Netscape Directory Server 7.0 Reference

Schema Reference

Netscape Directory Server

Version 7.0

October 2004

Netscape Communications Corporation ("Netscape") and its licensors retain all ownership rights to the software programs of fered by Netscape (referred
to herein as "Software") and related documentation. Use of the Software and related documentation is governed by the license agreement for the
Software and applicable copyright law.

Your right to copy this documentation is limited by copyright law. Making unauthorized copies, adaptations or compilation works is prohibited and
constitutes a punishable violation of the law. Netscape may revise this documentation from time to time without notice.

THIS DOCUMENTATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN NO EVENT SHALL NETSCAPE BE LIABLE FOR
INDIRECT, SPECIAL, INCIDENTAL , OR CON SEQ UENTIAL DAMAGES OF ANY KIND ARISING FROM ANY ERRO R IN THIS
DOCUMENTATION, INCLUDING WITHOUT LIMITATION ANY LOSS OR INTERRUPTION OF BUSINESS, PROFITS, USE, OR DATA.

The downloading, exporting, or reexporting of Netscape software or any underlying information or technology must be in full compliance with all
United States and other applicable laws and regulations. Any provision of Netscape software or documentation to the U.S. government is with restricted
rights as described in the license agreement for that Software.

Netscape and the Netscape N logo are registered trademarks of Netscape Communications Corporation in the United States and other countries. Other
Netscape logos, product names, and service names are also trademarks of Netscape Communications Corporation, which may be registered in some
countries. Other product and brand names are the exclusive property of their respective owners.

The Software and documentation are copyright © 2001 Sun Microsystems, Inc. Portions copyright 1999, 2002, 2003, 2004 Netscape Communications
Corporation. All rights reserved.

================================================================================================================================

Portions of the Software copyright © 1995 PEER Networks, Inc. All rights reserved.

================================================================================================================================

The Software contains the Taligent International Classes from Taligent, Inc. and IBM Corp.

================================================================================================================================

Portions of the Software copyright ©1992-1998 Regents of the University of Michigan. All rights reserved.

================================================================================================================================

The Software contains encryption software from RSA Security Inc. Copyright © 1994 RSA Data Security, Inc. All rights reserved.
This product contains software derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm.

================================================================================================================================

This product incorporates International Components for Unicode (ICU) libraries, ICU is an open source development project sponsored, supp orted, an d
used by IBM.

================================================================================================================================

The source code to the Standard Version of Perl can be obtained from CPAN sites, including http://www.perl.com/.

================================================================================================================================

This product incorporates compression code by the Info-ZIP group. There are no extra charges or costs due to the use of this code, and the original
compression sources are freely available from http://www.infozip.com/ on the Internet.

================================================================================================================================

This product includes software developed by the Apache Software Foundation (http://www.apache.org/).

================================================================================================================================

Portions of the Software copyright © 1989 The Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms of such U.C. Regents software, with or without modification, are permitted provided that the

following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgment: This product includes software
developed by the University of California, Berkeley and its contributors.

4. Neither the name of the University nor the names of its contributors may be used to endorse or pro mote pro ducts derived from this software w ithout
specific prior written permission.

THIS SOFTWARE IS PR OVID ED BY THE RE GENTS A ND CON TRIBU TORS "A S IS" AND A NY EXPR ESS OR IMPL IED WA RRANTIES , I NCLUDIN G,
BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONS EQ UENT IAL D AMA GES ( INC LUD ING, BUT NOT LIMI TED TO, PROC UREMEN T OF S UBSTI TUTE GO ODS OR S ERVI CES;
LOSS OF USE, DATA, OR PROFIT S; OR BU SINESS INTERRUPTION) HOW EVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

================================================================================================================================

Portions of the Software copyright (C) 1987, 1988 Student Information Processing Board of the Massachusetts Institute of Technology.
Permission to use, copy, modify, and distribute such M.I .T. software and its documentation for any purpose and without fee is hereby granted, provided

that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation,
and that the names of M.I.T. and the M.I.T. S.I.P.B. not be used in advertising or publicity pertaining to distribution of the software without specific,
written prior permission. M.I.T. and the M.I.T. S.I.P.B. make no representations about the suitability of this software for any purpose. It is provided "as
is" without express or implied warranty.

Contents

About This Reference Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Purpose of This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Directory Server Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Contents of This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Prerequisite Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Conventions Used in This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Related Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Chapter 1 About Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Schema Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Object Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Required and Allowed Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Object Class Inheritance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Attribute Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Single-Valued and Multi-Valued Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Schema Supported by Directory Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Object Identifiers (OIDs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Extending Server Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Schema Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Chapter 2 Object Class Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

cosClassicDefinition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

cosDefinition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

cosIndirectDefinition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

cosPointerDefinition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

cosSuperDefinition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

cosTemplate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

3

country . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

dcObject . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

documentSeries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

domainRelatedObject . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

dSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

extensibleObject . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

friendlyCountry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

groupOfCertificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

groupOfNames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

groupOfUniqueNames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

groupOfURLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

inetOrgPerson . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

labeledURIObject . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

locality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

newPilotPerson . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

nsComplexRoleDefinition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

nsFilteredRoleDefinition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

nsLicenseUser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

nsManagedRoleDefinition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

nsNestedRoleDefinition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

nsRoleDefinition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

nsSimpleRoleDefinition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

organizationalPerson . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

organizationalRole . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

organizationalUnit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

person . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

pilotObject . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

pilotOrganization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

residentialPerson . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

RFC822LocalPart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

room . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

strongAuthenticationUser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

simpleSecurityObject . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Chapter 3 Attribute Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

aliasedObjectName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

associatedDomain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

associatedName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

4 Netscape Directory Server Schema Reference • October 2004

audio . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

authorCn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

authorSn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

authorityRevocationList . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

buildingName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

businessCategory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

c (countryName) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

cACertificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

carLicense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

certificateRevocationList . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

cn (commonName) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

co (friendlyCountryName) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

cosAttribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

cosIndirectSpecifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

cosPriority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

cosSpecifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

cosTargetTree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

cosTemplateDn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

crossCertificatePair . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

dc (domainComponent) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

deltaRevocationList . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

departmentNumber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

destinationIndicator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

displayName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

dITRedirect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

dmdName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

dn (distinguishedName) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

dNSRecord . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

documentAuthor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

documentIdentifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

documentLocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

documentPublisher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

documentStore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

documentTitle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

documentVersion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

drink (favoriteDrink) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

dSAQuality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

employeeNumber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

employeeType . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

enhancedSearchGuide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

fax (facsimileTelephoneNumber) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

generationQualifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

5

givenName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

homePhone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

homePostalAddress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

houseIdentifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

info . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

initials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

internationalISDNNumber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

janetMailbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

jpegPhoto . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

keyWords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

knowledgeInformation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

l (localityName) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

labeledURI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

lastModifiedBy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

lastModifiedTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

mailPreferenceOption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

member . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

memberCertificateDescription . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

memberURL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

mobile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

nsLicensedFor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

nsLicenseEndTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

nsLicenseStartTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

ntUserDomainId . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

o (organizationName) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

objectClass . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

obsoletedByDocument . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

obsoletesDocument . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

organizationalStatus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

otherMailbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

ou (organizationUnitName) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

owner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

pager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

personalSignature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

personalTitle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

photo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

physicalDeliveryOfficeName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

postalAddress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

postalCode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

6 Netscape Directory Server Schema Reference • October 2004

postOfficeBox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

preferredDeliveryMethod . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

preferredLanguage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

presentationAddress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

protocolInformation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

ref . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

registeredAddress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

roleOccupant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

roomNumber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

searchGuide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

secretary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

seeAlso . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

serialNumber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

singleLevelQuality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

sn (surname) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

st (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

street . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

subject . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

subtreeMaximumQuality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

subtreeMinimumQuality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

supportedAlgorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

supportedApplicationContext . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

telephoneNumber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

teletexTerminalIdentifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

telexNumber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

textEncodedORAddress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

title . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

ttl (timeToLive) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

uid (userID) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

uniqueIdentifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

uniqueMember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

updatedByDocument . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

updatesDocument . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

userCertificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

userClass . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

userPassword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

userPKCS12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

userSMIMECertificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

x121Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

x500UniqueIdentifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Chapter 4 Operational Attributes, Special Attributes, and Special Object Classes . . . . . . 141

Operational Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

7

accountUnlockTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

aci . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

altServer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

attributeTypes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

copiedFrom . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

copyingFrom . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

dITContentRules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

dITStructureRules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

ldapSyntaxes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

matchingRules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

matchingRuleUse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

nameForms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

namingContexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

nsds5replconflict . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

nsRole . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

nsRoleDn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

numSubordinates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

objectClasses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

passwordAllowChangeTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

passwordChange (pwdAllowUserChange) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

passwordCheckSyntax (pwdCheckSyntax) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

passwordExp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

passwordExpirationTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

passwordExpWarned . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

passwordGraceLimit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

passwordGraceUserTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

passwordHistory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

passwordInHistory (pwdInHistory) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

passwordLockout (pwdLockOut) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

passwordLockoutDuration (pwdLockoutDuration) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

passwordMaxAge (pwdMaxAge) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

passwordMaxFailure (pwdMaxFailure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

passwordMinAge (pwdMinAge) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

passwordMinLength (pwdMinLength) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

passwordMustChange (pwdMustChange) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

passwordResetFailureCount (pwdFailureCountInterval) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

passwordRetryCount . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

passwordStorageScheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

passwordUnlock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

passwordWarning (pwdExpireWarning) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

pwdpolicysubentry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

retryCountResetTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

subschemaSubentry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

8 Netscape Directory Server Schema Reference • October 2004

supportedControl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

supportedExtension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

supportedLDAPVersion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

supportedSASLMechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

Special Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

changeLog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

changeNumber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

changeTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

changeType . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

deleteOldRdn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

newRdn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

newSuperior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

nsEncryptionAlgorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

nsSaslMapRegexString . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

nsSaslMapBaseDNTemplate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

nsSaslMapFilterTemplate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

targetDn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

Special Object Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

changeLogEntry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

nsAttributeEncryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

nsSaslMapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

passwordObject . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

subschema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

9

10 Netscape Directory Server Schema Reference • October 2004

About This Reference Guide

Netscape Directory Server (Directory Server) is a powerful and scalabl e distribute d
directory server based on the industry-standard Lightweight Directory Access
Protocol (LDAP). Directory Server is the cornerstone for building a centralized and
distributed data repository that can be used in your intranet, over your extranet
with your trading partners, or over the public Internet to reach your customers.

