INTERNET-DRAFT Editor: Kurt D. Zeilenga Intended Category: Standard Track OpenLDAP Foundation Expires in six months 24 October 2004 Obsoletes: RFC 1274 Updates: RFC 2798 LDAP: Additional Schema Elements <draft-zeilenga-ldap-user-schema-07.txt> Status of this Memo This document is intended to be, after appropriate review and revision, submitted to the RFC Editor as a Standard Track document. Distribution of this memo is unlimited. Technical discussion of this document will take place on the IETF LDAPEXT mailing list <ldapext@ietf.org>. Please send editorial comments directly to the author <Kurt@OpenLDAP.org>. By submitting this Internet-Draft, I accept the provisions of Section 4 of RFC 3667. By submitting this Internet-Draft, I certify that any applicable patent or other IPR claims of which I am aware have been disclosed, or will be disclosed, and any of which I become aware will be disclosed, in accordance with RFC 3668. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at <http://www.ietf.org/ietf/1id-abstracts.txt>. The list of Internet-Draft Shadow Directories can be accessed at <http://www.ietf.org/shadow.html>. Copyright (C) The Internet Society (2004). All Rights Reserved. Please see the Full Copyright section near the end of this document for more information. Abstract Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 1]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004 This document provides a collection of schema elements for use with the Lightweight Directory Access Protocol from COSINE and Internet X.500 pilot projects. Table of Contents (to be expanded by editor) Status of this Memo 1 Abstract Conventions 2 Table of Contents 1. Background and Intended Use 3 2. Terminology and Conventions 3. Attribute Types 3.1. associatedDomain 3.2. associatedName 3.3. buildingName 3.3. co 8 3.5. documentAuthor 3.6. documentIdentifier 3.7. documentLocation 3.8. documentPublisher 9 3.9. documentTitle 3.10. documentVersion 3.11. drink 3.12. homePhone 10 3.13. homePostalAddress 3.14. host 3.16. info 3.17. mail 11 3.18. manager 3.19. mobile 3.20. organizationalStatus 3.21. pager 3.22. personalTitle 3.23. roomNumber 3.24. secretary 13 3.26. uniqueIdentifier 3.27. userClass 14 4. Object Classes 4.1. account 4.2. document 4.3. documentSeries 15 4.4. domainRelatedObject 4.5. friendlyCountry 4.6. rFC822LocalPart 4.7. room 16 4.8. simpleSecurityObject Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 2]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004 5. Security Considerations 6. IANA Considerations 17 7. Acknowledgments 18 8. Author's Address 9. References 19 Full Copyright 20 1. Background and Intended Use This document provides descriptions of additional for schema elements for use with the Lightweight Directory Access Protocol (LDAP) [Roadmap]. The elements were originally introduced for use in the COSINE and Internet X.500 pilot projects [RFC1274]. This document adapts the schema elements for use in modern directory applications, while preserving established syntaxes and semantics. This document, together with RFC 2247 and [Schema], obsoletes RFC 1274. Some of these items were described in the inetOrgPerson [RFC2798] schema. This document supersedes these descriptions. This document, together with [Schema], replaces section 9.1.3 of RFC 2798. 2. Terminology and Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119]. DIT stands for Directory Information Tree. DN stands for Distinguished Name. DSA stands for Directory System Agent, a server. DSE stands for DSA-Specific Entry. DUA stands for Directory User Agent, a client. These terms are discussed in [Models]. Schema definitions are provided using LDAP description formats [Models]. Definitions provided here are formatted (line wrapped) for readability. 3. Attribute Types This section details attribute types for use in LDAP. 3.1. associatedDomain Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 3]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004 The associatedDomain attribute type specifies DNS domains [RFC1034] which are associated with an object. For example, the entry in the DIT with a DN <DC=example,DC=com> might have an associated domain of "example.com". ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) The IA5String (1.3.6.1.4.1.1466.115.121.1.26) syntax and the caseIgnoreIA5Match and caseIgnoreIA5SubstringsMatch rules are described in [Syntaxes]. It is noted that the directory will not ensure that values of this attribute conform to the <domain> production [RFC1034]. It is the application responsibility to ensure domains it stores in this attribute are appropriately represented. It is also noted that applications supporting Internationalized Domain Names SHALL use the ToASCII method [RFC3490] to produce <label> components of the <domain> production. 3.2. associatedName The associatedName attribute type specifies entries in the organizational DIT associated with a DNS domain [RFC1034]. ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the distinguishedNameMatch rule are described in [Syntaxes]. 3.3. buildingName The buildingName attribute type specifies names of the buildings where an organization or organizational unit is based. ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 4]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004 caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in [Syntaxes]. 3.3. co The co (Friendly Country Name) attribute type specifies names of countries in human-readable format. It is commonly used in conjunction with the c (Country Name) [Schema] attribute type (which restricted to one of the two-letter codes defined in [ISO3166]). ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCountryName' ) EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in [Syntaxes]. 3.5. documentAuthor The documentAuthor attribute type specifies the distinguished name of authors (or editors) of a document. ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the distinguishedNameMatch rule are described in [Syntaxes]. 3.6. documentIdentifier The documentIdentifier attribute type specifies unique identifiers for a document. A document may be identified by more than one unique identifier. For example, "RFC 3383" and "BCP 64" are unique identifers which refer to the same document. ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 5]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004 caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in [Syntaxes]. 3.7. documentLocation The documentLocation attribute type specifies locations of the document original. ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in [Syntaxes]. 3.8. documentPublisher The documentPublisher attribute is the persons and/or organizations that published the document. Documents which are jointly published have one value for each publisher. ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in [Syntaxes]. 3.9. documentTitle The documentTitle attribute type specifies the title of a document. ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in [Syntaxes]. Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 6]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004 3.10. documentVersion The documentVersion attribute type specifies the version number of a document. ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in [Syntaxes]. 3.11. drink The drink (Favourite Drink) attribute type specifies favorite drinks of an object (or person). ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDrink' ) EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in [Syntaxes]. 3.12. homePhone The homePhone (Home Telephone Number) attribute type specifies home telephone numbers (e.g., "+44 71 123 4567") associated with a person. ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTelephoneNumber' ) EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and the telephoneNumberMatch and telephoneNumberSubstringsMatch rules are described in [Syntaxes]. 3.13. homePostalAddress Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 7]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004 The homePostalAddress attribute type specifies home postal addresses for an object. Each SHOULD be limited to up to 6 lines of 30 characters each. ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) The PostalAddress (1.3.6.1.4.1.1466.115.121.1.41) syntax and the caseIgnoreListMatch rule are described in [Syntaxes]. The caseIgnoreListSubstringsMatch rule is described in section 2 of this document. 3.14. host The host attribute type specifies host computers. 1274) ( 0.9.2342.19200300.100.1.9 NAME 'host' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in [Syntaxes]. 3.16. info The info (Information) attribute type specifies any general information pertinent to an object. It is RECOMMENDED that specific usage of this attribute type is avoided, and that specific requirements are met by other (possibly additional) attribute types. Note that the description attribute type [Schema] is available for specifying descriptive information pertinent to an object. ( 0.9.2342.19200300.100.1.4 NAME 'info' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 8]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004 [Syntaxes]. 3.17. mail The mail (rfc822mailbox) attribute type holds Internet mail addresses in Mailbox [RFC2821] form (e.g.: user@example.com). 