Netscape NETSCAPE DIRECTORY SERVER 7.0 Скачать руководство пользователя

Страница: 1 / 178

Schema Reference

Netscape Directory Server

Version 7.0

October 2004

Содержание NETSCAPE DIRECTORY SERVER 7.0

Страница 1: ...Schema Reference Netscape Directory Server Version7 0 October 2004 ...

Страница 2: ...ession code by the Info ZIP group There are no extra charges or costs due to the use of this code and the original compression sources are freely available from http www infozip com on the Internet This product includes software developed by the Apache Software Foundation http www apache org Portions of the Software copyright 1989 The Regents of the University of California All rights reserved Red...

Страница 3: ...ect Classes 16 Required and Allowed Attributes 16 Object Class Inheritance 17 Attributes 17 Attribute Syntax 17 Single Valued and Multi Valued Attributes 19 Schema Supported by Directory Server 19 Object Identifiers OIDs 21 Extending Server Schema 22 Schema Checking 22 Chapter 2 Object Class Reference 25 account 26 alias 27 cosClassicDefinition 28 cosDefinition 29 cosIndirectDefinition 30 cosPoint...

Страница 4: ...4 newPilotPerson 55 nsComplexRoleDefinition 57 nsFilteredRoleDefinition 58 nsLicenseUser 59 nsManagedRoleDefinition 60 nsNestedRoleDefinition 61 nsRoleDefinition 62 nsSimpleRoleDefinition 63 organization 64 organizationalPerson 66 organizationalRole 68 organizationalUnit 70 person 72 pilotObject 73 pilotOrganization 74 residentialPerson 76 RFC822LocalPart 78 room 80 strongAuthenticationUser 81 sim...

Страница 5: ...TemplateDn 92 crossCertificatePair 93 dc domainComponent 93 deltaRevocationList 94 departmentNumber 94 description 94 destinationIndicator 95 displayName 95 dITRedirect 96 dmdName 96 dn distinguishedName 97 dNSRecord 97 documentAuthor 97 documentIdentifier 98 documentLocation 98 documentPublisher 99 documentStore 99 documentTitle 99 documentVersion 100 drink favoriteDrink 100 dSAQuality 101 employ...

Страница 6: ...stModifiedTime 110 mail 110 mailPreferenceOption 111 manager 111 member 112 memberCertificateDescription 112 memberURL 113 mobile 113 name 114 nsLicensedFor 114 nsLicenseEndTime 115 nsLicenseStartTime 115 ntUserDomainId 115 o organizationName 116 objectClass 116 obsoletedByDocument 117 obsoletesDocument 117 organizationalStatus 117 otherMailbox 118 ou organizationUnitName 118 owner 119 pager 119 p...

Страница 7: ...ity 130 subtreeMinimumQuality 130 supportedAlgorithms 131 supportedApplicationContext 131 telephoneNumber 131 teletexTerminalIdentifier 132 telexNumber 132 textEncodedORAddress 133 title 133 ttl timeToLive 134 uid userID 134 uniqueIdentifier 135 uniqueMember 135 updatedByDocument 136 updatesDocument 136 userCertificate 136 userClass 137 userPassword 137 userPKCS12 138 userSMIMECertificate 138 x121...

Страница 8: ...CheckSyntax 150 passwordExp 151 passwordExpirationTime 151 passwordExpWarned 151 passwordGraceLimit 152 passwordGraceUserTime 152 passwordHistory 152 passwordInHistory pwdInHistory 153 passwordLockout pwdLockOut 153 passwordLockoutDuration pwdLockoutDuration 154 passwordMaxAge pwdMaxAge 154 passwordMaxFailure pwdMaxFailure 155 passwordMinAge pwdMinAge 155 passwordMinLength pwdMinLength 156 passwor...

Страница 9: ...62 changeNumber 162 changeTime 163 changeType 163 deleteOldRdn 163 newRdn 164 newSuperior 164 nsEncryptionAlgorithm 164 nsSaslMapRegexString 165 nsSaslMapBaseDNTemplate 165 nsSaslMapFilterTemplate 165 targetDn 166 Special Object Classes 166 changeLogEntry 166 nsAttributeEncryption 167 nsSaslMapping 168 passwordObject 168 subschema 169 Index 171 ...

Страница 10: ...10 Netscape Directory Server Schema Reference October 2004 ...

Страница 11: ...se of This Guide page 11 Directory Server Overview page 11 Contents of This Guide page 12 Prerequisite Reading page 12 Conventions Used in This Book page 13 Related Information page 13 Purpose of This Guide This Schema Reference guide describes the standard directory schema for Directory Server and lists all the object classes and attributes defined by the standard schema The information provided ...

Страница 12: ...ference Contains an alphabetical list of the object classes accepted by the default schema It gives a definition of each object class and gives the list of required and allowed attributes specific to the particular object class However any mandatory and optional attributes inherited from superior object classes are not listed Chapter 3 Attribute Reference Contains an alphabetic list of the standar...

Страница 13: ...erverRoot slapd serverID serverRoot is the installation directory The default installation directory for UNIX is usr netscape servers On Windows it is c usr netscape servers If you have installed Directory Server in a different location you should adapt the path accordingly serverID is the ID or identifier you assigned to an instance of Directory Server when you installed it For example if you gav...

Страница 14: ...tory Server Netscape Directory Server Gateway Customization Guide Introduces Directory Server Gateway and explains how to implement a gateway instance with basic directory look up functionality Also contains information useful for implementing a more powerful gateway instance with directory authentication and administration capability Netscape Directory Server Org Chart Introduces the Netscape Dir...

Страница 15: ... The directory schema is a set of rules that defines how the data can be stored in the directory The data is stored in the form of directory entries Each entry is a set of attributes and their values Each entry must have an object class The object class specifies the kind of object the entry describes and defines the set of attributes it contains The schema defines the type of entries allowed thei...

Страница 16: ...ired attributes include the attributes that must be present in entries using the object class All entries require the objectClass attribute which defines the object classes assigned to the entry Allowed attributes include the attributes that may be present in entries using the object class Example Object Class person Required Attributes object class cn common name sn surname Allowed Attributes des...

Страница 17: ...e when you assign the inetOrgperson object class to an entry it automatically inherits the required and allowed attributes from the superior object class Attributes Directory data is represented as attribute value pairs Any piece of information in the directory is associated with a descriptive attribute For instance the commonName or cn attribute is used to store a person s name A person named Jon...

Страница 18: ... Indicates that values for this attribute are encoded as printable strings The time zone must be specified It is strongly recommended to use GMT time IA5String 1 3 6 1 4 1 1466 115 121 1 26 Indicates that values for this attribute are case sensitive INTEGER 1 3 6 1 4 1 1466 115 121 1 27 Indicates that valid values for this attribute are numbers OctetString 1 3 6 1 4 1 1466 115 121 1 40 Same behavi...

Страница 19: ...arate file called 99user ldif You should not modify the standard files provided with the Directory Server because you incur the risk of breaking compatibility with other Netscape products or of causing interoperability problems with directory servers from vendors other than Netscape Communications Corporation For more information about how the Directory Server stores information and suggestions fo...

