Red Hat DIRECTORY SERVER 7.1 - SCHEMA Reference

Schema Reference
Red Hat Directory Server
Version 7.1
May 2005
Updated February 2009
Red Hat, Inc. 1801 Varsity Drive Raleigh NC 27606-2072 USA Phone: +1 919 754 3700 Phone: 888 733 4281 Fax: +1 919 754 3701 PO Box 13588
Research Triangle Park NC 27709 USA © 2001 Sun Microsystems, Inc. Used by permission. © 2005 by Red Hat, Inc. All rights reserved. This material may be distributed only subject to the
terms and conditions set forth in the Open Publication License, V1.0 or later (the latest version is presently available at http://www.opencontent.org/openpub/).
Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. Distribution of the work or derivative of the work in any standard (paper) book form for commercial purposes is prohibited unless prior permission is
obtained from the copyright holder. Red Hat and the Red Hat "Shadow Man" logo are registered trademarks of Red Hat, Inc. in the United States and other countries. All other trademarks referenced herein are the property of their respective owners. The GPG fingerprint of the security@redhat.com key is: CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E
Contents
About This Reference Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Purpose of This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Directory Server Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Contents of This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Prerequisite Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Conventions Used in This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Related Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Chapter 1 About Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Schema Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Object Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Required and Allowed Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Object Class Inheritance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Attribute Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Single-Valued and Multi-Valued Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Schema Supported by Directory Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Object Identifiers (OIDs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Extending Server Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Schema Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Chapter 2 Object Class Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
cosClassicDefinition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
cosDefinition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
cosIndirectDefinition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
cosPointerDefinition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
cosSuperDefinition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
cosTemplate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
country . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
dcObject . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
documentSeries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
domainRelatedObject . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
dSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
extensibleObject . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
3
friendlyCountry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
groupOfCertificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
groupOfNames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
groupOfUniqueNames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
groupOfURLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
inetOrgPerson . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
labeledURIObject . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
locality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
mailGroup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
newPilotPerson . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
nsComplexRoleDefinition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
nsFilteredRoleDefinition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
nsLicenseUser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
nsManagedRoleDefinition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
nsNestedRoleDefinition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
nsRoleDefinition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
nsSimpleRoleDefinition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
ntGroup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
ntUser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
organizationalPerson . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
organizationalRole . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
organizationalUnit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
person . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
pilotObject . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
pilotOrganization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
residentialPerson . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
RFC822LocalPart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
room . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
strongAuthenticationUser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
simpleSecurityObject . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Chapter 3 Attribute Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
aliasedObjectName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
associatedDomain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
associatedName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
audio . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
authorCn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
authorSn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
authorityRevocationList . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
buildingName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
businessCategory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
4 Red Hat Directory Server Schema Reference • May 2005
c (countryName) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
cACertificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
carLicense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
certificateRevocationList . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
cn (commonName) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
co (friendlyCountryName) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
cosAttribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
cosIndirectSpecifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
cosPriority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
cosSpecifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
cosTargetTree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
cosTemplateDn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
crossCertificatePair . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
dc (domainComponent) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
deltaRevocationList . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
departmentNumber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
destinationIndicator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
displayName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
dITRedirect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
dmdName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
dn (distinguishedName) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
dNSRecord . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
documentAuthor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
documentIdentifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
documentLocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
documentPublisher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
documentStore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
documentTitle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
documentVersion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
drink (favoriteDrink) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
dSAQuality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
employeeNumber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
employeeType . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
enhancedSearchGuide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
fax (facsimileTelephoneNumber) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
generationQualifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
givenName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
homePhone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
homePostalAddress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
houseIdentifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
info . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
5
initials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
internationalISDNNumber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
janetMailbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
jpegPhoto . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
keyWords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
knowledgeInformation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
l (localityName) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
labeledURI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
lastModifiedBy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
lastModifiedTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
mailAlternateAddress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
mailHost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
mailPreferenceOption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
member . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
memberCertificateDescription . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
memberURL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
mobile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
nsLicensedFor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
nsLicenseEndTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
nsLicenseStartTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
ntGroupAttributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
ntGroupCreateNewGroup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
ntGroupDeleteGroup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
ntGroupDomainId . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
ntGroupType . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
ntUniqueId . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
ntUserAcctExpires . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
ntUserCodePage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
ntUserCreateNewAccount . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
ntUserDeleteAccount . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
ntUserDomainId . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
ntUserHomeDir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
ntUserLastLogoff . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
ntUserLastLogon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
ntUserLogonHours . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
ntUserMaxStorage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
ntUserParms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
ntUserProfile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
ntUserScriptPath . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
ntUserWorkstations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
6 Red Hat Directory Server Schema Reference • May 2005
o (organizationName) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
objectClass . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
obsoletedByDocument . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
obsoletesDocument . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
organizationalStatus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
otherMailbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
ou (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
owner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
pager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
personalSignature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
personalTitle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
photo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
physicalDeliveryOfficeName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
postalAddress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
postalCode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
postOfficeBox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
preferredDeliveryMethod . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
preferredLanguage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
presentationAddress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
protocolInformation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
ref . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
registeredAddress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
roleOccupant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
roomNumber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
searchGuide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
secretary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
seeAlso . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
serialNumber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
singleLevelQuality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
sn (surname) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
st (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
street . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
subject . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
subtreeMaximumQuality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
subtreeMinimumQuality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
supportedAlgorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
supportedApplicationContext . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
telephoneNumber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
teletexTerminalIdentifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
telexNumber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
textEncodedORAddress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
title . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
ttl (timeToLive) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
7
uid (userID) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
uniqueIdentifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
uniqueMember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
updatedByDocument . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
updatesDocument . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
userCertificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
userClass . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
userPassword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
userPKCS12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
userSMIMECertificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
x121Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
x500UniqueIdentifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Chapter 4 Operational Attributes, Special Attributes, and Special Object Classes . . . . . . . . . . . . . . 141
Operational Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
accountUnlockTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
aci . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
altServer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
attributeTypes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
copiedFrom . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
copyingFrom . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
dITContentRules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
dITStructureRules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
ldapSyntaxes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
matchingRules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
matchingRuleUse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
nameForms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
namingContexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
nsRole . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
nsRoleDn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
numSubordinates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
objectClasses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
passwordAllowChangeTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
passwordChange (pwdAllowUserChange) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
passwordCheckSyntax (pwdCheckSyntax) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
passwordExp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
passwordExpirationTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
passwordExpWarned . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
passwordGraceLimit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
passwordGraceUserTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
passwordHistory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
passwordInHistory (pwdInHistory) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
passwordLockout (pwdLockOut) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
8 Red Hat Directory Server Schema Reference • May 2005
passwordLockoutDuration (pwdLockoutDuration) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
passwordMaxAge (pwdMaxAge) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
passwordMaxFailure (pwdMaxFailure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
passwordMinAge (pwdMinAge) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
passwordMinLength (pwdMinLength) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
passwordMustChange (pwdMustChange) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
passwordResetFailureCount (pwdFailureCountInterval) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
passwordRetryCount . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
passwordStorageScheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
passwordUnlock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
passwordWarning (pwdExpireWarning) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
pwdpolicysubentry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
retryCountResetTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
subschemaSubentry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
supportedControl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
supportedExtension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
supportedLDAPVersion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
supportedSASLMechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Special Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
changeLog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
changeNumber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
changeTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
changeType . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
deleteOldRdn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
newRdn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
newSuperior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
nsEncryptionAlgorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
nsSaslMapBaseDNTemplate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
nsSaslMapFilterTemplate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
nsSaslMapRegexString . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
targetDn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Special Object Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
changeLogEntry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
nsAttributeEncryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
nsDS5Replica . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
nsDS5ReplicationAgreement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
nsDSWindowsReplicationAgreement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
nsSaslMapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
passwordObject . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
subschema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
9
10 Red Hat Directory Server Schema Reference • May 2005
About This Reference Guide
Red Hat Directory Server (Directory Server) is a powerful and scalable distributed directory server based on the industry-standard Lightweight Directory Access Protocol (LDAP). Directory Server is the cornerstone for building a centralized and distributed data repository that can be used in your intranet, over your extranet with your trading partners, or over the public Internet to reach your customers.
This preface contains the following sections:
Purpose of This Guide (page 11)
Directory Server Overview (page 11)
Contents of This Guide (page 12)
Prerequisite Reading (page 12)
Conventions Used in This Book (page 13)
Related Information (page 13)
Purpose of This Guide
This Schema Reference guide describes the standard directory schema for Directory Server and lists all the object classes and attributes defined by the standard schema. The information provided here is intended for the administrator who manages and maintains the schema.
Directory Server Overview
The major components of Directory Server include:
An LDAP server — The core of the directory service, provided by the
ns-slapd
daemon, and compliant with the LDAP v3 Internet standards.
11
Contents of This Guide
Directory Server Console — An improved management console that dramatically reduces the effort of setting up and maintaining your directory service. The directory console is part of Red Hat Console, the common management framework for LDAP directory services.
SNMP Agent — Permits you to monitor your Directory Server in real time using the Simple Network Management Protocol (SNMP).
Online backup and restore — Allows you to create backups and restore from backups while the server is running.
Contents of This Guide
Chapter 1, “About Schema” — Provides an overview of some of the basic concepts of the directory schema and lists the files in which the schema is described. It describes object classes, attributes, and Object Identifiers (OIDs) and briefly discusses schema checking and extending server schema.
Chapter 2, “Object Class Reference”— Contains an alphabetical list of the object classes accepted by the default schema. It gives a definition of each object class and gives the list of required and allowed attributes specific to the particular object class. However, any mandatory and optional attributes inherited from superior object classes are not listed.
Chapter 3, “Attribute Reference” — Contains an alphabetic list of the standard attributes. It gives a definition of each attribute and gives the attribute syntax.
Chapter 4, “Operational Attributes, Special Attributes, and Special Object Classes” — Contains operational attributes used by Directory Server. The chapter also describes some special attributes and object classes that are used by the server.
Prerequisite Reading
This guide describes the standard schema and the standard object classes and attributes. However, this guide does not describe how to design, customize or maintain your schema, nor does it give any information on replication. Those concepts are described in the Red Hat Directory Server Deployment Guide. You should read that book before continuing with this manual.
12 Red Hat Directory Server Schema Reference • May 2005
When you are familiar with Directory Server schema concepts and have done some preliminary planning for your directory service, you can install the Directory Server. The instructions for installing the various Directory Server components are contained in the Red Hat Directory Server Installation Guide.
Preliminary planning includes deciding how to represent the data you store. You should chose predefined schema elements to meet as many of your needs as possible. These predefined schema elements are listed in this guide.
Conventions Used in This Book
This section explains the conventions used in this book.
Monospaced font
computer screen or text that you should type. It is also used for filenames, functions, and examples.
Throughout this book, you will see path references of the form:
— This typeface is used for any text that appears on the
Conventions Used in This Book
serverRoot
serverRoot is the installation directory. The default installation directory is
/opt/redhat-ds/servers
location, you should adapt the path accordingly.
serverID is the ID or identifier you assigned to an instance of Directory Server when you installed it. For example, if you gave the server an identifier of
phonebook /opt/redhat-ds/servers/slapd-phonebook/. . .
In examples/sample code, paths assume that the Directory Server is installed in the default location Directory Server in a different location, adapt the paths accordingly. Also, all examples use
/slapd-
, then the actual path would look like this:
phonebook
Related Information
The document set for Directory Server also contains the following guides:
Red Hat Directory Server Deployment Guide. Provides an overview for planning your deployment of the Directory Server. Includes deployment examples.
serverID
/opt/redhat-ds/servers
/...
. If you have installed Directory Server in a different
. If you have installed your
for the server identifier where appropriate.
13
Related Information
Red Hat Directory Server Installation Guide. Procedures for installing your Directory Server as well as procedures for migrating your Directory Server.
Red Hat Directory Server Administrator’s Guide. Procedures for the day-to-day maintenance of your Directory Server. Includes information on configuring server-side plug-ins.
Red Hat Directory Server Configuration, Command, and File Reference. Information about the command-line scripts, configuration attributes, and log files shipped with Directory Server.
Red Hat Directory Server Plug-in Programmer’s Guide. Describes how to write server plug-ins in order to customize and extend the capabilities of Directory Server.
Red Hat Directory Server Gateway Customization Guide. Introduces Directory Server Gateway and explains how to implement a gateway instance with basic directory look-up functionality. Also contains information useful for implementing a more powerful gateway instance with directory authentication and administration capability.
Red Hat Directory Server Org Chart. Introduces the Red Hat Directory Server Org Chart application and explains how to integrate it with an instance of Directory Server.
Red Hat Directory Server DSML Gateway Guide. Introduces the Red Hat Directory Server DSML Gateway function and explains how to customize it for use as an independent gateway.
For a list of documentation installed with Directory Server, open the
server_root/manual/en/slapd/index.htm
file, where
server_root
is the directory in
which you installed Directory Server.
For the latest information about Directory Server, including current release notes, complete product documentation, technical notes, and deployment information, check this site:
http://www.redhat.com/docs/manuals/dir-server/
14 Red Hat Directory Server Schema Reference • May 2005
Chapter 1
About Schema
This chapter provides an overview of some of the basic concepts of the directory schema and lists the files in which the schema is described. It describes object classes, attributes, and object identifiers (OIDs) and briefly discusses extending server schema and schema checking.
This chapter contains the following sections:
Schema Definition (page 15)
Schema Supported by Directory Server (page 19)
Object Identifiers (OIDs) (page 21)
Extending Server Schema (page 22)
Schema Checking (page 22)
Schema Definition
The directory schema is a set of rules that defines how the data can be stored in the directory. The data is stored in the form of directory entries. Each entry is a set of attributes and their values. Each entry must have an object class. The object class specifies the kind of object the entry describes and defines the set of attributes it contains. The schema defines the type of entries allowed, their attribute structure, and the syntax of the attributes.The schema can be modified and extended if it does not meet your required needs.
To find detailed information about object classes, attributes, and how the Red Hat Directory Server (Directory Server) uses the schema, refer to the Red Hat Directory Server Deployment Guide.
15
Schema Definition
CAUTION Directory Server fails to start if schema definitions include too few or
too many space characters.
Use exactly one space in those places where the LDAP standards allow the use of zero or many spaces; for example, the place between the NAME keyword and the name of an attribute type.
Object Classes
In LDAP, an object class defines the set of attributes that can be used to define an entry. The LDAP standard provides some basic types of object classes, including:
Groups, including unordered lists of individual objects or groups of objects.
Locations, such as the country name and description
Organizations
People
Devices
Required and Allowed Attributes
Every object class includes a number of required attributes and of allowed attributes. Required attributes are the attributes that must be present in entries using the specified object class, while allowed attributes are permissible and available for the entry to use, but are not require for the entry to be validated.
All entries require the
objectClass
attribute, which lists the object classes
assigned to the entry.
For example, the attributes and allows the
userPassword
person
.
object class requires the cn, sn, and
description, seeAlso, telephoneNumber
objectClass
, and
Object Class Inheritance
An entry can have more than one object class. For example, the entry for a person is defined by the
inetOrgPerson, groupOfNames
person
object class but may also be defined by attributes in the
, and
organizationPerson
object classes.
The server’s object class structure determines the list of required and allowed attributes for a particular entry. For example, a person entry is usually defined with the following object class structure:
16 Red Hat Directory Server Schema Reference • May 2005
objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgperson
Schema Definition
In this structure, the
person
object classes. Therefore, when you assign the
inetOrgperson
inherits from the
organizationalPerson
inetOrgperson
object class
and
to an entry, it automatically inherits the required and allowed attributes from the superior object class.
Attributes
Directory data is represented as attribute-value pairs. Any piece of information in the directory is associated with a descriptive attribute.
For instance, the person named Jonas Salk can be represented in the directory as
cn: Jonas Salk
Each person entered in the directory can be defined by the collection of attributes in the
inetOrgperson
include:
givenname: Jonas surname: Salk mail: jonass@example.com
commonName
, or cn, attribute is used to store a person’s name. A
object class. Other attributes used to define this entry could
Attribute Syntax
Each attribute has a syntax definition that describes the type of information provided by the attribute.
Attribute syntax is used by the Directory Server to perform sorting and pattern matching.
Table 1-1 lists the different syntax methods that can be applied to attributes and gives an OID and a definition for each syntax method.
Table 1-1 Attribute Syntax
Syntax Method OID Definition
Binary 1.3.6.1.4.1.1466.115.121.1.5 Indicates that values for this attribute are binary.
Boolean 1.3.6.1.4.1.1466.115.121.1.7 Indicates that this attribute has one of only two
values: True or False.
Chapter 1 About Schema 17
Schema Definition
Table 1-1 Attribute Syntax (Continued)
Syntax Method OID Definition
Country String 1.3.6.1.4.1.1466.115.121.1.11 Indicates that values for this attribute are limited
to exactly two printable string characters; for example, US.
DN 1.3.6.1.4.1.1466.115.121.1.12 Indicates that values for this attribute are DNs. DirectoryString 1.3.6.1.4.1.1466.115.121.1.15 Indicates that values for this attribute are not
case sensitive.
GeneralizedTime 1.3.6.1.4.1.1466.115.121.1.24 Indicates that values for this attribute are
encoded as printable strings. The time zone must be specified. It is strongly recommended to use GMT time.
IA5String 1.3.6.1.4.1.1466.115.121.1.26 Indicates that values for this attribute are case
sensitive.
INTEGER 1.3.6.1.4.1.1466.115.121.1.27 Indicates that valid values for this attribute are
numbers.
OctetString 1.3.6.1.4.1.1466.115.121.1.40 Same behavior as binary.
Postal Address 1.3.6.1.4.1.1466.115.121.1.41 Indicates that values for this attribute are
encoded according to
postal-address = dstring * ("$" dstring)
where each dstring component is encoded as a value of type DirectoryString syntax. Backslashes and dollar characters, if they occur, are quoted, so that they will not be mistaken for line delimiters. Many servers limit the postal address to 6 lines of up to thirty characters. For example:
1234 Main St.$Anytown, TX 1234$USA
TelephoneNumber 1.3.6.1.4.1.1466.115.121.1.50 Indicates that values for this attribute are in the
form of telephone numbers. It is recommended to use telephone numbers in international form.
URI - Indicates that the values for this attribute are in
the form of a URL, introduced by a string such as http://, https://, ftp://, ldap://, and ldaps://. The URI has the same behavior as IA5String. See RFC 2396.
