.  Note that the
  organizationalStatus attribute type is now often be preferred as it
  makes no distinction between computer users and others.

      ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
        EQUALITY caseIgnoreMatch


Zeilenga           draft-zeilenga-ldap-user-schema-07          [Page 12]


INTERNET-DRAFT      LDAP: Additional Schema Elements   27 September 2004

        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

  The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
  caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in
  [Syntaxes].

4. Object Classes

  This section details object classes for use in LDAP.

4.1. account

  The account object class is used to define entries representing
  computer accounts.  The uid attribute SHOULD be used for naming
  entries of this object class.

      ( 0.9.2342.19200300.100.4.5
        NAME 'account'
        SUP top STRUCTURAL
        MUST uid
        MAY ( description $ seeAlso $ l $ o $ ou $ host ) )

  The top object class is described in [Models].  The description,
  seeAlso, l, o, ou, and uid attribute types are described in [Schema].
  The host attribute type is described in Section 3 of this document.

4.2. document

  The document object class is used to define entries which represent
  documents.

      ( 0.9.2342.19200300.100.4.6
        NAME 'document'
        SUP top STRUCTURAL
        MUST documentIdentifier
        MAY ( cn $ description $ seeAlso $ l $ o $ ou $
              documentTitle $ documentVersion $ documentAuthor $
              documentLocation $ documentPublisher ) )

  The top object class is described in [Models].  The cn, description,
  seeAlso, l, o, and ou attribute types are described in [Schema].  The
  documentIdentifier, documentTitle, documentVersion, documentAuthor,
  documentLocation, and documentPublisher attribute types are described
  in Section 3 of this document.


Zeilenga           draft-zeilenga-ldap-user-schema-07          [Page 13]


INTERNET-DRAFT      LDAP: Additional Schema Elements   27 September 2004

4.3. documentSeries

  The documentSeries object class is used to define an entry which
  represents a series of documents (e.g., The Request For Comments
  memos).

      ( 0.9.2342.19200300.100.4.9
        NAME 'documentSeries'
        SUP top STRUCTURAL
        MUST cn
        MAY ( description $ l $ o $ ou $ seeAlso $
              telephonenumber ) )

  The top object class is described in [Models].  The cn, description,
  l, o, ou, seeAlso, and telephone attribute types are described in
  [Schema].

4.4.  domainRelatedObject

  The domainRelatedObject object class is used to define entries which
  represent DNS domains which are "equivalent" to an X.500 domain: e.g.,
  an organization or organizational unit.

      ( 0.9.2342.19200300.100.4.17
        NAME 'domainRelatedObject'
        SUP top AUXILIARY
        MUST associatedDomain )

  The top object class is described in [Models].  The associatedDomain
  attribute type is described in Section 3 of this document.

4.5.  friendlyCountry

  The friendlyCountry object class is used to define country entries in
  the DIT.  The object class is used to allow friendlier naming of
  countries than that allowed by the object class country [Schema].

      ( 0.9.2342.19200300.100.4.18
        NAME 'friendlyCountry'
        SUP country STRUCTURAL
        MUST co )

  The country object class is described in [Schema].  The co attribute
  type is described in Section 3 of this document.



Zeilenga           draft-zeilenga-ldap-user-schema-07          [Page 14]


INTERNET-DRAFT      LDAP: Additional Schema Elements   27 September 2004

4.6.  rFC822LocalPart

  The rFC822LocalPart object class is used to define entries which
  represent the local part of Internet mail addresses [RFC2822].  This
  treats the local part of the address as a domain object [RFC2247].

      ( 0.9.2342.19200300.100.4.14
        NAME 'rFC822localPart'
        SUP domain STRUCTURAL
        MAY ( cn $ description $ destinationIndicator $
              facsimileTelephoneNumber $ internationaliSDNNumber $
              physicalDeliveryOfficeName $ postalAddress $
              postalCode $ postOfficeBox $ preferredDeliveryMethod $
              registeredAddress $ seeAlso $ sn $ street $
              telephoneNumber $ teletexTerminalIdentifier $
              telexNumber $ x121Address ) )

  The domain object class is described in [RFC2247].  The cn,
  description, destinationIndicator, facsimileTelephoneNumber,
  internationaliSDNNumber, physicalDeliveryOfficeName, postalAddress,
  postalCode, postOfficeBox, preferredDeliveryMethod, registeredAddress,
  seeAlso, sn, street, telephoneNumber, teletexTerminalIdentifier,
  telexNumber and x121Address are described in [Schema].

4.7.  room

  The room object class is used to define entries representing rooms.
  The cn (commonName) attribute SHOULD be used for naming entries of
  this object class.

      ( 0.9.2342.19200300.100.4.7 NAME 'room'
        SUP top STRUCTURAL
        MUST cn
        MAY ( roomNumber $ description $
              seeAlso $ telephoneNumber ) )

  The top object class is described in [Models].  The cn, description,
  seeAlso and telephoneNumber attribute types are described in [Schema].
  The roomNumber attribute type is described in Section 3 of this
  document.

4.8.  simpleSecurityObject

  The simpleSecurityObject object class is used to require an entry to
  have a userPassword attribute when the entry's structural object class
  does not require (or allow) the userPassword attribute.


Zeilenga           draft-zeilenga-ldap-user-schema-07          [Page 15]


INTERNET-DRAFT      LDAP: Additional Schema Elements   27 September 2004

      ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
        SUP top AUXILIARY
        MUST userPassword )

  The top object class is described in [Models].  The userPassword
  attribute type are described in [Schema].

  Note: Security considerations related to the use of simple
        authentication mechanisms in LDAP are discussed in [AuthMeth].

5. Security Considerations

  General LDAP security considerations [Roadmap] is applicable to the
  use of this schema.  Additional considerations are noted above where
  appropriate.

6. IANA Considerations

  It is requested that the Internet Assigned Numbers Authority (IANA)
  update upon Standard Action the LDAP descriptors registry [BCP64bis]
  as indicated the following template:

      Subject: Request for LDAP Descriptor Registration Update
      Descriptor (short name): see comment
      Object Identifier: see comments
      Person & email address to contact for further information:
          Kurt Zeilenga <kurt@OpenLDAP.org>
      Usage: see comments
      Specification: RFC XXXX
      Author/Change Controller: IESG
      Comments:

      The following descriptors should be updated to refer to RFC XXXX.

        NAME                           Type OID
        ------------------------       ---- --------------------------
        account                        O    0.9.2342.19200300.100.4.5
        associatedDomain               A    0.9.2342.19200300.100.1.37
        associatedName                 A    0.9.2342.19200300.100.1.38
        buildingName                   A    0.9.2342.19200300.100.1.48
        co                             A    0.9.2342.19200300.100.1.43
        document                       O    0.9.2342.19200300.100.4.6
        documentAuthor                 A    0.9.2342.19200300.100.1.14
        documentIdentifier             A    0.9.2342.19200300.100.1.11
        documentLocation               A    0.9.2342.19200300.100.1.15
        documentPublisher              A    0.9.2342.19200300.100.1.56


Zeilenga           draft-zeilenga-ldap-user-schema-07          [Page 16]


INTERNET-DRAFT      LDAP: Additional Schema Elements   27 September 2004

        documentSeries                 O    0.9.2342.19200300.100.4.8
        documentTitle                  A    0.9.2342.19200300.100.1.12
        documentVersion                A    0.9.2342.19200300.100.1.13
        domainRelatedObject            O    0.9.2342.19200300.100.4.17
        drink                          A    0.9.2342.19200300.100.1.5
        favouriteDrink                 A    0.9.2342.19200300.100.1.5
        friendlyCountry                O    0.9.2342.19200300.100.4.18
        friendlyCountryName            A    0.9.2342.19200300.100.1.43
        homePhone                      A    0.9.2342.19200300.100.1.20
        homePostalAddress              A    0.9.2342.19200300.100.1.39
        homeTelephone                  A    0.9.2342.19200300.100.1.20
        host                           A    0.9.2342.19200300.100.1.9
        info                           A    0.9.2342.19200300.100.1.4
        mail                           A    0.9.2342.19200300.100.1.3
        manager                        A    0.9.2342.19200300.100.1.10
        mobile                         A    0.9.2342.19200300.100.1.41
        mobileTelephoneNumber          A    0.9.2342.19200300.100.1.41
        organizationalStatus           A    0.9.2342.19200300.100.1.45
        pager                          A    0.9.2342.19200300.100.1.42
        pagerTelephoneNumber           A    0.9.2342.19200300.100.1.42
        personalTitle                  A    0.9.2342.19200300.100.1.40
        RFC822LocalPart                O    0.9.2342.19200300.100.4.14
        RFC822Mailbox                  A    0.9.2342.19200300.100.1.3
        room                           O    0.9.2342.19200300.100.4.7
        roomNumber                     A    0.9.2342.19200300.100.1.6
        secretary                      A    0.9.2342.19200300.100.1.21
        simpleSecurityObject           O    0.9.2342.19200300.100.4.19
        singleLevelQuality             A    0.9.2342.19200300.100.1.50
        uniqueIdentifier               A    0.9.2342.19200300.100.1.44
        userClass                      A    0.9.2342.19200300.100.1.8

      where Type A is Attribute, Type O is ObjectClass, and Type M
      is Matching Rule.