Страница 20: ...or that user 10rfc2307 ldif Schema from RFC 2307 An Approach for Using LDAP as a Network Information Service 20subscriber ldif Common schema elements for Netscape Nortel subscriber interoperability 25java object ldif Schema from RFC 2713 Schema for Representing Java tm Objects in an LDAP Directory 28pilot ldif Schema from the pilot RFCs especially RFC 1274 that are no longer recommended by Netscap...

Страница 21: ...Schema 50ns mail ldif Schema for Netscape Messaging Server 50ns mcd browser ldif Schema for Netscape Mission Control Desktop Browser 50ns mcd config ldif Schema for Netscape Mission Control Desktop Configuration 50ns mcd li ldif Schema for Netscape Mission Control Desktop Location Independence 50ns mcd mail ldif Schema for Netscape Mission Control Desktop Mail 50ns media ldif Schema for Netscape M...

Страница 22: ...y service in the enterprise When adding new attributes to the schema a new object class should be created to contain them adding a new attribute to an existing object class can compromise the Directory Server s compatibility with existing LDAP clients that rely on the standard LDAP schema and may cause difficulties when upgrading the server For more information about extending server schema refer ...

Страница 23: ...Schema Checking Chapter 1 About Schema 23 Schema checking also occurs when importing a database using LDIF For more information refer to the Netscape Directory Server Administrator s Guide ...

Страница 24: ...Schema Checking 24 Netscape Directory Server Schema Reference October 2004 ...

Страница 25: ...the Directory Server or other Netscape products for internal operations are not documented here For information about these object classes please refer to the Netscape Directory Server Configuration Command and File Reference The LDAP RFCs and X 500 standards allow for an object class to have more than one superior This behavior is not currently supported by Directory Server NOTE When an object cl...

Страница 26: ...ed Attributes objectClass Defines the object classes for the entry uid userID Identifies the account s user ID description Text description of the entry host Hostname of the computer on which the account resides l localityName Place in which the account is located o organizationName Organization to which the account belongs ou organizationUnitName Organizational unit to which the account belongs s...

Страница 27: ...directory tree Note Aliasing is not supported in Directory Server This object class is defined in RFC 2256 Superior Class top OID 2 5 6 1 Required Attributes objectClass Defines the object classes for the entry aliasedObjectName Distinguished name of the entry for which this entry is an alias ...

Страница 28: ...efinition OID 2 16 840 1 113730 3 2 100 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cosAttribute Provides the name of the attribute for which you want to generate a value You can specify more than one cosAttribute value cn commonName Common name of the entry cosSpecifier Specifies the attribute value used by a classic CoS which along with the templat...

Страница 29: ...rights are granted or denied when the Directory Server receives an LDAP request from a client cn commonName Common name of the entry cosAttribute Provides the name of the attribute for which you want to generate a value You can specify more than one cosAttribute value cosSpecifier Specifies the attribute value used by a classic CoS which along with the template entry s DN identifies the template e...

Страница 30: ... Directory Server Superior Class cosSuperDefinition OID 2 16 840 1 113730 3 2 102 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cosAttribute Provides the name of the attribute for which you want to generate a value You can specify more than one cosAttribute value cn commonName Common name of the entry cosIndirectSpecifier Specifies the attribute value ...

Страница 31: ...Directory Server Superior Class cosSuperDefinition OID 2 16 840 1 113730 3 2 101 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cosAttribute Provides the name of the attribute for which you want to generate a value You can specify more than one cosAttribute value cn commonName Common name of the entry cosTemplateDn Provides the DN of the template entry ...

Страница 32: ... defined in Directory Server Superior Class ldapSubEntry OID 2 16 840 1 113730 3 2 99 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cosAttribute Provides the name of the attribute for which you want to generate a value You can specify more than one cosAttribute value cn commonName Common name of the entry description Text description of the entry ...

Страница 33: ...efined in Directory Server Superior Class top OID 2 16 840 1 113730 3 2 128 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cn commonName Common name of the entry cosPriority Specifies which template provides the attribute value when CoS templates compete to provide an attribute value ...

Страница 34: ...6 2 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry c countryName Contains the two character code representing country names as defined by ISO in the directory description Text description of the country searchGuide Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation ...

Страница 35: ... class such as o organizationName ou organizationalUnitName or l localityName For example dn dc example dc com objectClass top objectClass organization objectClass dcObject dc example o Example Corporation This object class is defined in RFC 2247 Superior Class top OID 1 3 6 1 4 1 1466 344 Required Attributes objectClass Defines the object classes for the entry dc domainComponent One component of ...

Страница 36: ...jectClass Defines the object classes for the entry cn commonName Common name of the device description Text description of the device l localityName Place in which the device is located o organizationName Organization to which the device belongs ou organizationUnitName Organizational unit to which the device belongs owner Distinguished name of the person responsible for the device seeAlso URL to i...

Страница 37: ...res a sound file in binary format authorCn Author s common or given name authorSn Author s surname cn commonName Common name of the document description Text description of the document dITRedirect Distinguished name to use as a redirect for the entry documentAuthor Distinguished name of the document author documentLocation Location of the original document documentPublisher Person or organization...

Страница 38: ...me of a document that obsoletes this document obsoletesDocument Distinguished name of a document that is obsoleted by this document ou organizationUnitName Organizational unit to which the document belongs photo Photo of the document in binary form seeAlso URL to information relevant to the document subject Subject of the document uniqueIdentifier Specific item used to distinguish between two entr...

Страница 39: ...tes objectClass Defines the object classes for the entry cn commonName The common name of the series description Text description of the series l localityName Place in which the series is located o organizationName Organization to which the series belongs ou organizationUnitName Organizational unit to which the series belongs seeAlso URL to information relevant to the series telephoneNumber Teleph...

Страница 40: ...attributes to be present in the entry This object class is defined in RFC 2247 Superior Class top OID 0 9 2342 19200300 100 4 13 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry dc domainComponent One component of a domain name associatedName Entry in the organizational directory tree associated with a DNS domain businessCategory Type of business in which...

Страница 41: ...where the recipient must verify delivery searchGuide Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation seeAlso URL to information relevant to the domain st stateOrProvinceName State or province in which the domain is located street Street address in which the domain is located telephoneNumber Domain s telephone ...

Страница 42: ...s which are equivalent to an X 500 domain for example an organization or organizational unit This object class is defined in RFC 1274 Superior Class top OID 0 9 2342 19200300 100 4 17 Required Attributes objectClass Defines the object classes for the entry associatedDomain Specifies a DNS domain associated with an object in the directory tree ...

Страница 43: ...the series presentationAddress Contains an OSI presentation address for the entry description Text description of the series knowledgeInformation This attribute is no longer used l localityName Place in which the series is located o organizationName Organization to which the series belongs ou organizationUnitName Organizational unit to which the series belongs seeAlso URL to information relevant t...

Страница 44: ... hold optionally any attribute The allowed attribute list of this class is implicitly the set of all attributes known to the server This object class is defined in RFC 2252 Superior Class top OID 1 3 6 1 4 1 1466 101 120 111 Required Attributes Allowed Attributes All attributes known to the server objectClass Defines the object classes for the entry ...

Страница 45: ...lass top OID 0 9 2342 19200300 100 4 18 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry co friendlyCountryName Stores the name of a country c countryName Contains the two character code representing country names as defined by ISO in the directory description Text description of the country searchGuide Specifies information for suggested search criteria ...

Страница 46: ...utes objectClass Defines the object classes for the entry cn commonName The group s common name businessCategory Type of business in which the group is engaged description Text description of the group s purpose memberCertificateDescription Values used to determine if a particular certificate is a member of this group o organizationName Organization to which the group of certificates belongs ou or...

Страница 47: ...d in RFC 2256 Superior Class top OID 2 5 6 9 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cn commonName The group s common name businessCategory Type of business in which the group is engaged description Text description of the group s purpose member Distinguished name of a group member o organizationName Organization to which the group belongs ou org...

Страница 48: ...t class is defined in RFC 2256 Superior Class top OID 2 5 6 17 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cn commonName The group s common name businessCategory Type of business in which the group is engaged description Text description of the group s purpose o organizationName Organization to which the group belongs ou organizationUnitName Organiza...

Страница 49: ...objectClass Defines the object classes for the entry cn commonName The group s common name businessCategory Type of business in which the group is engaged description Text description of the group s purpose memberURL URL associated with each member of the group o organizationName Organization to which the group belongs ou organizationUnitName Organizational unit to which the group belongs owner Di...

Страница 50: ...me or last name audio Stores a sound file in binary format businessCategory Type of business in which the person is engaged carLicense The license plate number of the person s vehicle departmentNumber Department for which the person works description Text description of the person destinationIndicator Country and city associated with the entry needed to provide Public Telegram Service displayName ...

Страница 51: ...ation where physical deliveries can be made to the person postOfficeBox The person s post office box postalAddress The person s mailing address postalCode The postal code for this address such as a United States zip code preferredDeliveryMethod The person s preferred method of contact or delivery preferredLanguage The person s preferred written or spoken language registeredAddress Postal address s...

Страница 52: ...he person s user id usually the logon ID userCertificate Stores a user s certificate in cleartext not used userPassword Password with which the entry can bind to the directory userSMIMECertificate Stores a user s certificate in binary form Used by Netscape Communicator for S MIME x121Address X 121 address of the person x500UniqueIdentifier Reserved ...

Страница 53: ...This approach does not preclude including the labeledURI attribute type directly in other object classes as appropriate This object class is defined in RFC 2079 Superior Class top OID 1 3 6 1 4 1 250 3 1 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry labeledURI Universal Resource Locator that is relevant to the entry ...

Страница 54: ...Class Defines the object classes for the entry description Text description of the locality l localityName Place in which the entry is located searchGuide Specifies information for a suggested search criteria when using the entry as the base object in the directory tree for a search operation seeAlso URL to information relevant to the locality st stateOrProvinceName State or province to which the ...

Страница 55: ...me The person s common name sn surname The person s surname or last name businessCategory Type of business in which this person is engaged description Text description of the person drink favoriteDrink The person s favorite drink homePhone The person s home phone number homePostalAddress The person s home mailing address janetMailbox The person s email address mail The person s email address mailP...

Страница 56: ...referred method of contact or delivery roomNumber The person s room number secretary Distinguished name of the person s secretary or administrative assistant seeAlso URL to information relevant to the person telephoneNumber The person s telephone number textEncodedORAddress The person s text encoded Originator Recipient X 400 address uid userID Identifies the person s user id usually the logon ID ...

Страница 57: ...by definition a complex role This object class is defined in Directory Server Superior Class nsRoleDefinition OID 2 16 840 1 113730 3 2 95 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cn commonName The entry s common name description Text description of the entry ...

Страница 58: ...s contained by each entry This object class is defined in Directory Server Superior Class nsComplexRoleDefinition OID 2 16 840 1 113730 3 2 97 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry nsRoleFilter Specifies the filter assigned to an entry cn commonName The entry s common name description Text description of the entry ...

Страница 59: ...s of this object class through the Users and Groups area of the Netscape Administration Server This object class is defined in Netscape Administration Services Superior Class top OID 2 16 840 1 113730 3 2 7 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry nsLicensedFor Netscape server that the user is licensed to use nsLicenseEndTime Reserved for future u...

Страница 60: ...o an explicit enumerated list of members This object class is defined in Directory Server Superior Class nsSimpleRoleDefinition OID 2 16 840 1 113730 3 2 96 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cn commonName The entry s common name description Text description of the entry ...

Страница 61: ...e This object class is defined in Directory Server Superior Class nsComplexRoleDefinition OID 2 16 840 1 113730 3 2 98 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry nsRoleDn Specifies the roles assigned to an entry cn commonName The entry s common name description Text description of the entry ...

Страница 62: ...inherit from the nsRoleDefinition object class This object class is defined in Directory Server Superior Class ldapSubEntry OID 2 16 840 1 113730 3 2 93 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cn commonName The entry s common name description Text description of the entry ...

Страница 63: ...given entry possesses a particular role Enumerate all the roles possessed by a given entry Assign a particular role to a given entry Remove a particular role from a given entry This object class is defined in Directory Server Superior Class nsRoleDefinition OID 2 16 840 1 113730 3 2 94 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cn commonName The ent...

Страница 64: ...ch the organization is engaged description Text description of the organization destinationIndicator Country and city associated with the entry needed to provide Public Telegram Service fax facsimileTelephoneNumber The organization s fax number internationalISDNNumber The organization s ISDN number l localityName Place in which the organization is located physicalDeliveryOfficeName Location where ...

Страница 65: ...ch operation seeAlso URL to information relevant to the organization st stateOrProvinceName State or province in which the organization is located street Street address at which the organization is located telephoneNumber The organization s telephone number teletexTerminalIdentifier Identifier for the organization s teletex terminal telexNumber The organization s telex number userPassword Password...

Страница 66: ...n s surname or last name description Text description of the person destinationIndicator Country and city associated with the person needed to provide Public Telegram Service fax facsimileTelephoneNumber The person s fax number internationalISDNNumber The person s ISDN number l localityName Place in which the person is located ou organizationUnitName Organizational unit to which the person belongs...

Страница 67: ...nformation relevant to the person st stateOrProvinceName State or province in which the person is located street Street address at which the person is located telephoneNumber The person s telephone number teletexTerminalIdentifier Identifier for the person s teletex terminal telexNumber The person s telex number title The person s job title userPassword Password with which the entry can bind to th...

Страница 68: ...ide Public Telegram Service fax facsimileTelephoneNumber Fax number of the person in the role internationalISDNNumber ISDN number of the person in the role l localityName Place in which the person in the role is located ou organizationUnitName Organizational unit to which the person in the role belongs physicalDeliveryOfficeName Location where physical deliveries can be made to the person in the r...

Страница 69: ...nformation relevant to the person in the role st stateOrProvinceName State or province in which the person in the role is located street Street address at which the person in the role is located telephoneNumber The person s telephone number teletexTerminalIdentifier Identifier for the teletex terminal of the person in the role telexNumber Telex number of the person in the role x121Address X 121 ad...

Страница 70: ...gaged description Text description of the organizational unit destinationIndicator Country and city associated with the organizational unit needed to provide Public Telegram Service fax facsimileTelephoneNumber The organizational unit s fax number internationalISDNNumber The organizational unit s ISDN number l localityName Place in which the organizational unit is located physicalDeliveryOfficeNam...

Страница 71: ...URL to information relevant to the organizational unit st stateOrProvinceName State or province in which the organizational unit is located street Street address at which the organizational unit is located telephoneNumber The organizational unit s telephone number teletexTerminalIdentifier Identifier for the organizational unit s teletex terminal telexNumber The organization s telex number userPas...

