Page 1 Red Hat Directory Server 8.1 Schema Reference Ella Deon Lackey Publication date: April 28, 2009, updated on January 11, 2010...
Page 2 Schema Reference Red Hat Directory Server 8.1 Schema Reference Author Ella Deon Lackey Copyright © 2008 Red Hat, Inc Copyright © 2009 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA").
Page 3: Table Of Contents
Preface 1. Purpose and Contents ....................xv 2. Prerequisite Reading ..................... xv 3. Examples and Formatting ....................xvi 4. Additional Reading ....................... xvii 5. Giving Feedback ......................xviii 6. Documentation History ....................xviii 1. About Directory Server Schema 1.1. Schema Definitions ...................... 1 1.2.
Page 4 Schema Reference 2.37. displayName ......................18 2.38. dITRedirect ......................18 2.39. dmdName ........................ 19 2.40. dn (distinguishedName) .................... 19 2.41. dNSRecord ......................19 2.42. documentAuthor ....................... 19 2.43. documentIdentifier ....................20 2.44. documentLocation ..................... 20 2.45. documentPublisher ....................20 2.46. documentStore ......................20 2.47.
Page 5 2.88. lastModifiedTime ....................... 32 2.89. loginShell ......................... 32 2.90. macAddress ......................33 2.91. mail ......................... 33 2.92. mailAccessDomain ....................33 2.93. mailAlternateAddress ....................34 2.94. mailAutoReplyMode ....................34 2.95. mailAutoReplyText ....................34 2.96. mailDeliveryOption ....................34 2.97. mailEnhancedUniqueMember ..................35 2.98.
Page 6 Schema Reference 2.139. mozillaSecondEmail (xmozillasecondemail) .............. 44 2.140. mozillaUseHtmlMail (xmozillausehtmlmail) ..............45 2.141. mozillaWorkStreet2 ....................45 2.142. mozillaWorkUrl ......................45 2.143. multiLineDescription ....................45 2.144. name ........................45 2.145. netscapeReversiblePassword .................. 46 2.146. NisMapEntry ......................46 2.147. nisMapName ......................46 2.148.
Page 7 2.190. nsKeyfile ........................ 55 2.191. nsLdapSchemaVersion .................... 55 2.192. nsLicensedFor ......................55 2.193. nsLicenseEndTime ....................56 2.194. nsLicenseStartTime ....................56 2.195. nsLogSuppress ....................... 56 2.196. nsmsgDisallowAccess ..................... 56 2.197. nsmsgNumMsgQuota ....................57 2.198. nsMSNid ........................ 57 2.199. nsNickName ......................57 2.200.
Page 8 Schema Reference 2.241. nsValueDefault ......................66 2.242. nsValueDescription ....................66 2.243. nsValueDN ......................66 2.244. nsValueFlags ......................66 2.245. nsValueHelpURL ..................... 67 2.246. nsValueInt ......................67 2.247. nsValueSyntax ......................67 2.248. nsValueTel ......................67 2.249. nsValueType ......................67 2.250. nsVendor ........................ 67 2.251.
Page 9 2.292. objectClass ......................77 2.293. objectClasses ......................78 2.294. obsoletedByDocument .................... 78 2.295. obsoletesDocument ....................78 2.296. oncRpcNumber ....................... 78 2.297. organizationalStatus ....................79 2.298. otherMailbox ......................79 2.299. ou (organizationalUnitName) ................... 79 2.300. owner ........................79 2.301. pager ........................80 2.302.
Page 10 Schema Reference 2.343. singleLevelQuality ....................91 2.344. sn (surname) ......................91 2.345. st (stateOrProvinceName) ..................91 2.346. street ........................92 2.347. subject ........................92 2.348. subtreeMaximumQuality ..................92 2.349. subtreeMinimumQuality ................... 92 2.350. supportedAlgorithms ....................93 2.351. supportedApplicationContext ..................93 2.352.
Page 11 3.21. groupOfCertificates ....................117 3.22. groupOfMailEnhancedUniqueNames ................ 118 3.23. groupOfNames ....................... 119 3.24. groupOfUniqueNames ..................... 119 3.25. groupOfURLs ......................120 3.26. ieee802Device ......................121 3.27. inetAdmin ....................... 122 3.28. inetDomain ......................123 3.29. inetOrgPerson ......................123 3.30. inetSubscriber ......................126 3.31.
Page 12 Schema Reference 3.72. nsGlobalParameters ....................153 3.73. nsHost ........................154 3.74. nsICQpresence ....................... 155 3.75. nsLicenseUser ......................155 3.76. nsManagedRoleDefinition ..................156 3.77. nsMessagingServerUser ..................156 3.78. nsMSNpresence ..................... 157 3.79. nsNestedRoleDefinition ................... 158 3.80. nsResourceRef ....................... 158 3.81. nsRoleDefinition ...................... 159 3.82.
Page 13 4.12. ldapSyntaxes ......................190 4.13. matchingRules ......................190 4.14. matchingRuleUse ....................190 4.15. modifyTimestamp ....................190 4.16. modifiersName ....................... 190 4.17. nameForms ......................191 4.18. namingContexts ...................... 191 4.19. nsAccountLock ....................... 191 4.20. nsAIMStatusGraphic ....................191 4.21. nsAIMStatusText ..................... 191 4.22.
Page 15: Prerequisite Reading
Preface Welcome to the Red Hat Directory Server Schema Reference. Red Hat Directory Server is a powerful and scalable distributed directory server application that uses the Lightweight Directory Access Protocol (LDAP) standard. Directory Server creates centralized and distributed data repositories for use with an intranet, extranet, and Internet applications.
Page 16: Examples And Formatting
Preface 3. Examples and Formatting Each of the examples used in this guide, such as file locations and commands, have certain defined conventions. 3.1. Command and File Examples All of the examples for Red Hat Directory Server commands, file locations, and other usage are given for Red Hat Enterprise Linux 5 (32-bit) systems.
Page 17: Additional Reading
Additional Reading Formatting Style Purpose options in a user interface, such as a User Name Here: field or Save button. Other formatting styles draw attention to important text. NOTE A note provides additional information that can help illustrate the behavior of the system or provide more detail for a specific issue.
Page 18: Giving Feedback
If there is any error in this Schema Reference or there is any way to improve the documentation, please let us know. Bugs can be filed against the documentation for Red Hat Directory Server through Bugzilla, http://bugzilla.redhat.com/bugzilla. Make the bug report as specific as possible, so we can be more effective in correcting any issues: •...
Page 19 Removing any references to the Directory Server Gateway or Org Chart. Revision 8.1.1 September 5, 2009 Ella Deon Lackey Adding the HPUX schema file directory to the default schema file overview section, per Bugzilla #521140. Revision 8.1.0 April 28, 2009 Ella Deon Lackey dlackey@redhat.com Initial draft for version 8.1.
Page 21: Schema Definitions
Chapter 1. About Directory Server Schema This chapter provides an overview of some of the basic concepts of the directory schema and lists the files in which the schema is described. It describes object classes, attributes, and object identifiers (OIDs) and briefly discusses extending server schema and schema checking. 1.1.
Page 22: Required And Allowed Attributes
Chapter 1. About Directory Server Schema 1.1.1.1. Required and Allowed Attributes Every object class defines a number of required attributes and of allowed attributes. Required attributes must be present in entries using the specified object class, while allowed attributes are permissible and available for the entry to use, but are not required for the entry to be valid.
Page 23: Attribute Syntax
Attributes Example 1.2, “description Attribute Schema Entry”. This is shown in attributetypes: ( 2.5.4.13 NAME 'description' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' ) Example 1.2. description Attribute Schema Entry Some attributes can be abbreviated. These abbreviations are listed as part of the attribute definition: attributetypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) ...
Page 24 Chapter 1. About Directory Server Schema Syntax Method Definition Postal Address 1.3.6.1.4.1.1466.115.121.1.41 Indicates that values for this attribute are encoded in the format postal-address = dstring* ("$" dstring). For example: 1234 Main St.$Raleigh, NC 12345$USA Each dstring component is encoded as a DirectoryString value.
Page 25: Default Directory Server Schema Files
Default Directory Server Schema Files 1.2. Default Directory Server Schema Files Template schema definitions for Directory Server are stored in the /etc/dirsrv/schema directory. These default schema files are used to generate the schema files for new Directory Server instances. Each server instance has its own instance-specific schema directory in /etc/dirsrv/ slapd-instance_name/schema (/etc/opt/dirsrv/slapd-instance_name/schema on HP- UX).
Page 26: Object Identifiers (Oids)
Chapter 1. About Directory Server Schema Schema File Purpose 30ns-common.ldif Common schema. 50ns-admin.ldif Schemas used by the Administration Server. 50ns-certificate.ldif Schemas used by Red Hat Certificate System. 50ns-directory.ldif Schema used by legacy Directory Server 4.x servers. 50ns-mail.ldif Schema for mail servers. 50ns-value.ldif Schema for value items in Directory Server.
Page 27: Extending The Schema
Extending the Schema of numeric OIDs can lead to problems with clients, server interoperability, and server behavior, assigning a numeric OID is strongly recommended. OIDs can be built on. The base OID is a root number which is used for every schema element for an organization, and then schema elements can be incremented from there.
Page 29: Accessto
Chapter 2. Directory Server Attribute Reference This chapter contains reference information about Red Hat Directory Server (Directory Server) attributes. The attributes are listed in alphabetical order with their definition, syntax, and OID. This chapter contains information about attributes that describe directory entries, like users, groups, and equipment.
Page 30: Adminurl
Chapter 2. Directory Server Attribute Reference Defined in Netscape Administration Services 2.5. adminUrl This attribute contains the URL of the Administration Server. 2.16.840.1.113730.3.1.75 Syntax IA5String Multi- or Single-Valued Multi-valued Defined in Netscape Administration Services 2.6. aliasedObjectName The aliasedObjectName attribute is used by the Directory Server to identify alias entries. This attribute contains the DN (distinguished name) for the entry for which this entry is the alias.
Page 31: Attributetypes
attributetypes Multi- or Single-Valued Multi-valued RFC 1274 Defined in 2.9. attributetypes This attribute is used in a schema file to identify an attribute defined within the subschema. 2.5.21.5 Syntax DirectoryString Multi- or Single-Valued Multi-valued RFC 2252 Defined in 2.10. audio The audio attribute contains a sound file using a binary format.