1274) ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' ) EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) The IA5String (1.3.6.1.4.1.1466.115.121.1.26) syntax and the caseIgnoreIA5Match and caseIgnoreIA5SubstringsMatch rules are described in [Syntaxes]. It is noted that the directory will not ensure that values of this attribute conform to the Mailbox production [RFC2821]. It is the application responsibility to ensure domains it stores in this attribute are appropriately represented. Additionally, the directory will compare values per the matching rules named in the above attribute type description. As these rules differ from rules which normally apply to Mailbox comparisons, operational issues may arise. For example, the assertion (mail=joe@example.com) will match JOE@example.com even though the local-parts differ. Also, where a user has two mailboxes which whose addresses differ only by case of the local-part, both cannot be listed as values of the user's mail attribute (as they are considered by the caseIgnoreIA5Match rule to be equal). It is also noted that applications supporting internationalized domain names SHALL use the ToASCII method [RFC3490] to produce <sub-domain> components of the <Mailbox> production. 3.18. manager The Manager attribute type specifies managers of an object represented by an entry. ( 0.9.2342.19200300.100.1.10 NAME 'manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 9]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004 The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the distinguishedNameMatch rule are described in [Syntaxes]. 3.19. mobile The mobile (Mobile Telephone Number) attribute type specifies mobile telephone numbers (e.g., "+44 71 123 4567") associated with a person. ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTelephoneNumber' ) EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and the telephoneNumberMatch and telephoneNumberSubstringsMatch rules are described in [Syntaxes]. 3.20. organizationalStatus The organizationalStatus attribute type specifies categories by which a person is often referred to in an organization. Examples of usage in academia might include undergraduate student, researcher, lecturer, etc. A Directory administrator SHOULD consider carefully the distinctions between this and the title and userClass attributes. 1274) ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in [Syntaxes]. 3.21. pager The pager (Pager Telephone Number) attribute type specifies pager telephone numbers (e.g., "+44 71 123 4567") for an object. ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelephoneNumber' ) Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 10]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004 EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and the telephoneNumberMatch and telephoneNumberSubstringsMatch rules are described in [Syntaxes]. 3.22. personalTitle The personalTitle attribute type specifies personal titles for a person. Examples of personal titles are "Frau", "Dr", "Herr", and "Prof". ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in [Syntaxes]. 3.23. roomNumber The roomNumber attribute type specifies the room number of an object. During periods of renumbering or in other circumstances where a room has multiple valid room numbers associated with it, multiple values may be provided. Note that the cn (commonName) attribute type SHOULD be used for naming room objects. ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in [Syntaxes]. 3.24. secretary The secretary attribute type specifies secretaries and/or Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 11]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004 administrative assistants of a person. The attribute values are a distinguished name. ( 0.9.2342.19200300.100.1.21 NAME 'secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the distinguishedNameMatch rule are described in [Syntaxes]. 3.26. uniqueIdentifier The Unique Identifier attribute type specifies a "unique identifier" for an object represented in the Directory. The domain within which the identifier is unique, and the exact semantics of the identifier, are for local definition. For a person, this might be an institution- wide payroll number. For an organizational unit, it might be a department code. An attribute value for uniqueIdentifier is a DirectoryString. ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in [Syntaxes]. Note: X.520 describes an attribute also called 'uniqueIdentifier' (2.5.4.45) which is called 'x500UniqueIdentifier' in LDAP [Schema]. The attribute detailed here ought not be confused with x500UniqueIdentifier. 3.27. userClass The userClass attribute type specifies categories of computer user. The semantics placed on this attribute are for local interpretation. Examples of current usage of this attribute in academia are undergraduate student, researcher, lecturer, etc. Note that the organizationalStatus attribute type is now often be preferred as it makes no distinction between computer users and others. ( 0.9.2342.19200300.100.1.8 NAME 'userClass' EQUALITY caseIgnoreMatch Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 12]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004 SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the caseIgnoreMatch and caseIgnoreSubstringsMatch rules are described in [Syntaxes]. 