rfc4524.txt

samba最新软件

   'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described
   in [RFC4517].

3.  COSINE Object Classes

   This section details COSINE object classes for use in LDAP.

3.1.  account

   The 'account' object class is used to define entries representing
   computer accounts.  The 'uid' attribute SHOULD be used for naming
   entries of this object class.

      ( 0.9.2342.19200300.100.4.5 NAME 'account'
        SUP top STRUCTURAL
        MUST uid
        MAY ( description $ seeAlso $ l $ o $ ou $ host ) )

   The 'top' object class is described in [RFC4512].  The 'description',
   'seeAlso', 'l', 'o', 'ou', and 'uid' attribute types are described in
   [RFC4519].  The 'host' attribute type is described in Section 2 of
   this document.





Zeilenga                    Standards Track                    [Page 13]

RFC 4524                COSINE LDAP/X.500 Schema               June 2006


   3.3.  documentSeriesExample:

      dn: uid=kdz,cn=Accounts,dc=Example,dc=COM
      objectClass: account
      uid: kdz
      seeAlso: cn=Kurt D. Zeilenga,cn=Persons,dc=Example,dc=COM

3.2.  document

   The 'document' object class is used to define entries that represent
   documents.

      ( 0.9.2342.19200300.100.4.6 NAME 'document'
        SUP top STRUCTURAL
        MUST documentIdentifier
        MAY ( cn $ description $ seeAlso $ l $ o $ ou $
          documentTitle $ documentVersion $ documentAuthor $
          documentLocation $ documentPublisher ) )

   The 'top' object class is described in [RFC4512].  The 'cn',
   'description', 'seeAlso', 'l', 'o', and 'ou' attribute types are
   described in [RFC4519].  The 'documentIdentifier', 'documentTitle',
   'documentVersion', 'documentAuthor', 'documentLocation', and
   'documentPublisher' attribute types are described in Section 2 of
   this document.

   Example:

      dn: documentIdentifier=RFC 4524,cn=RFC,dc=Example,dc=COM
      objectClass: document
      documentIdentifier: RFC 4524
      documentTitle: COSINE LDAP/X.500 Schema
      documentAuthor: cn=Kurt D. Zeilenga,cn=Persons,dc=Example,dc=COM
      documentLocation: http://www.rfc-editor.org/rfc/rfc4524.txt
      documentPublisher: Internet Engineering Task Force
      description: A collection of schema elements for use in LDAP
      description: Obsoletes RFC 1274
      seeAlso: documentIdentifier=RFC 4510,cn=RFC,dc=Example,dc=COM
      seeAlso: documentIdentifier=RFC 1274,cn=RFC,dc=Example,dc=COM

3.3.  documentSeries

   The 'documentSeries' object class is used to define an entry that
   represents a series of documents (e.g., The Request For Comments
   memos).






Zeilenga                    Standards Track                    [Page 14]

RFC 4524                COSINE LDAP/X.500 Schema               June 2006


      ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries'
        SUP top STRUCTURAL
        MUST cn
        MAY ( description $ l $ o $ ou $ seeAlso $
          telephonenumber ) )

   The 'top' object class is described in [RFC4512].  The 'description',
   'l', 'o', 'ou', 'seeAlso', and 'telephoneNumber' attribute types are
   described in [RFC4519].

   Example:

      dn: cn=RFC,dc=Example,dc=COM
      objectClass: documentSeries
      cn: Request for Comments
      cn: RFC
      description: a series of memos about the Internet

3.4.  domain

   The 'domain' object class is used to define entries that represent
   DNS domains for objects that are not organizations, organizational
   units, or other kinds of objects more appropriately defined using an
   object class specific to the kind of object being defined (e.g.,
   'organization', 'organizationUnit').

   The 'dc' attribute should be used for naming entries of the 'domain'
   object class.

