INTERNET-DRAFT K. Dally, Editor Intended Category: Standard Track The MITRE Corp. Expires: November 2004 May 2004 Updates: RFC 2247, RFC 2798 Obsoletes: RFC 2256 LDAP: Schema for User Applications Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC 2026. This document is intended to be, after appropriate review and revision, submitted to the RFC Editor as a Standard Track document. Distribution of this memo is unlimited. Technical discussion of this document will take place on the IETF LDAP Revision Working Group (LDAPbis) mailing list . Please send editorial comments directly to the author . Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Copyright Notice Copyright 2003, The Internet Society. All Rights Reserved. Abstract This document is a integral part of the Lightweight Directory Access Protocol (LDAP) technical specification [ROADMAP]. It provides a technical specification of attribute types and object classes intended for use by LDAP directory clients for many directory services, such as, White Pages. These objects are widely used as a basis for the schema in many LDAP directories. This document does not cover attributes used for the administration of directory servers, nor does it include directory objects defined for specific uses in other documents. Dally Expires November 2004 [Page 1] INTERNET-DRAFT draft-ietf-ldapbis-user-schema-07 May 2004 Table of Contents Status of this Memo 1 Copyright Notice 1 Abstract 1 Table of Contents 2 1. Introduction 4 1.1 Situation 4 1.2 Conventions 4 1.3 General Issues 4 1.4 Source 5 2. Attribute Types 5 2.1 businessCategory 5 2.2 c 5 2.3 cn 6 2.4 dc 6 2.5 description 6 2.6 destinationIndicator 7 2.7 distinguishedName 7 2.8 dnQualifier 7 2.9 enhancedSearchGuide 8 2.10 facsimileTelephoneNumber 8 2.11 generationQualifier 8 2.12 givenName 8 2.13 houseIdentifier 9 2.14 initials 9 2.15 internationalISDNNumber 9 2.16 l 9 2.17 member 10 2.18 name 10 2.19 o 10 2.20 ou 10 2.21 owner 11 2.22 physicalDeliveryOfficeName 11 2.23 postalAddress 11 2.24 postalCode 11 2.25 postOfficeBox 12 2.26 preferredDeliveryMethod 12 2.27 registeredAddress 12 2.28 roleOccupant 12 2.29 searchGuide 13 2.30 seeAlso 13 2.31 serialNumber 13 2.32 sn 13 2.33 st 14 2.34 street 14 2.35 telephoneNumber 14 Dally Expires November 2004 [Page 2] INTERNET-DRAFT draft-ietf-ldapbis-user-schema-07 May 2004 2.36 teletexTerminalIdentifier 14 2.37 telexNumber 15 2.38 title 15 2.39 uid 15 2.40 uniqueMember 15 2.41 userPassword 16 2.42 x121Address 16 2.43 x500UniqueIdentifier 16 3. Object Classes 17 3.1 applicationProcess 17 3.2 country 17 3.3 device 17 3.4 groupOfNames 18 3.5 groupOfUniqueNames 18 3.6 locality 18 3.7 organization 19 3.8 organizationalPerson 19 3.9 organizationalRole 19 3.10 organizationalUnit 20 3.11 person 20 3.12 residentialPerson 20 4. IANA Considerations 21 5. Security Considerations 22 6. Acknowledgements 23 7. References 23 7.1 Normative 23 7.2 Informative 24 8. Author's Address 25 9. Full Copyright Statement 25 Dally Expires November 2004 [Page 3] INTERNET-DRAFT draft-ietf-ldapbis-user-schema-07 June 2002 1. Introduction This document provides an overview of attribute types and object classes intended for use by Lightweight Directory Access Protocol directory clients for many directory services, such as, White Pages. Originally specified in the X.500 [X.500] documents, these objects are widely used as a basis for the schema in many LDAP directories. This document does not cover attributes used for the administration of directory servers, nor does it include directory objects defined for specific uses in other documents. 1.1 Situation This document is a integral part of the LDAP technical specification [ROADMAP] which obsoletes the previously defined LDAP technical specification [RFC3377] in its entirety. In terms of RFC 2256, Sections 6 and 8 of RFC 2256 are obsoleted by [Syntaxes]. Sections 5.1, 5.2, 7.1 and 7.2 of RFC 2256 are obsoleted by [Models]. The remainder of RFC 2256 is obsoleted by this document. Section 3.4 of this document supercedes the technical specification for the 'dc' attribute type found in RFC 2247.[editor's note: Substitute replacement RFC at time of publication.] The remainder of RFC 2247 remains in force. This document updates RFC 2798 by replacing the informative description of the 'uid' attribute type, with the definitive description provided in Section 2.39 of this document. A number of schema elements which were included in the previous revision of the LDAP Technical Specification are not included in this revision of LDAP. PKI-related schema elements are now specified in [LDAP-PKI]. Unless reintroduced in future technical specifications, the remainder are to be considered Historic. 1.2 Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 1.3 General Issues This document references Syntaxes given in Section 3 of [Syntaxes] and Matching Rules specified in Section 4 of [Syntaxes]. The definitions of Attribute Types and Object Classes are written using the ABNF form of AttributeTypeDescription and ObjectClassDescription given in [Models]. Lines have been folded for readability. Dally Expires November 2004 [Page 4] INTERNET-DRAFT draft-ietf-ldapbis-user-schema-07 May 2004 1.4 Source The schema definitions in this document are based on those found in the X.500-series [X.520] and [X.521], RFC 2798 [RFC2798] and RFC 2247 [RFC2247], specifically: Sections Source ============ ================== 2.1 - 2.3 X.520 [X.520] 2.4 RFC 2247 [RFC2247] 2.5 - 2.38 X.520 [X.520] 2.39 RFC 2798 [2798] 2.40 - 2.43 X.520 [X.520] 3.1 - 3.12 X.521 [X.521] However, the descriptions in this document SHALL be considered definitive for use in LDAP. 2. Attribute Types The Attribute Types contained in this section hold user information. There is no requirement that servers implement the following attribute types: searchGuide teletexTerminalIdentifier In fact, their use is greatly discouraged. An LDAP server implementation SHOULD recognize the rest of the attribute types described in this section. 2.1 businessCategory The businessCategory attribute type describes the kinds of business performed by an organization (e.g., "banking", "transportation"). Each kind is one value of this multi-valued attribute. ( 2.5.4.15 NAME 'businessCategory' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax [Syntaxes]. 2.2 c The c (countryName) attribute type contains a two-letter ISO 3166 [ISO3166] country code (e.g., "DE"). (Source: X.520) Dally Expires November 2004 [Page 5] INTERNET-DRAFT draft-ietf-ldapbis-user-schema-07 May 2004 ( 2.5.4.6 NAME 'c' SUP name SINGLE-VALUE ) 2.3 cn The cn (commonName) attribute type contains names of an object (e.g., "Martin K Smith", "Marty Smith", "printer12"). Each name is one value of this multi-valued attribute. If the object corresponds to a person, it is typically the person's full name. (Source: X.520) ( 2.5.4.3 NAME 'cn' SUP name ) 2.4 dc The dc (short for domainComponent) attribute type is a string holding one component, a