Page 32: Authorsn
Chapter 2. Directory Server Attribute Reference Multi- or Single-Valued Multi-valued RFC 2256 Defined in 2.13. authorSn The authorSn attribute contains the last name or family name of the author of a document entry. For example: authorSn: Smith 0.9.2342.19200300.102.1.12 Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in...
Page 33: Bootparameter
bootParameter RFC 2307 Defined in 2.16. bootParameter This attribute contains the value for rpc.bootparamd. NOTE The bootParameter attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/ dirsrv/slapd-instance_name/schema directory.
Page 34: Cacertificate
Chapter 2. Directory Server Attribute Reference countryName: GB c: US 2.5.4.6 Syntax DirectoryString Multi- or Single-Valued Single-valued RFC 2256 Defined in 2.20. cACertificate The cACertificate attribute contains a CA certificate. The attribute should be requested and stored binary format, such as cACertificate;binary. For example: cACertificate;binary:: AAAAAA== 2.5.4.37 Syntax...
Page 35: Cn (Commonname)
cn (commonName) 2.23. cn (commonName) The commonName attribute contains the name of an entry. For user entries, the cn attribute is typically the person's full name. For example: commonName: John Smith cn: Bill Anderson With the LDAPReplica or LDAPServerobject object classes, the cn attribute value has the following format: cn: replicater.example.com:17430/dc%3Dexample%2Cdc%3com 2.5.4.3...
Page 36: Cospriority
Chapter 2. Directory Server Attribute Reference 2.16.840.1.113730.3.1.577 Syntax DirectoryString Multi- or Single-Valued Single-valued Defined in Directory Server 2.27. cosPriority The cosPriority attribute specifies which template provides the attribute value when CoS templates compete to provide an attribute value. This attribute represents the global priority of a template.
Page 37: Crosscertificatepair
crossCertificatePair Defined in Directory Server 2.31. crossCertificatePair The value for the crossCertificatePair attribute must be requested and stored in binary format, such as certificateCertificatePair;binary. For example: crossCertificatePair;binary:: AAAAAA== 2.5.4.40 Syntax Binary Multi- or Single-Valued Multi-valued RFC 2256 Defined in 2.32. dc (domainComponent) The dc attribute contains one component of a domain name.
Page 38: Description
Chapter 2. Directory Server Attribute Reference RFC 2798 Defined in 2.35. description The description attribute provides a human-readable description for an entry. For person or organization object classes, this can be used for the entry's role or work assignment. For example: description: Quality control inspector for the ME2873 product line.
Page 39: Dmdname
dmdName dITRedirect: cn=jsmith, dc=example,dc=com 0.9.2342.19200300.100.1.54 Syntax RFC 1274 Defined in 2.39. dmdName The dmdName attribute value specifies a directory management domain (DMD), the administrative authority that operates the Directory Server. 2.5.4.54 Syntax DirectoryString Multi- or Single-Valued Single-valued RFC 2256 Defined in 2.40.
Page 40: Documentidentifier
Chapter 2. Directory Server Attribute Reference Syntax Multi- or Single-Valued Multi-valued RFC 1274 Defined in 2.43. documentIdentifier The documentIdentifier attribute contains a unique identifier for a document. For example: documentIdentifier: L3204REV1 0.9.2342.19200300.100.1.11 Syntax DirectoryString Multi- or Single-Valued Multi-valued RFC 1274 Defined in 2.44.
Page 41: Documenttitle
documentTitle Multi- or Single-Valued Multi-valued Defined in Internet White Pages Pilot 2.47. documentTitle The documentTitle attribute contains a document's title. For example: documentTitle: Red Hat Directory Server Administrator Guide 0.9.2342.19200300.100.1.12 Syntax DirectoryString Multi- or Single-Valued Multi-valued RFC 1274 Defined in 2.48.
Page 42: Employeenumber
Chapter 2. Directory Server Attribute Reference Syntax Directory-String Multi- or Single-Valued Single-valued RFC 1274 Defined in 2.51. employeeNumber The employeeNumber attribute contains the employee number for the person. For example: employeeNumber: 3441 2.16.840.1.113730.3.1.3 Syntax Directory-String Multi- or Single-Valued Single-valued RFC 2798 Defined in 2.52.
Page 43: Gecos
gecos 2.5.4.23 Syntax TelephoneNumber Multi- or Single-Valued Multi-valued RFC 2256 Defined in 2.55. gecos The gecos attribute is used to determine the GECOS field for the user. This is comparable to the cn attribute, although using a gecos attribute allows additional information to be embedded in the GECOS field aside from the common name.
Page 44: Givenname
Chapter 2. Directory Server Attribute Reference NOTE The gidNumber attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/ dirsrv/slapd-instance_name/schema directory.
Page 45: Homepostaladdress
homePostalAddress homePhone: 415-555-1234 NOTE Although RFC 1274 defines both homeTelephoneNumber and homePhone as names for the residential phone number attribute, Directory Server only implements the homePhone name. 0.9.2342.19200300.100.1.20 Syntax TelephoneNumber Multi- or Single-Valued Multi-valued RFC 1274 Defined in 2.61. homePostalAddress The homePostalAddress attribute contains an entry's home mailing address.
Page 46: Houseidentifier
Chapter 2. Directory Server Attribute Reference 2.63. houseIdentifier The houseIdentifier contains an identifier for a specific building at a location. For example: houseIdentifier: B105 2.5.4.51 Syntax DirectoryString Multi- or Single-Valued Multi-valued RFC 2256 Defined in 2.64. inetDomainBaseDN This attribute identifies the base DN of user subtree for a DNS domain. 2.16.840.1.113730.3.1.690 Syntax Multi- or Single-Valued...
Page 47: Inetsubscriberresponse
inetSubscriberResponse 2.16.840.1.113730.3.1.695 Syntax IA5String Multi- or Single-Valued Single-valued Defined in Subscriber interoperability 2.68. inetSubscriberResponse The inetSubscriberResponse attribute contains the answer to the challenge question in the inetSubscriberChallenge attribute to verify the user in the subscriberIdentity attribute. 2.16.840.1.113730.3.1.696 Syntax IA5String Multi- or Single-Valued Multi-valued Defined in Subscriber interoperability...
Page 48: Initials
Chapter 2. Directory Server Attribute Reference 2.72. initials The initials contains a person's initials; this does not contain the entry's surname. For example: initials: BAJ Directory Server and Active Directory handle the initials attribute differently. The Directory Server allows a practically unlimited number of characters, while Active Directory has a restriction of six characters.
Page 49: Ipnetmasknumber
ipNetmaskNumber 1.3.6.1.1.1.1.19 Syntax DirectoryString Multi- or Single-Valued Multi-Valued RFC 2307 Defined in 2.76. ipNetmaskNumber This contains the IP netmask for the server. NOTE The ipHostNumber attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/ dirsrv/slapd-instance_name/schema directory.
Page 50: Ipserviceport
Chapter 2. Directory Server Attribute Reference copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance_name/schema directory. 1.3.6.1.1.1.1.17 Syntax Integer Multi- or Single-Valued Single-Valued RFC 2307 Defined in 2.79. ipServicePort This attribute gives the port used by the IP service. NOTE The ipServicePort attribute is defined in 10rfc2307.ldif in the Directory Server.
Page 51: Jpegphoto
jpegPhoto 0.9.2342.19200300.100.1.46 Syntax DirectoryString Multi- or Single-Valued Multi-valued RFC 1274 Defined in 2.82. jpegPhoto The jpegPhoto attribute contains a JPEG photo, a binary value. For example: jpegPhoto:: AAAAAA== 0.9.2342.19200300.100.1.60 Syntax Binary Multi- or Single-Valued Multi-valued RFC 2798 Defined in 2.83. keyWords The keyWords attribute contains keywords associated with the entry.
Page 52: Labeleduri
Chapter 2. Directory Server Attribute Reference Syntax DirectoryString Multi- or Single-Valued Multi-valued RFC 2256 Defined in 2.86. labeledURI The labeledURI contains a Uniform Resource Identifier (URI) which is related, in some way, to the entry. Values placed in the attribute should consist of a URI (currently only URLs are supported), optionally followed by one or more space characters and a label.
Page 53: Macaddress
macAddress loginShell: c:\scripts\jsmith.bat NOTE The loginShell attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/ dirsrv/slapd-instance_name/schema directory. 1.3.6.1.1.1.1.4 Syntax IA5String...
Page 54: Mailalternateaddress
Chapter 2. Directory Server Attribute Reference 2.16.840.1.113730.3.1.12 Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Netscape Messaging Server 2.93. mailAlternateAddress The mailAlternateAddress attribute contains additional email addresses for a user. This attribute does not reflect the default or primary email address; that email address is set by the mail attribute. For example: mailAlternateAddress: jsmith@example.com mailAlternateAddress: smith1701@alt.com...
Page 55: Mailenhanceduniquemember
mailEnhancedUniqueMember 2.97. mailEnhancedUniqueMember This attribute contains the DN of a unique member of a mail group. 2.16.840.1.113730.3.1.31 Syntax Multi- or Single-Valued Multi-valued Defined in Netscape Messaging Server 2.98. mailForwardingAddress This attribute contains an email address to which to forward a user's email. 2.16.840.1.113730.3.1.17 Syntax DirectoryString...
Page 56: Mailprogramdeliveryinfo
Chapter 2. Directory Server Attribute Reference Added only to mailing lists which the provider views as relevant to the user interest. If the attribute is absent, then the default is to assume that the user is not included on any mailing list. This attribute should be interpreted by anyone using the directory to derive mailing lists and its value respected.
Page 57: Member
member 0.9.2342.19200300.100.1.10 Syntax Multi- or Single-Valued Multi-valued RFC 1274 Defined in 2.106. member The member attribute contains the distinguished names (DNs) of each member of a group. For example: member: cn=John Smith, dc=example,dc=com 2.5.4.31 Syntax Multi- or Single-Valued Multi-valued RFC 2256 Defined in 2.107.
Page 58: Membernisnetgroup
Chapter 2. Directory Server Attribute Reference 2.108. memberNisNetgroup This attribute merges the attribute values of another netgroup into the current one by listing the name of the merging netgroup. NOTE The memberNisNetgroup attribute is defined in 10rfc2307.ldif in the Directory Server.
