rfc4517.txt

samba最新软件

   not generally human-readable.

   The LDAP definition for the Octet String syntax is:

      ( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'Octet String' )

   This syntax corresponds to the OCTET STRING ASN.1 type from [ASN.1].

3.3.26.  OID

   A value of the OID syntax is an object identifier: a sequence of two
   or more non-negative integers that uniquely identify some object or
   item of specification.  Many of the object identifiers used in LDAP
   also have IANA registered names [RFC4520].

   The LDAP-specific encoding of a value of this syntax is defined by
   the <oid> rule in [RFC4512].

      Examples:
         1.2.3.4
         cn

   The LDAP definition for the OID syntax is:




Legg                        Standards Track                    [Page 19]

RFC 4517           LDAP: Syntaxes and Matching Rules           June 2006


      ( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' )

   This syntax corresponds to the OBJECT IDENTIFIER ASN.1 type from
   [ASN.1].

3.3.27.  Other Mailbox

   A value of the Other Mailbox syntax identifies an electronic mailbox,
   in a particular named mail system.  The LDAP-specific encoding of a
   value of this syntax is defined by the following ABNF:

      OtherMailbox = mailbox-type DOLLAR mailbox
      mailbox-type = PrintableString
      mailbox      = IA5String

   The <mailbox-type> rule represents the type of mail system in which
   the mailbox resides (for example, "MCIMail"), and <mailbox> is the
   actual mailbox in the mail system described by <mailbox-type>.  The
   <PrintableString> and <IA5String> rules are defined in Section 3.2.
   The <DOLLAR> rule is defined in [RFC4512].

   The LDAP definition for the Other Mailbox syntax is:

      ( 1.3.6.1.4.1.1466.115.121.1.39 DESC 'Other Mailbox' )

   The ASN.1 type corresponding to the Other Mailbox syntax is defined
   as follows, assuming EXPLICIT TAGS:

      OtherMailbox ::= SEQUENCE {
          mailboxType  PrintableString,
          mailbox      IA5String
      }

3.3.28.  Postal Address

   A value of the Postal Address syntax is a sequence of strings of one
   or more arbitrary UCS characters, which form an address in a physical
   mail system.

   The LDAP-specific encoding of a value of this syntax is defined by
   the following ABNF:










Legg                        Standards Track                    [Page 20]

RFC 4517           LDAP: Syntaxes and Matching Rules           June 2006


      PostalAddress = line *( DOLLAR line )
      line          = 1*line-char
      line-char     = %x00-23
                      / (%x5C "24")  ; escaped "$"
                      / %x25-5B
                      / (%x5C "5C")  ; escaped "\"
                      / %x5D-7F
                      / UTFMB

   Each character string (i.e., <line>) of a postal address value is
   encoded as a UTF-8 [RFC3629] string, except that "\" and "$"
   characters, if they occur in the string, are escaped by a "\"
   character followed by the two hexadecimal digit code for the
   character.  The <DOLLAR> and <UTFMB> rules are defined in [RFC4512].

   Many servers limit the postal address to no more than six lines of no
   more than thirty characters each.

      Example:
         1234 Main St.$Anytown, CA 12345$USA
         \241,000,000 Sweepstakes$PO Box 1000000$Anytown, CA 12345$USA

   The LDAP definition for the Postal Address syntax is:

      ( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' )

   This syntax corresponds to the PostalAddress ASN.1 type from [X.520];
   that is

      PostalAddress ::= SEQUENCE SIZE(1..ub-postal-line) OF
          DirectoryString { ub-postal-string }

   The values of ub-postal-line and ub-postal-string (both integers) are
   implementation defined.  Non-normative definitions appear in [X.520].

3.3.29.  Printable String

   A value of the Printable String syntax is a string of one or more
   latin alphabetic, numeric, and selected punctuation characters as
   specified by the <PrintableCharacter> rule in Section 3.2.

   The LDAP-specific encoding of a value of this syntax is the
   unconverted string of characters, which conforms to the
   <PrintableString> rule in Section 3.2.

      Example:
         This is a PrintableString.




Legg                        Standards Track                    [Page 21]

RFC 4517           LDAP: Syntaxes and Matching Rules           June 2006


   The LDAP definition for the PrintableString syntax is:

      ( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' )

   This syntax corresponds to the PrintableString ASN.1 type from
   [ASN.1].

3.3.30.  Substring Assertion

   A value of the Substring Assertion syntax is a sequence of zero, one,
   or more character substrings used as an argument for substring
   extensible matching of character string attribute values; i.e., as
   the matchValue of a MatchingRuleAssertion [RFC4511].  Each substring
   is a string of one or more arbitrary characters from the Universal
   Character Set (UCS) [UCS].  A zero-length substring is not permitted.

   The LDAP-specific encoding of a value of this syntax is defined by
   the following ABNF:

      SubstringAssertion = [ initial ] any [ final ]

      initial  = substring
      any      = ASTERISK *(substring ASTERISK)
      final    = substring
      ASTERISK = %x2A  ; asterisk ("*")

      substring           = 1*substring-character
      substring-character = %x00-29
                            / (%x5C "2A")  ; escaped "*"
                            / %x2B-5B
                            / (%x5C "5C")  ; escaped "\"
                            / %x5D-7F
                            / UTFMB

   Each <substring> of a Substring Assertion value is encoded as a UTF-8
   [RFC3629] string, except that "\" and "*" characters, if they occur
   in the substring, are escaped by a "\" character followed by the two
   hexadecimal digit code for the character.

