Page 1 Schema Reference Netscape Directory Server Version 6.2 December 2003...
Page 2 Netscape Communications Corporation ("Netscape") and its licensors retain all ownership rights to the software programs offered by Netscape (referred to herein as "Software") and related documentation. Use of the Software and related documentation is governed by the license agreement for the Software and applicable copyright law.
Page 3: Table Of Contents
Contents Purpose of This Guide ..............11 Directory Server Overview .
Page 4 dcObject ................35 device .
Page 5 authorCn ................85 authorSn .
Page 6 homePhone ................104 homePostalAddress .
Page 7 preferredDeliveryMethod ............. . 123 preferredLanguage .
Page 8 aci ................. . . 142 altServer .
Page 9 supportedExtension ..............160 supportedLDAPVersion .
Page 10 Netscape Directory Server Schema Reference • December 2003...
Page 11: Purpose Of This Guide
About This Reference Guide Netscape Directory Server (Directory Server) 6.x is a powerful and scalable distributed directory server based on the industry-standard Lightweight Directory Access Protocol (LDAP). Directory Server is the cornerstone for building a centralized and distributed data repository that can be used in your intranet, over your extranet with your trading partners, or over the public Internet to reach your customers.
Page 12: Directory Server Overview
Directory Server Overview Directory Server Overview The major components of Directory Server include: • An LDAP server—The core of the directory service, provided by the ns-slapd daemon, and compliant with the LDAP v3 Internet standards. • Directory Server Console—An improved management console that dramatically reduces the effort of setting up and maintaining your directory service.
Page 13: Prerequisite Reading
Prerequisite Reading Prerequisite Reading This guide describes the standard schema and the standard object classes and attributes. However, this guide does not describe how to design, customize or maintain your schema, nor does it give any information on replication. Those concepts are described in the Netscape Directory Server Deployment Guide.
Page 14: Related Information
Related Information In examples/sample code, paths assume that the Directory Server is installed in the default location . If you have installed your /usr/netscape/servers Directory Server in a different location, adapt the paths accordingly. Also, all examples use for the server identifier where appropriate. phonebook Related Information The document set for Directory Server also contains the following guides:...
Page 15: Chapter 1 About Schema
Chapter 1 About Schema This chapter provides an overview of some of the basic concepts of the directory schema, and lists the files in which the schema is described. It describes object classes, attributes and object identifiers (OIDs), and briefly discusses extending server schema and schema checking.
Page 16: Object Classes
Schema Definition Object Classes In LDAP, an object class defines the set of attributes that can be used to define an entry. The LDAP standard provides some basic types of object classes, including: • Groups, including unordered lists of individual objects or groups of objects. •...
Page 17: Attributes
Schema Definition The server’s object class structure determines the list of required and allowed attributes for a particular entry. For example, a person entry is usually defined with the following object class structure: objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgperson In this structure, the inherits from the inetOrgperson...
Page 18 Schema Definition Table 1-1 Attribute Syntax Syntax Method Definition Binary 1.3.6.1.4.1.1466.115.121.1.5 Indicates that values for this attribute are binary Boolean 1.3.6.1.4.1.1466.115.121.1.7 Indicates that this attribute has one of only two values: True or False Country String 1.3.6.1.4.1.1466.115.121.1.11 Indicates that values for this attribute are limited to exactly two printable string characters, for example US 1.3.6.1.4.1.1466.115.121.1.12...
Page 19: Single-Valued And Multi-Valued Attributes
Schema Supported by Directory Server 6.x Table 1-1 Attribute Syntax (Continued) Syntax Method Definition Indicates that the values for this attribute are in the form of a URL, introduced by a string such as http://, https://, ftp://, ldap://, and ldaps://. The URI has the same behavior as IA5String.
Page 20 Schema Supported by Directory Server 6.x Table 1-2 Schema Files used by Directory Server Schema Filename Purpose 00core.ldif Recommended core schema from the X.500 and LDAP standards (RFCs), and schema used by the Directory Server itself. 05rfc2247.ldif Schema from RFC 2247 and related pilot schema “Using Domains in LDAP/X.500 Distinguished Names.”...
Page 21: Object Identifiers (Oids)
Object Identifiers (OIDs) Table 1-3 Schema Files used by other Netscape Products (Continued) Schema Filenames Purpose 50ns-certificate.ldif Schema for Netscape Certificate Management System. 50ns-compass.ldif Schema for the Netscape Compass Server. 50ns-delegated-admin.ldif Schema for Netscape Delegated Administrator 4.5. 50ns-legacy.ldif Legacy Netscape Schema. 50ns-mail.ldif Schema for Netscape Messaging Server.
Page 22: Extending Server Schema
Extending Server Schema The base OID for the Directory Server is 2.16.840.1.113730.3 All Netscape-defined attributes have the base OID of 2.16.840.1.113370.3.1 All Netscape-defined object classes have the base OID of 2.16.840.1.113730.3.2 For more information about OIDs or to request a prefix for your enterprise, please go to the Internet Assigned Number Authority (IANA) web site at http://www.iana.org/ Extending Server Schema...
Page 23 Schema Checking Schema checking also occurs when importing a database using LDIF. For more information, refer to the Netscape Directory Server Administrator’s Guide. Chapter 1 About Schema...
Page 24 Schema Checking Netscape Directory Server Schema Reference • December 2003...
Page 25: Chapter 2 Object Class Reference
Chapter 2 Object Class Reference This chapter contains an alphabetical list of the object classes accepted by the default schema. It gives a definition of each object class, and lists its required and allowed attributes. The object classes listed in this chapter are available for you to use to support your own information in the Netscape Directory Server (Directory Server).
Page 26: Account
account Definition Used to define entries representing computer accounts. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.5 Required Attributes objectClass Defines the object classes for the entry. uid (userID) Identifies the account’s user ID. Allowed Attributes description Text description of the entry.
Page 27: Alias
alias Definition Used to point to other entries in the directory tree. Note: Aliasing is not supported in Directory Server. This object class is defined in RFC 2256. Superior Class 2.5.6.1 Required Attributes objectClass Defines the object classes for the entry. aliasedObjectName Distinguished name of the entry for which this entry is an alias.
Page 28: Cosclassicdefinition
cosClassicDefinition Definition Identifies the template entry using both the template entry’s DN (as specified in attribute) and the value of one of the target entry’s attributes cosTemplateDn (as specified in the attribute). cosSpecifier This object class is defined in Directory Server. Superior Class cosSuperDefinition 2.16.840.1.113730.3.2.100...
Page 29: Cosdefinition
cosDefinition Definition Defines the Class of Services you are using. This object class is supported in order to provide compatibility with the DS4.1 CoS Plug-in. This object class is defined in Directory Server. Superior Class 2.16.840.1.113730.3.2.84 Required Attributes objectClass Defines the object classes for the entry. Allowed Attributes Evaluates what rights are granted or denied when the Directory Server receives an LDAP request from...
Page 30: Cosindirectdefinition
cosIndirectDefinition Definition Identifies the template entry using the value of one of the target entry’s attributes. The attribute of the target entry is specified in the cosIndirectSpecifier attribute. This object class is defined in Directory Server. Superior Class cosSuperDefinition 2.16.840.1.113730.3.2.102 Required Attributes objectClass Defines the object classes for the entry.
Page 31: Cospointerdefinition
cosPointerDefinition Definition Identifies the template entry associated with the CoS definition using the template entry’s DN value. The DN of the template entry is specified in the cosTemplateDn attribute. This object class is defined in Directory Server. Superior Class cosSuperDefinition 2.16.840.1.113730.3.2.101 Required Attributes objectClass...
Page 32: Cossuperdefinition
cosSuperDefinition Definition All CoS definition object classes inherit from the object cosSuperDefinition class. This object class is defined in Directory Server. Superior Class ldapSubEntry 2.16.840.1.113730.3.2.99 Required Attributes objectClass Defines the object classes for the entry. cosAttribute Provides the name of the attribute for which you want to generate a value.
Page 33: Costemplate
cosTemplate Definition Contains a list of the shared attribute values. This object class is defined in Directory Server. Superior Class 2.16.840.1.113730.3.2.128 Required Attributes objectClass Defines the object classes for the entry. Allowed Attributes cn (commonName) Common name of the entry. cosPriority Specifies which template provides the attribute value, when CoS templates compete to provide an...
Page 34: Country
country Definition Used to defines entries that represent countries. This object class is defined in RFC 2256. Superior Class 2.5.6.2 Required Attributes objectClass Defines the object classes for the entry. c (countryName) Contains the two-character code representing country names, as defined by ISO, in the directory. Allowed Attributes description Text description of the country.
Page 35: Dcobject
dcObject Definition Allows domain components to be defined for an entry. This object class is defined as auxiliary because it is commonly used in combination with another object class, such as (organization), ou (organizationUnitName) (organizationalUnit), or l (localityName) (locality). For example: dn: dc=example,dc=com objectClass: top objectClass: organization...
Page 36: Device
device Definition Used to store information about network devices, such as printers, in the directory. This object class is defined in RFC 2256. Superior Class 2.5.6.14 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) Common name of the device. Allowed Attributes description Text description of the device.
Page 37: Document
document Definition Used to define entries which represent documents in the directory. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.6 Required Attributes objectClass Defines the object classes for the entry. documentIdentifier Unique identifier for a document. Allowed Attributes abstract Abstract of the document.
Page 38 keyWords Keywords that describe the document. l (localityName) Place in which the document is located. lastModifiedBy Distinguished name of the last user to modify the document. lastModifiedTime Last time the document was modified. manager Distinguished name of the object’s manager. o (organizationName) Organization to which the document belongs.
Page 39: Documentseries
documentSeries Definition Used to define an entry that represents a series of documents. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.9 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) The common name of the series. Allowed Attributes description Text description of the series.
Page 40: Domain
domain Definition Used to define entries that represent DNS domains in the directory. The domainComponent attribute should be used for naming entries of this object class. Used to represent Internet domain names (for example, example.com The domain object class can only be used with an entry that does not correspond to an organization, organizational unit or other type of object for which an object class has been defined.
Page 41 o (organizationName) Organization to which the domain belongs. physicalDeliveryOfficeName Location where physical deliveries can be made. postOfficeBox Domain’s post office box. postalAddress Domain’s mailing address. postalCode The postal code for this address (such as a United States zip code). preferredDeliveryMethod Domain’s preferred method of contact or delivery.
Page 42: Domainrelatedobject
domainRelatedObject Definition Used to define entries which representDNS/NRS domains which are “equivalent” to an X.500 domain, for example, an organisation or organisational unit. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.17 Required Attributes objectClass Defines the object classes for the entry. associatedDomain Specifies a DNS domain associated with an object in the directory tree.
Page 43: Dsa
Definition Used to define entries representing DSAs in the directory. This object class is defined in RFC 1274. Superior Class 2.5.6.13 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) The common name of the series. presentationAddress Contains an OSI presentation address for the entry.
Page 44: Extensibleobject
extensibleObject Definition When present in an entry, permits the entry to optionally hold any attribute. The allowed attribute list of this class is implicitly the set of all attributes known to the server. This object class is defined in RFC 2252. Superior Class 1.3.6.1.4.1.1466.101.120.111 Required Attributes...
Page 45: Friendlycountry
friendlyCountry Definition Used to define country entries in the directory tree. This object class is used to allow more user-friendly country names than those allowed by the country object class. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.18 Required Attributes objectClass...
Page 46: Groupofcertificates
groupOfCertificates Definition Used to describe a set of X.509 certificates. Any certificate that matches one of the memberCertificateDescription values is considered a member of the group. This object class is defined in Directory Server. Superior Class 2.16.840.1.113730.3.2.31 Required Attributes objectClass Defines the object classes for the entry.
Page 47: Groupofnames
groupOfNames Definition Used to define entries for a group of names. Note: The definition in Directory Server differs from the standard definition. In the standard definition, member is a required attribute. In Directory Server member is an allowed attribute. Directory Server therefore allows a group to have no member.
Page 48: Groupofuniquenames
groupOfUniqueNames Definition Used to define entries for a group of unique names. This object class is defined in RFC 2256. Superior Class 2.5.6.17 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) The group’s common name. Allowed Attributes businessCategory Type of business in which the group is engaged.
Page 49: Groupofurls
groupOfURLs Definition An auxiliary object class of groupOfUniqueNames or groupOfNames. The group consists of a list of labeled URLs. Not supported by Directory Server 3.0. This object class is defined in Directory Server. Superior Class 2.16.840.1.113730.3.2.33 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) The group’s common name.
Page 50: Inetorgperson
inetOrgPerson Definition Used to define entries representing people in an organization’s enterprise network. Inherits cn and sn from the person object class. This object class is defined in RFC 2798. Superior Class person 2.16.840.1.113730.3.2.2 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) The person’s common name.
Page 51 homePhone The person’s home phone number. homePostalAddress The person’s home mailing adress. initials The person’s initials. internationalISDNNumber The person’s ISDN number. jpegPhoto Photo in JPEG format. l (localityName) Place in which the person is located. labeledURI Universal resource locator that is relevant to the person. mail The person’s email address.
Page 52 telexNumber The person’s telex number. title The person’s job title. uid (userID) Identifies the person’s user id (usually the logon ID). userCertificate Stores a user’s certificate in cleartext (not used). userPassword Password with which the entry can bind to the directory. userSMIMECertificate Stores a user’s certificate in binary form.
Page 53: Labeleduriobject
labeledURIObject Definition This object class can be added to existing directory objects to allow for inclusion of URI values. This approach does not preclude including the labeledURI attribute type directly in other object classes as appropriate. This object class is defined in RFC 2079. Superior Class 1.3.6.1.4.1.250.3.1 Required Attributes...
Page 54: Locality
locality Definition Used to define entries that represent localities or geographic areas. This object class is defined in RFC 2256. Superior Class 2.5.6.3 Required Attributes objectClass Defines the object classes for the entry. Allowed Attributes description Text description of the locality. l (localityName) Place in which the entry is located.