      ( 0.9.2342.19200300.100.4.13 NAME 'domain'
        SUP top STRUCTURAL
        MUST dc
        MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
          x121Address $ registeredAddress $ destinationIndicator $
          preferredDeliveryMethod $ telexNumber $
          teletexTerminalIdentifier $ telephoneNumber $
          internationaliSDNNumber $ facsimileTelephoneNumber $ street $
          postOfficeBox $ postalCode $ postalAddress $
          physicalDeliveryOfficeName $ st $ l $ description $ o $
          associatedName ) )

   The 'top' object class and the 'dc', 'userPassword', 'searchGuide',
   'seeAlso', 'businessCategory', 'x121Address', 'registeredAddress',
   'destinationIndicator', 'preferredDeliveryMethod', 'telexNumber',
   'teletexTerminalIdentifier', 'telephoneNumber',
   'internationaliSDNNumber', 'facsimileTelephoneNumber', 'street',
   'postOfficeBox', 'postalCode', 'postalAddress',
   'physicalDeliveryOfficeName', 'st', 'l', 'description', and 'o' types



Zeilenga                    Standards Track                    [Page 15]

RFC 4524                COSINE LDAP/X.500 Schema               June 2006


   are described in [RFC4519].  The 'associatedName' attribute type is
   described in Section 2 of this document.

   Example:

      dn: dc=com
      objectClass: domain
      dc: com
      description: the .COM TLD

3.5.  domainRelatedObject

   The 'domainRelatedObject' object class is used to define entries that
   represent DNS domains that are "equivalent" to an X.500 domain, e.g.,
   an organization or organizational unit.

      ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
        SUP top AUXILIARY
        MUST associatedDomain )

   The 'top' object class is described in [RFC4512].  The
   'associatedDomain' attribute type is described in Section 2 of this
   document.

   Example:

      dn: dc=example,dc=com
      objectClass: organization
      objectClass: dcObject
      objectClass: domainRelatedObject
      dc: example
      associatedDomain: example.com
      o: Example Organization

   The 'organization' and 'dcObject' object classes and the 'dc' and 'o'
   attribute types are described in [RFC4519].

3.6.  friendlyCountry

   The 'friendlyCountry' object class is used to define entries
   representing countries in the DIT.  The object class is used to allow
   friendlier naming of countries than that allowed by the object class
   'country' [RFC4519].

      ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry'
        SUP country STRUCTURAL
        MUST co )




Zeilenga                    Standards Track                    [Page 16]

RFC 4524                COSINE LDAP/X.500 Schema               June 2006


   The 'country' object class is described in [RFC4519].  The 'co'
   attribute type is described in Section 2 of this document.

   Example:

      dn: c=DE
      objectClass: country
      objectClass: friendlyCountry
      c: DE
      co: Deutschland
      co: Germany
      co: Federal Republic of Germany
      co: FRG

   The 'c' attribute type is described in [RFC4519].

3.7.  rFC822LocalPart

   The 'rFC822LocalPart' object class is used to define entries that
   represent the local part of Internet mail addresses [RFC2822].  This
   treats the local part of the address as a 'domain' object.

      ( 0.9.2342.19200300.100.4.14 NAME 'rFC822localPart'
        SUP domain STRUCTURAL
        MAY ( cn $ description $ destinationIndicator $
          facsimileTelephoneNumber $ internationaliSDNNumber $
          physicalDeliveryOfficeName $ postalAddress $ postalCode $
          postOfficeBox $ preferredDeliveryMethod $ registeredAddress $
          seeAlso $ sn $ street $ telephoneNumber $
          teletexTerminalIdentifier $ telexNumber $ x121Address ) )

   The 'domain' object class is described in Section 3.4 of this
   document.  The 'cn', 'description', 'destinationIndicator',
   'facsimileTelephoneNumber', 'internationaliSDNNumber,
   'physicalDeliveryOfficeName', 'postalAddress', 'postalCode',
   'postOfficeBox', 'preferredDeliveryMethod', 'registeredAddress',
   'seeAlso', 'sn, 'street', 'telephoneNumber',
   'teletexTerminalIdentifier', 'telexNumber', and 'x121Address'
   attribute types are described in [RFC4519].