Страница 72: ...defined in RFC 2256 Superior Class top OID 2 5 6 6 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cn commonName The person s common name sn surname The person s surname or last name description Text description of the person seeAlso URL to information relevant to the person telephoneNumber The person s telephone number userPassword Password with which t...

Страница 73: ... object classes for the entry audio Stores a sound file in binary format dITRedirect Distinguished name to use as a redirect for the entry info Information about the object jpegPhoto Photo in jpeg format lastModifiedBy Distinguished name of the last user to modify the object lastModifiedTime Last time the object was modified manager Distinguished name of the object s manager photo Photo of the obj...

Страница 74: ...f the building in which the entry is located businessCategory Type of business in which the entry is engaged description Text description of the entry destinationIndicator Country and city associated with the pilot organization needed to provide Public Telegram Service fax facsimileTelephoneNumber The pilot organization s fax number internationalISDNNumber The pilot organization s ISDN number l lo...

Страница 75: ...irectory tree for a search operation seeAlso URL to information relevant to the pilot organization st stateOrProvinceName State or province in which the pilot organization is located street Street address at which the pilot organization is located telephoneNumber The pilot organization s telephone number teletexTerminalIdentifier Identifier for the pilot organization s teletex terminal telexNumber...

Страница 76: ... businessCategory Type of business in which the person is engaged description Text description of the person destinationIndicator Country and city associated with the entry needed to provide Public Telegram Service fax facsimileTelephoneNumber The person s fax number internationalISDNNumber The person s ISDN number physicalDeliveryOfficeName Location where physical deliveries can be made to the pe...

Страница 77: ... the person st stateOrProvinceName State or province in which the person resides street Street address at which the person is located telephoneNumber The person s telephone number teletexTerminalIdentifier Identifier for the person s teletex terminal telexNumber The person s telex number userPassword Password with which the entry can bind to the directory x121Address X 121 address of the entry ...

Страница 78: ...irectory tree associated with a DNS domain businessCategory Type of business in which this local part is engaged cn commonName The local part s common name description Text description of the local part destinationIndicator Country and city associated with the entry needed to provide Public Telegram Service fax facsimileTelephoneNumber The local part s fax number internationalISDNNumber The local ...

Страница 79: ...bject in the directory tree for a search operation seeAlso URL to information relevant to the local part sn surname The entry s surname or last name st stateOrProvinceName State or province in which the local part is located street Street address at which the local part is located telephoneNumber Telephone number associated with the local part teletexTerminalIdentifier Identifier for a telex termi...

Страница 80: ...ined in RFC 1274 Superior Class top OID 0 9 2342 19200300 100 4 7 Required Attributes Allowed Attributes objectClass Defines the object classes for the entry cn commonName Common name of the room description Text description of the room roomNumber The room s number seeAlso URL to information relevant to the room telephoneNumber The room s telephone number ...

Страница 81: ...n Used to store a user s certificate entry in the directory This object class is defined in RFC 2256 Superior Class top OID 2 5 6 15 Required Attributes objectClass Defines the object classes for the entry userCertificate Stores a user s certificate usually in binary form ...

Страница 82: ...bute when an entry s principal object classes do not allow userPassword as an attribute type Reserved for future use This object class is defined in RFC 1274 Superior Class top OID 0 9 2342 19200300 100 4 19 Required Attributes objectClass Defines the object classes for the entry userPassword Password with which the entry can bind to the directory ...

Страница 83: ... and OID abstract Definition Provides an abstract of a document entry This attribute is defined in Internet White Pages Pilot Syntax DirectoryString multi valued OID 0 9 2342 19200300 102 1 9 aliasedObjectName Definition Used by the Directory Server to identify alias entries in the directory Contains the distinguished name of the entry for which it is an alias For example aliasedObjectName cn jdoe...

Страница 84: ...istinguished name c US o Example Corporation would have an associated domain of EC US Note that all domains should be represented in rfc822 order For example associatedDomain US This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 37 associatedName Definition Specifies an entry in the organizational directory tree associated with a DNS domain For ex...

Страница 85: ...und file For example audio AAAAAA This attribute is defined in RFC 1274 Syntax Binary multi valued OID 0 9 2342 19200300 100 1 55 authorCn Definition Contains the common name of the author of a document entry For example authorCn Kacey This attribute is defined in Internet White Pages Pilot Syntax DirectoryString multi valued OID 0 9 2342 19200300 102 1 11 ...

Страница 86: ... multi valued OID 0 9 2342 19200300 102 1 12 authorityRevocationList Definition Contains a list of CA certificates that have been revoked This attribute is to be stored and requested in the binary form as authorityRevocationList binary For example authorityrevocationlist binary AAAAAA This attribute is defined in RFC 2256 Syntax Binary multi valued OID 2 5 4 38 buildingName Definition Defines the ...

Страница 87: ...the type of business in which the entry is engaged This should be a broad generalization such as the corporate division level For example businessCategory Engineering This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 15 c countryName Definition Contains the two character code representing country names as defined by ISO in the directory For example countryName IE ...

Страница 88: ...ttribute is to be stored and requested in the binary form as cACertificate binary For example cacertificate binary AAAAAA This attribute is defined in RFC 2256 Syntax Binary multi valued OID 2 5 4 37 carLicense Definition Identifies the entry s automobile license plate number For example carLicense 6ABC246 This attribute is defined in RFC 2798 Syntax DirectoryString multi valued OID 2 16 840 1 113...

Страница 89: ...valued OID 2 5 4 39 cn commonName Definition Identifies the name of an object in the directory When the object corresponds to a person the cn is typically the person s full name When identifying the entry s common name or full name commonName Bill Anderson or cn Bill Anderson When in reference to LDAPReplica or LDAPServer object classes commonName replicater example com 17430 o 3Dexample 2Cc 3us o...

Страница 90: ...untry name For example friendlyCountryName Ireland or co Ireland This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 43 cosAttribute Description Provides the name of the attribute for which you want to generate a value You can specify more than one cosAttribute value This attribute is used by all types of CoS definition entries This attribute is de...

Страница 91: ...he attribute value when CoS templates compete to provide an attribute value This attribute represents the global priority of a particular template A priority of zero is the highest priority This attribute is defined in Directory Server Syntax INTEGER single valued OID 2 16 840 1 113730 3 1 569 cosSpecifier Description Specifies the attribute value used by a classic CoS which along with the templat...

Страница 92: ...tribute is defined in Directory Server Syntax DirectoryString single valued OID 2 16 840 1 113730 3 1 552 cosTemplateDn Definition The DN of the template entry which contains a list of the shared attribute values Changes to the template entry attribute values are automatically applied to all the entries within the scope of the CoS A single CoS might have more than one template entry associated wit...

Страница 93: ...nary For example crosscertificatepair binary AAAAAA This attribute is defined in RFC 2256 Syntax Binary multi valued OID 2 5 4 40 dc domainComponent Definition Specifies one component of a domain name For example domainComponent example or dc example This attribute is defined in RFC 2247 Syntax DirectoryString single valued OID 0 9 2342 19200300 100 1 25 ...