   The Substring Assertion syntax is used only as the syntax of
   assertion values in the extensible match.  It is not used as an
   attribute syntax, or in the SubstringFilter [RFC4511].

   The LDAP definition for the Substring Assertion syntax is:

      ( 1.3.6.1.4.1.1466.115.121.1.58 DESC 'Substring Assertion' )





Legg                        Standards Track                    [Page 22]

RFC 4517           LDAP: Syntaxes and Matching Rules           June 2006


   This syntax corresponds to the SubstringAssertion ASN.1 type from
   [X.520].

3.3.31.  Telephone Number

   A value of the Telephone Number syntax is a string of printable
   characters that complies with the internationally agreed format for
   representing international telephone numbers [E.123].

   The LDAP-specific encoding of a value of this syntax is the
   unconverted string of characters, which conforms to the
   <PrintableString> rule in Section 3.2.

      Examples:
         +1 512 315 0280
         +1-512-315-0280
         +61 3 9896 7830

   The LDAP definition for the Telephone Number syntax is:

      ( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'Telephone Number' )

   The Telephone Number syntax corresponds to the following ASN.1 type
   from [X.520]:

      PrintableString (SIZE(1..ub-telephone-number))

   The value of ub-telephone-number (an integer) is implementation
   defined.  A non-normative definition appears in [X.520].

3.3.32.  Teletex Terminal Identifier

   A value of this syntax specifies the identifier and (optionally)
   parameters of a teletex terminal.

   The LDAP-specific encoding of a value of this syntax is defined by
   the following ABNF:

      teletex-id = ttx-term *(DOLLAR ttx-param)
      ttx-term   = PrintableString          ; terminal identifier
      ttx-param  = ttx-key COLON ttx-value  ; parameter
      ttx-key    = "graphic" / "control" / "misc" / "page" / "private"
      ttx-value  = *ttx-value-octet

      ttx-value-octet = %x00-23
                        / (%x5C "24")  ; escaped "$"
                        / %x25-5B
                        / (%x5C "5C")  ; escaped "\"



Legg                        Standards Track                    [Page 23]

RFC 4517           LDAP: Syntaxes and Matching Rules           June 2006


                        / %x5D-FF

   The <PrintableString> and <COLON> rules are defined in Section 3.2.
   The <DOLLAR> rule is defined in [RFC4512].

   The LDAP definition for the Teletex Terminal Identifier syntax is:

      ( 1.3.6.1.4.1.1466.115.121.1.51
         DESC 'Teletex Terminal Identifier' )

   This syntax corresponds to the TeletexTerminalIdentifier ASN.1 type
   from [X.520].

3.3.33.  Telex Number

   A value of the Telex Number syntax specifies the telex number,
   country code, and answerback code of a telex terminal.

   The LDAP-specific encoding of a value of this syntax is defined by
   the following ABNF:

      telex-number  = actual-number DOLLAR country-code
                         DOLLAR answerback
      actual-number = PrintableString
      country-code  = PrintableString
      answerback    = PrintableString

   The <PrintableString> rule is defined in Section 3.2.  The <DOLLAR>
   rule is defined in [RFC4512].

   The LDAP definition for the Telex Number syntax is:

      ( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' )

   This syntax corresponds to the TelexNumber ASN.1 type from [X.520].

3.3.34.  UTC Time

   A value of the UTC Time syntax is a character string representing a
   date and time to a precision of one minute or one second.  The year
   is given as a two-digit number.  The LDAP-specific encoding of a
   value of this syntax follows the format defined in [ASN.1] for the
   UTCTime type and is described by the following ABNF:

      UTCTime         = year month day hour minute [ second ]
                           [ u-time-zone ]
      u-time-zone     = %x5A  ; "Z"
                        / u-differential



Legg                        Standards Track                    [Page 24]

RFC 4517           LDAP: Syntaxes and Matching Rules           June 2006


      u-differential  = ( MINUS / PLUS ) hour minute

   The <year>, <month>, <day>, <hour>, <minute>, <second>, and <MINUS>
   rules are defined in Section 3.3.13.  The <PLUS> rule is defined in
   [RFC4512].

   The above ABNF allows character strings that do not represent valid
   dates (in the Gregorian calendar) and/or valid times.  Such character
   strings SHOULD be considered invalid for this syntax.

   The time value represents coordinated universal time if the "Z" form
   of <u-time-zone> is used; otherwise, the value represents a local
   time.  In the latter case, if <u-differential> is provided, then
   coordinated universal time can be calculated by subtracting the
   differential from the local time.  The <u-time-zone> SHOULD be
   present in time values, and the "Z" form of <u-time-zone> SHOULD be
   used in preference to <u-differential>.

   The LDAP definition for the UTC Time syntax is:

      ( 1.3.6.1.4.1.1466.115.121.1.53 DESC 'UTC Time' )

   Note: This syntax is deprecated in favor of the Generalized Time
   syntax.

   The UTC Time syntax corresponds to the UTCTime ASN.1 type from
   [ASN.1].

4.  Matching Rules

   Matching rules are used by directory implementations to compare
   attribute values against assertion values when performing Search and
   Compare operations [RFC4511].  They are also used when comparing a
   purported distinguished name [RFC4512] with the name of an entry.