Page 55: Newpilotperson
newPilotPerson Definition Used as a subclass of person, to allow the use of a number of additional attributes to be assigned to entries of the person object class. Inherits cn and sn from the person object class. This object class is defined in Internet White Pages Pilot. Superior Class person 0.9.2342.19200300.100.4.4...
Page 56 otherMailbox Values for electronic mailbox types other than X.400 and rfc822. pager The person’s pager number. personalSignature The person’s signature file. personalTitle The person’s personal title. preferredDeliveryMethod The person’s preferred method of contact or delivery. roomNumber The person’s room number. secretary Distinguished name of the person’s secretary or administrative assistant.
Page 57: Nscomplexroledefinition
nsComplexRoleDefinition Definition Any role that is not a simple role is, by definition, a complex role. This object class is defined in Directory Server. Superior Class nsRoleDefinition 2.16.840.1.113730.3.2.95 Required Attributes objectClass Defines the object classes for the entry. Allowed Attributes cn (commonName) The entry’s common name.
Page 58: Nsfilteredroledefinition
nsFilteredRoleDefinition Definition Specifies assignment of entries to the role, depending upon the attributes contained by each entry. This object class is defined in Directory Server. Superior Class nsComplexRoleDefinition 2.16.840.1.113730.3.2.97 Required Attributes objectClass Defines the object classes for the entry. nsRoleFilter Specifies the filter assigned to an entry.
Page 59: Nslicenseuser
nsLicenseUser Definition Used to track licenses for Netscape servers that are licensed on a per-client basis. nsLicenseUser is intended to be used with the object inetOrgPerson class. You can manage the contents of this object class through the Users and Groups area of the Netscape Administration Server.
Page 60: Nsmanagedroledefinition
nsManagedRoleDefinition Definition Specifies assignment of a role to an explicit, enumerated list of members. This object class is defined in Directory Server. Superior Class nsSimpleRoleDefinition 2.16.840.1.113730.3.2.96 Required Attributes objectClass Defines the object classes for the entry. Allowed Attributes cn (commonName) The entry’s common name.
Page 61: Nsnestedroledefinition
nsNestedRoleDefinition Definition Specifies containment of one or more roles of any type within the role. This object class is defined in Directory Server. Superior Class nsComplexRoleDefinition 2.16.840.1.113730.3.2.98 Required Attributes objectClass Defines the object classes for the entry. nsRoleDn Specifies the roles assigned to an entry. Allowed Attributes cn (commonName) The entry’s common name.
Page 62: Nsroledefinition
nsRoleDefinition Definition All role definition object classes inherit from the object class. nsRoleDefinition This object class is defined in Directory Server. Superior Class ldapSubEntry 2.16.840.1.113730.3.2.93 Required Attributes objectClass Defines the object classes for the entry. Allowed Attributes cn (commonName) The entry’s common name. description Text description of the entry.
Page 63: Nssimpleroledefinition
nsSimpleRoleDefinition Definition Roles containing this object class are called simple roles because they have a deliberately limited flexibility, which makes it easy to: • Enumerate the members of a role. • Determine whether a given entry possesses a particular role. •...
Page 64: Organization
organization Definition Used to define entries that represent organizations. An organization is generally assumed to be a large, relatively static grouping within a larger corporation or enterprise. This object class is defined in RFC 2256. Superior Class 2.5.6.4 Required Attributes objectClass Defines the object classes for the entry.
Page 65 preferredDeliveryMethod The organization’s preferred method of contact or delivery. registeredAddress Postal address suitable for reception of expedited documents, where the recipient must verify delivery. searchGuide Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation.
Page 66: Organizationalperson
organizationalPerson Definition Used to define entries for people employed by or associated with an organization. cn and sn are inherited from the person object class. This object class is defined in RFC 2256. Superior Class person 2.5.6.7 Required Attributes objectClass Defines the object classes for the entry.
Page 67 preferredDeliveryMethod The person’s preferred method of contact or delivery. registeredAddress Postal address suitable for reception of expedited documents, where the recipient must verify delivery. seeAlso URL to information relevant to the person. st (stateOrProvinceName) State or province in which the person is located. street Street address at which the person is located.
Page 68: Organizationalrole
organizationalRole Definition Used to define entries that represent roles held by people within an organization. This object class is defined in RFC 2256. Superior Class 2.5.6.8 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) The role’s common name. Allowed Attributes description Text description of the role.
Page 69 preferredDeliveryMethod Preferred method of contact or delivery of the person in the role. registeredAddress Postal address suitable for reception of expedited documents, where the recipient must verify delivery. roleOccupant Distinguished name of the person in the role. seeAlso URL to information relevant to the person in the role. st (stateOrProvinceName) State or province in which the person in the role is located.
Page 70: Organizationalunit
organizationalUnit Definition Used to define entries that represent organizational units. An organizational unit is generally assumed to be a relatively static grouping within a larger organization. This object class is defined in RFC 2256. Superior Class 2.5.6.5 Required Attributes objectClass Defines the object classes for the entry.
Page 71 preferredDeliveryMethod The organizational unit’s preferred method of contact or delivery. registeredAddress Postal address suitable for reception of expedited documents, where the recipient must verify delivery. searchGuide Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation.
Page 72: Person
person Definition Used to define entries that generically represent people. This object class is the base class for the organizationalPerson object class. This object class is defined in RFC 2256. Superior Class 2.5.6.6 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) The person’s common name.
Page 73: Pilotobject
pilotObject Definition Used as a subclass to allow additional attributes to be assigned to entries of all other object classes. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.3 Required Attributes objectClass Defines the object classes for the entry. Allowed Attributes audio Stores a sound file in binary format.
Page 74: Pilotorganization
pilotOrganization Definition Used as a subclass to allow additional attributes to be assigned to organization and organizationalUnit object class entries. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.20 Required Attributes objectClass Defines the object classes for the entry. o (organizationName) Organization to which the entry belongs.
Page 75 postOfficeBox The pilot organization’s post office box. preferredDeliveryMethod The pilot organization’s preferred method of contact or delivery registeredAddress Postal address suitable for reception of expedited documents, where the recipient must verify delivery. searchGuide Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation.
Page 76: Residentialperson
residentialPerson Definition Used by the Directory Server to contain a person’s residential information. This object class is defined in RFC 2256. Superior Class 2.5.6.10 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) The person’s common name. l (localityName) Place in which the person resides.
Page 77 registeredAddress Postal address suitable for reception of expedited documents, where the recipient must verify delivery. seeAlso URL to information relevant to the person. st (stateOrProvinceName) State or province in which the person resides. street Street address at which the person is located. telephoneNumber The person’s telephone number.
Page 78: Rfc822Localpart
RFC822LocalPart Definition Used to define entries that represent the local part of RFC822 mail addresses. The directory treats this part of an RFC822 address as a domain. This object class is defined in Internet directory pilot. Superior Class domain 0.9.2342.19200300.100.4.14 Required Attributes objectClass Defines the object classes for the entry.
Page 79 postalCode The postal code for this address (such as a United States zip code). preferredDeliveryMethod Local part’s preferred method of contact or delivery. registeredAddress Postal address suitable for reception of expediated documents, where the recipient must verify delivery. searchGuide Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation.
Page 80: Room
room Definition Used to store information in the directory about a room. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.7 Required Attributes objectClass Defines the object classes for the entry. cn (commonName) Common name of the room. Allowed Attributes description Text description of the room.
Page 81: Strongauthenticationuser
strongAuthenticationUser Definition Used to store a user’s certificate entry in the directory. This object class is defined in RFC 2256. Superior Class 2.5.6.15 Required Attributes objectClass Defines the object classes for the entry. userCertificate Stores a user’s certificate, usually in binary form. Chapter 2 Object Class Reference...
Page 82: Simplesecurityobject
simpleSecurityObject Definition Used to allow an entry to contain the userPassword attribute when an entry's principal object classes do not allow userPassword as an attribute type. Reserved for future use. This object class is defined in RFC 1274. Superior Class 0.9.2342.19200300.100.4.19 Required Attributes objectClass...
Page 83: Chapter 3 Attribute Reference
Chapter 3 Attribute Reference This chapter contains reference information about Netscape Directory Server (Directory Server) attributes. The attributes are listed in alphabetical order. abstract Definition Provides an abstract of a document entry. This attribute is defined in Internet White Pages Pilot. Syntax DirectoryString, multi-valued.
Page 84: Associateddomain
Syntax DN, single-valued. 2.5.4.1 associatedDomain Definition Specifies a DNS domain associated with an object in the directory tree. For example, the entry in the directory tree with a distinguished name "C=US, O=Example Corporation" would have an associated domain of "EC.US". Note that all domains should be represented in rfc822 order.
Page 85: Audio
0.9.2342.19200300.100.1.38 audio Definition Contains a sound file in binary format. The attribute uses a u-law encoded sound file. For example: audio:: AAAAAA== This attribute is defined in RFC 1274. Syntax Binary, multi-valued. 0.9.2342.19200300.100.1.55 authorCn Definition Contains the common name of the author of a document entry. For example: authorCn: Kacey This attribute is defined in Internet White Pages Pilot.
Page 86: Authorsn
authorSn Definition Contains the surname of the author of a document entry. For example: authorSn: Doe This attribute is defined in Internet White Pages Pilot. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.102.1.12 authorityRevocationList Definition Contains a list of CA certificates that have been revoked. This attribute is to be stored and requested in the binary form, as ‘authorityRevocationList ;binary’.
Page 87: Businesscategory
buildingName: 14 This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.48 businessCategory Definition Identifies the type of business in which the entry is engaged. This should be a broad generalization such as is made at the corporate division level. For example: businessCategory: Engineering This attribute is defined in RFC 2256.
Page 88: Cacertificate
Syntax DirectoryString, single-valued. 2.5.4.6 cACertificate Definition Contains the CA’s certificate. This attribute is to be stored and requested in the binary form, as ‘cACertificate;binary’. For example: cacertificate;binary:: AAAAAA== This attribute is defined in RFC 2256. Syntax Binary, multi-valued. 2.5.4.37 carLicense Definition Identifies the entry’s automobile license plate number.
Page 89: Certificaterevocationlist
certificateRevocationList Definition Contains a list of revoked user certificates. This attribute is to be stored and requested in the binary form, as ‘certificateRevocationList;binary’. For example: certificateRevocationList;binary:: AAAAAA== This attribute is defined in RFC 2256. Syntax Binary, multi-valued. 2.5.4.39 cn (commonName) Definition Identifies the name of an object in the directory.
Page 90: Co (Friendlycountryname)
2.5.4.3 co (friendlyCountryName) Definition Contains the name of a country. Often, the country attribute is used to describe a two-character code for a country, and the friendlyCountryName attribute is used to describe the actual country name. For example: friendlyCountryName: Ireland co: Ireland This attribute is defined in RFC 1274.
Page 91: Cosindirectspecifier
cosIndirectSpecifier Description Specifies the attribute values used by an indirect CoS to identify the template entry. This attribute is defined in Directory Server. Syntax DirectoryString, single-valued. 2.16.840.1.113730.3.1.577 cosPriority Definition Specifies which template provides the attribute value, when CoS templates compete to provide an attribute value. This attribute represents the global priority of a particular template.
Page 92: Costargettree
2.16.840.1.113730.3.1.551 cosTargetTree Definition Determines the subtrees of the DIT to which the CoS schema applies. The values for this attribute for the schema and for multiple CoS schema may overlap their target trees in an arbitrary fashion. This attribute is defined in Directory Server. Syntax DirectoryString, single-valued.
Page 93: Dc (Domaincomponent)
For example: crosscertificatepair;binary:: AAAAAA== This attribute is defined in RFC 2256. Syntax Binary, multi-valued. 2.5.4.40 dc (domainComponent) Definition Specifies one component of a domain name. For example: domainComponent: example dc: example This attribute is defined in RFC 2247. Syntax DirectoryString, single-valued. 0.9.2342.19200300.100.1.25 deltaRevocationList Definition...
Page 94: Departmentnumber
2.5.4.53 departmentNumber Definition Identifies the entry’s department number. For example: departmentNumber: 2604 This attribute is defined in RFC 2798. Syntax DirectoryString, multi-valued. 2.16.840.1.113730.3.1.2 description Definition Provides a human-readable description of the object. For people and organizations this often includes their role or work assignment. For example: description: Quality control inspector for the ME2873 product line This attribute is defined in RFC 2256.
Page 95: Destinationindicator
destinationIndicator Definition The country and city associated with the entry needed to provide Public Telegram Service. Generally used in conjunction with registeredAddress. For example: destinationIndicator: Stow, Ohio, USA This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.27 displayName Definition Preferred name of a person to be used when displaying entries.
Page 96: Ditredirect
dITRedirect Definition Used to indicate that the object described by one entry now has a newer entry in the directory tree. This attribute may be used when an individual’s place of work changes, and the individual acquires a new organizational DN. For example: ditRedirect: cn=jdoe, o=example.com This attribute is defined in RFC 1274.
Page 97: Dnsrecord
This attribute is defined in RFC 2256. Syntax 2.5.4.49 dNSRecord Definition Specifies DNS resource records, including type A (Address), type MX (Mail Exchange), type NS (Name Server), and type SOA (Start Of Authority) resource records. For example: dNSRecord: IN NS ns.uu.net This attribute is defined in Internet directory pilot.
Page 98: Documentidentifier
0.9.2342.19200300.100.1.14 documentIdentifier Definition Specifies a unique identifier for a document. For example: documentIdentifier: L3204REV1 This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.11 documentLocation Definition Defines the location of the original copy of a document entry. For example: documentLocation: Department Library This attribute is defined in RFC 1274.
Page 99: Documentpublisher
documentPublisher Definition The person and/or organization that published a document. For example: documentPublisher: Southeastern Publishing This attribute is defined in RFC 1274. Syntax DirectoryString, single-valued. 0.9.2342.19200300.100.1.56 documentStore Definition Defines the *** of a document. For example: documentStore: This attribute is defined in Internet White Pages Pilot. Syntax DirectoryString, multi-valued.
