Page 1 Schema Reference Netscape Directory Server Version 6.0 December 2001...
Page 2 Netscape Communications Corporation ("Netscape") and its licensors retain all ownership rights to the software programs offered by Netscape (referred to herein as "Software") and related documentation. Use of the Software and related documentation is governed by the license agreement for the Software and applicable copyright law. Your right to copy this documentation is limited by copyright law.
Page 3: Table Of Contents
Contents Purpose of This Guide ..............9 Directory Server Overview .
Page 4 dSA ................. . 32 extensibleObject .
Page 5 dc (domainComponent) ..............75 deltaRevocationList .
Page 6 member ................94 memberCertificateDescription .
Page 7 supportedAlgorithms ..............113 supportedApplicationContext .
Page 8 passwordRetryCount ..............132 retryCountResetTime .
Page 9: Purpose Of This Guide
About This Reference Guide Netscape Directory Server (Directory Server) 6.0 is a powerful and scalable distributed directory server based on the industry-standard Lightweight Directory Access Protocol (LDAP). Directory Server is the cornerstone for building a centralized and distributed data repository that can be used in your intranet, over your extranet with your trading partners, or over the public Internet to reach your customers.
Page 10: Directory Server Overview
Directory Server Overview Directory Server Overview The major components of Directory Server include: • An LDAP server—The core of the directory service, provided by the ns-slapd daemon, and compliant with the LDAP v3 Internet standards. • Directory Server Console—An improved management console that dramatically reduces the effort of setting up and maintaining your directory service.
Page 11: Conventions Used In This Book
Conventions Used in This Book When you are familiar with directory server schema concepts, and have done some preliminary planning for your directory service, you can install the Directory Server. The instructions for installing the various Directory Server components are contained in the Netscape Directory Server Installation Guide.
Page 12 Related Information • Netscape Directory Server Administrator’s Guide. Procedures for the day-to-day maintenance of your directory server. Includes information on configuring server-side plug-ins. • Netscape Directory Server Configuration, Command, and File Reference. Information about the command-line scripts, configuration attributes, and log files shipped with Directory Server.
Page 13: Chapter 1 About Schema
Chapter 1 About Schema This chapter provides an overview of some of the basic concepts of the directory schema, and lists the files in which the schema is described. It describes object classes, attributes and object identifiers (OIDs), and briefly discusses extending server schema and schema checking.
Page 14: Object Classes
Schema Definition Object Classes In LDAP, an object class defines the set of attributes that can be used to define an entry. The LDAP standard provides some basic types of object classes, including: • Groups, including unordered lists of individual objects or groups of objects. •...
Page 15: Attributes
Schema Definition The server’s object class structure determines the list of required and allowed attributes for a particular entry. For example, a person entry is usually defined with the following object class structure: objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgperson In this structure, the inetOrgperson inherits from the organizationalPerson and person object classes.
Page 16 Schema Definition Attribute Syntax Table 1-1 Syntax Method Definition Binary 1.3.6.1.4.1.1466.115.121.1.5 Indicates that values for this attribute are binary Boolean 1.3.6.1.4.1.1466.115.121.1.7 Indicates that this attribute has one of only two values: True or False Country String 1.3.6.1.4.1.1466.115.121.1.11 Indicates that values for this attribute are limited to exactly two printable string characters, for example US 1.3.6.1.4.1.1466.115.121.1.12...
Page 17: Single-Valued And Multi-Valued Attributes
Schema Supported by Directory Server 6.0 Syntax Method Definition indicates that the values for this attribute are in the form of a URL, introduced by a string such as http://, https://, ftp://, ldap://, ldaps://. The URI has the same behavior as IA5String. See RFC 2396.
Page 18 Schema Supported by Directory Server 6.0 Schema Filename Purpose 05rfc2247.ldif Schema from RFC 2247 and related pilot schema "Using Domains in LDAP/X.500 Distinguished Names" 05rfc2927.ldif Schema from RFC 2927 "MIME Directory Profile for LDAP Schema" 10rfc2307.ldif Schema from RFC 2307 "An Approach for Using LDAP as a Network Information Service"...
Page 19: Object Identifiers (Oids)
Object Identifiers (OIDs) 50ns-mcd-li.ldif Schema for Netscape Mission Control Desktop - Location Independence 50ns-mcd-mail.ldif Schema for Netscape Mission Control Desktop - Mail 50ns-media.ldif Schema for Netscape Media Server 50ns-mlm.ldif Schema for Netscape Mailing List Manager 50ns-msg.ldif Schema for Netscape Web Mail 50ns-netshare.ldif Schema for Netscape Netshare 50ns-news.ldif...
Page 20: Extending Server Schema
Extending Server Schema Extending Server Schema The Directory Server schema includes hundreds of object classes and attributes that can be used to meet most of your requirements. This schema can be extended with new object classes and attributes that meet evolving requirements for the directory service in the enterprise.
Page 21: Chapter 2 Object Class Reference
Chapter 2 Object Class Reference This chapter contains reference information about Netscape Directory Server (Directory Server) object classes. The object classes are listed in alphabetical order. account Definition Used to define entries representing computer accounts. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.5 Required Attributes...
Page 22: Alias
Allowed Attributes description Text description of the entry. host Hostname of the computer on which the account resides. l (localityName) Place in which the account is located. o (organizationName) Organization to which the account belongs. ou (organizationUnitName) Organizational unit to which the account belongs. seeAlso URL to information relevant to the account.
Page 23: Country
country Definition Used to defines entries that represent countries. This object class is defined in RFC 2256. Superior Class 2.5.6.2 Required Attributes objectClass Defines the object classes for the entry. c (countryName) Contains the two-character code representing country names, as defined by ISO, in the directory. Allowed Attributes description Text description of the country.
Page 24: Dcobject
dcObject Definition Allows domain components to be defined for an entry. This object class is defined as auxiliary because it is commonly used in combination with another object class, such as (organization), ou (organizationUnitName) (organizationalUnit), or l (localityName) (locality). For example: dn: dc=example,dc=com objectClass: top objectClass: organization...
Page 25: Device
device Definition Used to store information about network devices, such as printers, in the directory. This object class is defined in RFC 2256. Superior Class 2.5.6.14 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) Common name of the device. Allowed Attributes description Text description of the device.
Page 26: Document
document Definition Used to define entries which represent documents in the directory. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.6 Required Attributes objectClass Defines the object classes for the entry. documentIdentifier Unique identifier for a document. Allowed Attributes abstract Abstract of the document.
Page 27 keyWords Keywords that describe the document. l (localityName) Place in which the document is located. lastModifiedBy Distinguished name of the last user to modify the document. lastModifiedTime Last time the document was modified. manager Distinguished name of the object’s manager. o (organizationName) Organization to which the document belongs.
Page 28: Documentseries
documentSeries Definition Used to define an entry that represents a series of documents. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.9 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) The common name of the series. Allowed Attributes description Text description of the series.
Page 29: Domain
domain Definition Used to define entries that represent DNS domains in the directory. The domainComponent attribute should be used for naming entries of this object class. Used to represent Internet domain names (for example, example.com The domain object class can only be used with an entry that does not correspond to an organization, organizational unit or other type of object for which an object class has been defined.
Page 30 physicalDeliveryOfficeName Location where physical deliveries can be made. postOfficeBox Domain’s post office box. postalAddress Domain’s mailing address. postalCode The postal code for this address (such as a United States zip code). preferredDeliveryMethod Domain’s preferred method of contact or delivery. registeredAddress Postal address suitable for reception of expedited documents, where the recipient must verify delivery.
Page 31: Domainrelatedobject
domainRelatedObject Definition Used to define entries which representDNS/NRS domains which are “equivalent” to an X.500 domain, for example, an organisation or organisational unit. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.17 Required Attributes objectClass Defines the object classes for the entry. associatedDomain Specifies a DNS domain associated with an object in the directory tree.
Page 32: Dsa
Definition Used to define entries representing DSAs in the directory. This object class is defined in RFC 1274. Superior Class 2.5.6.13 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) The common name of the series. presentationAddress Contains an OSI presentation address for the entry.
Page 33: Extensibleobject
extensibleObject Definition When present in an entry, permits the entry to optionally hold any attribute. The allowed attribute list of this class is implicitly the set of all attributes known to the server. This object class is defined in RFC 2252. Superior Class 1.3.6.1.4.1.1466.101.120.111 Required Attributes...
Page 34: Friendlycountry
friendlyCountry Definition Used to define country entries in the directory tree. This object class is used to allow more user-friendly country names than those allowed by the country object class. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.18 Required Attributes objectClass...
Page 35: Groupofcertificates
groupOfCertificates Definition Used to describe a set of X.509 certificates. Any certificate that matches one of the memberCertificateDescription values is considered a member of the group. This object class is defined in Directory Server. Superior Class 2.16.840.1.113730.3.2.31 Required Attributes objectClass Defines the object classes for the entry.
Page 36: Groupofnames
groupOfNames Definition Used to define entries for a group of names. Note: The definition in Directory Server differs from the standard definition. In the standard definition, member is a required attribute. In Directory Server member is an allowed attribute. Directory Server therefore allows a group to have no member. This object class is defined in RFC 2256.
Page 37: Groupofuniquenames
groupOfUniqueNames Definition Used to define entries for a group of unique names. This object class is defined in RFC 2256. Superior Class 2.5.6.17 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) The group’s common name. Allowed Attributes businessCategory Type of business in which the group is engaged.
Page 38: Groupofurls
groupOfURLs Definition An auxiliary object class of groupOfUniqueNames or groupOfNames. The group consists of a list of labeled URLs. Not supported by Directory Server 3.0. This object class is defined in Directory Server. Superior Class 2.16.840.1.113730.3.2.33 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) The group’s common name.
Page 39: Inetorgperson
inetOrgPerson Definition Used to define entries representing people in an organization’s enterprise network. Inherits cn and sn from the person object class. This object class is defined in RFC 2798. Superior Class person 2.16.840.1.113730.3.2.2 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) The person’s common name.
Page 40 givenName The person’s given, or first, name. homePhone The person’s home phone number. homePostalAddress The person’s home mailing adress. initials The person’s initials. internationalISDNNumber The person’s ISDN number. jpegPhoto Photo in JPEG format. l (localityName) Place in which the person is located. labeledURI Universal resource locator that is relevant to the person.
Page 41 teletexTerminalIdentifier Identifier for the person’s teletex terminal. telexNumber The person’s telex number. title The person’s job title. uid (userID) Identifies the person’s user id (usually the logon ID). userCertificate Stores a user’s certificate in cleartext (not used). userPassword Password with which the entry can bind to the directory. userSMIMECertificate Stores a user’s certificate in binary form.
Page 42: Labeleduriobject
labeledURIObject Definition This object class can be added to existing directory objects to allow for inclusion of URI values. This approach does not preclude including the labeledURI attribute type directly in other object classes as appropriate. This object class is defined in RFC 2079. Superior Class 1.3.6.1.4.1.250.3.1 Required Attributes...
Page 43: Locality
locality Definition Used to define entries that represent localities or geographic areas. This object class is defined in RFC 2256. Superior Class 2.5.6.3 Required Attributes objectClass Defines the object classes for the entry. Allowed Attributes description Text description of the locality. l (localityName) Place in which the entry is located.
Page 44: Newpilotperson
newPilotPerson Definition Used as a subclass of person, to allow the use of a number of additional attributes to be assigned to entries of the person object class. Inherits cn and sn from the person object class. This object class is defined in Internet White Pages Pilot. Superior Class person 0.9.2342.19200300.100.4.4...
Page 45 otherMailbox Values for electronic mailbox types other than X.400 and rfc822. pager The person’s pager number. personalSignature The person’s signature file. personalTitle The person’s personal title. preferredDeliveryMethod The person’s preferred method of contact or delivery. roomNumber The person’s room number. secretary Distinguished name of the person’s secretary or administrative assistant.
Page 46: Nslicenseuser
nsLicenseUser Definition Used to track licenses for Netscape servers that are licensed on a per-client basis. nsLicenseUser is intended to be used with the inetOrgPerson object class. You can manage the contents of this object class through the Users and Groups area of the Netscape Administration Server.
Page 47: Organization
organization Definition Used to define entries that represent organizations. An organization is generally assumed to be a large, relatively static grouping within a larger corporation or enterprise. This object class is defined in RFC 2256. Superior Class 2.5.6.4 Required Attributes objectClass Defines the object classes for the entry.
Page 48 preferredDeliveryMethod The organization’s preferred method of contact or delivery. registeredAddress Postal address suitable for reception of expedited documents, where the recipient must verify delivery. searchGuide Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation.
Page 49: Organizationalperson
organizationalPerson Definition Used to define entries for people employed by or associated with an organization. cn and sn are inherited from the person object class. This object class is defined in RFC 2256. Superior Class person 2.5.6.7 Required Attributes objectClass Defines the object classes for the entry.
Page 50 preferredDeliveryMethod The person’s preferred method of contact or delivery. registeredAddress Postal address suitable for reception of expedited documents, where the recipient must verify delivery. seeAlso URL to information relevant to the person. st (stateOrProvinceName) State or province in which the person is located. street Street address at which the person is located.
Page 51: Organizationalrole
organizationalRole Definition Used to define entries that represent roles held by people within an organization. This object class is defined in RFC 2256. Superior Class 2.5.6.8 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) The role’s common name. Allowed Attributes description Text description of the role.
Page 52 registeredAddress Postal address suitable for reception of expedited documents, where the recipient must verify delivery. roleOccupant Distinguished name of the person in the role. seeAlso URL to information relevant to the person in the role. st (stateOrProvinceName) State or province in which the person in the role is located.
Page 53: Organizationalunit
organizationalUnit Definition Used to define entries that represent organizational units. An organizational unit is generally assumed to be a relatively static grouping within a larger organization. This object class is defined in RFC 2256. Superior Class 2.5.6.5 Required Attributes objectClass Defines the object classes for the entry.
Page 54 preferredDeliveryMethod The organizational unit’s preferred method of contact or delivery. registeredAddress Postal address suitable for reception of expedited documents, where the recipient must verify delivery. searchGuide Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation.
Page 55: Person
person Definition Used to define entries that generically represent people. This object class is the base class for the organizationalPerson object class. This object class is defined in RFC 2256. Superior Class 2.5.6.6 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) The person’s common name.
Page 56: Pilotobject
pilotObject Definition Used as a subclass to allow additional attributes to be assigned to entries of all other object classes. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.3 Required Attributes objectClass Defines the object classes for the entry. Allowed Attributes audio Stores a sound file in binary format.
Page 57: Pilotorganization
pilotOrganization Definition Used as a subclass to allow additional attributes to be assigned to organization and organizationalUnit object class entries. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.20 Required Attributes objectClass Defines the object classes for the entry. o (organizationName) Organization to which the entry belongs.
Page 58 postOfficeBox The pilot organization’s post office box. preferredDeliveryMethod The pilot organization’s preferred method of contact or delivery registeredAddress Postal address suitable for reception of expedited documents, where the recipient must verify delivery. searchGuide Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation.
Page 59: Residentialperson
residentialPerson Definition Used by the directory server to contain a person’s residential information. This object class is defined in RFC 2256. Superior Class 2.5.6.10 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) The person’s common name. l (localityName) Place in which the person resides.
Page 60 registeredAddress Postal address suitable for reception of expedited documents, where the recipient must verify delivery. seeAlso URL to information relevant to the person. st (stateOrProvinceName) State or province in which the person resides. street Street address at which the person is located. telephoneNumber The person’s telephone number.
Page 61: Rfc822Localpart
RFC822LocalPart Definition Used to define entries that represent the local part of RFC822 mail addresses. The directory treats this part of an RFC822 address as a domain. This object class is defined in Internet directory pilot. Superior Class domain 0.9.2342.19200300.100.4.14 Required Attributes objectClass Defines the object classes for the entry.
Page 62 postalAddress The local part’s mailing address. postalCode The postal code for this address (such as a United States zip code). preferredDeliveryMethod Local part’s preferred method of contact or delivery. registeredAddress Postal address suitable for reception of expediated documents, where the recipient must verify delivery. searchGuide Specifies information for suggested search criteria when using the entry as the base object in the directory tree for...
Page 63: Room
room Definition Used to store information in the directory about a room. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.7 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) Common name of the room. Allowed Attributes description Text description of the room.
Page 64: Strongauthenticationuser
strongAuthenticationUser Definition Used to store a user’s certificate entry in the directory. This object class is defined in RFC 2256. Superior Class 2.5.6.15 Required Attributes objectClass Defines the object classes for the entry. userCertificate tStores a user’s certificate, usually in binary form. Netscape Directory Server Schema Reference •...
Page 65: Simplesecurityobject
simpleSecurityObject Definition Used to allow an entry to contain the userPassword attribute when an entry's principal object classes do not allow userPassword as an attribute type. Reserved for future use. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.19 Required Attributes objectClass...
Page 66 Netscape Directory Server Schema Reference • December 2001...
Page 67: Chapter 3 Attribute Reference
Chapter 3 Attribute Reference This chapter contains reference information about Netscape Directory Server (Directory Server) attributes. The attributes are listed in alphabetical order. abstract Definition Provides an abstract of a document entry. This attribute is defined in Internet White Pages Pilot. Syntax DirectoryString, multi-valued.
Page 68: Associateddomain
Syntax DN, single-valued. 2.5.4.1 associatedDomain Definition Specifies a DNS domain associated with an object in the directory tree. For example, the entry in the directory tree with a distinguished name "C=US, O=Example Corporation" would have an associated domain of "EC.US". Note that all domains should be represented in rfc822 order.
Page 69: Audio
0.9.2342.19200300.100.1.38 audio Definition Contains a sound file in binary format. The attribute uses a u-law encoded sound file. For example: audio:: AAAAAA== This attribute is defined in RFC 1274. Syntax Binary, multi-valued. 0.9.2342.19200300.100.1.55 authorCn Definition Contains the common name of the author of a document entry. For example: authorCn: Kacey This attribute is defined in Internet White Pages Pilot.
Page 70: Authorsn
authorSn Definition Contains the surname of the author of a document entry. For example: authorSn: Doe This attribute is defined in Internet White Pages Pilot. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.102.1.12 authorityRevocationList Definition Contains a list of CA certificates that have been revoked. This attribute is to be stored and requested in the binary form, as ‘authorityRevocationList ;binary’.
Page 71: Businesscategory
For example: buildingName: 14 This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.48 businessCategory Definition Identifies the type of business in which the entry is engaged. This should be a broad generalization such as is made at the corporate division level. For example: businessCategory: Engineering This attribute is defined in RFC 2256.
Page 72: Cacertificate
This attribute is defined in RFC 2256. Syntax DirectoryString, single-valued. 2.5.4.6 cACertificate Definition Contains the CA’s certificate. This attribute is to be stored and requested in the binary form, as ‘cACertificate;binary’. For example: cacertificate;binary:: AAAAAA== This attribute is defined in RFC 2256. Syntax Binary, multi-valued.
Page 73: Certificaterevocationlist
2.16.840.1.113730.3.1.1 certificateRevocationList Definition Contains a list of revoked user certificates. This attribute is to be stored and requested in the binary form, as ‘certificateRevocationList;binary’. For example: certificateRevocationList;binary:: AAAAAA== This attribute is defined in RFC 2256. Syntax Binary, multi-valued. 2.5.4.39 cn (commonName) Definition Identifies the name of an object in the directory.
Page 74: Co (Friendlycountryname)
Syntax DirectoryString, multi-valued. 2.5.4.3 co (friendlyCountryName) Definition Contains the name of a country. Often, the country attribute is used to describe a two-character code for a country, and the friendlyCountryName attribute is used to describe the actual country name. For example: friendlyCountryName: Ireland co: Ireland This attribute is defined in RFC 1274.
Page 75: Dc (Domaincomponent)
Syntax Binary, multi-valued. 2.5.4.40 dc (domainComponent) Definition Specifies one component of a domain name. For example: domainComponent: example dc: example This attribute is defined in RFC 2247. Syntax DirectoryString, single-valued. 0.9.2342.19200300.100.1.25 deltaRevocationList Definition This attribute is to be stored and requested in the binary form, as ‘deltaRevocationList;binary’.
Page 76: Departmentnumber
departmentNumber Definition Identifies the entry’s department number. For example: departmentNumber: 2604 This attribute is defined in RFC 2798. Syntax DirectoryString, multi-valued. 2.16.840.1.113730.3.1.2 description Definition Provides a human-readable description of the object. For people and organizations this often includes their role or work assignment. For example: description: Quality control inspector for the ME2873 product line This attribute is defined in RFC 2256.
Page 77: Displayname
For example: destinationIndicator: Stow, Ohio, USA This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.27 displayName Definition Preferred name of a person to be used when displaying entries. Especially useful in displaying a preferred name for an entry within a one-line summary list. Since other attribute types, such as cn, are multivalued, they can not be used to display a preferred name.
Page 78: Dmdname
This attribute is defined in RFC 1274. Syntax 0.9.2342.19200300.100.1.54 dmdName Definition The value of this attribute specifies a directory management domain (DMD), the administrative authority which operates the directory server. This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.54 dn (distinguishedName) Definition...
Page 79: Dnsrecord
dNSRecord Definition Specifies DNS resource records, including type A (Address), type MX (Mail Exchange), type NS (Name Server), and type SOA (Start Of Authority) resource records. For example: dNSRecord: IN NS ns.uu.net This attribute is defined in Internet directory pilot. Syntax IA5String, multi-valued.
Page 80: Documentlocation
For example: documentIdentifier: L3204REV1 This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.11 documentLocation Definition Defines the location of the original copy of a document entry. For example: documentLocation: Department Library This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued.
Page 81: Documentstore
0.9.2342.19200300.100.1.56 documentStore Definition Defines the *** of a document. For example: documentStore: This attribute is defined in Internet White Pages Pilot. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.102.1.10 documentTitle Definition Contains the title of a document entry. For example: documentTitle: Netscape Directory Server Administrator’s Guide This attribute is defined in RFC 1274.
Page 82: Documentversion
documentVersion Definition Defines the version of a document entry. For example: documentVersion: 1.1 This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.13 drink (favouriteDrink) Definition Describes the favorite drink of a person entry. For example: drink: soda favouriteDrink: soda This attribute is defined in RFC 1274.
Page 83: Dsaquality
dSAQuality Definition Specifies the purported quality of a DSA. This attribute allows a DSA manager to indicate the expected level of availability of the DSA. For example: dSAQuality: high This attribute is defined in RFC 1274. Syntax DirectoryString, single-valued. 0.9.2342.19200300.100.1.49 employeeNumber Definition Identifies the entry’s employee number.
Page 84: Enhancedsearchguide
For example: employeeType: Full time This attribute is defined in RFC 2798. Syntax DirectoryString, multi-valued. 2.16.840.1.113730.3.1.4 enhancedSearchGuide Definition Used by X.500 clients when construcing search filters. For example: enhancedSearchGuide: (uid=mhughes) This attribute is defined in RFC 2798. Syntax DirectoryString, multi-valued. 2.5.4.47 fax (fascimileTelephoneNumber) Definition...
Page 85: Generationqualifier
Syntax TelephoneNumber, multi-valued. 2.5.4.23 generationQualifier Definition Contains the generation Qualifier part of the name, typically appearing in the suffix. For example: generationqualifier:III This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.44 givenName Definition Identifies the entry’s given name, usually a person’s first name. For example: givenName: Hecuba This attribute is defined in RFC 2256.
Page 86: Homephone
homePhone Definition Identifies the entry’s home phone number. For example: homeTelephoneNumber: 415-555-1212 homePhone: 415-555-1234 This attribute is defined in RFC 1274. Syntax TelephoneNumber, multi-valued. 0.9.2342.19200300.100.1.20 homePostalAddress Definition Identifies the entry’s home mailing address. This field is intended to include multiple lines, but each line within the entry should be separated by a dollar sign ($).
Page 87: Host
Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.39 host Definition Defines the hostname of a computer. For example: host: mozilla This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.9 houseIdentifier Definition Identifes a building in a location. For example: houseIdentifier: B105 This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued.
Page 88: Info
info Definition Specifies any general information pertinent to an object. It is recommended that specific usage of this attribute type is avoided, and that specific requirements are met by other (possibly additional) attribute types. For example: info: not valid This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued.
Page 89: Internationalisdnnumber
internationalISDNNumber Definition Contains the ISDN number of the entry. This is in the internationally agreed format for ISDN addresses given in CCITT Rec. E. 164. This attribute is defined in RFC 2256. Syntax IA5String, multi-valued. 2.5.4.25 janetMailbox Definition Specifies an email address. This attribute is intended for the convenience of U.K. users unfamiliar with rfc822 mail addresses.
Page 90: Keywords
Syntax Binary, multi-valued. 0.9.2342.19200300.100.1.60 keyWords Definition Contains keywords for the entry. For example: keyWords: directory LDAP X.500 This attribute is defined in Internet White Pages Pilot. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.102.1.7 knowledgeInformation Definition This attribute is no longer used. This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued.
Page 91: L (Localityname)
l (localityName) Definition Identifies the county, city, or other geographical area in which the entry is located or with which it is in some other way associated. For example: localityName: Santa Clara l: Santa Clara This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued.
Page 92: Lastmodifiedby
lastModifiedBy Definition Specifies the distinguished name of the last user to modify the associated entry. For example: lastModifiedby: cn=Jane Doe,ou=Quality Control,o=example.com This attribute is defined in RFC 1274. Syntax DN, multi-valued. 0.9.2342.19200300.100.1.24 lastModifiedTime Definition Defines the last time, in UTC format, that a change was made to the entry. For example: lastModifiedTime: Thursday, 22-Sep-93 14:15:00 GMT This attribute is defined in RFC 1274.
Page 93: Mailpreferenceoption
For example: mail: banderson@example.com This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.3 mailPreferenceOption Definition Not used in Netscape Messaging Server 4.0. Indicates a preference for inclusion of user names on mailing lists (electronic or physical). Accepted values include: •...
Page 94: Manager
manager Definition Identifies the distinguished name of the entry’s manager. For example: manager:cn=Jane Doe, ou=Quality Control, o=example.com This attribute is defined in RFC 1274. Syntax DN, multi-valued. 0.9.2342.19200300.100.1.10 member Definition Identifies the distinguished names for each member of the group. For example: member: cn=John Doe, o=example.com This attribute is defined in RFC 2256.
Page 95: Memberurl
memberCertificateDescription matches any certificate that contains a subject DN with the same AVAs as the description. The description may contain multiple "ou=" AVAs. A matching DN must contain those same "ou=" AVAs, in the same order, although it may contain other AVAs (including other "ou=" AVAs) interspersed.
Page 96: Mobile
Syntax IA5String, multi-valued. 2.16.840.1.113730.3.1.198 mobile Definition Identifies the entry’s mobile or cellular phone number. Abbreviation: mobile For example: mobileTelephoneNumber: 415-555-4321 This attribute is defined in RFC 1274. Syntax TelephoneNumber, multi-valued. 0.9.2342.19200300.100.1.41 name Definition Identifies the attribute supertype from which string attribute types used for naming may be formed.
Page 97: Nslicensedfor
nsLicensedFor Definition Identifies the Netscape server the user is licensed to use. The Netscape Administration Server expects each nsLicenseUser entry to contain zero or more instances of this attribute. Valid keywords for this attribute are currently: • mail: the user is a licensed client of the Netscape Messaging Server. •...
Page 98: Nslicensestarttime
nsLicenseStartTime Definition Reserved for future use. This attribute is defined in Netscape Administration Services. Syntax DirectoryString, multi-valued. 2.16.840.1.113730.3.1.37 o (organizationName) Definition Identifies the name of the organization. For example: organizationName: Example Corporation, Inc. o: Example Corporation, Inc This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued.
Page 99: Obsoletedbydocument
objectClass: person This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.0 obsoletedByDocument Definition Contains the distinguished name of a document that obsoletes the document entry. This attribute is defined in Internet White Pages Pilot. Syntax DN, multi-valued. 0.9.2342.19200300.102.1.4 obsoletesDocument Definition Contains the distinguished name of a document that is obsoleted by the document...
Page 100: Organizationalstatus
organizationalStatus Definition Specifies a category by which a person is often referred to in an organization. For example: organizationalStatus: researcher This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.45 otherMailbox Definition Specifies values for electronic mailbox types other than X.400 and rfc822. For example: otherMailbox: internet $ jdoe@example.com This attribute is defined in RFC 1274.
Page 101: Owner
organizationUnitName: Marketing ou: Marketing This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.11 owner Definition Identifies the distinguished name of the person responsible for the entry. For example: owner: cn=John Smith, o=Example Corporation, c=US This attribute is defined in RFC 2256. Syntax DN, multi-valued.
Page 102: Personalsignature
This attribute is defined in RFC 1274. Syntax TelephoneNumber, multi-valued. 0.9.2342.19200300.100.1.42 personalSignature Definition A signature file, in binary format, for the entry. For example: personalSignature:: AAAAAA== This attribute is defined in RFC 1274. Syntax Binary, multi-valued. 0.9.2342.19200300.100.1.53 personalTitle Definition Specifies a personal title for a person. Examples of personal titles are "Ms", "Dr", "Prof"...
Page 103: Photo
0.9.2342.19200300.100.1.40 photo Definition Contains a photo, in binary form, of the entry. For example: photo:: AAAAAA== This attribute is defined in RFC 1274. Syntax Binary, multi-valued. 0.9.2342.19200300.100.1.7 physicalDeliveryOfficeName Definition Identifies the name of the city or village in which a physical delivery office is located.
Page 104: Postaladdress
postalAddress Definition Identifies the entry’s mailing address. This field is intended to include multiple lines. When represented in LDIF format, each line should be separated by a dollar sign ($). To represent an actual dollar sign ($) or backslash (\) within this text, use the escaped hex values \24 and \5c respectively.
Page 105: Postofficebox
postOfficeBox Definition Specifies a postal mailing address. For example: postOfficeBox: 1234 This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.18 preferredDeliveryMethod Definition Identifies the entry’s preferred contact or delivery method. For example: preferredDeliveryMethod: telephone This attribute is defined in RFC 2256. Syntax DirectoryString, single-valued.
Page 106: Presentationaddress
Syntax DirectoryString, single-valued. 2.16.840.1.113730.3.1.39 presentationAddress Definition Contains an OSI presentation address for the entry. The presentation address consists of an OSI Network Address and up to three selectors, one each for use by the transport, session, and presentation entities. For example: presentationAddress: TELEX+00726322+RFC-1006+02+130.59.2.1 This attribute is defined in RFC 2256.
Page 107: Reciprocalnaminglink
reciprocalNamingLink Definition This attribute is defined in North American Directory Forum (NADF). Syntax DN, multi-valued. 2.6.6.5.2.4.10 registeredAddress Definition This attribute contains a postal address for receiving telegrams or expedited documents. The recipient’s signature is usually required on delivery. This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued.
Page 108: Roomnumber
2.5.4.33 roomNumber Definition Specifies the room number of an object. Note that the commonName attribute should be used for naming room objects. For example: roomNumber: 230 This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.6 searchGuide Definition Specifies information for a suggested search criteria when using the entry as the base object in the directory tree for a search operation.
Page 109: Secretary
secretary Definition Identifies the entry’s secretary or administrative assistant. For example: secretary: cn=John Doe, o=example.com This attribute is defined in RFC 1274. Syntax DN, multi-valued. 0.9.2342.19200300.100.1.21 seeAlso Definition Identifies another directory server entry that may contain information related to this entry. For example: seeAlso: cn=Quality Control Inspectors,ou=manufacturing,o=example.com...
Page 110: Singlelevelquality
For example: serialNumber: 555-1234-AZ This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.5 singleLevelQuality Definition Specifies the purported data quality at the level immediately below in the DIT. This attribute is defined in RFC 1274. Syntax DirectoryString, single-valued. 0.9.2342.19200300.100.1.50 sn (surname) Definition...
Page 111: St (Stateorprovincename)
Syntax DirectoryString, multi-valued. 2.5.4.4 st (stateOrProvinceName) Definition Identifies the state or province in which the entry resides. Abbreviation: st. For example: stateOrProvinceName: California st: California This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.8 street Definition Identifies the entry’s house number and street name. For example: streetAddress: 1234 Ridgeway Drive street: 1234 Ridgeway Drive...
Page 112: Subject
Syntax DirectoryString, multi-valued. 2.5.4.9 subject Definition Contains information about the subject matter of the document entry. For example: subject: employee option grants This attribute is defined in Internet White Pages Pilot. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.102.1.8 subtreeMaximumQuality Definition Specifies the purported maximum data quality for a DIT subtree. This attribute is defined in RFC 1274.
Page 113: Subtreeminimumquality
subtreeMinimumQuality Definition Specifies the purported minimum data quality for a DIT subtree. This attribute is defined in RFC 1274. Syntax DirectoryString, single-valued. 0.9.2342.19200300.100.1.51 supportedAlgorithms Definition This attribute is to be stored and requested in the binary form, as ‘supportedAlgorithms;binary’. For example: supportedAlgorithms:: AAAAAA== This attribute is defined in RFC 2256.
Page 114: Telephonenumber
2.5.4.30 telephoneNumber Definition Identifies the entry’s phone number. For example: telephoneNumber: 415-555-2233 This attribute is defined in RFC 2256. Syntax TelephoneNumber, multi-valued. 2.5.4.20 teletexTerminalIdentifier Definition Identifies the entry’s teletex terminal identifier. The format of the attribute is as follows: teletex-id = ttx-term 0*("$"...
Page 115: Telexnumber
2.5.4.22 telexNumber Definition Defines the telex number of the entry. The format of the telex number is as follows: actual-number "$" country "$" answerback where: • actual-number: the syntactic representation of the number portion of the TELEX number being encoded. •...
Page 116: Title
0.9.2342.19200300.100.1.2 title Definition Identifies the title of a person in the organization. For example: title: Senior QC Inspector This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.12 ttl (timeToLive) Definition Contains the time, in seconds, that cached information about an entry should be considered valid.
Page 117: Uid (Userid)
1.3.6.1.4.1.250.1.60 uid (userID) Definition Identifies the entry’s userid (usually the logon ID). Abbreviation: uid. For example: userid: banderson uid: banderson This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.1 uniqueIdentifier Definition Identifies a specific item used to distinguish between two entries when a distinguished name has been reused.
Page 118: Uniquemember
0.9.2342.19200300.100.1.44 uniqueMember Definition Identifies a group of names associated with an entry where each name was given a uniqueIdentifier to ensure its uniqueness. A value for the uniqueMember attribute is a DN followed by the uniqueIdentifier. This attribute is defined in RFC 2256. Syntax DN, multi-valued.
Page 119: Usercertificate
This attribute is defined in Internet White Pages Pilot. Syntax DN, multi-valued. 0.9.2342.19200300.102.1.5 userCertificate Definition This attribute is to be stored and requested in the binary form, as ‘userCertificate;binary’. For example: userCertificate;binary:: AAAAAA== This attribute is defined in RFC 2256. Syntax Binary, multi-valued.
Page 120: Userpassword
0.9.2342.19200300.100.1.8 userPassword Definition Identifies the entry’s password and encryption method in the following format: {encryption method}encrypted password Transfer of cleartext passwords is strongly discouraged where the underlying transport service cannot guarantee confidentiality. Transfer of cleartext may result in disclosure of the password to unauthorized parties. For example: userPassword: {sha}FTSLQhxXpA05 This attribute is defined in RFC 2256.
Page 121: Usersmimecertificate
userSMIMECertificate Definition Used by Netscape Communicator for S/MIME. This attribute is to be stored and requested in the binary form, as ‘userSMIMECertificte;binary’. For example: userSMIMECertificate;binary:: AAAAAA== This attribute is defined in RFC 2798. Syntax Binary, multi-valued. 2.16.840.1.113730.3.1.40 x121Address Definition Defines the X.121 address of a person. This attribute is defined in RFC 2256.
Page 122 This attribute is defined in RFC 2256. Syntax Binary, multi-valued. 2.5.4.45 Netscape Directory Server Schema Reference • December 2001...
Page 123: Chapter 4 Operational Attributes, Special Attributes, And Special Object Classes
Chapter 4 Operational Attributes, Special Attributes, and Special Object Classes This chapter describes operational attributes used by Netscape Directory Server (Directory Server). Operational attributes are available for use on every entry in the directory, regardless of whether they are defined for the object class of the entry. Operational attributes are only returned in an operation if specifically ldapsearch...
Page 124: Aci
Operational Attributes Syntax DirectoryString, multi-valued 2.16.840.1.113730.3.1.95 Definition Used by the directory server to evaluate what rights are granted or denied when it receives an LDAP request from a client. This attribute is defined in Directory Server. Syntax IA5String, multi-valued 2.16.840.1.113730.3.1.55 altServer Definition The values of this attribute are URLs of other servers which may be contacted...
Page 125: Attributetypes
Operational Attributes attributeTypes Definition Multi-valued attribute that specifies the attribute types used within a subschema. Each value describes a single attribute. This attribute is defined in RFC 2252. Syntax DirectoryString, multi-valued. 2.5.21.5 copiedFrom Definition Used by read-only replica to recognize master data source. Contains a reference to the server that holds the master data.
Page 126: Ditcontentrules
Operational Attributes Syntax DirectoryString, single-valued. 2.16.840.1.113730.3.1.614 dITContentRules Definition Multi-valued attribute that defines the DIT content rules which are in force within a subschema. Each value defines one DIT content rule. Each value is tagged by the object identifier of the structural object class to which it pertains. This attribute is defined in RFC 2252.
Page 127: Matchingrules
Operational Attributes matchingRules Definition Multi-valued attribute that defines the matching rules used within a subschema. Each value defines one matching rule. This attribute is defined in RFC 2252. Syntax DirectoryString, multi-valued. 2.5.21.4 matchingRuleUse Definition Used to indicate the attribute types to which a matching rule applies in a subschema.
Page 128: Namingcontexts
Operational Attributes 2.5.21.7 namingContexts Definition Corresponds to a naming context the server is mastering or shadowing. When the directory server does not master any information (for example, it is an LDAP gateway to a public X.500 directory), this attribute is absent. When the directory server believes it contains the entire directory, the attribute has a single value, and that value is the empty string (indicating the null DN of the root).This attribute permits a client contacting a server to choose suitable base objects for searching.
Page 129: Nsrole
Operational Attributes nsRole Definition This attribute is a computed attribute that is not stored with the entry itself. It identifies which roles an entry belongs to. This attribute is defined in Directory Server. Syntax DN, multi-valued. 2.16.840.1.113730.3.1.574 nsRoleDn Definition This attribute contains the distinguished name of all roles that apply to an entry. Membership of a managed role is conferred upon an entry by adding the role’s DN to the entry’s nsRoleDN attribute.
Page 130: Objectclasses
Operational Attributes For example: dn: cn=everybody,o=Netscape,o=example.com objectclass: LDAPsubentry objectclass: nsRoleDefinition objectclass: nsComplexRoleDefinition objectclass: nsNestedRoleDefinition nsroledn: cn=manager,o=Netscape,o=example.com nsroledn: cn=staff,o=Netscape,o=example.com This attribute is defined in Directory Server. Syntax DN, multi-valued. 2.16.840.1.113730.3.1.575 objectClasses Definition Multi-valued attribute that defines the object classes used in a subschema. Each value defines one object class.
Page 131: Passwordexpirationtime
Operational Attributes Syntax DirectoryString, multi-valued. 2.16.840.1.113730.3.1.214 passwordExpirationTime Definition Used to specify the length of time that passes before the user’s password expires. This attribute is defined in Directory Server. Syntax GeneralizedTime, multi-valued. 2.16.840.1.113730.3.1.91 passwordExpWarned Definition Used to indicate that a password expiration warning has been sent to the user. This attribute is defined in Directory Server.
Page 132: Passwordretrycount
Operational Attributes Syntax Binary, multi-valued. 2.16.840.1.113730.3.1.96 passwordRetryCount Definition Used to count the number of consecutive failed attempts at entering the correct password. This attribute is defined in Directory Server. Syntax DirectoryString, multi-valued. 2.16.840.1.113730.3.1.93 retryCountResetTime Definition Specifies the length of time that passes before the passwordRetryCount is reset. This attribute is defined in Directory Server.
Page 133: Supportedcontrol
Operational Attributes For example: subschemaSubentry: cn=schema This attribute is defined in RFC 2252. Syntax DN, single-valued. 2.5.18.10 supportedControl Definition The values of this attribute are the object identifiers (OIDs) that identify the controls supported by the server. When the server does not support controls, this attribute is absent.
Page 134: Supportedldapversion
Special Attributes supportedLDAPVersion Definition Identifies the versions of the LDAP protocol implemented by the server. This attribute is defined in RFC 2252. Syntax INTEGER, multi-valued. 1.3.6.1.4.1.1466.101.120.15 supportedSASLMechanisms Definition Identifies the names of supported SASL mechanisms supported by the server. When the server does not support SASL attributes, this attribute is absent. This attribute is defined in RFC 2252.
Page 135: Changelog
Special Attributes Syntax Binary, multi-valued. 2.16.840.1.113730.3.1.8 changeLog Description The distinguished name of the entry which contains the set of entries comprising the servers changelog. This attribute is defined in Changelog Internet Draft. Syntax DN, multi-valued. 2.16.840.1.113730.3.1.35 changeNumber Description This single-valued attribute is always present. It contains an integer which uniquely identifies each change made to a directory entry.
Page 136: Changetime
Special Attributes changeTime Description Defines a time, in a YYMMDDHHMMSS format, when the entry was added. This attribute is defined in Directory Server. Syntax DirectoryString, multi-valued. 2.16.840.1.113730.3.1.77 changeType Description Specifies the type of LDAP operation. This attribute can have one of the following values: add, delete, modify, or modrdn.
Page 137: Newrdn
Special Attributes 2.16.840.1.113730.3.1.10 newRdn Description In the case of operations, specifies the new RDN of the entry. modrdn This attribute is defined in Changelog Internet Draft. Syntax DN, multi-valued. 2.16.840.1.113730.3.1.9 newSuperior Description In the case of operations, specifies the attribute of the entry. modrdn newSuperior This attribute is defined in Changelog Internet Draft.
Page 138: Special Object Classes
Special Object Classes Syntax DN, multi-valued. 2.16.840.1.113730.3.1.6 Special Object Classes changeLogEntry Definition Used to represent changes made to the directory server. You can configure Directory Server 6.0 to maintain a change log that is compatible with the change log implemented in Directory Server 4.1, 4.1, 4.11, 4.12, and 4.13 by enabling the retro change log plug-in.
Page 139: Subschema
Special Object Classes Allowed Attributes changes Changes made to the directory server. deleteOldRdn A flag that defines whether the old Relative Distinguished Name (RDN) of the entry should be kept as a distinguished attribute of the entry, or should be deleted.
Page 140 Special Object Classes dITStructureRules Defines the DIT structure rules which are in force within a subschema. matchingRuleUse Indicates the attribute types to which a matching rule applies in a subschema. matchingRules Defines the matching rules used within a subschema nameForms Defines the name forms used in a subschema.
Page 141: Index
Index SYMBOLS ( 78 c attribute 71 cACertificate attribute 72 carLicense attribute 72 certificateRevocationList attribute 73 changeLog attribute 135 changeLogEntry object class 138 abstract attribute 67 changeNumber attribute 135 account object class 21 changes attribute 134 accountUnlockTime operational attribute 123 changeTime attribute 136 aci operational attribute 124 changeType attribute 136...
Page 142 destinationIndicator attribute 76 friendlyCountryName attribute,See co attribute device object class 25 displayName attribute 77 distinguishedName attribute,See dn attribute dITContentRules operational attribute 126 dITRedirect attribute 77 generationQualifier attribute 85 dITStructureRules operational attribute 126 givenName attribute 85 dmdname attribute 78 groupOfCertificates object class 35 dn attribute 78 groupOfNames object class 36 dNSRecord attribute 79...
Page 143 nsds5replconflict operational attribute 128 nsLicensedFor attribute 97 keyWords attribute 90 nsLicenseEndTime attribute 97 knowledgeInformation attribute 90 nsLicenseStartTime attribute 98 nsLicenseUser object class 46 nsRole operational attribute 129 nsRoleDn operational attribute 129 l attribute 91 labeledURI attribute 91 labeledURIObject object class 42 lastModifiedBy attribute 92 o attribute 98 lastModifiedTime attribute 92...
Page 144 personalSignature attribute 102 stateOrProvinceName attribute, See st attribute personalTitle attribute 102 street attribute 111 photo attribute 103 streetAddress attribute, See street attribute physicalDeliveryOfficeName attribute 103 strongAuthenticationUser object class 64 pilotObject object class 56 subject attribute 112 pilotOrganization object class 57 subschema object class 139 postalAddress attribute 104 subschemaSubentry operational attribute 132...
Page 145 userPassword attribute 120 userPKCS12 attribute 120 userSMIMECertificate attribute 121 x121Address attribute 121 x500UniqueIdentifier attribute 121 Index...
Page 146 Netscape Directory Server Schema Reference • December 2001...

Netscape DIRECTORY SERVER 6.0 - SCHEMA Reference

Chapter 1 About Schema

Chapter 2 Object Class Reference

Chapter 3 Attribute Reference

Chapter 4 Operational Attributes, Special Attributes, and Special Object Classes

Index

Quick Links

Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 6.0 - SCHEMA

Summary of Contents for Netscape NETSCAPE DIRECTORY SERVER 6.0 - SCHEMA

Table of Contents