rfc4517.txt

samba最新软件

   The LDAP definition for the Bit String syntax is:

      ( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' )

   This syntax corresponds to the BIT STRING ASN.1 type from [ASN.1].

3.3.3.  Boolean

   A value of the Boolean syntax is one of the Boolean values, true or
   false.  The LDAP-specific encoding of a value of this syntax is
   defined by the following ABNF:

      Boolean = "TRUE" / "FALSE"

   The LDAP definition for the Boolean syntax is:

      ( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' )

   This syntax corresponds to the BOOLEAN ASN.1 type from [ASN.1].

3.3.4.  Country String

   A value of the Country String syntax is one of the two-character
   codes from ISO 3166 [ISO3166] for representing a country.  The LDAP-
   specific encoding of a value of this syntax is defined by the
   following ABNF:

      CountryString  = 2(PrintableCharacter)

   The <PrintableCharacter> rule is defined in Section 3.2.

      Examples:

         US
         AU

   The LDAP definition for the Country String syntax is:

      ( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' )

   This syntax corresponds to the following ASN.1 type from [X.520]:

      PrintableString (SIZE (2)) -- ISO 3166 codes only



Legg                        Standards Track                     [Page 7]

RFC 4517           LDAP: Syntaxes and Matching Rules           June 2006


3.3.5.  Delivery Method

   A value of the Delivery Method syntax is a sequence of items that
   indicate, in preference order, the service(s) by which an entity is
   willing and/or capable of receiving messages.  The LDAP-specific
   encoding of a value of this syntax is defined by the following ABNF:

      DeliveryMethod = pdm *( WSP DOLLAR WSP pdm )

      pdm = "any" / "mhs" / "physical" / "telex" / "teletex" /
            "g3fax" / "g4fax" / "ia5" / "videotex" / "telephone"

   The <WSP> and <DOLLAR> rules are defined in [RFC4512].

      Example:
         telephone $ videotex

   The LDAP definition for the Delivery Method syntax is:

      ( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' )

   This syntax corresponds to the following ASN.1 type from [X.520]:

      SEQUENCE OF INTEGER {
          any-delivery-method     (0),
          mhs-delivery            (1),
          physical-delivery       (2),
          telex-delivery          (3),
          teletex-delivery        (4),
          g3-facsimile-delivery   (5),
          g4-facsimile-delivery   (6),
          ia5-terminal-delivery   (7),
          videotex-delivery       (8),
          telephone-delivery      (9) }

3.3.6.  Directory String

   A value of the Directory String syntax is a string of one or more
   arbitrary characters from the Universal Character Set (UCS) [UCS].  A
   zero-length character string is not permitted.  The LDAP-specific
   encoding of a value of this syntax is the UTF-8 encoding [RFC3629] of
   the character string.  Such encodings conform to the following ABNF:

      DirectoryString = 1*UTF8

   The <UTF8> rule is defined in [RFC4512].





Legg                        Standards Track                     [Page 8]

RFC 4517           LDAP: Syntaxes and Matching Rules           June 2006


      Example:
         This is a value of Directory String containing #!%#@.

   Servers and clients MUST be prepared to receive arbitrary UCS code
   points, including code points outside the range of printable ASCII
   and code points not presently assigned to any character.

   Attribute type definitions using the Directory String syntax should
   not restrict the format of Directory String values, e.g., by
   requiring that the character string conforms to specific patterns
   described by ABNF.  A new syntax should be defined in such cases.

   The LDAP definition for the Directory String syntax is:

      ( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'Directory String' )

   This syntax corresponds to the DirectoryString parameterized ASN.1
   type from [X.520].

   The DirectoryString ASN.1 type allows a choice between the
   TeletexString, PrintableString, or UniversalString ASN.1 types from
   [ASN.1].  However, note that the chosen alternative is not indicated
   in the LDAP-specific encoding of a Directory String value.

   Implementations that convert Directory String values from the LDAP-
   specific encoding to the BER encoding used by X.500 must choose an
   alternative that permits the particular characters in the string and
   must convert the characters from the UTF-8 encoding into the
   character encoding of the chosen alternative.  When converting
   Directory String values from the BER encoding to the LDAP-specific
   encoding, the characters must be converted from the character
   encoding of the chosen alternative into the UTF-8 encoding.  These
   conversions SHOULD be done in a manner consistent with the Transcode
   step of the string preparation algorithms [RFC4518] for LDAP.

3.3.7.  DIT Content Rule Description

   A value of the DIT Content Rule Description syntax is the definition
   of a DIT (Directory Information Tree) content rule.  The LDAP-
   specific encoding of a value of this syntax is defined by the
   <DITContentRuleDescription> rule in [RFC4512].

      Example:
         ( 2.5.6.4 DESC 'content rule for organization'
            NOT ( x121Address $ telexNumber ) )

      Note: A line break has been added for readability; it is not part
      of the value.



Legg                        Standards Track                     [Page 9]

RFC 4517           LDAP: Syntaxes and Matching Rules           June 2006


   The LDAP definition for the DIT Content Rule Description syntax is:

      ( 1.3.6.1.4.1.1466.115.121.1.16
         DESC 'DIT Content Rule Description' )

   This syntax corresponds to the DITContentRuleDescription ASN.1 type
   from [X.501].

3.3.8.  DIT Structure Rule Description

   A value of the DIT Structure Rule Description syntax is the
   definition of a DIT structure rule.  The LDAP-specific encoding of a
   value of this syntax is defined by the <DITStructureRuleDescription>
   rule in [RFC4512].

      Example:
         ( 2 DESC 'organization structure rule' FORM 2.5.15.3 )

   The LDAP definition for the DIT Structure Rule Description syntax is:

      ( 1.3.6.1.4.1.1466.115.121.1.17
         DESC 'DIT Structure Rule Description' )

   This syntax corresponds to the DITStructureRuleDescription ASN.1 type
   from [X.501].

3.3.9.  DN

   A value of the DN syntax is the (purported) distinguished name (DN)
   of an entry [RFC4512].  The LDAP-specific encoding of a value of this
   syntax is defined by the <distinguishedName> rule from the string
   representation of distinguished names [RFC4514].

      Examples (from [RFC4514]):
         UID=jsmith,DC=example,DC=net
         OU=Sales+CN=J. Smith,DC=example,DC=net
         CN=John Smith\, III,DC=example,DC=net
         CN=Before\0dAfter,DC=example,DC=net
         1.3.6.1.4.1.1466.0=#04024869,DC=example,DC=com
         CN=Lu\C4\8Di\C4\87

   The LDAP definition for the DN syntax is:

      ( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'DN' )

   The DN syntax corresponds to the DistinguishedName ASN.1 type from
   [X.501].  Note that a BER encoded distinguished name (as used by
   X.500) re-encoded into the LDAP-specific encoding is not necessarily



Legg                        Standards Track                    [Page 10]

RFC 4517           LDAP: Syntaxes and Matching Rules           June 2006


   reversible to the original BER encoding since the chosen string type
   in any DirectoryString components of the distinguished name is not
   indicated in the LDAP-specific encoding of the distinguished name
   (see Section 3.3.6).

3.3.10.  Enhanced Guide

   A value of the Enhanced Guide syntax suggests criteria, which consist
   of combinations of attribute types and filter operators, to be used
   in constructing filters to search for entries of particular object
   classes.  The Enhanced Guide syntax improves upon the Guide syntax by
   allowing the recommended depth of the search to be specified.

   The LDAP-specific encoding of a value of this syntax is defined by
   the following ABNF:

      EnhancedGuide = object-class SHARP WSP criteria WSP
                         SHARP WSP subset
      object-class  = WSP oid WSP
      subset        = "baseobject" / "oneLevel" / "wholeSubtree"

      criteria   = and-term *( BAR and-term )
      and-term   = term *( AMPERSAND term )
      term       = EXCLAIM term /
                   attributetype DOLLAR match-type /
                   LPAREN criteria RPAREN /
                   true /
                   false
      match-type = "EQ" / "SUBSTR" / "GE" / "LE" / "APPROX"
      true       = "?true"
      false      = "?false"
      BAR        = %x7C  ; vertical bar ("|")
      AMPERSAND  = %x26  ; ampersand ("&")
      EXCLAIM    = %x21  ; exclamation mark ("!")

   The <SHARP>, <WSP>, <oid>, <LPAREN>, <RPAREN>, <attributetype>, and
   <DOLLAR> rules are defined in [RFC4512].

   The LDAP definition for the Enhanced Guide syntax is:

      ( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' )

      Example:
         person#(sn$EQ)#oneLevel

   The Enhanced Guide syntax corresponds to the EnhancedGuide ASN.1 type
   from [X.520].  The EnhancedGuide type references the Criteria ASN.1
   type, also from [X.520].  The <true> rule, above, represents an empty



Legg                        Standards Track                    [Page 11]

RFC 4517           LDAP: Syntaxes and Matching Rules           June 2006


   "and" expression in a value of the Criteria type.  The <false> rule,
   above, represents an empty "or" expression in a value of the Criteria
   type.

3.3.11.  Facsimile Telephone Number

   A value of the Facsimile Telephone Number syntax is a subscriber
   number of a facsimile device on the public switched telephone
   network.  The LDAP-specific encoding of a value of this syntax is
   defined by the following ABNF:

      fax-number       = telephone-number *( DOLLAR fax-parameter )
      telephone-number = PrintableString
      fax-parameter    = "twoDimensional" /
                         "fineResolution" /
                         "unlimitedLength" /
                         "b4Length" /
                         "a3Width" /
                         "b4Width" /
                         "uncompressed"

   The <telephone-number> is a string of printable characters that
   complies with the internationally agreed format for representing
   international telephone numbers [E.123].  The <PrintableString> rule
   is defined in Section 3.2.  The <DOLLAR> rule is defined in
   [RFC4512].

   The LDAP definition for the Facsimile Telephone Number syntax is:

      ( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'Facsimile Telephone Number')

   The Facsimile Telephone Number syntax corresponds to the
   FacsimileTelephoneNumber ASN.1 type from [X.520].

3.3.12.  Fax

   A value of the Fax syntax is an image that is produced using the
   Group 3 facsimile process [FAX] to duplicate an object, such as a
   memo.  The LDAP-specific encoding of a value of this syntax is the
   string of octets for a Group 3 Fax image as defined in [FAX].

   The LDAP definition for the Fax syntax is:

      ( 1.3.6.1.4.1.1466.115.121.1.23 DESC 'Fax' )

   The ASN.1 type corresponding to the Fax syntax is defined as follows,
   assuming EXPLICIT TAGS:




Legg                        Standards Track                    [Page 12]

RFC 4517           LDAP: Syntaxes and Matching Rules           June 2006


      Fax ::= CHOICE {
        g3-facsimile  [3] G3FacsimileBodyPart
      }

   The G3FacsimileBodyPart ASN.1 type is defined in [X.420].

3.3.13.  Generalized Time

   A value of the Generalized Time syntax is a character string
   representing a date and time.  The LDAP-specific encoding of a value
   of this syntax is a restriction of the format defined in [ISO8601],
   and is described by the following ABNF:

      GeneralizedTime = century year month day hour