Page 100: Documentversion
This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.12 documentVersion Definition Defines the version of a document entry. For example: documentVersion: 1.1 This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.13 drink (favouriteDrink) Definition Describes the favorite drink of a person entry. For example: drink: soda favouriteDrink: soda...
Page 101: Dsaquality
0.9.2342.19200300.100.1.5 dSAQuality Definition Specifies the purported quality of a DSA. This attribute allows a DSA manager to indicate the expected level of availability of the DSA. For example: dSAQuality: high This attribute is defined in RFC 1274. Syntax DirectoryString, single-valued. 0.9.2342.19200300.100.1.49 employeeNumber Definition...
Page 102: Employeetype
employeeType Definition Identifies the entry’s type of employment. For example: employeeType: Full time This attribute is defined in RFC 2798. Syntax DirectoryString, multi-valued. 2.16.840.1.113730.3.1.4 enhancedSearchGuide Definition Used by X.500 clients when construcing search filters. For example: enhancedSearchGuide: (uid=mhughes) This attribute is defined in RFC 2798. Syntax DirectoryString, multi-valued.
Page 103: Generationqualifier
fax: +1 415 555 1212 This attribute is defined in RFC 2256. Syntax TelephoneNumber, multi-valued. 2.5.4.23 generationQualifier Definition Contains the generation Qualifier part of the name, typically appearing in the suffix. For example: generationqualifier:III This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued.
Page 104: Homephone
2.5.4.42 homePhone Definition Identifies the entry’s home phone number. For example: homeTelephoneNumber: 415-555-1212 homePhone: 415-555-1234 This attribute is defined in RFC 1274. Syntax TelephoneNumber, multi-valued. 0.9.2342.19200300.100.1.20 homePostalAddress Definition Identifies the entry’s home mailing address. This field is intended to include multiple lines, but each line within the entry should be separated by a dollar sign ($).
Page 105: Host
This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.39 host Definition Defines the hostname of a computer. For example: host: mozilla This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.9 houseIdentifier Definition Identifes a building in a location. For example: houseIdentifier: B105 This attribute is defined in RFC 2256.
Page 106: Info
info Definition Specifies any general information pertinent to an object. It is recommended that specific usage of this attribute type is avoided, and that specific requirements are met by other (possibly additional) attribute types. For example: info: not valid This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued.
Page 107: Janetmailbox
This attribute is defined in RFC 2256. Syntax IA5String, multi-valued. 2.5.4.25 janetMailbox Definition Specifies an email address. This attribute is intended for the convenience of U.K. users unfamiliar with rfc822 mail addresses. Entries using this attribute must also include an rfc822Mailbox attribute. This attribute is defined in RFC 1274.
Page 108: Keywords
keyWords Definition Contains keywords for the entry. For example: keyWords: directory LDAP X.500 This attribute is defined in Internet White Pages Pilot. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.102.1.7 knowledgeInformation Definition This attribute is no longer used. This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued.
Page 109: Labeleduri
l: Santa Clara This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.7 labeledURI Definition Specifies a Uniform Resource Identifier (URI) that is relevant in some way to the entry. Values placed in the attribute should consist of a URI (currently only URLs are supported) optionally followed by one or more space characters and a label.
Page 110: Lastmodifiedtime
Syntax DN, multi-valued. 0.9.2342.19200300.100.1.24 lastModifiedTime Definition Defines the last time, in UTC format, that a change was made to the entry. For example: lastModifiedTime: Thursday, 22-Sep-93 14:15:00 GMT This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.23 mail Definition Identifies a user’s primary email address (the email address retrieved and displayed by “white-pages”...
Page 111: Mailpreferenceoption
mailPreferenceOption Definition Not used in Netscape Messaging Server 4.0. Indicates a preference for inclusion of user names on mailing lists (electronic or physical). Accepted values include: • 0: user doesn’t want to be included in mailing lists. • 1: user consents to be added to any mailing list. •...
Page 112: Member
0.9.2342.19200300.100.1.10 member Definition Identifies the distinguished names for each member of the group. For example: member: cn=John Doe, o=example.com This attribute is defined in RFC 2256. Syntax DN, multi-valued. 2.5.4.31 memberCertificateDescription Definition This attribute is a multivalued attribute, where each value is a description, a pattern, or a filter matching the subject DN of a certificate (usually certificates used for SSL client authentication).
Page 113: Memberurl
In order to be considered a member of a group with the following memberCertificateDescription, a certificate would need to include ou=x, ou=A, and o=example, but not o=company. memberCertificateDescription: {ou=x, ou=A, o=company, o=example} In order to match the group’s requirements, a certificate’s subject DNs must contain the same ou attribute types in the same order as defined in the memberCertificateDescription attribute.
Page 114: Name
mobileTelephoneNumber: 415-555-4321 This attribute is defined in RFC 1274. Syntax TelephoneNumber, multi-valued. 0.9.2342.19200300.100.1.41 name Definition Identifies the attribute supertype from which string attribute types used for naming may be formed. It is unlikely that values of this type will occur in an entry. LDAP server implementations that do not support attribute subtyping do not need to recognize this attribute in requests.
Page 115: Nslicenseendtime
For example: nsLicensedFor: slapd This attribute is defined in Netscape Administration Services. Syntax DirectoryString, multi-valued. 2.16.840.1.113730.3.1.36 nsLicenseEndTime Definition Reserved for future use. This attribute is defined in Netscape Administration Services. Syntax DirectoryString, multi-valued. 2.16.840.1.113730.3.1.38 nsLicenseStartTime Definition Reserved for future use. This attribute is defined in Netscape Administration Services.
Page 116: Ntuserdomainid
ntUserDomainId Definition Identifies the Windows security domain name and user name of the entry in the format. nt_domain_name:nt_username For example: ntUserDomainId: workgroup:jdoe Syntax cis (single) 2.16.840.1.113730.3.1.41 o (organizationName) Definition Identifies the name of the organization. For example: organizationName: Example Corporation, Inc. o: Example Corporation, Inc This attribute is defined in RFC 2256.
Page 117: Obsoletedbydocument
For example: objectClass: person This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.0 obsoletedByDocument Definition Contains the distinguished name of a document that obsoletes the document entry. This attribute is defined in Internet White Pages Pilot. Syntax DN, multi-valued. 0.9.2342.19200300.102.1.4 obsoletesDocument Definition...
Page 118: Organizationalstatus
organizationalStatus Definition Specifies a category by which a person is often referred to in an organization. For example: organizationalStatus: researcher This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.45 otherMailbox Definition Specifies values for electronic mailbox types other than X.400 and rfc822. For example: otherMailbox: internet $ jdoe@example.com This attribute is defined in RFC 1274.
Page 119: Owner
ou: Marketing This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.11 owner Definition Identifies the distinguished name of the person responsible for the entry. For example: owner: cn=John Smith, o=Example Corporation, c=US This attribute is defined in RFC 2256. Syntax DN, multi-valued.