This preface contains the following sections:

• Purpose of This Guide (page 11)

• Directory Server Overview (page 11)

• Contents of This Guide (page 12)

• Prerequisite Reading ( p age 12)

• Conventions Used in This Book (page 13)

• Related Information (page 13)

Purpose of This Guide

This Schema Reference guide describes the standard directory schema for Directory
Server and lists all the object cl asses and attributes defined by the stan dard schema.
The information provided here is intended for the administrator who manages and
maintains the schema.

Directory Server Overvie w

The major components of Directory Server include:

• An LDAP server — The core of the directory service, provided by the

ns-slapd daemon, and compliant with the LDAP v3 Internet standards.

11

Contents of This Guide

• Directory Server Console — An improved management console that
dramatically reduces the effort of setting up and maintaining your directory
service. The Directory Server Console is part of Netscape Console, the
common management framework for Netscape servers.

• SNMP Agent — Permits you to monitor your Directory Server in real time
using the Simple Network Management Protocol (SNMP).

• Online backup and restore — Allows you to create backups and restore from
backups while the server is running.

Contents of This Guide

• Chapter 1, “About Schema” — Provides an overview of some of the basic
concepts of the directory schema and lists the files in which the sch e ma is
described. It describes object classes, attributes, and Object Identifiers (OIDs)
and briefly discusses schema checking and extending server schema.

• Chapter 2, “Object Class Reference”— Contains an alphabetical list of the
object classes accepted by the default schema. It gives a definition of each
object class and gives the list of required and allowed attributes specific to the
particular object class. However, any mandatory and optional attributes
inherited from superior object classes are not listed.

• Chapter 3, “Attribute Reference” — Contains an alph abetic list of the
standard attributes. It gives a definition of each attribute and gives the
attribute syntax.

• Chapter 4, “Operational Attributes, Special Attributes, and Special Object
Classes” — Contains operational attributes used by Directory Server. The
chapter also describes some special attributes and object classes that are used
by the server.

Prerequisite Re ading

This guide describes the standard schema and the standard obje ct classes and
attributes. However, this guide does not describe how to design, customize or
maintain your schema, nor does it give any information on replication. Those
concepts are described in the Netscape Directory Server D eploy me nt Guide . You
should read that book before continuing with this manual.

12 Netscape Directory Server Schema Reference • October 2004

When you are familiar with Directory Server schema concepts and have done some
preliminary planning for your directory service, you can install the Directory
Server. The instructions for installing the various Directory Server components are
contained in the Netscape Director y Server Installation Guide.

Preliminary planning includes d eciding how to represent the data you store. You
should chose predefined schema elements to meet as many of your needs as
possible. These predefined schema elements are listed in this guide.

Conventions Used in This Book

This section explains the conventions used in this book.

•

Monospaced font — This typeface is used for any text that appears on the

computer screen or text that you should type. It is also used for filenames,
functions, and examples.

• Throughout this book, you will see path refe rences of the form:

Conventions Used in This Book

serverRoot

serverRoot is th e installation directory. The default installation directory for

UNIX is

c:\usr\netscape\servers. If you have installed Directory Server in a

different location, you should adapt the path accordingly.
serverID is the ID or identif ier you assigned to an instance of Directory Server

when you installed it. For example, if you gave the server an id entifier of

phonebook, then the actual path would look like this:

/usr/netscape/servers/slapd-phonebook/. . .

• All paths specified in this manual are in UNIX f ormat. If you are using a
Windows-based Directory Server, you should assume the equivalent file paths
whenever UNIX file paths are shown in this book.

• In examples/sample code, paths assume that the Directory Server is installed
in the default location
Directory Server in a different location, adapt the paths accordingly. Also, all
examples use

/slapd-serverID/...

/usr/netscape/servers. On Windows, it is

/usr/netscape/servers. If you have installed your

phonebook for the server identifier where appropriate.

Related Information

The document set for Directory Server also contains the following guides:

About This Reference Guide 13

Related Information

• Netscape Directory Serv er De ployment Guide. Provides an overview for
planning your deployment of the Directory Server. Includes deployment
examples.

• Netscape Directory Server In stallation Guide. Procedu r es for installing your
Directory Server as well as procedures for migrating your Directory Server.

• Netscape Directory Server Administrator’s Guide. Procedures for the day-to-day
maintenance of your Directory Server. Includes information on configuring
server-side plug-ins.

• Netscape Directory Server Configuration, Command, an d File Reference.
Information about the command-line scripts, configuration attributes, and log
files shipped with Director y Se rve r .

• Netscape Directory Serv er Plug- in Prog rammer ’s Guide. Describes how to write
server plug-ins in order to customize and extend the capabilities of Directory
Server.

• Netscape Directory Server Gateway Customization Gui de . Introduces Direct ory
Server Gateway and explains how to implement a gateway instance with basic
directory look-up functionality. Also contains information useful for
implementing a more powerful gateway instance with directory
authentication and adminis tration capability.

• Netscape Directory Server Org Chart. Introduces the Netscape Directory Server
Org Chart application and explains how to integrate it with an instance of
Directory Server.

• Netscape Directory Server DSML Ga teway Guide. Introduces the Netscape
Directory Server DSML Gateway function and explains how to customize it
for use as an independent Java Gateway.

For a list of documentation installed with Directory Server, open the

<server_root>/manual/en/slapd/index.htm file, where <server_root> is the

directory in which you installed Directory Server.
For the latest information about Directory Server, including current release notes,

complete product documentation, technical notes, and deployment information,
check this site:

http://enterprise.netscape.com/docs

14 Netscape Directory Server Schema Reference • October 2004

Chapter 1

About Schema

This chapter provides an overview of some of the basic concepts of the directory
schema and lists the files in which the schema is described. It describes object
classes, attributes, and object identifiers (OIDs) and briefly discusses extending
server schema and schema che c king.

This chapter contains the following sections:

• Schema Definition (page 15)

• Schema Supported by Directory Server (page 19)

• Object Identifiers (OIDs) (page 21)

• Extending Server Schema (page 22)

• Schema Checking (page 22)

Schema Definition

The directory schema is a set of rules that defines how the data can be stored in the
directory. The data is stored in the form of directory entries. Each entry is a set of
attributes and their values. Each entry must have an object class. The object class
specifies the kind of object the entry describes and defines the set of attributes it
contains. The schema defines the type of entries allowed, their attribute structure
and the syntax of the attributes.The schema can be modified and extended if it does
not meet your required needs.

To find detailed information about object classes, attributes, and how the Netscape
Directory Server (Directory Server) uses the schema, refer to the

Server Deployment Guide.

Netscape Directory

15

Schema Definition

CAUTION Directory Server fails to start if schema definitions include too few or

too many space characters.
Use exactly one space in those places where the LDAP standards

allow the use of zero or many spaces; for example, the place between
the NAME keyword and the name of an attribute type.

Object Classes

In LDAP, an object class defines the set of attributes that can be used to define an
entry. The LDAP standard prov id e s some basic types of object classes, including:

• Groups, including uno r dered lists of individual objects or groups of object s.

• Locations, such as the country name and description.

• Organizations.

• People.

• Devices.

Required an d Allowed Attributes

Every object class includes a number of required attributes and of allowed
attributes. Required attributes include the attributes that must be present in
entries using the object class. All entries require the
defines the object classes assigned to the entry.

Allowed attributes include the attributes that may be present in entries using the
object class.

Example: Object Class = person

Required Attributes

object class
cn (common name)
sn (surname)

Allowed Attributes

description
seeAlso
telephoneNumber
userPassword

objectClass attribute, which

16 Netscape Directory Server Schema Reference • October 2004

Schema Definition

Object Class Inheritance

An entry can have more than one object class. For example, the entry for a person is
defined by the person object class but may also be defined by attributes in the

inetOrgPerson, groupOfNames, and organization object classes.

The server’s object class structure determines the list of required and allowed
attributes for a particular entry. For example, a person entry is usually defined
with the following object class structure:

objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgperson

In this structure, the inetOrgperson inherits from the organizationalPerson and

person object classes. Therefore, when you assign the inetOrgperson object class

to an entry, it automatically inherits the required and allowed attributes from the
superior object class.

Attributes

Directory data is represented as attribute-value pairs. Any piece of information in
the directory is associated with a descriptive attribute.

For instance, the
person named Jonas Salk can be represented in the directory as

cn: Jonas Salk

Each person entered in the directory can be defined by the collection of attributes
in the

inetOrgperson object class. Other attributes used to define this entry could

include:

givenname: Jonas

surname: Salk
mail: jonass@example.com

Attribute Syntax

Each attribut e has a syntax defini t ion that describes the type of information
provided by the attribute.

Attribute syntax is used by the Directory Server to perfor m sorting and pattern
matching.

commonName, or cn, attribute is used to store a person’s name. A

Chapter 1 About Schema 17

Schema Definition

Table 1-1 lists the different syntax methods that can be applied to attributes and
gives an OID and a definition for each syntax method.

Table 1-1 Attribute Syntax

Syntax Method OID Definition

Binary 1.3.6.1.4.1.1466.115.121.1.5 Indicates that values for this attribute are binary.
Boolean 1.3.6.1.4.1.1466.115. 121.1.7 Indicates that this attribu t e has one of only two

values: True or False.