Page 59: Memberurl
memberURL 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/ dirsrv/slapd-instance_name/schema directory. 1.3.6.1.1.1.1.12 Syntax IA5String Multi- or Single-Valued Single-valued RFC 2307 Defined in 2.111. memberURL This attribute identifies a URL associated with each member of a group. Any type of labeled URL can be used.
Page 60: Mgrpapprovepassword
Chapter 2. Directory Server Attribute Reference Defined in Netscape Messaging Server 2.115. mgrpApprovePassword This attribute sets whether a user must approve a password used to access their email. mgrpApprovePassword-oid Syntax IA5String Multi- or Single-Valued Single-valued Defined in Netscape Messaging Server 2.116.
Page 61: Mgrpmsgmaxsize
mgrpMsgMaxSize Defined in Netscape Messaging Server 2.120. mgrpMsgMaxSize This attribute sets the maximum size allowed for email messages. 2.16.840.1.113730.3.1.32 Syntax DirectoryString Multi- or Single-Valued Single-valued Defined in Netscape Messaging Server 2.121. mgrpMsgRejectAction This attribute defines what actions the messaging server should take for rejected messages. 2.16.840.1.113730.3.1.28 Syntax DirectoryString...
Page 62: Mgrprfc822Mailmember
Chapter 2. Directory Server Attribute Reference 2.125. mgrpRFC822MailMember This attribute identifies the member of a mail group. 2.16.840.1.113730.3.1.30 Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Netscape Messaging Server 2.126. mobile The mobile, or mobileTelephoneNumber, contains the entry's mobile or cellular phone number. For example: mobileTelephoneNumber: 415-555-4321 0.9.2342.19200300.100.1.41...
Page 63: Mozillacustom4
mozillaCustom4 Defined in Mozilla Address Book 2.130. mozillaCustom4 This attribute is used by Mozilla Thunderbird to manage a shared address book. 1.3.6.1.4.1.13769.4.4 Syntax DirectoryString Multi- or Single-Valued Single-valued Defined in Mozilla Address Book 2.131. mozillaHomeCountryName This attribute sets the country used by Mozilla Thunderbird in a shared address book. 1.3.6.1.4.1.13769.3.6 Syntax DirectoryString...
Page 64: Mozillahomestreet
Chapter 2. Directory Server Attribute Reference Defined in Mozilla Address Book 2.135. mozillaHomeStreet This attribute sets the street address used by Mozilla Thunderbird in a shared address book. 1.3.6.1.4.1.13769.3.1 Syntax DirectoryString Multi- or Single-Valued Single-valued Defined in Mozilla Address Book 2.136.
Page 65: Mozillausehtmlmail (Xmozillausehtmlmail)
mozillaUseHtmlMail (xmozillausehtmlmail) Multi- or Single-Valued Single-valued Defined in Mozilla Address Book 2.140. mozillaUseHtmlMail (xmozillausehtmlmail) This attribute sets an email type preference for an entry in a shared address book in Mozilla Thunderbird. 1.3.6.1.4.1.13769.2.3 Syntax Boolean Multi- or Single-Valued Single-valued Defined in Mozilla Address Book 2.141.
Page 66: Netscapereversiblepassword
Chapter 2. Directory Server Attribute Reference It is unlikely that values of this type will occur in an entry. LDAP server implementations that do not support attribute subtyping do not need to recognize this attribute in requests. Client implementations should not assume that LDAP servers are capable of performing attribute subtyping. 2.5.4.41 Syntax DirectoryString...
Page 67: Nsaccesslog
nsAccessLog NOTE This attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/ dirsrv/slapd-instance_name/schema directory. 1.3.6.1.1.1.1.14 Syntax IA5String Multi- or Single-Valued Multi-valued RFC 2307...
Page 68: Nsadmincachelifetime
Chapter 2. Directory Server Attribute Reference Multi- or Single-Valued Multi-valued Defined in Netscape Administration Services 2.153. nsAdminCacheLifetime This sets the length of time to store the cache used by the Directory Server. nsAdminCacheLifetime-oid Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Netscape Administration Services 2.154.
Page 69: Nsadmingroupname
nsAdminGroupName Multi- or Single-Valued Multi-valued Defined in Netscape Administration Services 2.158. nsAdminGroupName This attribute gives the name of the admin guide. nsAdminGroupName-oid Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Netscape Administration Services 2.159. nsAdminOneACLDir This attribute gives the directory path to the directory containing access control lists for the Administration Server.
Page 70: Nsbasedn
Chapter 2. Directory Server Attribute Reference Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Directory Server 2.163. nsBaseDN This contains the base DN used in the Directory Server's server instance definition entry. nsBaseDN-oid Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Directory Server 2.164.
Page 71: Nscertconfig
nsCertConfig Syntax DirectoryString Multi- or Single-Valued Multi-valued RFC 2256 Defined in 2.168. nsCertConfig This attribute defines the configuration for the Red Hat Certificate System. nsCertConfig-oid Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Certificate System 2.169. nsCertfile This attribute contains the directory location of a certificate file. nsCertfile-oid Syntax DirectoryString...
Page 72: Nsdefaultacceptlanguage
Chapter 2. Directory Server Attribute Reference Multi- or Single-Valued Multi-valued Defined in Mozilla Address Book 2.173. nsDefaultAcceptLanguage This attribute contains the language codes which are accepted for HTML clients. nsDefaultAcceptLanguage-oid Syntax DirectoryString Multi- or Single-Valued Multi-valued RFC 2256 Defined in 2.174.
Page 73: Nsdirectoryurl
nsDirectoryURL RFC 2256 Defined in 2.178. nsDirectoryURL This attribute contains the Directory Server URL. nsDirectoryURL-oid Syntax IA5String Multi- or Single-Valued Multi-valued RFC 2256 Defined in 2.179. nsDisplayName This attribute contains a display name. nsDisplayName-oid Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Netscape Administration Services 2.180.
Page 74: Nsgrouprdncomponent
Chapter 2. Directory Server Attribute Reference RFC 2256 Defined in 2.183. nsGroupRDNComponent This attribute defines the attribute to use for the RDN of a group entry. nsGroupRDNComponent-oid Syntax DirectoryString Multi- or Single-Valued Multi-valued RFC 2256 Defined in 2.184. nsHardwarePlatform This attribute indicates the hardware on which the server is running. The value of this attribute is the same as the output from uname -m.
Page 75: Nsinstalledlocation
nsInstalledLocation Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Directory Server 2.188. nsInstalledLocation This attribute contains the installation directory for Directory Servers which are version 7.1 or older. nsInstalledLocation-oid Syntax DirectoryString Multi- or Single-Valued Multi-valued RFC 2256 Defined in 2.189. nsJarfilename This attribute gives the jar file name used by the Console.
Page 76: Nslicenseendtime
Chapter 2. Directory Server Attribute Reference • slapd for a licensed Directory Server client. • mail for a licensed mail server client. • news for a licensed news server client. • cal for a licensed calender server client. For example: nsLicensedFor: slapd 2.16.840.1.113730.3.1.36 Syntax...
Page 77: Nsmsgnummsgquota
nsmsgNumMsgQuota nsmsgDisallowAccess-oid Syntax IA5String Multi- or Single-Valued Multi-valued Defined in Netscape Messaging Server 2.197. nsmsgNumMsgQuota This attribute sets a quota for the number of messages which will be kept by the messaging server. nsmsgNumMsgQuota-oid Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Netscape Messaging Server 2.198.
Page 78: Nspidlog
Chapter 2. Directory Server Attribute Reference nsOsVersion-oid Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Netscape 2.202. nsPidLog nsPidLog-oid Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Netscape 2.203. nsPreference This attribute stores the Console preference settings. nsPreference-oid Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in...
Page 79: Nssecureserverport
nsSecureServerPort Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Netscape 2.207. nsSecureServerPort This attribute contains the SSL port for the Directory Server. NOTE This attribute does not configure the SSL port for the Directory Server. This is configured in nsslapd-secureport configuration attribute in the Directory Server's dse.ldif file.
Page 80: Nsserverid
Chapter 2. Directory Server Attribute Reference Multi- or Single-Valued Multi-valued Defined in Netscape 2.211. nsServerID This contains the server's instance name. For example: nsServerID: slapd-example nsServerID-oid Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Netscape 2.212. nsServerMigrationClassname This attribute contains the name of the class to use when migrating a server. nsServerMigrationClassname-oid Syntax DirectoryString...
Page 81: Nssnmpcontact
nsSNMPContact Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Netscape 2.215. nsSNMPContact This attribute contains the contact information provided by the SNMP. 2.16.840.1.113730.3.1.235 Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Directory Server 2.216. nsSNMPDescription This contains a description of the SNMP service. 2.16.840.1.113730.3.1.236 Syntax DirectoryString...
Page 82: Nssnmpmasterport
Chapter 2. Directory Server Attribute Reference Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Directory Server 2.220. nsSNMPMasterPort This attribute shows the port number for the SNMP subagent. 2.16.840.1.113730.3.1.238 Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Directory Server 2.221. nsSNMPOrganization This attribute contains the organization information provided by SNMP.
Page 83: Nsssl3Ciphers
nsSSL3Ciphers Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Directory Server 2.225. nsSSL3Ciphers This attribute contains the list of allowed SSL3 ciphers. nsSSL3Ciphers-oid Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Netscape 2.226. nsSSL3SessionTimeout This attribute shows the SSLv3 cipher session timeout period. nsSSL3SessionTimeout-oid Syntax DirectoryString...
Page 84: Nssslpersonalityssl
Chapter 2. Directory Server Attribute Reference Defined in Netscape 2.229. nsSSLPersonalitySSL This attribute contains the certificate name to use for SSL. nsSSLPersonalitySSL-oid Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Netscape 2.230. nsSSLSessionTimeout This attribute sets how long an SSL session is active before it times out. nsSSLSessionTimeout-oid Syntax DirectoryString...
Page 85: Nstasklabel
nsTaskLabel Multi- or Single-Valued Multi-valued Defined in Netscape 2.234. nsTaskLabel nsTaskLabel-oid Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Netscape 2.235. nsUniqueAttribute This sets a unique attribute for the server preferences. nsUniqueAttribute-oid Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Netscape Administration Services 2.236.
Page 86: Nsvalueces
Chapter 2. Directory Server Attribute Reference 2.239. nsValueCES 2.16.840.1.113730.3.1.244 Syntax IA5String Multi- or Single-Valued Multi-valued Defined in Netscape servers — value item 2.240. nsValueCIS 2.16.840.1.113730.3.1.243 Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Netscape servers — value item 2.241. nsValueDefault 2.16.840.1.113730.3.1.250 Syntax DirectoryString...
Page 87: Nsvaluehelpurl
nsValueHelpURL 2.245. nsValueHelpURL 2.16.840.1.113730.3.1.254 Syntax IA5String Multi- or Single-Valued Multi-valued Defined in Netscape servers — value item 2.246. nsValueInt 2.16.840.1.113730.3.1.246 Syntax Integer Multi- or Single-Valued Multi-valued Defined in Netscape servers — value item 2.247. nsValueSyntax 2.16.840.1.113730.3.1.253 Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Netscape servers —...
Page 88: Nsviewconfiguration
Chapter 2. Directory Server Attribute Reference Multi- or Single-Valued Multi-valued Defined in Netscape 2.251. nsViewConfiguration This attribute stores the view configuration used by Console. nsViewConfiguration-oid Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Netscape Administration Services 2.252. nsViewFilter This attribute sets the attribute-value pair which is used to identify entries belonging to the view. 2.16.840.1.113730.3.1.3023 Syntax IA5String...
Page 89: Ntgroupattributes
ntGroupAttributes Defined in Directory Server 2.256. ntGroupAttributes This attribute points to a binary file which contains information about the group. For example: ntGroupAttributes:: IyEvYmluL2tzaAoKIwojIGRlZmF1bHQgdmFsdWUKIwpIPSJgaG9zdG5hb 2.16.840.1.113730.3.1.536 Syntax Binary Multi- or Single-Valued Single-valued Defined in Netscape NT Synchronization 2.257. ntGroupCreateNewGroup The ntGroupCreateNewGroup attribute is used by Windows Sync to determine whether the Directory Server should create new group entry when a new group is created on a Windows server.
Page 90: Ntgroupid
Chapter 2. Directory Server Attribute Reference 2.260. ntGroupId The ntGroupId attribute points to a binary file which identifies the group. For example: ntGroupId: IOUnHNjjRgghghREgfvItrGHyuTYhjIOhTYtyHJuSDwOopKLhjGbnGFtr 2.16.840.1.113730.3.1.110 Syntax Binary Multi- or Single-Valued Single-valued Defined in Netscape NT Synchronization 2.261. ntGroupType In Active Directory, there are two major types of groups: security and distribution. Security groups are most similar to groups in Directory Server, since security groups can have policies configured for access controls, resource restrictions, and other permissions.
Page 91: Ntuseracctexpires
ntUserAcctExpires Multi- or Single-Valued Single-valued Defined in Netscape NT Synchronization 2.263. ntUserAcctExpires This attribute indicates when the entry's Windows account will expire. This value is stored as a string in GMT format. For example: ntUserAcctExpires: 20081015203415 2.16.840.1.113730.3.1.528 Syntax DirectoryString Multi- or Single-Valued Single-valued Defined in Netscape NT Synchronization...
Page 92: Ntusercomment
Chapter 2. Directory Server Attribute Reference 2.267. ntUserComment This attribute contains a text description or note about the user entry. 2.16.840.1.113730.3.1.522 Syntax DirectoryString Multi- or Single-Valued Single-valued Defined in Netscape NT Synchronization 2.268. ntUserCountryCode This attribute contains the two-character country code for the country where the user is located. 2.16.840.1.113730.3.1.532 Syntax DirectoryString...
Page 93: Ntuserflags
ntUserFlags Syntax DirectoryString Multi- or Single-Valued Single-valued Defined in Netscape NT Synchronization 2.272. ntUserFlags This attribute contains additional flags set for the Windows account. 2.16.840.1.113730.3.1.523 Syntax Binary Multi- or Single-Valued Single-valued Defined in Netscape NT Synchronization 2.273. ntUserHomeDir The ntUserHomeDir attribute contains an ASCII string representing the Windows user's home directory.
Page 94: Ntuserlastlogon
Chapter 2. Directory Server Attribute Reference Syntax DirectoryString Multi- or Single-Valued Single-valued Defined in Netscape NT Synchronization 2.276. ntUserLastLogon The ntUserLastLogon attribute contains the time that the user last logged into the Windows domain. This value is stored as a string in GMT format. If security logging is turned on, then this attribute is updated on synchronization only if some other aspect of the user's entry has changed.
Page 95: Ntusernumlogons
ntUserNumLogons Multi- or Single-Valued Single-valued Defined in Netscape NT Synchronization 2.280. ntUserNumLogons This attribute shows the number of successful logons to the Active Directory domain for the user. 2.16.840.1.113730.3.1.64 Syntax Binary Multi- or Single-Valued Single-valued Defined in Netscape NT Synchronization 2.281.
Page 96: Ntuserprofile
Chapter 2. Directory Server Attribute Reference Syntax Binary Multi- or Single-Valued Single-valued Defined in Netscape NT Synchronization 2.285. ntUserProfile The ntUserProfile attribute contains the path to a user's profile. For example: ntUserProfile: c:\jsmith\profile.txt 2.16.840.1.113730.3.1.67 Syntax DirectoryString Multi- or Single-Valued Single-valued Defined in Netscape NT Synchronization 2.286.
Page 97: Ntuserusrcomment
ntUserUsrComment Defined in Netscape NT Synchronization 2.289. ntUserUsrComment The ntUserUsrComment attribute contains additional comments about the user. 2.16.840.1.113730.3.1.61 Syntax DirectoryString Multi- or Single-Valued Single-valued Defined in Netscape NT Synchronization 2.290. ntUserWorkstations The ntUserWorkstations attribute contains a list of names, in ASCII strings, of work stations which the user is allowed to log in to.
Page 98: Objectclasses
Chapter 2. Directory Server Attribute Reference RFC 2256 Defined in 2.293. objectClasses This attribute is used in a schema file to identify an object class allowed by the subschema definition. 2.5.21.6 Syntax DirectoryString Multi- or Single-Valued Multi-valued RFC 2252 Defined in 2.294.
Page 99: Organizationalstatus
organizationalStatus RFC 2307 Defined in 2.297. organizationalStatus The organizationalStatus identifies the person's category within an organization. organizationalStatus: researcher 0.9.2342.19200300.100.1.45 Syntax DirectoryString Multi- or Single-Valued Multi-valued RFC 1274 Defined in 2.298. otherMailbox The otherMailbox attribute contains values for email types other than X.400 and RFC 822. otherMailbox: internet $ jsmith@example.com 0.9.2342.19200300.100.1.22 Syntax...
Page 100: Pager
Chapter 2. Directory Server Attribute Reference RFC 2256 Defined in 2.301. pager The pagerTelephoneNumber, or pager, attribute contains a person's pager phone number. pagerTelephoneNumber: 415-555-6789 pager: 415-555-6789 0.9.2342.19200300.100.1.42 Syntax TelephoneNumber Multi- or Single-Valued Multi-valued RFC 1274 Defined in 2.302. pamExcludeSuffix This attribute specifies a suffix to exclude from PAM authentication.
Page 101: Pamincludesuffix
pamIncludeSuffix Syntax DirectoryString Multi- or Single-Valued Single-valued Defined in Directory Server 2.306. pamIncludeSuffix This attribute sets a suffix to include for PAM authentication. 2.16.840.1.113730.3.1.2067 Syntax Multi- or Single-Valued Multi-valued Defined in Directory Server 2.307. pamMissingSuffix This attribute sets how the LDAP server handles authentication if specified include or exclude suffixes are missing.
Page 102: Personalsignature
Chapter 2. Directory Server Attribute Reference 1.3.6.1.4.1.1466.101.120.41 Syntax Multi- or Single-Valued Single-valued Defined in Netscape 2.311. personalSignature The personalSignature attribute contains the entry's signature file, in binary format. personalSignature:: AAAAAA== 0.9.2342.19200300.100.1.53 Syntax Binary Multi- or Single-Valued Multi-valued RFC 1274 Defined in 2.312.
Page 103: Postaladdress
postalAddress 2.5.4.19 Syntax DirectoryString Multi- or Single-Valued Multi-valued RFC 2256 Defined in 2.315. postalAddress The postalAddress attribute identifies the entry's mailing address. This field is intended to include multiple lines. When represented in LDIF format, each line should be separated by a dollar sign ($). To represent an actual dollar sign ($) or backslash (\) within the entry text, use the escaped hex values \24 and \5c respectively.
Page 104: Preferreddeliverymethod
Chapter 2. Directory Server Attribute Reference Multi- or Single-Valued Multi-valued RFC 2256 Defined in 2.318. preferredDeliveryMethod The preferredDeliveryMethod contains an entry's preferred contact or delivery method. For example: preferredDeliveryMethod: telephone 2.5.4.28 Syntax DirectoryString Multi- or Single-Valued Multi-valued RFC 2256 Defined in 2.319.
Page 105: Presentationaddress
presentationAddress Defined in Netscape 2.322. presentationAddress The presentationAddress attribute contains the OSI presentation address for an entry. This attribute includes the OSI Network Address and up to three selectors, one each for use by the transport, session, and presentation entities. For example: presentationAddress: TELEX+00726322+RFC-1006+02+130.59.2.1 2.5.4.29 Syntax...
Page 106: Roleoccupant
Chapter 2. Directory Server Attribute Reference 2.5.4.26 Syntax DirectoryString Multi- or Single-Valued Multi-valued RFC 2256 Defined in 2.326. roleOccupant This attribute contains the distinguished name of the person acting in the role defined in the organizationalRole entry. roleOccupant: uid=bjensen, dc=example,dc=com 2.5.4.33 Syntax Multi- or Single-Valued...
Page 107: Seealso
seeAlso 0.9.2342.19200300.100.1.21 Syntax Multi- or Single-Valued Multi-valued RFC 1274 Defined in 2.330. seeAlso The seeAlso attribute identifies another Directory Server entry that may contain information related to this entry. seeAlso: cn=Quality Control Inspectors,ou=manufacturing,dc=example,dc=com 2.5.4.34 Syntax Multi- or Single-Valued Multi-valued RFC 2256 Defined in 2.331.
Page 108: Serverroot
Chapter 2. Directory Server Attribute Reference Defined in Red Hat Administration Services 2.334. serverRoot This attribute is obsolete. This attribute shows the installation directory (server root) of Directory Servers version 7.1 or older. 2.16.840.1.113730.3.1.70 Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Netscape Administration Services 2.335.
Page 109: Shadowflag
shadowFlag 2.337. shadowFlag The shadowFlag attribute identifies what area in the shadow map stores the flag values. shadowFlag: 150 NOTE The shadowFlag attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/ dirsrv/slapd-instance_name/schema directory.
Page 110: Shadowmax
Chapter 2. Directory Server Attribute Reference copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance_name/schema directory. 1.3.6.1.1.1.1.5 Syntax Integer Multi- or Single-Valued Single-valued RFC 2307 Defined in 2.340. shadowMax The shadowMax attribute Sets the maximum number of days that a shadow password is valid. shadowMax: 10 NOTE The shadowMax attribute is defined in 10rfc2307.ldif in the Directory Server.
Page 111: Shadowwarning
shadowWarning 2.342. shadowWarning The shadowWarning attribute sets how may days in advance of password expiration to send a warning to the user. shadowWarning: 2 NOTE The shadowWarning attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/ dirsrv/slapd-instance_name/schema directory.
Page 112: Street
Chapter 2. Directory Server Attribute Reference st: California 2.5.4.8 Syntax DirectoryString Multi- or Single-Valued Multi-valued RFC 2256 Defined in 2.346. street The streetAddress, or street, attribute contains an entry's street name and residential address. streetAddress: 1234 Ridgeway Drive street: 1234 Ridgeway Drive 2.5.4.9 Syntax DirectoryString...
Page 113: Supportedalgorithms
supportedAlgorithms Multi- or Single-Valued Single-valued RFC 1274 Defined in 2.350. supportedAlgorithms The supportedAlgorithms attribute contains algorithms which are requested and stored in a binary form, such as supportedAlgorithms;binary. supportedAlgorithms:: AAAAAA== 2.5.4.52 Syntax Binary Multi- or Single-Valued Multi-valued RFC 2256 Defined in 2.351.
Page 114: Telexnumber
Chapter 2. Directory Server Attribute Reference 2.5.4.22 Syntax DirectoryString Multi- or Single-Valued Multi-valued RFC 2256 Defined in 2.354. telexNumber This attribute defines the telex number of the entry. The format of the telex number is as follows: actual-number "$" country "$" answerback •...
Page 115: Ttl (Timetolive)
ttl (TimeToLive) RFC 2256 Defined in 2.357. ttl (TimeToLive) The TimeToLive, or ttl, attribute contains the time, in seconds, that cached information about an entry should be considered valid. Once the specified time has elapsed, the information is considered out of date. A value of zero (0) indicates that the entry should not be cached. TimeToLive: 120 ttl: 120 1.3.6.1.4.250.1.60...
Page 116: Uniqueidentifier
Chapter 2. Directory Server Attribute Reference 2.360. uniqueIdentifier This attribute identifies a specific item used to distinguish between two entries when a distinguished name has been reused. This attribute is intended to detect any instance of a reference to a distinguished name that has been deleted.
Page 117: Userpassword
userClass userCertificate;binary:: AAAAAA== 2.5.4.36 Syntax Binary Multi- or Single-Valued Multi-valued RFC 2256 Defined in 2.365. userClass This attribute specifies a category of computer user. The semantics of this attribute are arbitrary. The organizationalStatus attribute makes no distinction between computer users and other types of users users and may be more applicable.
Page 118: Usersmimecertificate
Chapter 2. Directory Server Attribute Reference RFC 2798 Defined in 2.368. userSMIMECertificate The userSMIMECertificate attribute contains certificates which can be used by mail clients for S/ MIME. This attribute requests and stores data in a binary format. For example: userSMIMECertificate;binary:: AAAAAA== 2.16.840.1.113730.3.1.40 Syntax Binary...
Page 119 x500UniqueIdentifier x500UniqueIdentifier:: AAAAAA== 2.5.4.45 Syntax Binary Multi- or Single-Valued Multi-valued RFC 2256 Defined in...
Page 121 Chapter 3. Directory Server Object Class Reference This chapter contains an alphabetical list of the object classes accepted by the default schema. It gives a definition of each object class and lists its required and allowed attributes. The object classes listed in this chapter are available to support entry information in the Red Hat Directory Server (Directory Server).
Page 122: Alias
Chapter 3. Directory Server Object Class Reference Attribute Definition uid (userID) Gives the defined account's user ID. Allowed Attributes Attribute Definition description Gives a text description of the entry. host Gives the hostname for the machine on which the account resides. l (localityName) Gives the city or geographical location of the entry.
Page 123: Bootabledevice
bootableDevice 3.3. bootableDevice The bootableDevice object class points to a device with boot parameters. This object class is RFC 2307 defined in NOTE This object class is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/ dirsrv/slapd-instance_name/schema directory.
Page 124: Cacheobject
Chapter 3. Directory Server Object Class Reference 3.4. cacheObject The cacheObject is an object that contains the time to live (ttl) attribute type. This object class is defined in the LDAP Caching Internet Draft. Superior Class 1.3.6.1.4.1.250.3.18 Required Attributes Attribute Definition objectClass Defines the object classes for the entry.
Page 125: Cosdefinition
cosDefinition Attribute Definition cosAttribute Provides the name of the attribute for which the CoS generates a value. There can be more than one cosAttribute value specified. Allowed Attributes Attribute Definition cn (commonName) Gives the common name of the entry. cosSpecifier Specifies the attribute value used by a classic CoS, which, along with the template entry's DN, identifies the template entry.
Page 126: Cosindirectdefinition
Chapter 3. Directory Server Object Class Reference Attribute Definition cosSpecifier Specifies the attribute value used by a classic CoS, which, along with the template entry's DN, identifies the template entry. cosTargetTree Defines the subtrees in the directory to which the CoS schema applies.
Page 127: Cossuperdefinition
cosSuperDefinition This object class is defined by Directory Server. Superior Class cosSuperDefinition 2.16.840.1.113730.3.2.101 Required Attributes Attribute Definition objectClass Gives the object classes assigned to the entry. cosAttribute Provides the name of the attribute for which the CoS generates a value. There can be more than one cosAttribute value specified.
Page 128: Costemplate
Chapter 3. Directory Server Object Class Reference Allowed Attributes Attribute Definition cn (commonName) Gives the common name of the entry. description Gives a text description of the entry. 3.10. cosTemplate The cosTemplate object class contains a list of the shared attribute values for the CoS. This object class is defined by Directory Server.
Page 129: Dcobject
dcObject Required Attributes Attribute Definition objectClass Gives the object classes assigned to the entry. c (countryName) Contains the two-character code representing country names, as defined by ISO, in the directory. Allowed Attributes Attribute Definition description Gives a text description of the entry. searchGuide Specifies information for suggested search criteria when using the entry as the base object...
Page 130: Device
Chapter 3. Directory Server Object Class Reference Attribute Definition dc (domainComponent) Contains one component of a domain name. 3.13. device The device object class stores information about network devices, such as printers, in the directory. RFC 2247 This object class is defined in Superior Class 2.5.6.14 Required Attributes...
Page 131 document 0.9.2342.19200300.100.4.6 Required Attributes Attribute Definition objectClass Gives the object classes assigned to the entry. documentIdentifier Gives the unique ID for the document. Allowed Attributes Attribute Definition abstract Contains the abstract for the document. audio Stores a sound file in binary format. authorCn Gives the author's common name or given name.
Page 132: Documentseries
Chapter 3. Directory Server Object Class Reference Attribute Definition obsoletesDocument Gives the DN (distinguished name) of another document entry which is obsoleted by this document. ou (organizationalUnitName) Gives the organizational unit or division to which the document belongs. photo Stores a photo of the document in binary format. seeAlso Contains a URL to another entry or site with related information.
Page 133: Domain
domain Attribute Definition o (organizationName) Gives the organization to which the document series belongs. ou (organizationalUnitName) Gives the organizational unit or division to which the series belongs. seeAlso Contains a URL to another entry or site with related information. telephoneNumber Gives the telephone number of the person responsible for the document series.
Page 134: Domainrelatedobject
Chapter 3. Directory Server Object Class Reference Attribute Definition destinationIndicator Gives the country and city associated with the entry; this was once required to provide public telegram service. fax (facsimileTelephoneNumber) Gives the fax number for the domain. internationalISDNNumber Gives the ISDN number for the domain. l (localityName) Gives the city or geographical location of the entry.
Page 135 Superior Class 0.9.2342.19200300.100.4.17 Required Attributes Attribute Definition objectClass Gives the object classes assigned to the entry. associatedDomain Specifies a DNS domain associated with an object in the directory tree. 3.18. dSA The dSA object class defines entries that represent DSAs. RFC 1274 This object class is defined in Superior Class...
Page 136: Extensibleobject
Chapter 3. Directory Server Object Class Reference Attribute Definition ou (organizationalUnitName) Gives the organizational unit or division to which the entry belongs. seeAlso Contains a URL to another entry or site with related information. supportedApplicationContext Contains the identifiers of OSI application contexts.
Page 137: Groupofcertificates
groupOfCertificates Required Attributes Attribute Definition objectClass Gives the object classes assigned to the entry. co (friendlyCountryName) Stores the human-readable country name. c (countryName) Contains the two-character code representing country names, as defined by ISO, in the directory. Allowed Attributes Attribute Definition description Gives a text description of the entry.
Page 138: Groupofmailenhanceduniquenames
Chapter 3. Directory Server Object Class Reference Attribute Definition o (organizationName) Gives the organization to which the entry belongs. ou (organizationalUnitName) Gives the organizational unit or division to which the entry belongs. owner Contains the DN (distinguished name) of the person responsible for the group.
Page 139: Groupofnames
groupOfNames 3.23. groupOfNames The groupOfNames object class contains entries for a group of names. This object class is defined in RFC 2256 NOTE The definition for this object class in Directory Server differs from the standard definition. member In the standard definition, is a required attribute, while in Directory Server it is an allowed attribute.
Page 140: Groupofurls
Chapter 3. Directory Server Object Class Reference NOTE The definition for this object class in Directory Server differs from the standard definition. uniqueMember In the standard definition, is a required attribute, while in Directory Server it is an allowed attribute. Directory Server, therefore, allows a group to have no members.
Page 141: Ieee802Device
ieee802Device Superior Class 2.16.840.1.113730.3.2.33 Required Attributes Attribute Definition objectClass Gives the object classes assigned to the entry. cn (commonName) Gives the common name of the entry. Allowed Attributes Attribute Definition businessCategory Gives the type of business in which the group is engaged.
Page 142: Inetadmin
Chapter 3. Directory Server Object Class Reference 1.3.6.1.1.1.2.11 Required Attributes Attribute Definition objectClass Defines the object classes for the entry. cn (commonName) Gives the common name of the device. Allowed Attributes Attribute Definition description Gives a text description of the entry. l (localityName) Gives the city or geographical location of the entry.
Page 143: Inetdomain
inetDomain Allowed Attributes Attribute Definition adminRole Identifies a role to which the administrative user belongs. memberOf Contains a group name to which the administrative user belongs. This is dynamically managed by the MemberOf Plug-in. 3.28. inetDomain The inetDomain object class is a auxiliary class for virtual domain nodes. This object class is defined for the Netscape Delegated Administrator.
Page 144 Chapter 3. Directory Server Object Class Reference 2.16.840.1.113730.3.2.2 Required Attributes Attribute Definition objectClass Gives the object classes assigned to the entry. cn (commonName) Gives the common name of the entry. sn (surname) Gives the person's family name or last name. Allowed Attributes Attribute Definition...
Page 145 inetOrgPerson Attribute Definition o (organizationName) Gives the organization to which the entry belongs. ou (organizationalUnitName) Gives the organizational unit or division to which the entry belongs. pager Gives the person's pager number. photo Stores a photo of a person, in binary format. physicalDeliveryOfficeName Gives a location where physical deliveries can be made.
Page 146: Inetsubscriber
Chapter 3. Directory Server Object Class Reference Attribute Definition X500UniqueIdentifier Reserved for future use. 3.30. inetSubscriber The inetSubscriber object class is used for general user account management. This object class is defined for the Netscape subscriber interoperability. Superior Class 2.16.840.1.113730.3.2.134 Required Attributes Attribute Definition...
Page 147: Iphost
ipHost Allowed Attributes Attribute Definition inetUserHttpURL Contains web addresses associated with the user. inetUserStatus Gives the status of the user. The status can be active, inactive, or deleted. memberOf Contains a group name to which the user belongs. This is dynamically managed by the MemberOf Plug-in.
Page 148: Ipnetwork
Chapter 3. Directory Server Object Class Reference Attribute Definition l (localityName) Gives the city or geographical location of the entry. manager Contains the DN (distinguished name) of the maintainer or supervisor of the entry. o (organizationName) Gives the organization to which the device belongs.
Page 149: Oid
ipProtocol Allowed Attributes Attribute Definition description Gives a text description of the entry. l (localityName) Gives the city or geographical location of the entry. manager Contains the DN (distinguished name) of the maintainer or supervisor of the entry. ipNetmaskNumber Contains the IP netmask for the network. 3.34.
Page 150: Required Attributes
Chapter 3. Directory Server Object Class Reference 3.35. ipService The ipService object class stores information about the IP service. This object class is defined in RFC 2307 NOTE This object class is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/ dirsrv/slapd-instance_name/schema directory.
Page 151: Locality
locality 1.3.6.1.4.1.250.3.15 Required Attributes Attribute Definition objectClass Gives the object classes assigned to the entry. Allowed Attributes Attribute Definition labeledURI Gives a URI which is relevant to the entry's object. 3.37. locality The locality object class defines entries that represent localities or geographic areas. RFC 2256 This object class is defined in Superior Class...
Page 152: Mailgroup
Chapter 3. Directory Server Object Class Reference Attribute Definition seeAlso Contains a URL to another entry or site with related information. st (stateOrProvinceName) Gives the state or province associated with the locality. street (streetAddress) Gives a street and number associated with the locality.
Page 153: Netscapecertificateserver
netscapeCertificateServer 2.16.840.1.113730.3.2.3 Required Attributes Attribute Definition objectClass Gives the object classes assigned to the entry. Allowed Attributes Attribute Definition cn (commonName) Gives the common name of the entry. mail Stores email addresses for the group. mailAccessDomain Contains the domain from which the user can access the messaging server.
Page 154: Netscapedirectoryserver
Chapter 3. Directory Server Object Class Reference Superior Class 2.16.840.1.113730.3.2.18 Required Attributes Attribute Definition objectClass Gives the object classes assigned to the entry. 3.41. netscapeDirectoryServer The netscapeDirectoryServer object class stores information about a Directory Server instance. This object is defined in the schema for the Netscape Directory Server. Superior Class 2.16.840.1.113730.3.2.23 Required Attributes...
Page 155: Netscapemachinedata
netscapeMachineData 3.43. netscapeMachineData The netscapeMachineData object class distinguishes between machine data and non-machine data. This object is defined in the schema for the Netscape Directory Server. Superior Class 2.16.840.1.113730.3.2.32 3.44. NetscapePreferences NetscapePreferences is an auxiliary object class which stores the user preferences. This object is defined by Netscape.
Page 156: Objectclass Cn (Commonname)
Chapter 3. Directory Server Object Class Reference Allowed Attributes Attribute Definition netscapeReversiblePassword Contains a password used for HTTP Digest/MD5 authentication. 3.46. netscapeServer The netscapeServer object class contains instance-specific information about a Netscape server and its installation. Superior Class 2.16.840.1.113730.3.2.10 Required Attributes Attribute Definition objectClass...
Page 157: Allowed Attributes
netscapeWebServer 3.47. netscapeWebServer The netscapeWebServer object class identifies an installed Netscape Web Server. Superior Class 2.16.840.1.113730.3.2.29 Required Attributes Attribute Definition objectClass Gives the object classes assigned to the entry. cn (commonName) Gives the common name of the entry. nsServerID Contains the server's name or ID. Allowed Attributes Attribute Definition...
Page 158 Chapter 3. Directory Server Object Class Reference Attribute Definition sn (surname) Gives the person's family name or last name. Allowed Attributes Attribute Definition businessCategory Gives the type of business in which the entry is engaged. description Gives a text description of the entry. drink (favouriteDrink) Gives the person's favorite drink.
Page 159: Nismap
nisMap 3.49. nisMap This object class points to a NIS map. RFC 2307 This object class is defined in , which defines object classes and attributes to use LDAP as a network information service. NOTE This object class is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/ dirsrv/slapd-instance_name/schema directory.
Page 160: Nisobject
Chapter 3. Directory Server Object Class Reference 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/ dirsrv/slapd-instance_name/schema directory. Superior Class 1.3.6.1.1.1.2.8 Required Attributes Attribute Definition objectClass Gives the object classes assigned to the entry. cn (commonName) Gives the common name of the entry. Allowed Attributes Attribute Definition...
Page 161: Nsadminconfig
nsAdminConfig 1.3.6.1.1.1.2.10 Required Attributes Attribute Definition objectClass Gives the object classes assigned to the entry. cn (commonName) Gives the common name of the entry. nisMapEntry Identifies the NIS map entry. nisMapName Contains the name of the NIS map. Allowed Attributes Attribute Definition description...
Page 162: Nsadminconsoleuser
Chapter 3. Directory Server Object Class Reference 3.53. nsAdminConsoleUser This object class stores the configuration parameters for the Administration Server. This object is defined for the Administration Services. Superior Class nsAdminConsoleUser-oid Required Attributes Attribute Definition objectClass Gives the object classes assigned to the entry. cn (commonName) Gives the common name of the entry.
Page 163: Nsadmingroup
nsAdminGroup Superior Class nsAdminGlobalParameters-oid Required Attributes Attribute Definition objectClass Gives the object classes assigned to the entry. cn (commonName) Gives the common name of the entry. Allowed Attributes Attribute Definition nsAdminEndUserHTMLIndex Sets whether to allow or disallow end-user access to the HTML index pages. nsNickName Gives the nickname for the application.
Page 164: Nsadminobject
Chapter 3. Directory Server Object Class Reference Attribute Definition nsAdminSIEDN Shows the DN of the server instance entry (SIE) for the Administration Server instance. nsConfigRoot Gives the full path to the Administration Server instance's configuration directory. 3.57. nsAdminObject This object class contains information about an object used by Administration Server, such as a task. This object is defined for the Administration Services.
Page 165: Nsadminserver
nsAdminServer Required Attributes Attribute Definition objectClass Gives the object classes assigned to the entry. cn (commonName) Gives the common name of the entry. Allowed Attributes Attribute Definition nsAdminAccountInfo Contains information about the Administration Server account. nsDeleteclassname Contains the name of a class to be deleted. 3.59.
Page 166: Nsapplication
Chapter 3. Directory Server Object Class Reference Superior Class 2.16.840.1.113730.3.2.300 Allowed Attributes Attribute Definition nsAIMid Contains the AIM user ID for the entry. nsAIMStatusGraphic Contains a pointer to the graphic image which indicates the AIM account's status. nsAIMStatusText Contains the text to indicate the AIM account's status.
Page 167: Nscertificateserver
nsCertificateServer Attribute Definition nsInstalledLocation For servers which are version 7.1 or older, shows the installation directory for the server. nsLdapSchemaVersion Gives the version of the LDAP schema files used by the Directory Server. nsNickName Gives the nickname for the application. nsProductName Gives the name of the server product.
Page 168: Nscomplexroledefinition
Chapter 3. Directory Server Object Class Reference Attribute Definition serverHostName Contains the hostname of the server on which the Directory Server instance is running. 3.63. nsComplexRoleDefinition Any role that is not a simple role is, by definition, a complex role. This object class is defined by Directory Server.
Page 169: Nscustomview
nsCustomView 3.65. nsCustomView The nsCustomView object class defines information about custom views of the Directory Server data in the Directory Server Console. This is defined for Administration Services. Superior Class nsAdminObject nsCustomView-oid Allowed Attributes Attribute Definition nsDisplayName Contains the name of the custom view setting profile.
Page 170: Nsdirectoryserver
Chapter 3. Directory Server Object Class Reference Superior Class nsDirectoryInfo-oid Required Attributes Attribute Definition objectClass Defines the object classes for the entry. cn (commonName) Gives the common name of the device. Allowed Attributes Attribute Definition nsBindDN Contains the bind DN defined for the server in its server instance entry.
Page 171: Nsencryptionconfig
nsEncryptionConfig Allowed Attributes Attribute Definition nsBaseDN Contains the base DN for the server instance. nsBindDN Contains the bind DN defined for the server in its server instance entry. nsBindPassword Contains the password for the bind identity in the SIE. nsSecureServerPort Contains the server's SSL/TLS port number.
Page 172: Nsencryptionmodule
Chapter 3. Directory Server Object Class Reference Attribute Definition nsSSL3Ciphers Contains a list of all ciphers available to be used with SSLv3. nsSSL3SessionTimeout Sets the timeout period for an SSLv3 cipher session. nsSSLClientAuth Sets how the server handles client authentication. There are three possible values: allow, disallow, or require.
Page 173: Nsglobalparameters
nsGlobalParameters Superior Class nsComplexRoleDefinition 2.16.840.1.113730.3.2.97 Required Attributes Attribute Definition objectClass Gives the object classes assigned to the entry. nsRoleFilter Specifies the filter used to identify entries in the filtered role. Allowed Attributes Attribute Definition cn (commonName) Gives the common name of the entry. description Gives a text description of the entry.
Page 174: Nshost
Chapter 3. Directory Server Object Class Reference Attribute Definition nsUniqueAttribute Defines a unique attribute in the preferences. nsUserIDFormat Sets the format to generate the user ID from the givenname and sn attributes. nsUserRDNComponent Sets the attribute type to use as the naming component in the user DN.
Page 175: Nsicqpresence
nsICQpresence 3.74. nsICQpresence nsICQpresence is an auxiliary object class which defines the status of an ICQ messaging account. This object is defined for the Directory Server. Superior Class 2.16.840.1.113730.3.2.301 Allowed Attributes Attribute Definition nsICQid Contains the ICQ user ID for the entry. nsICQStatusGraphic Contains a pointer to the graphic image which indicates the ICQ account's status.
Page 176: Nsmanagedroledefinition
Chapter 3. Directory Server Object Class Reference Attribute Definition nsLicenseEndTime Reserved for future use. nsLicenseStartTime Reserved for future use. 3.76. nsManagedRoleDefinition The nsManagedRoleDefinition object class specifies the member assignments of a role to an explicit, enumerated list of members. This object class is defined in Directory Server. Superior Class nsComplexRoleDefinition 2.16.840.1.113730.3.2.96...
Page 177: Nsmsnpresence
nsMSNpresence Allowed Attributes Attribute Definition cn (commonName) Gives the common name of the entry. mailAccessDomain Contains the domain from which the user can access the messaging server. mailAlternateAddress Contains secondary email addresses for the group. mailAutoReplyMode Specifies whether autoreply mode for the account is enabled.
Page 178: Nsnestedroledefinition
Chapter 3. Directory Server Object Class Reference Attribute Definition nsMSNStatusGraphic Contains a pointer to the graphic image which indicates the MSN account's status. nsMSNStatusText Contains the text to indicate the MSN account's status. 3.79. nsNestedRoleDefinition The nsNestedRoleDefinition object class specifies one or more roles, of any type, are included as members within the role.
Page 179: Nsroledefinition
nsRoleDefinition Required Attributes Attribute Definition objectClass Gives the object classes assigned to the entry. cn (commonName) Gives the common name of the entry. Allowed Attributes Attribute Definition seeAlso Contains a URL to another entry or site with related information. 3.81. nsRoleDefinition All role definition object classes inherit from the nsRoleDefinition object class.
Page 180: Nssnmp
Chapter 3. Directory Server Object Class Reference • Enumerate all the roles possessed by a given entry. • Assign a particular role to a given entry. • Remove a particular role from a given entry. This object class is defined by Directory Server. Superior Class nsRoleDefinition 2.16.840.1.113730.3.2.94...
Page 181: Nstask
nsTask Allowed Attributes Attribute Definition nsSNMPContact Contains the contact information provided by the SNMP agent. nsSNMPDescription Contains a text description of the SNMP setup. nsSNMPLocation Contains the location information or configuration for the SNMP agent. nsSNMPMasterHost Contains the hostname for the server where the SNMP master agent is located.
Page 182: Nstaskgroup
Chapter 3. Directory Server Object Class Reference 3.85. nsTaskGroup This object class defines the information for a group of tasks in the Console. This object class is defined for the Administrative Services. Superior Class nsTaskGroup-oid Required Attributes Attribute Definition objectClass Gives the object classes assigned to the entry.
Page 183: Nstopologyplugin
nsTopologyPlugin 3.87. nsTopologyPlugin This object class configures the topology plug-in used to set views in the Console. This object class is defined for the Administrative Services. Superior Class nsAdminObject nsTopologyPlugin-oid 3.88. nsValueItem This object class defines a value item object configuration, which is used to specify information that is dependent on the value type of an entry.
Page 184: Nsview
Chapter 3. Directory Server Object Class Reference Attribute Definition nsValueDescription Gives a text description of the value item setting. nsValueDN Contains information or operations related to the DN value type. nsValueFlags Sets flags for the value item object. nsValueHelpURL Contains a reference to an online (HTML) help file associated with the value item object.
Page 185: Ntgroup
ntGroup Superior Class 2.16.840.1.113730.3.2.302 Allowed Attributes Attribute Definition nsYIMid Contains the Yahoo user ID for the entry. nsYIMStatusGraphic Contains a pointer to the graphic image which indicates the Yahoo account's status. nsYIMStatusText Contains the text to indicate the Yahoo account's status.
Page 186: Ntuser
Chapter 3. Directory Server Object Class Reference Allowed Attributes Attribute Definition cn (commonName) Gives the common name of the entry; this corresponds to the Windows name field. description Gives a text description of the entry; corresponds to the Windows comment field. l (localityName) Gives the city or geographical location of the entry.
Page 187 ntUser Attribute Definition cn (commonName) Gives the common name of the entry; this corresponds to the Windows name field. ntUserDomainId Contains the Windows domain login ID for the user account. Allowed Attributes Attribute Definition description Gives a text description of the entry; corresponds to the Windows comment field.
Page 188: Oncrpc
Chapter 3. Directory Server Object Class Reference Attribute Definition ntUserProfile Contains the path to the user's Windows profile. ntUserScriptPath Contains the path to the user's Windows login script. ntUserWorkstations Contains a list of Windows workstations from which the user is allowed to log into the Windows domain.
Page 189: Organization
organization 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/ dirsrv/slapd-instance_name/schema directory. Superior Class 1.3.6.1.1.1.2.5 Required Attributes Attribute Definition objectClass Defines the object classes for the entry. cn (commonName) Gives the common name of the entry. oncRpcNumber Contains part of the RPC map and stores the RPC number for UNIX RPCs.
Page 190 Chapter 3. Directory Server Object Class Reference Attribute Definition o (organizationName) Gives the organization to which the entry belongs. Allowed Attributes Attribute Definition businessCategory Gives the type of business in which the entry is engaged. description Gives a text description of the entry. destinationIndicator Gives the country and city associated with the entry;...
Page 191: Organizationalperson
organizationalPerson Attribute Definition x121Address Gives the X.121 address for the entry. 3.95. organizationalPerson The organizationalPerson object class defines entries for people employed or affiliated with the cn (commonName) sn (surname) organization. This object class inherits the attributes from the person object class. RFC 2256 This object class is defined in Superior Class...
Page 192: Organizationalrole
Chapter 3. Directory Server Object Class Reference Attribute Definition postalAddress Contains the mailing address for the entry. postalCode Gives the postal code for the entry, such as the zip code in the United States. postOfficeBox Gives the post office box number for the entry. preferredDeliveryMethod Shows the person's preferred method of contact or message delivery.
Page 193: Organizationalunit
organizationalUnit Attribute Definition cn (commonName) Gives the common name of the entry. Allowed Attributes Attribute Definition description Gives a text description of the entry. destinationIndicator Gives the country and city associated with the entry; this was once required to provide public telegram service.
Page 194 Chapter 3. Directory Server Object Class Reference RFC 2256 This object class is defined in Superior Class 2.5.6.5 Required Attributes Attribute Definition objectClass Gives the object classes assigned to the entry. ou (organizationalUnitName) Gives the organizational unit or division to which the entry belongs.
Page 195: Pamconfig
pamConfig Attribute Definition seeAlso Contains a URL to another entry or site with related information. st (stateOrProvinceName) Gives the state or province where the person is located. street (streetAddress) Gives the street name and number for the role's physical location. telephoneNumber Gives the telephone number for the entry.
Page 196: Person
Chapter 3. Directory Server Object Class Reference 3.99. person The person object class represents entries for generic people. This is the base object class for the organizationalPerson object class. RFC 2256 This object class is defined in Superior Class 2.5.6.6 Required Attributes Attribute Definition...
Page 197: Pilotorganization
pilotOrganization Required Attributes Attribute Definition objectClass Gives the object classes assigned to the entry. Allowed Attributes Attribute Definition audio Stores a sound file in a binary format. dITRedirect Contains the DN (distinguished name) of the entry to use as a redirect for the entry. info Contains information about the entry.
Page 198 Chapter 3. Directory Server Object Class Reference Attribute Definition ou (organizationalUnitName) Gives the organizational unit or division to which the entry belongs. Allowed Attributes Attribute Definition buildingName Gives the name of the building where the entry is located. businessCategory Gives the type of business in which the entry is engaged.
Page 199: Posixaccount
posixAccount Attribute Definition x121Address Gives the X.121 address for the entry. 3.102. posixAccount The posixAccount object class defines network accounts which use POSIX attributes. This object RFC 2307 class is defined in , which defines object classes and attributes to use LDAP as a network information service.
Page 200: Posixgroup
Chapter 3. Directory Server Object Class Reference Attribute Definition loginShell Contains the path to a script that is launched automatically when a user logs into the domain. userPassword Stores the password with which the entry can bind to the directory. 3.103.
Page 201: Referral
referral 3.104. referral The referral object class defines an object which supports LDAPv3 smart referrals. This object class is defined in LDAPv3 referrals Internet Draft. Superior Class 2.16.840.1.113730.3.2.6 Required Attributes Attribute Definition objectClass Gives the object classes assigned to the entry. Allowed Attributes Attribute Definition...