Page 120: Personalsignature
Syntax TelephoneNumber, multi-valued. 0.9.2342.19200300.100.1.42 personalSignature Definition A signature file, in binary format, for the entry. For example: personalSignature:: AAAAAA== This attribute is defined in RFC 1274. Syntax Binary, multi-valued. 0.9.2342.19200300.100.1.53 personalTitle Definition Specifies a personal title for a person. Examples of personal titles are "Ms", "Dr", "Prof"...
Page 121: Photo
photo Definition Contains a photo, in binary form, of the entry. For example: photo:: AAAAAA== This attribute is defined in RFC 1274. Syntax Binary, multi-valued. 0.9.2342.19200300.100.1.7 physicalDeliveryOfficeName Definition Identifies the name of the city or village in which a physical delivery office is located.
Page 122: Postalcode
To represent an actual dollar sign ($) or backslash (\) within this text, use the escaped hex values \24 and \5c respectively. For example, to represent the string: The dollar ($) value can be found in the c:\cost file. provide the string: The dollar (\24) value can be found$in the c:\5ccost file.
Page 123: Preferreddeliverymethod
This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.18 preferredDeliveryMethod Definition Identifies the entry’s preferred contact or delivery method. For example: preferredDeliveryMethod: telephone This attribute is defined in RFC 2256. Syntax DirectoryString, single-valued. 2.5.4.28 preferredLanguage Definition Defines a person’s preferred written or spoken language. The value for this attribute should conform to the syntax for HTTP Accept-Language header values.
Page 124: Presentationaddress
presentationAddress Definition Contains an OSI presentation address for the entry. The presentation address consists of an OSI Network Address and up to three selectors, one each for use by the transport, session, and presentation entities. For example: presentationAddress: TELEX+00726322+RFC-1006+02+130.59.2.1 This attribute is defined in RFC 2256. Syntax IA5String, single-valued.
Page 125: Registeredaddress
For example: /ou=People, o=example.com ref: ldap://server.example.com:389 This attribute is defined in LDAPv3 referrals Internet Draft. Syntax IA5String, multi-valued. 2.16.840.1.113730.3.1.34 registeredAddress Definition This attribute contains a postal address for receiving telegrams or expedited documents. The recipient’s signature is usually required on delivery. This attribute is defined in RFC 2256.
Page 126: Roomnumber
2.5.4.33 roomNumber Definition Specifies the room number of an object. Note that the commonName attribute should be used for naming room objects. For example: roomNumber: 230 This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.6 searchGuide Definition Specifies information for a suggested search criteria when using the entry as the base object in the directory tree for a search operation.
Page 127: Secretary
secretary Definition Identifies the entry’s secretary or administrative assistant. For example: secretary: cn=John Doe, o=example.com This attribute is defined in RFC 1274. Syntax DN, multi-valued. 0.9.2342.19200300.100.1.21 seeAlso Definition Identifies another Directory Server entry that may contain information related to this entry. For example: seeAlso: cn=Quality Control Inspectors,ou=manufacturing,o=example.com...
Page 128: Singlelevelquality
serialNumber: 555-1234-AZ This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.5 singleLevelQuality Definition Specifies the purported data quality at the level immediately below in the DIT. This attribute is defined in RFC 1274. Syntax DirectoryString, single-valued. 0.9.2342.19200300.100.1.50 sn (surname) Definition Identifies the entry’s surname, also referred to as last name or family name.
Page 129: St (Stateorprovincename)
st (stateOrProvinceName) Definition Identifies the state or province in which the entry resides. Abbreviation: st. For example: stateOrProvinceName: California st: California This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.8 street Definition Identifies the entry’s house number and street name. For example: streetAddress: 1234 Ridgeway Drive street: 1234 Ridgeway Drive...
Page 130: Subject
subject Definition Contains information about the subject matter of the document entry. For example: subject: employee option grants This attribute is defined in Internet White Pages Pilot. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.102.1.8 subtreeMaximumQuality Definition Specifies the purported maximum data quality for a DIT subtree. This attribute is defined in RFC 1274.
Page 131: Supportedalgorithms
0.9.2342.19200300.100.1.51 supportedAlgorithms Definition This attribute is to be stored and requested in the binary form, as ‘supportedAlgorithms;binary’. For example: supportedAlgorithms:: AAAAAA== This attribute is defined in RFC 2256. Syntax Binary, multi-valued. 2.5.4.52 supportedApplicationContext Definition This attribute contains the identifiers of OSI application contexts. This attribute is defined in RFC 2256.
Page 132: Teletexterminalidentifier
For example: telephoneNumber: 415-555-2233 This attribute is defined in RFC 2256. Syntax TelephoneNumber, multi-valued. 2.5.4.20 teletexTerminalIdentifier Definition Identifies the entry’s teletex terminal identifier. The format of the attribute is as follows: teletex-id = ttx-term 0*("$" ttx-param) ttx-term = printablestring ttx-param = ttx-key ":"...
Page 133: Textencodedoraddress
where: • actual-number: the syntactic representation of the number portion of the TELEX number being encoded. • country: the TELEX country code. • answerback: the answerback code of aTELEX terminal. This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.21 textEncodedORAddress Definition...
Page 134: Ttl (Timetolive)
This attribute is defined in RFC 2256. Syntax DirectoryString, multi-valued. 2.5.4.12 ttl (timeToLive) Definition Contains the time, in seconds, that cached information about an entry should be considered valid. Once the specified time has elapsed, the information is considered out of date. A value of zero (0) indicates that the entry should not be cached.
Page 135: Uniqueidentifier
This attribute is defined in RFC 1274. Syntax DirectoryString, multi-valued. 0.9.2342.19200300.100.1.1 uniqueIdentifier Definition Identifies a specific item used to distinguish between two entries when a distinguished name has been reused. This attribute is intended to detect instance of a reference to a distinguished name that has been deleted. This attribute is assigned by the server.
Page 136: Updatedbydocument
2.5.4.50 updatedByDocument Definition Contains the distinguished name of a document that is an updated version of the document entry. This attribute is defined in Internet White Pages Pilot. Syntax DN, multi-valued. 0.9.2342.19200300.102.1.6 updatesDocument Definition Contains the distinguished name of a document for which this document is an updated version.
Page 137: Userclass
userCertificate;binary:: AAAAAA== This attribute is defined in RFC 2256. Syntax Binary, multi-valued. 2.5.4.36 userClass Definition Specifies a category of computer user. The semantics of this attribute are arbitrary. The organizationalStatus attribute makes no distinction between computer users and others users and may be more applicable. For example: userClass: intern This attribute is defined in RFC 1274.
Page 138: Userpkcs12
This attribute is defined in RFC 2256. Syntax Binary, multi-valued. 2.5.4.35 userPKCS12 Definition This attribute provides a format for the exchange of personal identity information. The attribute is to be stored and requested in binary form, as ‘userPKCS12;binary’. The attribute values are PFX PDUs stored as binary data. This attribute is defined in RFC 2798.
