From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc4519.txt | 1963 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1963 insertions(+) create mode 100644 doc/rfc/rfc4519.txt (limited to 'doc/rfc/rfc4519.txt') diff --git a/doc/rfc/rfc4519.txt b/doc/rfc/rfc4519.txt new file mode 100644 index 0000000..f2e9b7c --- /dev/null +++ b/doc/rfc/rfc4519.txt @@ -0,0 +1,1963 @@ + + + + + + +Network Working Group A. Sciberras, Ed. +Request for Comments: 4519 eB2Bcom +Obsoletes: 2256 June 2006 +Updates: 2247, 2798, 2377 +Category: Standards Track + + + Lightweight Directory Access Protocol (LDAP): + Schema for User Applications + +Status of This Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (2006). + +Abstract + + This document is an integral part of the Lightweight Directory Access + Protocol (LDAP) technical specification. It provides a technical + specification of attribute types and object classes intended for use + by LDAP directory clients for many directory services, such as White + Pages. These objects are widely used as a basis for the schema in + many LDAP directories. This document does not cover attributes used + for the administration of directory servers, nor does it include + directory objects defined for specific uses in other documents. + + + + + + + + + + + + + + + + + + + +Sciberras Standards Track [Page 1] + +RFC 4519 LDAP: Schema for User Applications June 2006 + + +Table of Contents + + 1. Introduction ....................................................3 + 1.1. Relationship with Other Specifications .....................3 + 1.2. Conventions ................................................4 + 1.3. General Issues .............................................4 + 2. Attribute Types .................................................4 + 2.1. 'businessCategory' .........................................5 + 2.2. 'c' ........................................................5 + 2.3. 'cn' .......................................................5 + 2.4. 'dc' .......................................................6 + 2.5. 'description' ..............................................6 + 2.6. 'destinationIndicator' .....................................7 + 2.7. 'distinguishedName' ........................................7 + 2.8. 'dnQualifier' ..............................................8 + 2.9. 'enhancedSearchGuide' ......................................8 + 2.10. 'facsimileTelephoneNumber' ................................9 + 2.11. 'generationQualifier' .....................................9 + 2.12. 'givenName' ...............................................9 + 2.13. 'houseIdentifier' .........................................9 + 2.14. 'initials' ...............................................10 + 2.15. 'internationalISDNNumber' ................................10 + 2.16. 'l' ......................................................10 + 2.17. 'member' .................................................11 + 2.18. 'name' ...................................................11 + 2.19. 'o' ......................................................11 + 2.20. 'ou' .....................................................12 + 2.21. 'owner' ..................................................12 + 2.22. 'physicalDeliveryOfficeName' .............................12 + 2.23. 'postalAddress' ..........................................13 + 2.24. 'postalCode' .............................................13 + 2.25. 'postOfficeBox' ..........................................14 + 2.26. 'preferredDeliveryMethod' ................................14 + 2.27. 'registeredAddress' ......................................14 + 2.28. 'roleOccupant' ...........................................15 + 2.29. 'searchGuide' ............................................15 + 2.30. 'seeAlso' ................................................15 + 2.31. 'serialNumber' ...........................................16 + 2.32. 'sn' .....................................................16 + 2.33. 'st' .....................................................16 + 2.34. 'street' .................................................17 + 2.35. 'telephoneNumber' ........................................17 + 2.36. 'teletexTerminalIdentifier' ..............................17 + 2.37. 'telexNumber' ............................................18 + 2.38. 'title' ..................................................18 + 2.39. 'uid' ....................................................18 + 2.40. 'uniqueMember' ...........................................19 + 2.41. 'userPassword' ...........................................19 + + + +Sciberras Standards Track [Page 2] + +RFC 4519 LDAP: Schema for User Applications June 2006 + + + 2.42. 'x121Address' ............................................20 + 2.43. 'x500UniqueIdentifier' ...................................20 + 3. Object Classes .................................................20 + 3.1. 'applicationProcess' ......................................21 + 3.2. 'country' .................................................21 + 3.3. 'dcObject' ................................................21 + 3.4. 'device' ..................................................21 + 3.5. 'groupOfNames' ............................................22 + 3.6. 'groupOfUniqueNames' ......................................22 + 3.7. 'locality' ................................................23 + 3.8. 'organization' ............................................23 + 3.9. 'organizationalPerson' ....................................24 + 3.10. 'organizationalRole' .....................................24 + 3.11. 'organizationalUnit' .....................................24 + 3.12. 'person' .................................................25 + 3.13. 'residentialPerson' ......................................25 + 3.14. 'uidObject' ..............................................26 + 4. IANA Considerations ............................................26 + 5. Security Considerations ........................................28 + 6. Acknowledgements ...............................................28 + 7. References .....................................................29 + 7.1. Normative References ......................................29 + 7.2. Informative References ....................................30 + Appendix A Changes Made Since RFC 2256 ...........................32 + +1. Introduction + + This document provides an overview of attribute types and object + classes intended for use by Lightweight Directory Access Protocol + (LDAP) directory clients for many directory services, such as White + Pages. Originally specified in the X.500 [X.500] documents, these + objects are widely used as a basis for the schema in many LDAP + directories. This document does not cover attributes used for the + administration of directory servers, nor does it include directory + objects defined for specific uses in other documents. + +1.1. Relationship with Other Specifications + + This document is an integral part of the LDAP technical specification + [RFC4510], which obsoletes the previously defined LDAP technical + specification, RFC 3377, in its entirety. In terms of RFC 2256, + Sections 6 and 8 of RFC 2256 are obsoleted by [RFC4517]. Sections + 5.1, 5.2, 7.1, and 7.2 of RFC 2256 are obsoleted by [RFC4512]. The + remainder of RFC 2256 is obsoleted by this document. The technical + specification for the 'dc' attribute type and 'dcObject' object class + found in RFC 2247 are superseded by sections 2.4 and 3.3 of this + document. The remainder of RFC 2247 remains in force. + + + + +Sciberras Standards Track [Page 3] + +RFC 4519 LDAP: Schema for User Applications June 2006 + + + This document updates RFC 2798 by replacing the informative + description of the 'uid' attribute type with the definitive + description provided in Section 2.39 of this document. + + This document updates RFC 2377 by replacing the informative + description of the 'uidObject' object class with the definitive + description provided in Section 3.14 of this document. + + A number of schema elements that were included in the previous + revision of the LDAP Technical Specification are not included in this + revision of LDAP. PKI-related schema elements are now specified in + [RFC4523]. Unless reintroduced in future technical specifications, + the remainder are to be considered Historic. + + The descriptions in this document SHALL be considered definitive for + use in LDAP. + +1.2. Conventions + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in RFC 2119 [RFC2119]. + +1.3. General Issues + + This document references Syntaxes defined in Section 3 of [RFC4517] + and Matching Rules defined in Section 4 of [RFC4517]. + + The definitions of Attribute Types and Object Classes are written + using the Augmented Backus-Naur Form (ABNF) [RFC4234] of + AttributeTypeDescription and ObjectClassDescription given in + [RFC4512]. Lines have been folded for readability. When such values + are transferred as attribute values in the LDAP Protocol, the values + will not contain line breaks. + +2. Attribute Types + + The attribute types contained in this section hold user information. + + There is no requirement that servers implement the 'searchGuide' and + 'teletexTerminalIdentifier' attribute types. In fact, their use is + greatly discouraged. + + An LDAP server implementation SHOULD recognize the rest of the + attribute types described in this section. + + + + + + +Sciberras Standards Track [Page 4] + +RFC 4519 LDAP: Schema for User Applications June 2006 + + +2.1. 'businessCategory' + + The 'businessCategory' attribute type describes the kinds of business + performed by an organization. Each kind is one value of this + multi-valued attribute. + (Source: X.520 [X.520]) + + ( 2.5.4.15 NAME 'businessCategory' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + + 1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax + [RFC4517]. + + Examples: "banking", "transportation", and "real estate". + +2.2. 'c' + + The 'c' ('countryName' in X.500) attribute type contains a two-letter + ISO 3166 [ISO3166] country code. + (Source: X.520 [X.520]) + + ( 2.5.4.6 NAME 'c' + SUP name + SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 + SINGLE-VALUE ) + + 1.3.6.1.4.1.1466.115.121.1.11 refers to the Country String syntax + [RFC4517]. + + Examples: "DE", "AU" and "FR". + +2.3. 'cn' + + The 'cn' ('commonName' in X.500) attribute type contains names of an + object. Each name is one value of this multi-valued attribute. If + the object corresponds to a person, it is typically the person's full + name. + (Source: X.520 [X.520]) + + ( 2.5.4.3 NAME 'cn' + SUP name ) + + Examples: "Martin K Smith", "Marty Smith" and "printer12". + + + + + + +Sciberras Standards Track [Page 5] + +RFC 4519 LDAP: Schema for User Applications June 2006 + + +2.4. 'dc' + + The 'dc' ('domainComponent' in RFC 1274) attribute type is a string + holding one component, a label, of a DNS domain name + [RFC1034][RFC2181] naming a host [RFC1123]. That is, a value of this + attribute is a string of ASCII characters adhering to the following + ABNF [RFC4234]: + + label = (ALPHA / DIGIT) [*61(ALPHA / DIGIT / HYPHEN) (ALPHA / DIGIT)] + ALPHA = %x41-5A / %x61-7A ; "A"-"Z" / "a"-"z" + DIGIT = %x30-39 ; "0"-"9" + HYPHEN = %x2D ; hyphen ("-") + + The encoding of IA5String for use in LDAP is simply the characters of + the ASCII label. The equality matching rule is case insensitive, as + is today's DNS. (Source: RFC 2247 [RFC2247] and RFC 1274 [RFC 1274]) + + ( 0.9.2342.19200300.100.1.25 NAME 'dc' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + + 1.3.6.1.4.1.1466.115.121.1.26 refers to the IA5 String syntax + [RFC4517]. + + Examples: Valid values include "example" and "com" but not + "example.com". The latter is invalid as it contains multiple domain + components. + + It is noted that the directory service will not ensure that values of + this attribute conform to the host label restrictions [RFC1123] + illustrated by the