   Example:

      dn: dc=kdz,dc=example,dc=com
      objectClass: domain
      objectClass: rFC822LocalPart
      dc: kdz
      associatedName: cn=Kurt D. Zeilenga,cn=Persons,dc=Example,dc=COM




Zeilenga                    Standards Track                    [Page 17]

RFC 4524                COSINE LDAP/X.500 Schema               June 2006


   The 'dc' attribute type is described in [RFC4519].

3.8.  room

   The 'room' object class is used to define entries representing rooms.
   The 'cn' (commonName) attribute SHOULD be used for naming entries of
   this object class.

      ( 0.9.2342.19200300.100.4.7 NAME 'room'
        SUP top STRUCTURAL
        MUST cn
        MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) )

   The 'top' object class is described in [RFC4512].  The 'cn',
   'description', 'seeAlso', and 'telephoneNumber' attribute types are
   described in [RFC4519].  The 'roomNumber' attribute type is described
   in Section 2 of this document.

      dn: cn=conference room,dc=example,dc=com
      objectClass: room
      cn: conference room
      telephoneNumber: +1 755 555 1111

3.9.  simpleSecurityObject

   The 'simpleSecurityObject' object class is used to require an entry
   to have a 'userPassword' attribute when the entry's structural object
   class does not require (or allow) the 'userPassword attribute'.

      ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
        SUP top AUXILIARY
        MUST userPassword )

   The 'top' object class is described in [RFC4512].  The 'userPassword'
   attribute type is described in [RFC4519].

      dn: dc=kdz,dc=Example,dc=COM
      objectClass: account
      objectClass: simpleSecurityObject
      uid: kdz
      userPassword: My Password
      seeAlso: cn=Kurt D. Zeilenga,cn=Persons,dc=Example,dc=COM

4.  Security Considerations

   General LDAP security considerations [RFC4510] are applicable to the
   use of this schema.  Additional considerations are noted above where
   appropriate.



Zeilenga                    Standards Track                    [Page 18]

RFC 4524                COSINE LDAP/X.500 Schema               June 2006


   Directories administrators should ensure that access to sensitive
   information be restricted to authorized entities and that appropriate
   data security services, including data integrity and data
   confidentiality, are used to protect against eavesdropping.

   Simple authentication (e.g., plain text passwords) mechanisms should
   only be used when adequate data security services are in place.  LDAP
   offers reasonably strong authentication and data security services
   [RFC4513].

5.  IANA Considerations

   The Internet Assigned Numbers Authority (IANA) has updated the LDAP
   descriptors registry [RFC4520] as indicated in the following
   template:

      Subject: Request for LDAP Descriptor Registration Update
      Descriptor (short name): see comment
      Object Identifier: see comments
      Person & email address to contact for further information:
          Kurt Zeilenga <kurt@OpenLDAP.org>
      Usage: see comments
      Specification: RFC 4524
      Author/Change Controller: IESG
      Comments:

      The following descriptors have been updated to refer to RFC 4524.

        NAME                           Type OID
        ------------------------       ---- --------------------------
        account                        O    0.9.2342.19200300.100.4.5
        associatedDomain               A    0.9.2342.19200300.100.1.37
        associatedName                 A    0.9.2342.19200300.100.1.38
        buildingName                   A    0.9.2342.19200300.100.1.48
        co                             A    0.9.2342.19200300.100.1.43
        document                       O    0.9.2342.19200300.100.4.6
        documentAuthor                 A    0.9.2342.19200300.100.1.14
        documentIdentifier             A    0.9.2342.19200300.100.1.11
        documentLocation               A    0.9.2342.19200300.100.1.15