Page 139: X121Address
x121Address Definition Defines the X.121 address of a person. This attribute is defined in RFC 2256. Syntax IA5String, multi-valued. 2.5.4.24 x500UniqueIdentifier Definition Reserved for future use. A binary method of identification useful for differentiating objects when a distinguished name has been reused. For example: x500UniqueIdentifier:: AAAAAA== This attribute is defined in RFC 2256.
Page 140 Netscape Directory Server Schema Reference • December 2003...
Page 141: Chapter 4 Operational Attributes, Special Attributes, And Special Object Classes
Chapter 4 Operational Attributes, Special Attributes, and Special Object Classes This chapter describes operational attributes used by Netscape Directory Server (Directory Server). Operational attributes are available for use on every entry in the directory, regardless of whether they are defined for the object class of the entry.
Page 142: Aci
Operational Attributes Syntax DirectoryString, multi-valued 2.16.840.1.113730.3.1.95 Definition Used by the Directory Server to evaluate what rights are granted or denied when it receives an LDAP request from a client. This attribute is defined in Directory Server. Syntax IA5String, multi-valued 2.16.840.1.113730.3.1.55 altServer Definition The values of this attribute are URLs of other servers which may be contacted...
Page 143: Attributetypes
Operational Attributes attributeTypes Definition Multi-valued attribute that specifies the attribute types used within a subschema. Each value describes a single attribute. This attribute is defined in RFC 2252. Syntax DirectoryString, multi-valued. 2.5.21.5 copiedFrom Definition Used by read-only replica to recognize master data source. Contains a reference to the server that holds the master data.
Page 144: Ditcontentrules
Operational Attributes Syntax DirectoryString, single-valued. 2.16.840.1.113730.3.1.614 dITContentRules Definition Multi-valued attribute that defines the DIT content rules which are in force within a subschema. Each value defines one DIT content rule. Each value is tagged by the object identifier of the structural object class to which it pertains. This attribute is defined in RFC 2252.
Page 145: Ldapsyntaxes
Operational Attributes ldapSyntaxes Definition This attribute identifies the syntaxes implemented, with each value corresponding to one syntax. This attribute is defined in RFC 2252. Syntax DirectoryString, multi-valued. 1.3.6.1.4.1.1466.101.120.16 matchingRules Definition Multi-valued attribute that defines the matching rules used within a subschema. Each value defines one matching rule.
Page 146: Nameforms
Operational Attributes 2.5.21.8 nameForms Definition Multi-valued attribute that defines the name forms used in a subschema. Each value defines one name form. This attribute is defined in RFC 2252. Syntax DirectoryString, multi-valued. 2.5.21.7 namingContexts Definition Corresponds to a naming context the server is mastering or shadowing. When the Directory Server does not master any information (for example, it is an LDAP gateway to a public X.500 directory), this attribute is absent.
Page 147: Nsds5Replconflict
Operational Attributes nsds5replconflict Definition This attribute is a conflict marker attribute. It is included on entries that have a change conflict that cannot be resolved automatically by the replication process. This attribute is defined in Directory Server. Syntax DirectoryString, multi-valued. 2.16.840.1.113730.3.1.973 nsRole Definition...
Page 148: Numsubordinates
Operational Attributes dn: cn=staff,o=Netscape,o=example.com objectclass: LDAPsubentry objectclass: nsRoleDefinition objectclass: nsSimpleRoleDefinition objectclass: nsManagedRoleDefinition dn: cn=userA,ou=users,o=Netscape,o=example.com objectclass: top objectclass: person sn: uA userpassword: secret nsroledn: cn=staff,o=Netscape,o=example.com A nested role specifies containment of one or more roles of any type. In that case, nsRoleDN defines the DN of the contained roles.
Page 149: Objectclasses
Operational Attributes 1.3.1.1.4.1.453.16.2.103 objectClasses Definition Multi-valued attribute that defines the object classes used in a subschema. Each value defines one object class. This attribute is defined in RFC 2252. Syntax DirectoryString, multi-valued. 2.5.21.6 passwordAllowChangeTime Definition Used to specify the length of time that must pass before the user is allowed to change their password.
Page 150: Passwordchecksyntax (Pwdchecksyntax)
Operational Attributes Syntax DirectoryString, single-valued. 2.16.840.1.113730.3.1.102 passwordCheckSyntax (pwdCheckSyntax) Definition Specifies whether the password syntax will be checked before the password is saved. (The password syntax checking mechanism checks that the password meets or exceeds the password minimum length requirement and that the string does not contain any trivial words, such as the user’s name or ID or any attribute value stored in the uid, , or...
Page 151: Passwordexpirationtime
Operational Attributes passwordExpirationTime Definition Used to specify the length of time that passes before the user’s password expires. This attribute is defined in Directory Server. Syntax GeneralizedTime, single-valued. 2.16.840.1.113730.3.1.91 passwordExpWarned Definition Used to indicate that a password expiration warning has been sent to the user. This attribute is defined in Directory Server.
Page 152: Passwordgraceusertime
Operational Attributes passwordGraceUserTime Definition Used to count the number of attempts the user has made with the expired password. This attribute is defined in Directory Server. Syntax DirectoryString, single-valued. 2.16.840.1.113730.3.1.998 passwordHistory Definition Contains the history of the user’s previous passwords. This attribute is defined in Directory Server.
Page 153: Passwordlockout (Pwdlockout)
Operational Attributes Syntax Integer, single-valued. 2.16.840.1.113730.3.1.101 passwordLockout (pwdLockOut) Definition Indicates whether users will be locked out of the directory after a given number of failed bind attempts. By default, users will not be locked out of the directory after a series of failed bind attempts. If you enable account lockout, you can set the number of failed bind attempts after which the user will be locked out using attribute.
Page 154: Passwordmaxage (Pwdmaxage)
Operational Attributes passwordMaxAge (pwdMaxAge) Definition Indicates the number of seconds after which user passwords will expire. To use this attribute, you must enable password expiration using the passwordExp attribute. This attribute is defined in Directory Server. Syntax Integer, single-valued. 2.16.840.1.113730.3.1.97 passwordMaxFailure (pwdMaxFailure) Definition Indicates the number of failed bind attempts after which a user will be locked...
Page 155: Passwordminlength (Pwdminlength)
Operational Attributes Syntax Integer, single-valued. 2.16.840.1.113730.3.1.222 passwordMinLength (pwdMinLength) Definition Specifies the minimum number of characters that must be used in Directory Server user password attributes. In general, shorter passwords are easier to crack, so you are recommended to set a password length of at least 6 or 7 characters.
Page 156: Passwordresetfailurecount (Pwdfailurecountinterval)
Operational Attributes passwordResetFailureCount (pwdFailureCountInterval) Definition Indicates the amount of time in seconds after which the password failure counter will be reset. Each time an invalid password is sent from the user’s account, the password failure counter is incremented. If the passwordLockout attribute is set to on, users will be locked out of the directory when (pwdLockOut)
Page 157: Passwordstoragescheme
Operational Attributes passwordStorageScheme Definition Specifies the type of encryption used to store Directory Server passwords. Enter the password in CLEAR for this attribute indicates that the password will appear in plain text. The following encryption types are supported by the Directory Server 6.x: •...