18 Red Hat Directory Server Schema Reference • May 2005
Single-Valued and Multi-Valued Attributes
By default, most attributes are multi-valued. This means that an entry can contain the same attribute with multiple values. For example, cn, are all attributes that can have more than one value. Attributes that are single-valued — that is, only one instance of the attribute can be specified — are noted as such. For example,
uidNumber
can only have one possible value.
Schema Supported by Directory Server
The schema provided with Directory Server is described in a set of files stored in the serverRoot
You can modify the schema by creating new object classes and attributes. These modifications are stored in a separate file called modify the standard files provided with the Directory Server because you incur the risk of breaking compatibility with other products or of causing interoperability problems with directory servers from vendors other than Red Hat, Inc.
/slapd-
serverID
/config/schema
directory.
99user.ldif
Schema Supported by Directory Server
tel
, and
objectclass
. You should not
For more information about how the Directory Server stores information and suggestions for planning directory schema, refer to the Red Hat Directory Server Deployment Guide.
The following tables list the schema files that are provided with Directory Server. Table 1-2 lists the schema files that are used by the Directory Server. Table 1-3 lists the schema files that are used by other Red Hat products, and Table 1-4 lists schema files used by legacy server products.
Table 1-2 Schema Files Used by Directory Server
Schema Filename Purpose
00core.ldif Recommended core schema from the X.500 and LDAP
standards (RFCs) and schema used by the Directory Server itself.
05rfc2247.ldif Schema from RFC 2247 and related pilot schema
“Using Domains in LDAP/X.500 Distinguished Names.”
05rfc2927.ldif Schema from RFC 2927 “MIME Directory Profile for
LDAP Schema.”
10rfc2307.ldif Schema from RFC 2307, “An Approach for Using
LDAP as a Network Information Service.”
Chapter 1 About Schema 19
Schema Supported by Directory Server
Table 1-2 Schema Files Used by Directory Server (Continued)
Schema Filename Purpose
20subscriber.ldif Common schema elements for Red Hat-Nortel
subscriber interoperability.
25java-object.ldif Schema from RFC 2713, “Schema for Representing
Java(tm) Objects in an LDAP Directory.”
28pilot.ldif Schema from the pilot RFCs, especially RFC 1274, that
are no longer recommended for use in new deployments.
30ns-common.ldif Common schema.
50ns-directory.ldif Additional schema used by Directory Server 4.x.
50ns-legacy.ldif Legacy Netscape Schema. 50ns-value.ldif Directory Server’s “value item” schema.
60pam-plugin.ldif Reserved for future use.
99user.ldif Customer modifications to the schema.
Table 1-3 Schema Files Used by Other Red Hat Products
Schema Filenames Purpose
50ns-admin.ldif Schema used by Red Hat Administration Server.
50ns-certificate.ldifSchema for Red Hat Certificate Management System.
Table 1-4 Schema Files Used by Legacy Products
Schema Filenames Purpose
50ns-calendar.ldif Netscape Calendar Server schema.
50ns-compass.ldif Schema for the Netscape Compass Server.
50ns-delegated-admin
Schema for Netscape Delegated Administrator.
.ldif
50ns-mail.ldif Schema for Netscape Messaging Server.
50ns-mcd-browser.ldifSchema for Netscape Mission Control Desktop - Browser.
20 Red Hat Directory Server Schema Reference • May 2005
Table 1-4 Schema Files Used by Legacy Products (Continued)
Schema Filenames Purpose
50ns-mcd-config.ldif Schema for Netscape Mission Control Desktop -
Configuration.
50ns-mcd-li.ldif Schema for Netscape Mission Control Desktop - Location
Independence.
50ns-mcd-mail.ldif Schema for Netscape Mission Control Desktop - Mail.
50ns-media.ldif Schema for Netscape Media Server.
50ns-mlm.ldif Schema for Netscape Mailing List Manager. 50ns-msg.ldif Schema for Netscape Web Mail.
50ns-netshare.ldif Schema for Netscape Netshare.
50ns-news.ldif Schema for Netscape Collabra Server. 50ns-proxy.ldif Schema for Netscape Proxy Server.
50ns-wcal.ldif Schema for Netscape Web Calendaring.
Object Identifiers (OIDs)
50ns-web.ldif Schema for Netscape Web Server. 51ns-calendar.ldif Schema for Netscape Calendar Server.
Object Identifiers (OIDs)
Object identifiers (OIDs) are assigned to all attributes and object classes to conform to the LDAP and X.500 standards. An OID is a sequence of integers, typically written as a dot-separated string. When no OID is specified, the Directory Server automatically uses ObjectClass_name-oid and attribute_name-oid.
The Netscape base OID is
2.16.840.1.113730
The base OID for the Directory Server is
2.16.840.1.113730.3
All Netscape-defined attributes have the base OID of
2.16.840.1.113370.3.1
All Netscape-defined object classes have the base OID of
2.16.840.1.113730.3.2
Chapter 1 About Schema 21
Extending Server Schema
For more information about OIDs or to request a prefix for your enterprise, please go to the Internet Assigned Number Authority (IANA) web site at
http://www.iana.org/
.
Extending Server Schema
The Directory Server schema includes hundreds of object classes and attributes that can be used to meet most of your requirements. This schema can be extended with new object classes and attributes that meet evolving requirements for the directory service in the enterprise.
When adding new attributes to the schema, a new object class should be created to contain them. Adding a new attribute to an existing object class can compromise the Directory Server’s compatibility with existing LDAP clients that rely on the standard LDAP schema and may cause difficulties when upgrading the server.
For more information about extending server schema, refer to the Red Hat Directory Server Deployment Guide.
Schema Checking
You should run Directory Server with schema checking turned on.
The schema checking capability of Directory Server checks entries when you add them to the directory or when you modify them, to verify that:
Object classes and attributes used in the entry are defined in the directory schema.
Attributes required for an object class are contained in the entry.
Only attributes allowed by the object class are contained in the entry.
Schema checking also occurs when importing a database using LDIF. For more information, refer to the Red Hat Directory Server Administrator’s Guide.
22 Red Hat Directory Server Schema Reference • May 2005
Chapter 2
Object Class Reference
This chapter contains an alphabetical list of the object classes accepted by the default schema. It gives a definition of each object class and lists its required and allowed attributes. The object classes listed in this chapter are available for you to use to support your own information in the Red Hat Directory Server (Directory Server). Object classes that are used by the Directory Server for internal operations are not documented here. For information about these object classes, please refer to the Red Hat Directory Server Configuration, Command, and File Reference. Replication and synchronization object classes are listed in chapter 4, “Operational Attributes, Special Attributes, and Special Object Classes.”
account
The required attributes listed for an object class must be present in the entry when that object class is added to the class, both of these object classes with all required attributes must be present in the entry. If required attributes are not listed in the restart.
NOTE The LDAP RFCs and X.500 standards allow for an object class to
have more than one superior. This behavior is not currently supported by Directory Server.
Definition
Used to define entries representing computer accounts.
This object class is defined in RFC 1274.
ldif
file. If an object class has a superior object
ldif
file, than the server will not
Chapter 2 Object Class Reference 23
Superior Class
top
OID
0.9.2342.19200300.100.4.5
Required Attributes
objectClass Defines the object classes for the entry.
uid (userID) Identifies the account’s user ID.
Allowed Attributes
description Text description of the entry.
host Hostname of the computer on which the account resides. l (localityName) Place where the account is located.
o (organizationName) Organization to which the account belongs.
ou (organizationalUnitName) Organizational unit to which the account belongs.
alias
seeAlso URL to information relevant to the account.
Definition
Used to point to other entries in the directory tree.
Note: Aliasing is not supported in Directory Server.
This object class is defined in RFC 2256.
Superior Class
top
OID
2.5.6.1
24 Red Hat Directory Server Schema Reference • May 2005
Required Attributes
objectClass Defines the object classes for the entry. aliasedObjectName Distinguished name of the entry for which this entry is
cosClassicDefinition
Definition
Identifies the template entry using both the template entry’s DN (as specified in the
cosTemplateDn
specified in the
This object class is defined in Directory Server.
Superior Class
cosSuperDefinition
OID
2.16.840.1.113730.3.2.100
attribute) and the value of one of the target entry’s attributes (as
cosSpecifier
an alias.
attribute).
Required Attributes
objectClass Defines the object classes for the entry. cosAttribute Provides the name of the attribute for which you want
to generate a value. You can specify more than one cosAttribute value.
Allowed Attributes
cn (commonName) Common name of the entry.
cosSpecifier Specifies the attribute value used by a classic CoS,
which, along with the template entry’s DN, identifies the template entry.
cosTemplateDn Provides the DN of the template entry associated with
the CoS definition.
description Text description of the entry.
Chapter 2 Object Class Reference 25
cosDefinition
Definition
Defines the Class of Services you are using. This object class is supported in order to provide compatibility with the DS4.1 CoS Plug-in.
This object class is defined in Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.84
Required Attributes
objectClass Defines the object classes for the entry.
Allowed Attributes
aci Evaluates what rights are granted or denied when the
Directory Server receives an LDAP request from a client.
cn (commonName) Common name of the entry.
cosAttribute Provides the name of the attribute for which you want
to generate a value. You can specify more than one cosAttribute value.
cosSpecifier Specifies the attribute value used by a classic CoS,
which, along with the template entry’s DN, identifies the template entry.
cosTargetTree Determines the subtrees of the DIT to which the CoS
schema applies.
cosTemplateDn Provides the DN of the template entry associated with
the CoS definition.
uid (userID) Identifies the user ID.
26 Red Hat Directory Server Schema Reference • May 2005
cosIndirectDefinition
Definition
Identifies the template entry using the value of one of the target entry’s attributes. The attribute of the target entry is specified in the attribute.
This object class is defined in Directory Server.
Superior Class
cosSuperDefinition
OID
2.16.840.1.113730.3.2.102
Required Attributes
objectClass Defines the object classes for the entry.
cosAttribute Provides the name of the attribute for which you want to
cosIndirectSpecifier
generate a value. You can specify more than one cosAttribute value.
Allowed Attributes
cn (commonName) Common name of the entry.
cosIndirectSpecifier Specifies the attribute value used by an indirect CoS to
description Text description of the entry.
cosPointerDefinition
Definition
Identifies the template entry associated with the CoS definition using the template entry’s DN value. The DN of the template entry is specified in the attribute.
This object class is defined in Directory Server.
identify the template entry.
cosTemplateDn
Chapter 2 Object Class Reference 27
Superior Class
cosSuperDefinition
OID
2.16.840.1.113730.3.2.101
Required Attributes
objectClass Defines the object classes for the entry.
cosAttribute Provides the name of the attribute for which you want to
generate a value. You can specify more than one cosAttribute value.
Allowed Attributes
cn (commonName) Common name of the entry.
cosTemplateDn Provides the DN of the template entry associated with
the CoS definition.
description Text description of the entry.
cosSuperDefinition
Definition
All CoS definition object classes inherit from the class.
This object class is defined in Directory Server.
Superior Class
ldapSubEntry
OID
2.16.840.1.113730.3.2.99
Required Attributes
objectClass Defines the object classes for the entry.
28 Red Hat Directory Server Schema Reference • May 2005
cosSuperDefinition
object
cosAttribute Provides the name of the attribute for which you want to
Allowed Attributes
cn (commonName) Common name of the entry. description Text description of the entry.
cosTemplate
Definition
Contains a list of the shared attribute values.
This object class is defined in Directory Server.
Superior Class
top
generate a value. You can specify more than one cosAttribute value.
OID
2.16.840.1.113730.3.2.128
Required Attributes
objectClass Defines the object classes for the entry.
Allowed Attributes
cn (commonName) Common name of the entry.
cosPriority Specifies which template provides the attribute
value when CoS templates compete to provide an attribute value.
Chapter 2 Object Class Reference 29
country
Definition
Used to define entries that represent countries.
This object class is defined in RFC 2256.
Superior Class
top
OID
2.5.6.2
Required Attributes
objectClass Defines the object classes for the entry.
c (countryName) Contains the two-character code representing country
names, as defined by ISO, in the directory.
dcObject
Allowed Attributes
description Text description of the country. searchGuide Specifies information for suggested search criteria when
using the entry as the base object in the directory tree for a search operation.
Definition
Allows domain components to be defined for an entry. This object class is defined as auxiliary because it is commonly used in combination with another object class, such as
o (organizationName), ou
(organizationalUnitName), or
l (localityName)
. For
example:
30 Red Hat Directory Server Schema Reference • May 2005
dn: dc=example,dc=com objectClass: top objectClass: organization objectClass: dcObject dc: example o: Example Corporation
This object class is defined in RFC 2247.
Superior Class
top
OID
1.3.6.1.4.1.1466.344
Required Attributes
objectClass Defines the object classes for the entry.
dc (domainComponent) One component of a domain name.
device
Definition
Used to store information about network devices, such as printers, in the directory.
This object class is defined in RFC 2256.
Superior Class
top
OID
2.5.6.14
Required Attributes
objectClass Defines the object classes for the entry. cn (commonName) Common name of the device.
Chapter 2 Object Class Reference 31
description Text description of the device. l (localityName) Place where the device is located.
o (organizationName) Organization to which the device belongs.
ou (organizationalUnitName) Organizational unit to which the device belongs. owner Distinguished name of the person responsible for the
seeAlso URL to information relevant to the device. serialNumber Serial number of the device.
document
Allowed Attributes
device.
Definition
Used to define entries which represent documents in the directory.
This object class is defined in RFC 1274.
Superior Class
top
OID
0.9.2342.19200300.100.4.6
Required Attributes
objectClass Defines the object classes for the entry.
documentIdentifier Unique identifier for a document.
Allowed Attributes
abstract Abstract of the document.
audio Stores a sound file in binary format. authorCn Author’s common or given name.
32 Red Hat Directory Server Schema Reference • May 2005
authorSn Author’s surname.
cn (commonName) Common name of the document.
description Text description of the document. dITRedirect Distinguished name to use as a redirect for the entry.
documentAuthor Distinguished name of the document author.
documentLocation Location of the original document. documentPublisher Person or organization that published the document.
documentStore Not defined.
documentTitle The document’s title. documentVersion The document’s version number.
info Information about the object.
jpegPhoto Photo in jpeg format. keyWords Keywords that describe the document.
l (localityName) Place where the document is located.
lastModifiedBy Distinguished name of the last user to modify the
document.
lastModifiedTime Last time the document was modified.
manager Distinguished name of the object’s manager. o (organizationName) Organization to which the document belongs.
obsoletedByDocument Distinguished name of a document that obsoletes this
document.
obsoletesDocument Distinguished name of a document that is obsoleted by
this document.
ou (organizationalUnitName) Organizational unit to which the document belongs. photo Photo of the document, in binary form.
seeAlso URL to information relevant to the document.
subject Subject of the document. uniqueIdentifier Specific item used to distinguish between two entries
when a distinguished name has been reused.
updatedByDocument Distinguished name of a document that is an updated
version of this document.
Chapter 2 Object Class Reference 33
updatesDocument Distinguished name of a document for which this
documentSeries
Definition
Used to define an entry that represents a series of documents.
This object class is defined in RFC 1274.
Superior Class
top
OID
0.9.2342.19200300.100.4.9
Required Attributes
objectClass Defines the object classes for the entry.
document is an updated version.
cn (commonName) The common name of the series.
Allowed Attributes
description Text description of the series.
l (localityName) Place where the series is located.
o (organizationName) Organization to which the series belongs. ou (organizationalUnitName) Organizational unit to which the series belongs.
seeAlso URL to information relevant to the series.
telephoneNumber Telephone number of the person responsible for the
series.
34 Red Hat Directory Server Schema Reference • May 2005
domain
Definition
Used to define entries that represent DNS domains in the directory. The
(domainComponent)
attribute should be used for naming entries of this object
class.
dc
Used to represent Internet domain names (e.g.,
The
domain
object class can only be used with an entry that does not correspond to
example.com
).
an organization, organizational unit or other type of object for which an object class has been defined. The
domain
object class requires that the
dc (domainComponent)
attribute be present and permits several other attributes to be present in the entry.
This object class is defined in RFC 2247.
Superior Class
top
OID
0.9.2342.19200300.100.4.13
Required Attributes
objectClass Defines the object classes for the entry. dc (domainComponent) One component of a domain name.
Allowed Attributes
associatedName Entry in the organizational directory tree associated with
businessCategory Type of business in which this domain is engaged.
description Text description of the domain. destinationIndicator Country and city associated with the entry; needed to
fax (facsimileTelephoneNumber)
internationalISDNNumber Domain’s ISDN number.
l (localityName) Place where the domain is located.
a DNS domain.
provide Public Telegram Service.
Domain’s fax number.
Chapter 2 Object Class Reference 35
o (organizationName) Organization to which the domain belongs.
physicalDeliveryOfficeName Location where physical deliveries can be made.
postOfficeBox Domain’s post office box. postalAddress Domain’s mailing address.
postalCode The postal code for this address (such as a United States
zip code).
preferredDeliveryMethod Domain’s preferred method of contact or delivery.
registeredAddress Postal address suitable for reception of expedited
documents when the recipient must verify delivery.
searchGuide Specifies information for suggested search criteria when
using the entry as the base object in the directory tree for a search operation.
seeAlso URL to information relevant to the domain.
st (stateOrProvinceName) State or province where the domain is located.
street Street address where the domain is located. telephoneNumber Domain’s telephone number.
teletexTerminalIdentifier Identifier for a domain’s teletex terminal.
telexNumber Domain’s telex number. userPassword Password with which the entry can bind to the directory.
x121Address X.121 address of the domain.
domainRelatedObject
Definition
Used to define entries which represent DNS/NRS domains which are “equivalent” to an X.500 domain; for example, an organization or organizational unit.
This object class is defined in RFC 1274.
Superior Class
top
OID
0.9.2342.19200300.100.4.17
36 Red Hat Directory Server Schema Reference • May 2005
dSA
Required Attributes
objectClass Defines the object classes for the entry. associatedDomain Specifies a DNS domain associated with an object in the
directory tree.
Definition
Used to define entries representing DSAs in the directory.
This object class is defined in RFC 1274.
Superior Class
top
OID
2.5.6.13
Required Attributes
objectClass Defines the object classes for the entry. cn (commonName) The common name of the series.
presentationAddress Contains an OSI presentation address for the entry.
Allowed Attributes
description Text description of the series.
knowledgeInformation This attribute is no longer used.
l (localityName) Place where the series is located. o (organizationName) Organization to which the series belongs.
ou (organizationalUnitName) Organizational unit to which the series belongs.
seeAlso URL to information relevant to the series. supportedApplicationContext This attribute contains the identifiers of OSI
application contexts.
Chapter 2 Object Class Reference 37
extensibleObject
Definition
When present in an entry, optionally any attribute. The allowed attribute list of this class is implicitly the set of all attributes known to the server.
This object class is defined in RFC 2252.
Superior Class
top
OID
1.3.6.1.4.1.1466.101.120.111
Required Attributes
objectClass Defines the object classes for the entry.
Allowed Attributes
All attributes known to the server.
extensibleObject
permits the entry to hold
friendlyCountry
Definition
Used to define country entries in the directory tree. This object class is used to allow more user-friendly country names than those allowed by the country object class.
This object class is defined in RFC 1274.
Superior Class
top
OID
0.9.2342.19200300.100.4.18
38 Red Hat Directory Server Schema Reference • May 2005
Required Attributes
objectClass Defines the object classes for the entry. co (friendlyCountryName) Stores the name of a country.
c (countryName) Contains the two-character code representing country
Allowed Attributes
description Text description of the country.
searchGuide Specifies information for suggested search criteria when
groupOfCertificates
names, as defined by ISO, in the directory.
using the entry as the base object in the directory tree for a search operation.
Definition
Used to describe a set of X.509 certificates. Any certificate that matches one of the
memberCertificateDescription
values is considered a member of the group.
This object class is defined in Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.31
Required Attributes
objectClass Defines the object classes for the entry. cn (commonName) The group’s common name.
Chapter 2 Object Class Reference 39
Allowed Attributes
businessCategory Type of business in which the group is engaged. description Text description of the group’s purpose.
memberCertificateDescription Values used to determine if a particular certificate is a
o (organizationName) Organization to which the group of certificates belongs.
ou (organizationalUnitName) Organizational unit to which the group belongs.
owner Distinguished name of the person responsible for the
seeAlso URL to information relevant to the group.
groupOfNames
Definition
Used to define entries for a group of names.
member of this group.
group.
Note: The definition in Directory Server differs from the standard definition. In the standard definition,
member
is an allowed attribute. Directory Server therefore allows a group to have
member
is a required attribute. In Directory Server,
no member.
This object class is defined in RFC 2256.
Superior Class
top
OID
2.5.6.9
Required Attributes
objectClass Defines the object classes for the entry.
cn (commonName) The group’s common name.
40 Red Hat Directory Server Schema Reference • May 2005
Allowed Attributes
businessCategory Type of business in which the group is engaged. description Text description of the group’s purpose.
member Distinguished name of a group member.
o (organizationName) Organization to which the group belongs. ou (organizationalUnitName) Organizational unit to which the group belongs.
owner Distinguished name of the person responsible for the
seeAlso URL to information relevant to the group.
groupOfUniqueNames
Definition
Used to define entries for a group of unique names.
Note: The definition in Directory Server differs from the standard definition. In the standard definition,
uniquemember
have no member.
uniquemember
is an allowed attribute. Directory Server therefore allows a group to
group.
is a required attribute. In Directory Server,
This object class is defined in RFC 2256.
Superior Class
top
OID
2.5.6.17
Required Attributes
objectClass Defines the object classes for the entry.
cn (commonName) The group’s common name.
Chapter 2 Object Class Reference 41
Allowed Attributes
businessCategory Type of business in which the group is engaged. description Text description of the group’s purpose.
o (organizationName) Organization to which the group belongs.
ou (organizationalUnitName) Organizational unit to which the group belongs. owner Distinguished name of the person responsible for the
seeAlso URL to information relevant to the group. uniqueMember Distinguished name of a unique group member.
groupOfURLs
Definition
An auxiliary object class of consists of a list of labeled URLs.
group.
groupOfUniqueNames
or
groupOfNames
. The group
This object class is defined in Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.33
Required Attributes
objectClass Defines the object classes for the entry.
cn (commonName) The group’s common name.
Allowed Attributes
businessCategory Type of business in which the group is engaged.
description Text description of the group’s purpose. memberURL URL associated with each member of the group.
42 Red Hat Directory Server Schema Reference • May 2005
o (organizationName) Organization to which the group belongs.
ou (organizationalUnitName) Organizational unit to which the group belongs.
owner Distinguished name of the person responsible for the
seeAlso URL to information relevant to the group.
inetOrgPerson
Definition
Used to define entries representing people in an organization’s enterprise network. Inherits
This object class is defined in RFC 2798.
Superior Class
person
OID
2.16.840.1.113730.3.2.2
cn (commonName)
group.
and
sn (surname)
from the
person
object class.
Required Attributes
objectClass Defines the object classes for the entry.
cn (commonName) The person’s common name.
sn (surname) The person’s surname or last name.
Allowed Attributes
audio Stores a sound file in binary format.
businessCategory Type of business in which the person is engaged. carLicense The license plate number of the person’s vehicle.
departmentNumber Department for which the person works.
description Text description of the person.
Chapter 2 Object Class Reference 43
destinationIndicator Country and city associated with the entry; needed to
provide Public Telegram Service.
displayName Preferred name of a person to be used when displaying
entries.
employeeNumber The person’s employee number.
employeeType The person’s type of employment (for example, full
time).
fax
The person’s fax number.
(facsimileTelephoneNumber)
givenName The person’s given or first name.
homePhone The person’s home phone number. homePostalAddress The person’s home mailing adress.
initials The person’s initials.
internationalISDNNumber The person’s ISDN number. jpegPhoto Photo in JPEG format.
l (localityName) Place where the person is located.
labeledURI URL that is relevant to the person. mail The person’s email address.
manager Distinguished name of the object’s manager.
mobile The person’s mobile phone number. o (organizationName) Organization to which the person belongs.
ou
Organizational unit to which the person belongs.
(organizationalUnitName) pager The person’s pager number.
photo Photo of the person, in binary form.
physicalDeliveryOfficeName Location where physical deliveries can be made to the
postOfficeBox The person’s post office box.
postalAddress The person’s mailing address. postalCode The postal code for this address (such as a United States
preferredDeliveryMethod The person’s preferred method of contact or delivery.
44 Red Hat Directory Server Schema Reference • May 2005
person.
zip code).
preferredLanguage The person’s preferred written or spoken language.
registeredAddress Postal address suitable for reception of expediated
documents, where the recipient must verify delivery.
roomNumber The room number where the person is located.
secretary Distinguished name of the person’s secretary or
administrative assistant.
seeAlso URL to information relevant to the person.
st (stateOrProvinceName) State or province where the person is located.
street Street address where the person is located. telephoneNumber The person’s telephone number.
teletexTerminalIdentifier Identifier for the person’s teletex terminal.
telexNumber The person’s telex number. title The person’s job title.
uid (userID) Identifies the person’s user ID (usually the logon ID).
userCertificate Stores a user’s certificate in cleartext (not used). userPassword Password with which the entry can bind to the directory.
userSMIMECertificate Stores a user’s certificate in binary form. Used by
x121Address X.121 address of the person.
x500UniqueIdentifier Reserved.
labeledURIObject
Definition
This object class can be added to existing directory objects to allow for inclusion of URI values. This approach does not preclude including the type directly in other object classes as appropriate.
This object class is defined in RFC 2079.
Superior Class
top
Netscape Communicator for S/MIME.
labeledURI
attribute
Chapter 2 Object Class Reference 45
locality
OID
1.3.6.1.4.1.250.3.15
Required Attributes
objectClass Defines the object classes for the entry.
Allowed Attributes
labeledURI Universal Resource Locator that is relevant to the entry.
Definition
Used to define entries that represent localities or geographic areas.
This object class is defined in RFC 2256.
Superior Class
top
OID
2.5.6.3
Required Attributes
objectClass Defines the object classes for the entry.
Allowed Attributes
description Text description of the locality. l (localityName) Place where the entry is located.
searchGuide Specifies information for a suggested search criteria
when using the entry as the base object in the directory tree for a search operation.
46 Red Hat Directory Server Schema Reference • May 2005
seeAlso URL to information relevant to the locality.
st (stateOrProvinceName) State or province to which the locality belongs.
street Street address associated with the locality.
mailGroup
Definition
Defines the mail attributes for a group.
This object class is defined in Netscape Messaging Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.4
Required Attributes
objectClass Defines the object classes for the entry.
Allowed Attributes
cn (commonName) The common name of the group.
mail The email address of the group.
mailAlternateAddress Identifies alternate email addresses used by a person. mailHost Name of the server which sends and receives email for
the mail group.
owner The DN of the person responsible for the entry.
Chapter 2 Object Class Reference 47
newPilotPerson
Definition
Used as a subclass of to be assigned to entries of the
sn (surname)
This object class is defined in Internet White Pages Pilot.
Superior Class
person
OID
0.9.2342.19200300.100.4.4
Required Attributes
objectClass Defines the object classes for the entry.
cn (commonName) The person’s common name. sn (surname) The person’s surname or last name.
person
from the
to allow the use of a number of additional attributes
person
person
object class.
object class. Inherits
cn (commonName)
and
Allowed Attributes
businessCategory Type of business in which this person is engaged. description Text description of the person.
drink (favoriteDrink) The person’s favorite drink.
homePhone The person’s home phone number. homePostalAddress The person’s home mailing address.
janetMailbox The person’s email address.
mail The person’s email address. mailPreferenceOption Indicates a preference for inclusion of the person’s name
mobile The person’s mobile phone number. organizationalStatus The common job category for the person’s function.
otherMailbox Values for electronic mailbox types other than X.400 and
48 Red Hat Directory Server Schema Reference • May 2005
on mailing lists (electronic or physical).
rfc822.
pager The person’s pager number.
personalSignature The person’s signature file.
personalTitle The person’s honorific. preferredDeliveryMethod The person’s preferred method of contact or delivery.
roomNumber The person’s room number.
secretary Distinguished name of the person’s secretary or
administrative assistant.
seeAlso URL to information relevant to the person.
telephoneNumber The person’s telephone number. textEncodedORAddress The person’s text-encoded Originator/Recipient (X.400)
address.
uid (userID) Identifies the person’s user ID (usually the logon ID). userClass Identifies the type of computer user this entry is.
userPassword Password with which the entry can bind to the directory.
nsComplexRoleDefinition
Definition
Any role that is not a simple role is, by definition, a complex role.
