Network Working Group K. Zeilenga, Ed. Request for Comments: 4524 OpenLDAP Foundation Obsoletes: 1274 June 2006 Updates: 2247, 2798 Category: Standards Track COSINE LDAP/X.500 Schema Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This document provides a collection of schema elements for use with the Lightweight Directory Access Protocol (LDAP) from the COSINE and Internet X.500 pilot projects. This document obsoletes RFC 1274 and updates RFCs 2247 and 2798. Table of Contents 1. Introduction ....................................................3 1.1. Relationship to Other Documents ............................3 1.2. Terminology and Conventions ................................4 2. COSINE Attribute Types ..........................................4 2.1. associatedDomain ...........................................4 2.2. associatedName .............................................5 2.3. buildingName ...............................................5 2.4. co .........................................................5 2.5. documentAuthor .............................................6 2.6. documentIdentifier .........................................6 2.7. documentLocation ...........................................6 2.8. documentPublisher ..........................................7 2.9. documentTitle ..............................................7 2.10. documentVersion ...........................................7 2.11. drink .....................................................8 2.12. homePhone .................................................8 2.13. homePostalAddress .........................................8 Zeilenga Standards Track [Page 1] RFC 4524 COSINE LDAP/X.500 Schema June 2006 2.14. host ......................................................9 2.15. info ......................................................9 2.16. mail ......................................................9 2.17. manager ..................................................10 2.18. mobile ...................................................10 2.19. organizationalStatus .....................................11 2.20. pager ....................................................11 2.21. personalTitle ............................................11 2.22. roomNumber ...............................................12 2.23. secretary ................................................12 2.24. uniqueIdentifier .........................................12 2.25. userClass ................................................13 3. COSINE Object Classes ..........................................13 3.1. account ...................................................13 3.2. document ..................................................14 3.3. documentSeries ............................................14 3.4. domain ....................................................15 3.5. domainRelatedObject .......................................16 3.6. friendlyCountry ...........................................16 3.7. rFC822LocalPart ...........................................17 3.8. room ......................................................18 3.9. simpleSecurityObject ......................................18 4. Security Considerations ........................................18 5. IANA Considerations ............................................19 6. Acknowledgements ...............................................20 7. References .....................................................20 7.1. Normative References ......................................20 7.2. Informative References ....................................21 Appendix A. Changes since RFC 1274 ...............................23 A.1. LDAP Short Names .........................................23 A.2. pilotObject ..............................................23 A.3. pilotPerson ..............................................23 A.4. dNSDomain ................................................24 A.5. pilotDSA and qualityLabelledData .........................24 A.6. Attribute Syntaxes .......................................24 Appendix B. Changes since RFC 2247 ...............................24 Zeilenga Standards Track [Page 2] RFC 4524 COSINE LDAP/X.500 Schema June 2006 1. Introduction In the late 1980s, X.500 Directory Services were standardized by the CCITT (Commite' Consultatif International de Telegraphique et Telephonique), now a part of the ITU (International Telephone Union). This lead to Directory Service piloting activities in the early 1990s, including the COSINE (Co-operation and Open Systems Interconnection in Europe) PARADISE Project pilot [COSINEpilot] in Europe. Motivated by needs for large-scale directory pilots, RFC 1274 was published to standardize the directory schema and naming architecture for use in the COSINE and other Internet X.500 pilots [RFC1274]. In the years that followed, X.500 Directory Services have evolved to incorporate new capabilities and even new protocols. In particular, the Lightweight Directory Access Protocol (LDAP) [RFC4510] was introduced in the early 1990s [RFC1487], with Version 3 of LDAP introduced in the late 1990s [RFC2251] and subsequently revised in 2005 [RFC4510]. While much of the material in RFC 1274 has been superceded by subsequently published ITU-T Recommendations and IETF RFCs, many of the schema elements lack standardized schema descriptions for use in modern X.500 and LDAP directory services despite the fact that these schema elements are in wide use today. As the old schema descriptions cannot be used without adaptation, interoperability issues may arise due to lack of standardized modern schema descriptions. This document addresses these issues by offering standardized schema descriptions, where needed, for widely used COSINE schema elements. 1.1. Relationship to Other Documents This document, together with [RFC4519] and [RFC4517], obsoletes RFC 1274 in its entirety. [RFC4519] replaces Sections 9.3.1 (Userid) and 9.3.21 (Domain Component) of RFC 1274. [RFC4517] replaces Section 9.4 (Generally useful syntaxes) of RFC 1274. This document replaces the remainder of RFC 1274. Appendix A discusses changes since RFC 1274, as well as why certain schema elements were not brought forward in this revision of the COSINE schema. All elements not brought are to be regarded as Historic. The description of the 'domain' object class provided in this document supercedes that found in RFC 2247. That is, Section 3.4 of this document replaces Section 5.2 of [RFC2247]. Zeilenga Standards Track [Page 3] RFC 4524 COSINE LDAP/X.500 Schema June 2006 Some of the schema elements specified here were described in RFC 2798 (inetOrgPerson schema). This document supersedes these descriptions. This document, together with [RFC4519], replaces Section 9.1.3 of RFC 2798. 1.2. Terminology and Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119]. DIT stands for Directory Information Tree. DN stands for Distinguished Name. DSA stands for Directory System Agent, a server. DSE stands for DSA-Specific Entry. DUA stands for Directory User Agent, a client. These terms are discussed in [RFC4512]. Schema definitions are provided using LDAP description formats [RFC4512]. Definitions provided here are formatted (line wrapped) for readability. 2. COSINE Attribute Types This section details COSINE attribute types for use in LDAP. 2.1. associatedDomain The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181] host names [RFC1123] that are associated with an object. That is, values of this attribute should conform to the following ABNF: domain = root / label *( DOT label ) root = SPACE label = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ] LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z" SPACE = %x20 ; space (" ") HYPHEN = %x2D ; hyphen ("-") DOT = %x2E ; period (".") For example, the entry in the DIT with a DN might have an associated domain of "example.com". ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) Zeilenga Standards Track [Page 4] RFC 4524 COSINE LDAP/X.500 Schema June 2006 The IA5String (1.3.6.1.4.1.1466.115.121.1.26) syntax and the 'caseIgnoreIA5Match' and 'caseIgnoreIA5SubstringsMatch' rules are described in [RFC4517]. Note that the directory will not ensure that values of this attribute conform to the production provided above. It is the application's responsibility to ensure that domains it stores in this attribute are appropriately represented. Also note that applications supporting Internationalized Domain Names SHALL use the ToASCII method [RFC3490] to produce