Страница 94: ...tmentNumber Definition Identifies the entry s department number For example departmentNumber 2604 This attribute is defined in RFC 2798 Syntax DirectoryString multi valued OID 2 16 840 1 113730 3 1 2 description Definition Provides a human readable description of the object For people and organization this often includes their role or work assignment For example description Quality control inspect...

Страница 95: ...w Ohio USA This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 27 displayName Definition Preferred name of a person to be used when displaying entries Especially useful in displaying a preferred name for an entry within a one line summary list Since other attribute types such as cn are multivalued they can not be used to display a preferred name For example displayN...

Страница 96: ...ividual s place of work changes and the individual acquires a new organizational DN For example ditRedirect cn jdoe o example com This attribute is defined in RFC 1274 Syntax DN OID 0 9 2342 19200300 100 1 54 dmdName Definition The value of this attribute specifies a directory management domain DMD the administrative authority which operates the Directory Server This attribute is defined in RFC 22...

Страница 97: ... 4 49 dNSRecord Definition Specifies DNS resource records including type A Address type MX Mail Exchange type NS Name Server and type SOA Start of Authority resource records For example dNSRecord IN NS ns uu net This attribute is defined in Internet directory pilot Syntax IA5String multi valued OID 0 9 2342 19200300 100 1 26 documentAuthor Definition Contains the distinguished name of the author o...

Страница 98: ...fies a unique identifier for a document For example documentIdentifier L3204REV1 This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 11 documentLocation Definition Defines the location of the original copy of a document entry For example documentLocation Department Library This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OI...

Страница 99: ...4 Syntax DirectoryString single valued OID 0 9 2342 19200300 100 1 56 documentStore Definition Not defined here This attribute is defined in Internet White Pages Pilot Syntax DirectoryString multi valued OID 0 9 2342 19200300 102 1 10 documentTitle Definition Contains the title of a document entry For example documentTitle Netscape Directory Server Administrator s Guide This attribute is defined i...

Страница 100: ... document entry For example documentVersion 1 1 This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 13 drink favoriteDrink Definition Describes the favorite drink of a person entry For example drink soda or favouriteDrink soda This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 5 ...

Страница 101: ...le dSAQuality high This attribute is defined in RFC 1274 Syntax DirectoryString single valued OID 0 9 2342 19200300 100 1 49 employeeNumber Definition Identifies the entry s employee number For example employeeNumber 3440 This attribute is defined in RFC 2798 Syntax DirectoryString single valued OID 2 16 840 1 113730 3 1 3 employeeType Definition Identifies the entry s type of employment For examp...

Страница 102: ...ients when construcing search filters For example enhancedSearchGuide uid mhughes This attribute is defined in RFC 2798 Syntax DirectoryString multi valued OID 2 5 4 47 fax facsimileTelephoneNumber Definition Identifies the fax number at which the entry can be reached Abbreviation fax For example facsimileTelephoneNumber 1 415 555 1212 or fax 1 415 555 1212 This attribute is defined in RFC 2256 Sy...

Страница 103: ...earing in the suffix For example generationqualifier III This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 44 givenName Definition Identifies the entry s given name usually a person s first name For example givenName Hecuba This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 42 ...

Страница 104: ...ss This field is intended to include multiple lines but each line within the entry should be separated by a dollar sign To represent an actual dollar sign or backslash within this text use the escaped hex values 24 and 5c respectively To identify an entry s home mailing address homePostalAddress 1234 Ridgeway Drive Santa Clara CA 99555 Additionally to represent the string The dollar value can be f...

Страница 105: ...ter For example host mozilla This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 9 houseIdentifier Definition Identifes a building in a location For example houseIdentifier B105 This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 51 ...

Страница 106: ...r example info not valid This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 4 initials Definition Identifies the entry s initials Does not identify the entry s surname For example initials BFA This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 43 internationalISDNNumber Definition Contains the ISDN number of the en...

Страница 107: ...e of U K users unfamiliar with rfc822 mail addresses Entries using this attribute must also include an rfc822Mailbox attribute This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 46 jpegPhoto Definition Contains a JPEG photo of the entry For example jpegPhoto AAAAAA This attribute is defined in RFC 2798 Syntax Binary multi valued OID 0 9 2342 19200...

Страница 108: ...ntax DirectoryString multi valued OID 0 9 2342 19200300 102 1 7 knowledgeInformation Definition This attribute is no longer used This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 2 l localityName Definition Identifies the county city or other geographical area in which the entry is located or with which it is in some other way associated For example localityName S...

Страница 109: ...rrently only URLs are supported optionally followed by one or more space characters and a label For example labeledURI http home example com labeledURI http home example com iNetscape website This attribute is defined in RFC 2079 Syntax IA5String multi valued OID 1 3 6 1 4 1 250 1 57 lastModifiedBy Definition Specifies the distinguished name of the last user to modify the associated entry For exam...

Страница 110: ...stModifiedTime Thursday 22 Sep 93 14 15 00 GMT This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 23 mail Definition Identifies a user s primary email address the email address retrieved and displayed by white pages lookup applications For example mail banderson example com This attribute is defined in RFC 1274 Syntax DirectoryString multi valued ...

Страница 111: ... The absence of this attribute for a person should be interpreted as if the attribute was present with value no list inclusion This attribute should be interpreted by anyone using the directory to derive mailing lists and its value respected For example mailPreferenceOption 0 This attribute is defined in RFC 1274 Syntax INTEGER single valued OID 0 9 2342 19200300 100 1 47 manager Definition Identi...

Страница 112: ...ltiple ou AVAs A matching DN must contain those same ou AVAs in the same order although it may contain other AVAs including other ou AVAs interspersed For any other attribute type not ou there should be at most one AVA of that type in the description If there are several all but the last are ignored A matching DN must contain that same AVA but no other AVA of the same type nearer the root later sy...

Страница 113: ...ory Server Syntax IA5String multi valued OID 2 16 840 1 113730 3 1 199 memberURL Definition Identifies a URL associated with each member of a group Any type of labeled URL can be used For example memberURL ldap cn jdoe o example com This attribute is defined in Directory Server Syntax IA5String multi valued OID 2 16 840 1 113730 3 1 198 mobile Definition Identifies the entry s mobile or cellular p...

Страница 114: ...bute subtyping This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 41 nsLicensedFor Definition Identifies the Netscape server the user is licensed to use The Netscape Administration Server expects each nsLicenseUser entry to contain zero or more instances of this attribute Valid keywords for this attribute are currently mail the user is a licensed client of the Nets...

Страница 115: ...ration Services Syntax DirectoryString multi valued OID 2 16 840 1 113730 3 1 38 nsLicenseStartTime Definition Reserved for future use This attribute is defined in Netscape Administration Services Syntax DirectoryString multi valued OID 2 16 840 1 113730 3 1 37 ntUserDomainId Definition Identifies the Windows security domain name and user name of the entry in the nt_domain_name nt_username format ...

Страница 116: ...the name of the organization For example organizationName Example Corporation Inc or o Example Corporation Inc This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 10 objectClass Definition Specifies the object classes of the object Must include the object For example objectClass person This attribute is defined in RFC 2256 Syntax DirectoryString multi valued ...

Страница 117: ...DN multi valued OID 0 9 2342 19200300 102 1 4 obsoletesDocument Definition Contains the distinguished name of a document that is obsoleted by the document entry This attribute is defined in Internet White Pages Pilot Syntax DN multi valued OID 0 9 2342 19200300 102 1 3 organizationalStatus Definition Specifies a category by which a person is often referred in an organization For example organizati...