This object class is defined in Directory Server.
Superior Class
nsRoleDefinition
OID
2.16.840.1.113730.3.2.95
Required Attributes
objectClass Defines the object classes for the entry.
Chapter 2 Object Class Reference 49
Allowed Attributes
cn (commonName) The entry’s common name. description Text description of the entry.
nsFilteredRoleDefinition
Definition
Specifies assignment of entries to the role, depending upon the attributes contained by each entry.
This object class is defined in Directory Server.
Superior Class
nsComplexRoleDefinition
OID
2.16.840.1.113730.3.2.97
Required Attributes
objectClass Defines the object classes for the entry.
nsRoleFilter Specifies the filter assigned to an entry.
Allowed Attributes
cn (commonName) The entry’s common name.
description Text description of the entry.
50 Red Hat Directory Server Schema Reference • May 2005
nsLicenseUser
Definition
Used to track licenses for servers that are licensed on a per-client basis.
nsLicenseUser
can manage the contents of this object class through the Users and Groups area of the Red Hat Administration Server.
This object class is defined in the Administration Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.7
Required Attributes
objectClass Defines the object classes for the entry.
is intended to be used with the
inetOrgPerson
object class. You
Allowed Attributes
nsLicensedFor Server that the user is licensed to use.
nsLicenseEndTime Reserved for future use.
nsLicenseStartTime Reserved for future use.
nsManagedRoleDefinition
Definition
Specifies assignment of a role to an explicit, enumerated list of members.
This object class is defined in Directory Server.
Superior Class
nsSimpleRoleDefinition
Chapter 2 Object Class Reference 51
OID
2.16.840.1.113730.3.2.96
Required Attributes
objectClass Defines the object classes for the entry.
Allowed Attributes
cn (commonName) The entry’s common name. description Text description of the entry.
nsNestedRoleDefinition
Definition
Specifies containment of one or more roles of any type within the role.
This object class is defined in Directory Server.
Superior Class
nsComplexRoleDefinition
OID
2.16.840.1.113730.3.2.98
Required Attributes
objectClass Defines the object classes for the entry.
nsRoleDn Specifies the roles assigned to an entry.
Allowed Attributes
cn (commonName) The entry’s common name.
description Text description of the entry.
52 Red Hat Directory Server Schema Reference • May 2005
nsRoleDefinition
Definition
All role definition object classes inherit from the
This object class is defined in Directory Server.
Superior Class
ldapSubEntry
OID
2.16.840.1.113730.3.2.93
Required Attributes
objectClass Defines the object classes for the entry.
Allowed Attributes
cn (commonName) The entry’s common name.
nsRoleDefinition
object class.
description Text description of the entry.
nsSimpleRoleDefinition
Definition
Roles containing this object class are called simple roles because they have a deliberately limited flexibility, which makes it easy to:
Enumerate the members of a role.
Determine whether a given entry possesses a particular role.
Enumerate all the roles possessed by a given entry.
Assign a particular role to a given entry.
Remove a particular role from a given entry.
This object class is defined in Directory Server.
Chapter 2 Object Class Reference 53
ntGroup
Superior Class
nsRoleDefinition
OID
2.16.840.1.113730.3.2.94
Required Attributes
objectClass Defines the object classes for the entry.
Allowed Attributes
cn (commonName) The entry’s common name.
description Text description of the entry.
Definition
Holds data for a group entry stored in a Windows Active Directory or NT server. Several Directory Server attributes correspond directly to or are mapped to match Windows group attributes. When you create a new group in the Directory Server that is to be synchronized with a Windows server group, Directory Server attributes will be assigned to the Windows entry as shown in the attribute table below. These attributes may then be added, modified, or deleted in the entry through either directory service.
Superior Class
top
OID
2.16.840.1.113730.3.2.9
Required Object Classes
mailGroup Allows the mail attribute to be synchronized between
Windows and Directory Server groups.
54 Red Hat Directory Server Schema Reference • May 2005
Required Attributes
cn (commonName) The entry’s common name; corresponds to the Windows
name field.
ntGroupType Specifies the type of group.
objectClass Defines the object classes for the entry.
Allowed Attributes
description Text description of the group; corresponds to the
Windows comment field.
l (localityName) Place where the group is located.
member Specifies the members of the group.
ntGroupAttributes Pointer to a binary file containing information about the
group.
ntGroupCreateNewGroup Specifies whether a Windows account should be created
when this entry is created in the Directory Server.
ntGroupDeleteGroup Specifies whether the user's Windows account should be
deleted when this entry is deleted from the Directory Server.
ntGroupDomainId Specifies the domain ID string for the group.
ntUniqueId Generated ID number used by the server for operations
and identification.
ou (organizationalUnitName) Organizational unit to which the group belongs.
seeAlso URL to information relevant to the group.
Chapter 2 Object Class Reference 55
ntUser
Definition
Holds data for a user entry stored in a Windows Active Directory or NT server. Several Directory Server attributes correspond directly to or are mapped to match Windows user account fields. When you create a new person entry in the Directory Server that is to be synchronized with a Windows server, Directory Server attributes will be assigned to Windows user account fields as shown in the attribute table below. These attributes may then be added, modified, or deleted in the entry through either directory service.
Superior Class
top
OID
2.16.840.1.113730.3.2.8
Required Attributes
objectClass Defines the object classes for the entry. cn (commonName) The entry’s common name; corresponds to the Windows
name field.
ntUserDomainId Windows domain login ID.
Allowed Attributes
description Text description of the user; corresponds to the
destinationIndicator Country and city associated with the entry; needed to
fax (facsimileTelephoneNumber)
givenName The person’s given or first name.
homePhone The person’s home phone number. homePostalAddress The person’s home mailing adress.
initials The person’s initials.
l (localityName) Place where the user is located.
56 Red Hat Directory Server Schema Reference • May 2005
Windows comment field.
provide Public Telegram Service.
The person’s fax number.
mail The person’s email address.
manager The manager of the person.
mobile The person’s mobile phone number. ntUserAcctExpires Identifies when the user's Windows account will expire.
ntUserCodePage The user's code page.
ntUserCreateNewAccount Specifies whether a Windows account should be created
when this entry is created in the Directory Server.
ntUserDeleteAccount Specifies whether the user's Windows account should be
deleted when this entry is deleted from the Directory Server.
ntUserHomeDir Path to the user's home directory.
ntUserLastLogoff Time of the user's last logoff from the Windows server. ntUserLastLogon Time of the user's last logon to the Windows server.
ntUserLogonHours Identifies the times during which the user may log on.
ntUserMaxStorage Maximum disk space available to the user in the
Windows server.
ntUserParms Unicode string reserved for use by applications.
ntUserProfile Path to the user's Windows profile. ntUserScriptPath Path to the user's Windows login script.
ntUserWorkstations Windows workstations from which the user is allowed
to log into the Windows domain.
o (organizationName) Organization to which the person belongs.
ou (organizationalUnitName) Organizational unit to which the person belongs.
pager The person’s pager number. postalAddress The user’s mailing address.
postalCode The postal code for this address (such as a United States
zip code).
postOfficeBox The user’s post office box.
registeredAddress Postal address suitable for reception of expediated
documents, where the recipient must verify delivery.
seeAlso URL to information relevant to the user.
sn (surname) The entry’s surname or last name.
st (stateOrProvinceName) State or province where the user is located.
Chapter 2 Object Class Reference 57
street Street address where the user is located.
telephoneNumber Telephone number associated with the person.
teletexTerminalIdentifier Identifier for a telex terminal associated with the user. telexNumber Telex number associated with the user.
title The person’s job title.
userCertificate Stores a user’s certificate in cleartext (not used). x121Address X.121 address associated with the entry.
organization
Definition
Used to define entries that represent organizations. An organization is generally assumed to be a large, relatively static grouping within a larger corporation or enterprise.
This object class is defined in RFC 2256.
Superior Class
top
OID
2.5.6.4
Required Attributes
objectClass Defines the object classes for the entry. o (organizationName) The name of the organization.
Allowed Attributes
businessCategory Type of business in which the organization is engaged. description Text description of the organization.
destinationIndicator Country and city associated with the entry; needed to
provide Public Telegram Service.