Country String 1.3.6.1.4.1. 1466.115 .121.1.11 Indicates tha t values f or this at tribute ar e limited

to exactly two printable string characters; for

example, US.
DN 1.3.6.1.4.1.1466.115.121.1.12 Indicates that values for this attribute are DNs.
DirectoryString 1.3.6.1.4.1.1466.115.12 1.1.15 Indicates th at values for this attribute are not

case sensitive.
Generaliz edTime 1.3.6.1.4.1.1466.115.121.1.24 Indicates that values for this attribute are

encoded as printable strings. The time zone

must be specified. It is strongly recommended to

use GMT time.
IA5String 1.3.6.1.4.1.1466.115.121.1.26 Indicates that values fo r this attribute are case

sensitive.
INTEGER 1.3.6.1.4.1.1466.115.121. 1.27 Indicates that valid values for this attribute are

numbers.
OctetStrin g 1.3.6.1.4.1.1466.115.12 1.1.40 Same behavior as binary.
Postal Addre ss 1.3.6.1.4 .1.1466.115.121.1.41 Indicates that values for this attribute are

encoded according to

postal-address = dstring * (“$”

dstring)

where each dstring component is encoded as a

value of type DirectoryString syntax.

Backslashes and dollar characters, if they occur,

are quoted, so that they will not be mistaken for

line delimiters. Many servers limit the postal

address to 6 lines of up to thirty characters. For

example:

1234 Main St.$Anytown, TX 1234$USA

TelephoneNumber 1.3.6.1.4.1.1466.115.121.1.50 Indicates that values for this attribute are in the

form of telephone numbers. It is recommended

to use telephone numbers in international form.

18 Netscape Directory Server Schema Reference • October 2004

Schema Supported by Directory Server

Table 1-1 Attribute Syntax (Continued)

Syntax Method OID Definition

URI Indicates that the values for this attribute are in

the form of a URL, introduced by a string such
as http://, https://, ftp://, ldap://,
and ldaps://. The URI has the same behavior
as IA5String. See RFC 2396.

Single-Valued and Multi-Valued Attributes

By default, most attributes are multi-valued. This means that an entry can contain
the same attribute with multiple values . For example,
are all attributes that can have more than one value. Attributes that are
single-valued — that is, only one instance of the attribute can be specified — are
noted as such. For example,

uidNumber can only have one possible value.

cn, tel, and objectclass

Schema Supported by Di rectory Server

The schema provided with Directory Server is described in a set of files stored in
the

serverRoot/slapd-serverID/config/schema directory.

You can modify the schema by creating new object classes and attributes. These
modifications are stored in a separate file called
modify the standard files provided with the Directory Server because you incur the
risk of breaking compatibility with other Netscape products or of causing
interoperability problems with directory servers from vendors other than Netscape
Communications Corporation.

For more information about how the Directory Server stores information and
suggestions for planning directory schema, refer to the Netscape D irecto ry Serv er
Deployment Gui de .

The following tables list the schema files that are provided with Directory Server.
Table 1-2 lists the schema files that are used by the Directory Server. Table 1-3 lists
the schema files that are used by other Netscape products.

99user.ldif. You should not

Chapter 1 About Schema 19

Schema Supported by Directory Server

Table 1-2 Schema Files Used by Directory Server

Schema Filename Purpose

00core.ldif Recommended core schema from t he X.500 an d LDAP

05rfc2247.ldif Schema from RFC 2247 and related pilot schema

05rfc2927.ldif Schema from RFC 2927 “MIME Directory Profile for

10presence.ldif Schema for Presence information; the file lists the

10rfc2307.ldif Schema from RFC 2307, “An Approach for Using

standards (RFCs) and schema used by the Directory
Server itself.

“Using Domains in LDAP/X.500 Distinguished
Names.”

LDAP Schema.”

default object classes with the allo wed at tributes that
must be added to a user’s entry in order for
instant-messaging presence information to be
available for that user.

LDAP as a Network Info r ma t io n Ser vice.”

20subscriber.ldif Common schema elements for Netscape-Nortel

subscriber interoperability.

25java-object.ldif Schema from RFC 2713, “Schema for Representing

Java(tm) Objects in an LDAP Directory.”

28pilot.ldif Schema from t he p ilot RFCs, especially RFC 1274 , th at

are no longer recommended by Netscape for use in
new deployments.

30ns-common.ldif Common Netscape schema.
50ns-directory.ldif Additional schema used by Directory Server 4.x.
50ns-value.ldif Netscape servers “value item” schema.
99user.ldif Customer modifications to the schema.

Table 1-3 Schema Files used by other Netscape Products

Schema Filenames Purpose

50netscape-servicemgt.ldif

50ns-admin.ldif

Netscape service management schema elements.
Schema used by Netscape Administration Server.

50ns-calendar.ldif

20 Netscape Directory Server Schema Reference • October 2004

Netscape Calendar Server schema.

Table 1-3 Schema Files used by other Netscape Products (Continued)

Schema Filenames Purpose

Object Identifiers (OIDs)

50ns-certificate.ldif

50ns-compass.ldif

50ns-delegated-admin.ldif

50ns-legacy.ldif

50ns-mail.ldif

50ns-mcd-browser.ldif

50ns-mcd-config.ldif Schema for Netscape Mission Control Desktop -

50ns-mcd-li.ldif Schema for Netscape Mission Control Desktop - Location

50ns-mcd-mail.ldif Schema for Netscape Mission Control Desktop - Mail.
50ns-media.ldif Schema for Netscape Media Server.
50ns-mlm.ldif Schema for Netscape Mailing List Manager.
50ns-msg.ldif Schema for Netscape Web Mail.
50ns-netshare.ldif Schema for Netscape Netshar e .
50ns-news.ldif Schema for Netscape Colla bra Server.

Schema for Netscape Certificate M anagement System .
Schema for the Netscape Compass Server.
Schema for Netscape Delegated Administrator 4.5.
Legacy Netscape Schema.
Schema for Netscape M essaging Server.
Schema for Netscape Mission Control Desktop - Browser.

Configuration.

Independence.

50ns-proxy.ldif Schema for Netscape Proxy Server.
50ns-wcal.ldif Schema for Netscape Web Calendaring.
50ns-web.ldif Schema for Netscape Web Se rver.
51ns-calendar.ldif Schema for Netscape Calendar Server.

Object Identifiers (OIDs)

Object identifiers (OIDs) are assigned to all attributes and object classes to co nform
to the LDAP and X.500 standards. An OID is a sequence of integers, typically
written as a dot-separated string. When no OID is specified, the Directory Server
automatically uses ObjectClass_name-oid and attribute_name-oid.

The Netscape base OID is

2.16.840.1.113730

The base OID for the Directory Server is

Chapter 1 About Schema 21

Extending Server Sch em a

2.16.840.1.113730.3

All Netscape-defined attributes have the base OID of

2.16.840.1.113370.3.1

All Netscape-defined object classes have the base OID of

2.16.840.1.113730.3.2

For more information about OIDs or to request a prefix for your enterprise, please
go to the Internet Assigned Number Authority (IANA) web site at

http://www.iana.org/.

Extending Ser ve r Sche m a

The Directory Server schema includes hundreds of object classes and attributes
that can be used to meet most of your requirements. This schema can be extended
with new object classes and attributes that meet evolving requirements for the
directory service in the enterprise.

When adding new attributes to the schema, a new object class should be created
to contain them (adding a new attribute to an existing object class can
compromise the Directory Server’s compatibility with existing LDAP clients that
rely on the standard LDAP schema and may cause difficulties when upgrading
the server).

For more information about extending server schema, refer to the Netscape
Directory Server Deployment Guide.

Schema Checking

You should run Directory Server with schema checking turned on.
The schema checking capability of Directory Server checks entries when you add

them to the directory or when you modify them, to verify that:

• Object classes and attributes used in the entry are defined in the directory
schema.

• Attributes required for an object class are contained in the entry.

• Only attributes allowed by the object class are contained in the entry.

22 Netscape Directory Server Schema Reference • October 2004

Schema Checking

Schema checking also occurs when importing a database using LDIF. For more
information, refer to the Netscape Directory Server Administrator’s Guide.

Chapter 1 About Schema 23

Schema Checking

24 Netscape Directory Server Schema Reference • October 2004

Chapter 2

Object Class Reference

This chapter contains an alphabetical list of the object classes accepted by the
default schema. It gives a definition of each object class and lists its required and
allowed attributes. The object classes listed in this chapter ar e available fo r you to
use to support your own information in the Netscape Directory Server (Directory
Server). Object classes that are used by the Directory Server or other Netscape
products for internal operations are not documented here. For information about
these object classes, please refer to the Netscape Directory Server Configuration,
Command, and File Reference.

NOTE When an object class inherits attributes from other object classes, the

inherited attributes are shown in ita lics. An object class which
inherits from another object class must appear after this object class
in the

The LDAP RFCs and X.500 standards allow for an object class to have more than
one superior. This behavior is not currently supported by Directory Server.

.ldif file; otherwise, the server will not start.

Chapter 2 Object Class Reference 25

account

Definition

Used to define entries representing computer accounts.
This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.5

Required Attributes

objectClass Defines the object classes fo r the entry.
uid (userID)) Identifies the account’s user ID.

Allowed Attributes

description Text description of the entry.
host Hostname of the computer on which the account resides.
l (localityName) Place in which the account is located.
o (organizationName) Organization to which the account belongs.
ou (organizationUnitName ) Organizational unit to which the account belongs.
seeAlso URL to information relevant to the account.

26 Netscape Directory Server Schema Reference • October 2004

alias

Definition

Used to point to other entries in the directory tree.
Note: Aliasing is not supported in Directory Server.
This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.1

Required Attributes

objectClass Defines the object classes for the entry.
aliasedObjectName Distinguished name of the entry for which this entry is

an alias.

Chapter 2 Object Class Reference 27

cosClassicDefinition

Definition

Identifies the template entry using both the template entry’s DN (as specified in the

cosTemplateDn attribute) and the value of one of the target entry’s attributes (as

specified in the
This object class is defined in Directory Server.

Superior Class

cosSuperDefinition

OID

2.16.840.1.113730.3.2.100

Required Attributes

objectClass Defines the object classes for the entry.
cosAttribute Provides the name of the attribute for which you want

cosSpecifier attribute).

to generate a value. You can s pecify more tha n one
cosAttribute value.

Allowed Attributes

cn (commonName) Common name of the entry.
cosSpecifier Specifies the attribute value used by a classic CoS,

which, along with the template entry’s DN, identifies
the template entry.

cosTemplateDn Provides the DN of the template entry associated with

the CoS definition.

description Text description of the entry.

28 Netscape Directory Server Schema Reference • October 2004

cosDefinition

Definition

Defines the Class of Services you are using. This object class is supported in order
to provide compatibility with the DS4.1 CoS Plug-in.

This object class is defined in Directory Server.

Superior Class

top

OID

2.16.840.1.113730.3.2.84

Required Attributes

objectClass Defines the object classes fo r the entry.

Allowed Attributes

aci Evaluates what rights are granted or denied when the

Directory Server receives an LDAP request from a
client.

cn (commonName) Common name of the entry.
cosAttribute Provides the name of the attribute for which you want

to generate a value. You can specify more than one
cosAttribute value.

cosSpecifier Specifies the attribute value used by a classic CoS,

which, along with the template entry’s DN, identifies
the template entry.

cosTargetTree Determines the subtrees of the DIT to which the CoS

schema applies.

cosTemplateDn Provides the DN of the template entry associated with

the CoS definition.

uid (userID) Identifies the user ID.

Chapter 2 Object Class Reference 29

cosIndirectDefinition

Definition

Identifies the template entry using the value of one of the target entry’s attributes.
The attribute of the target entry is specified in the
attribute.

This object class is defined in Directory Server.

Superior Class

cosSuperDefinition

OID

2.16.840.1.113730.3.2.102

Required Attributes

objectClass Defines the object classes fo r the entry.
cosAttribute Provides the name of the attribute for which you want to

cosIndirectSpecifier

generate a value. You can s pecify more than one
cosAttribute value.

Allowed Attributes

cn (commonName) Common name of the entry.
cosIndirectSpecifier Specifies the attribute value used by an indirect CoS to

identify the template entry.

description Text description of the entry.

30 Netscape Directory Server Schema Reference • October 2004

cosPointerDefinition

Definition

Identifies the template entry associated with the CoS definition using the template
entry’s DN value. The DN of the template entry is specified in the
attribute.

This object class is defined in Directory Server.

Superior Class

cosSuperDefinition

OID

2.16.840.1.113730.3.2.101

Required Attributes

objectClass Defines the object classes for the entry.
cosAttribute Provides the name of the attribute for which you want to

cosTemplateDn

generate a value. You can s pecify more than one
cosAttribute value.

Allowed Attributes

cn (commonName) Common name of the entry.
cosTemplateDn Provides the DN of the template entry associated with

the CoS definition.

description Text description of the entry.

Chapter 2 Object Class Reference 31

cosSuperDefinition

Definition

All CoS definition object classes inherit from the cosSuperDefinition object
class.

This object class is defined in Directory Server.

Superior Class

ldapSubEntry

OID

2.16.840.1.113730.3.2.99

Required Attributes

objectClass Defines the object cla sses for the entry.
cosAttribute Provides the name of the attribute for which you want to

generate a value. You can s pecify more than one
cosAttribute value.

Allowed Attributes

cn (commonName) Common name of the entry.
description Text description of the entry.

32 Netscape Directory Server Schema Reference • October 2004

cosTemplate

Definition

Contains a list of the shared attribute values.
This object class is defined in Directory Server.

Superior Class

top

OID

2.16.840.1.113730.3.2.128

Required Attributes

objectClass Defines the object classes for the entry.

Allowed Attributes

cn (commonName) Common name of the entry.
cosPriority Specifies which template provides the attribute

value when CoS templates compete to provide an
attribute value.

Chapter 2 Object Class Reference 33

country

Definition

Used to defines entries that represent countries.
This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.2

Required Attributes

objectClass Defines the object classes for the entry.
c (countryName) Contains the two-character code representing country

names, as defined by ISO, in the directory.

Allowed Attributes

description Text description of the country.
searchGuide Specifies information for suggested search criteria when

using the entry as the base object in t he directory t ree for
a search operation.

34 Netscape Directory Server Schema Reference • October 2004

dcObject

Definition

Allows domain components to be defined for an entry. This object class is defined
as auxiliary because it is commonly used in combination with another object class,
such as

o (organizationName), ou (organizationalUnitName), or l (localityName). For

example:

dn: dc=example,dc=com
objectClass: top
objectClass: organization
objectClass: dcObject
dc: example
o: Example Corporation

This object class is defined in RFC 2247.

Superior Class

top

OID

1.3.6.1.4.1.1466.344

Required Attributes

objectClass Defines the object classes for the entry.
dc (domainComponent) One component of a domain name.

Chapter 2 Object Class Reference 35

device

Definition

Used to store information about network devices, such as printers, in the directory.
This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.14

Required Attributes

objectClass Defines the object classes for the entry.
cn (commonName) Common name of the device.

Allowed Attributes

description Text description of the device.
l (localityName) Place in which the device is located.
o (organizationName) Organization to which the device belongs.
ou (organizationUnitName) Organizational unit to which the device belongs.
owner Distinguished name of the person responsible for the

device.

seeAlso URL to information relevant to the device.
serialNumber Serial number of the device.

36 Netscape Directory Server Schema Reference • October 2004

document

objectClass Defines the object classes for the entry.
documentIdentifier Unique identifier for a document.

Definition

Used to define entries which represent documents in the directory.
This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.6

Required Attributes

Allowed Attributes

abstract Abstract of the document.
audio Stores a sound file in binary format.
authorCn Author’s common, or given, name.
authorSn Author’s surname.
cn (commonName) Common name of the document.
description Text description of the document.
dITRedirect Distinguished name to use as a redirect for the entry.
documentAuthor Distinguished name of the document author.
documentLocation Location of the original document.
documentPublisher Person or organization that published the document.
documentStore Not defined.
documentTitle The document’s title.
documentVersion The document’s version num ber .
info Informatio n about the object.
jpegPhoto Photo in jpeg format.

Chapter 2 Object Class Reference 37

keyWords Keywords that describe the document.
l (localityName) Place in which the document is located.
lastModifiedBy Distinguished name of the last user to modify the

document.

lastModifiedTime Last time the document was modified.
manager Distinguished name of the object’s manager.
o (organizationName) Organization to which the document belon gs.
obsoletedByDocument Distinguished name of a document th at obsoletes this

document.

obsoletesDocument Distinguished name of a document that is obsoleted by

this document.

ou (organizationUnitName) Organizational unit to which the document belongs.
photo Photo of the document, in binary form.
seeAlso URL to information relevant to the document.
subject Subject of the docume nt.
uniqueIdentifier Specific item used to distinguish between two entries

when a distinguished name has been reused.

updatedByDocument Distinguished name of a document that is an updated

version of this document.

updatesDocument Distinguished name of a document for whic h this

document is an updated version.

38 Netscape Directory Server Schema Reference • October 2004

documentSeries

Definition

Used to define an entry that represents a series of documents.
This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.9

Required Attributes

objectClass Defines the object classes for the entry.
cn (commonName) The common name of the series.

Allowed Attributes

description Text description of the series.
l (localityName) Place in which the series is located.
o (organizationName) Organization to which the series belongs.
ou (organizationUnitName) Organizational unit t o which the series belongs.
seeAlso URL to information relevant to the series.
telephoneNumber Telephone number of the person responsible for the

series.

Chapter 2 Object Class Reference 39

domain

Definition

Used to define entries that represent DNS domains in the directory. The

domainComponent attribute should be used for naming entries of this object class.

Used to represent Internet domain names (e.g.,

domain object class can only be used with an entry that does not correspond to

The

example.com).

an organization, organizational unit or other type of object for which an object class
has been defined. The domain object class requires that the

domainComponent

attribute be present and permits several other attributes to be present in the entry.
This object class is defined in RFC 2247.

Superior Class

top

OID

0.9.2342.19200300.100.4.13

Required Attributes

objectClass Defines the object classes for the entry.
dc (domainComponent) One component of a domain name.

Allowed Attributes

associatedName Entry in the organizational directory tree associated with

businessCategory Type of business in which this domain is engaged.
description Text description of the domain.
destinationIndicator Country and city associated with the en try needed to

fax
(facsimileTelephoneNumber)

internationalISDNNumber Domain’s ISDN number.
l (localityName) Place in which the domain is located.
o (organizationName) Organization to which the domain belongs.

40 Netscape Directory Server Schema Reference • October 2004

a DNS domain.

provide Public Telegram Service.
Domain’s fax number.

physicalDeliveryOfficeName Location where physical deliveries can be made.
postOfficeBox Domain’s post office box.
postalAddress Domain’s mailing address.
postalCode The postal code for this address (such as a United Sta tes

zip code).

preferredDeliveryMethod Domain’s preferred method of contact or delivery.
registeredAddress Postal address suitable for reception of expedited

documents, where the recipient must verify delivery.

searchGuide Specifies information for suggested search criteria when

using the entry as the base object in t he directory t ree for
a search operation .

seeAlso URL to information relevant to the domain.
st (stateOrProvinceName) State or province in which the domain is located.
street Street address in which the domain is located.
telephoneNumber Domain’s telephone number.
teletexTerminalIdentifier Identifier for a domain’s teletex terminal.
telexNumber Domain’s telex number.
userPassword Password with which the entry can bind to the directory.
x121Address X.121 address of the domain.

Chapter 2 Object Class Reference 41

domainRelatedObject

Definition

Used to define entries which representDNS/NRS domains which are “equivalent”
to an X.500 domain; for example, an organization or organizational unit.

This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.17

Required Attributes

objectClass Defines the object classes for the entry.
associatedDomain Specifies a DNS domain associated with an object in the

directory tree.

42 Netscape Directory Server Schema Reference • October 2004

dSA

Definition

Used to define entries representing DSAs in the directory.
This object class is defined in RFC 1274.

Superior Class

top

OID

2.5.6.13

Required Attributes

objectClass Defines the object classes for the entry.
cn (commonName) The common name of the series.
presentationAddress Contains an OSI presentation address for the entry.

Allowed Attributes

description Text description of the series.
knowledgeInformation This attribute is no longer used.
l (localityName) Place in which the series is located.
o (organizationName) Organization to which the series belongs.
ou (organizationUnitName) Organizational unit t o which the series belongs.
seeAlso URL to information relevant to the series.
supportedApplicationContext This attrib u te cont ain s the identifi ers of OSI

application contexts.

Chapter 2 Object Class Reference 43

extensibleObject

Definition

When present in an entry, extensibleObject permits the entry to hold optionally
any attribute. The allowed attribute list o f this class is implicitly the set of all
attributes known to the server.

This object class is defined in RFC 2252.

Superior Class

top

OID

1.3.6.1.4.1.1466.101.120.111

Required Attributes

objectClass Defines the object classes for the entry.

Allowed Attributes

All attributes known to the server.

44 Netscape Directory Server Schema Reference • October 2004

friendlyCountry

Definition

Used to define country entries in the directory tree. This object class is used to
allow more user-friendly country n am e s than those allowed by the country object
class.

This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.18

Required Attributes

objectClass Defines the object classes for the entry.
co (friendlyCountryName) Stores the name of a country.
c (countryN a me ) Contai ns the two-character code representing c ountry

names, as defined by ISO, in the directory.

Allowed Attributes

description Text description of the country.
searchGuide Specifies information for suggested search criteria when

using the entry as the base object in t he directory t ree for
a search operation .

Chapter 2 Object Class Reference 45

groupOfCertificates

Definition

Used to describe a set of X.509 certificates. Any certificate that matches one of the
memberCertificateDescription values is considered a member of the group.

This object class is defined in Directory Server.

Superior Class

top

OID

2.16.840.1.113730.3.2.31

Required Attributes

objectClass Defines the object classes for the entry.
cn (commonName) The group’s common name.

Allowed Attributes

businessCategory Type of business in which the group is engaged.
description Text description of the group’s purpose.
memberCertificateDescription Values used to determine if a particular certificate is a

member of this group.

o (organizationName) Organization to which the group of certificates belongs.
ou (organizationUnitName) Organizational unit to which the group belongs.
owner Distinguished name of the person responsible for the

group.

seeAlso URL to information relevant to the group.

46 Netscape Directory Server Schema Reference • October 2004

groupOfNames

Definition

Used to define entries for a group of names.
Note: The definition in Directory Server differs from the standard definition. In the

standard definition,
an allowed attribute. Directory Server therefore allows a group to have no member.

This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.9

Required Attributes

objectClass Defines the object classes for the entry.
cn (commonName) The group’s common name.

member is a required attribute. In Directory Server, member is

Allowed Attributes

businessCategory Type of business in which the group is engaged.
description Text description of the group’s purpose.
member Distinguished name of a group member.
o (organizationName) Organization to which the group belongs.
ou (organizationUnitName) Organizational unit to which the group belongs.
owner Distinguished name of the person responsible for the

group.

seeAlso URL to information relevant to the group.

Chapter 2 Object Class Reference 47

groupOfUniqueNames

Definition

Used to define entries for a group of unique names.
Note: The definition in Directory Server differs from the standard definition. In the

standard definition,

uniquemember is an allowed attribute. Directory Server therefore allows a group to

have no member.
This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.17

Required Attributes

objectClass Defines the object classes for the entry.
cn (commonName) The group’s common name.

uniquemember is a required attribute. In Directory Server,

Allowed Attributes

businessCategory Type of business in which the group is engaged.
description Text description of the group’s purpose.
o (organizationName) Organization to which the group belongs.
ou (organizationUnitName) Organizational unit to which the group belongs.
owner Distinguished name of the person responsible for the

group.

seeAlso URL to information relevant to the group.
uniqueMember Distinguished name of a unique group member.

48 Netscape Directory Server Schema Reference • October 2004

groupOfURLs

Definition

An auxiliary object class of groupOfUniqueNames or groupOfNames. The group
consists of a list of labeled URLs.

This object class is defined in Directory Server.

Superior Class

top

OID

2.16.840.1.113730.3.2.33

Required Attributes

objectClass Defines the object classes for the entry.
cn (commonName) The group’s common name.

Allowed Attributes

businessCategory Type of business in which the group is engaged.
description Text description of the group’s purpose.
memberURL URL associated with each member of the group.
o (organizationName) Organization to which the group belongs.
ou (organizationUnitName) Organizational unit to which the group belongs.
owner Distinguished name of the person responsible for the

group.

seeAlso URL to information relevant to the group.

Chapter 2 Object Class Reference 49

inetOrgPerson

Definition

Used to define entries representing people in an organization’s enterprise network.
Inherits

This object class is defined in RFC 2798.

Superior Class

person

OID

2.16.840.1.113730.3.2.2

Required Attributes

objectClass Defines the object classes for the entry.
cn (commonName) The person’s common name.
sn (surname) The person’s surname, or last name.

cn and sn from the person object class.

Allowed Attributes

audio Stores a sound file in binary format.
businessCategory Type of business in which the person is engaged.
carLicense The license plate number of the person’s vehicle.
departmentNumber Department for which the person works.
description Text description of the person.
destinationIndicator Country and city associated with the en try needed to

provide Public Telegram Service.

displayName Preferred name of a person to be used when displaying

entries.

employeeNumber The person’s employee number.
employeeType The person’s type of employment (for example, full

time).

fax (facsimileTelephoneNumber) The person’s fax number.
givenName The person’s given, or first, name.

50 Netscape Directory Server Schema Reference • October 2004

homePhone The person’s home phone number.
homePostalAddress The person’s home mailing adress.
initials The person’s init ia ls.
internationalISDNNumber The person’s ISDN number.
jpegPhoto Photo in JPEG format.
l (localityName) Place in which the person is located.
labeledURI Universal resource locator that is relevant to the person.
mail The person’s email address.
manager Distinguished name of the object’s manager.
mobile The person’s mobile phone number.
o (organizationName) Organization to which the person belongs
ou (organizationUnitName) Organizational unit to which the person belongs.
pager The person’s pager number.
photo Photo of the person, in binary form.
physicalDeliveryOfficeName Location where physical deliveries can be made to the

person.

postOfficeBox The person’s post office box.
postalAddress The person’s mailing address.
postalCode The postal code for this address (such as a United Sta tes

zip code).

preferredDeliveryMethod The person’s preferred method of contact or delivery.
preferredLanguage The person’s preferred written or spoken language.
registeredAddress Postal address suitable for reception of expediated

documents, where the recipient must verify delivery.

roomNumber The room number in which the person is located.
secretary Distinguished name of the person’s secretary or

administrative assistant.

seeAlso URL to information relevant to the person.
st (stateOrProvinceName) State or province in which the person is located.
street Street address at which the person is located.
telephoneNumber The person’s telephone number.
teletexTerminalIdentifier Identifier for the person’s teletex terminal.

Chapter 2 Object Class Reference 51

telexNumber The person’s telex number.
title The person’s job title.
uid (us erID) Identifies the person’s user id (usually the logon ID).
userCertificate S tores a user’s certificate in cleartext (not used).
userPassword Password with which the entry can bind to the directory.
userSMIMECertificate Stores a user’s certificate in binary form. Used by

Netscape Communicator for S/MIME.

x121Address X.121 address of the person.
x500UniqueIdentifier Reserved.

52 Netscape Directory Server Schema Reference • October 2004

labeledURIObject

Definition

This object class can be added to existing directory objects to allow for inclusion of
URI values. This approach does not preclude inclu ding the labeledURI attribute
type directly in other object classes as appropriate.

This object class is defined in RFC 2079.

Superior Class

top

OID

1.3.6.1.4.1.250.3.1

Required Attributes

objectClass Defines the object classes for the entry.

Allowed Attributes

labeledURI Universal Resource Locator that is relevant to the entry.

Chapter 2 Object Class Reference 53

locality

Definition

Used to define entries that represent localities or geographic areas.
This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.3

Required Attributes

objectClass Defines the object classes for the entry.

Allowed Attributes

description Text description of the locality.
l (localityName) Place in which the entry is located.
searchGuide Specifies information for a suggested search criteria

when using the entry as the base objec t in the directory
tree for a search operation.

seeAlso URL to information relevant to the locali ty.
st (stateOrProvinceName) State or province to which the locality belongs.
street Street address associated with the locality.

54 Netscape Directory Server Schema Reference • October 2004

newPilotPerson

Definition

Used as a subclass of person to allow the use of a number of additional attributes
to be assigned to entries of the person object class. Inherits

person object class.

This object class is defined in Intern et White Pages Pilot.

Superior Class

person

OID

0.9.2342.19200300.100.4.4

Required Attributes

objectClass Defines the object classes for the entry.
cn (commonName) The person’s common name.
sn (surname) The person’s surname, or last name.

cn and sn from the

Allowed Attributes

businessCategory Type of business in which this person is engaged.
description Text description of the person.
drink (favoriteDrink) The person’s favorite drink.
homePhone The person’s home phone number.
homePostalAddress The person’s home mailing address.
janetMailbox The person’s email address.
mail The person’s email address.
mailPreferenceOption Indicates a preferen ce for in cl usion of t he per son’ s n ame

on mailing lists (electronic or physical). Not valid in
Messaging server 4.0.

mobile The person’s mobile phone number.
organizationalStatus The person’s type of employment (for example, full

time).

Chapter 2 Object Class Reference 55

otherMailbox Values for electronic mailbox types ot her than X.4 00 and

rfc822.

pager The person’s pager number.
personalSignature The person’s signature file.
personalTitle The person’s personal title.
preferredDeliveryMethod The person’s preferred method of contact or delivery.
roomNumber The person’s room number.
secretary Distinguished name of the person’s secretary or

administrative assistant.

seeAlso URL to information relevant to the person.
telephoneNumber The person’s telephone number.
textEncodedORAddress The person’s text-encoded Originator/Recipient (X.400)

address.

uid (us erID) Identifies the person’s user id (usually the logon ID).
userClass Category of user.
userPassword Password with which the entry can bind to the directory.

56 Netscape Directory Server Schema Reference • October 2004

nsComplexRoleDefinition

Definition

Any role that is not a simple role is, by definition, a comple x role.
This object class is defined in Directory Server.

Superior Class

nsRoleDefinition

OID

2.16.840.1.113730.3.2.95

Required Attributes

objectClass Defines the object classes for the entry.

Allowed Attributes

cn (commonName) The entry’s common name.
description Text description of the entry.

Chapter 2 Object Class Reference 57

nsFilteredRoleDefinition

Definition

Specifies assignment of entries to the role, depending upon the attributes contained
by each entry.

This object class is defined in Directory Server.

Superior Class

nsComplexRoleDefinition

OID

2.16.840.1.113730.3.2.97

Required Attributes

objectClass Defines the object classes for the entry.
nsRoleFilter Specifies the filter assigned to an entry.

Allowed Attributes

cn (commonName) The entry’s common name.
description Text description of the entry.

58 Netscape Directory Server Schema Reference • October 2004

nsLicenseUser

Definition

Used to track licenses for Netscape servers that are licensed on a per-client basis.

nsLicenseUser is intended to be used with the inetOrgPerson object class. You

can manage the contents of this object class through the Users and Groups area of
the Netscape Administration Server.

This object class is defined in Netscape Administration Services.

Superior Class

top

OID

2.16.840.1.113730.3.2.7

Required Attributes

objectClass Defines the object classes for the entry.

Allowed Attributes

nsLicensedFor Netscape server that the user is licensed to use.
nsLicenseEndTime Reserved for future use.
nsLicenseStartTime Reserved for future use.

Chapter 2 Object Class Reference 59

nsManagedRoleDefinition

Definition

Specifies assignment of a role to an explicit, enumerated list of members.
This object class is defined in Directory Server.

Superior Class

nsSimpleRoleDefinition

OID

2.16.840.1.113730.3.2.96

Required Attributes

objectClass Defines the object classes for the entry.

Allowed Attributes

cn (commonName) The entry’s common name.
description Text description of the entry.

60 Netscape Directory Server Schema Reference • October 2004

nsNestedRoleDefinition

Definition

Specifies containment of one or more roles of any type within the role.
This object class is defined in Directory Server.

Superior Class

nsComplexRoleDefinition

OID

2.16.840.1.113730.3.2.98

Required Attributes

objectClass Defines the object classes for the entry.
nsRoleDn Specifies the roles assigned to an entry.

Allowed Attributes

cn (commonName) The entry’s common name.
description Text description of the entry.

Chapter 2 Object Class Reference 61

nsRoleDefinition

Definition

All role definition object classes i nherit from the nsRoleDefinition object class.
This object class is defined in Directory Server.

Superior Class

ldapSubEntry

OID

2.16.840.1.113730.3.2.93

Required Attributes

objectClass Defines the object classes for the entry.

Allowed Attributes

cn (commonName) The entry’s common name.
description Text description of the entry.

62 Netscape Directory Server Schema Reference • October 2004

nsSimpleRoleDefinition

Definition

Roles containing this object class are called simple roles because they have a
deliberately limited flexibility, which makes it ea sy to:

• Enumerate the members of a role.

• Determine whether a given entry possesses a particular role.

• Enumerate all the roles possessed b y a given entry.

• Assign a particular role to a given entry.

• Remove a particular role from a given entry.
This object class is defined in Directory Server.

Superior Class

nsRoleDefinition

OID

2.16.840.1.113730.3.2.94

Required Attributes

objectClass Defines the object classes for the entry.

Allowed Attributes

cn (commonName) The entry’s common name.
description Text description of the entry.

Chapter 2 Object Class Reference 63

organization

Definition

Used to define entries that represent organizations. An organization is generally
assumed to be a large, relatively static grouping within a larger corporation or
enterprise.

This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.4

Required Attributes

objectClass Defines the object classes for the entry.
o (organizationName) The name of the organization.

Allowed Attributes

businessCategory Type of business in which the organization is engaged.
description Text description of the organization.
destinationIndicator Country and city associated with the entry needed to

provide Public Telegram Service.

fax (facsimileTelephoneNumber) The organization’s fax number.
internationalISDNNumber The organization’s ISDN number.
l (localityName) Place in which the organization is located.
physicalDeliveryOfficeName Location where physical deliveries can be made to the

organization.

postalAddress The organization’s mailing address.
postalCode The postal code for this address (such as a United States

zip code).

postOfficeBox The organization’s post office box.
preferredDeliveryMethod The organization’s preferred method of contact or

delivery.

64 Netscape Directory Server Schema Reference • October 2004

registeredAddress Postal address suitable for reception of expedited

documents, where the recipient must verify delivery.

searchGuide Specifies informat ion for suggest ed search cr iteria wh en

using the entry a s the b ase object in the directory tree for
a search operation.

seeAlso URL to information relevant to the organization.
st (stateOrProvinceName) State or province in which the organization is located.
street Street address at which the organization is located.
telephoneNumber The organization’s telephone number.
teletexTerminalIdentifier Identifier for the organization’s teletex terminal.
telexNumber The organization’s telex number.
userPassword Password with which the entry can bind to the

directory.

x121Address X.121 address of the organization.

Chapter 2 Object Class Reference 65

organizationalPerson

Definition

Used to define entries for people employed by or associated with an organization.

cn and sn are inherited from the person object class.

This object class is defined in RFC 2256.

Superior Class

person

OID

2.5.6.7

Required Attributes

objectClass Defines the object classes for the entry.
cn (commonName) The person’s common name.
sn (surname) The person’s surname, or last name.

Allowed Attributes

description Text description of the person.
destinationIndicator Country and city associated with the person needed to

provide Public Telegram Service.

fax (facsimileTelephoneNumber) The person’s fax number.
internationalISDNNumber The person’s ISDN number.
l (localityName) Place in which the person is located.
ou

(organizationUnitName)
physicalDeliveryOfficeName Location where physical deliveries can be made to this

postalAddress The person’s mailing address.
postalCode The postal code for this add re ss (such as a United States

postOfficeBox The person’s post office box.

Organizational unit to which the person belongs.

person.

zip code).

66 Netscape Directory Server Schema Reference • October 2004

preferredDeliveryMethod The person’s preferred method of contact or delivery.
registeredAddress Postal address suitable for reception of expedited

documents, where the recipient must verify delivery.

seeAlso URL to information relevant to the person.
st (stateOrProvinceName) State or province in which the person is located.
street Street address at which the person is located.
telephoneNumber The person’s telephone number.
teletexTerminalIdentifier Identi fier for the person’s teletex terminal.
telexNumber The person’s telex number.
title The person’s job title.
userPassword Password with which the entry can bind to the directory.
x121Address X.121 address of the person.

Chapter 2 Object Class Reference 67

organizationalRole

Definition

Used to define entries that represent roles held by people within an organization.
This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.8

Required Attributes

objectClass Defines the object classes for the entry.
cn (commonName) The role’s common name.

Allowed Attributes

description Text description of the role.
destinationIndicator Country and city associated with the en try needed to

provide Public Telegram Service.

fax (facsimileTelephoneNumber) Fax number of the person in the role.
internationalISDNNumber ISDN number of the person in the role.
l (localityName) Place in which the person in the role is located.
ou (organizationUnitName) Organizational unit to which the person in the role

belongs.

physicalDeliveryOfficeName Location where physical deliveries can be made to the

person in the role.

postalAddress The mailing address for the person in the role.
postalCode The postal code for this add re ss (such as a United States

zip code).

postOfficeBox The post office box for the person in the role.
preferredDeliveryMethod Preferred method of contact or delivery of the person in

the role.

68 Netscape Directory Server Schema Reference • October 2004

registeredAddress Postal address suitable for reception of expedited

documents, where the recipient must verify delivery.

roleOccupant Distinguished name of the person in the role.
seeAlso URL to inform ation relevant to the person in the role.
st (stateOrProvinceName) State or province in which the person in the role is

located.

street Street address at which the person in the role is located.
telephoneNumber The person’s telephone number.
teletexTerminalIdentifier Identifier for the teletex terminal of the person in the

role.

telexNumber Telex number of the person in the role.
x121Address X.121 add ress of the person in the role.

Chapter 2 Object Class Reference 69

organizationalUnit

Definition

Used to define entries that represent organizational units. An organizational unit is
generally assumed to be a relatively static grouping within a larger organizatio n.

This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.5

Required Attributes

objectClass Defines the object classes for the entry.
ou (organizationUnitName) The name of the organizational unit.

Allowed Attributes

businessCategory Type of business in which the organizational unit is

engaged.

description Text description of the organizational unit.
destinationIndicator Cou ntry an d city associat ed with the o rganiza tiona l unit

needed to provide Public Telegram Service.

fax (facsimileTelephoneNumber) The organizational unit’s fax number.
internationalISDNNumber The organizational unit’s ISDN number.
l (localityName) Place in which the organizational unit is located.
physicalDeliveryOfficeName Location where physical de liveries can be made to the

organizational unit.

postalAddress The organizational unit’s mailing address.
postalCode The postal code for this address (such as a United States

zip code).

postOfficeBox The organizational unit’s post office box.
preferredDeliveryMethod The organizational unit’s preferred method of contact or

delivery.

70 Netscape Directory Server Schema Reference • October 2004

registeredAddress Postal address suitable for reception of expedited

documents, where the recipient must verify delivery.

searchGuide Specifies information for su ggest ed search crit eria wh en

using the entry as the base object in the directory tree for
a search operation.

seeAlso URL to information relevant to the organizational unit.
st (stateOrProvinceName) State or province in which the organizational unit is

located

street Street address at which the organizational unit is

located.

telephoneNumber The organizational unit’s telephone number.
teletexTerminalIdentifier Identifier for the organizational unit’s teletex terminal.
telexNumber The organization’s telex number.
userPassword Password with which the entry can bind to the

directory.

x121Address X.121 address of the organizational unit.

Chapter 2 Object Class Reference 71

person

Definition

Used to define entries that generically represent people. This object class is the base
class for the

organizationalPerson object class.

This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.6

Required Attributes

objectClass Defines the object classes for the entry.
cn (commonName) The person’s common name.
sn (surname) The person’s surname, or last name.

Allowed Attributes

description Text description of the person.
seeAlso URL to information relevant to the person.
telephoneNumber The person’s telephone number.
userPassword Password with which the entry can bind to the

directory.

72 Netscape Directory Server Schema Reference • October 2004

pilotObject

Definition

Used as a subclass to allow additional attributes to be assign ed to entries of all
other object classes.

This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.3

Required Attributes

objectClass Defines the object classes for the entry.

Allowed Attributes

audio Stores a sound file in binary format.
dITRedirect Distinguished name to use as a redirect for the entry.
info Informatio n about the object.
jpegPhoto Photo in jpeg format.
lastModifiedBy Distinguished name of the last user to modify the object.
lastModifiedTime Last time the object was modified.
manager Distinguished name of the object’s manager.
photo Photo of the object.
uniqueIdentifier Specific item used to distinguish between two entries

when a distinguished name has been reused.

Chapter 2 Object Class Reference 73

pilotOrganization

Definition

Used as a subclass to allow additional attributes to be assigned to organization
and

organizationalUnit object class entries.

This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.20

Required Attributes

objectClass Defines the object classes for the entry.
o (organizationName) Organizat io n to which the entry belongs.
ou (organizationUnitName) Organizational unit t o which the entr y belongs.

Allowed Attributes

buildingName Name of the building in which the entry is located.
businessCategory Type of business in which the entry is engaged.
description Text description of the entry.
destinationIndicator Country and city associated with the pilot organization

needed to provide Public Telegram Service.

fax (facsimileTelephoneNumber) The pilot organiza tion’s fax number.
internationalISDNNumber The pilot organization’s ISDN number.
l (localityName) Place in which the pilot organization is located.
physicalDeliveryOfficeName Location where physical deliveries can be made to the

pilot organization.

postalAddress The pilot organization’s mailing address.
postalCode The postal code for this address (such as a United Sta tes

zip code).

postOfficeBox The pilot organization’s post office box.

74 Netscape Directory Server Schema Reference • October 2004

preferredDeliveryMethod The pilot organization’s preferred method of contact or

delivery

registeredAddress Postal address suitable for reception of expedited

documents, where the recipient must verify delivery.

searchGuide Specifies information for suggested search criteria when

using the entry as the base object in t he directory t ree for
a search operation .

seeAlso URL to information relevant to the pilot organizatio n.
st (stateOrProvinceName) State or province in which the pilot organization is

located.

street Street address at which the pilot organization is located.
telephoneNumber The pilot organization’s tele phone number.
teletexTerminalIdentifier Identifier for the pilot organization’s teletex terminal.
telexNumber The pilot orga nization’s telex numb er .
userPassword Password with which the entry can bind to the directory.
x121Address X.121 address of the pilot organization.

Chapter 2 Object Class Reference 75

residentialPerson

Definition

Used by the Directory Server to contain a person’s residential information.
This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.10

Required Attributes

objectClass Defines the object classes for the entry.
cn (commonName) The person’s common name.
l (localityName) Place in which the person resides.
sn (surname) The person’s surname, or last name.

Allowed Attributes

businessCategory Type of business in which the person is engaged.
description Text description of the person.
destinationIndicator Country and city associated with the en try needed to

provide Public Telegram Service.

fax (facsimileTelephoneNumber) The person’s fax number.
internationalISDNNumber The person’s ISDN number.
physicalDeliveryOfficeName Location where physical deliveries can be made to the

person.

postalAddress The person’s business mailing addres s.
postalCode The postal code for this address (such as a United Sta tes

zip code).

postOfficeBox The person’s business post office box.
preferredDeliveryMethod The person’s preferred method of contact or delivery.

76 Netscape Directory Server Schema Reference • October 2004

registeredAddress Postal address suitable for reception of expedited

documents, where the recipient must verify delivery.

seeAlso URL to information relevant to the person.
st (stateOrProvinceName) State or province in which the person resides.
street Street address at which the person is located.
telephoneNumber The person’s telephone number.
teletexTerminalIdentifier Identifier for the person’s teletex terminal.
telexNumber The person’s telex number.
userPassword Password with which the entry can bind to the directory.
x121Address X.121 address of the entry.

Chapter 2 Object Class Reference 77

RFC822LocalPart

Definition

Used to define entries that represent the local part of RFC822 mail addresses. The
directory treats this part of an RFC822 address as a domain.

This object class is defined in Internet directory pilot.

Superior Class

domain

OID

0.9.2342.19200300.100.4.14

Required Attributes

objectClass Defines the object classes for the entry.
dc (domainComponent) Domain component of the entry.

Allowed Attributes

associatedName Entry in the organizational dir ectory tree assoc iated with

a DNS domain.

businessCategory Type of business in which this local part is engaged.
cn (commonName) The local part’s common name.
description Text description of the local part.
destinationIndicator Country and city associated with the entry needed to

provide Public Telegram Service.

fax (facsimileTelephoneNumber) The local part’s fax number.
internationalISDNNumber The local part’s ISDN number.
l (localityName) Place in which the local part is located.
o (organizationName) Organizatio n to which the local part belongs.
physicalDeliveryOfficeName Location where physical deliveries can be made to the

local part.

postOfficeBox The local part’s post office box.
postalAddress The local part’s mailing address.

78 Netscape Directory Server Schema Reference • October 2004

postalCode The postal code for this add re ss (such as a United States

zip code).

preferredDeliveryMethod Local part’s preferred method of contact or delivery.
registeredAddress Postal address suitable for reception of expediated

documents, where the recipient must verify delivery.

searchGuide Specifies information for sugg est ed search criteria when

using the entry as the base object in t he directory t ree for
a search operation.

seeAlso URL to information relevant to the local part.
sn (surname) The entry’s surname, or last name.
st (stateOrProvinceName) State or province in which the local part is located.
street Street address at which the local part is located.
telephoneNumber Telephone number associated with the local part.
teletexTerminalIdentifier Identifier for a telex terminal associated with the local

part.

telexNumber Telex number associated with the local part.
userPassword Password with which the entry can bind to the directory.
x121Address X.121 addr es s associated with the en try.

Chapter 2 Object Class Reference 79

room

Definition

Used to store information in the directory a b out a room.
This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.7

Required Attributes

objectClass Defines the object classes for the entry.
cn (commonName) Common name of the room.

Allowed Attributes

description Text description of the room.
roomNumber The room’s number.
seeAlso URL to information relevant to the room.
telephoneNumber The room’s telephone number.

80 Netscape Directory Server Schema Reference • October 2004

strongAuthenticationUser

Definition

Used to store a user’s certificate entry in the directory.
This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.15

Required Attributes

objectClass Defines the object classes for the entry.
userCertificate S tores a user’s certificate, usually in binary form.

Chapter 2 Object Class Reference 81

simpleSecurityObject

Definition

Used to allow an entry to contain the userPassword attribute when an entry's
principal object classes do not allow
for future use.

This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.19

Required Attributes

objectClass Defines the object classes for the entry.
userPassword Password with which the entry can bind to the directory.

userPassword as an attribute type. Reserved

82 Netscape Directory Server Schema Reference • October 2004

abstract

Chapter 3

Attribute Reference

This chapter contains reference information about Netscape Directory Server
(Directory Server) attributes. The attributes are listed in alphabetical order with
their definition, syntax, and OID.

Definition

Provides an abstract of a document entry.
This attribute is defined in Internet White Pag e s Pilot.

Syntax

DirectoryString, multi-valued.

OID

0.9.2342.19200300.102.1.9

aliasedObjectName

Definition

Used by the Directory Server to identify alias entries in the directory. Contains the
distinguished name of the entry for which it is an alias.

For example:

aliasedObjectName: cn=jdoe, o=example.com

83

This attribute is defined in RF C 22 56.

Syntax

DN, single-valued.

OID

2.5.4.1

associatedDomain

Definition

Specifies a DNS domain associated with an object in the directory tree. For
example, the entry in the directory tree with a distinguished name

o=Example Corporation

all domains should be represented in rfc822 or der.
For example:

associatedDomain:US

This attribute is defined in RF C 12 74.

c=US,

would have an associated domain of EC.US. Note that

Syntax

DirectoryString, multi-valued.

OID

0.9.2342.19200300.100.1.37

associatedName

Definition

Specifies an entry in the organizational directory tree associated wi th a DNS
domain.

For example:

associatedName: c=us

This attribute is defined in RF C 12 74.

Syntax

DN, multi-valued.

84 Netscape Directory Server Schema Reference • October 2004

audio

OID

0.9.2342.19200300.100.1.38

Definition

Contains a sound file in binary form at. The attribute uses a u-law encoded sound
file.

For example:

audio:: AAAAAA==

This attribute is defined in RFC 1274.

Syntax

Binary, multi-valued.

OID

0.9.2342.19200300.100.1.55

authorCn

Definition

Contains the common name of the author of a document entry.
For example:

authorCn: Kacey

This attribute is defined in Internet White Pag e s Pilot.

Syntax

DirectoryString, multi-valued.

OID

0.9.2342.19200300.102.1.11

Chapter 3 Attribute Reference 85

authorSn

Definition

Contains the surname of the author of a documen t entry.
For example:

authorSn: Doe

This attribute is defined in Internet White Pages Pilot.

Syntax

DirectoryString, multi-valued.

OID

0.9.2342.19200300.102.1.12

authorityRevocationList

Definition

Contains a list of CA certificates tha t ha ve been revoked. This attribute is to be
stored and requested in the binary form, as
‘

authorityRevocationList;binary’.

For example:

authorityrevocationlist;binary:: AAAAAA==

This attribute is defined in RF C 22 56.

Syntax

Binary, multi-valued.

OID

2.5.4.38

buildingName

Definition

Defines the building name associated with th e entry.

86 Netscape Directory Server Schema Reference • October 2004

For example:

buildingName: 14

This attribute is defined in RFC 1274.

Syntax

DirectoryString, multi-valued.

OID

0.9.2342.19200300.100.1.48

businessCategory

Definition

Identifies the type of business in which the entry is engaged. This should be a
broad generalization, such as the corpora te d ivision level.

For example:

businessCategory: Engineering

This attribute is defined in RFC 2256.

Syntax

DirectoryString, multi-valued.

OID

2.5.4.15

c (countryName)

Definition

Contains the two-character code representing country names, as defined by ISO, in
the directory.

For example:

countryName: IE

or

c: IE

Chapter 3 Attribute Reference 87

This attribute is defined in RF C 22 56.

Syntax

DirectoryString, single-valued.

OID

2.5.4.6

cACertificate

Definition

Contains the CA’s certificate. This attribute is to be stored and requested in the
binary form, as ‘cACertificate;binary’.

For example:

cacertificate;binary:: AAAAAA==

This attribute is defined in RF C 22 56.

Syntax

Binary, multi-valued.

OID

2.5.4.37

carLicense

Definition

Identifies the entry’s automobile license plate number.
For example:

carLicense: 6ABC246

This attribute is defined in RF C 27 98.

Syntax

DirectoryString, multi-valued.

OID

2.16.840.1.113730.3.1.1

88 Netscape Directory Server Schema Reference • October 2004

certificateRevocationList

Definition

Contains a list of revoked user certificates. This attribute is to be stored and
requested in the binary form, as ‘

For example:

certificateRevocationList;binary:: AAAAAA==

This attribute is defined in RFC 2256.

Syntax

Binary, multi-valued.

OID

2.5.4.39

cn (commonName)

Definition

Identifies the name of an object in the directory. When the object corresponds to a
person, the

cn is typically the person’s full name.

certificateRevocationList;binary’.

When identifying the entry’s commo n name or full name:

commonName: Bill Anderson

or

cn: Bill Anderson

When in reference to LDAPReplica or LDAPServer object classes:

commonName: replicater.example.com:17430/o%3Dexample%2Cc%3us

or

cn: replicater.example.com:17430/o%3Dexample%2Cc%3us

This attribute is defined in RFC 2256.

Syntax

DirectoryString, multi-valued.

Chapter 3 Attribute Reference 89

OID

2.5.4.3

co (friendlyCountryName)

Definition

Contains the name of a country. Often, the country attribute is used to describe a
two-character code for a country, and the friendlyCountryName attribute is used
to describe the actual country name.

For example:

friendlyCountryName: Ireland

or

co: Ireland

This attribute is defined in RF C 12 74.

Syntax

DirectoryString, multi-valued.

OID

0.9.2342.19200300.100.1.43

cosAttribute

Description

Provides the name of the attribute for which you want to generate a value. You
can specify more than one
of CoS definition entries.

This attribute is defined in Directory Server.

Syntax

Directory String, multi-valued.

OID

2.16.840.1.113730.3.1.550

cosAttribute value. This attribute is used by all types

90 Netscape Directory Server Schema Reference • October 2004

cosIndirectSpecifier

Description

Specifies the attribute values used by an indirect CoS to identify the template entry.
This attribute is defined in Directory Server.

Syntax

DirectoryString, single-val ued.

OID

2.16.840.1.113730.3.1.577

cosPriority

Definition

Specifies which template provides the attribute value when CoS templates compete
to provide an attribute value. This attribute represents the global priority of a
particular template. A priority of zero is the highest priority.

This attribute is defined in Directory Server.

Syntax

INTEGER, single-valued.

OID

2.16.840.1.113730.3.1.569

cosSpecifier

Description

Specifies the attribute value used by a classic CoS, whic h, al ong with the template
entry’s DN, identifies the template entry.

This attribute is defined in Directory Server.

Syntax

DirectoryString, single-val ued.

Chapter 3 Attribute Reference 91

OID

2.16.840.1.113730.3.1.551

cosTargetTree

Definition

Determines the subtrees of the DIT to which the CoS schema applies. The values
for this attribute for the schema and for multiple CoS schema may o v erlap their
target trees in an arbitrary fashion.

This attribute is defined in Directory Server.

Syntax

DirectoryString, single-valued.

OID

2.16.840.1.113730.3.1.552

cosTemplateDn

Definition

The DN of the template entry which contains a list of the shared attribute values.
Changes to the template entry attribute values are automatically applied to all the
entries within the scope of the CoS. A single CoS might ha ve more than one
template entry associated with it.

This attribute is defined in Directory Server.

Syntax

DirectoryString, single-valued.

OID

2.16.840.1.113730.3.1.553

92 Netscape Directory Server Schema Reference • October 2004

crossCertificatePair

Definition

This attribute is to be stored and requested in the binary form, as
‘

crossCertificatePair;binary’.

For example:

crosscertificatepair;binary:: AAAAAA==

This attribute is defined in RFC 2256.

Syntax

Binary, multi-valued.

OID

2.5.4.40

dc (domainComponent)

Definition

Specifies one component of a domain name.
For example:

domainComponent: example

or

dc: example

This attribute is defined in RFC 2247.

Syntax

DirectoryString, single-val ued.

OID

0.9.2342.19200300.100.1.25

Chapter 3 Attribute Reference 93

deltaRevocationList

Definition

This attribute is to be stored and requested in the binary form, as
‘

deltaRevocationList;binary’.

This attribute is defined in RF C 22 56.

Syntax

Binary, multi-valued.

OID

2.5.4.53

departmentNumber

Definition

Identifies the entry’s department number.
For example:

departmentNumber: 2604

This attribute is defined in RF C 27 98.

Syntax

DirectoryString, multi-valued.

OID

2.16.840.1.113730.3.1.2

description

Definition

Provides a huma n-readable description of the object. For people and

organization, this often includes their role or work assignment.

For example:

description: Quality control inspector for the ME2873 product line

This attribute is defined in RF C 22 56.

94 Netscape Directory Server Schema Reference • October 2004

Syntax

DirectoryString, multi-valued.

OID

2.5.4.13

destinationIndicator

Definition

The country and city associated with the entry needed to provide Public Telegram
Service. Generally used in conjunction with

For example:

destinationIndicator: Stow, Ohio, USA

This attribute is defined in RFC 2256.

Syntax

DirectoryString, multi-valued.

OID

registeredAddress.

2.5.4.27

displayName

Definition

Preferred name of a person to be used when displaying entries. Especially useful in
displaying a preferred name for an entry within a one-line summary list. Since
other attribute types, such as
preferred name.

For example:

displayName: Michigan Smith

This attribute is defined in RFC 2798.

Syntax

DirectoryString, single-val ued.

cn, are multivalued, they can not be used to display a

Chapter 3 Attribute Reference 95

OID

2.16.840.1.113730.3.1.241

dITRedirect

Definition

Used to indicate that the object described by one entry now has a newer entry in
the directory tree. This attribute may be used when an individual’s place of work
changes, and the individual acquires a new organizational DN.

For example:

ditRedirect: cn=jdoe, o=example.com

This attribute is defined in RF C 12 74.

Syntax

DN

OID

0.9.2342.19200300.100.1.54

dmdName

Definition

The value of this attribute specifies a directory management domain (DMD), the
administrative authority which operates the Directory Server.

This attribute is defined in RF C 22 56.

Syntax

DirectoryString, multi-valued.

OID

2.5.4.54

96 Netscape Directory Server Schema Reference • October 2004

dn (distinguishedName)

Definition

Defines the distinguished name (DN) for the entry.
For example:

dn: cn=Jane Doe, ou=Quality Control, o=example.com

This attribute is defined in RFC 2256.

Syntax

DN

OID

2.5.4.49

dNSRecord

Definition

Specifies DNS resource records, including type A (Address), type MX (Mail
Exchange), type NS (Name Server), and type SOA (Start of Author i ty) resource
records.

For example:

dNSRecord: IN NS ns.uu.net

This attribute is defined in Internet directory pil ot.

Syntax

IA5String, multi-valued.

OID

0.9.2342.19200300.100.1.26

documentAuthor

Definition

Contains the distinguished name of the author of a document entry.
For example:

Chapter 3 Attribute Reference 97

documentAuthor: cn=John Doe, o=example.com

This attribute is defined in RF C 12 74.

Syntax

DN, multi-valued.

OID

0.9.2342.19200300.100.1.14

documentIdentifier

Definition

Specifies a unique identifier for a document.
For example:

documentIdentifier: L3204REV1

This attribute is defined in RF C 12 74.

Syntax

DirectoryString, multi-valued.

OID

0.9.2342.19200300.100.1.11

documentLocation

Definition

Defines the location of the original copy of a document entry.
For example:

documentLocation: Department Library

This attribute is defined in RF C 12 74.

Syntax

DirectoryString, multi-valued.

OID

0.9.2342.19200300.100.1.15

98 Netscape Directory Server Schema Reference • October 2004

documentPublisher

Definition

The person and/or organization that published a document.
For example:

documentPublisher: Southeastern Publishing

This attribute is defined in RFC 1274.

Syntax

DirectoryString, single-val ued.

OID

0.9.2342.19200300.100.1.56

documentStore

Definition

Not defined here .
This attribute is defined in Internet White Pag e s Pilot.

Syntax

DirectoryString, multi-valued.

OID

0.9.2342.19200300.102.1.10

documentTitle

Definition

Contains the title of a document entry.
For example:

documentTitle: Netscape Directory Server Administrator’s Guide

This attribute is defined in RFC 1274.

Chapter 3 Attribute Reference 99

Syntax

DirectoryString, multi-valued.

OID

0.9.2342.19200300.100.1.12

documentVersion

Definition

Defines the version of a document entry.
For example:

documentVersion: 1.1

This attribute is defined in RF C 12 74.

Syntax

DirectoryString, multi-valued.

OID

0.9.2342.19200300.100.1.13

drink (favoriteDrink)

Definition

Describes the favorite drink of a person entry.
For example:

drink: soda

or

favouriteDrink: soda

This attribute is defined in RF C 12 74.

Syntax

DirectoryString, multi-valued.

OID

0.9.2342.19200300.100.1.5

100 Netscape Directory Server Schema Reference • October 2004