Страница 118: ...ronic mailbox types other than X 400 and rfc822 For example otherMailbox internet jdoe example com This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 22 ou organizationUnitName Definition Identifies the name of an organizational unit For example organizationUnitName Marketing or ou Marketing This attribute is defined in RFC 2256 Syntax DirectorySt...

Страница 119: ...ohn Smith o Example Corporation c US This attribute is defined in RFC 2256 Syntax DN multi valued OID 2 5 4 32 pager Definition Identifies the entry s pager phone number Abbreviation pager For example pagerTelephoneNumber 415 555 6789 or pager 415 555 6789 This attribute is defined in RFC 1274 Syntax TelephoneNumber multi valued OID 0 9 2342 19200300 100 1 42 ...

Страница 120: ...ned in RFC 1274 Syntax Binary multi valued OID 0 9 2342 19200300 100 1 53 personalTitle Definition Specifies a personal title for a person Examples of personal titles are Ms Dr Prof and Rev For example personalTitle Mr This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 40 photo Definition Contains a photo in binary form of the entry For example ...

Страница 121: ... Santa Clara This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 19 postalAddress Definition Identifies the entry s mailing address This field is intended to include multiple lines When represented in LDIF format each line should be separated by a dollar sign To represent an actual dollar sign or backslash within this text use the escaped hex values 24 and 5c respec...

Страница 122: ...ued OID 2 5 4 16 postalCode Definition Identifies the entry s zip code in the United States For example postalCode 44224 This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 17 postOfficeBox Definition Specifies a postal mailing address For example postOfficeBox 1234 This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 18 ...

Страница 123: ...en or spoken language The value for this attribute should conform to the syntax for HTTP Accept Language header values This attribute is defined in RFC 2798 Syntax DirectoryString single valued OID 2 16 840 1 113730 3 1 39 presentationAddress Definition Contains an OSI presentation address for the entry The presentation address consists of an OSI Network Address and up to three selectors one each ...

Страница 124: ...additional information to the OSO network service This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 48 ref Description Used in LDAPv3 to support smart referrals Contains an LDAP URL in the format ldap servername portnumber dn The portnumber is optional For example ref ldap server example com 389 ou People o example com This attribute is defined in LDAPv3 referrals...

Страница 125: ...cipient s signature is usually required on delivery This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 26 roleOccupant Definition Contains the distinguished name of the person acting in the role defined in the organizationalRole entry For example roleOccupant cn jdoe o example com This attribute is defined in RFC 2256 Syntax DN multi valued OID 2 5 4 33 ...

Страница 126: ...ti valued OID 0 9 2342 19200300 100 1 6 searchGuide Definition Specifies information for a suggested search criteria when using the entry as the base object in the directory tree for a search operation When constructing search filters use enhancedSearchGuide instead This attribute is defined in RFC 2256 Syntax IA5String multi valued OID 2 5 4 14 secretary Definition Identifies the entry s secretar...

Страница 127: ...try that may contain information related to this entry For example seeAlso cn Quality Control Inspectors ou manufacturing o example com This attribute is defined in RFC 2256 Syntax DN multi valued OID 2 5 4 34 serialNumber Definition Specifies the serial number of a device For example serialNumber 555 1234 AZ This attribute is defined in RFC 2256 Syntax DirectoryString multi valued ...

Страница 128: ...diately below in the DIT This attribute is defined in RFC 1274 Syntax DirectoryString single valued OID 0 9 2342 19200300 100 1 50 sn surname Definition Identifies the entry s surname also referred to as last name or family name For example surname Anderson or sn Anderson This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 4 ...

Страница 129: ...eOrProvinceName California or st California This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 8 street Definition Identifies the entry s house number and street name For example streetAddress 1234 Ridgeway Drive or street 1234 Ridgeway Drive This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 9 ...

Страница 130: ...ilot Syntax DirectoryString multi valued OID 0 9 2342 19200300 102 1 8 subtreeMaximumQuality Definition Specifies the purported maximum data quality for a DIT subtree This attribute is defined in RFC 1274 Syntax DirectoryString single valued OID 0 9 2342 19200300 100 1 52 subtreeMinimumQuality Definition Specifies the purported minimum data quality for a DIT subtree This attribute is defined in RF...

Страница 131: ...s binary For example supportedAlgorithms AAAAAA This attribute is defined in RFC 2256 Syntax Binary multi valued OID 2 5 4 52 supportedApplicationContext Definition This attribute contains the identifiers of OSI application contexts This attribute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 30 telephoneNumber Definition Identifies the entry s phone number ...

Страница 132: ...x param ttx term printablestring ttx param ttx key ttx value ttx key graphic control misc page private ttx value octetstring In the above the first printable string is the encoding of the first portion of the teletex terminal identifier to be encoded and the subsequent 0 or more octetstrings are subsequent portions of the teletex terminal identifier This attribute is defined in RFC 2256 Syntax Dir...

Страница 133: ...ibute is defined in RFC 2256 Syntax DirectoryString multi valued OID 2 5 4 21 textEncodedORAddress Definition Defines the text encoded Originator Recipient X 400 address of the entry as defined in RFC987 For example textEncodedORAddress S doe OU eng O example ADMD telemail C us This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 2 title Definition ...

Страница 134: ...ry should be considered valid Once the specified time has elapsed the information is considered out of date A value of zero 0 indicates that the entry should not be cached Abbreviation ttl For example timeToLive 120 or ttl 120 This attribute is defined in LDAP Caching Internet Draft Syntax DirectoryString multi valued OID 1 3 6 1 4 1 250 1 60 uid userID Definition Identifies the entry s userid usu...

Страница 135: ...ce of a reference to a distinguished name that has been deleted This attribute is assigned by the server For example uniqueIdentifier AAAAAA This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 44 uniqueMember Definition Identifies a group of names associated with an entry where each name was given a uniqueIdentifier to ensure its uniqueness A value...

Страница 136: ...rnet White Pages Pilot Syntax DN multi valued OID 0 9 2342 19200300 102 1 6 updatesDocument Definition Contains the distinguished name of a document for which this document is an updated version This attribute is defined in Internet White Pages Pilot Syntax DN multi valued OID 0 9 2342 19200300 102 1 5 userCertificate Definition This attribute is to be stored and requested in the binary form as us...

Страница 137: ...ay be more applicable For example userClass intern This attribute is defined in RFC 1274 Syntax DirectoryString multi valued OID 0 9 2342 19200300 100 1 8 userPassword Definition Identifies the entry s password and encryption method in the following format encryption method encrypted password Transfer of cleartext passwords is strongly discouraged where the underlying transport service cannot guar...

Страница 138: ...binary form as userPKCS12 binary The attribute values are PFX PDUs stored as binary data This attribute is defined in RFC 2798 Syntax Binary multi valued OID 2 16 840 1 113730 3 1 216 userSMIMECertificate Definition Used by Netscape Communicator for S MIME This attribute is to be stored and requested in the binary form as userSMIMECertificte binary For example userSMIMECertificate binary AAAAAA Th...

Страница 139: ...256 Syntax IA5String multi valued OID 2 5 4 24 x500UniqueIdentifier Definition Reserved for future use A binary method of identification useful for differentiating objects when a distinguished name has been reused For example x500UniqueIdentifier AAAAAA This attribute is defined in RFC 2256 Syntax Binary multi valued OID 2 5 4 45 ...

Страница 140: ...140 Netscape Directory Server Schema Reference October 2004 ...

Страница 141: ...ss of the entry Operational attributes are only returned in an ldapsearch operation if specifically requested This chapter also provides definitions syntax and OIDs for some special attributes and object classes that are used by the server When an object class inherits attributes from other object classes the inherited attributes are shown in italics The attributes are listed by section then alpha...

Страница 142: ...95 aci Definition Used by the Directory Server to evaluate what rights are granted or denied when it receives an LDAP request from a client This attribute is defined in Directory Server Syntax IA5String multi valued OID 2 16 840 1 113730 3 1 55 altServer Definition The values of this attribute are URLs of other servers which may be contacted when this server becomes unavailable If the server does ...

Страница 143: ...within a subschema Each value describes a single attribute This attribute is defined in RFC 2252 Syntax DirectoryString multi valued OID 2 5 21 5 copiedFrom Definition Used by read only replica to recognize master data source Contains a reference to the server that holds the master data This attribute is only used for legacy replication It is not used for multi master replication This attribute is...

Страница 144: ...ectoryString single valued OID 2 16 840 1 113730 3 1 614 dITContentRules Definition Multi valued attribute that defines the DIT content rules which are in force within a subschema Each value defines one DIT content rule Each value is tagged by the object identifier of the structural object class to which it pertains This attribute is defined in RFC 2252 Syntax DirectoryString multi valued OID 2 5 ...

Страница 145: ...s the syntaxes implemented with each value corresponding to one syntax This attribute is defined in RFC 2252 Syntax DirectoryString multi valued OID 1 3 6 1 4 1 1466 101 120 16 matchingRules Definition Multi valued attribute that defines the matching rules used within a subschema Each value defines one matching rule This attribute is defined in RFC 2252 Syntax DirectoryString multi valued OID 2 5 ...

Страница 146: ...e is defined in RFC 2252 Syntax DirectoryString multi valued OID 2 5 21 7 namingContexts Definition Corresponds to a naming context the server is mastering or shadowing When the Directory Server does not master any information such as when it is an LDAP gateway to a public X 500 directory this attribute is absent When the Directory Server believes it contains the entire directory the attribute has...

Страница 147: ...entries that have a change conflict that cannot be resolved automatically by the replication process This attribute is defined in Directory Server Syntax DirectoryString multi valued OID 2 16 840 1 113730 3 1 973 nsRole Definition This attribute is a computed attribute that is not stored with the entry itself It identifies to which roles an entry belongs This attribute is defined in Directory Serv...

Страница 148: ...dRoleDefinition dn cn userA ou users o Netscape o example com objectclass top objectclass person sn uA userpassword secret nsroledn cn staff o Netscape o example com A nested role specifies containment of one or more roles of any type In that case nsRoleDN defines the DN of the contained roles For example dn cn everybody o Netscape o example com objectclass LDAPsubentry objectclass nsRoleDefinitio...

Страница 149: ...ntax INTEGER single valued OID 1 3 1 1 4 1 453 16 2 103 objectClasses Definition Multi valued attribute that defines the object classes used in a subschema Each value defines one object class This attribute is defined in RFC 2252 Syntax DirectoryString multi valued OID 2 5 21 6 passwordAllowChangeTime Definition Used to specify the length of time that must pass before the user is allowed to change...

Страница 150: ...tax pwdCheckSyntax Definition Specifies whether the password syntax will be checked before the password is saved The password syntax checking mechanism checks that the password meets or exceeds the password minimum length requirement and that the string does not contain any trivial words such as the user s name or ID or any attribute value stored in the uid cn sn givenName ou or mail attributes of...

Страница 151: ...passwordMaxAge pwdMaxAge attribute This attribute is defined in Directory Server Syntax DirectoryString single valued OID 2 16 840 1 113730 3 1 98 passwordExpirationTime Definition Used to specify the length of time that passes before the user s password expires This attribute is defined in Directory Server Syntax GeneralizedTime single valued OID 2 16 840 1 113730 3 1 91 passwordExpWarned Definit...

Страница 152: ...tribute is defined in Directory Server Syntax DirectoryString single valued OID 2 16 840 1 113730 3 1 999 passwordGraceUserTime Definition Used to count the number of attempts the user has made with the expired password This attribute is defined in Directory Server Syntax DirectoryString single valued OID 2 16 840 1 113730 3 1 998 passwordHistory Definition Contains the history of the user s previ...

Страница 153: ...y pwdInHistory attribute To prevent users from rapidly cycling through the number of passwords that you are tracking use the passwordMinAge attribute This attribute is defined in Directory Server Syntax Integer single valued OID 2 16 840 1 113730 3 1 101 passwordLockout pwdLockOut Definition Indicates whether users will be locked out of the directory after a given number of failed bind attempts By...

Страница 154: ...he directory by repeatedly trying to guess a user s password You enable and disable the account lockout feature using the passwordLockout pwdLockOut attribute This attribute is defined in Directory Server Syntax Integer single valued OID 2 16 840 1 113730 3 1 109 passwordMaxAge pwdMaxAge Definition Indicates the number of seconds after which user passwords will expire To use this attribute you mus...

Страница 155: ...ibute is defined in Directory Server Syntax Integer single valued OID 2 16 840 1 113730 3 1 106 passwordMinAge pwdMinAge Definition Indicates the number of seconds that must pass before a user can change his password Use this attribute in conjunction with the passwordInHistory pwdInHistory attribute to prevent users from quickly cycling through passwords so that they can use their old password aga...

Страница 156: ...Integer single valued OID 2 16 840 1 113730 3 1 99 passwordMustChange pwdMustChange Definition Indicates whether users must change their passwords when they first bind to the Directory Server or when the password has been reset by the Manager DN This attribute is defined in Directory Server Syntax DirectoryString single valued OID 2 16 840 1 113730 3 1 220 passwordResetFailureCount pwdFailureCount...

Страница 157: ...finition Used to count the number of consecutive failed attempts at entering the correct password This attribute is defined in Directory Server Syntax DirectoryString single valued OID 2 16 840 1 113730 3 1 93 passwordStorageScheme Definition Specifies the type of encryption used to store Directory Server passwords Entering the password in CLEAR for this attribute indicates that the password will ...

Страница 158: ...o break into the directory by repeatedly trying to guess a user s password If this passwordUnlock attribute is set to off and the operational attribute accountUnlockTime has a value of 0 then the account will be locked indefinitely This attribute is defined in Directory Server Syntax DirectoryString single valued OID 2 16 840 1 113730 3 1 108 passwordWarning pwdExpireWarning Definition Indicates l...

Страница 159: ...ord policy This attribute is defined in Directory Server Syntax DirectoryString single valued OID 2 16 840 1 113730 3 1 997 retryCountResetTime Definition Specifies the length of time that passes before the passwordRetryCount is reset This attribute is defined in Directory Server Syntax DirectoryString single valued OID 2 16 840 1 113730 3 1 94 subschemaSubentry Definition DN of an entry that cont...

