A Configuration Profile Schema for Lightweight Directory Access Protocol (LDAP)-Based Agents
RFC 4876

 
Document Type RFC - Informational (May 2007; Errata)
Last updated 2013-03-02
Stream ISE
Formats plain text pdf html
Stream ISE state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 4876 (Informational)
Telechat date
Responsible AD Ted Hardie
Send notices to bob_joslin@hp.com
Network Working Group                                B. Neal-Joslin, Ed.
Request for Comments: 4876                                            HP
Category: Informational                                        L. Howard
                                                                    PADL
                                                               M. Ansari
                                                                Infoblox
                                                                May 2007

                   A Configuration Profile Schema for
       Lightweight Directory Access Protocol (LDAP)-Based Agents

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

IESG Note

   This RFC is not a candidate for any level of Internet Standard.  The
   IETF disclaims any knowledge of the fitness of this RFC for any
   purpose and in particular notes that the decision to publish is not
   based on IETF review for such things as security, congestion control,
   or inappropriate interaction with deployed protocols.  The RFC Editor
   has chosen to publish this document at its discretion.  Readers of
   this document should exercise caution in evaluating its value for
   implementation and deployment.  See RFC 3932 for more information.

Abstract

   This document consists of two primary components, a schema for agents
   that make use of the Lightweight Directory Access protocol (LDAP) and
   a proposed use case of that schema, for distributed configuration of
   similar directory user agents.  A set of attribute types and an
   object class are proposed.  In the proposed use case, directory user
   agents (DUAs) can use this schema to determine directory data
   location and access parameters for specific services they support.
   In addition, in the proposed use case, attribute and object class
   mapping allows DUAs to reconfigure their expected (default) schema to
   match that of the end user's environment.  This document is intended
   to be a skeleton for future documents that describe configuration of
   specific DUA services.

Neal-Joslin, et al.          Informational                      [Page 1]
RFC 4876         LDAP-Based Agent Configuration Schema          May 2007

Table of Contents

   1.  Background and Motivation  . . . . . . . . . . . . . . . . . .  3
   2.  General Information  . . . . . . . . . . . . . . . . . . . . .  4
     2.1.  Requirements Notation  . . . . . . . . . . . . . . . . . .  4
     2.2.  Attributes Summary . . . . . . . . . . . . . . . . . . . .  5
     2.3.  Object Classes Summary . . . . . . . . . . . . . . . . . .  5
     2.4.  Common Syntax/Encoding Definitions . . . . . . . . . . . .  5
   3.  Schema Definition  . . . . . . . . . . . . . . . . . . . . . .  6
     3.1.  Attribute Definitions  . . . . . . . . . . . . . . . . . .  6
     3.2.  Class Definition . . . . . . . . . . . . . . . . . . . . .  9
   4.  DUA Implementation Details . . . . . . . . . . . . . . . . . . 10
     4.1.  Interpreting the preferredServerList Attribute . . . . . . 10
     4.2.  Interpreting the defaultServerList Attribute . . . . . . . 11
     4.3.  Interpreting the defaultSearchBase Attribute . . . . . . . 12
     4.4.  Interpreting the authenticationMethod Attribute  . . . . . 13
     4.5.  Interpreting the credentialLevel Attribute . . . . . . . . 15
     4.6.  Interpreting the serviceSearchDescriptor Attribute . . . . 16
     4.7.  Interpreting the attributeMap Attribute  . . . . . . . . . 20
     4.8.  Interpreting the searchTimeLimit Attribute . . . . . . . . 23
     4.9.  Interpreting the bindTimeLimit Attribute . . . . . . . . . 23
     4.10. Interpreting the followReferrals Attribute . . . . . . . . 24
     4.11. Interpreting the dereferenceAliases Attribute  . . . . . . 24
     4.12. Interpreting the profileTTL Attribute  . . . . . . . . . . 24
     4.13. Interpreting the objectclassMap Attribute  . . . . . . . . 25
     4.14. Interpreting the defaultSearchScope Attribute  . . . . . . 27
     4.15. Interpreting the serviceAuthenticationMethod Attribute . . 27
     4.16. Interpreting the serviceCredentialLevel Attribute  . . . . 28
   5.  Binding to the Directory Server  . . . . . . . . . . . . . . . 29
   6.  Security Considerations  . . . . . . . . . . . . . . . . . . . 29
   7.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 30
   8.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 30
     8.1.  Registration of Object Classes . . . . . . . . . . . . . . 31
     8.2.  Registration of Attribute Types  . . . . . . . . . . . . . 31
   9.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Show full document text