Netscape Directory Server 6.01 Schema Reference

Schema Reference

Netscape Directory Server

Version6.01

January 2002

Netscape Communications Corporation ("Netscape") and its licensors retain all ownership rights to the software programs offered by
Netscape (referred to herein as "Software") and related documentation. Use of the Software and related documentation is governed
by the licenseagreement for the Software and applicable copyright law.

Your right to copy this documentation is limited by copyright law. Making unauthorized copies, adaptations or compilation works is
prohibited and constitutes a punishable violation of the law. Netscape may revise this documentation from time to time without
notice.

THIS DOCUMENTATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN NO EVENT SHALL NETSCAPE BE
LIABLE FOR INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND ARISING FROM ANY
ERROR IN THIS DOCUMENTATION, INCLUDING WITHOUT LIMITATION ANY LOSS OR INTERRUPTION OF BUSINESS,
PROFITS, USE, OR DATA.

The Software and documentation are copyright © 2001 Sun Microsystems, Inc. Portions copyright 1999, 2002 Netscape
CommunicationsCorporation. All rights reserved.

Portions of the Software copyright © 1995 PEER Networks, Inc. All rights reserved. The Software contains the Taligent International
Classes from Taligent, Inc. and IBM Corp. Portions of the Software copyright ©1992-1998 Regents of the University of Michigan. All
rights reserved. The software contains encryption software from RSA Security Inc. Copyright © 1994 RSA Data Security, Inc. All
rights reserved.

Netscape and the Netscape N logo are registered trademarks of Netscape Communications Corporation in the United States and
other countries. Other Netscape logos, product names, and service names are also trademarks of Netscape Communications
Corporation, which may be registered in other countries. Other product and brand names are the exclusive property of their
respective owners.

The downloading, exporting, or reexporting of Netscape software or any underlying information or technology must be in full
compliance with all United States and other applicable laws and regulations. Any provision of Netscape software or documentation
to the U.S. government is with restricted rights as described in the license agreement for that Software.

Contents

PurposeofThisGuide ................................................................... 9

DirectoryServerOverview .............................................................. 10

ContentsofThisGuide ................................................................. 10

PrerequisiteReading ................................................................... 11

ConventionsUsedinThisBook .......................................................... 11

RelatedInformation .................................................................... 12

Chapter 1 AboutSchema ......................................................13

SchemaDefinition...................................................................... 13

ObjectClasses....................................................................... 14

RequiredandAllowedAttributes ................................................... 14

ObjectClassInheritance ........................................................... 14

Attributes .......................................................................... 15

AttributeSyntax .................................................................. 15

Single-ValuedandMulti-ValuedAttributes .......................................... 17

SchemaSupportedbyDirectoryServer6.x ................................................ 17

ObjectIdentifiers(OIDs) ................................................................ 19

ExtendingServerSchema ............................................................... 20

SchemaChecking ...................................................................... 20

Chapter 2 ObjectClassReference...............................................21

account ............................................................................... 22

alias .................................................................................. 23

cosClassicDefinition .................................................................... 24

cosDefinition .......................................................................... 25

cosIndirectDefinition ................................................................... 26

cosPointerDefinition.................................................................... 27

cosSuperDefinition ..................................................................... 28

cosTemplate ........................................................................... 29

country ............................................................................... 30

3

dcObject .............................................................................. 31

device ................................................................................ 32

document .............................................................................33

documentSeries ........................................................................ 35

domain ............................................................................... 36

domainRelatedObject ................................................................... 38

dSA .................................................................................. 39

extensibleObject ....................................................................... 40

friendlyCountry ....................................................................... 41

groupOfCertificates ....................................................................42

groupOfNames ........................................................................ 43

groupOfUniqueNames.................................................................. 44

groupOfURLs ......................................................................... 45

inetOrgPerson ......................................................................... 46

labeledURIObject ...................................................................... 49

locality ............................................................................... 50

newPilotPerson ........................................................................ 51

nsComplexRoleDefinition ............................................................... 53

nsFilteredRoleDefinition ................................................................ 54

nsLicenseUser ......................................................................... 55

nsManagedRoleDefinition............................................................... 56

nsNestedRoleDefinition................................................................. 57

nsRoleDefinition ....................................................................... 58

nsSimpleRoleDefinition ................................................................. 59

organization........................................................................... 60

organizationalPerson ................................................................... 62

organizationalRole ..................................................................... 64

organizationalUnit ..................................................................... 66

person ................................................................................ 68

pilotObject ............................................................................ 69

pilotOrganization ...................................................................... 70

residentialPerson....................................................................... 72

RFC822LocalPart....................................................................... 74

room ................................................................................. 76

strongAuthenticationUser ............................................................... 77

simpleSecurityObject ................................................................... 78

Chapter 3 AttributeReference ................................................. 79

abstract ............................................................................... 79

aliasedObjectName ..................................................................... 79

associatedDomain...................................................................... 80

associatedName........................................................................ 80

audio .................................................................................81

4 Netscape Directory Server Schema Reference • January 2002

authorCn ............................................................................. 81

authorSn .............................................................................. 82

authorityRevocationList................................................................. 82

buildingName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

businessCategory ...................................................................... 83

c(countryName) ....................................................................... 83

cACertificate .......................................................................... 84

carLicense............................................................................. 84

certificateRevocationList ................................................................ 85

cn(commonName) .....................................................................85

co(friendlyCountryName) .............................................................. 86

cosAttribute ........................................................................... 86

cosIndirectSpecifier.....................................................................87

cosPriority ............................................................................ 87

cosSpecifier ........................................................................... 87

cosTargetTree ......................................................................... 88

cosTemplateDn ........................................................................ 88

crossCertificatePair..................................................................... 88

dc(domainComponent)................................................................. 89

deltaRevocationList .................................................................... 89

departmentNumber .................................................................... 90

description ............................................................................ 90

destinationIndicator .................................................................... 91

displayName .......................................................................... 91

dITRedirect ........................................................................... 92

dmdName ............................................................................ 92

dn(distinguishedName) ................................................................ 92

dNSRecord............................................................................ 93

documentAuthor....................................................................... 93

documentIdentifier..................................................................... 94

documentLocation ..................................................................... 94

documentPublisher..................................................................... 95

documentStore ........................................................................ 95

documentTitle ......................................................................... 95

documentVersion ...................................................................... 96

drink(favouriteDrink) .................................................................. 96

dSAQuality ........................................................................... 97

employeeNumber ...................................................................... 97

employeeType ......................................................................... 98

enhancedSearchGuide .................................................................. 98

fax(fascimileTelephoneNumber)......................................................... 98

generationQualifier..................................................................... 99

givenName............................................................................ 99

5

homePhone .......................................................................... 100

homePostalAddress ................................................................... 100

host ................................................................................. 101

houseIdentifier ....................................................................... 101

info ................................................................................. 102

initials ............................................................................... 102

internationalISDNNumber ............................................................. 102

janetMailbox ......................................................................... 103

jpegPhoto ............................................................................103

keyWords ............................................................................ 104

knowledgeInformation ................................................................ 104

l(localityName)....................................................................... 104

labeledURI ........................................................................... 105

lastModifiedBy ....................................................................... 105

lastModifiedTime ..................................................................... 106

mail ................................................................................. 106

mailPreferenceOption ................................................................. 107

manager ............................................................................. 107

member.............................................................................. 108

memberCertificateDescription .......................................................... 108

memberURL.......................................................................... 109

mobile ............................................................................... 109

name ................................................................................ 110

nsLicensedFor ........................................................................ 110

nsLicenseEndTime .................................................................... 111

nsLicenseStartTime.................................................................... 111

o(organizationName) ................................................................. 112

objectClass ........................................................................... 112

obsoletedByDocument ................................................................. 112

obsoletesDocument.................................................................... 113

organizationalStatus ................................................................... 113

otherMailbox ......................................................................... 114

ou(organizationUnitName) ............................................................ 114

owner ............................................................................... 114

pager ................................................................................115

personalSignature ..................................................................... 115

personalTitle ......................................................................... 116

photo................................................................................ 116

physicalDeliveryOfficeName ........................................................... 117

postalAddress ........................................................................ 117

postalCode ........................................................................... 118

postOfficeBox......................................................................... 118

preferredDeliveryMethod .............................................................. 118

6 Netscape Directory Server Schema Reference • January 2002

preferredLanguage .................................................................... 119

presentationAddress .................................................................. 119

protocolInformation ................................................................... 120

ref................................................................................... 120

registeredAddress..................................................................... 120

roleOccupant ......................................................................... 121

roomNumber......................................................................... 121

searchGuide .......................................................................... 122

secretary ............................................................................. 122

seeAlso .............................................................................. 122

serialNumber......................................................................... 123

singleLevelQuality .................................................................... 123

sn(surname) ......................................................................... 124

st(stateOrProvinceName) .............................................................. 124

street ................................................................................ 125

subject ............................................................................... 125

subtreeMaximumQuality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

subtreeMinimumQuality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

supportedAlgorithms.................................................................. 126

supportedApplicationContext .......................................................... 127

telephoneNumber..................................................................... 127

teletexTerminalIdentifier ............................................................... 127

telexNumber ......................................................................... 128

textEncodedORAddress................................................................ 128

title.................................................................................. 129

ttl(timeToLive) ....................................................................... 129

uid(userID) .......................................................................... 130

uniqueIdentifier ...................................................................... 130

uniqueMember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

updatedByDocument .................................................................. 131

updatesDocument..................................................................... 131

userCertificate ........................................................................ 132

userClass ............................................................................ 132

userPassword ........................................................................ 133

userPKCS12 .......................................................................... 133

userSMIMECertificate ................................................................. 134

x121Address ......................................................................... 134

x500UniqueIdentifier .................................................................. 134

Chapter 4 Operational Attributes, Special Attributes, and Special Object Classes . . . . . . 137

OperationalAttributes ................................................................. 137

accountUnlockTime ................................................................... 137

aci .................................................................................. 138

7

altServer ............................................................................. 138

attributeTypes ........................................................................ 139

copiedFrom .......................................................................... 139

copyingFrom ......................................................................... 139

dITContentRules ...................................................................... 140

dITStructureRules..................................................................... 140

ldapSyntaxes ......................................................................... 141

matchingRules........................................................................ 141

matchingRuleUse ..................................................................... 141

nameForms .......................................................................... 142

namingContexts ...................................................................... 142

nsds5replconflict ...................................................................... 143

nsRole ............................................................................... 143

nsRoleDn ............................................................................ 143

numSubordinates ..................................................................... 144

objectClasses ......................................................................... 145

passwordAllowChangeTime ........................................................... 145

passwordExpirationTime .............................................................. 145

passwordExpWarned.................................................................. 146

passwordHistory...................................................................... 146

passwordRetryCount .................................................................. 146

retryCountResetTime .................................................................. 147

subschemaSubentry ................................................................... 147

supportedControl ..................................................................... 148

supportedExtension ................................................................... 148

supportedLDAPVersion ............................................................... 148

supportedSASLMechanisms............................................................ 149

SpecialAttributes ..................................................................... 149

changes .............................................................................. 149

changeLog ........................................................................... 150

changeNumber ....................................................................... 150

changeTime .......................................................................... 150

changeType .......................................................................... 151

deleteOldRdn......................................................................... 151

newRdn ............................................................................. 151

newSuperior.......................................................................... 152

targetDn ............................................................................. 152

SpecialObjectClasses.................................................................. 153

changeLogEntry ...................................................................... 153

passwordObject....................................................................... 154

subschema ........................................................................... 155

Index ....................................................................... 157

8 Netscape Directory Server Schema Reference • January 2002

About This Reference Guide

Netscape Directory Server (Directory Server) 6.x is a powerful and scalable
distributed directory server based on the industry-standard Lightweight Directory
Access Protocol (LDAP). Directory Server is the cornerstone for building a
centralized and distributed data repository that can be used in your intranet, over
your extranet with your trading partners, or over the public Internet to reach your
customers.

This preface contains the following sections:

• Purpose of This Guide (page 9)

• Directory Server Overview (page 10)

• Contents of This Guide (page 10)

• Prerequisite Reading (page 11)

• Conventions Used in This Book (page 11)

• Related Information (page 12)

Purpose of This Guide

This Schema Reference guide describes the standard directory schema for Directory
Server, and lists all the object classes and attributes defined by the standard
schema. The information provided here is intended for the administrator who
manages and maintains the schema.

9

Directory Server Overview

Directory Server Overview

The major components of Directory Server include:

• An LDAP server—The core of the directory service, provided by the

daemon, and compliant with the LDAP v3 Internet standards.

• Directory Server Console—An improved management console that

dramatically reduces the effort of setting up and ma intaining your directory
service. The Directory Server Console is part of Netscape Console, the common
management framework for Netscape servers.

• SNMP Agent—Permits you to monitor your directory server in real time using

the Simple Network Management Protocol (SNMP).

• Online backu p and restore—Allows you to create backups and restore from

backups while the server is running.

Contents of This Guide

Chapter 1, “About Schema” provides an overview of some of the basic concepts of
the directory schema, a nd li sts the files in which the schema is described. It
describes object classes, attributes and Object Identifiers (OIDs), and briefly
discusses schema checking and extending server schema.

Chapter 2, “Object Class Reference” contains an alphabetical list of the object
classes accepted by the default schema. It gives a definition of each object class, and
gives the list of required and allowed attributes specific to the particular object
class. However, any mandatory and optional attributes inherited from superior
object classes are not listed.

ns-slapd

Chapter 3, “Attribute Reference” contains an alphabetic list of the standard
attributes. It gives a definition of each attribute, and gives the attribute syntax.

Chapter 4, “Operational Attributes, Special Attributes, and Special Object
Classes” contains operational attributes used by Directory Server. The chapter also

describes some special a ttributes and object classes that are used by the server.

10 Netscape Directory Server Schema Reference • January 2002

Prerequisite Reading

This guide describes the standard schema and the standard object classes and
attributes. However, this guide does not describe how to design, customize or
maintain your schema, nor does it give any information on replication. Those
concepts are described in the N ets cap e Directory Server Deployment Guid e.You
should read that book before continuing with this manual.

When you are familiar with directory server schema concepts, and have done some
preliminary planning for your directory service, you can install the Directory
Server. The instructions for installing the various Directory Server components are
contained in the Ne tsc a pe Directory Server Installation Guide.

Preliminary planning includes deciding how to represent the data you store. You
should chose predefined schema elements to meet as many of your needs as
possible. These predefined schema elements are listed in this guide.

Prerequisite Reading

Conventions Used in This Book

This section explains the conventions used in this book.

Monospaced font—Thistypefaceisusedforanytextthatappearsonthecomputer

screen or text that you should type. It is also used for filenames, functions, and
examples.

Throughout this book you will see path references of the form:

/usr/netscape/servers/slapd-

The /usr/netscape/servers directory is the default installation directory. If you
have installed the Directory Server in a different location, you should adapt the
path accordingly. serverID represents the server identifier you gave the server
when you installed it. For example, if you gave the server an identifier of

phonebook, then the actual path would be:

/usr/netscape/servers/slapd-phonebook/. . .

Schema files are stored in the /usr/netscape/servers/slapd-

directory.

All paths specified in this manual are i n UNIX format. If you are using a Windows
NT-based directory server, use equivalent paths.

serverID

/...

serverID

/config

About This Reference Guide 11

Related Information

Related Information

The document set for Directory Server also contains the following guides:

• Netscape Directo ry Server Installation Guide. Procedures for installing your

Directory Server as well as procedures for migrating your Directory Server.

• Netscape Directory Server Deployment Guide. Provides an overview for planning

your deployment of the Directory Server. Includes deployment examples.

• Netscape Directo ry Server Administrator’s Guide. Procedures for the day-to-day

maintenance of your directory server. Includes information on configuring
server-side plug-ins.

• Netscape Directory Server Configuration, Command, and File Reference.

Information about the command-line scripts, configuration attributes, and log
files shipped with Directory Server.

• Netscape Directo ry Server Plug-In Prog ramm er’s Guide. Describes how to write

server plug-ins in order to custom ize and extend the capabilities of Directory
Server.

For a list of documentation installed with Directory Server, open the

<server_root>/manual/en/slapd/index.htm file, where <server_root> is the

directory in which you installed Directory Server.
For the latest information about Directory Server, including current release notes,

complete product documentation, technical notes, and deployment information,
checkthissite:

http://enterprise.netscape.com/docs

12 Netscape Directory Server Schema Reference • January 2002

Chapter 1

About Schema

This chapter provides an overview of some of the basic concepts of the directory
schema, and lists the files in which the schema is described. It describes object
classes, attributes and object identifiers (OIDs), and briefly discusses extending
server schema and schema checking.

This chapter contains the following sections:

• Schema Definition (page 13)

• Schema Supported by Directory Server 6.x (page 17)

• Object Identifiers (OIDs) (page 19)

• Extending Server Schema (page 20)

• Schema Checking (page 20)

Schema Definition

The directory schema is a set of rules that defines how the data can be stored in the
directory. The data is stored in the form of directory entries. Each entry is a set o f
attributes and their values. Each entry must have an object class. The object class
specifies the kind of object the entry describes and defines the set of attributes it
contains.The schema defines the type of entries allowed, their attribute structure
and the syntax of the attributes.The schema can be modified and extended if it does
not meet your required needs.

To find detailed information about object classes, attributes, and how the Netscape
Directory Server (Directory Server) uses the schema, please refer to the

Directory Server Deployment Guide.

Netscape

13

Schema Definition

Object Classes

In LDAP, an object class defines the set of attributes that can be used to define an
entry. The LDAP standard provides some basic types of object classes, including:

• Groups, including unordered lists of individual objects or groups of objects.

• Locations, such as the country name and description.

• Organizations.

• People.

• Devices.

Required and Allowed Attributes

Every object class includes a number of required attributes and of allowed
attributes. Required attributes include the attributes that must be present in entries
using the object class. All entries require the objectClass attribute, which defines
the object classes assigned to the entry.

Allowed attributes include the attributes that may be present in entries using the
object class.

Example: Object Class = person

Required Attributes

object class
cn (common name)
sn (surname)

Allowed Attributes

description
seeAlso
telephoneNumber
userPassword

Object Class Inheritance

An entry can have more than one object class. For example, the entry for a person is
defined by the person object class, but may also be defined by attributes in the
inetOrgPerson, groupOfNames, and organization object classes.

14 Netscape Directory Server Schema Reference • January 2002

Schema Definition

The server’s object class structure determines the list of required and allowed
attributes for a particular entry. For example, a person entry is usually defined
with the following object class structure:

objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgperson

In this structure, the inetOrgperson inherits from the organizationalPerson and
person object classes. Therefore, when you assign the inetOrgperson object class to
an entry, it automatically inherits the required and allowed attributes from the
superior object class.

Attributes

Directory data is represented as attribute-value pairs. Any piece of information in
the directory is associated with a descriptive attribute.

For instance, the

commonName,orcn, attribute is used to store a person’s name. A

person named Jonas Salk can be represented in the directory as

cn: Jonas Salk

Each person entered in the directory can be defined by the collection of attributes
in the

inetorgperson object class. Other attributes used to define this entry could

include:

givenname: Jonas
surname: Salk
mail: jonass@example.com

Attribute Syntax

Each attribute has a syntax definition that describes the type of information
provided by the attribute.

Attribute syntax is used by the Directory Server to perform sorting and pattern
matching.

Table 1-1 lists the different syntax methods that can be applied to attributes, and
gives an OID and a definition for each syntax method.

Chapter 1 About Schema 15

Schema Definition

Table 1-1 Attribute Syntax

Syntax Method OID Definition

Binary 1.3.6.1.4.1.1466.115.121.1.5 Indicates that values for this attribute are binary
Boolean 1.3.6.1.4.1.1466.115.121.1.7 Indicates that this attribute has one of only two

values: True or False

Country String 1.3.6.1.4.1.1466.115.121.1.11 Indicates that values for this attribute are

limited to exactly two printable string

characters, for example US
DN 1.3.6.1.4.1.1466.115.121.1.12 Indicates that values for this attribute are DNs.
DirectoryString 1.3.6.1.4.1.1466.115.121.1.15 Indicates that values for this attribute are not

case sensitive
GeneralizedTime 1.3.6.1.4.1.1466.115.121.1.24 Indicates that values for this attribute are

encoded as printable strings. The time zone

must be specified. It is strongly recommended

to use GMT time.
IA5String 1.3.6.1.4.1.1466.115.121.1.26 Indicates that values for this attribute are case

sensitive.
INTEGER 1.3.6.1.4.1.1466.115.121.1.27 Indicates that valid values for this attribute are

numbers.
OctetString 1.3.6.1.4.1.1466.115.121.1.40 Same behavior as binary
Postal Address 1.3.6.1.4.1.1466.115.121.1.41 Indicates that values for this attribute are

encoded according to

postal-address = dstring * (“$”

dstring)

where each dstring component is encoded as a

value of type DirectoryString syntax.

Backslashes and dollar characters, if they occur,

are quoted, so that they will not be mistaken for

line delimiters. Many servers limit the postal

address to 6 lines of up to thirty characters. For

example:

1234 Main St.$Anytown, TX 1234$USA

TelephoneNumber 1.3.6.1.4.1.1466.115.121.1.50 Indicates that values for this attribute are in the

form of telephone numbers. It is recommended

to use telephone numbers in international form

16 Netscape Directory Server Schema Reference • January 2002

Schema Supported by Directory Server 6.x

Syntax Method OID Definition

URI indicates that the values for this attribute are in

the form of a URL, introduced by a string such
as http://, https://, ftp://, ldap://, ldaps://.
TheURIhas the same behavioras IA5String.See
RFC 2396.

Single-Valued and Multi-Valued Attributes

By default, m os t attributes are multi-valued. This means that an entry can contain
the same attribute with multiple values. For example,
are all attributes that can have more than one value. Attributes that are
single-valued—that is, only one instance of the attribute can be specified—are
noted as such. For example,

uidNumber can only have one possible value.

cn, tel and object class

Schema Supported by Directory Server 6.x

The schema provided with Directory Server 6.x is described in a set of files stored
in the

You can modify the schema by creating new object classes and attributes. These
modifications are stored in a separate file called
modify the standard files provided with the Directory Server, because you incur
the risk of breaking compatibility with other Netscape products, or of causing
interoperability problems with directory servers from vendors other than Netscape
Communications Corporation.

For more information about how the Directory Server stores information and
suggestions for planning directory schema, refer to the Netscape Directory S erv er
Deployment G ui de.

The following tables list the schema files that are provided with Directory Server.
Table 1-2 lists the schema files that are used by the Directory Server. Table 1-3 lists
the schema files that are used by other Netscape products.

Table 1-2 Schema Files used by Directory Server

/usr/netscape/servers/slapd-serverID/config directory.

99user.ldif. You should not

Schema Filename Purpose

00core.ldif Recommended core schema from the X.500 and LDAP

standards (RFCs), and schema used by the Directory
Server itself

Chapter 1 About Schema 17

Schema Supported by Directory Server 6.x

Schema Filename Purpose

05rfc2247.ldif Schema from RFC 2247 and related pilot schema

05rfc2927.ldif Schema from RFC 2927 "MIME Directory Profile for

10rfc2307.ldif Schema from RFC 2307 "An Approach for Using

20subscriber.ldif Common schema elements for Netscape-Nortel

25java-object.ldif Schema from RFC 2713 "Schema for Representing

28pilot.ldif Schema from the pilot RFCs, especially RFC 1274, that

30ns-common.ldif Common Netscape schema

"Using Domains in LDAP/X.500 Distinguished
Names"

LDAP Schema"

LDAP as a Network Information Service"

subscriber interoperability

Java(tm) Objects in an LDAP Directory"

is no longer recommended by Netscape for use in new
deployments.

50ns-directory.ldif Additional schema used by Directory Server 4.x
50ns-value.ldif Netscape servers "value item" schema
99user.ldif Customer modifications to the schema

Table 1-3 Schema Files used by other Netscape Products

Schema Filenames Purpose

50netscape-servicemgt.ldif Netscape service management schema elements
50ns-admin.ldif Schema used by Netscape Administration Server
50ns-calendar.ldif Netscape Calendar Server schema
50ns-certificate.ldif Schema for Netscape Certificate Management System
50ns-compass.ldif Schema for the Netscape Compass Server
50ns-delegated-admin.ldif Schema for Netscape Delegated Administrator 4.5
50ns-legacy.ldif Legacy Netscape Schema
50ns-mail.ldif Schema for Netscape Messaging Server
50ns-mcd-browser.ldif Schema for Netscape Mission Control Desktop - Browser
50ns-mcd-config.ldif Schema for Netscape Mission Control Desktop -

18 Netscape Directory Server Schema Reference • January 2002

Configuration

Object Identifiers (OIDs)

50ns-mcd-li.ldif Schema for Netscape Mission Control Desktop - Location

Independence
50ns-mcd-mail.ldif Schema for Netscape Mission Control Desktop - Mail
50ns-media.ldif Schema for Netscape Media Server
50ns-mlm.ldif Schema for Netscape Mailing List Manager
50ns-msg.ldif Schema for Netscape Web Mail
50ns-netshare.ldif Schema for Netscape Netshare
50ns-news.ldif Schema for Netscape Collabra Server
50ns-proxy.ldif Schema for Netscape Proxy Server
50ns-wcal.ldif Schema for Netscape Web Calendaring
50ns-web.ldif Schema for Netscape Web Server

Object Identifiers (OIDs)

Object identifiers (OIDs) are assigned to all attributes and object classes to conform
to the LDAP and X.500 standards. An OID is a sequence of integers, typically
written as a dot-separated string. When no OID is specified, the Directory Server
automatically uses ObjectClass_name-oid and attribute_name-oid.

TheNetscapebaseOIDis

2.16.840.1.113730

The base OID for the Directory Server is

2.16.840.1.113730.3

All Netscape-defined attributes have the base OID of

2.16.840.1.113370.3.1

All Netscape-defined object classes have the base OID of

2.16.840.1.113730.3.2

For more information about OIDs or to request a prefix for your enterprise, please
go to the Internet Assigned Number Authority (IANA) web site at

http://www.iana.org/.

Chapter 1 About Schema 19

Extending Server Schema

Extending Server Schema

The Directory Server schema includes hundreds of object classes and attributes that
can be used to meet most of your requirements. This schema can be extended with
new object classes and attributes that meet evolving requirements for the directory
service in the enterprise.

When adding new attributes to the schema, a new object class should be created to
contain them (adding a new attribute to an existing object class can compromise
the Directory Server’s compatibility with existing LDAP clients that rely on the
standard LDAP schema and may cause difficulties when upgrading the server).

For more information about extending server schema, refer to the Netscape
Directory Serve r Deployment Guide .

Schema Checking

You should run Directory Server with schema checking turned on.
The schema checking capability of Directory Server checks entries when you add

them to the directory or when you modify them, to verify that:

• Object classes a nd attributes used in the entry are defined in the directory
schema

• Attributes required for an object class are contained in the entry

• Only attributes allowed by the object class are contained in the entry

Schema checking also occurs when importing a database using LDIF. For more
information, refer to the Ne tsc ape Directory Server Administrator’s Guide.

20 Netscape Directory Server Schema Reference • January 2002

Chapter 2

Object Class Reference

This chapter contains an alphabetical list of the object classes accepted by the
default schema. It gives a definition of each object class, and lists its required and
allowed attributes. The object classes listed in this chapter are available for you to
use to support your own information in the Netscape Directory Server (Directory
Server). Object classes that are used by the Directory Server or other Netscape
products for internal operations are not documented here. For information about
these object classes, please refer to the Netscape Directory Server Configuration,
Command, and File Reference .

NOTE When an object class inherits attributes from other object classes, the

inherited attributes are shown in italics. An object class which
inherits from another object class must appear after this object class
in the

.ldif file, otherwise the server will not start.

Chapter 2 Object Class Reference 21

account

Definition

Used to define entries representing computer accounts.
This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.5

Required Attributes

objectClass Defines the object classes for the entry.

uid (userID) Identifies the account’s user ID.

Allowed Attributes

description Text description of the entry.
host Hostname of the computer on which the account resides.
l (localityName) Place in which the account is located.
o (organizationName) Organization to which the account belongs.
ou

(organizationUnitName)
seeAlso URL to information relevant to the account.

Organizational unit to which the account belongs.

22 Netscape Directory Server Schema Reference • January 2002

alias

Definition

Used to point to other entries in the directory tree.
Note: Aliasing is not supported in Directory Server.
This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.1

Required Attributes

objectClass Defines the object classes for the entry.

aliasedObjectName Distinguishedname of the entry for w hich this entry is

an alias.

Chapter 2 Object Class Reference 23

cosClassicDefinition

Definition

Identifies the template entry using both the template entry’s DN (as specified in the

cosTemplateDn attribute) and the value of one of the target entry’s attributes (as

specified in the
This object class is defined in Directory Server.

Superior Class

cosSuperDefinition

OID

2.16.840.1.113730.3.2.100

Required Attributes

objectClass Defines the object classes for the entry.
cosAttribute Provides the name of the attribute for which you want to

cosSpecifier attribute).

generate a value. You can specify more than one cosAttribute
value.

Allowed Attributes

cn (commonName) Common name of the entry.

cosSpecifier Specifies the attribute value used by a classic CoS,

cosTemplateDn Provides the DN of the t emplate entry associated with

description Text description of the entry.

24 Netscape Directory Server Schema Reference • January 2002

which, along with the template entry’s DN, identifies
the template entry.

the CoS definition.

cosDefinition

Definition

Defines the Class of Services you are using. This object class is supported in order
to provide compatibility with the DS4.1 CoS Plug-in.

This object class is defined in Directory Server.

Superior Class

top

OID

2.16.840.1.113730.3.2.84

Required Attributes

objectClass Defines the object classes for the entry.

Allowed Attributes

aci Evaluates what rights are granted or denied when the

directory server receives an LDAP request from a

client.
cn (commonName) Common name of the entry.
cosAttribute Provides the name of the attribute for which you want

to generate a value. You can specify more than one

cosAttribute value.
cosSpecifier Specifies the attribute value used by a classic CoS,

which, along with the template entry’s DN, identifies

the template entry.
cosTargetTree Determines the subtrees of the DIT to which the CoS

schema applies.
cosTemplateDn Provides the DN of the template entry associated with

the CoS definition.
uid (userID) Identifies the user ID.

Chapter 2 Object Class Reference 25

cosIndirectDefinition

Definition

Identifies the template entry using the value of one of the target entry’s attributes.
The attribute of the target entry is specified in the
attribute.

This object class is defined in Directory Server.

Superior Class

cosSuperDefinition

OID

2.16.840.1.113730.3.2.102

Required Attributes

objectClass Defines the object classes for the entry.
cosAttribute Provides the name of the attribute for which you want to

cosIndirectSpecifier

generate a value. You can specify more than one cosAttribute
value.

Allowed Attributes

cn (commonName) Common name of the entry.

cosIndirectSpecifier Specifiesthe attribute value used by an indirect CoS to

identify the template entry.

description Text description of the entry.

26 Netscape Directory Server Schema Reference • January 2002

cosPointerDefinition

Definition

Identifies the template entry associated with the CoS definition using the template
entry’s DN value. The DN of the template entry is specified in the
attribute.

This object class is defined in Directory Server.

Superior Class

cosSuperDefinition

OID

2.16.840.1.113730.3.2.101

Required Attributes

objectClass Defines the object classes for the entry.
cosAttribute Provides the name of the attribute for which you want to

cosTemplateDn

generate a value. You can specify more than one cosAttribute
value.

Allowed Attributes

cn (commonName) Common name of the entry.

cosTemplateDn Provides the DN of the template entry associated with

the CoS definition.

description Text description of the entry.

Chapter 2 Object Class Reference 27

cosSuperDefinition

Definition

All CoS definition object classes inherit from the cosSuperDefinition object
class.

This object class is defined in Directory Server.

Superior Class

ldapSubEntry

OID

2.16.840.1.113730.3.2.99

Required Attributes

objectClass Defines the object classes for the entry.

cosAttribute Provides the name of the attribute for whichyouwantto

generate a value. You can specify more than one
cosAttribute value.

Allowed Attributes

cn (commonName) Common name of the entry.

description Text description of the entry.

28 Netscape Directory Server Schema Reference • January 2002

cosTemplate

Definition

Contains a list of the shared attribute values.
This object class is defined in Directory Server.

Superior Class

top

OID

2.16.840.1.113730.3.2.128

Required Attributes

objectClass Defines the object classes for the entry.

Allowed Attributes

cn (commonName) Common name of the entry.
cosPriority Specifies which template provides the attribute

value, when CoS templates compete to provide an
attribute value.

Chapter 2 Object Class Reference 29

country

Definition

Used to defines entries that represent countries.
This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.2

Required Attributes

objectClass Defines the object classes for the entry.

c (countryName) Contains the two-character code representing country

names, as defined by ISO, in the directory.

Allowed Attributes

description Text description of the country.
searchGuide Specifies information for suggested search criteria when

using the entry as the base object in the directory tree for
a search operation.

30 Netscape Directory Server Schema Reference • January 2002

dcObject

Definition

Allows domain components to be defined for an entry. This object class is defined
as auxiliary because it is commonly used in combination with another object class,
such as (organization), ou (organizationUnitName) (organizationalUnit), or l
(localityName) (locality). For example:

dn: dc=example,dc=com
objectClass: top
objectClass: organization
objectClass: dcObject
dc: example
o: Example Corporation

This object class is defined in RFC 2247.

Superior Class

top

OID

1.3.6.1.4.1.1466.344

Required Attributes

objectClass Defines the object classes for the entry.

dc (domainComponent) One component of a domain name.

Chapter 2 Object Class Reference 31

device

Definition

Used to store information about network devices, such as printers, in the directory.
This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.14

Required Attributes

objectClass Defines the object classes for the entry.

cn (commonName) Common name of the device.

Allowed Attributes

description Text description of the device.
l (localityName) Place in which the device is located.
o (organizationName) Organization to which the device belongs.
ou

(organizationUnitName)
owner Distinguished name of the person responsible for the

seeAlso URL to information relevant to the device.
serialNumber Serial number of the device.

Organizational unit to which t he device belongs.

device.

32 Netscape Directory Server Schema Reference • January 2002

document

objectClass Defines the object classes for the entry.

documentIdentifier Unique identifier for a document.

Definition

Used to define entries which represent documents in the directory.
This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.6

Required Attributes

Allowed Attributes

abstract Abstract of the document.
audio Storesasoundfileinbinaryformat.
authorCn Author’s common, or given, name.
authorSn Author’s surname.
cn (commonName) Common name of the document.
description Text description of the document.
dITRedirect Distinguished name to use as a redirect for the entry.
documentAuthor Distinguished name of the document author.
documentLocation Location of the original document.
documentPublisher Person or organization that published the document.
documentStore Not defined.
documentTitle The document’s title.
documentVersion The document’s version number.
info Information about the object.
jpegPhoto Photo in jpeg format.

Chapter 2 Object Class Reference 33

keyWords Keywords that describe the document.
l (localityName) Place in which the document is located.
lastModifiedBy Distinguished name of the last user to modify the

document.
lastModifiedTime Last time the document was modified.
manager Distinguished name of the object’s manager.
o (organizationName) Organization to which the document belongs.
obsoletedByDocument Distinguished name of a document that obsoletes this

document.
obsoletesDocument Distinguished name of a document that is obsoleted by

this document.
ou

Organizational unit to which the document belongs.
(organizationUnitName)

photo Photo of the document, in binary form.
seeAlso URL to information relevant to the document.
subject Subject of the document.
uniqueIdentifier Specific item used to distinguish between two entries

when a distinguished name has been reused.
updatedByDocument Distinguished name of a document that is an updated

version of this document.
updatesDocument Distinguished name of a document for which this

document is an updated version.

34 Netscape Directory Server Schema Reference • January 2002

documentSeries

Definition

Used to define an entry that represents a series of documents.
This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.9

Required Attributes

objectClass Defines the object classes for the entry.

cn (commonName) The common name of the series.

Allowed Attributes

description Text description of the series.
l (localityName) Place in which the series is located.
o (organizationName) Organization to which the series belongs.
ou

(organizationUnitName)
seeAlso URL to information relevant to the series.
telephoneNumber Telephone number of the person responsible for the

Organizational unit to which the series belongs.

series.

Chapter 2 Object Class Reference 35

domain

Definition

Used to define entries that represent DNS domains in the directory. The
domainComponent attribute should be used for naming entries of this object class.

Used to represent Internet domain names (for example,

example.com).

The domain object class can only be used with an entry that does not correspond to
an organization,organizationalunit or other type of object for which an object class
has been defined. The domain object class requires that the dominComponent
attribute be present, and permi ts several other attributes to be present in the entry.

This object class is defined in RFC 2247.

Superior Class

top

OID

0.9.2342.19200300.100.4.13

Required Attributes

objectClass Defines the object classes for the entry.

dc (domainComponent) One component of a domain name.

Allowed Attributes

associatedName Entry in the organizationaldirectory tree associated with

aDNSdomain.
businessCategory Type of business in which this domain is engaged.
description Text description of the domain.
destinationIndicator Country and city associated with the entry needed to

provide Public Telegram Service.
fax

(fascimileTelephoneNumber)

internationalISDNNumber Domain’s ISDN number.

36 Netscape Directory Server Schema Reference • January 2002

Domain’s fax number.

l (localityName) Place in which the domain is located.
o (organizationName) Organization to which the domain belongs.
physicalDeliveryOfficeName Location where physical deliveries can be made.

postOfficeBox Domain’s post office box.
postalAddress Domain’s mailing address.
postalCode The postal code for this address (such as a United States

zip code).

preferredDeliveryMethod Domain’s preferred method of contact or delivery.

registeredAddress Postal address suitable for reception of expedited

documents, where the recipient must verify delivery.

searchGuide Specifies information for suggested search criteria when

using the entry as the base object in the directory tree for

a search operation.
seeAlso URL to information relevant to the domain.
st

State or province in which the domain is located.
(stateOrProvinceName)

street Street address in which the domain is l ocated.
telephoneNumber Domain’s telephone number.
teletexTerminalIdentifier Identifier for a domain’s teletex terminal.
telexNumber Domain’s telex number.
userPassword Password with which the entry can bind to the directory.
x121Address X.121 address of the domain.

Chapter 2 Object Class Reference 37

domainRelatedObject

Definition

Used to define entries which representDNS/NRS domains which are “equivalent”
to an X.500 domain, for example, an organisation or organisational unit.

This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.17

Required Attributes

objectClass Defines the object classes for the entry.

associatedDomain Specifies a DNS domain associated with an object in the

directory tree.

38 Netscape Directory Server Schema Reference • January 2002

dSA

Definition

Used to define entries representing DSAs in the directory.
This object class is defined in RFC 1274.

Superior Class

top

OID

2.5.6.13

Required Attributes

objectClass Defines the object classes for the entry.

cn (commonName) The common name of the series.
presentationAddress Contains an OSI presentation address for the entry.

Allowed Attributes

description Text description of the series.
knowledgeInformation This attribute is no longer used.
l (localityName) Place in which the series is located.
o (organizationName) Organization to which the series belongs.
ou

(organizationUnitName)
seeAlso URL to information relevant to the series.
supportedApplicationContext This attribute contains the identifiers of OSI

Organizational unit to which the series belongs.

application contexts.

Chapter 2 Object Class Reference 39

extensibleObject

Definition

When present in an entry, permits the entry to optionally hold any attribute. The
allowed attribute list of this class is implicitly the set of all attributes known to the
server.

This object class is defined in RFC 2252.

Superior Class

top

OID

1.3.6.1.4.1.1466.101.120.111

Required Attributes

objectClass Defines the object classes for the entry.

Allowed Attributes

All attributes known to the server.

40 Netscape Directory Server Schema Reference • January 2002

friendlyCountry

Definition

Used to define cou ntry entries in the directory tree. This object class is used to
allow more user-friendly country names than those allowed by the country object
class.

This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.18

Required Attributes

objectClass Defines the object classes for the entry.

co
(friendlyCountryName)

c (country) Contains the two-character code representing country

Allowed Attributes

description Text description of the country.
searchGuide Specifies information for suggested search criteria when

Storesthenameofacountry.

names, as defined by ISO, in the directory.

using the entry as the base object in the directory tree for

a search operation.

Chapter 2 Object Class Reference 41

groupOfCertificates

Definition

Used to describe a set of X.509 certificates. Any certificate that matches one of the
memberCertificateDescription values is considered a member of the group.

This object class is defined in Directory Server.

Superior Class

top

OID

2.16.840.1.113730.3.2.31

Required Attributes

objectClass Defines the object classes for the entry.

cn (commonName) The group’s common name.

Allowed Attributes

businessCategory Type of business in which the group is engaged.
description Text description of the group’s purpose.
memberCertificateDescription Values used to determine if a particular certificate is a

member of this group.
o (organizationName) Organization to which the group of certificates belongs.
ou

(organizationUnitName)
owner Distinguished name of the person responsible for the

seeAlso URL to information relevant to the group.

Organizational unit to which the group belongs.

group.

42 Netscape Directory Server Schema Reference • January 2002

groupOfNames

Definition

Used to define entries for a group of names.
Note: The definition in Directory Server differs from the standard definition. In the

standard definition, member is a required attribute. In Directory Server member is
an allowed attribute. Directory Server therefore allows a group to have no member.

This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.9

Required Attributes

objectClass Defines the object classes for the entry.

cn (commonName) The group’s common name.

Allowed Attributes

businessCategory Type of business in which the group is engaged.
description Text description of the group’s purpose.
member Distinguished name of a group member.
o (organizationName) Organization to which the group belongs.
ou

(organizationUnitName)
owner Distinguished name of the person responsible for the

seeAlso URL to information relevant to the group.

Organizational unit to which the group belongs.

group.

Chapter 2 Object Class Reference 43

groupOfUniqueNames

Definition

Used to define entries for a group of unique names.
This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.17

Required Attributes

objectClass Defines the object classes for the entry.

cn (commonName) The group’s common name.

Allowed Attributes

businessCategory Type of business in which the group is engaged.
description Text description of the group’s purpose.
o (organizationName) Organization to which the group belongs.
ou

(organizationUnitName)
owner Distinguished name of the person responsible for the

seeAlso URL to information relevant to the group.
uniqueMember Distinguished name of a unique group member.

Organizational unit to which the group belongs.

group.

44 Netscape Directory Server Schema Reference • January 2002

groupOfURLs

Definition

An auxiliary object class of groupOfUniqueNames or groupOfNames. The group
consists of a list of labeled URLs. Not supported by Directory Server 3.0.

This object class is defined in Directory Server.

Superior Class

top

OID

2.16.840.1.113730.3.2.33

Required Attributes

objectClass Defines the object classes for the entry.

cn (commonName) The group’s common name.

Allowed Attributes

businessCategory Type of business in which the group is engaged.
description Text description of the group’s purpose.
memberURL URL associated with each member of the group.
o (organizationName) Organization to which the group belongs.
ou

(organizationUnitName)
owner Distinguished name of the person responsible for the

seeAlso URL to information relevant to the group.

Organizational unit to which the group belongs.

group.

Chapter 2 Object Class Reference 45

inetOrgPerson

Definition

Used to define entries representing people in an organization’s enterprise network.
Inherits cn and sn from the person object class.

This object class is defined in RFC 2798.

Superior Class

person

OID

2.16.840.1.113730.3.2.2

Required Attributes

objectClass Defines the object classes for the entry.
cn (commonName) The person’s common name.
sn (surname) The person’s surname, or last name.

Allowed Attributes

audio Storesasoundfileinbinaryformat.
businessCategory Type of business in which the person is engaged.
carLicense The license plate number of the person’s vehicle.
departmentNumber Department for which the person works.

description Text description of the person.
destinationIndicator Country and city associated with the entry needed to provide

Public Telegram Service.

displayName Preferred name of a person to be used when displaying

entries.
employeeNumber The person’s employee number.
employeeType The person’s type of employment (for example, full

time).

fax
(fascimileTelephoneNumber)

The person’s fax number.

46 Netscape Directory Server Schema Reference • January 2002

givenName The person’s given, or first, name.
homePhone Theperson’s home phone number.
homePostalAddress The person’s home mailing adress.
initials The person’s initials.

internationalISDNNumber The person’s ISDN number.

jpegPhoto Photo in JPEG format.

l (localityName) Place in which the person is located.

labeledURI Universal resource locator that is relevant to the person.
mail The person’s email address.
manager Distinguished name of the object’s manager.
mobile The person’s mobile phone number.
o (organizationName) Organization to which the person belongs

ou

Organizational unit to which the person belongs.

(organizationUnitName)

pager Theperson’s pager number.
photo Photo of the person, in binary form.

physicalDeliveryOfficeName Location where physical deliveries can be made to the person.

postOfficeBox The person’s post office box.
postalAddress The person’s mailing address.
postalCode The postal code for this address (such as a United States zip

code).

preferredDeliveryMethod The person’s preferred method of contact or delivery.

preferredLanguage The person’s preferred written or spoken language.

registeredAddress Postal address suitable for reception of expediated documents,

where the recipient must verify delivery.

roomNumber The room number in which the person is located.
secretary Distinguished name of the person’s secretary or

administrativeassistant.

seeAlso URL to information relevant to the person.
st (stateOrProvinceName) State or province in which the person is located.
street Street address at which the person is located.

Chapter 2 Object Class Reference 47

telephoneNumber The person’s telephone number.
teletexTerminalIdentifier Identifier for the person’s teletex terminal.
telexNumber The person’s telex number.
title The person’s job title.

uid (userID) Identifies the person’s user id (usually the logon ID).
userCertificate Stores a user’s certificate in cleartext (not used).

userPassword Password with which the entry can bind to the directory.

userSMIMECertificate Stores a user’s certificate in binary form. Used by

Netscape Communicator for S/MIME.

x121Address X.121 address of the person.

x500UniqueIdentifier Reserved.

48 Netscape Directory Server Schema Reference • January 2002

labeledURIObject

Definition

This object class can be added to existing directory objects to allow for inclusion of
URI values. This approach does not preclude including the labeledURI attribute
type directly in other object classes as appropriate.

This object class is defined in RFC 2079.

Superior Class

top

OID

1.3.6.1.4.1.250.3.1

Required Attributes

objectClass Defines the object classes for the entry.

Allowed Attributes

labeledURI Universal Resource Locator that is relevant to the entry.

Chapter 2 Object Class Reference 49

locality

Definition

Used to define entries that represent localities or geographic areas.
This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.3

Required Attributes

objectClass Defines the object classes for the entry.

Allowed Attributes

description Text description of the locality.
l (localityName) Place in which the entry is located.
searchGuide Specifies information for a suggested search criteria

when using the entry as the base object in the directory

tree for a search operation.
seeAlso URL to information relevant to the locality.
st

(stateOrProvinceName)
street Street address associated with the locality.

Stateorprovincetowhichthelocalitybelongs.

50 Netscape Directory Server Schema Reference • January 2002

newPilotPerson

Definition

Used as a subclass of person, to allow the use of a number of additional attributes
to be assigned to entries of the person object class. Inherits cn and sn from the
person object class.

This object class is defined in Internet White Pages Pilot.

Superior Class

person

OID

0.9.2342.19200300.100.4.4

Required Attributes

objectClass Defines the object classes for the entry.
cn (commonName) The person’s common name.
sn (surname) The person’s surname, or last name.

Allowed Attributes

businessCategory Type of business in which this person is engaged.

description Text description of the person.

drink (favouriteDrink) The person’s favorite drink.
homePhone Theperson’s home phone number.
homePostalAddress The person’s home mailing address.
janetMailbox The person’s email address.
mail The person’s email address.
mailPreferenceOption Indicates a preference for inclusion of the person’s name

on mailing lists (electronic or physical). Not valid in

Messaging server 4.0.
mobile The person’s mobile phone number.
organizationalStatus The person’s type of employment (for example, full

time).

Chapter 2 Object Class Reference 51

otherMailbox Values for electronic mailbox types other than X.400 and

rfc822.
pager Theperson’s pager number.
personalSignature The person’s signature file.
personalTitle The person’s personal title.
preferredDeliveryMethod The person’s preferred method of contact or delivery.

roomNumber The person’s room number.
secretary Distinguished name of the person’s secretary or

administrative assistant.

seeAlso URL to information relevant to the person.
telephoneNumber The person’s telephone number.

textEncodedORAddress The person’s text-encoded Originator/Recipient (X.400)

address.
uid (userID) Identifies the person’s user id (usually the logon ID).
userClass Category of user.

userPassword Password with which the entry can bind to the directory.

52 Netscape Directory Server Schema Reference • January 2002

nsComplexRoleDefinition

Definition

Any role that is not a simple role is, by definition, a complex role.
This object class is defined in Directory Server.

Superior Class

nsRoleDefinition

OID

2.16.840.1.113730.3.2.95

Required Attributes

objectClass Defines the object classes for the entry.

Allowed Attributes

cn (commonName) The entry’s common name.
description Text description of the entry.

Chapter 2 Object Class Reference 53

nsFilteredRoleDefinition

Definition

Specifies assignment of entries to the role, depending upon the attributes contained
by each entry.

This object class is defined in Directory Server.

Superior Class

nsComplexRoleDefinition

OID

2.16.840.1.113730.3.2.97

Required Attributes

objectClass Defines the object classes for the entry.

nsRoleFilter Specifies the filter assigned to an entry.

Allowed Attributes

cn (commonName) The entry’s common name.
description Text description of the entry.

54 Netscape Directory Server Schema Reference • January 2002

nsLicenseUser

Definition

Used to track licenses for Netscape servers that are licensed on a per-client basis.
nsLicenseUser is intended to be used with the
manage the contents of this object class through the Users and Groups area of the
Netscape Administration Server.

This object class is defined in Netscape Administration Services.

Superior Class

top

OID

2.16.840.1.113730.3.2.7

Required Attributes

objectClass Defines the object classes for the entry.

inetOrgPerson object class. You can

Allowed Attributes

nsLicensedFor Netscape server that the user is licensed to use.
nsLicenseEndTime Reserved for future use.
nsLicenseStartTime Reserved for future use.

Chapter 2 Object Class Reference 55

nsManagedRoleDefinition

Definition

Specifies assignment of a role to an explicit, enumerated list of members.
This object class is defined in Directory Server.

Superior Class

nsSimpleRoleDefinition

OID

2.16.840.1.113730.3.2.96

Required Attributes

objectClass Defines the object classes for the entry.

Allowed Attributes

cn (commonName) The entry’s common name.
description Text description of the entry.

56 Netscape Directory Server Schema Reference • January 2002

nsNestedRoleDefinition

Definition

Specifies containment of one or more roles of any type within the role.
This object class is defined in Directory Server.

Superior Class

nsComplexRoleDefinition

OID

2.16.840.1.113730.3.2.98

Required Attributes

objectClass Defines the object classes for the entry.

nsRoleDN Specifies the roles assigned to an entry.

Allowed Attributes

cn (commonName) The entry’s common name.
description Text description of the entry.

Chapter 2 Object Class Reference 57

nsRoleDefinition

Definition

All role defini tion object classes inherit from the nsRoleDefinition object class.
This object class is defined in Directory Server.

Superior Class

ldapSubEntry

OID

2.16.840.1.113730.3.2.93

Required Attributes

objectClass Defines the object classes for the entry.

Allowed Attributes

cn (commonName) The entry’s common name.
description Text description of the entry.

58 Netscape Directory Server Schema Reference • January 2002

nsSimpleRoleDefinition

Definition

Roles containing this object class are called simple roles because they have a
deliberately limited flexibility, which makes it easy to:

• Enumerate the members of a role.

• Determine whether a given entry possesses a particul ar role.

• Enumerate all the roles possessed by a given entry.

• Assign a particular role to a given entry.

• Remove a particular role from a given entry.
This object class is defined in Directory Server.

Superior Class

nsRoleDefinition

OID

2.16.840.1.113730.3.2.94

Required Attributes

objectClass Defines the object classes for the entry.

Allowed Attributes

cn (commonName) The entry’s common name.
description Text description of the entry.

Chapter 2 Object Class Reference 59

organization

Definition

Used to define entries that represent organizations. An organization is generally
assumed to be a large, relatively static grouping within a larger corporation or
enterprise.

This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.4

Required Attributes

objectClass Defines the object classes for the entry.

o (organizationName) The name of the organization.

Allowed Attributes

businessCategory Type of business in which the organization is engaged.
description Text description of the organization.
destinationIndicator Country and city associated with the entry needed to

provide Public Telegram Service.

fax
(fascimileTelephoneNumber)

internationalISDNNumber The organization’s ISDN number.

l (localityName) Place in which the organization is located.
physicalDeliveryOfficeName Location where physical deliveries can be made to the

postalAddress The organization’s mailing address.
postalCode The postal code for this address (such as a United States

The organization’s fax number.

organization.

zip code).

60 Netscape Directory Server Schema Reference • January 2002

postOfficeBox The organization’s post office box.
preferredDeliveryMethod The organization’s preferred method of contact or

delivery.

registeredAddress Postal address suitable for reception of expedited

documents, where the recipient must verify delivery.

searchGuide Specifies information for suggested search criteria when

using the entry as the base object in the directory tree for

a search operation.
seeAlso URL to information relevant to the organization.
st

Stateorprovinceinwhichtheorganizationislocated.
(stateOrProvinceName)

street Street address at which the organization is located.
telephoneNumber The organization’s telephone number.
teletexTerminalIdentifier Identifier for the organization’s teletex terminal.
telexNumber The organization’s telex number.
userPassword Passwordwith which the entry can bind to the

directory.
x121Address X.121 address of the organization.

Chapter 2 Object Class Reference 61

organizationalPerson

Definition

Used to define entries for people employed by or associated with an organization.
cn and sn are inherited from the person object cl ass.

This object class is defined in RFC 2256.

Superior Class

person

OID

2.5.6.7

Required Attributes

objectClass Defines the object classes for the entry.
cn (commonName) The person’s common name.
sn (surname) The person’s surname, or last name.

Allowed Attributes

description Text description of the person.

destinationIndicator Country and city associated with the person needed to

provide Public Telegram Service.

fax
(fascimileTelephoneNumber)

internationalISDNNumber The person’s ISDN number.

l (localityName) Place in which the person is located.
ou

(organizationUnitName)
physicalDeliveryOfficeName Location where physical deliveries can be made to this

postalAddress The person’s mailing address.
postalCode The postal code for this address (such as a United States

The person’s fax number.

Organizational unit to which the person belongs.

person.

zip code).

62 Netscape Directory Server Schema Reference • January 2002

postOfficeBox The person’s post office box.
preferredDeliveryMethod The person’s preferred method of contact or delivery.

registeredAddress Postal address suitable for reception of expedited

documents, where the recipient must verify delivery.

seeAlso URL to information relevant to the person.

st

State or province in which the person is located.

(stateOrProvinceName)
street Street address at which the person is located.

telephoneNumber The person’s telephone number.

teletexTerminalIdentifier Identifier for the person’s teletex terminal.
telexNumber The person’s telex number.
title The person’s job title.

userPassword Password with which the entry can bind to the directory.

x121Address X.121 address of the person.

Chapter 2 Object Class Reference 63

organizationalRole

Definition

Used to define entries that represent roles held by people within an organization.
This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.8

Required Attributes

objectClass Defines the object classes for the entry.

cn (commonName) The role’s common name.

Allowed Attributes

description Text description of the role.
destinationIndicator Country and city associated with the entry needed to

provide Public Telegram Service.

fax
(fascimileTelephoneNumber)

internationalISDNNumber ISDN number of the person in the role.

l (localityName) Place in which the person in the role is located.
ou

(organizationUnitName)
physicalDeliveryOfficeName Location where physical deliveries can be made to the

postalAddress The mailing address for the person in the role.
postalCode The postal code for this address (such as a United States

postOfficeBox The post office box for the person in the role.

Fax number of the person in the role.

Organizational unit to which the person in the role
belongs.

person in the role.

zip code).

64 Netscape Directory Server Schema Reference • January 2002

preferredDeliveryMethod Preferred method of contact or delivery of the person in

the role.

registeredAddress Postal address suitable for reception of expedited

documents, where the recipient must verify delivery.
roleOccupant Distinguished name of the person in the role.
seeAlso URL to information relevant to the person in the role.
st

(stateOrProvinceName)

Stateorprovinceinwhichthepersonintheroleis

located.
street Street address at which the person in the role is located.
telephoneNumber The person’s telephone number.
teletexTerminalIdentifier Identifier for the teletex terminal of the person in the

role.
telexNumber Telex number of the person in the role.
x121Address X.121 address of the person in the role.

Chapter 2 Object Class Reference 65

organizationalUnit

Definition

Used to define entries that represent organizational units. An organizational unit is
generally assumed to be a relatively static grouping within a larger organization.

This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.5

Required Attributes

objectClass Defines the object classes for the entry.

ou
(organizationUnitName)

Allowed Attributes

businessCategory Type of business in which the organizational unit is

description Text description of the organizational unit.
destinationIndicator Country and city associatedwith the organizationalunit

fax
(fascimileTelephoneNumber)

internationalISDNNumber The organizational unit’s ISDN number.

l (localityName) Place in which the organizational unit is located.
physicalDeliveryOfficeName Location where physical deliveries can be made to the

Thenameoftheorganizationalunit.

engaged.

needed to provide Public Telegram Service.
The organizational unit’s fax number.

organizational unit.
postalAddress The organizational unit’s mailing address.
postalCode The postal code for this address (such as a United States

66 Netscape Directory Server Schema Reference • January 2002

zip code).

postOfficeBox The organizational unit’s post office box.
preferredDeliveryMethod The organizational unit’s preferred method of contact or

delivery.

registeredAddress Postal address suitable for reception of expedited

documents, where the recipient must verify delivery.

searchGuide Specifies information for suggested search criteria when

using the entry as the base object in the directory tree for

a search operation.
seeAlso URL to information relevant to the organizational unit.
st

(stateOrProvinceName)

State or province in which the organizational unit is

located
street Street address at which the organizational unit is

located.
telephoneNumber The organizational unit’s telephone number.
teletexTerminalIdentifier Identifier for the organizational unit’s teletex terminal.
telexNumber The organization’s telex number.
userPassword Password with which the entry can bind to the

directory.
x121Address X.121 address of the organizational unit.

Chapter 2 Object Class Reference 67

person

Definition

Used to define entries that generically represent people. This object class is the base
class for the organizationalPerson object class.

This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.6

Required Attributes

objectClass Defines the object classes for the entry.

cn (commonName) The person’s common name.
sn (surname) The person’s surname, or last name.

Allowed Attributes

description Text description of the person.
seeAlso URL to information relevant to the person.
telephoneNumber The person’s telephone number.
userPassword Passwordwith which the entry can bind to the

directory.

68 Netscape Directory Server Schema Reference • January 2002

pilotObject

Definition

Used as a subclass to allow additional attributes to be assigned to entries of all
other object classes.

This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.3

Required Attributes

objectClass Defines the object classes for the entry.

Allowed Attributes

audio Storesasoundfileinbinaryformat.
dITRedirect Distinguished name to use as a redirect for the entry.
info Information about the object.
jpegPhoto Photo in jpeg format.
lastModifiedBy Distinguished name of the last user to modify the object.
lastModifiedTime Last time the object was modified.
manager Distinguished name of the object’s manager.
photo Photo of the object.
uniqueIdentifier Specific item used to distinguish between two entries

when a distinguished name has been reused.

Chapter 2 Object Class Reference 69

pilotOrganization

Definition

Used as a subclass to allow additional attributes to be assigned to organization and
organizationalUnit object class entries.

This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.20

Required Attributes

objectClass Defines the object classes for the entry.

o (organizationName) Organization to which the entry belongs.
ou

(organizationUnitName)

Allowed Attributes

buildingName Name of the building in which the entry is located.
businessCategory Type of business in which the entry is engaged.
description Text description of the entry.
destinationIndicator Country and city associated with the pilot organization

fax
(fascimileTelephoneNumber)

internationalISDNNumber The pilot organization’s ISDN number.

l (localityName) Place in which the pilot organization is located.
physicalDeliveryOfficeName Location where physical deliveries can be made to the

Organizational unit to which the entry belongs.

needed to provide Public Telegram Service.
The pilot organization’s fax number.

pilot organization.

postalAddress The pilot organization’s mailing address.

70 Netscape Directory Server Schema Reference • January 2002

postalCode The postal code for this address (such as a United States

zip code).
postOfficeBox The pilot organization’s post office box.
preferredDeliveryMethod The pilot organization’s preferred method of contact or

delivery
registeredAddress Postal address suitable for reception of expedited

documents, where the recipient must verify delivery.
searchGuide S pecifies information for suggested search criteria when

using the entry as the base object in the directory tree for

a search operation.
seeAlso URL to information relevant to the pilot organization.
st

(stateOrProvinceName)

State or province in which the pilot organization is

located.
street Street address at which the pilot organization is located.
telephoneNumber The pilot organization’s telephone number.
teletexTerminalIdentifier Identifier for the pilot organization’s teletex terminal.
telexNumber The pilot organization’s telex number.
userPassword Password with which the entry can bind to the directory.
x121Address X.121 address of the pilot organization.

Chapter 2 Object Class Reference 71

residentialPerson

Definition

Used by the directory server to contain a person’s residential information.
This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.10

Required Attributes

objectClass Defines the object classes for the entry.
cn (commonName) The person’s common name.

l (localityName) Place in which the person resides.

sn (surname) The person’s surname, or last name.

Allowed Attributes

businessCategory Type of business in which the person is engaged.

description Text description of the person.

destinationIndicator Country and city associated with the entry needed to

provide Public Telegram Service.

fax
(fascimileTelephoneNumber)

internationalISDNNumber The person’s ISDN number.

physicalDeliveryOfficeName Location where physical deliveries can be made to the

postalAddress The person’s business mailing address.
postalCode The postal code for this address (such as a United States

postOfficeBox The person’s business post office box.

The person’s fax number.

person.

zip code).

72 Netscape Directory Server Schema Reference • January 2002

preferredDeliveryMethod The person’s preferred method of contact or delivery.

registeredAddress Postal address suitable for reception of expedited

documents, where the recipient must verify delivery.
seeAlso URL to information relevant to the person.
st

State or province in which the person resides.
(stateOrProvinceName)

street Street address at which the person is located.
telephoneNumber The person’s telephone number.
teletexTerminalIdentifier Identifier for the person’s teletex terminal.
telexNumber The person’s telex number.
userPassword Password with which the entry can bind to the directory.
x121Address X.121 address of the entry.

Chapter 2 Object Class Reference 73

RFC822LocalPart

Definition

Used to define entries that represent the local part of RFC822 mail addresses. The
directory treats this part of an RFC822 address as a domain.

This object class is defined in Internet directory pilot.

Superior Class

domain

OID

0.9.2342.19200300.100.4.14

Required Attributes

objectClass Defines the object classes for the entry.
dc (domainComponent) Domain component of the entry.

Allowed Attributes

associatedName Entry in the organizational directory tree associated with a

DNS domain.

businessCategory Type of business in which this local part is engaged.

cn (commonName) The local part’s common name.

description Text description of the local part.
destinationIndicator Country and city associated with the entry needed to provide

Public Telegram Service.

fax
(fascimileTelephoneNumber)

internationalISDNNumber The local part’s ISDN number.
l (localityName) Place in which the local part is located.
o (organizationName) O rganization to which the local part belongs.
physicalDeliveryOfficeName Location where physical deliveries can be made to the local

postOfficeBox The local part’s post office box.

The local part’s fax number.

part.

74 Netscape Directory Server Schema Reference • January 2002

postalAddress The local part’s mailing address.
postalCode The postal code for this address (such as a United States zip

code).
preferredDeliveryMethod Local part’s preferred method of contact or delivery.
registeredAddress Postal address suitable for reception of expediated documents,

where the recipient must verify delivery.
searchGuide Specifies information for suggested search criteria when using

the entry as the base object in the directory tree for a search

operation.
seeAlso URL to information relevant to the local part.

sn (surname) The entry’s surname, or last name.

st (stateOrProvinceName) State or province in which the local part is located.
street Street address at which the local part is located.
telephoneNumber Telephone number associated with the local part.
teletexTerminalIdentifier Identifier for a telex terminal associated with the local part.
telexNumber Telex number associated with the local part.
userPassword Password with which the entry can bind to the directory.
x121Address X.121 address associated with the entry.

Chapter 2 Object Class Reference 75

room

Definition

Used to store information in the directory about a room.
This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.7

Required Attributes

objectClass Defines the object classes for the entry.

cn (commonName) Common name of the room.

Allowed Attributes

description Text description of the room.
roomNumber The room’s number.
seeAlso URL to information relevant to the room.
telephoneNumber The room’s telephone number.

76 Netscape Directory Server Schema Reference • January 2002

strongAuthenticationUser

Definition

Used to store a user’s certificate entry in the directory.
This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.15

Required Attributes

objectClass Defines the object classes for the entry.

userCertificate Stores a user’s certificate, usually in binary form.

Chapter 2 Object Class Reference 77

simpleSecurityObject

Definition

Used to allow an entry to contain the userPassword attribute when an entry's
principal object classes do not allow userPassword as an attribute type. Reserved
forfutureuse.

This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.19

Required Attributes

objectClass Defines the object classes for the entry.

userPassword Password with which the entry can bind to the directory.

78 Netscape Directory Server Schema Reference • January 2002

abstract

Chapter 3

Attribute Reference

This chapter contains reference information about Netscape Directory Server
(Directory Server) attributes. The attributes are listed in alphabetical order.

Definition

Provides an abstract of a document entry.
This attribute is defined in Internet White Pages Pilot.

Syntax

DirectoryString, multi-valued.

OID

0.9.2342.19200300.102.1.9

aliasedObjectName

Definition

Used by the Directory Server to identify alias entries in the directory. Contains the
distinguished name of the entry for which it is an alias.

For example:

aliasedObjectName: cn=jdoe, o=example.com

This attribute is defined in RFC 2256.

79

Syntax

DN, single-valued.

OID

2.5.4.1

associatedDomain

Definition

Specifies a D NS domain associated with an object in the directory tree. For
example, the entry in the directory tree with a distinguished name "C=US,
O=Example Corporation" would have an associated domain of "EC.US". N ote that
all domains shou ld be represented in rfc822 order.

For example:

associatedDomain: US

This attribute is defined in RFC 1274.

Syntax

DirectoryString, multi-valued.

OID

0.9.2342.19200300.100.1.37

associatedName

Definition

Specifies an entry in the organizational directory tree associated with a DNS
domain.

For example:

associatedName: c=us

This attribute is defined in RFC 1274.

Syntax

DN, multi-valued.

80 Netscape Directory Server Schema Reference • January 2002

audio

OID

0.9.2342.19200300.100.1.38

Definition

Contains a sound file in binary format. The attribute uses a u-law encoded sound
file.

For example:

audio:: AAAAAA==

This attribute is defined in RFC 1274.

Syntax

Binary, multi-valued.

OID

0.9.2342.19200300.100.1.55

authorCn

Definition

Contains the common name of the author of a document entry.
For example:

authorCn: Kacey

This attribute is defined in Internet White Pages Pilot.

Syntax

DirectoryString, multi-valued.

OID

0.9.2342.19200300.102.1.11

Chapter 3 Attribute Reference 81

authorSn

Definition

Contains the surname of the author of a document entry.
For example:

authorSn: Doe

This attribute is defined in Internet White Pages Pilot.

Syntax

DirectoryString, multi-valued.

OID

0.9.2342.19200300.102.1.12

authorityRevocationList

Definition

Contains a list of CA certificates that have been revoked. This attribute is to be
stored and requested in the binary form, as ‘authorityRevocationList ;binary’.

For example:

authorityrevocationlist;binary:: AAAAAA==

This attribute is defined in RFC 2256.

Syntax

Binary, multi-valued.

OID

2.5.4.38

buildingName

Definition

Defines the building name associated with the entry.
For example:

82 Netscape Directory Server Schema Reference • January 2002

buildingName: 14

This attribute is defined in RFC 1274.

Syntax

DirectoryString, multi-valued.

OID

0.9.2342.19200300.100.1.48

businessCategory

Definition

Identifies the type of business in which the entry is engaged. This should be a
broad generalization such as is made at the corporate division level.

For example:

businessCategory: Engineering

This attribute is defined in RFC 2256.

Syntax

DirectoryString, multi-valued.

OID

2.5.4.15

c (countryName)

Definition

Contains the two-character code representing country names, as defined by ISO, in
the directory.

For example:

countryName: IE

or

c: IE

This attribute is defined in RFC 2256.

Chapter 3 Attribute Reference 83

Syntax

DirectoryString, single-valued.

OID

2.5.4.6

cACertificate

Definition

Contains the CA’s certificate. This attribute is to be stored and requested in the
binary form, as ‘cACertificate;binary’.

For example:
cacertificate;binary:: AAAAAA==
This attribute is defined in RFC 2256.

Syntax

Binary, multi-valued.

OID

2.5.4.37

carLicense

Definition

Identifies the entry’s automobile license plate number.
For example:

carLicense: 6ABC246

This attribute is defined in RFC 2798.

Syntax

DirectoryString, multi-valued.

OID

2.16.840.1.113730.3.1.1

84 Netscape Directory Server Schema Reference • January 2002

certificateRevocationList

Definition

Contains a list of revoked user certificates. This attribute is to be stored and
requested in the binary form, as ‘certificateRevocationList;binary’.

For example:

certificateRevocationList;binary:: AAAAAA==

This attribute is defined in RFC 2256.

Syntax

Binary, multi-valued.

OID

2.5.4.39

cn (commonName)

Definition

Identifies the name of an object in the directory. When the object corresponds to a
person, the cn is typically the person’s full name.

When identifying the entry’s common name or full name:

commonName: Bill Anderson

or

cn: Bill Anderson

When in reference to LDAPReplica or LDAPServer object classes:

commonName: replicater.example.com:17430/o%3Dexample%2Cc%3us

or

cn: replicater.example.com:17430/o%3Dexample%2Cc%3us

This attribute is defined in RFC 2256.

Syntax

DirectoryString, multi-valued.

Chapter 3 Attribute Reference 85

OID

2.5.4.3

co (friendlyCountryName)

Definition

Contains the name of a country. Often, the country attribute is used to describe a
two-character code for a country, and the friendlyCountryName attribute is used
to describe the actual country name.

For example:

friendlyCountryName: Ireland

or

co: Ireland

This attribute is defined in RFC 1274.

Syntax

DirectoryString, multi-valued.

OID

0.9.2342.19200300.100.1.43

cosAttribute

Description

Provides the name of the attribute for which you want to generate a value. You can
specify more than one
CoS definition entries.

This attribute is defined in Directory Server.

Syntax

Directory String , multi-valued.

OID

2.16.840.1.113730.3.1.550

cosAttribute value. This attribute is used by all types of

86 Netscape Directory Server Schema Reference • January 2002

cosIndirectSpecifier

Description

Specifies the attribute values used by an indirect CoS to identify the template entry.
This attribute is defined in Directory Server.

Syntax

DirectoryString, single-valued.

OID

2.16.840.1.113730.3.1.577

cosPriority

Definition

Specifies which template provides the attribute value, when CoS templates
compete to provide an attribute value. This attribute represents the global priority
of a particular template. A priority of zero is the highest priority.

This attribute is defined in Directory Server.

Syntax

INTEGER, single-valued.

OID

2.16.840.1.113730.3.1.569

cosSpecifier

Description

Specifies the attribute value used by a classic CoS, which, along with the template
entry’s DN, identifies the template entry.

This attribute is defined in Directory Server.

Syntax

DirectoryString, single-valued.

Chapter 3 Attribute Reference 87

OID

2.16.840.1.113730.3.1.551

cosTargetTree

Definition

Determines the subtrees of the DIT to which the CoS schema applies. The values
for this attribute for the schema and for multiple CoS schema may overlap their
target trees in an arbitrary fashion.

This attribute is defined in Directory Server.

Syntax

DirectoryString, single-valued.

OID

2.16.840.1.113730.3.1.552

cosTemplateDn

Definition

Provides the name of the attribute for which you want to generate a value. You can
specify more than one
CoS definition entries.

This attribute is defined in Directory Server.

Syntax

DirectoryString, single-valued.

OID

2.16.840.1.113730.3.1.553

crossCertificatePair

Definition

This attribute is to be stored and requ ested in the binary form, as
‘crossCertificatePair;binary’.

cosAttribute value. This attribute is used by all types of

88 Netscape Directory Server Schema Reference • January 2002

For example:

crosscertificatepair;binary:: AAAAAA==

This attribute is defined in RFC 2256.

Syntax

Binary, multi-valued.

OID

2.5.4.40

dc (domainComponent)

Definition

Specifies one component of a domain name.
For example:

domainComponent: example

or
dc: example
This attribute is defined in RFC 2247.

Syntax

DirectoryString, single-valued.

OID

0.9.2342.19200300.100.1.25

deltaRevocationList

Definition

This attribute is to be stored and requested in the binary form, as
‘deltaRevocationList;binary’.

This attribute is defined in RFC 2256.

Syntax

Binary, multi-valued.

Chapter 3 Attribute Reference 89

OID

2.5.4.53

departmentNumber

Definition

Identifies the entry’s department number.
For example:

departmentNumber: 2604

This attribute is defined in RFC 2798.

Syntax

DirectoryString, multi-valued.

OID

2.16.840.1.113730.3.1.2

description

Definition

Provides a human-readable description of the object. For people and organizations
this often includes their role or work assignment.

For example:

description: Quality control inspector for the ME2873 product line

This attribute is defined in RFC 2256.

Syntax

DirectoryString, multi-valued.

OID

2.5.4.13

90 Netscape Directory Server Schema Reference • January 2002

destinationIndicator

Definition

The country and city associated with the entry needed to provide Public Telegram
Service. Generally used in conjunction with registeredAddress.

For example:

destinationIndicator: Stow, Ohio, USA

This attribute is defined in RFC 2256.

Syntax

DirectoryString, multi-valued.

OID

2.5.4.27

displayName

Definition

Preferred name of a person to be used when displaying entries. Especially useful in
displaying a preferred name for an entry within a one-line summary list. Since
other attribute types, such as cn, are multivalued, they can not be used to display a
preferred name.

For example:

displayName: Michigan Smith

This attribute is defined in RFC 2798.

Syntax

DirectoryString, single-valued.

OID

2.16.840.1.113730.3.1.241

Chapter 3 Attribute Reference 91

dITRedirect

Definition

Used to indicate that the object described by one entry now has a newer entry in
the directory tree. This attribute may be used when an individual’s place of work
changes, and the individual acquires a new organizational DN.

For example:

ditRedirect: cn=jdoe, o=example.com

This attribute is defined in RFC 1274.

Syntax

DN

OID

0.9.2342.19200300.100.1.54

dmdName

Definition

The value of this attribute specifies a directory management domain (DMD), the
administrative authority which operates the directory server.

This attribute is defined in RFC 2256.

Syntax

DirectoryString, multi-valued.

OID

2.5.4.54

dn (distinguishedName)

Definition

Defines the distinguished name (DN) for the entry.
For example:

dn:

cn=Jane Doe, ou=Quality Control, o=example.com

92 Netscape Directory Server Schema Reference • January 2002

This attribute is defined in RFC 2256.

Syntax

DN

OID

2.5.4.49

dNSRecord

Definition

Specifies DNS resource records, including type A (Address), type MX (Mail
Exchange), type NS (Name Server), and type SOA (Start Of Authority) resource
records.

For example:

dNSRecord: IN NS ns.uu.net

This attribute is defined in Internet directory pilot.

Syntax

IA5String, multi-valued.

OID

0.9.2342.19200300.100.1.26

documentAuthor

Definition

Contains the distinguished name of the author of a document entry.
For example:

documentAuthor:

This attribute is defined in RFC 1274.

Syntax

DN, multi-valued.

cn=John Doe, o=example.com

Chapter 3 Attribute Reference 93

OID

0.9.2342.19200300.100.1.14

documentIdentifier

Definition

Specifies a unique identifier for a document.
For example:

documentIdentifier: L3204REV1

This attribute is defined in RFC 1274.

Syntax

DirectoryString, multi-valued.

OID

0.9.2342.19200300.100.1.11

documentLocation

Definition

Defines the location of the original copy of a document entry.
For example:

documentLocation: Department Library

This attribute is defined in RFC 1274.

Syntax

DirectoryString, multi-valued.

OID

0.9.2342.19200300.100.1.15

94 Netscape Directory Server Schema Reference • January 2002

documentPublisher

Definition

The person and/or organization that published a document.
For example:

documentPublisher: Southeastern Publishing

This attribute is defined in RFC 1274.

Syntax

DirectoryString, single-valued.

OID

0.9.2342.19200300.100.1.56

documentStore

Definition

Defines the *** of a document.
For example:

documentStore:

This attribute is defined in Internet White Pages Pilot.

Syntax

DirectoryString, multi-valued.

OID

0.9.2342.19200300.102.1.10

documentTitle

Definition

Contains the title of a document entry.
For example:

documentTitle: Netscape Directory Server Administrator’s Guide

Chapter 3 Attribute Reference 95

This attribute is defined in RFC 1274.

Syntax

DirectoryString, multi-valued.

OID

0.9.2342.19200300.100.1.12

documentVersion

Definition

Defines the version of a document entry.
For example:

documentVersion: 1.1

This attribute is defined in RFC 1274.

Syntax

DirectoryString, multi-valued.

OID

0.9.2342.19200300.100.1.13

drink (favouriteDrink)

Definition

Describes the favorite drink of a person entry.
For example:

drink: soda

or

favouriteDrink: soda

This attribute is defined in RFC 1274.

Syntax

DirectoryString, multi-valued.

96 Netscape Directory Server Schema Reference • January 2002

OID

0.9.2342.19200300.100.1.5

dSAQuality

Definition

Specifies the purported quality of a DSA. This attribute allows a DSA manager to
indicate the expected level of availability of the DSA.

For example:

dSAQuality: high

This attribute is defined in RFC 1274.

Syntax

DirectoryString, single-valued.

OID

0.9.2342.19200300.100.1.49

employeeNumber

Definition

Identifies the entry’s employee number.
For example:

employeeNumber: 3440

This attribute is defined in RFC 2798.

Syntax

DirectoryString, single-valued.

OID

2.16.840.1.113730.3.1.3

Chapter 3 Attribute Reference 97

employeeType

Definition

Identifies the entry’s type of employment.
For example:

employeeType: Full time

This attribute is defined in RFC 2798.

Syntax

DirectoryString, multi-valued.

OID

2.16.840.1.113730.3.1.4

enhancedSearchGuide

Definition

Used by X.500 clients when construcing search filters.
For example:

enhancedSearchGuide: (uid=mhughes)

This attribute is defined in RFC 2798.

Syntax

DirectoryString, multi-valued.

OID

2.5.4.47

fax (fascimileTelephoneNumber)

Definition

Identifies the fax number at which the entry can be reached. Abbreviation: fax
For example:

facsimileTelephoneNumber: +1 415 555 1212

98 Netscape Directory Server Schema Reference • January 2002

or:

fax: +1 415 555 1212

This attribute is defined in RFC 2256.

Syntax

TelephoneNumber, multi-valued.

OID

2.5.4.23

generationQualifier

Definition

Contains the generation Qualifier part of the name, typically appearing in the
suffix.

For example:

generationqualifier:III

This attribute is defined in RFC 2256.

Syntax

DirectoryString, multi-valued.

OID

2.5.4.44

givenName

Definition

Identifies the entry’s given name, usually a person’s first name.
For example:

givenName: Hecuba

This attribute is defined in RFC 2256.

Syntax

DirectoryString, multi-valued.

Chapter 3 Attribute Reference 99

OID

2.5.4.42

homePhone

Definition

Identifies the entry’s home phone number.
For example:

homeTelephoneNumber: 415-555-1212

or

homePhone: 415-555-1234

This attribute is defined in RFC 1274.

Syntax

TelephoneNumber, multi-valued.

OID

0.9.2342.19200300.100.1.20

homePostalAddress

Definition

Identifies the entry’s home mailing address. This field is intended to include
multiple lines, but each line within the entry should be separated by a dollar sign
($). To represent an actual dollar sign ($) or backslash (\) within this text, use the
escaped hex values \24 and \5c respectively.

To identify an entry’s homemailing address:

homePostalAddress: 1234 Ridgeway Drive$Santa Clara, CA$99555

Additionally, to represent the string:

The dollar ($) value can be found
in the c:\cost file.

provide the string:

The dollar (\24) value can be found$in the c:\5ccost file.

100 Netscape Directory Server Schema Reference • January 2002