58 Red Hat Directory Server Schema Reference • May 2005
fax (facsimileTelephoneNumber) The organization’s fax number.
internationalISDNNumber The organization’s ISDN number.
l (localityName) Place where the organization is located. physicalDeliveryOfficeName Location where physical deliveries can be made to the
organization.
postalAddress The organization’s mailing address. postalCode The postal code for this address (such as a United States
zip code).
postOfficeBox The organization’s post office box. preferredDeliveryMethod The organization’s preferred method of contact or
delivery.
registeredAddress Postal address suitable for reception of expedited
documents, when the recipient must verify delivery.
searchGuide Specifies information for suggested search criteria when
using the entry as the base object in the directory tree for a search operation.
seeAlso URL to information relevant to the organization.
st (stateOrProvinceName) State or province where the organization is located. street Street address where the organization is located.
telephoneNumber The organization’s telephone number.
teletexTerminalIdentifier Identifier for the organization’s teletex terminal. telexNumber The organization’s telex number.
userPassword Password with which the entry can bind to the
x121Address X.121 address of the organization.
organizationalPerson
Definition
Used to define entries for people employed by or associated with an organization.
cn (commonName)
This object class is defined in RFC 2256.
and
directory.
sn (surname)
are inherited from the
person
object class.
Chapter 2 Object Class Reference 59
Superior Class
person
OID
2.5.6.7
Required Attributes
objectClass Defines the object classes for the entry.
cn (commonName) The person’s common name. sn (surname) The person’s surname or last name.
Allowed Attributes
description Text description of the person. destinationIndicator Country and city associated with the person; needed to
provide Public Telegram Service.
fax (facsimileTelephoneNumber)
internationalISDNNumber The person’s ISDN number.
l (localityName) Place where the person is located.
ou (organizationalUnitName)
physicalDeliveryOfficeName Location where physical deliveries can be made to this
postalAddress The person’s mailing address.
postalCode The postal code for this address (such as a United States
postOfficeBox The person’s post office box.
preferredDeliveryMethod The person’s preferred method of contact or delivery. registeredAddress Postal address suitable for reception of expedited
seeAlso URL to information relevant to the person. st (stateOrProvinceName) State or province where the person is located.
The person’s fax number.
Organizational unit to which the person belongs.
person.
zip code).
documents when the recipient must verify delivery.
street Street address where the person is located.
60 Red Hat Directory Server Schema Reference • May 2005
telephoneNumber The person’s telephone number.
teletexTerminalIdentifier Identifier for the person’s teletex terminal.
telexNumber The person’s telex number. title The person’s job title.
userPassword Password with which the entry can bind to the directory.
x121Address X.121 address of the person.
organizationalRole
Definition
Used to define entries that represent roles held by people within an organization.
This object class is defined in RFC 2256.
Superior Class
top
OID
2.5.6.8
Required Attributes
objectClass Defines the object classes for the entry.
cn (commonName) The role’s common name.
Allowed Attributes
description Text description of the role.
destinationIndicator Country and city associated with the entry; needed to
provide Public Telegram Service.
fax (facsimileTelephoneNumber) Fax number of the person in the role.
internationalISDNNumber ISDN number of the person in the role. l (localityName) Place where the person in the role is located.
Chapter 2 Object Class Reference 61
ou (organizationalUnitName) Organizational unit to which the person in the role
belongs.
physicalDeliveryOfficeName Location where physical deliveries can be made to the
person in the role.
postalAddress The mailing address for the person in the role.
postalCode The postal code for this address (such as a United States
zip code).
postOfficeBox The post office box for the person in the role.
preferredDeliveryMethod Preferred method of contact or delivery of the person in
the role.
registeredAddress Postal address suitable for reception of expedited
documents when the recipient must verify delivery.
roleOccupant Distinguished name of the person in the role.
seeAlso URL to information relevant to the person in the role.
st (stateOrProvinceName) State or province where the person in the role is located. street Street address where the person in the role is located.
telephoneNumber The person’s telephone number.
teletexTerminalIdentifier Identifier for the teletex terminal of the person in the
telexNumber Telex number of the person in the role.
x121Address X.121 address of the person in the role.
organizationalUnit
Definition
Used to define entries that represent organizational units. An organizational unit is generally assumed to be a relatively static grouping within a larger organization.
This object class is defined in RFC 2256.
Superior Class
top
role.
62 Red Hat Directory Server Schema Reference • May 2005
OID
2.5.6.5
Required Attributes
objectClass Defines the object classes for the entry.
ou
The name of the organizational unit.
(organizationalUnitName)
Allowed Attributes
businessCategory Type of business in which the organizational unit is
engaged.
description Text description of the organizational unit.
destinationIndicator Country and city associated with the organizational
unit; needed to provide Public Telegram Service.
fax (facsimileTelephoneNumber) The organizational unit’s fax number.
internationalISDNNumber The organizational unit’s ISDN number.
l (localityName) Place where the organizational unit is located. physicalDeliveryOfficeName Location where physical deliveries can be made to the
organizational unit.
postalAddress The organizational unit’s mailing address. postalCode The postal code for this address (such as a United States
zip code).
postOfficeBox The organizational unit’s post office box. preferredDeliveryMethod The organizational unit’s preferred method of contact or
registeredAddress Postal address suitable for reception of expedited
searchGuide Specifies information for suggested search criteria when
seeAlso URL to information relevant to the organizational unit.
st (stateOrProvinceName) State or province where the organizational unit is
delivery.
documents when the recipient must verify delivery.
using the entry as the base object in the directory tree for a search operation.
located.
Chapter 2 Object Class Reference 63
person
street Street address where the organizational unit is located.
telephoneNumber The organizational unit’s telephone number.
teletexTerminalIdentifier Identifier for the organizational unit’s teletex terminal. telexNumber The organization’s telex number.
userPassword Password with which the entry can bind to the
directory.
x121Address X.121 address of the organizational unit.
Definition
Used to define entries that generically represent people. This object class is the base class for the
organizationalPerson
object class.
This object class is defined in RFC 2256.
Superior Class
top
OID
2.5.6.6
Required Attributes
objectClass Defines the object classes for the entry. cn (commonName) The person’s common name.
sn (surname) The person’s surname or last name.
Allowed Attributes
description Text description of the person.
seeAlso URL to information relevant to the person.
telephoneNumber The person’s telephone number.
64 Red Hat Directory Server Schema Reference • May 2005
userPassword Password with which the entry can bind to the
pilotObject
Definition
Used as a subclass to allow additional attributes to be assigned to entries of all other object classes.
This object class is defined in RFC 1274.
Superior Class
top
OID
0.9.2342.19200300.100.4.3
Required Attributes
objectClass Defines the object classes for the entry.
directory.
Allowed Attributes
audio Stores a sound file in binary format. dITRedirect Distinguished name to use as a redirect for the entry.
info Information about the object.
jpegPhoto Photo in jpeg format. lastModifiedBy Distinguished name of the last user to modify the object.
lastModifiedTime Last time the object was modified.
manager Distinguished name of the object’s manager. photo Photo of the object.
uniqueIdentifier Specific item used to distinguish between two entries
when a distinguished name has been reused.
Chapter 2 Object Class Reference 65
pilotOrganization
Definition
Used as a subclass to allow additional attributes to be assigned to and
organizationalUnit
This object class is defined in RFC 1274.
Superior Class
top
OID
0.9.2342.19200300.100.4.20
Required Attributes
objectClass Defines the object classes for the entry.
o (organizationName) Organization to which the entry belongs. ou (organizationalUnitName) Organizational unit to which the entry belongs.
object class entries.
organization
Allowed Attributes
buildingName Name of the building where the entry is located. businessCategory Type of business in which the entry is engaged.
description Text description of the entry.
destinationIndicator Country and city associated with the pilot organization;
needed to provide Public Telegram Service.
fax (facsimileTelephoneNumber) The pilot organization’s fax number.
internationalISDNNumber The pilot organization’s ISDN number. l (localityName) Place where the pilot organization is located.
physicalDeliveryOfficeName Location where physical deliveries can be made to the
pilot organization.
postalAddress The pilot organization’s mailing address.
postalCode The postal code for this address (such as a United States
zip code).
postOfficeBox The pilot organization’s post office box.
66 Red Hat Directory Server Schema Reference • May 2005
preferredDeliveryMethod The pilot organization’s preferred method of contact or
delivery.
registeredAddress Postal address suitable for reception of expedited
documents when the recipient must verify delivery.
searchGuide Specifies information for suggested search criteria when
using the entry as the base object in the directory tree for a search operation.
seeAlso URL to information relevant to the pilot organization.
st (stateOrProvinceName) State or province where the pilot organization is located. street Street address where the pilot organization is located.
telephoneNumber The pilot organization’s telephone number.
teletexTerminalIdentifier Identifier for the pilot organization’s teletex terminal. telexNumber The pilot organization’s telex number.
userPassword Password with which the entry can bind to the directory.
x121Address X.121 address of the pilot organization.
residentialPerson
Definition
Used by the Directory Server to contain a person’s residential information.
This object class is defined in RFC 2256.
Superior Class
top
OID
2.5.6.10
Required Attributes
objectClass Defines the object classes for the entry.
cn (commonName) The person’s common name. l (localityName) Place in which the person resides.
sn (surname) The person’s surname or last name.
Chapter 2 Object Class Reference 67
Allowed Attributes
businessCategory Type of business in which the person is engaged. description Text description of the person.
destinationIndicator Country and city associated with the entry; needed to
provide Public Telegram Service.
fax (facsimileTelephoneNumber)
internationalISDNNumber The person’s ISDN number. physicalDeliveryOfficeName Location where physical deliveries can be made to the
postalAddress The person’s business mailing address. postalCode The postal code for this address (such as a United States
postOfficeBox The person’s business post office box. preferredDeliveryMethod The person’s preferred method of contact or delivery.
registeredAddress Postal address suitable for reception of expedited
seeAlso URL to information relevant to the person.
st (stateOrProvinceName) State or province where the person resides.
street Street address where the person is located. telephoneNumber The person’s telephone number.
teletexTerminalIdentifier Identifier for the person’s teletex terminal.