Page 158: Passwordwarning (Pwdexpirewarning)
Operational Attributes passwordWarning (pwdExpireWarning) Definition Indicates the number of seconds before a user’s password is due to expire that the user will receive a password expiration warning control on their next LDAP operation. Depending on the LDAP client, the user may also be prompted to change their password at the time the warning is sent.
Page 159: Subschemasubentry
Operational Attributes 2.16.840.1.113730.3.1.94 subschemaSubentry Definition DN of an entry that contains schema information. For example: subschemaSubentry: cn=schema This attribute is defined in RFC 2252. Syntax DN, single-valued. 2.5.18.10 supportedControl Definition The values of this attribute are the object identifiers (OIDs) that identify the controls supported by the server.
Page 160: Supportedextension
Operational Attributes supportedExtension Definition The values of this attribute are the object identifiers (OIDs) that identify the supported extended operations supported by the server. When the server does not support extensions, this attribute is absent. This attribute is defined in RFC 2252. Syntax DirectoryString, multi-valued.
Page 161: Special Attributes
Special Attributes 1.3.6.1.4.1.1466.101.120.14 Special Attributes changes Description For add and modify operations, contains the changes made to the entry, in LDIF format. This attribute is defined in Changelog Internet Draft. Syntax Binary, multi-valued. 2.16.840.1.113730.3.1.8 changeLog Description The distinguished name of the entry which contains the set of entries comprising the servers changelog.
Page 162: Changenumber
Special Attributes changeNumber Description This single-valued attribute is always present. It contains an integer which uniquely identifies each change made to a directory entry. This number is related to the order in which the change occurred. The higher the number, the later the change.
Page 163: Deleteoldrdn
Special Attributes Syntax DirectoryString, multi-valued. 2.16.840.1.113730.3.1.7 deleteOldRdn Description In the case of operations, specifies whether the old RDN was deleted. modrdn This attribute is defined in Changelog Internet Draft. Syntax Boolean, multi-valued. 2.16.840.1.113730.3.1.10 newRdn Description In the case of operations, specifies the new RDN of the entry. modrdn This attribute is defined in Changelog Internet Draft.
Page 164: Targetdn
Special Object Classes This attribute is defined in Changelog Internet Draft. Syntax DN, multi-valued. 2.16.840.1.113730.3.1.11 targetDn Description Contains the DN of the entry that was affected by the LDAP operation. In the case of a operation, the attribute contains the DN of the entry modrdn targetDn before it was modified or moved.
Page 165: Passwordobject
Special Object Classes 2.16.840.1.113730.3.2.1 Required Attributes objectClass Defines the object classes for the entry. changeNumber Number assigned arbitrarily to the changelog. changeTime The time at which a change took place. changeType The type of change performed on an entry. targetDn The distinguished name of an entry added, modified or deleted on a supplier server.
Page 166: Subschema
Special Object Classes Required Attributes objectClass Defines the object classes for the entry. Allowed Attributes accountUnlockTime Refers to the amount of time that must pass after an account lockout before the user can bind to the directory again. passwordAllowChangeTime Used to specify the length of time that must pass before the user is allowed to change their password.
Page 167 Special Object Classes 2.5.20.1 Required Attributes objectClass Defines the object classes for the entry. Allowed Attributes attributeTypes Attribute types used within a subschema. dITContentRules Defines the DIT content rules which are in force within a subschema. dITStructureRules Defines the DIT structure rules which are in force within a subschema.
Page 168 Special Object Classes Netscape Directory Server Schema Reference • December 2003...
Page 169: Index
Index SYMBOLS 50ns-mlm.ldif 21 50ns-msg.ldif 21 ( 96 50ns-netshare.ldif 21 50ns-news.ldif 21 50ns-proxy.ldif 21 50ns-value.ldif 20 NUMERICS 50ns-wcal.ldif 21 50ns-web.ldif 21 00core.ldif 20 51ns-calendar.ldif 21 05rfc2247.ldif 20 99user.ldif 20 05rfc2927.ldif 20 10presence.ldif 20 10rfc2307.ldif 20 20subscriber.ldif 20 25java-object.ldif 20 28pilot.ldif 20 abstract attribute 83 30ns-common.ldif 20 account object class 26...
Page 170 attributeTypes operational attribute 143 cosTargetTree attribute 92 audio attribute 85 cosTemplate object class 33 authorCn attribute 85 cosTemplateDn attribute 92 authorityRevocationList attribute 86 country object class 34 authorSn attribute 86 countryName attribute, See c attribute crossCertificatePair attribute 92 buildingName attribute 86 businessCategory attribute 87 dc attribute 93 dcObject object class 35...
Page 171 dSAQuality attribute 101 inetOrgPerson object class 50 info attribute 106 initials attribute 106 internationalISDNNumber attribute 106 employeeNumber attribute 101 employeeType attribute 102 enhancedSearchGuide attribute 102 extending schema 22 janetMailbox attribute 107 jpegPhoto attribute 107 facsimileTelephoneNumber attribute, See fax attribute favouriteDrink attribute, See drink attribute keyWords attribute 108 fax attribute 102 knowledgeInformation attribute 108...
Page 172 memberCertificateDescription attribute 112 base OID for Directory Server 22 base OID for Netscape 21 memberURL attribute 113 base OID for Netscape-defined attributes 22 mobile attribute 113 base OID for Netscape-defined object classes 22 mobileTelephoneNumber attribute, See mobile objectClass attribute 116 attribute objectClasses operational attribute 149 obsoletedByDocument attribute 117...
Page 173 passwordStorageScheme 157 passwordMinAge operational attribute 154 passwordUnlock 157 passwordMinLength operational attribute 155 passwordWarning 158 passwordMustChange operational attribute 155 pwdpolicysubentry 158 passwordObject object class 165 retryCountResetTime 158 passwordResetFailureCount operational subschemaSubentry 159 attribute 156 supportedControl 159 passwordRetryCount operational attribute 156 supportedExtension 160 passwordStorageScheme operational attribute 157 supportedLDAPVersion 160 passwordUnlock operational attribute 157...
Page 174 checking 22 supportedSASLMechanisms operational defined 15 attribute 160 extending 22 surname attribute, See sn attribute supported 19 searchGuide attribute 126 secretary attribute 127 seeAlso attribute 127 serialNumber attribute 127 targetDn attribute 164 serverID 13 telephoneNumber attribute 131 serverRoot 13 teletexTerminalIdentifier attribute 132 simpleSecurityObject object class 82 telexNumber attribute 132 singleLevelQuality attribute 128...

Netscape DIRECTORY SERVER 6.2 - SCHEMA Reference

Chapter 1 About Schema

Chapter 2 Object Class Reference

Chapter 3 Attribute Reference

Chapter 4 Operational Attributes, Special Attributes, and Special Object Classes

Index

Quick Links

Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 6.2 - SCHEMA

Summary of Contents for Netscape NETSCAPE DIRECTORY SERVER 6.2 - SCHEMA