Page 202: Rfc822Localpart
Chapter 3. Directory Server Object Class Reference Allowed Attributes Attribute Definition businessCategory Gives the type of business in which the entry is engaged. description Gives a text description of the entry. destinationIndicator Gives the country and city associated with the entry;...
Page 203 RFC822LocalPart 0.9.2342.19200300.100.4.14 Required Attributes Attribute Definition objectClass Gives the object classes assigned to the entry. dc (domainComponent) Contains one component of a domain name. Allowed Attributes Attribute Definition associatedName Gives the name of an entry within the organizational directory tree which is associated with a DNS domain.
Page 204: Room
Chapter 3. Directory Server Object Class Reference Attribute Definition sn (surname) Gives the person's family name or last name. st (stateOrProvinceName) Gives the state or province where the person is located. street (streetAddress) Gives the street name and address number for the person's physical location.
Page 205 shadowAccount RFC 2307 This object class is defined in , which defines object classes and attributes to use LDAP as a network information service. NOTE This object class is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/ dirsrv/slapd-instance_name/schema directory.
Page 206: Simplesecurityobject
Chapter 3. Directory Server Object Class Reference 3.109. simpleSecurityObject The simpleSecurityObject object class allow an entry to contain the userPassword attribute when an entry's principal object classes do not allow a password attribute. Reserved for future use. RFC 1274 This object class is defined in Superior Class 0.9.2342.19200300.100.4.19 Required Attributes...
Page 207 Chapter 4. Operational Attributes and Object Classes Operational attributes are attributes used to perform directory operations and are available for every entry in the directory, regardless of whether they are defined for the object class of the entry. Operational attributes are only returned in an ldapsearch operation if specifically requested. Operational attributes are created and managed by Directory Server on entries, such as the time the entry is created or modified and the creator's name.
Page 208: Copiedfrom
Chapter 4. Operational Attributes and Object Classes 4.4. copiedFrom This attribute is used by a read-only replica to recognize a master data source. Contains a reference to the server that holds the master data. This attribute is only used for legacy replication. It is not used for multi-master replication.
Page 209: Ditstructurerules
dITStructureRules Syntax DirectoryString Multi- or Single-Valued Multi-valued RFC 2252 Defined in 4.9. dITStructureRules This attribute defines the DIT structure rules which are in force within a subschema. Each value defines one DIT structure rule. 2.5.21.1 Syntax DirectoryString Multi- or Single-Valued Multi-valued RFC 2252 Defined in...
Page 210: Ldapsyntaxes
Chapter 4. Operational Attributes and Object Classes 4.12. ldapSyntaxes This attribute identifies the syntaxes implemented, with each value corresponding to one syntax. 1.3.6.1.4.1.1466.101.120.16 Syntax DirectoryString Multi- or Single-Valued Multi-valued RFC 2252 Defined in 4.13. matchingRules This attribute defines the matching rules used within a subschema. Each value defines one matching rule.
Page 211: Nameforms
nameForms 4.17. nameForms This attribute defines the name forms used in a subschema. Each value defines one name form. 2.5.21.7 Syntax DirectoryString Multi- or Single-Valued Multi-valued RFC 2252 Defined in 4.18. namingContexts Corresponds to a naming context the server is mastering or shadowing. When the Directory Server does not master any information (such as when it is an LDAP gateway to a public X.500 directory), this attribute is absent.
Page 212: Nsbackendsuffix
Chapter 4. Operational Attributes and Object Classes Multi- or Single-Valued Single-valued Defined in Directory Server 4.22. nsBackendSuffix This contains the suffix used by the backend. 2.16.840.1.113730.3.1.803 Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Directory Server 4.23. nscpEntryDN This attribute contains the (former) entry DN for a tombstone entry. 2.16.840.1.113730.3.1.545 Syntax Multi- or Single-Valued...
Page 213: Nsidletimeout
nsIdleTimeout 2.16.840.1.113730.3.1.2021 Syntax DirectoryString Multi- or Single-Valued Single-valued Defined in Directory Server 4.27. nsIdleTimeout This attribute identifies the binder-based connection idle timeout period, in seconds. 2.16.840.1.113730.3.1.573 Syntax Integer Multi- or Single-Valued Single-valued Defined in Directory Server 4.28. nsLookThroughLimit This attribute sets the maximum number of entries for that user through which the server is allowed to look during a search operation.
Page 214: Nsroledn
Chapter 4. Operational Attributes and Object Classes 4.31. nsRoleDn This attribute contains the distinguished name of all roles that apply to an entry. Membership of a managed role is granted upon an entry by adding the role’s DN to the entry’s nsRoleDn attribute. For example: dn: cn=staff,ou=employees,dc=example,dc=com objectclass: LDAPsubentry...
Page 215: Nssizelimit
nsSizeLimit 4.34. nsSizeLimit This attribute shows the default size limit for a database or database link in bytes. 2.16.840.1.113730.3.1.571 Syntax Integer Multi- or Single-Valued Single-valued Defined in Directory Server 4.35. nsTimeLimit This attribute shows the default search time limit for a database or database link. 2.16.840.1.113730.3.1.572 Syntax Integer...
Page 216: Nsuniqueid
Chapter 4. Operational Attributes and Object Classes 4.37. nsUniqueID This attribute identifies or assigns a unique ID to a server entry. 2.16.840.1.113730.3.1.542 Syntax DirectoryString Multi- or Single-Valued Single-valued Defined in Directory Server 4.38. nsYIMStatusGraphic This attribute contains a path pointing to the graphic which illustrates the Yahoo instance message user status.
Page 217: Passwordretrycount
passwordRetryCount 4.42. passwordRetryCount This attribute counts the number of consecutive failed attempts at entering the correct password. 2.16.840.1.113730.3.1.93 Syntax DirectoryString Multi- or Single-Valued Single-valued Defined in Directory Server 4.43. pwdpolicysubentry This attribute value points to the entry DN of the new password policy. 2.16.840.1.113730.3.1.997 Syntax DirectoryString...
Page 218: Supportedfeatures
Chapter 4. Operational Attributes and Object Classes Syntax DirectoryString Multi- or Single-Valued Multi-valued RFC 2252 Defined in 4.47. supportedFeatures This attribute contains features supported by the current version of Red Hat Directory Server. 1.3.6.1.4.1.4203.1.3.5 Syntax Multi- or Single-Valued Multi-valued RFC 3674 Defined in 4.48.
Page 219: Glue (Object Class)
glue (Object Class) Syntax DirectoryString Multi- or Single-Valued Single-valued RFC 3045 Defined in 4.52. glue (Object Class) The glue object class defines an entry in a special state: resurrected due to a replication conflict. This object class is defined by Directory Server. Superior Class 2.16.840.1.113730.3.2.30 Required Attributes...
Page 220: Subschema (Object Class)
Chapter 4. Operational Attributes and Object Classes passwordExpirationTime Specifies the length of time that passes before the user’s password expires. passwordExpWarned Indicates that a password expiration warning has been sent to the user. passwordGraceUserTime Specifies the number of login attempts that are allowed to a user after the password has expired.
Page 221 subschema (Object Class) nameForms Defines the name forms used in a subschema. objectClasses Defines the object classes used in a subschema.
Page 223 Index country, 108 createTimestamp, 188 creatorsName, 188 crossCertificatePair, 17 account, 101 accountUnlockTime, 187 dc, 17 aci, 187 dcObject, 109 alias, 102 default schema, 5 aliasedObjectName, 10 deltaRevocationList, 17 altServer, 187 departmentNumber, 17 associatedDomain, 10 description, 18 associatedName, 10 destinationIndicator, 18 attributes displayName, 18 allowed, 2...
Page 224 Index loginShell, 32 homeDirectory, 24 homePhone, 24 macAddress, 33 homePostalAddress, 25 mail, 33 host, 25 mailAccessDomain, 33 houseIdentifier, 26 mailAlternateAddress, 34 mailGroup, 132 mailMessageStore, 35 ieee802Device, 121 mailPreferenceOption, 35 inetAdmin, 122 mailRecipient, 132 inetDomain, 123 manager, 36 inetDomainBaseDN, 26 matchingRules, 190 inetDomainStatus, 26 matchingRuleUse, 190 inetOrgPerson, 123...
Page 225 nsCertificateServer, 147 ntUserNumLogons, 75 nsComplexRoleDefinition, 148 ntUserParms, 75 nsCustomView, 149 ntUserPasswordExpired, 75 nsDefaultObjectClasses, 149 ntUserPrimaryGroupId, 75 nsDirectoryInfo, 149 ntUserPriv, 75 nsDirectoryServer, 150 ntUserProfile, 76 nsEncryptionConfig, 151 ntUserScriptPath, 76 nsEncryptionModule, 152 ntUserUniqueId, 76 nsFilteredRoleDefinition, 152 ntUserUnitsPerWeek, 76 nsGlobalParameters, 153 ntUserUsrComment, 77 nsHost, 154 ntUserWorkstations, 77 nsICQpresence, 155...
Page 226 Index matchingRuleUse, 190 pwdpolicysubentry, 197 modifiersName, 190 modifyTimestamp, 190 nameForms, 191 referral, 181 namingContexts, 191 registeredAddress, 85 nsRole, 193 residentialPerson, 181 nsRoleDn, 194 RFC822LocalPart, 182 nsRoleFilter, 194 roleOccupant, 86 numSubordinates, 196 room, 184 passwordGraceUserTime, 196 roomNumber, 86 passwordRetryCount, 197 pwdpolicysubentry, 197 subschemaSubentry, 197 schema supportedControl, 197...
Page 227 telephoneNumber, 93 teletexTerminalIdentifier, 93 telexNumber, 94 textEncodedORAddress, 94 title, 94 ttl, 95 uid, 95 uidNumber, 95 uniqueIdentifier, 96 uniqueMember, 96 updatedByDocument, 96 updatesDocument, 96 userCertificate, 96 userClass, 97 userPassword, 97 userPKCS12, 97 x121Address, 98 x500UniqueIdentifier, 98...

Red Hat DIRECTORY SERVER 8.1 - SCHEMA Reference

Quick Links

Need help?

Questions and answers

Related Manuals for Red Hat DIRECTORY SERVER 8.1 - SCHEMA

Summary of Contents for Red Hat DIRECTORY SERVER 8.1 - SCHEMA