📄 rfc4519.txt
字号:
RFC 4519 LDAP: Schema for User Applications June 2006 ( 2.5.6.14 NAME 'device' SUP top STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )3.5. 'groupOfNames' The 'groupOfNames' object class is the basis of an entry that represents a set of named objects including information related to the purpose or maintenance of the set. (Source: X.521 [X.521]) ( 2.5.6.9 NAME 'groupOfNames' SUP top STRUCTURAL MUST ( member $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )3.6. 'groupOfUniqueNames' The 'groupOfUniqueNames' object class is the same as the 'groupOfNames' object class except that the object names are not repeated or reassigned within a set scope. (Source: X.521 [X.521])Sciberras Standards Track [Page 22]
RFC 4519 LDAP: Schema for User Applications June 2006 ( 2.5.6.17 NAME 'groupOfUniqueNames' SUP top STRUCTURAL MUST ( uniqueMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )3.7. 'locality' The 'locality' object class is the basis of an entry that represents a place in the physical world. (Source: X.521 [X.521]) ( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )3.8. 'organization' The 'organization' object class is the basis of an entry that represents a structured group of people. (Source: X.521 [X.521]) ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )Sciberras Standards Track [Page 23]
RFC 4519 LDAP: Schema for User Applications June 20063.9. 'organizationalPerson' The 'organizationalPerson' object class is the basis of an entry that represents a person in relation to an organization. (Source: X.521 [X.521]) ( 2.5.6.7 NAME 'organizationalPerson' SUP person STRUCTURAL MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )3.10. 'organizationalRole' The 'organizationalRole' object class is the basis of an entry that represents a job, function, or position in an organization. (Source: X.521 [X.521]) ( 2.5.6.8 NAME 'organizationalRole' SUP top STRUCTURAL MUST cn MAY ( x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )3.11. 'organizationalUnit' The 'organizationalUnit' object class is the basis of an entry that represents a piece of an organization. (Source: X.521 [X.521])Sciberras Standards Track [Page 24]
RFC 4519 LDAP: Schema for User Applications June 2006 ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST ou MAY ( businessCategory $ description $ destinationIndicator $ facsimileTelephoneNumber $ internationalISDNNumber $ l $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ preferredDeliveryMethod $ registeredAddress $ searchGuide $ seeAlso $ st $ street $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ userPassword $ x121Address ) )3.12 'person' The 'person' object class is the basis of an entry that represents a human being. (Source: X.521 [X.521]) ( 2.5.6.6 NAME 'person' SUP top STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )3.13. 'residentialPerson' The 'residentialPerson' object class is the basis of an entry that includes a person's residence in the representation of the person. (Source: X.521 [X.521]) ( 2.5.6.10 NAME 'residentialPerson' SUP person STRUCTURAL MUST l MAY ( businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l ) )Sciberras Standards Track [Page 25]
RFC 4519 LDAP: Schema for User Applications June 20063.14. 'uidObject' The 'uidObject' object class permits an entry to contains user identification information. This object class is defined as auxiliary, because it will be used in conjunction with an existing structural object class. (Source: RFC 2377 [RFC2377]) ( 1.3.6.1.1.3.1 NAME 'uidObject' SUP top AUXILIARY MUST uid )4. IANA Considerations The Internet Assigned Numbers Authority (IANA) has updated the LDAP descriptors registry as indicated in the following template: Subject: Request for LDAP Descriptor Registration Update Descriptor (short name): see comments Object Identifier: see comments Person & email address to contact for further information: Andrew Sciberras <andrew.sciberras@eb2bcom.com> Usage: (A = attribute type, O = Object Class) see comment Specification: RFC 4519 Author/Change Controller: IESG Comments In the LDAP descriptors registry, the following descriptors (short names) have been updated to refer to RFC 4519. Names that need to be reserved, rather than assigned to an Object Identifier, will contain an Object Identifier value of RESERVED. NAME Type OID ------------------------ ---- ---------------------------- applicationProcess O 2.5.6.11 businessCategory A 2.5.4.15 c A 2.5.4.6 cn A 2.5.4.3 commonName A 2.5.4.3 country O 2.5.6.2 countryName A 2.5.4.6 dc A 0.9.2342.19200300.100.1.25 dcObject O 1.3.6.1.4.1.1466.344 description A 2.5.4.13 destinationIndicator A 2.5.4.27 device O 2.5.6.14Sciberras Standards Track [Page 26]
RFC 4519 LDAP: Schema for User Applications June 2006 NAME Type OID ------------------------ ---- ---------------------------- distinguishedName A 2.5.4.49 dnQualifier A 2.5.4.46 domainComponent A 0.9.2342.19200300.100.1.25 enhancedSearchGuide A 2.5.4.47 facsimileTelephoneNumber A 2.5.4.23 generationQualifier A 2.5.4.44 givenName A 2.5.4.42 gn A RESERVED groupOfNames O 2.5.6.9 groupOfUniqueNames O 2.5.6.17 houseIdentifier A 2.5.4.51 initials A 2.5.4.43 internationalISDNNumber A 2.5.4.25 l A 2.5.4.7 locality O 2.5.6.3 localityName A 2.5.4.7 member A 2.5.4.31 name A 2.5.4.41 o A 2.5.4.10 organization O 2.5.6.4 organizationName A 2.5.4.10 organizationalPerson O 2.5.6.7 organizationalRole O 2.5.6.8 organizationalUnit O 2.5.6.5 organizationalUnitName A 2.5.4.11 ou A 2.5.4.11 owner A 2.5.4.32 person O 2.5.6.6 physicalDeliveryOfficeName A 2.5.4.19 postalAddress A 2.5.4.16 postalCode A 2.5.4.17 postOfficeBox A 2.5.4.18 preferredDeliveryMethod A 2.5.4.28 registeredAddress A 2.5.4.26 residentialPerson O 2.5.6.10 roleOccupant A 2.5.4.33 searchGuide A 2.5.4.14 seeAlso A 2.5.4.34 serialNumber A 2.5.4.5 sn A 2.5.4.4 st A 2.5.4.8 street A 2.5.4.9 surname A 2.5.4.4 telephoneNumber A 2.5.4.20 teletexTerminalIdentifier A 2.5.4.22 telexNumber A 2.5.4.21Sciberras Standards Track [Page 27]
RFC 4519 LDAP: Schema for User Applications June 2006 NAME Type OID ------------------------ ---- ---------------------------- title A 2.5.4.12 uid A 0.9.2342.19200300.100.1.1 uidObject O 1.3.6.1.1.3.1 uniqueMember A 2.5.4.50 userid A 0.9.2342.19200300.100.1.1 userPassword A 2.5.4.35 x121Address A 2.5.4.24 x500UniqueIdentifier A 2.5.4.455. Security Considerations Attributes of directory entries are used to provide descriptive information about the real-world objects they represent, which can be people, organizations, or devices. Most countries have privacy laws regarding the publication of information about people. Transfer of cleartext passwords is strongly discouraged where the underlying transport service cannot guarantee confidentiality and integrity, since this may result in disclosure of the password to unauthorized parties. Multiple attribute values for the 'userPassword' attribute need to be used with care. Especially reset/deletion of a password by an administrator without knowing the old user password gets tricky or impossible if multiple values for different applications are present. Certainly, applications that intend to replace the 'userPassword' value(s) with new value(s) should use modify/replaceValues (or modify/deleteAttribute+addAttribute). In addition, server implementations are encouraged to provide administrative controls that, if enabled, restrict the 'userPassword' attribute to one value. Note that when used for authentication purposes [RFC4513], the user need only prove knowledge of one of the values, not all of the values.6. Acknowledgements The definitions, on which this document is based, have been developed by committees for telecommunications and international standards. This document is an update of RFC 2256 by Mark Wahl. RFC 2256 was a product of the IETF ASID Working Group.Sciberras Standards Track [Page 28]
RFC 4519 LDAP: Schema for User Applications June 2006⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -