Page 1 Schema Reference Netscape Directory Server Version 6.01 January 2002...
Page 2 Netscape Communications Corporation ("Netscape") and its licensors retain all ownership rights to the software programs offered by Netscape (referred to herein as "Software") and related documentation. Use of the Software and related documentation is governed by the license agreement for the Software and applicable copyright law. Your right to copy this documentation is limited by copyright law.
Page 3: Table Of Contents
Contents Purpose of This Guide ..............9 Directory Server Overview .
Page 4 dcObject ................31 device .
Page 5 authorCn ................81 authorSn .
Page 6 homePhone ................100 homePostalAddress .
Page 7 preferredLanguage ..............119 presentationAddress .
Page 8 altServer ................138 attributeTypes .
Page 9: Purpose Of This Guide
About This Reference Guide Netscape Directory Server (Directory Server) 6.x is a powerful and scalable distributed directory server based on the industry-standard Lightweight Directory Access Protocol (LDAP). Directory Server is the cornerstone for building a centralized and distributed data repository that can be used in your intranet, over your extranet with your trading partners, or over the public Internet to reach your customers.
Page 10: Directory Server Overview
Directory Server Overview Directory Server Overview The major components of Directory Server include: • An LDAP server—The core of the directory service, provided by the ns-slapd daemon, and compliant with the LDAP v3 Internet standards. • Directory Server Console—An improved management console that dramatically reduces the effort of setting up and maintaining your directory service.
Page 11: Prerequisite Reading
Prerequisite Reading Prerequisite Reading This guide describes the standard schema and the standard object classes and attributes. However, this guide does not describe how to design, customize or maintain your schema, nor does it give any information on replication. Those concepts are described in the Netscape Directory Server Deployment Guide.
Page 12: Related Information
Related Information Related Information The document set for Directory Server also contains the following guides: • Netscape Directory Server Installation Guide. Procedures for installing your Directory Server as well as procedures for migrating your Directory Server. • Netscape Directory Server Deployment Guide. Provides an overview for planning your deployment of the Directory Server.
Page 13: Chapter 1 About Schema
Chapter 1 About Schema This chapter provides an overview of some of the basic concepts of the directory schema, and lists the files in which the schema is described. It describes object classes, attributes and object identifiers (OIDs), and briefly discusses extending server schema and schema checking.
Page 14: Object Classes
Schema Definition Object Classes In LDAP, an object class defines the set of attributes that can be used to define an entry. The LDAP standard provides some basic types of object classes, including: • Groups, including unordered lists of individual objects or groups of objects. •...
Page 15: Attributes
Schema Definition The server’s object class structure determines the list of required and allowed attributes for a particular entry. For example, a person entry is usually defined with the following object class structure: objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgperson In this structure, the inetOrgperson inherits from the organizationalPerson and person object classes.
Page 16 Schema Definition Attribute Syntax Table 1-1 Syntax Method Definition Binary 1.3.6.1.4.1.1466.115.121.1.5 Indicates that values for this attribute are binary Boolean 1.3.6.1.4.1.1466.115.121.1.7 Indicates that this attribute has one of only two values: True or False Country String 1.3.6.1.4.1.1466.115.121.1.11 Indicates that values for this attribute are limited to exactly two printable string characters, for example US 1.3.6.1.4.1.1466.115.121.1.12...
Page 17: Single-Valued And Multi-Valued Attributes
Schema Supported by Directory Server 6.x Syntax Method Definition indicates that the values for this attribute are in the form of a URL, introduced by a string such as http://, https://, ftp://, ldap://, ldaps://. The URI has the same behavior as IA5String. See RFC 2396.
Page 18 Schema Supported by Directory Server 6.x Schema Filename Purpose 05rfc2247.ldif Schema from RFC 2247 and related pilot schema "Using Domains in LDAP/X.500 Distinguished Names" 05rfc2927.ldif Schema from RFC 2927 "MIME Directory Profile for LDAP Schema" 10rfc2307.ldif Schema from RFC 2307 "An Approach for Using LDAP as a Network Information Service"...
Page 19: Object Identifiers (Oids)
Object Identifiers (OIDs) 50ns-mcd-li.ldif Schema for Netscape Mission Control Desktop - Location Independence 50ns-mcd-mail.ldif Schema for Netscape Mission Control Desktop - Mail 50ns-media.ldif Schema for Netscape Media Server 50ns-mlm.ldif Schema for Netscape Mailing List Manager 50ns-msg.ldif Schema for Netscape Web Mail 50ns-netshare.ldif Schema for Netscape Netshare 50ns-news.ldif...
Page 20: Extending Server Schema
Extending Server Schema Extending Server Schema The Directory Server schema includes hundreds of object classes and attributes that can be used to meet most of your requirements. This schema can be extended with new object classes and attributes that meet evolving requirements for the directory service in the enterprise.
Page 21: Chapter 2 Object Class Reference
Chapter 2 Object Class Reference This chapter contains an alphabetical list of the object classes accepted by the default schema. It gives a definition of each object class, and lists its required and allowed attributes. The object classes listed in this chapter are available for you to use to support your own information in the Netscape Directory Server (Directory Server).
Page 22: Account
account Definition Used to define entries representing computer accounts. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.5 Required Attributes objectClass Defines the object classes for the entry. uid (userID) Identifies the account’s user ID. Allowed Attributes description Text description of the entry.
Page 23: Alias
alias Definition Used to point to other entries in the directory tree. Note: Aliasing is not supported in Directory Server. This object class is defined in RFC 2256. Superior Class 2.5.6.1 Required Attributes objectClass Defines the object classes for the entry. aliasedObjectName Distinguished name of the entry for which this entry is an alias.
Page 24: Cosclassicdefinition
cosClassicDefinition Definition Identifies the template entry using both the template entry’s DN (as specified in the attribute) and the value of one of the target entry’s attributes (as cosTemplateDn specified in the attribute). cosSpecifier This object class is defined in Directory Server. Superior Class cosSuperDefinition 2.16.840.1.113730.3.2.100...
Page 25: Cosdefinition
cosDefinition Definition Defines the Class of Services you are using. This object class is supported in order to provide compatibility with the DS4.1 CoS Plug-in. This object class is defined in Directory Server. Superior Class 2.16.840.1.113730.3.2.84 Required Attributes objectClass Defines the object classes for the entry. Allowed Attributes Evaluates what rights are granted or denied when the directory server receives an LDAP request from a...
Page 26: Cosindirectdefinition
cosIndirectDefinition Definition Identifies the template entry using the value of one of the target entry’s attributes. The attribute of the target entry is specified in the cosIndirectSpecifier attribute. This object class is defined in Directory Server. Superior Class cosSuperDefinition 2.16.840.1.113730.3.2.102 Required Attributes objectClass Defines the object classes for the entry.
Page 27: Cospointerdefinition
cosPointerDefinition Definition Identifies the template entry associated with the CoS definition using the template entry’s DN value. The DN of the template entry is specified in the cosTemplateDn attribute. This object class is defined in Directory Server. Superior Class cosSuperDefinition 2.16.840.1.113730.3.2.101 Required Attributes objectClass...
Page 28: Cossuperdefinition
cosSuperDefinition Definition All CoS definition object classes inherit from the object cosSuperDefinition class. This object class is defined in Directory Server. Superior Class ldapSubEntry 2.16.840.1.113730.3.2.99 Required Attributes objectClass Defines the object classes for the entry. cosAttribute Provides the name of the attribute for which you want to generate a value.
Page 29: Costemplate
cosTemplate Definition Contains a list of the shared attribute values. This object class is defined in Directory Server. Superior Class 2.16.840.1.113730.3.2.128 Required Attributes objectClass Defines the object classes for the entry. Allowed Attributes cn (commonName) Common name of the entry. cosPriority Specifies which template provides the attribute value, when CoS templates compete to provide an...
Page 30: Country
country Definition Used to defines entries that represent countries. This object class is defined in RFC 2256. Superior Class 2.5.6.2 Required Attributes objectClass Defines the object classes for the entry. c (countryName) Contains the two-character code representing country names, as defined by ISO, in the directory. Allowed Attributes description Text description of the country.
Page 31: Dcobject
dcObject Definition Allows domain components to be defined for an entry. This object class is defined as auxiliary because it is commonly used in combination with another object class, such as (organization), ou (organizationUnitName) (organizationalUnit), or l (localityName) (locality). For example: dn: dc=example,dc=com objectClass: top objectClass: organization...
Page 32: Device
device Definition Used to store information about network devices, such as printers, in the directory. This object class is defined in RFC 2256. Superior Class 2.5.6.14 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) Common name of the device. Allowed Attributes description Text description of the device.
Page 33: Document
document Definition Used to define entries which represent documents in the directory. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.6 Required Attributes objectClass Defines the object classes for the entry. documentIdentifier Unique identifier for a document. Allowed Attributes abstract Abstract of the document.
Page 34 keyWords Keywords that describe the document. l (localityName) Place in which the document is located. lastModifiedBy Distinguished name of the last user to modify the document. lastModifiedTime Last time the document was modified. manager Distinguished name of the object’s manager. o (organizationName) Organization to which the document belongs.
Page 35: Documentseries
documentSeries Definition Used to define an entry that represents a series of documents. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.9 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) The common name of the series. Allowed Attributes description Text description of the series.
Page 36: Domain
domain Definition Used to define entries that represent DNS domains in the directory. The domainComponent attribute should be used for naming entries of this object class. Used to represent Internet domain names (for example, example.com The domain object class can only be used with an entry that does not correspond to an organization, organizational unit or other type of object for which an object class has been defined.
Page 37 l (localityName) Place in which the domain is located. o (organizationName) Organization to which the domain belongs. physicalDeliveryOfficeName Location where physical deliveries can be made. postOfficeBox Domain’s post office box. postalAddress Domain’s mailing address. postalCode The postal code for this address (such as a United States zip code).
Page 38: Domainrelatedobject
domainRelatedObject Definition Used to define entries which representDNS/NRS domains which are “equivalent” to an X.500 domain, for example, an organisation or organisational unit. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.17 Required Attributes objectClass Defines the object classes for the entry. associatedDomain Specifies a DNS domain associated with an object in the directory tree.
Page 39: Dsa
Definition Used to define entries representing DSAs in the directory. This object class is defined in RFC 1274. Superior Class 2.5.6.13 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) The common name of the series. presentationAddress Contains an OSI presentation address for the entry.
Page 40: Extensibleobject
extensibleObject Definition When present in an entry, permits the entry to optionally hold any attribute. The allowed attribute list of this class is implicitly the set of all attributes known to the server. This object class is defined in RFC 2252. Superior Class 1.3.6.1.4.1.1466.101.120.111 Required Attributes...
Page 41: Friendlycountry
friendlyCountry Definition Used to define country entries in the directory tree. This object class is used to allow more user-friendly country names than those allowed by the country object class. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.18 Required Attributes objectClass...
Page 42: Groupofcertificates
groupOfCertificates Definition Used to describe a set of X.509 certificates. Any certificate that matches one of the memberCertificateDescription values is considered a member of the group. This object class is defined in Directory Server. Superior Class 2.16.840.1.113730.3.2.31 Required Attributes objectClass Defines the object classes for the entry.
Page 43: Groupofnames
groupOfNames Definition Used to define entries for a group of names. Note: The definition in Directory Server differs from the standard definition. In the standard definition, member is a required attribute. In Directory Server member is an allowed attribute. Directory Server therefore allows a group to have no member. This object class is defined in RFC 2256.
Page 44: Groupofuniquenames
groupOfUniqueNames Definition Used to define entries for a group of unique names. This object class is defined in RFC 2256. Superior Class 2.5.6.17 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) The group’s common name. Allowed Attributes businessCategory Type of business in which the group is engaged.
Page 45: Groupofurls
groupOfURLs Definition An auxiliary object class of groupOfUniqueNames or groupOfNames. The group consists of a list of labeled URLs. Not supported by Directory Server 3.0. This object class is defined in Directory Server. Superior Class 2.16.840.1.113730.3.2.33 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) The group’s common name.
Page 46: Inetorgperson
inetOrgPerson Definition Used to define entries representing people in an organization’s enterprise network. Inherits cn and sn from the person object class. This object class is defined in RFC 2798. Superior Class person 2.16.840.1.113730.3.2.2 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) The person’s common name.
Page 47 givenName The person’s given, or first, name. homePhone The person’s home phone number. homePostalAddress The person’s home mailing adress. initials The person’s initials. internationalISDNNumber The person’s ISDN number. jpegPhoto Photo in JPEG format. l (localityName) Place in which the person is located. labeledURI Universal resource locator that is relevant to the person.
Page 48 telephoneNumber The person’s telephone number. teletexTerminalIdentifier Identifier for the person’s teletex terminal. telexNumber The person’s telex number. title The person’s job title. uid (userID) Identifies the person’s user id (usually the logon ID). userCertificate Stores a user’s certificate in cleartext (not used). userPassword Password with which the entry can bind to the directory.
Page 49: Labeleduriobject
labeledURIObject Definition This object class can be added to existing directory objects to allow for inclusion of URI values. This approach does not preclude including the labeledURI attribute type directly in other object classes as appropriate. This object class is defined in RFC 2079. Superior Class 1.3.6.1.4.1.250.3.1 Required Attributes...
Page 50: Locality
locality Definition Used to define entries that represent localities or geographic areas. This object class is defined in RFC 2256. Superior Class 2.5.6.3 Required Attributes objectClass Defines the object classes for the entry. Allowed Attributes description Text description of the locality. l (localityName) Place in which the entry is located.
Page 51: Newpilotperson
newPilotPerson Definition Used as a subclass of person, to allow the use of a number of additional attributes to be assigned to entries of the person object class. Inherits cn and sn from the person object class. This object class is defined in Internet White Pages Pilot. Superior Class person 0.9.2342.19200300.100.4.4...
Page 52 otherMailbox Values for electronic mailbox types other than X.400 and rfc822. pager The person’s pager number. personalSignature The person’s signature file. personalTitle The person’s personal title. preferredDeliveryMethod The person’s preferred method of contact or delivery. roomNumber The person’s room number. secretary Distinguished name of the person’s secretary or administrative assistant.
Page 53: Nscomplexroledefinition
nsComplexRoleDefinition Definition Any role that is not a simple role is, by definition, a complex role. This object class is defined in Directory Server. Superior Class nsRoleDefinition 2.16.840.1.113730.3.2.95 Required Attributes objectClass Defines the object classes for the entry. Allowed Attributes cn (commonName) The entry’s common name.
Page 54: Nsfilteredroledefinition
nsFilteredRoleDefinition Definition Specifies assignment of entries to the role, depending upon the attributes contained by each entry. This object class is defined in Directory Server. Superior Class nsComplexRoleDefinition 2.16.840.1.113730.3.2.97 Required Attributes objectClass Defines the object classes for the entry. nsRoleFilter Specifies the filter assigned to an entry.
Page 55: Nslicenseuser
nsLicenseUser Definition Used to track licenses for Netscape servers that are licensed on a per-client basis. nsLicenseUser is intended to be used with the object class. You can inetOrgPerson manage the contents of this object class through the Users and Groups area of the Netscape Administration Server.
Page 56: Nsmanagedroledefinition
nsManagedRoleDefinition Definition Specifies assignment of a role to an explicit, enumerated list of members. This object class is defined in Directory Server. Superior Class nsSimpleRoleDefinition 2.16.840.1.113730.3.2.96 Required Attributes objectClass Defines the object classes for the entry. Allowed Attributes cn (commonName) The entry’s common name.
Page 57: Nsnestedroledefinition
nsNestedRoleDefinition Definition Specifies containment of one or more roles of any type within the role. This object class is defined in Directory Server. Superior Class nsComplexRoleDefinition 2.16.840.1.113730.3.2.98 Required Attributes objectClass Defines the object classes for the entry. nsRoleDN Specifies the roles assigned to an entry. Allowed Attributes cn (commonName) The entry’s common name.
Page 58: Nsroledefinition
nsRoleDefinition Definition All role definition object classes inherit from the object class. nsRoleDefinition This object class is defined in Directory Server. Superior Class ldapSubEntry 2.16.840.1.113730.3.2.93 Required Attributes objectClass Defines the object classes for the entry. Allowed Attributes cn (commonName) The entry’s common name. description Text description of the entry.
Page 59: Nssimpleroledefinition
nsSimpleRoleDefinition Definition Roles containing this object class are called simple roles because they have a deliberately limited flexibility, which makes it easy to: • Enumerate the members of a role. • Determine whether a given entry possesses a particular role. •...
Page 60: Organization
organization Definition Used to define entries that represent organizations. An organization is generally assumed to be a large, relatively static grouping within a larger corporation or enterprise. This object class is defined in RFC 2256. Superior Class 2.5.6.4 Required Attributes objectClass Defines the object classes for the entry.
Page 61 postOfficeBox The organization’s post office box. preferredDeliveryMethod The organization’s preferred method of contact or delivery. registeredAddress Postal address suitable for reception of expedited documents, where the recipient must verify delivery. searchGuide Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation.
Page 62: Organizationalperson
organizationalPerson Definition Used to define entries for people employed by or associated with an organization. cn and sn are inherited from the person object class. This object class is defined in RFC 2256. Superior Class person 2.5.6.7 Required Attributes objectClass Defines the object classes for the entry.
Page 63 postOfficeBox The person’s post office box. preferredDeliveryMethod The person’s preferred method of contact or delivery. registeredAddress Postal address suitable for reception of expedited documents, where the recipient must verify delivery. seeAlso URL to information relevant to the person. State or province in which the person is located. (stateOrProvinceName) street Street address at which the person is located.
Page 64: Organizationalrole
organizationalRole Definition Used to define entries that represent roles held by people within an organization. This object class is defined in RFC 2256. Superior Class 2.5.6.8 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) The role’s common name. Allowed Attributes description Text description of the role.
Page 65 preferredDeliveryMethod Preferred method of contact or delivery of the person in the role. registeredAddress Postal address suitable for reception of expedited documents, where the recipient must verify delivery. roleOccupant Distinguished name of the person in the role. seeAlso URL to information relevant to the person in the role. State or province in which the person in the role is (stateOrProvinceName) located.
Page 66: Organizationalunit
organizationalUnit Definition Used to define entries that represent organizational units. An organizational unit is generally assumed to be a relatively static grouping within a larger organization. This object class is defined in RFC 2256. Superior Class 2.5.6.5 Required Attributes objectClass Defines the object classes for the entry.
Page 67 postOfficeBox The organizational unit’s post office box. preferredDeliveryMethod The organizational unit’s preferred method of contact or delivery. registeredAddress Postal address suitable for reception of expedited documents, where the recipient must verify delivery. searchGuide Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation.
Page 68: Person
person Definition Used to define entries that generically represent people. This object class is the base class for the organizationalPerson object class. This object class is defined in RFC 2256. Superior Class 2.5.6.6 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) The person’s common name.
Page 69: Pilotobject
pilotObject Definition Used as a subclass to allow additional attributes to be assigned to entries of all other object classes. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.3 Required Attributes objectClass Defines the object classes for the entry. Allowed Attributes audio Stores a sound file in binary format.
Page 70: Pilotorganization
pilotOrganization Definition Used as a subclass to allow additional attributes to be assigned to organization and organizationalUnit object class entries. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.20 Required Attributes objectClass Defines the object classes for the entry. o (organizationName) Organization to which the entry belongs.
Page 71 postalCode The postal code for this address (such as a United States zip code). postOfficeBox The pilot organization’s post office box. preferredDeliveryMethod The pilot organization’s preferred method of contact or delivery registeredAddress Postal address suitable for reception of expedited documents, where the recipient must verify delivery. searchGuide Specifies information for suggested search criteria when using the entry as the base object in the directory tree for...
Page 72: Residentialperson
residentialPerson Definition Used by the directory server to contain a person’s residential information. This object class is defined in RFC 2256. Superior Class 2.5.6.10 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) The person’s common name. l (localityName) Place in which the person resides.
Page 73 preferredDeliveryMethod The person’s preferred method of contact or delivery. registeredAddress Postal address suitable for reception of expedited documents, where the recipient must verify delivery. seeAlso URL to information relevant to the person. State or province in which the person resides. (stateOrProvinceName) street Street address at which the person is located.
Page 74: Rfc822Localpart
RFC822LocalPart Definition Used to define entries that represent the local part of RFC822 mail addresses. The directory treats this part of an RFC822 address as a domain. This object class is defined in Internet directory pilot. Superior Class domain 0.9.2342.19200300.100.4.14 Required Attributes objectClass Defines the object classes for the entry.
Page 75 postalAddress The local part’s mailing address. postalCode The postal code for this address (such as a United States zip code). preferredDeliveryMethod Local part’s preferred method of contact or delivery. registeredAddress Postal address suitable for reception of expediated documents, where the recipient must verify delivery. searchGuide Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search...
Page 76: Room
room Definition Used to store information in the directory about a room. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.7 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) Common name of the room. Allowed Attributes description Text description of the room.
Page 77: Strongauthenticationuser
strongAuthenticationUser Definition Used to store a user’s certificate entry in the directory. This object class is defined in RFC 2256. Superior Class 2.5.6.15 Required Attributes objectClass Defines the object classes for the entry. userCertificate Stores a user’s certificate, usually in binary form. Chapter 2 Object Class Reference...
Page 78: Simplesecurityobject
simpleSecurityObject Definition Used to allow an entry to contain the userPassword attribute when an entry's principal object classes do not allow userPassword as an attribute type. Reserved for future use. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.19 Required Attributes objectClass...
Page 79: Chapter 3 Attribute Reference
Chapter 3 Attribute Reference This chapter contains reference information about Netscape Directory Server (Directory Server) attributes. The attributes are listed in alphabetical order. abstract Definition Provides an abstract of a document entry. This attribute is defined in Internet White Pages Pilot. Syntax DirectoryString, multi-valued.
Page 80: Associateddomain
Syntax DN, single-valued. 2.5.4.1 associatedDomain Definition Specifies a DNS domain associated with an object in the directory tree. For example, the entry in the directory tree with a distinguished name "C=US, O=Example Corporation" would have an associated domain of "EC.US". Note that all domains should be represented in rfc822 order.
Page 81: Audio
0.9.2342.19200300.100.1.38 audio Definition Contains a sound file in binary format. The attribute uses a u-law encoded sound file. For example: audio:: AAAAAA== This attribute is defined in RFC 1274. Syntax Binary, multi-valued. 0.9.2342.19200300.100.1.55 authorCn Definition Contains the common name of the author of a document entry. For example: authorCn: Kacey This attribute is defined in Internet White Pages Pilot.
Page 82: Authorsn
authorSn Definition Contains the surname of the author of a document entry. For example: authorSn: Doe This attribute is defined in Internet White Pages Pilot. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.102.1.12 authorityRevocationList Definition Contains a list of CA certificates that have been revoked. This attribute is to be stored and requested in the binary form, as ‘authorityRevocationList ;binary’.
Page 83: Businesscategory
buildingName: 14 This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.48 businessCategory Definition Identifies the type of business in which the entry is engaged. This should be a broad generalization such as is made at the corporate division level. For example: businessCategory: Engineering This attribute is defined in RFC 2256.
Page 84: Cacertificate
Syntax DirectoryString, single-valued. 2.5.4.6 cACertificate Definition Contains the CA’s certificate. This attribute is to be stored and requested in the binary form, as ‘cACertificate;binary’. For example: cacertificate;binary:: AAAAAA== This attribute is defined in RFC 2256. Syntax Binary, multi-valued. 2.5.4.37 carLicense Definition Identifies the entry’s automobile license plate number.
Page 85: Certificaterevocationlist
certificateRevocationList Definition Contains a list of revoked user certificates. This attribute is to be stored and requested in the binary form, as ‘certificateRevocationList;binary’. For example: certificateRevocationList;binary:: AAAAAA== This attribute is defined in RFC 2256. Syntax Binary, multi-valued. 2.5.4.39 cn (commonName) Definition Identifies the name of an object in the directory.
Page 86: Co (Friendlycountryname)
2.5.4.3 co (friendlyCountryName) Definition Contains the name of a country. Often, the country attribute is used to describe a two-character code for a country, and the friendlyCountryName attribute is used to describe the actual country name. For example: friendlyCountryName: Ireland co: Ireland This attribute is defined in RFC 1274.
Page 87: Cosindirectspecifier
cosIndirectSpecifier Description Specifies the attribute values used by an indirect CoS to identify the template entry. This attribute is defined in Directory Server. Syntax DirectoryString, single-valued. 2.16.840.1.113730.3.1.577 cosPriority Definition Specifies which template provides the attribute value, when CoS templates compete to provide an attribute value. This attribute represents the global priority of a particular template.
Page 88: Costargettree
2.16.840.1.113730.3.1.551 cosTargetTree Definition Determines the subtrees of the DIT to which the CoS schema applies. The values for this attribute for the schema and for multiple CoS schema may overlap their target trees in an arbitrary fashion. This attribute is defined in Directory Server. Syntax DirectoryString, single-valued.
Page 89: Dc (Domaincomponent)
For example: crosscertificatepair;binary:: AAAAAA== This attribute is defined in RFC 2256. Syntax Binary, multi-valued. 2.5.4.40 dc (domainComponent) Definition Specifies one component of a domain name. For example: domainComponent: example dc: example This attribute is defined in RFC 2247. Syntax DirectoryString, single-valued. 0.9.2342.19200300.100.1.25 deltaRevocationList Definition...
Page 90: Departmentnumber
2.5.4.53 departmentNumber Definition Identifies the entry’s department number. For example: departmentNumber: 2604 This attribute is defined in RFC 2798. Syntax DirectoryString, multi-valued. 2.16.840.1.113730.3.1.2 description Definition Provides a human-readable description of the object. For people and organizations this often includes their role or work assignment. For example: description: Quality control inspector for the ME2873 product line This attribute is defined in RFC 2256.
Page 91: Destinationindicator
destinationIndicator Definition The country and city associated with the entry needed to provide Public Telegram Service. Generally used in conjunction with registeredAddress. For example: destinationIndicator: Stow, Ohio, USA This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.27 displayName Definition Preferred name of a person to be used when displaying entries.
Page 92: Ditredirect
dITRedirect Definition Used to indicate that the object described by one entry now has a newer entry in the directory tree. This attribute may be used when an individual’s place of work changes, and the individual acquires a new organizational DN. For example: ditRedirect: cn=jdoe, o=example.com This attribute is defined in RFC 1274.
Page 93: Dnsrecord
This attribute is defined in RFC 2256. Syntax 2.5.4.49 dNSRecord Definition Specifies DNS resource records, including type A (Address), type MX (Mail Exchange), type NS (Name Server), and type SOA (Start Of Authority) resource records. For example: dNSRecord: IN NS ns.uu.net This attribute is defined in Internet directory pilot.
Page 94: Documentidentifier
0.9.2342.19200300.100.1.14 documentIdentifier Definition Specifies a unique identifier for a document. For example: documentIdentifier: L3204REV1 This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.11 documentLocation Definition Defines the location of the original copy of a document entry. For example: documentLocation: Department Library This attribute is defined in RFC 1274.
Page 95: Documentpublisher
documentPublisher Definition The person and/or organization that published a document. For example: documentPublisher: Southeastern Publishing This attribute is defined in RFC 1274. Syntax DirectoryString, single-valued. 0.9.2342.19200300.100.1.56 documentStore Definition Defines the *** of a document. For example: documentStore: This attribute is defined in Internet White Pages Pilot. Syntax DirectoryString, multi-valued.
Page 96: Documentversion
This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.12 documentVersion Definition Defines the version of a document entry. For example: documentVersion: 1.1 This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.13 drink (favouriteDrink) Definition Describes the favorite drink of a person entry. For example: drink: soda favouriteDrink: soda...
Page 97: Dsaquality
0.9.2342.19200300.100.1.5 dSAQuality Definition Specifies the purported quality of a DSA. This attribute allows a DSA manager to indicate the expected level of availability of the DSA. For example: dSAQuality: high This attribute is defined in RFC 1274. Syntax DirectoryString, single-valued. 0.9.2342.19200300.100.1.49 employeeNumber Definition...
Page 98: Employeetype
employeeType Definition Identifies the entry’s type of employment. For example: employeeType: Full time This attribute is defined in RFC 2798. Syntax DirectoryString, multi-valued. 2.16.840.1.113730.3.1.4 enhancedSearchGuide Definition Used by X.500 clients when construcing search filters. For example: enhancedSearchGuide: (uid=mhughes) This attribute is defined in RFC 2798. Syntax DirectoryString, multi-valued.
Page 99: Generationqualifier
fax: +1 415 555 1212 This attribute is defined in RFC 2256. Syntax TelephoneNumber, multi-valued. 2.5.4.23 generationQualifier Definition Contains the generation Qualifier part of the name, typically appearing in the suffix. For example: generationqualifier:III This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued.
Page 100: Homephone
2.5.4.42 homePhone Definition Identifies the entry’s home phone number. For example: homeTelephoneNumber: 415-555-1212 homePhone: 415-555-1234 This attribute is defined in RFC 1274. Syntax TelephoneNumber, multi-valued. 0.9.2342.19200300.100.1.20 homePostalAddress Definition Identifies the entry’s home mailing address. This field is intended to include multiple lines, but each line within the entry should be separated by a dollar sign ($).
Page 101: Host
This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.39 host Definition Defines the hostname of a computer. For example: host: mozilla This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.9 houseIdentifier Definition Identifes a building in a location. For example: houseIdentifier: B105 This attribute is defined in RFC 2256.
Page 102: Info
info Definition Specifies any general information pertinent to an object. It is recommended that specific usage of this attribute type is avoided, and that specific requirements are met by other (possibly additional) attribute types. For example: info: not valid This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued.
Page 103: Janetmailbox
This attribute is defined in RFC 2256. Syntax IA5String, multi-valued. 2.5.4.25 janetMailbox Definition Specifies an email address. This attribute is intended for the convenience of U.K. users unfamiliar with rfc822 mail addresses. Entries using this attribute must also include an rfc822Mailbox attribute. This attribute is defined in RFC 1274.
Page 104: Keywords
keyWords Definition Contains keywords for the entry. For example: keyWords: directory LDAP X.500 This attribute is defined in Internet White Pages Pilot. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.102.1.7 knowledgeInformation Definition This attribute is no longer used. This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued.
Page 105: Labeleduri
l: Santa Clara This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.7 labeledURI Definition Specifies a Uniform Resource Identifier (URI) that is relevant in some way to the entry. Values placed in the attribute should consist of a URI (currently only URLs are supported) optionally followed by one or more space characters and a label.
Page 106: Lastmodifiedtime
Syntax DN, multi-valued. 0.9.2342.19200300.100.1.24 lastModifiedTime Definition Defines the last time, in UTC format, that a change was made to the entry. For example: lastModifiedTime: Thursday, 22-Sep-93 14:15:00 GMT This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.23 mail Definition Identifies a user’s primary email address (the email address retrieved and displayed by “white-pages”...
Page 107: Mailpreferenceoption
mailPreferenceOption Definition Not used in Netscape Messaging Server 4.0. Indicates a preference for inclusion of user names on mailing lists (electronic or physical). Accepted values include: • 0: user doesn’t want to be included in mailing lists. • 1: user consents to be added to any mailing list. •...
Page 108: Member
0.9.2342.19200300.100.1.10 member Definition Identifies the distinguished names for each member of the group. For example: member: cn=John Doe, o=example.com This attribute is defined in RFC 2256. Syntax DN, multi-valued. 2.5.4.31 memberCertificateDescription Definition This attribute is a multivalued attribute, where each value is a description, a pattern, or a filter matching the subject DN of a certificate (usually certificates used for SSL client authentication).
Page 109: Memberurl
In order to be considered a member of a group with the following memberCertificateDescription, a certificate would need to include ou=x, ou=A, and o=example, but not o=company. memberCertificateDescription: {ou=x, ou=A, o=company, o=example} In order to match the group’s requirements, a certificate’s subject DNs must contain the same ou attribute types in the same order as defined in the memberCertificateDescription attribute.
Page 110: Name
mobileTelephoneNumber: 415-555-4321 This attribute is defined in RFC 1274. Syntax TelephoneNumber, multi-valued. 0.9.2342.19200300.100.1.41 name Definition Identifies the attribute supertype from which string attribute types used for naming may be formed. It is unlikely that values of this type will occur in an entry. LDAP server implementations that do not support attribute subtyping do not need to recognize this attribute in requests.
Page 111: Nslicenseendtime
For example: nsLicensedFor: slapd This attribute is defined in Netscape Administration Services. Syntax DirectoryString, multi-valued. 2.16.840.1.113730.3.1.36 nsLicenseEndTime Definition Reserved for future use. This attribute is defined in Netscape Administration Services. Syntax DirectoryString, multi-valued. 2.16.840.1.113730.3.1.38 nsLicenseStartTime Definition Reserved for future use. This attribute is defined in Netscape Administration Services.
Page 112: O (Organizationname)
o (organizationName) Definition Identifies the name of the organization. For example: organizationName: Example Corporation, Inc. o: Example Corporation, Inc This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.10 objectClass Definition Specifies the object classes of the object. Must include the object. For example: objectClass: person This attribute is defined in RFC 2256.
Page 113: Obsoletesdocument
This attribute is defined in Internet White Pages Pilot. Syntax DN, multi-valued. 0.9.2342.19200300.102.1.4 obsoletesDocument Definition Contains the distinguished name of a document that is obsoleted by the document entry. This attribute is defined in Internet White Pages Pilot. Syntax DN, multi-valued. 0.9.2342.19200300.102.1.3 organizationalStatus Definition...
Page 114: Othermailbox
otherMailbox Definition Specifies values for electronic mailbox types other than X.400 and rfc822. For example: otherMailbox: internet $ jdoe@example.com This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.22 ou (organizationUnitName) Definition Identifies the name of an organizational unit. For example: organizationUnitName: Marketing ou: Marketing...
Page 115: Pager
For example: owner: cn=John Smith, o=Example Corporation, c=US This attribute is defined in RFC 2256. Syntax DN, multi-valued. 2.5.4.32 pager Definition Identifies the entry’s pager phone number. Abbreviation: pager. For example: pagerTelephoneNumber: 415-555-6789 pager: 415-555-6789 This attribute is defined in RFC 1274. Syntax TelephoneNumber, multi-valued.
Page 116: Personaltitle
Syntax Binary, multi-valued. 0.9.2342.19200300.100.1.53 personalTitle Definition Specifies a personal title for a person. Examples of personal titles are "Ms", "Dr", "Prof" and "Rev". For example: personalTitle: Mr This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.40 photo Definition Contains a photo, in binary form, of the entry.
Page 117: Physicaldeliveryofficename
physicalDeliveryOfficeName Definition Identifies the name of the city or village in which a physical delivery office is located. For example: physicalDeliveryOfficeName: Santa Clara This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.19 postalAddress Definition Identifies the entry’s mailing address. This field is intended to include multiple lines.
Page 118: Postalcode
postalCode Definition Identifies the entry’s zip code in the United States. For example: postalCode: 44224 This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.17 postOfficeBox Definition Specifies a postal mailing address. For example: postOfficeBox: 1234 This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued.
Page 119: Preferredlanguage
This attribute is defined in RFC 2256. Syntax DirectoryString, single-valued. 2.5.4.28 preferredLanguage Definition Defines a person’s preferred written or spoken language. The value for this attribute should conform to the syntax for HTTP Accept-Language header values. This attribute is defined in RFC 2798. Syntax DirectoryString, single-valued.
Page 120: Protocolinformation
protocolInformation Definition Used in conjunction with the presentationAddress attribute to provide additional information to the OSO network service. This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.48 Description Used in LDAPv3 to support smart referrals. Contains an LDAP URL in the format: ldap://<servername>:<portnumber>/<dn>...
Page 121: Roleoccupant
Syntax DirectoryString, multi-valued. 2.5.4.26 roleOccupant Definition Contains the distinguished name of the person acting in the role defined in the organizationalRole entry. For example: roleOccupant: cn=jdoe, o=example.com This attribute is defined in RFC 2256. Syntax DN, multi-valued. 2.5.4.33 roomNumber Definition Specifies the room number of an object.
Page 122: Searchguide
searchGuide Definition Specifies information for a suggested search criteria when using the entry as the base object in the directory tree for a search operation. When constructing search filters, use enhancedSearchGuide instead. This attribute is defined in RFC 2256. Syntax IA5String, multi-valued.
Page 123: Serialnumber
seeAlso: cn=Quality Control Inspectors,ou=manufacturing,o=example.com This attribute is defined in RFC 2256. Syntax DN, multi-valued. 2.5.4.34 serialNumber Definition Specifies the serial number of a device. For example: serialNumber: 555-1234-AZ This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.5 singleLevelQuality Definition Specifies the purported data quality at the level immediately below in the DIT.
Page 124: Sn (Surname)
sn (surname) Definition Identifies the entry’s surname, also referred to as last name or family name. For example: surname: Anderson sn: Anderson This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.4 st (stateOrProvinceName) Definition Identifies the state or province in which the entry resides. Abbreviation: st. For example: stateOrProvinceName: California st: California...
Page 125: Street
street Definition Identifies the entry’s house number and street name. For example: streetAddress: 1234 Ridgeway Drive street: 1234 Ridgeway Drive This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.9 subject Definition Contains information about the subject matter of the document entry. For example: subject: employee option grants This attribute is defined in Internet White Pages Pilot.
Page 126: Subtreeminimumquality
This attribute is defined in RFC 1274. Syntax DirectoryString, single-valued. 0.9.2342.19200300.100.1.52 subtreeMinimumQuality Definition Specifies the purported minimum data quality for a DIT subtree. This attribute is defined in RFC 1274. Syntax DirectoryString, single-valued. 0.9.2342.19200300.100.1.51 supportedAlgorithms Definition This attribute is to be stored and requested in the binary form, as ‘supportedAlgorithms;binary’.
Page 127: Supportedapplicationcontext
supportedApplicationContext Definition This attribute contains the identifiers of OSI application contexts. This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.30 telephoneNumber Definition Identifies the entry’s phone number. For example: telephoneNumber: 415-555-2233 This attribute is defined in RFC 2256. Syntax TelephoneNumber, multi-valued.
