📄 rfc4519.txt
字号:
Network Working Group A. Sciberras, Ed.Request for Comments: 4519 eB2BcomObsoletes: 2256 June 2006Updates: 2247, 2798, 2377Category: Standards Track Lightweight Directory Access Protocol (LDAP): Schema for User ApplicationsStatus of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.Copyright Notice Copyright (C) The Internet Society (2006).Abstract This document is an integral part of the Lightweight Directory Access Protocol (LDAP) technical specification. It provides a technical specification of attribute types and object classes intended for use by LDAP directory clients for many directory services, such as White Pages. These objects are widely used as a basis for the schema in many LDAP directories. This document does not cover attributes used for the administration of directory servers, nor does it include directory objects defined for specific uses in other documents.Sciberras Standards Track [Page 1]
RFC 4519 LDAP: Schema for User Applications June 2006Table of Contents 1. Introduction ....................................................3 1.1. Relationship with Other Specifications .....................3 1.2. Conventions ................................................4 1.3. General Issues .............................................4 2. Attribute Types .................................................4 2.1. 'businessCategory' .........................................5 2.2. 'c' ........................................................5 2.3. 'cn' .......................................................5 2.4. 'dc' .......................................................6 2.5. 'description' ..............................................6 2.6. 'destinationIndicator' .....................................7 2.7. 'distinguishedName' ........................................7 2.8. 'dnQualifier' ..............................................8 2.9. 'enhancedSearchGuide' ......................................8 2.10. 'facsimileTelephoneNumber' ................................9 2.11. 'generationQualifier' .....................................9 2.12. 'givenName' ...............................................9 2.13. 'houseIdentifier' .........................................9 2.14. 'initials' ...............................................10 2.15. 'internationalISDNNumber' ................................10 2.16. 'l' ......................................................10 2.17. 'member' .................................................11 2.18. 'name' ...................................................11 2.19. 'o' ......................................................11 2.20. 'ou' .....................................................12 2.21. 'owner' ..................................................12 2.22. 'physicalDeliveryOfficeName' .............................12 2.23. 'postalAddress' ..........................................13 2.24. 'postalCode' .............................................13 2.25. 'postOfficeBox' ..........................................14 2.26. 'preferredDeliveryMethod' ................................14 2.27. 'registeredAddress' ......................................14 2.28. 'roleOccupant' ...........................................15 2.29. 'searchGuide' ............................................15 2.30. 'seeAlso' ................................................15 2.31. 'serialNumber' ...........................................16 2.32. 'sn' .....................................................16 2.33. 'st' .....................................................16 2.34. 'street' .................................................17 2.35. 'telephoneNumber' ........................................17 2.36. 'teletexTerminalIdentifier' ..............................17 2.37. 'telexNumber' ............................................18 2.38. 'title' ..................................................18 2.39. 'uid' ....................................................18 2.40. 'uniqueMember' ...........................................19 2.41. 'userPassword' ...........................................19Sciberras Standards Track [Page 2]
RFC 4519 LDAP: Schema for User Applications June 2006 2.42. 'x121Address' ............................................20 2.43. 'x500UniqueIdentifier' ...................................20 3. Object Classes .................................................20 3.1. 'applicationProcess' ......................................21 3.2. 'country' .................................................21 3.3. 'dcObject' ................................................21 3.4. 'device' ..................................................21 3.5. 'groupOfNames' ............................................22 3.6. 'groupOfUniqueNames' ......................................22 3.7. 'locality' ................................................23 3.8. 'organization' ............................................23 3.9. 'organizationalPerson' ....................................24 3.10. 'organizationalRole' .....................................24 3.11. 'organizationalUnit' .....................................24 3.12. 'person' .................................................25 3.13. 'residentialPerson' ......................................25 3.14. 'uidObject' ..............................................26 4. IANA Considerations ............................................26 5. Security Considerations ........................................28 6. Acknowledgements ...............................................28 7. References .....................................................29 7.1. Normative References ......................................29 7.2. Informative References ....................................30 Appendix A Changes Made Since RFC 2256 ...........................321. Introduction This document provides an overview of attribute types and object classes intended for use by Lightweight Directory Access Protocol (LDAP) directory clients for many directory services, such as White Pages. Originally specified in the X.500 [X.500] documents, these objects are widely used as a basis for the schema in many LDAP directories. This document does not cover attributes used for the administration of directory servers, nor does it include directory objects defined for specific uses in other documents.1.1. Relationship with Other Specifications This document is an integral part of the LDAP technical specification [RFC4510], which obsoletes the previously defined LDAP technical specification, RFC 3377, in its entirety. In terms of RFC 2256, Sections 6 and 8 of RFC 2256 are obsoleted by [RFC4517]. Sections 5.1, 5.2, 7.1, and 7.2 of RFC 2256 are obsoleted by [RFC4512]. The remainder of RFC 2256 is obsoleted by this document. The technical specification for the 'dc' attribute type and 'dcObject' object class found in RFC 2247 are superseded by sections 2.4 and 3.3 of this document. The remainder of RFC 2247 remains in force.Sciberras Standards Track [Page 3]
