rfc4524.txt

samba最新软件

Network Working Group                                   K. Zeilenga, Ed.
Request for Comments: 4524                           OpenLDAP Foundation
Obsoletes: 1274                                                June 2006
Updates: 2247, 2798
Category: Standards Track


                        COSINE LDAP/X.500 Schema

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   This document provides a collection of schema elements for use with
   the Lightweight Directory Access Protocol (LDAP) from the COSINE and
   Internet X.500 pilot projects.

   This document obsoletes RFC 1274 and updates RFCs 2247 and 2798.

Table of Contents

   1. Introduction ....................................................3
      1.1. Relationship to Other Documents ............................3
      1.2. Terminology and Conventions ................................4
   2. COSINE Attribute Types ..........................................4
      2.1. associatedDomain ...........................................4
      2.2. associatedName .............................................5
      2.3. buildingName ...............................................5
      2.4. co .........................................................5
      2.5. documentAuthor .............................................6
      2.6. documentIdentifier .........................................6
      2.7. documentLocation ...........................................6
      2.8. documentPublisher ..........................................7
      2.9. documentTitle ..............................................7
      2.10. documentVersion ...........................................7
      2.11. drink .....................................................8
      2.12. homePhone .................................................8
      2.13. homePostalAddress .........................................8



Zeilenga                    Standards Track                     [Page 1]

RFC 4524                COSINE LDAP/X.500 Schema               June 2006


      2.14. host ......................................................9
      2.15. info ......................................................9
      2.16. mail ......................................................9
      2.17. manager ..................................................10
      2.18. mobile ...................................................10
      2.19. organizationalStatus .....................................11
      2.20. pager ....................................................11
      2.21. personalTitle ............................................11
      2.22. roomNumber ...............................................12
      2.23. secretary ................................................12
      2.24. uniqueIdentifier .........................................12
      2.25. userClass ................................................13
   3. COSINE Object Classes ..........................................13
      3.1. account ...................................................13
      3.2. document ..................................................14
      3.3. documentSeries ............................................14
      3.4. domain ....................................................15
      3.5. domainRelatedObject .......................................16
      3.6. friendlyCountry ...........................................16
      3.7. rFC822LocalPart ...........................................17
      3.8. room ......................................................18
      3.9. simpleSecurityObject ......................................18
   4. Security Considerations ........................................18
   5. IANA Considerations ............................................19
   6. Acknowledgements ...............................................20
   7. References .....................................................20
      7.1. Normative References ......................................20
      7.2. Informative References ....................................21
   Appendix A.  Changes since RFC 1274 ...............................23
      A.1.  LDAP Short Names .........................................23
      A.2.  pilotObject ..............................................23
      A.3.  pilotPerson ..............................................23
      A.4.  dNSDomain ................................................24
      A.5.  pilotDSA and qualityLabelledData .........................24
      A.6.  Attribute Syntaxes .......................................24
   Appendix B.  Changes since RFC 2247 ...............................24















Zeilenga                    Standards Track                     [Page 2]

RFC 4524                COSINE LDAP/X.500 Schema               June 2006


1.  Introduction

   In the late 1980s, X.500 Directory Services were standardized by the
   CCITT (Commite' Consultatif International de Telegraphique et
   Telephonique), now a part of the ITU (International Telephone Union).
   This lead to Directory Service piloting activities in the early
   1990s, including the COSINE (Co-operation and Open Systems
   Interconnection in Europe) PARADISE Project pilot [COSINEpilot] in
   Europe.  Motivated by needs for large-scale directory pilots, RFC
   1274 was published to standardize the directory schema and naming
   architecture for use in the COSINE and other Internet X.500 pilots
   [RFC1274].

   In the years that followed, X.500 Directory Services have evolved to
   incorporate new capabilities and even new protocols.  In particular,
   the Lightweight Directory Access Protocol (LDAP) [RFC4510] was
   introduced in the early 1990s [RFC1487], with Version 3 of LDAP
   introduced in the late 1990s [RFC2251] and subsequently revised in
   2005 [RFC4510].

   While much of the material in RFC 1274 has been superceded by
   subsequently published ITU-T Recommendations and IETF RFCs, many of
   the schema elements lack standardized schema descriptions for use in
   modern X.500 and LDAP directory services despite the fact that these
   schema elements are in wide use today.  As the old schema
   descriptions cannot be used without adaptation, interoperability
   issues may arise due to lack of standardized modern schema
   descriptions.

   This document addresses these issues by offering standardized schema
   descriptions, where needed, for widely used COSINE schema elements.

1.1.  Relationship to Other Documents

   This document, together with [RFC4519] and [RFC4517], obsoletes RFC
   1274 in its entirety.  [RFC4519] replaces Sections 9.3.1 (Userid) and
   9.3.21 (Domain Component) of RFC 1274.  [RFC4517] replaces Section
   9.4 (Generally useful syntaxes) of RFC 1274.

   This document replaces the remainder of RFC 1274.  Appendix A
   discusses changes since RFC 1274, as well as why certain schema
   elements were not brought forward in this revision of the COSINE
   schema.  All elements not brought are to be regarded as Historic.

   The description of the 'domain' object class provided in this
   document supercedes that found in RFC 2247.  That is, Section 3.4 of
   this document replaces Section 5.2 of [RFC2247].




Zeilenga                    Standards Track                     [Page 3]

RFC 4524                COSINE LDAP/X.500 Schema               June 2006


   Some of the schema elements specified here were described in RFC 2798
   (inetOrgPerson schema).  This document supersedes these descriptions.
   This document, together with [RFC4519], replaces Section 9.1.3 of RFC
   2798.

1.2.  Terminology and Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in BCP 14 [RFC2119].

   DIT stands for Directory Information Tree.
   DN stands for Distinguished Name.
   DSA stands for Directory System Agent, a server.
   DSE stands for DSA-Specific Entry.
   DUA stands for Directory User Agent, a client.

   These terms are discussed in [RFC4512].

   Schema definitions are provided using LDAP description formats
   [RFC4512].  Definitions provided here are formatted (line wrapped)
   for readability.

2.  COSINE Attribute Types

   This section details COSINE attribute types for use in LDAP.

2.1.  associatedDomain

   The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181]
   host names [RFC1123] that are associated with an object.   That is,
   values of this attribute should conform to the following ABNF:

    domain = root / label *( DOT label )
    root   = SPACE
    label  = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ]
    LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z"
    SPACE  = %x20                        ; space (" ")
    HYPHEN = %x2D                        ; hyphen ("-")
    DOT    = %x2E                        ; period (".")

   For example, the entry in the DIT with a DN <DC=example,DC=com> might
   have an associated domain of "example.com".

      ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
        EQUALITY caseIgnoreIA5Match
        SUBSTR caseIgnoreIA5SubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )



Zeilenga                    Standards Track                     [Page 4]

RFC 4524                COSINE LDAP/X.500 Schema               June 2006


   The IA5String (1.3.6.1.4.1.1466.115.121.1.26) syntax and the
   'caseIgnoreIA5Match' and 'caseIgnoreIA5SubstringsMatch' rules are
   described in [RFC4517].

   Note that the directory will not ensure that values of this attribute
   conform to the <domain> production provided above.  It is the
   application's responsibility to ensure that domains it stores in this
   attribute are appropriately represented.

   Also note that applications supporting Internationalized Domain Names
   SHALL use the ToASCII method [RFC3490] to produce <label> components
   of the <domain> production.

2.2.  associatedName

   The 'associatedName' attribute specifies names of entries in the
   organizational DIT associated with a DNS domain [RFC1034][RFC2181].

      ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
        EQUALITY distinguishedNameMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )

   The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
   'distinguishedNameMatch' rule are described in [RFC4517].

2.3.  buildingName

   The 'buildingName' attribute specifies names of the buildings where
   an organization or organizational unit is based, for example, "The
   White House".

      ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

   The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
   'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
   in [RFC4517].

2.4.  co

   The 'co' (Friendly Country Name) attribute specifies names of
   countries in human-readable format, for example, "Germany" and
   "Federal Republic of Germany".  It is commonly used in conjunction
   with the 'c' (Country Name) [RFC4519] attribute (whose values are
   restricted to the two-letter codes defined in [ISO3166]).




Zeilenga                    Standards Track                     [Page 5]

RFC 4524                COSINE LDAP/X.500 Schema               June 2006


      ( 0.9.2342.19200300.100.1.43 NAME 'co'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

   The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
   'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
   in [RFC4517].

2.5.  documentAuthor

   The 'documentAuthor' attribute specifies the distinguished names of
   authors (or editors) of a document.  For example,

      ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
        EQUALITY distinguishedNameMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )

   The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax and the
   'distinguishedNameMatch' rule are described in [RFC4517].

2.6.  documentIdentifier

   The 'documentIdentifier' attribute specifies unique identifiers for a
   document.  A document may be identified by more than one unique
   identifier.  For example, RFC 3383 and BCP 64 are unique identifiers
   that (presently) refer to the same document.

      ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

   The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
   'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
   in [RFC4517].

2.7.  documentLocation

   The 'documentLocation' attribute specifies locations of the document
   original.

      ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )





Zeilenga                    Standards Track                     [Page 6]

RFC 4524                COSINE LDAP/X.500 Schema               June 2006


   The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the
   'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
   in [RFC4517].

2.8.  documentPublisher

   The 'documentPublisher' attribute is the persons and/or organizations
   that published the document.  Documents that are jointly published
   have one value for each publisher.