4. Object Classes This section details object classes for use in LDAP. 4.1. account The account object class is used to define entries representing computer accounts. The uid attribute SHOULD be used for naming entries of this object class. ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCTURAL MUST uid MAY ( description $ seeAlso $ l $ o $ ou $ host ) ) The top object class is described in [Models]. The description, seeAlso, l, o, ou, and uid attribute types are described in [Schema]. The host attribute type is described in Section 3 of this document. 4.2. document The document object class is used to define entries which represent documents. ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUCTURAL MUST documentIdentifier MAY ( cn $ description $ seeAlso $ l $ o $ ou $ documentTitle $ documentVersion $ documentAuthor $ documentLocation $ documentPublisher ) ) The top object class is described in [Models]. The cn, description, seeAlso, l, o, and ou attribute types are described in [Schema]. The documentIdentifier, documentTitle, documentVersion, documentAuthor, documentLocation, and documentPublisher attribute types are described in Section 3 of this document. Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 13]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004 4.3. documentSeries The documentSeries object class is used to define an entry which represents a series of documents (e.g., The Request For Comments memos). ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top STRUCTURAL MUST cn MAY ( description $ l $ o $ ou $ seeAlso $ telephonenumber ) ) The top object class is described in [Models]. The cn, description, l, o, ou, seeAlso, and telephone attribute types are described in [Schema]. 4.4. domainRelatedObject The domainRelatedObject object class is used to define entries which represent DNS domains which are "equivalent" to an X.500 domain: e.g., an organization or organizational unit. ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' SUP top AUXILIARY MUST associatedDomain ) The top object class is described in [Models]. The associatedDomain attribute type is described in Section 3 of this document. 4.5. friendlyCountry The friendlyCountry object class is used to define country entries in the DIT. The object class is used to allow friendlier naming of countries than that allowed by the object class country [Schema]. ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP country STRUCTURAL MUST co ) The country object class is described in [Schema]. The co attribute type is described in Section 3 of this document. Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 14]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004 4.6. rFC822LocalPart The rFC822LocalPart object class is used to define entries which represent the local part of Internet mail addresses [RFC2822]. This treats the local part of the address as a domain object [RFC2247]. ( 0.9.2342.19200300.100.4.14 NAME 'rFC822localPart' SUP domain STRUCTURAL MAY ( cn $ description $ destinationIndicator $ facsimileTelephoneNumber $ internationaliSDNNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ preferredDeliveryMethod $ registeredAddress $ seeAlso $ sn $ street $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ x121Address ) ) The domain object class is described in [RFC2247]. The cn, description, destinationIndicator, facsimileTelephoneNumber, internationaliSDNNumber, physicalDeliveryOfficeName, postalAddress, postalCode, postOfficeBox, preferredDeliveryMethod, registeredAddress, seeAlso, sn, street, telephoneNumber, teletexTerminalIdentifier, telexNumber and x121Address are described in [Schema]. 4.7. room The room object class is used to define entries representing rooms. The cn (commonName) attribute SHOULD be used for naming entries of this object class. ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURAL MUST cn MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) ) The top object class is described in [Models]. The cn, description, seeAlso and telephoneNumber attribute types are described in [Schema]. The roomNumber attribute type is described in Section 3 of this document. 4.8. simpleSecurityObject The simpleSecurityObject object class is used to require an entry to have a userPassword attribute when the entry's structural object class does not require (or allow) the userPassword attribute. Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 15]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004 ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' SUP top AUXILIARY MUST userPassword ) The top object class is described in [Models]. The userPassword attribute type are described in [Schema]. Note: Security considerations related to the use of simple authentication mechanisms in LDAP are discussed in [AuthMeth]. 5. Security Considerations General LDAP security considerations [Roadmap] is applicable to the use of this schema. Additional considerations are noted above where appropriate. 6. IANA Considerations It is requested that the Internet Assigned Numbers Authority (IANA) update upon Standard Action the LDAP descriptors registry [BCP64bis] as indicated the following template: Subject: Request for LDAP Descriptor Registration Update Descriptor (short name): see comment Object Identifier: see comments Person & email address to contact for further information: Kurt Zeilenga <kurt@OpenLDAP.org> Usage: see comments Specification: RFC XXXX Author/Change Controller: IESG Comments: The following descriptors should be updated to refer to RFC XXXX. NAME Type OID ------------------------ ---- -------------------------- account O 0.9.2342.19200300.100.4.5 associatedDomain A 0.9.2342.19200300.100.1.37 associatedName A 0.9.2342.19200300.100.1.38 buildingName A 0.9.2342.19200300.100.1.48 co A 0.9.2342.19200300.100.1.43 document O 0.9.2342.19200300.100.4.6 documentAuthor A 0.9.2342.19200300.100.1.14 documentIdentifier A 0.9.2342.19200300.100.1.11 documentLocation A 0.9.2342.19200300.100.1.15 documentPublisher A 0.9.2342.19200300.100.1.56 Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 16]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004 documentSeries O 0.9.2342.19200300.100.4.8 documentTitle A 0.9.2342.19200300.100.1.12 documentVersion A 0.9.2342.19200300.100.1.13 domainRelatedObject O 0.9.2342.19200300.100.4.17 drink A 0.9.2342.19200300.100.1.5 favouriteDrink A 0.9.2342.19200300.100.1.5 friendlyCountry O 0.9.2342.19200300.100.4.18 friendlyCountryName A 0.9.2342.19200300.100.1.43 homePhone A 0.9.2342.19200300.100.1.20 homePostalAddress A 0.9.2342.19200300.100.1.39 homeTelephone A 0.9.2342.19200300.100.1.20 host A 0.9.2342.19200300.100.1.9 info A 0.9.2342.19200300.100.1.4 mail A 0.9.2342.19200300.100.1.3 manager A 0.9.2342.19200300.100.1.10 mobile A 0.9.2342.19200300.100.1.41 mobileTelephoneNumber A 0.9.2342.19200300.100.1.41 organizationalStatus A 0.9.2342.19200300.100.1.45 pager A 0.9.2342.19200300.100.1.42 pagerTelephoneNumber A 0.9.2342.19200300.100.1.42 personalTitle A 0.9.2342.19200300.100.1.40 RFC822LocalPart O 0.9.2342.19200300.100.4.14 RFC822Mailbox A 0.9.2342.19200300.100.1.3 room O 0.9.2342.19200300.100.4.7 roomNumber A 0.9.2342.19200300.100.1.6 secretary A 0.9.2342.19200300.100.1.21 simpleSecurityObject O 0.9.2342.19200300.100.4.19 singleLevelQuality A 0.9.2342.19200300.100.1.50 uniqueIdentifier A 0.9.2342.19200300.100.1.44 userClass A 0.9.2342.19200300.100.1.8 where Type A is Attribute, Type O is ObjectClass, and Type M is Matching Rule. 7. Acknowledgments This document is based upon RFC 1274 by Paul Barker and Steve Kille. 8. Author's Address Kurt D. Zeilenga OpenLDAP Foundation Email: Kurt@OpenLDAP.org Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 17]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004 9. References [[Note to the RFC Editor: please replace the citation tags used in referencing Internet-Drafts with tags of the form RFCnnnn where possible.]] 9.1. Normative References [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", STD 13 (also RFC 1034), November 1987. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14 (also RFC 2119), March 1997. [RFC2247] Kille, S., M. Wahl, A. Grimstad, R. Huber and S. Sataluri, "Using Domains in LDAP/X.500 Distinguished Names", January 1998. [RFC2821] Klensin, J. (editor), "Simple Mail Transfer Protocol", RFC 2822, April 2001. [RFC3490] Faltstrom, P., P. Hoffman, and A. Costello, "Internationalizing Domain Names in Applications (INDA)", RFC 3490, March 2003. [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in progress. [Models] Zeilenga, K. (editor), "LDAP: Directory Information Models", draft-ietf-ldapbis-models-xx.txt, a work in progress. [Syntaxes] Legg, S. (editor), "LDAP: Syntaxes and Matching Rules", draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress. [Schema] Dally, K. (editor), "LDAP: User Schema", draft-ietf-ldapbis-user-schema-xx.txt, a work in progress. [AuthMeth] Harrison, R. (editor), "LDAP: Authentication Methods and Connection Level Security Mechanisms", draft-ietf-ldapbis-authmeth-xx.txt, a work in progress. 9.2. Informative References [ISO3166] International Organization for Standardization, "Codes Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 18]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004 for the representation of names of countries", ISO 3166. [RFC1274] Barker, P. and S. Kille, "The COSINE and Internet X.500 Schema", November 1991. [RFC2798] Smith, M., "The LDAP inetOrgPerson Object Class", RFC 2798, April 2000. [BCP64bis] Zeilenga, K., "IANA Considerations for LDAP", draft-ietf-ldapbis-bcp64-xx.txt, a work in progress. Intellectual Property Rights The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Full Copyright Copyright (C) The Internet Society (2004). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 19]
INTERNET-DRAFT LDAP: Additional Schema Elements 27 September 2004 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Zeilenga draft-zeilenga-ldap-user-schema-07 [Page 20]