Страница 160: ...he server When the server does not support controls this attribute is absent This attribute is defined in RFC 2252 Syntax DirectoryString multi valued OID 1 3 6 1 4 1 1466 101 120 13 supportedExtension Definition The values of this attribute are the object identifiers OIDs that identify the supported extended operations supported by the server When the server does not support extensions this attri...

Страница 161: ...4 1 1466 101 120 15 supportedSASLMechanisms Definition Identifies the names of supported SASL mechanisms supported by the server When the server does not support SASL attributes this attribute is absent This attribute is defined in RFC 2252 Syntax DirectoryString multi valued OID 1 3 6 1 4 1 1466 101 120 14 Special Attributes changes Description Contains the changes made to the entry for add and m...

Страница 162: ...ute is defined in Changelog Internet Draft Syntax DN multi valued OID 2 16 840 1 113730 3 1 35 changeNumber Description This single valued attribute is always present It contains an integer which uniquely identifies each change made to a directory entry This number is related to the order in which the change occurred The higher the number the later the change This attribute is defined in Changelog...

Страница 163: ... 1 113730 3 1 77 changeType Description Specifies the type of LDAP operation This attribute can have one of the following values add delete modify or modrdn For example changeType modify This attribute is defined in Changelog Internet Draft Syntax DirectoryString multi valued OID 2 16 840 1 113730 3 1 7 deleteOldRdn Description In the case of modrdn operations specifies whether the old RDN was del...

Страница 164: ...alued OID 2 16 840 1 113730 3 1 9 newSuperior Description In the case of modrdn operations specifies the newSuperior attribute of the entry This attribute is defined in Changelog Internet Draft Syntax DN multi valued OID 2 16 840 1 113730 3 1 11 nsEncryptionAlgorithm Description Specifies the encryption cipher for the encrypted attribute s in the nsAttributeEncryption object class This attribute i...

Страница 165: ... Syntax Case Exact String single valued OID 2 16 840 1 113730 3 1 2064 nsSaslMapBaseDNTemplate Description Contains the search base DN template used in SASL identity mapping This attribute is defined in Directory Server Syntax Case Exact String single valued OID 2 16 840 1 113730 3 1 2065 nsSaslMapFilterTemplate Description Contains the search filter template used in SASL identity mapping This att...

Страница 166: ...is defined in Changelog Internet Draft Syntax DN multi valued OID 2 16 840 1 113730 3 1 6 Special Object Classes changeLogEntry Definition Used to represent changes made to the Directory Server You can configure Directory Server to maintain a change log that is compatible with the change log implemented in Directory Server 4 1x by enabling the Retro Change Log Plug in Each entry in the change log ...

Страница 167: ...arily to the changelog changeTime The time at which a change took place changeType The type of change performed on an entry targetDn The distinguished name of an entry added modified or deleted on a supplier server changes Changes made to the Directory Server deleteOldRdn A flag that defines whether the old Relative Distinguished Name RDN of the entry should be kept as a distinguished attribute of...

Страница 168: ...information for a user in the directory This object class is defined in Directory Server Superior Class top OID 2 16 840 1 113730 3 2 12 cn attributeName The common name of the attribute being encrypted nsEncryptionAlgorithm The encryption cipher used cn databaseName The name of the database where the attribute is stored nsSaslMapRegexString Contains a regular expression used to match SASL identit...

Страница 169: ...ctory again passwordAllowChangeTime Used to specify the length of time that must pass before the user is allowed to change their password passwordExpirationTime Used to specify the length of time that passes before the user s password expires passwordExpWarned Used to indicate that a password expiration warning has been sent to the user passwordGraceUserTime Used to specify the number of login att...

Страница 170: ...dITContentRules Defines the DIT content rules which are in force within a subschema dITStructureRules Defines the DIT structure rules which are in force within a subschema matchingRuleUse Indicates the attribute types to which a matching rule applies in a subschema matchingRules Defines the matching rules used within a subschema nameForms Defines the name forms used in a subschema objectClasses De...

Страница 171: ...21 50ns mcd config ldif 21 50ns mcd li ldif 21 50ns mcd mail ldif 21 50ns media ldif 21 50ns mlm ldif 21 50ns msg ldif 21 50ns netshare ldif 21 50ns news ldif 21 50ns proxy ldif 21 50ns value ldif 20 50ns wcal ldif 21 50ns web ldif 21 51ns calendar ldif 21 99user ldif 20 A abstract attribute 83 account object class 26 accountUnlockTime operational attribute 142 aci operational attribute 142 alias ...

Страница 172: ...cosSpecifier attribute 91 cosSuperDefinition object class 32 cosTargetTree attribute 92 cosTemplate object class 33 country object class 34 countryName attribute See c attribute crossCertificatePair attribute 93 D dc attribute 93 dcObject object class 35 default schema 19 deleteOldRdn attribute 163 deltaRevocationList attribute 94 departmentNumber attribute 94 description attribute 94 destinationI...

Страница 173: ...alAddress attribute 104 homeTelephoneNumber attribute See homePhone attribute host attribute 105 houseIdentifier attribute 105 I inetOrgPerson object class 50 info attribute 106 initials attribute 106 internationalISDNNumber attribute 106 J janetMailbox attribute 107 jpegPhoto attribute 107 K keyWords attribute 108 knowledgeInformation attribute 108 L l attribute 108 labeledURI attribute 109 label...

Страница 174: ...lMapFilterTemplate 165 nsSaslMapping 168 nsSaslMapRegexString 165 nsSimpleRoleDefinition object class 63 ntUserDomainId attribute 115 numSubordinates operational attribute 149 O o attribute 116 object class allowed attributes 16 defined 16 inheritance 17 required attributes 16 object identifiers OIDs 21 base OID for Directory Server 21 base OID for Netscape 21 base OID for Netscape defined attribu...

Страница 175: ...rational attribute 152 passwordGraceUserTime operational attribute 152 passwordHistory operational attribute 152 passwordInHistory operational attribute 153 passwordLockout operational attribute 153 passwordLockoutDuration operational attribute 154 passwordMaxAge operational attribute 154 passwordMaxFailure operational attribute 155 passwordMinAge operational attribute 155 passwordMinLength operat...

Страница 176: ...ribute 129 streetAddress attribute See street attribute strongAuthenticationUser object class 81 subject attribute 130 subschema object class 169 subschemaSubentry operational attribute 159 subtreeMaximumQuality attribute 130 subtreeMinimumQuality attribute 130 supported schema 19 supportedAlgorithms attribute 131 supportedApplicationContext attribute 131 supportedControl operational attribute 160...

Страница 177: ...Index 177 userPKCS12 attribute 138 userSMIMECertificate attribute 138 X x121Address attribute 139 x500UniqueIdentifier attribute 139 ...

Страница 178: ...178 Netscape Directory Server Schema Reference October 2004 ...

Результаты поиска

Содержание NETSCAPE DIRECTORY SERVER 7.0

Отзывы:

Похожие инструкции для NETSCAPE DIRECTORY SERVER 7.0

Бренды по названию

Популярные бренды

Netscape NETSCAPE DIRECTORY SERVER 7.0, Справочник

Результаты поиска

Содержание NETSCAPE DIRECTORY SERVER 7.0

Отзывы:

Похожие инструкции для NETSCAPE DIRECTORY SERVER 7.0

Бренды по названию

Популярные бренды