RFC 4519 LDAP: Schema for User Applications June 2006 This document updates RFC 2798 by replacing the informative description of the 'uid' attribute type with the definitive description provided in Section 2.39 of this document. This document updates RFC 2377 by replacing the informative description of the 'uidObject' object class with the definitive description provided in Section 3.14 of this document. A number of schema elements that were included in the previous revision of the LDAP Technical Specification are not included in this revision of LDAP. PKI-related schema elements are now specified in [RFC4523]. Unless reintroduced in future technical specifications, the remainder are to be considered Historic. The descriptions in this document SHALL be considered definitive for use in LDAP.1.2. Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].1.3. General Issues This document references Syntaxes defined in Section 3 of [RFC4517] and Matching Rules defined in Section 4 of [RFC4517]. The definitions of Attribute Types and Object Classes are written using the Augmented Backus-Naur Form (ABNF) [RFC4234] of AttributeTypeDescription and ObjectClassDescription given in [RFC4512]. Lines have been folded for readability. When such values are transferred as attribute values in the LDAP Protocol, the values will not contain line breaks.2. Attribute Types The attribute types contained in this section hold user information. There is no requirement that servers implement the 'searchGuide' and 'teletexTerminalIdentifier' attribute types. In fact, their use is greatly discouraged. An LDAP server implementation SHOULD recognize the rest of the attribute types described in this section.Sciberras Standards Track [Page 4]
RFC 4519 LDAP: Schema for User Applications June 20062.1. 'businessCategory' The 'businessCategory' attribute type describes the kinds of business performed by an organization. Each kind is one value of this multi-valued attribute. (Source: X.520 [X.520]) ( 2.5.4.15 NAME 'businessCategory' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax [RFC4517]. Examples: "banking", "transportation", and "real estate".2.2. 'c' The 'c' ('countryName' in X.500) attribute type contains a two-letter ISO 3166 [ISO3166] country code. (Source: X.520 [X.520]) ( 2.5.4.6 NAME 'c' SUP name SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 SINGLE-VALUE ) 1.3.6.1.4.1.1466.115.121.1.11 refers to the Country String syntax [RFC4517]. Examples: "DE", "AU" and "FR".2.3. 'cn' The 'cn' ('commonName' in X.500) attribute type contains names of an object. Each name is one value of this multi-valued attribute. If the object corresponds to a person, it is typically the person's full name. (Source: X.520 [X.520]) ( 2.5.4.3 NAME 'cn' SUP name ) Examples: "Martin K Smith", "Marty Smith" and "printer12".Sciberras Standards Track [Page 5]
RFC 4519 LDAP: Schema for User Applications June 20062.4. 'dc' The 'dc' ('domainComponent' in RFC 1274) attribute type is a string holding one component, a label, of a DNS domain name [RFC1034][RFC2181] naming a host [RFC1123]. That is, a value of this attribute is a string of ASCII characters adhering to the following ABNF [RFC4234]: label = (ALPHA / DIGIT) [*61(ALPHA / DIGIT / HYPHEN) (ALPHA / DIGIT)] ALPHA = %x41-5A / %x61-7A ; "A"-"Z" / "a"-"z" DIGIT = %x30-39 ; "0"-"9" HYPHEN = %x2D ; hyphen ("-") The encoding of IA5String for use in LDAP is simply the characters of the ASCII label. The equality matching rule is case insensitive, as is today's DNS. (Source: RFC 2247 [RFC2247] and RFC 1274 [RFC 1274]) ( 0.9.2342.19200300.100.1.25 NAME 'dc' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 1.3.6.1.4.1.1466.115.121.1.26 refers to the IA5 String syntax [RFC4517]. Examples: Valid values include "example" and "com" but not "example.com". The latter is invalid as it contains multiple domain components. It is noted that the directory service will not ensure that values of this attribute conform to the host label restrictions [RFC1123] illustrated by the <label> production provided above. It is the directory client's responsibility to ensure that the labels it stores in this attribute are appropriately restricted. Directory applications supporting International Domain Names SHALL use the ToASCII method [RFC3490] to produce the domain component label. The special considerations discussed in Section 4 of RFC 3490 [RFC3490] should be taken, depending on whether the domain component is used for "stored" or "query" purposes.2.5. 'description' The 'description' attribute type contains human-readable descriptive phrases about the object. Each description is one value of this multi-valued attribute. (Source: X.520 [X.520])Sciberras Standards Track [Page 6]
RFC 4519 LDAP: Schema for User Applications June 2006 ( 2.5.4.13 NAME 'description' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax [RFC4517]. Examples: "a color printer", "Maintenance is done every Monday, at 1pm.", and "distribution list for all technical staff".2.6. 'destinationIndicator' The 'destinationIndicator' attribute type contains country and city strings associated with the object (the addressee) needed to provide the Public Telegram Service. The strings are composed in accordance with CCITT Recommendations F.1 [F.1] and F.31 [F.31]. Each string is one value of this multi-valued attribute. (Source: X.520 [X.520]) ( 2.5.4.27 NAME 'destinationIndicator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) 1.3.6.1.4.1.1466.115.121.1.44 refers to the Printable String syntax [RFC4517]. Examples: "AASD" as a destination indicator for Sydney, Australia. "GBLD" as a destination indicator for London, United Kingdom. It is noted that the directory will not ensure that values of this attribute conform to the F.1 and F.31 CCITT Recommendations. It is the application's responsibility to ensure destination indicators that it stores in this attribute are appropriately constructed.2.7. 'distinguishedName' The 'distinguishedName' attribute type is not used as the name of the object itself, but it is instead a base type from which some user attribute types with a DN syntax can inherit. It is unlikely that values of this type itself will occur in an entry. LDAP server implementations that do not support attribute subtyping need not recognize this attribute in requests. Client implementations MUST NOT assume that LDAP servers are capable of performing attribute subtyping.⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -