Netscape NETSCAPE DIRECTORY SERVER 7.0, Reference

Page 1: ...Schema Reference Netscape Directory Server Version7 0 October 2004 ...

Page 2: ...ession code by the Info ZIP group There are no extra charges or costs due to the use of this code and the original compression sources are freely available from http www infozip com on the Internet This product includes software developed by the Apache Software Foundation http www apache org Portions of the Software copyright 1989 The Regents of the University of California All rights reserved Red...

Page 3: ...ect Classes 16 Required and Allowed Attributes 16 Object Class Inheritance 17 Attributes 17 Attribute Syntax 17 Single Valued and Multi Valued Attributes 19 Schema Supported by Directory Server 19 Object Identifiers OIDs 21 Extending Server Schema 22 Schema Checking 22 Chapter 2 Object Class Reference 25 account 26 alias 27 cosClassicDefinition 28 cosDefinition 29 cosIndirectDefinition 30 cosPoint...

Page 4: ...4 newPilotPerson 55 nsComplexRoleDefinition 57 nsFilteredRoleDefinition 58 nsLicenseUser 59 nsManagedRoleDefinition 60 nsNestedRoleDefinition 61 nsRoleDefinition 62 nsSimpleRoleDefinition 63 organization 64 organizationalPerson 66 organizationalRole 68 organizationalUnit 70 person 72 pilotObject 73 pilotOrganization 74 residentialPerson 76 RFC822LocalPart 78 room 80 strongAuthenticationUser 81 sim...

Page 5: ...TemplateDn 92 crossCertificatePair 93 dc domainComponent 93 deltaRevocationList 94 departmentNumber 94 description 94 destinationIndicator 95 displayName 95 dITRedirect 96 dmdName 96 dn distinguishedName 97 dNSRecord 97 documentAuthor 97 documentIdentifier 98 documentLocation 98 documentPublisher 99 documentStore 99 documentTitle 99 documentVersion 100 drink favoriteDrink 100 dSAQuality 101 employ...

Page 6: ...stModifiedTime 110 mail 110 mailPreferenceOption 111 manager 111 member 112 memberCertificateDescription 112 memberURL 113 mobile 113 name 114 nsLicensedFor 114 nsLicenseEndTime 115 nsLicenseStartTime 115 ntUserDomainId 115 o organizationName 116 objectClass 116 obsoletedByDocument 117 obsoletesDocument 117 organizationalStatus 117 otherMailbox 118 ou organizationUnitName 118 owner 119 pager 119 p...

Page 7: ...ity 130 subtreeMinimumQuality 130 supportedAlgorithms 131 supportedApplicationContext 131 telephoneNumber 131 teletexTerminalIdentifier 132 telexNumber 132 textEncodedORAddress 133 title 133 ttl timeToLive 134 uid userID 134 uniqueIdentifier 135 uniqueMember 135 updatedByDocument 136 updatesDocument 136 userCertificate 136 userClass 137 userPassword 137 userPKCS12 138 userSMIMECertificate 138 x121...

Page 8: ...CheckSyntax 150 passwordExp 151 passwordExpirationTime 151 passwordExpWarned 151 passwordGraceLimit 152 passwordGraceUserTime 152 passwordHistory 152 passwordInHistory pwdInHistory 153 passwordLockout pwdLockOut 153 passwordLockoutDuration pwdLockoutDuration 154 passwordMaxAge pwdMaxAge 154 passwordMaxFailure pwdMaxFailure 155 passwordMinAge pwdMinAge 155 passwordMinLength pwdMinLength 156 passwor...

Page 9: ...62 changeNumber 162 changeTime 163 changeType 163 deleteOldRdn 163 newRdn 164 newSuperior 164 nsEncryptionAlgorithm 164 nsSaslMapRegexString 165 nsSaslMapBaseDNTemplate 165 nsSaslMapFilterTemplate 165 targetDn 166 Special Object Classes 166 changeLogEntry 166 nsAttributeEncryption 167 nsSaslMapping 168 passwordObject 168 subschema 169 Index 171 ...

Page 10: ...10 Netscape Directory Server Schema Reference October 2004 ...

Page 11: ...se of This Guide page 11 Directory Server Overview page 11 Contents of This Guide page 12 Prerequisite Reading page 12 Conventions Used in This Book page 13 Related Information page 13 Purpose of This Guide This Schema Reference guide describes the standard directory schema for Directory Server and lists all the object classes and attributes defined by the standard schema The information provided ...

Page 12: ...ference Contains an alphabetical list of the object classes accepted by the default schema It gives a definition of each object class and gives the list of required and allowed attributes specific to the particular object class However any mandatory and optional attributes inherited from superior object classes are not listed Chapter 3 Attribute Reference Contains an alphabetic list of the standar...

Page 13: ...erverRoot slapd serverID serverRoot is the installation directory The default installation directory for UNIX is usr netscape servers On Windows it is c usr netscape servers If you have installed Directory Server in a different location you should adapt the path accordingly serverID is the ID or identifier you assigned to an instance of Directory Server when you installed it For example if you gav...

Page 14: ...tory Server Netscape Directory Server Gateway Customization Guide Introduces Directory Server Gateway and explains how to implement a gateway instance with basic directory look up functionality Also contains information useful for implementing a more powerful gateway instance with directory authentication and administration capability Netscape Directory Server Org Chart Introduces the Netscape Dir...

Page 15: ... The directory schema is a set of rules that defines how the data can be stored in the directory The data is stored in the form of directory entries Each entry is a set of attributes and their values Each entry must have an object class The object class specifies the kind of object the entry describes and defines the set of attributes it contains The schema defines the type of entries allowed thei...

Page 16: ...ired attributes include the attributes that must be present in entries using the object class All entries require the objectClass attribute which defines the object classes assigned to the entry Allowed attributes include the attributes that may be present in entries using the object class Example Object Class person Required Attributes object class cn common name sn surname Allowed Attributes des...

Page 17: ...e when you assign the inetOrgperson object class to an entry it automatically inherits the required and allowed attributes from the superior object class Attributes Directory data is represented as attribute value pairs Any piece of information in the directory is associated with a descriptive attribute For instance the commonName or cn attribute is used to store a person s name A person named Jon...

Page 18: ... Indicates that values for this attribute are encoded as printable strings The time zone must be specified It is strongly recommended to use GMT time IA5String 1 3 6 1 4 1 1466 115 121 1 26 Indicates that values for this attribute are case sensitive INTEGER 1 3 6 1 4 1 1466 115 121 1 27 Indicates that valid values for this attribute are numbers OctetString 1 3 6 1 4 1 1466 115 121 1 40 Same behavi...

Page 19: ...arate file called 99user ldif You should not modify the standard files provided with the Directory Server because you incur the risk of breaking compatibility with other Netscape products or of causing interoperability problems with directory servers from vendors other than Netscape Communications Corporation For more information about how the Directory Server stores information and suggestions fo...

Page 20: ...or that user 10rfc2307 ldif Schema from RFC 2307 An Approach for Using LDAP as a Network Information Service 20subscriber ldif Common schema elements for Netscape Nortel subscriber interoperability 25java object ldif Schema from RFC 2713 Schema for Representing Java tm Objects in an LDAP Directory 28pilot ldif Schema from the pilot RFCs especially RFC 1274 that are no longer recommended by Netscap...

Page 21: ...Schema 50ns mail ldif Schema for Netscape Messaging Server 50ns mcd browser ldif Schema for Netscape Mission Control Desktop Browser 50ns mcd config ldif Schema for Netscape Mission Control Desktop Configuration 50ns mcd li ldif Schema for Netscape Mission Control Desktop Location Independence 50ns mcd mail ldif Schema for Netscape Mission Control Desktop Mail 50ns media ldif Schema for Netscape M...

Page 22: ...y service in the enterprise When adding new attributes to the schema a new object class should be created to contain them adding a new attribute to an existing object class can compromise the Directory Server s compatibility with existing LDAP clients that rely on the standard LDAP schema and may cause difficulties when upgrading the server For more information about extending server schema refer ...

Page 23: ...Schema Checking Chapter 1 About Schema 23 Schema checking also occurs when importing a database using LDIF For more information refer to the Netscape Directory Server Administrator s Guide ...

Page 24: ...Schema Checking 24 Netscape Directory Server Schema Reference October 2004 ...

Page 25: ...the Directory Server or other Netscape products for internal operations are not documented here For information about these object classes please refer to the Netscape Directory Server Configuration Command and File Reference The LDAP RFCs and X 500 standards allow for an object class to have more than one superior This behavior is not currently supported by Directory Server NOTE When an object cl...

Page 26: ...ed Attributes objectClass Defines the object classes for the entry uid userID Identifies the account s user ID description Text description of the entry host Hostname of the computer on which the account resides l localityName Place in which the account is located o organizationName Organization to which the account belongs ou organizationUnitName Organizational unit to which the account belongs s...

Page 27: ...directory tree Note Aliasing is not supported in Directory Server This object class is defined in RFC 2256 Superior Class top OID 2 5 6 1 Required Attributes objectClass Defines the object classes for the entry aliasedObjectName Distinguished name of the entry for which this entry is an alias ...

Page 28: ...efinition OID 2 16 840 1 113730 3 2 100 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cosAttribute Provides the name of the attribute for which you want to generate a value You can specify more than one cosAttribute value cn commonName Common name of the entry cosSpecifier Specifies the attribute value used by a classic CoS which along with the templat...

Page 29: ...rights are granted or denied when the Directory Server receives an LDAP request from a client cn commonName Common name of the entry cosAttribute Provides the name of the attribute for which you want to generate a value You can specify more than one cosAttribute value cosSpecifier Specifies the attribute value used by a classic CoS which along with the template entry s DN identifies the template e...

Page 30: ... Directory Server Superior Class cosSuperDefinition OID 2 16 840 1 113730 3 2 102 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cosAttribute Provides the name of the attribute for which you want to generate a value You can specify more than one cosAttribute value cn commonName Common name of the entry cosIndirectSpecifier Specifies the attribute value ...

Page 31: ...Directory Server Superior Class cosSuperDefinition OID 2 16 840 1 113730 3 2 101 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cosAttribute Provides the name of the attribute for which you want to generate a value You can specify more than one cosAttribute value cn commonName Common name of the entry cosTemplateDn Provides the DN of the template entry ...

Page 32: ... defined in Directory Server Superior Class ldapSubEntry OID 2 16 840 1 113730 3 2 99 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cosAttribute Provides the name of the attribute for which you want to generate a value You can specify more than one cosAttribute value cn commonName Common name of the entry description Text description of the entry ...

Page 33: ...efined in Directory Server Superior Class top OID 2 16 840 1 113730 3 2 128 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cn commonName Common name of the entry cosPriority Specifies which template provides the attribute value when CoS templates compete to provide an attribute value ...

Page 34: ...6 2 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry c countryName Contains the two character code representing country names as defined by ISO in the directory description Text description of the country searchGuide Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation ...

Page 35: ... class such as o organizationName ou organizationalUnitName or l localityName For example dn dc example dc com objectClass top objectClass organization objectClass dcObject dc example o Example Corporation This object class is defined in RFC 2247 Superior Class top OID 1 3 6 1 4 1 1466 344 Required Attributes objectClass Defines the object classes for the entry dc domainComponent One component of ...

Page 36: ...jectClass Defines the object classes for the entry cn commonName Common name of the device description Text description of the device l localityName Place in which the device is located o organizationName Organization to which the device belongs ou organizationUnitName Organizational unit to which the device belongs owner Distinguished name of the person responsible for the device seeAlso URL to i...

Page 37: ...res a sound file in binary format authorCn Author s common or given name authorSn Author s surname cn commonName Common name of the document description Text description of the document dITRedirect Distinguished name to use as a redirect for the entry documentAuthor Distinguished name of the document author documentLocation Location of the original document documentPublisher Person or organization...

Page 38: ...me of a document that obsoletes this document obsoletesDocument Distinguished name of a document that is obsoleted by this document ou organizationUnitName Organizational unit to which the document belongs photo Photo of the document in binary form seeAlso URL to information relevant to the document subject Subject of the document uniqueIdentifier Specific item used to distinguish between two entr...

Page 39: ...tes objectClass Defines the object classes for the entry cn commonName The common name of the series description Text description of the series l localityName Place in which the series is located o organizationName Organization to which the series belongs ou organizationUnitName Organizational unit to which the series belongs seeAlso URL to information relevant to the series telephoneNumber Teleph...

Page 40: ...attributes to be present in the entry This object class is defined in RFC 2247 Superior Class top OID 0 9 2342 19200300 100 4 13 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry dc domainComponent One component of a domain name associatedName Entry in the organizational directory tree associated with a DNS domain businessCategory Type of business in which...

Page 41: ...where the recipient must verify delivery searchGuide Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation seeAlso URL to information relevant to the domain st stateOrProvinceName State or province in which the domain is located street Street address in which the domain is located telephoneNumber Domain s telephone ...

Page 42: ...s which are equivalent to an X 500 domain for example an organization or organizational unit This object class is defined in RFC 1274 Superior Class top OID 0 9 2342 19200300 100 4 17 Required Attributes objectClass Defines the object classes for the entry associatedDomain Specifies a DNS domain associated with an object in the directory tree ...

Page 43: ...the series presentationAddress Contains an OSI presentation address for the entry description Text description of the series knowledgeInformation This attribute is no longer used l localityName Place in which the series is located o organizationName Organization to which the series belongs ou organizationUnitName Organizational unit to which the series belongs seeAlso URL to information relevant t...

Page 44: ... hold optionally any attribute The allowed attribute list of this class is implicitly the set of all attributes known to the server This object class is defined in RFC 2252 Superior Class top OID 1 3 6 1 4 1 1466 101 120 111 Required Attributes Allowed Attributes All attributes known to the server objectClass Defines the object classes for the entry ...

Page 45: ...lass top OID 0 9 2342 19200300 100 4 18 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry co friendlyCountryName Stores the name of a country c countryName Contains the two character code representing country names as defined by ISO in the directory description Text description of the country searchGuide Specifies information for suggested search criteria ...

Page 46: ...utes objectClass Defines the object classes for the entry cn commonName The group s common name businessCategory Type of business in which the group is engaged description Text description of the group s purpose memberCertificateDescription Values used to determine if a particular certificate is a member of this group o organizationName Organization to which the group of certificates belongs ou or...

Page 47: ...d in RFC 2256 Superior Class top OID 2 5 6 9 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cn commonName The group s common name businessCategory Type of business in which the group is engaged description Text description of the group s purpose member Distinguished name of a group member o organizationName Organization to which the group belongs ou org...

Page 48: ...t class is defined in RFC 2256 Superior Class top OID 2 5 6 17 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cn commonName The group s common name businessCategory Type of business in which the group is engaged description Text description of the group s purpose o organizationName Organization to which the group belongs ou organizationUnitName Organiza...

Page 49: ...objectClass Defines the object classes for the entry cn commonName The group s common name businessCategory Type of business in which the group is engaged description Text description of the group s purpose memberURL URL associated with each member of the group o organizationName Organization to which the group belongs ou organizationUnitName Organizational unit to which the group belongs owner Di...

Page 50: ...me or last name audio Stores a sound file in binary format businessCategory Type of business in which the person is engaged carLicense The license plate number of the person s vehicle departmentNumber Department for which the person works description Text description of the person destinationIndicator Country and city associated with the entry needed to provide Public Telegram Service displayName ...

Page 51: ...ation where physical deliveries can be made to the person postOfficeBox The person s post office box postalAddress The person s mailing address postalCode The postal code for this address such as a United States zip code preferredDeliveryMethod The person s preferred method of contact or delivery preferredLanguage The person s preferred written or spoken language registeredAddress Postal address s...

Page 52: ...he person s user id usually the logon ID userCertificate Stores a user s certificate in cleartext not used userPassword Password with which the entry can bind to the directory userSMIMECertificate Stores a user s certificate in binary form Used by Netscape Communicator for S MIME x121Address X 121 address of the person x500UniqueIdentifier Reserved ...

Page 53: ...This approach does not preclude including the labeledURI attribute type directly in other object classes as appropriate This object class is defined in RFC 2079 Superior Class top OID 1 3 6 1 4 1 250 3 1 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry labeledURI Universal Resource Locator that is relevant to the entry ...

Page 54: ...Class Defines the object classes for the entry description Text description of the locality l localityName Place in which the entry is located searchGuide Specifies information for a suggested search criteria when using the entry as the base object in the directory tree for a search operation seeAlso URL to information relevant to the locality st stateOrProvinceName State or province to which the ...

Page 55: ...me The person s common name sn surname The person s surname or last name businessCategory Type of business in which this person is engaged description Text description of the person drink favoriteDrink The person s favorite drink homePhone The person s home phone number homePostalAddress The person s home mailing address janetMailbox The person s email address mail The person s email address mailP...

Page 56: ...referred method of contact or delivery roomNumber The person s room number secretary Distinguished name of the person s secretary or administrative assistant seeAlso URL to information relevant to the person telephoneNumber The person s telephone number textEncodedORAddress The person s text encoded Originator Recipient X 400 address uid userID Identifies the person s user id usually the logon ID ...

Page 57: ...by definition a complex role This object class is defined in Directory Server Superior Class nsRoleDefinition OID 2 16 840 1 113730 3 2 95 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cn commonName The entry s common name description Text description of the entry ...

Page 58: ...s contained by each entry This object class is defined in Directory Server Superior Class nsComplexRoleDefinition OID 2 16 840 1 113730 3 2 97 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry nsRoleFilter Specifies the filter assigned to an entry cn commonName The entry s common name description Text description of the entry ...

Page 59: ...s of this object class through the Users and Groups area of the Netscape Administration Server This object class is defined in Netscape Administration Services Superior Class top OID 2 16 840 1 113730 3 2 7 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry nsLicensedFor Netscape server that the user is licensed to use nsLicenseEndTime Reserved for future u...

Page 60: ...o an explicit enumerated list of members This object class is defined in Directory Server Superior Class nsSimpleRoleDefinition OID 2 16 840 1 113730 3 2 96 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cn commonName The entry s common name description Text description of the entry ...

Page 61: ...e This object class is defined in Directory Server Superior Class nsComplexRoleDefinition OID 2 16 840 1 113730 3 2 98 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry nsRoleDn Specifies the roles assigned to an entry cn commonName The entry s common name description Text description of the entry ...

Page 62: ...inherit from the nsRoleDefinition object class This object class is defined in Directory Server Superior Class ldapSubEntry OID 2 16 840 1 113730 3 2 93 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cn commonName The entry s common name description Text description of the entry ...

Page 63: ...given entry possesses a particular role Enumerate all the roles possessed by a given entry Assign a particular role to a given entry Remove a particular role from a given entry This object class is defined in Directory Server Superior Class nsRoleDefinition OID 2 16 840 1 113730 3 2 94 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cn commonName The ent...

Page 64: ...ch the organization is engaged description Text description of the organization destinationIndicator Country and city associated with the entry needed to provide Public Telegram Service fax facsimileTelephoneNumber The organization s fax number internationalISDNNumber The organization s ISDN number l localityName Place in which the organization is located physicalDeliveryOfficeName Location where ...

Page 65: ...ch operation seeAlso URL to information relevant to the organization st stateOrProvinceName State or province in which the organization is located street Street address at which the organization is located telephoneNumber The organization s telephone number teletexTerminalIdentifier Identifier for the organization s teletex terminal telexNumber The organization s telex number userPassword Password...

Page 66: ...n s surname or last name description Text description of the person destinationIndicator Country and city associated with the person needed to provide Public Telegram Service fax facsimileTelephoneNumber The person s fax number internationalISDNNumber The person s ISDN number l localityName Place in which the person is located ou organizationUnitName Organizational unit to which the person belongs...

Page 67: ...nformation relevant to the person st stateOrProvinceName State or province in which the person is located street Street address at which the person is located telephoneNumber The person s telephone number teletexTerminalIdentifier Identifier for the person s teletex terminal telexNumber The person s telex number title The person s job title userPassword Password with which the entry can bind to th...

Page 68: ...ide Public Telegram Service fax facsimileTelephoneNumber Fax number of the person in the role internationalISDNNumber ISDN number of the person in the role l localityName Place in which the person in the role is located ou organizationUnitName Organizational unit to which the person in the role belongs physicalDeliveryOfficeName Location where physical deliveries can be made to the person in the r...

Page 69: ...nformation relevant to the person in the role st stateOrProvinceName State or province in which the person in the role is located street Street address at which the person in the role is located telephoneNumber The person s telephone number teletexTerminalIdentifier Identifier for the teletex terminal of the person in the role telexNumber Telex number of the person in the role x121Address X 121 ad...

Page 70: ...gaged description Text description of the organizational unit destinationIndicator Country and city associated with the organizational unit needed to provide Public Telegram Service fax facsimileTelephoneNumber The organizational unit s fax number internationalISDNNumber The organizational unit s ISDN number l localityName Place in which the organizational unit is located physicalDeliveryOfficeNam...

Page 71: ...URL to information relevant to the organizational unit st stateOrProvinceName State or province in which the organizational unit is located street Street address at which the organizational unit is located telephoneNumber The organizational unit s telephone number teletexTerminalIdentifier Identifier for the organizational unit s teletex terminal telexNumber The organization s telex number userPas...

Page 72: ...defined in RFC 2256 Superior Class top OID 2 5 6 6 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cn commonName The person s common name sn surname The person s surname or last name description Text description of the person seeAlso URL to information relevant to the person telephoneNumber The person s telephone number userPassword Password with which t...

Page 73: ... object classes for the entry audio Stores a sound file in binary format dITRedirect Distinguished name to use as a redirect for the entry info Information about the object jpegPhoto Photo in jpeg format lastModifiedBy Distinguished name of the last user to modify the object lastModifiedTime Last time the object was modified manager Distinguished name of the object s manager photo Photo of the obj...

Page 74: ...f the building in which the entry is located businessCategory Type of business in which the entry is engaged description Text description of the entry destinationIndicator Country and city associated with the pilot organization needed to provide Public Telegram Service fax facsimileTelephoneNumber The pilot organization s fax number internationalISDNNumber The pilot organization s ISDN number l lo...

Page 75: ...irectory tree for a search operation seeAlso URL to information relevant to the pilot organization st stateOrProvinceName State or province in which the pilot organization is located street Street address at which the pilot organization is located telephoneNumber The pilot organization s telephone number teletexTerminalIdentifier Identifier for the pilot organization s teletex terminal telexNumber...

Page 76: ... businessCategory Type of business in which the person is engaged description Text description of the person destinationIndicator Country and city associated with the entry needed to provide Public Telegram Service fax facsimileTelephoneNumber The person s fax number internationalISDNNumber The person s ISDN number physicalDeliveryOfficeName Location where physical deliveries can be made to the pe...

Page 77: ... the person st stateOrProvinceName State or province in which the person resides street Street address at which the person is located telephoneNumber The person s telephone number teletexTerminalIdentifier Identifier for the person s teletex terminal telexNumber The person s telex number userPassword Password with which the entry can bind to the directory x121Address X 121 address of the entry ...

Page 78: ...irectory tree associated with a DNS domain businessCategory Type of business in which this local part is engaged cn commonName The local part s common name description Text description of the local part destinationIndicator Country and city associated with the entry needed to provide Public Telegram Service fax facsimileTelephoneNumber The local part s fax number internationalISDNNumber The local ...

Page 79: ...bject in the directory tree for a search operation seeAlso URL to information relevant to the local part sn surname The entry s surname or last name st stateOrProvinceName State or province in which the local part is located street Street address at which the local part is located telephoneNumber Telephone number associated with the local part teletexTerminalIdentifier Identifier for a telex termi...

Page 80: ...ined in RFC 1274 Superior Class top OID 0 9 2342 19200300 100 4 7 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cn commonName Common name of the room description Text description of the room roomNumber The room s number seeAlso URL to information relevant to the room telephoneNumber The room s telephone number ...

Page 81: ...n Used to store a user s certificate entry in the directory This object class is defined in RFC 2256 Superior Class top OID 2 5 6 15 Required Attributes objectClass Defines the object classes for the entry userCertificate Stores a user s certificate usually in binary form ...

Page 82: ...bute when an entry s principal object classes do not allow userPassword as an attribute type Reserved for future use This object class is defined in RFC 1274 Superior Class top OID 0 9 2342 19200300 100 4 19 Required Attributes objectClass Defines the object classes for the entry userPassword Password with which the entry can bind to the directory ...

Page 83: ... and OID abstract Definition Provides an abstract of a document entry This attribute is defined in Internet White Pages Pilot Syntax DirectoryString multi valued OID 0 9 2342 19200300 102 1 9 aliasedObjectName Definition Used by the Directory Server to identify alias entries in the directory Contains the distinguished name of the entry for which it is an alias For example aliasedObjectName cn jdoe...

Page 84: ...istinguished name c US o Example Corporation would have an associated domain of EC US Note that all domains should be represented in rfc822 order For example associatedDomain US This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 37 associatedName Definition Specifies an entry in the organizational directory tree associated with a DNS domain For ex...

Page 85: ...und file For example audio AAAAAA This attribute is defined in RFC 1274 Syntax Binary multi valued OID 0 9 2342 19200300 100 1 55 authorCn Definition Contains the common name of the author of a document entry For example authorCn Kacey This attribute is defined in Internet White Pages Pilot Syntax DirectoryString multi valued OID 0 9 2342 19200300 102 1 11 ...

Page 86: ... multi valued OID 0 9 2342 19200300 102 1 12 authorityRevocationList Definition Contains a list of CA certificates that have been revoked This attribute is to be stored and requested in the binary form as authorityRevocationList binary For example authorityrevocationlist binary AAAAAA This attribute is defined in RFC 2256 Syntax Binary multi valued OID 2 5 4 38 buildingName Definition Defines the ...

Page 87: ...the type of business in which the entry is engaged This should be a broad generalization such as the corporate division level For example businessCategory Engineering This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 15 c countryName Definition Contains the two character code representing country names as defined by ISO in the directory For example countryName IE ...

Page 88: ...ttribute is to be stored and requested in the binary form as cACertificate binary For example cacertificate binary AAAAAA This attribute is defined in RFC 2256 Syntax Binary multi valued OID 2 5 4 37 carLicense Definition Identifies the entry s automobile license plate number For example carLicense 6ABC246 This attribute is defined in RFC 2798 Syntax DirectoryString multi valued OID 2 16 840 1 113...

Page 89: ...valued OID 2 5 4 39 cn commonName Definition Identifies the name of an object in the directory When the object corresponds to a person the cn is typically the person s full name When identifying the entry s common name or full name commonName Bill Anderson or cn Bill Anderson When in reference to LDAPReplica or LDAPServer object classes commonName replicater example com 17430 o 3Dexample 2Cc 3us o...

Page 90: ...untry name For example friendlyCountryName Ireland or co Ireland This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 43 cosAttribute Description Provides the name of the attribute for which you want to generate a value You can specify more than one cosAttribute value This attribute is used by all types of CoS definition entries This attribute is de...

Page 91: ...he attribute value when CoS templates compete to provide an attribute value This attribute represents the global priority of a particular template A priority of zero is the highest priority This attribute is defined in Directory Server Syntax INTEGER single valued OID 2 16 840 1 113730 3 1 569 cosSpecifier Description Specifies the attribute value used by a classic CoS which along with the templat...

Page 92: ...tribute is defined in Directory Server Syntax DirectoryString single valued OID 2 16 840 1 113730 3 1 552 cosTemplateDn Definition The DN of the template entry which contains a list of the shared attribute values Changes to the template entry attribute values are automatically applied to all the entries within the scope of the CoS A single CoS might have more than one template entry associated wit...

Page 93: ...nary For example crosscertificatepair binary AAAAAA This attribute is defined in RFC 2256 Syntax Binary multi valued OID 2 5 4 40 dc domainComponent Definition Specifies one component of a domain name For example domainComponent example or dc example This attribute is defined in RFC 2247 Syntax DirectoryString single valued OID 0 9 2342 19200300 100 1 25 ...

Page 94: ...tmentNumber Definition Identifies the entry s department number For example departmentNumber 2604 This attribute is defined in RFC 2798 Syntax DirectoryString multi valued OID 2 16 840 1 113730 3 1 2 description Definition Provides a human readable description of the object For people and organization this often includes their role or work assignment For example description Quality control inspect...

Page 95: ...w Ohio USA This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 27 displayName Definition Preferred name of a person to be used when displaying entries Especially useful in displaying a preferred name for an entry within a one line summary list Since other attribute types such as cn are multivalued they can not be used to display a preferred name For example displayN...

Page 96: ...ividual s place of work changes and the individual acquires a new organizational DN For example ditRedirect cn jdoe o example com This attribute is defined in RFC 1274 Syntax DN OID 0 9 2342 19200300 100 1 54 dmdName Definition The value of this attribute specifies a directory management domain DMD the administrative authority which operates the Directory Server This attribute is defined in RFC 22...

Page 97: ... 4 49 dNSRecord Definition Specifies DNS resource records including type A Address type MX Mail Exchange type NS Name Server and type SOA Start of Authority resource records For example dNSRecord IN NS ns uu net This attribute is defined in Internet directory pilot Syntax IA5String multi valued OID 0 9 2342 19200300 100 1 26 documentAuthor Definition Contains the distinguished name of the author o...

Page 98: ...fies a unique identifier for a document For example documentIdentifier L3204REV1 This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 11 documentLocation Definition Defines the location of the original copy of a document entry For example documentLocation Department Library This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OI...

Page 99: ...4 Syntax DirectoryString single valued OID 0 9 2342 19200300 100 1 56 documentStore Definition Not defined here This attribute is defined in Internet White Pages Pilot Syntax DirectoryString multi valued OID 0 9 2342 19200300 102 1 10 documentTitle Definition Contains the title of a document entry For example documentTitle Netscape Directory Server Administrator s Guide This attribute is defined i...

Page 100: ... document entry For example documentVersion 1 1 This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 13 drink favoriteDrink Definition Describes the favorite drink of a person entry For example drink soda or favouriteDrink soda This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 5 ...

Page 101: ...le dSAQuality high This attribute is defined in RFC 1274 Syntax DirectoryString single valued OID 0 9 2342 19200300 100 1 49 employeeNumber Definition Identifies the entry s employee number For example employeeNumber 3440 This attribute is defined in RFC 2798 Syntax DirectoryString single valued OID 2 16 840 1 113730 3 1 3 employeeType Definition Identifies the entry s type of employment For examp...

Page 102: ...ients when construcing search filters For example enhancedSearchGuide uid mhughes This attribute is defined in RFC 2798 Syntax DirectoryString multi valued OID 2 5 4 47 fax facsimileTelephoneNumber Definition Identifies the fax number at which the entry can be reached Abbreviation fax For example facsimileTelephoneNumber 1 415 555 1212 or fax 1 415 555 1212 This attribute is defined in RFC 2256 Sy...

Page 103: ...earing in the suffix For example generationqualifier III This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 44 givenName Definition Identifies the entry s given name usually a person s first name For example givenName Hecuba This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 42 ...

Page 104: ...ss This field is intended to include multiple lines but each line within the entry should be separated by a dollar sign To represent an actual dollar sign or backslash within this text use the escaped hex values 24 and 5c respectively To identify an entry s home mailing address homePostalAddress 1234 Ridgeway Drive Santa Clara CA 99555 Additionally to represent the string The dollar value can be f...

Page 105: ...ter For example host mozilla This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 9 houseIdentifier Definition Identifes a building in a location For example houseIdentifier B105 This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 51 ...

Page 106: ...r example info not valid This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 4 initials Definition Identifies the entry s initials Does not identify the entry s surname For example initials BFA This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 43 internationalISDNNumber Definition Contains the ISDN number of the en...

Page 107: ...e of U K users unfamiliar with rfc822 mail addresses Entries using this attribute must also include an rfc822Mailbox attribute This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 46 jpegPhoto Definition Contains a JPEG photo of the entry For example jpegPhoto AAAAAA This attribute is defined in RFC 2798 Syntax Binary multi valued OID 0 9 2342 19200...

Page 108: ...ntax DirectoryString multi valued OID 0 9 2342 19200300 102 1 7 knowledgeInformation Definition This attribute is no longer used This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 2 l localityName Definition Identifies the county city or other geographical area in which the entry is located or with which it is in some other way associated For example localityName S...

Page 109: ...rrently only URLs are supported optionally followed by one or more space characters and a label For example labeledURI http home example com labeledURI http home example com iNetscape website This attribute is defined in RFC 2079 Syntax IA5String multi valued OID 1 3 6 1 4 1 250 1 57 lastModifiedBy Definition Specifies the distinguished name of the last user to modify the associated entry For exam...

Page 110: ...stModifiedTime Thursday 22 Sep 93 14 15 00 GMT This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 23 mail Definition Identifies a user s primary email address the email address retrieved and displayed by white pages lookup applications For example mail banderson example com This attribute is defined in RFC 1274 Syntax DirectoryString multi valued ...

Page 111: ... The absence of this attribute for a person should be interpreted as if the attribute was present with value no list inclusion This attribute should be interpreted by anyone using the directory to derive mailing lists and its value respected For example mailPreferenceOption 0 This attribute is defined in RFC 1274 Syntax INTEGER single valued OID 0 9 2342 19200300 100 1 47 manager Definition Identi...

Page 112: ...ltiple ou AVAs A matching DN must contain those same ou AVAs in the same order although it may contain other AVAs including other ou AVAs interspersed For any other attribute type not ou there should be at most one AVA of that type in the description If there are several all but the last are ignored A matching DN must contain that same AVA but no other AVA of the same type nearer the root later sy...

Page 113: ...ory Server Syntax IA5String multi valued OID 2 16 840 1 113730 3 1 199 memberURL Definition Identifies a URL associated with each member of a group Any type of labeled URL can be used For example memberURL ldap cn jdoe o example com This attribute is defined in Directory Server Syntax IA5String multi valued OID 2 16 840 1 113730 3 1 198 mobile Definition Identifies the entry s mobile or cellular p...

Page 114: ...bute subtyping This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 41 nsLicensedFor Definition Identifies the Netscape server the user is licensed to use The Netscape Administration Server expects each nsLicenseUser entry to contain zero or more instances of this attribute Valid keywords for this attribute are currently mail the user is a licensed client of the Nets...

Page 115: ...ration Services Syntax DirectoryString multi valued OID 2 16 840 1 113730 3 1 38 nsLicenseStartTime Definition Reserved for future use This attribute is defined in Netscape Administration Services Syntax DirectoryString multi valued OID 2 16 840 1 113730 3 1 37 ntUserDomainId Definition Identifies the Windows security domain name and user name of the entry in the nt_domain_name nt_username format ...

Page 116: ...the name of the organization For example organizationName Example Corporation Inc or o Example Corporation Inc This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 10 objectClass Definition Specifies the object classes of the object Must include the object For example objectClass person This attribute is defined in RFC 2256 Syntax DirectoryString multi valued ...

Page 117: ...DN multi valued OID 0 9 2342 19200300 102 1 4 obsoletesDocument Definition Contains the distinguished name of a document that is obsoleted by the document entry This attribute is defined in Internet White Pages Pilot Syntax DN multi valued OID 0 9 2342 19200300 102 1 3 organizationalStatus Definition Specifies a category by which a person is often referred in an organization For example organizati...

Page 118: ...ronic mailbox types other than X 400 and rfc822 For example otherMailbox internet jdoe example com This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 22 ou organizationUnitName Definition Identifies the name of an organizational unit For example organizationUnitName Marketing or ou Marketing This attribute is defined in RFC 2256 Syntax DirectorySt...

Page 119: ...ohn Smith o Example Corporation c US This attribute is defined in RFC 2256 Syntax DN multi valued OID 2 5 4 32 pager Definition Identifies the entry s pager phone number Abbreviation pager For example pagerTelephoneNumber 415 555 6789 or pager 415 555 6789 This attribute is defined in RFC 1274 Syntax TelephoneNumber multi valued OID 0 9 2342 19200300 100 1 42 ...

Page 120: ...ned in RFC 1274 Syntax Binary multi valued OID 0 9 2342 19200300 100 1 53 personalTitle Definition Specifies a personal title for a person Examples of personal titles are Ms Dr Prof and Rev For example personalTitle Mr This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 40 photo Definition Contains a photo in binary form of the entry For example ...

Page 121: ... Santa Clara This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 19 postalAddress Definition Identifies the entry s mailing address This field is intended to include multiple lines When represented in LDIF format each line should be separated by a dollar sign To represent an actual dollar sign or backslash within this text use the escaped hex values 24 and 5c respec...

Page 122: ...ued OID 2 5 4 16 postalCode Definition Identifies the entry s zip code in the United States For example postalCode 44224 This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 17 postOfficeBox Definition Specifies a postal mailing address For example postOfficeBox 1234 This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 18 ...

Page 123: ...en or spoken language The value for this attribute should conform to the syntax for HTTP Accept Language header values This attribute is defined in RFC 2798 Syntax DirectoryString single valued OID 2 16 840 1 113730 3 1 39 presentationAddress Definition Contains an OSI presentation address for the entry The presentation address consists of an OSI Network Address and up to three selectors one each ...

Page 124: ...additional information to the OSO network service This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 48 ref Description Used in LDAPv3 to support smart referrals Contains an LDAP URL in the format ldap servername portnumber dn The portnumber is optional For example ref ldap server example com 389 ou People o example com This attribute is defined in LDAPv3 referrals...

Page 125: ...cipient s signature is usually required on delivery This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 26 roleOccupant Definition Contains the distinguished name of the person acting in the role defined in the organizationalRole entry For example roleOccupant cn jdoe o example com This attribute is defined in RFC 2256 Syntax DN multi valued OID 2 5 4 33 ...

Page 126: ...ti valued OID 0 9 2342 19200300 100 1 6 searchGuide Definition Specifies information for a suggested search criteria when using the entry as the base object in the directory tree for a search operation When constructing search filters use enhancedSearchGuide instead This attribute is defined in RFC 2256 Syntax IA5String multi valued OID 2 5 4 14 secretary Definition Identifies the entry s secretar...

Page 127: ...try that may contain information related to this entry For example seeAlso cn Quality Control Inspectors ou manufacturing o example com This attribute is defined in RFC 2256 Syntax DN multi valued OID 2 5 4 34 serialNumber Definition Specifies the serial number of a device For example serialNumber 555 1234 AZ This attribute is defined in RFC 2256 Syntax DirectoryString multi valued ...

Page 128: ...diately below in the DIT This attribute is defined in RFC 1274 Syntax DirectoryString single valued OID 0 9 2342 19200300 100 1 50 sn surname Definition Identifies the entry s surname also referred to as last name or family name For example surname Anderson or sn Anderson This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 4 ...

Page 129: ...eOrProvinceName California or st California This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 8 street Definition Identifies the entry s house number and street name For example streetAddress 1234 Ridgeway Drive or street 1234 Ridgeway Drive This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 9 ...

Page 130: ...ilot Syntax DirectoryString multi valued OID 0 9 2342 19200300 102 1 8 subtreeMaximumQuality Definition Specifies the purported maximum data quality for a DIT subtree This attribute is defined in RFC 1274 Syntax DirectoryString single valued OID 0 9 2342 19200300 100 1 52 subtreeMinimumQuality Definition Specifies the purported minimum data quality for a DIT subtree This attribute is defined in RF...

Page 131: ...s binary For example supportedAlgorithms AAAAAA This attribute is defined in RFC 2256 Syntax Binary multi valued OID 2 5 4 52 supportedApplicationContext Definition This attribute contains the identifiers of OSI application contexts This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 30 telephoneNumber Definition Identifies the entry s phone number ...

Page 132: ...x param ttx term printablestring ttx param ttx key ttx value ttx key graphic control misc page private ttx value octetstring In the above the first printable string is the encoding of the first portion of the teletex terminal identifier to be encoded and the subsequent 0 or more octetstrings are subsequent portions of the teletex terminal identifier This attribute is defined in RFC 2256 Syntax Dir...

Page 133: ...ibute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 21 textEncodedORAddress Definition Defines the text encoded Originator Recipient X 400 address of the entry as defined in RFC987 For example textEncodedORAddress S doe OU eng O example ADMD telemail C us This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 2 title Definition ...

Page 134: ...ry should be considered valid Once the specified time has elapsed the information is considered out of date A value of zero 0 indicates that the entry should not be cached Abbreviation ttl For example timeToLive 120 or ttl 120 This attribute is defined in LDAP Caching Internet Draft Syntax DirectoryString multi valued OID 1 3 6 1 4 1 250 1 60 uid userID Definition Identifies the entry s userid usu...

Page 135: ...ce of a reference to a distinguished name that has been deleted This attribute is assigned by the server For example uniqueIdentifier AAAAAA This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 44 uniqueMember Definition Identifies a group of names associated with an entry where each name was given a uniqueIdentifier to ensure its uniqueness A value...

Page 136: ...rnet White Pages Pilot Syntax DN multi valued OID 0 9 2342 19200300 102 1 6 updatesDocument Definition Contains the distinguished name of a document for which this document is an updated version This attribute is defined in Internet White Pages Pilot Syntax DN multi valued OID 0 9 2342 19200300 102 1 5 userCertificate Definition This attribute is to be stored and requested in the binary form as us...

Page 137: ...ay be more applicable For example userClass intern This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 8 userPassword Definition Identifies the entry s password and encryption method in the following format encryption method encrypted password Transfer of cleartext passwords is strongly discouraged where the underlying transport service cannot guar...

Page 138: ...binary form as userPKCS12 binary The attribute values are PFX PDUs stored as binary data This attribute is defined in RFC 2798 Syntax Binary multi valued OID 2 16 840 1 113730 3 1 216 userSMIMECertificate Definition Used by Netscape Communicator for S MIME This attribute is to be stored and requested in the binary form as userSMIMECertificte binary For example userSMIMECertificate binary AAAAAA Th...

Page 139: ...256 Syntax IA5String multi valued OID 2 5 4 24 x500UniqueIdentifier Definition Reserved for future use A binary method of identification useful for differentiating objects when a distinguished name has been reused For example x500UniqueIdentifier AAAAAA This attribute is defined in RFC 2256 Syntax Binary multi valued OID 2 5 4 45 ...

Page 140: ...140 Netscape Directory Server Schema Reference October 2004 ...

Page 141: ...ss of the entry Operational attributes are only returned in an ldapsearch operation if specifically requested This chapter also provides definitions syntax and OIDs for some special attributes and object classes that are used by the server When an object class inherits attributes from other object classes the inherited attributes are shown in italics The attributes are listed by section then alpha...

Page 142: ...95 aci Definition Used by the Directory Server to evaluate what rights are granted or denied when it receives an LDAP request from a client This attribute is defined in Directory Server Syntax IA5String multi valued OID 2 16 840 1 113730 3 1 55 altServer Definition The values of this attribute are URLs of other servers which may be contacted when this server becomes unavailable If the server does ...

Page 143: ...within a subschema Each value describes a single attribute This attribute is defined in RFC 2252 Syntax DirectoryString multi valued OID 2 5 21 5 copiedFrom Definition Used by read only replica to recognize master data source Contains a reference to the server that holds the master data This attribute is only used for legacy replication It is not used for multi master replication This attribute is...

Page 144: ...ectoryString single valued OID 2 16 840 1 113730 3 1 614 dITContentRules Definition Multi valued attribute that defines the DIT content rules which are in force within a subschema Each value defines one DIT content rule Each value is tagged by the object identifier of the structural object class to which it pertains This attribute is defined in RFC 2252 Syntax DirectoryString multi valued OID 2 5 ...

Page 145: ...s the syntaxes implemented with each value corresponding to one syntax This attribute is defined in RFC 2252 Syntax DirectoryString multi valued OID 1 3 6 1 4 1 1466 101 120 16 matchingRules Definition Multi valued attribute that defines the matching rules used within a subschema Each value defines one matching rule This attribute is defined in RFC 2252 Syntax DirectoryString multi valued OID 2 5 ...

Page 146: ...e is defined in RFC 2252 Syntax DirectoryString multi valued OID 2 5 21 7 namingContexts Definition Corresponds to a naming context the server is mastering or shadowing When the Directory Server does not master any information such as when it is an LDAP gateway to a public X 500 directory this attribute is absent When the Directory Server believes it contains the entire directory the attribute has...

Page 147: ...entries that have a change conflict that cannot be resolved automatically by the replication process This attribute is defined in Directory Server Syntax DirectoryString multi valued OID 2 16 840 1 113730 3 1 973 nsRole Definition This attribute is a computed attribute that is not stored with the entry itself It identifies to which roles an entry belongs This attribute is defined in Directory Serv...

Page 148: ...dRoleDefinition dn cn userA ou users o Netscape o example com objectclass top objectclass person sn uA userpassword secret nsroledn cn staff o Netscape o example com A nested role specifies containment of one or more roles of any type In that case nsRoleDN defines the DN of the contained roles For example dn cn everybody o Netscape o example com objectclass LDAPsubentry objectclass nsRoleDefinitio...

Page 149: ...ntax INTEGER single valued OID 1 3 1 1 4 1 453 16 2 103 objectClasses Definition Multi valued attribute that defines the object classes used in a subschema Each value defines one object class This attribute is defined in RFC 2252 Syntax DirectoryString multi valued OID 2 5 21 6 passwordAllowChangeTime Definition Used to specify the length of time that must pass before the user is allowed to change...

Page 150: ...tax pwdCheckSyntax Definition Specifies whether the password syntax will be checked before the password is saved The password syntax checking mechanism checks that the password meets or exceeds the password minimum length requirement and that the string does not contain any trivial words such as the user s name or ID or any attribute value stored in the uid cn sn givenName ou or mail attributes of...

Page 151: ...passwordMaxAge pwdMaxAge attribute This attribute is defined in Directory Server Syntax DirectoryString single valued OID 2 16 840 1 113730 3 1 98 passwordExpirationTime Definition Used to specify the length of time that passes before the user s password expires This attribute is defined in Directory Server Syntax GeneralizedTime single valued OID 2 16 840 1 113730 3 1 91 passwordExpWarned Definit...

Page 152: ...tribute is defined in Directory Server Syntax DirectoryString single valued OID 2 16 840 1 113730 3 1 999 passwordGraceUserTime Definition Used to count the number of attempts the user has made with the expired password This attribute is defined in Directory Server Syntax DirectoryString single valued OID 2 16 840 1 113730 3 1 998 passwordHistory Definition Contains the history of the user s previ...

Page 153: ...y pwdInHistory attribute To prevent users from rapidly cycling through the number of passwords that you are tracking use the passwordMinAge attribute This attribute is defined in Directory Server Syntax Integer single valued OID 2 16 840 1 113730 3 1 101 passwordLockout pwdLockOut Definition Indicates whether users will be locked out of the directory after a given number of failed bind attempts By...

Page 154: ...he directory by repeatedly trying to guess a user s password You enable and disable the account lockout feature using the passwordLockout pwdLockOut attribute This attribute is defined in Directory Server Syntax Integer single valued OID 2 16 840 1 113730 3 1 109 passwordMaxAge pwdMaxAge Definition Indicates the number of seconds after which user passwords will expire To use this attribute you mus...

Page 155: ...ibute is defined in Directory Server Syntax Integer single valued OID 2 16 840 1 113730 3 1 106 passwordMinAge pwdMinAge Definition Indicates the number of seconds that must pass before a user can change his password Use this attribute in conjunction with the passwordInHistory pwdInHistory attribute to prevent users from quickly cycling through passwords so that they can use their old password aga...

Page 156: ...Integer single valued OID 2 16 840 1 113730 3 1 99 passwordMustChange pwdMustChange Definition Indicates whether users must change their passwords when they first bind to the Directory Server or when the password has been reset by the Manager DN This attribute is defined in Directory Server Syntax DirectoryString single valued OID 2 16 840 1 113730 3 1 220 passwordResetFailureCount pwdFailureCount...

Page 157: ...finition Used to count the number of consecutive failed attempts at entering the correct password This attribute is defined in Directory Server Syntax DirectoryString single valued OID 2 16 840 1 113730 3 1 93 passwordStorageScheme Definition Specifies the type of encryption used to store Directory Server passwords Entering the password in CLEAR for this attribute indicates that the password will ...

Page 158: ...o break into the directory by repeatedly trying to guess a user s password If this passwordUnlock attribute is set to off and the operational attribute accountUnlockTime has a value of 0 then the account will be locked indefinitely This attribute is defined in Directory Server Syntax DirectoryString single valued OID 2 16 840 1 113730 3 1 108 passwordWarning pwdExpireWarning Definition Indicates l...

Page 159: ...ord policy This attribute is defined in Directory Server Syntax DirectoryString single valued OID 2 16 840 1 113730 3 1 997 retryCountResetTime Definition Specifies the length of time that passes before the passwordRetryCount is reset This attribute is defined in Directory Server Syntax DirectoryString single valued OID 2 16 840 1 113730 3 1 94 subschemaSubentry Definition DN of an entry that cont...

Page 160: ...he server When the server does not support controls this attribute is absent This attribute is defined in RFC 2252 Syntax DirectoryString multi valued OID 1 3 6 1 4 1 1466 101 120 13 supportedExtension Definition The values of this attribute are the object identifiers OIDs that identify the supported extended operations supported by the server When the server does not support extensions this attri...

Page 161: ...4 1 1466 101 120 15 supportedSASLMechanisms Definition Identifies the names of supported SASL mechanisms supported by the server When the server does not support SASL attributes this attribute is absent This attribute is defined in RFC 2252 Syntax DirectoryString multi valued OID 1 3 6 1 4 1 1466 101 120 14 Special Attributes changes Description Contains the changes made to the entry for add and m...

Page 162: ...ute is defined in Changelog Internet Draft Syntax DN multi valued OID 2 16 840 1 113730 3 1 35 changeNumber Description This single valued attribute is always present It contains an integer which uniquely identifies each change made to a directory entry This number is related to the order in which the change occurred The higher the number the later the change This attribute is defined in Changelog...

Page 163: ... 1 113730 3 1 77 changeType Description Specifies the type of LDAP operation This attribute can have one of the following values add delete modify or modrdn For example changeType modify This attribute is defined in Changelog Internet Draft Syntax DirectoryString multi valued OID 2 16 840 1 113730 3 1 7 deleteOldRdn Description In the case of modrdn operations specifies whether the old RDN was del...

Page 164: ...alued OID 2 16 840 1 113730 3 1 9 newSuperior Description In the case of modrdn operations specifies the newSuperior attribute of the entry This attribute is defined in Changelog Internet Draft Syntax DN multi valued OID 2 16 840 1 113730 3 1 11 nsEncryptionAlgorithm Description Specifies the encryption cipher for the encrypted attribute s in the nsAttributeEncryption object class This attribute i...

Page 165: ... Syntax Case Exact String single valued OID 2 16 840 1 113730 3 1 2064 nsSaslMapBaseDNTemplate Description Contains the search base DN template used in SASL identity mapping This attribute is defined in Directory Server Syntax Case Exact String single valued OID 2 16 840 1 113730 3 1 2065 nsSaslMapFilterTemplate Description Contains the search filter template used in SASL identity mapping This att...

Page 166: ...is defined in Changelog Internet Draft Syntax DN multi valued OID 2 16 840 1 113730 3 1 6 Special Object Classes changeLogEntry Definition Used to represent changes made to the Directory Server You can configure Directory Server to maintain a change log that is compatible with the change log implemented in Directory Server 4 1x by enabling the Retro Change Log Plug in Each entry in the change log ...

Page 167: ...arily to the changelog changeTime The time at which a change took place changeType The type of change performed on an entry targetDn The distinguished name of an entry added modified or deleted on a supplier server changes Changes made to the Directory Server deleteOldRdn A flag that defines whether the old Relative Distinguished Name RDN of the entry should be kept as a distinguished attribute of...

Page 168: ...information for a user in the directory This object class is defined in Directory Server Superior Class top OID 2 16 840 1 113730 3 2 12 cn attributeName The common name of the attribute being encrypted nsEncryptionAlgorithm The encryption cipher used cn databaseName The name of the database where the attribute is stored nsSaslMapRegexString Contains a regular expression used to match SASL identit...

Page 169: ...ctory again passwordAllowChangeTime Used to specify the length of time that must pass before the user is allowed to change their password passwordExpirationTime Used to specify the length of time that passes before the user s password expires passwordExpWarned Used to indicate that a password expiration warning has been sent to the user passwordGraceUserTime Used to specify the number of login att...

Page 170: ...dITContentRules Defines the DIT content rules which are in force within a subschema dITStructureRules Defines the DIT structure rules which are in force within a subschema matchingRuleUse Indicates the attribute types to which a matching rule applies in a subschema matchingRules Defines the matching rules used within a subschema nameForms Defines the name forms used in a subschema objectClasses De...

Page 171: ...21 50ns mcd config ldif 21 50ns mcd li ldif 21 50ns mcd mail ldif 21 50ns media ldif 21 50ns mlm ldif 21 50ns msg ldif 21 50ns netshare ldif 21 50ns news ldif 21 50ns proxy ldif 21 50ns value ldif 20 50ns wcal ldif 21 50ns web ldif 21 51ns calendar ldif 21 99user ldif 20 A abstract attribute 83 account object class 26 accountUnlockTime operational attribute 142 aci operational attribute 142 alias ...

Page 172: ...cosSpecifier attribute 91 cosSuperDefinition object class 32 cosTargetTree attribute 92 cosTemplate object class 33 country object class 34 countryName attribute See c attribute crossCertificatePair attribute 93 D dc attribute 93 dcObject object class 35 default schema 19 deleteOldRdn attribute 163 deltaRevocationList attribute 94 departmentNumber attribute 94 description attribute 94 destinationI...

Page 173: ...alAddress attribute 104 homeTelephoneNumber attribute See homePhone attribute host attribute 105 houseIdentifier attribute 105 I inetOrgPerson object class 50 info attribute 106 initials attribute 106 internationalISDNNumber attribute 106 J janetMailbox attribute 107 jpegPhoto attribute 107 K keyWords attribute 108 knowledgeInformation attribute 108 L l attribute 108 labeledURI attribute 109 label...

Page 174: ...lMapFilterTemplate 165 nsSaslMapping 168 nsSaslMapRegexString 165 nsSimpleRoleDefinition object class 63 ntUserDomainId attribute 115 numSubordinates operational attribute 149 O o attribute 116 object class allowed attributes 16 defined 16 inheritance 17 required attributes 16 object identifiers OIDs 21 base OID for Directory Server 21 base OID for Netscape 21 base OID for Netscape defined attribu...

Page 175: ...rational attribute 152 passwordGraceUserTime operational attribute 152 passwordHistory operational attribute 152 passwordInHistory operational attribute 153 passwordLockout operational attribute 153 passwordLockoutDuration operational attribute 154 passwordMaxAge operational attribute 154 passwordMaxFailure operational attribute 155 passwordMinAge operational attribute 155 passwordMinLength operat...

Page 176: ...ribute 129 streetAddress attribute See street attribute strongAuthenticationUser object class 81 subject attribute 130 subschema object class 169 subschemaSubentry operational attribute 159 subtreeMaximumQuality attribute 130 subtreeMinimumQuality attribute 130 supported schema 19 supportedAlgorithms attribute 131 supportedApplicationContext attribute 131 supportedControl operational attribute 160...

Page 177: ...Index 177 userPKCS12 attribute 138 userSMIMECertificate attribute 138 X x121Address attribute 139 x500UniqueIdentifier attribute 139 ...

Page 178: ...178 Netscape Directory Server Schema Reference October 2004 ...