Page 128: Telexnumber
In the above, the first printable string is the encoding of the first portion of the teletex terminal identifier to be encoded, and the subsequent 0 or more octetstrings are subsequent portions of the teletex terminal identifier. This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued.
Page 129: Title
textEncodedORAddress: /S=doe/OU=eng/O=example/ADMD=telemail/C=us/ This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.2 title Definition Identifies the title of a person in the organization. For example: title: Senior QC Inspector This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.12 ttl (timeToLive) Definition...
Page 130: Uid (Userid)
Syntax DirectoryString, multi-valued. 1.3.6.1.4.1.250.1.60 uid (userID) Definition Identifies the entry’s userid (usually the logon ID). Abbreviation: uid. For example: userid: banderson uid: banderson This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.1 uniqueIdentifier Definition Identifies a specific item used to distinguish between two entries when a distinguished name has been reused.
Page 131: Uniquemember
0.9.2342.19200300.100.1.44 uniqueMember Definition Identifies a group of names associated with an entry where each name was given a uniqueIdentifier to ensure its uniqueness. A value for the uniqueMember attribute is a DN followed by the uniqueIdentifier. This attribute is defined in RFC 2256. Syntax DN, multi-valued.
Page 132: Usercertificate
This attribute is defined in Internet White Pages Pilot. Syntax DN, multi-valued. 0.9.2342.19200300.102.1.5 userCertificate Definition This attribute is to be stored and requested in the binary form, as ‘userCertificate;binary’. For example: userCertificate;binary:: AAAAAA== This attribute is defined in RFC 2256. Syntax Binary, multi-valued.
Page 133: Userpassword
0.9.2342.19200300.100.1.8 userPassword Definition Identifies the entry’s password and encryption method in the following format: {encryption method}encrypted password Transfer of cleartext passwords is strongly discouraged where the underlying transport service cannot guarantee confidentiality. Transfer of cleartext may result in disclosure of the password to unauthorized parties. For example: userPassword: {sha}FTSLQhxXpA05 This attribute is defined in RFC 2256.
Page 134: Usersmimecertificate
userSMIMECertificate Definition Used by Netscape Communicator for S/MIME. This attribute is to be stored and requested in the binary form, as ‘userSMIMECertificte;binary’. For example: userSMIMECertificate;binary:: AAAAAA== This attribute is defined in RFC 2798. Syntax Binary, multi-valued. 2.16.840.1.113730.3.1.40 x121Address Definition Defines the X.121 address of a person. This attribute is defined in RFC 2256.
Page 135 Syntax Binary, multi-valued. 2.5.4.45 Chapter 3 Attribute Reference...
Page 136 Netscape Directory Server Schema Reference • January 2002...
Page 137: Chapter 4 Operational Attributes, Special Attributes, And Special Object Classes
Chapter 4 Operational Attributes, Special Attributes, and Special Object Classes This chapter describes operational attributes used by Netscape Directory Server (Directory Server). Operational attributes are available for use on every entry in the directory, regardless of whether they are defined for the object class of the entry. Operational attributes are only returned in an operation if specifically ldapsearch...
Page 138: Aci
Operational Attributes Syntax DirectoryString, multi-valued 2.16.840.1.113730.3.1.95 Definition Used by the directory server to evaluate what rights are granted or denied when it receives an LDAP request from a client. This attribute is defined in Directory Server. Syntax IA5String, multi-valued 2.16.840.1.113730.3.1.55 altServer Definition The values of this attribute are URLs of other servers which may be contacted...
Page 139: Attributetypes
Operational Attributes attributeTypes Definition Multi-valued attribute that specifies the attribute types used within a subschema. Each value describes a single attribute. This attribute is defined in RFC 2252. Syntax DirectoryString, multi-valued. 2.5.21.5 copiedFrom Definition Used by read-only replica to recognize master data source. Contains a reference to the server that holds the master data.
Page 140: Ditcontentrules
Operational Attributes Syntax DirectoryString, single-valued. 2.16.840.1.113730.3.1.614 dITContentRules Definition Multi-valued attribute that defines the DIT content rules which are in force within a subschema. Each value defines one DIT content rule. Each value is tagged by the object identifier of the structural object class to which it pertains. This attribute is defined in RFC 2252.
Page 141: Ldapsyntaxes
Operational Attributes ldapSyntaxes Definition This attribute identifies the syntaxes implemented, with each value corresponding to one syntax. This attribute is defined in RFC 2252. Syntax DirectoryString, multi-valued. 1.3.6.1.4.1.1466.101.120.16 matchingRules Definition Multi-valued attribute that defines the matching rules used within a subschema. Each value defines one matching rule.
Page 142: Nameforms
Operational Attributes 2.5.21.8 nameForms Definition Multi-valued attribute that defines the name forms used in a subschema. Each value defines one name form. This attribute is defined in RFC 2252. Syntax DirectoryString, multi-valued. 2.5.21.7 namingContexts Definition Corresponds to a naming context the server is mastering or shadowing. When the directory server does not master any information (for example, it is an LDAP gateway to a public X.500 directory), this attribute is absent.
Page 143: Nsds5Replconflict
Operational Attributes nsds5replconflict Definition This attribute is a conflict marker attribute. It is included on entries that have a change conflict that cannot be resolved automatically by the replication process. This attribute is defined in Directory Server. Syntax DirectoryString, multi-valued. 2.16.840.1.113730.3.1.973 nsRole Definition...
Page 144: Numsubordinates
Operational Attributes dn: cn=staff,o=Netscape,o=example.com objectclass: LDAPsubentry objectclass: nsRoleDefinition objectclass: nsSimpleRoleDefinition objectclass: nsManagedRoleDefinition dn: cn=userA,ou=users,o=Netscape,o=example.com objectclass: top objectclass: person sn: uA userpassword: secret nsroledn: cn=staff,o=Netscape,o=example.com A nested role specifies containment of one or more roles of any type. In that case, nsRoleDN defines the DN of the contained roles.
Page 145: Objectclasses
Operational Attributes 1.3.1.1.4.1.453.16.2.103 objectClasses Definition Multi-valued attribute that defines the object classes used in a subschema. Each value defines one object class. This attribute is defined in RFC 2252. Syntax DirectoryString, multi-valued. 2.5.21.6 passwordAllowChangeTime Definition Used to specify the length of time that must pass before the user is allowed to change their password.
Page 146: Passwordexpwarned
Operational Attributes Syntax GeneralizedTime, multi-valued. 2.16.840.1.113730.3.1.91 passwordExpWarned Definition Used to indicate that a password expiration warning has been sent to the user. This attribute is defined in Directory Server. Syntax DirectoryString, multi-valued. 2.16.840.1.113730.3.1.92 passwordHistory Definition Contains the history of the user’s previous passwords. This attribute is defined in Directory Server.
Page 147: Retrycountresettime
Operational Attributes This attribute is defined in Directory Server. Syntax DirectoryString, multi-valued. 2.16.840.1.113730.3.1.93 retryCountResetTime Definition Specifies the length of time that passes before the passwordRetryCount is reset. This attribute is defined in Directory Server. Syntax DirectoryString, multi-valued. 2.16.840.1.113730.3.1.94 subschemaSubentry Definition DN of an entry that contains schema information.
Page 148: Supportedcontrol
Operational Attributes supportedControl Definition The values of this attribute are the object identifiers (OIDs) that identify the controls supported by the server. When the server does not support controls, this attribute is absent. This attribute is defined in RFC 2252. Syntax DirectoryString, multi-valued.
Page 149: Supportedsaslmechanisms
Special Attributes 1.3.6.1.4.1.1466.101.120.15 supportedSASLMechanisms Definition Identifies the names of supported SASL mechanisms supported by the server. When the server does not support SASL attributes, this attribute is absent. This attribute is defined in RFC 2252. Syntax DirectoryString, multi-valued. 1.3.6.1.4.1.1466.101.120.14 Special Attributes changes Description For add and modify operations, contains the changes made to the entry, in LDIF...
Page 150: Changelog
Special Attributes changeLog Description The distinguished name of the entry which contains the set of entries comprising the servers changelog. This attribute is defined in Changelog Internet Draft. Syntax DN, multi-valued. 2.16.840.1.113730.3.1.35 changeNumber Description This single-valued attribute is always present. It contains an integer which uniquely identifies each change made to a directory entry.
Page 151: Changetype
Special Attributes 2.16.840.1.113730.3.1.77 changeType Description Specifies the type of LDAP operation. This attribute can have one of the following values: add, delete, modify, or modrdn. For example: changeType: modify This attribute is defined in Changelog Internet Draft. Syntax DirectoryString, multi-valued. 2.16.840.1.113730.3.1.7 deleteOldRdn Description...
Page 152: Newsuperior
Special Attributes This attribute is defined in Changelog Internet Draft. Syntax DN, multi-valued. 2.16.840.1.113730.3.1.9 newSuperior Description In the case of operations, specifies the attribute of the entry. modrdn newSuperior This attribute is defined in Changelog Internet Draft. Syntax DN, multi-valued. 2.16.840.1.113730.3.1.11 targetDn Description...
Page 153: Special Object Classes
Special Object Classes Special Object Classes changeLogEntry Definition Used to represent changes made to the directory server. You can configure Directory Server 6.0 to maintain a change log that is compatible with the change log implemented in Directory Server 4.1, 4.1, 4.11, 4.12, and 4.13 by enabling the retro change log plug-in.
Page 154: Passwordobject
Special Object Classes newSuperior Name of the entry that becomes the immediate superior of the existing entry, when processing a modDN operation. passwordObject Definition Stores password information for a user in the directory. This object class is defined in Directory Server. Superior Class 2.16.840.1.113730.3.2.12 Required Attributes...
Page 155: Subschema
Special Object Classes subschema Definition An auxilary object class subentry used to administer the subschema for the subschema administrative area. It holds the operational attributes representing the policy parameters used to express the subschema. This object class is defined in RFC 2252. Superior Class 2.5.20.1 Required Attributes...
Page 156 Special Object Classes Netscape Directory Server Schema Reference • January 2002...
Page 157: Index
Index SYMBOLS ( 92 c attribute 83 cACertificate attribute 84 carLicense attribute 84 certificateRevocationList attribute 85 changeLog attribute 150 changeLogEntry object class 153 abstract attribute 79 changeNumber attribute 150 account object class 22 changes attribute 149 accountUnlockTime operational attribute 137 changeTime attribute 150 aci operational attribute 138 changeType attribute 151...
Page 158 countryName attribute, See c attribute crossCertificatePair attribute 88 employeeNumber attribute 97 employeeType attribute 98 enhancedSearchGuide attribute 98 dc attribute 89 dcObject object class 31 deleteOldRdn attribute 151 facsimileTelephoneNumber attribute, See fax deltaRevocationList attribute 89 attribute departmentNumber attribute 90 favouriteDrink attribute, See drink attribute description attribute 90 fax attribute 98 destinationIndicator attribute 91...
Page 159 memberCertificateDescription attribute 108 memberURL attribute 109 inetOrgPerson object class 46 mobile attribute 109 info attribute 102 mobileTelephoneNumber attribute, See mobile initials attribute 102 attribute internationalISDNNumber attribute 102 name attribute 110 janetMailbox attribute 103 nameForms operational attribute 142 jpegPhoto attribute 103 namingContexts operational attribute 142 newPilotPerson object class 51 newRdn attribute 151...
Page 160 organizationalRole object class 64 residentialPerson object class 72 organizationalStatus attribute 113 retryCountResetTime operational attribute 147 organizationalUnit object class 66 RFC822LocalPart object class 74 organizationalUnitName attribute, See ou attribute roleOccupant attribute 121 organizationName attribute, See o attribute room object class 76 otherMailbox attribute 114 roomNumber attribute 121 ou attribute 114...
Page 161 targetDn attribute 152 telephoneNumber attribute 127 teletexTerminalIdentifier attribute 127 telexNumber attribute 128 textEncodedORAddress attribute 128 timeToLive attribute, See ttl attribute title attribute 129 ttl attribute 129 uid attribute 130 uniqueIdentifier attribute 130 uniqueMember attribute 131 updatedByDocument attribute 131 updatesDocument attribute 131 userCertificate attribute 132 userClass attribute 132 userId attribute, See uid attribute...
Page 162 Netscape Directory Server Schema Reference • January 2002...

Netscape DIRECTORY SERVER 6.01 - SCHEMA Reference

Chapter 1 About Schema

Chapter 2 Object Class Reference

Chapter 3 Attribute Reference

Chapter 4 Operational Attributes, Special Attributes, and Special Object Classes

Index

Quick Links

Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 6.01 - SCHEMA

Summary of Contents for Netscape NETSCAPE DIRECTORY SERVER 6.01 - SCHEMA

Table of Contents