7. Acknowledgments

  This document is based upon RFC 1274 by Paul Barker and Steve Kille.

8. Author's Address

  Kurt D. Zeilenga
  OpenLDAP Foundation

  Email: Kurt@OpenLDAP.org



Zeilenga           draft-zeilenga-ldap-user-schema-07          [Page 17]


INTERNET-DRAFT      LDAP: Additional Schema Elements   27 September 2004

9. References

  [[Note to the RFC Editor: please replace the citation tags used in
  referencing Internet-Drafts with tags of the form RFCnnnn where
  possible.]]

9.1. Normative References

                [RFC1034]     Mockapetris, P., "Domain names - concepts
                and facilities", STD 13 (also RFC 1034), November 1987.

  [RFC2119]     Bradner, S., "Key words for use in RFCs to Indicate
                Requirement Levels", BCP 14 (also RFC 2119), March 1997.

  [RFC2247]     Kille, S., M. Wahl, A. Grimstad, R. Huber and S.
                Sataluri, "Using Domains in LDAP/X.500 Distinguished
                Names", January 1998.

  [RFC2821]     Klensin, J. (editor), "Simple Mail Transfer Protocol",
                RFC 2822, April 2001.

  [RFC3490]     Faltstrom, P., P. Hoffman, and A. Costello,
                "Internationalizing Domain Names in Applications
                (INDA)", RFC 3490, March 2003.

  [Roadmap]     Zeilenga, K. (editor), "LDAP: Technical Specification
                Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
                progress.

  [Models]      Zeilenga, K. (editor), "LDAP: Directory Information
                Models", draft-ietf-ldapbis-models-xx.txt, a work in
                progress.

  [Syntaxes]    Legg, S. (editor), "LDAP: Syntaxes and Matching Rules",
                draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress.

  [Schema]      Dally, K. (editor), "LDAP: User Schema",
                draft-ietf-ldapbis-user-schema-xx.txt, a work in
                progress.

  [AuthMeth]    Harrison, R. (editor), "LDAP: Authentication Methods and
                Connection Level Security Mechanisms",
                draft-ietf-ldapbis-authmeth-xx.txt, a work in progress.

9.2. Informative References

  [ISO3166]     International Organization for Standardization, "Codes


Zeilenga           draft-zeilenga-ldap-user-schema-07          [Page 18]


INTERNET-DRAFT      LDAP: Additional Schema Elements   27 September 2004

                for the representation of names of countries", ISO 3166.

  [RFC1274]     Barker, P. and S. Kille, "The COSINE and Internet X.500
                Schema", November 1991.

  [RFC2798]     Smith, M., "The LDAP inetOrgPerson Object Class", RFC
                2798, April 2000.

  [BCP64bis]    Zeilenga, K., "IANA Considerations for LDAP",
                draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.


Intellectual Property Rights

  The IETF takes no position regarding the validity or scope of any
  Intellectual Property Rights or other rights that might be claimed to
  pertain to the implementation or use of the technology described in
  this document or the extent to which any license under such rights
  might or might not be available; nor does it represent that it has
  made any independent effort to identify any such rights.  Information
  on the procedures with respect to rights in RFC documents can be found
  in BCP 78 and BCP 79.

  Copies of IPR disclosures made to the IETF Secretariat and any
  assurances of licenses to be made available, or the result of an
  attempt made to obtain a general license or permission for the use of
  such proprietary rights by implementers or users of this specification
  can be obtained from the IETF on-line IPR repository at
  http://www.ietf.org/ipr.

  The IETF invites any interested party to bring to its attention any
  copyrights, patents or patent applications, or other proprietary
  rights that may cover technology that may be required to implement
  this standard.  Please address the information to the IETF at
  ietf-ipr@ietf.org.


Full Copyright

  Copyright (C) The Internet Society (2004).  This document is subject
  to the rights, licenses and restrictions contained in BCP 78, and
  except as set forth therein, the authors retain all their rights.

  This document and the information contained herein are provided on an
  "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
  OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET


Zeilenga           draft-zeilenga-ldap-user-schema-07          [Page 19]


INTERNET-DRAFT      LDAP: Additional Schema Elements   27 September 2004

  ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
  INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
  INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
  WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.























Zeilenga           draft-zeilenga-ldap-user-schema-07          [Page 20]