The person’s fax number.
person.
zip code).
documents when the recipient must verify delivery.
telexNumber The person’s telex number. userPassword Password with which the entry can bind to the directory.
x121Address X.121 address of the entry.
RFC822LocalPart
Definition
Used to define entries that represent the local part of RFC 822 mail addresses. The directory treats this part of an RFC 822 address as a domain.
This object class is defined in by the Internet Directory Pilot.
68 Red Hat Directory Server Schema Reference • May 2005
Superior Class
domain
OID
0.9.2342.19200300.100.4.14
Required Attributes
objectClass Defines the object classes for the entry.
dc (domainComponent) Domain component of the entry.
Allowed Attributes
associatedName Entry in the organizational directory tree associated with
a DNS domain.
businessCategory Type of business in which this local part is engaged.
cn (commonName) The local part’s common name.
description Text description of the local part. destinationIndicator Country and city associated with the entry; needed to
provide Public Telegram Service.
fax (facsimileTelephoneNumber) The local part’s fax number. internationalISDNNumber The local part’s ISDN number.
l (localityName) Place where the local part is located.
o (organizationName) Organization to which the local part belongs. physicalDeliveryOfficeName Location where physical deliveries can be made to the
local part.
postalAddress The local part’s mailing address. postalCode The postal code for this address (such as a United States
zip code).
postOfficeBox The local part’s post office box. preferredDeliveryMethod Local part’s preferred method of contact or delivery.
registeredAddress Postal address suitable for reception of expediated
documents, where the recipient must verify delivery.
Chapter 2 Object Class Reference 69
room
searchGuide Specifies information for suggested search criteria when
using the entry as the base object in the directory tree for a search operation.
seeAlso URL to information relevant to the local part.
sn (surname) The entry’s surname or last name.
st (stateOrProvinceName) State or province where the local part is located. street Street address where the local part is located.
telephoneNumber Telephone number associated with the local part.
teletexTerminalIdentifier Identifier for a telex terminal associated with the local
part.
telexNumber Telex number associated with the local part.
userPassword Password with which the entry can bind to the directory. x121Address X.121 address associated with the entry.
Definition
Used to store information in the directory about a room.
This object class is defined in RFC 1274.
Superior Class
top
OID
0.9.2342.19200300.100.4.7
Required Attributes
objectClass Defines the object classes for the entry. cn (commonName) Common name of the room.
Allowed Attributes
description Text description of the room.
70 Red Hat Directory Server Schema Reference • May 2005
roomNumber The room’s number.
seeAlso URL to information relevant to the room.
telephoneNumber The room’s telephone number.
strongAuthenticationUser
Definition
Used to store a user’s certificate entry in the directory.
This object class is defined in RFC 2256.
Superior Class
top
OID
2.5.6.15
Required Attributes
objectClass Defines the object classes for the entry.
userCertificate Stores a user’s certificate, usually in binary form.
simpleSecurityObject
Definition
Used to allow an entry to contain the principal object classes do not allow for future use.
This object class is defined in RFC 1274.
Superior Class
top
OID
0.9.2342.19200300.100.4.19
userPassword
userPassword
attribute when an entry's
as an attribute type. Reserved
Chapter 2 Object Class Reference 71
Required Attributes
objectClass Defines the object classes for the entry. userPassword Password with which the entry can bind to the directory.
72 Red Hat Directory Server Schema Reference • May 2005
Chapter 3
Attribute Reference
This chapter contains reference information about Red Hat Directory Server (Directory Server) attributes. The attributes are listed in alphabetical order with their definition, syntax, and OID.
For information on replication and synchronization attributes, refer to the Red Hat Directory Server Configuration, Command, and File Reference.
abstract
Definition
Provides an abstract of a document entry.
This attribute is defined in Internet White Pages Pilot.
Syntax
DirectoryString, multi-valued.
OID
0.9.2342.19200300.102.1.9
73
aliasedObjectName
Definition
Used by the Directory Server to identify alias entries in the directory. Contains the distinguished name of the entry for which it is an alias.
For example:
aliasedObjectName: uid=jdoe,ou=people,dc=example,dc=com
This attribute is defined in RFC 2256.
Syntax
DN, single-valued.
OID
2.5.4.1
associatedDomain
Definition
Specifies a DNS domain associated with an object in the directory tree. For example, the entry in the directory tree with a distinguished name
o=Example Corporation
domains should be represented in rfc822 order.
For example:
associatedDomain:US
This attribute is defined in RFC 1274.
Syntax
DirectoryString, multi-valued.
OID
0.9.2342.19200300.100.1.37
would have an associated domain of
c=US,
EC.US
. All
74 Red Hat Directory Server Schema Reference • May 2005
associatedName
Definition
Specifies an entry in the organizational directory tree associated with a DNS domain.
For example:
associatedName: c=us
This attribute is defined in RFC 1274.
Syntax
DN, multi-valued.
OID
0.9.2342.19200300.100.1.38
audio
authorCn
Definition
Contains a sound file in binary format. The attribute uses a file.
For example:
audio:: AAAAAA==
This attribute is defined in RFC 1274.
Syntax
Binary, multi-valued.
OID
0.9.2342.19200300.100.1.55
Definition
Contains the common name of the author of a document entry.
u-law
encoded sound
Chapter 3 Attribute Reference 75
authorSn
For example:
authorCn: Kacey
This attribute is defined in Internet White Pages Pilot.
Syntax
DirectoryString, multi-valued.
OID
0.9.2342.19200300.102.1.11
Definition
Contains the surname of the author of a document entry.
For example:
authorSn: Doe
This attribute is defined in Internet White Pages Pilot.
Syntax
DirectoryString, multi-valued.
OID
0.9.2342.19200300.102.1.12
authorityRevocationList
Definition
Contains a list of CA certificates that have been revoked. This attribute is to be stored and requested in the binary form, as
For example:
authorityrevocationlist;binary:: AAAAAA==
This attribute is defined in RFC 2256.
authorityRevocationList;binary
.
76 Red Hat Directory Server Schema Reference • May 2005
Syntax
Binary, multi-valued.
OID
2.5.4.38
buildingName
Definition
Defines the building name associated with the entry.
For example:
buildingName: 14
This attribute is defined in RFC 1274.
Syntax
DirectoryString, multi-valued.
OID
0.9.2342.19200300.100.1.48
businessCategory
Definition
Identifies the type of business in which the entry is engaged. This should be a broad generalization, such as the corporate division level.
For example:
businessCategory: Engineering
This attribute is defined in RFC 2256.
Syntax
DirectoryString, multi-valued.
OID
2.5.4.15
Chapter 3 Attribute Reference 77
c (countryName)
Definition
Contains the two-character code representing country names, as defined by ISO, in the directory.
For example:
countryName: IE
or
c: IE
This attribute is defined in RFC 2256.
Syntax
DirectoryString, single-valued.
OID
2.5.4.6
cACertificate
Definition
Contains the CA’s certificate. This attribute is to be stored and requested in the binary form, as
For example:
cacertificate;binary:: AAAAAA==
This attribute is defined in RFC 2256.
Syntax
Binary, multi-valued.
OID
2.5.4.37
cACertificate;binary
.
78 Red Hat Directory Server Schema Reference • May 2005
carLicense
Definition
Identifies the entry’s automobile license plate number.
For example:
carLicense: 6ABC246
This attribute is defined in RFC 2798.
Syntax
DirectoryString, multi-valued.
OID
2.16.840.1.113730.3.1.1
certificateRevocationList
Definition
Contains a list of revoked user certificates. This attribute is to be stored and requested in the binary form, as
certificateRevocationList;binary
.
For example:
certificateRevocationList;binary:: AAAAAA==
This attribute is defined in RFC 2256.
Syntax
Binary, multi-valued.
OID
2.5.4.39
cn (commonName)
Definition
Identifies the name of an object in the directory. When the object corresponds to a person, the cn is typically the person’s full name.
Chapter 3 Attribute Reference 79
When identifying the entry’s common name or full name:
commonName: Bill Anderson
or
cn: Bill Anderson
When in reference to
commonName: replicater.example.com:17430/o%3Dexample%2Cc%3us
LDAPReplica
or
cn: replicater.example.com:17430/o%3Dexample%2Cc%3us
This attribute is defined in RFC 2256.
Syntax
DirectoryString, multi-valued.
OID
2.5.4.3
co (friendlyCountryName)
Definition
Contains the name of a country. Often, the two-character code for a country, and the to describe the actual country name.
or
LDAPServer
friendlyCountryName
country
object classes:
attribute is used to describe a
attribute is used
For example:
friendlyCountryName: Ireland
or
co: Ireland
This attribute is defined in RFC 1274.
Syntax
DirectoryString, multi-valued.
OID
0.9.2342.19200300.100.1.43
80 Red Hat Directory Server Schema Reference • May 2005
cosAttribute
Description
Provides the name of the attribute for which you want to generate a value. You can specify more than one CoS definition entries.
This attribute is defined in Directory Server.
Syntax
Directory String, multi-valued.
OID
2.16.840.1.113730.3.1.550
cosIndirectSpecifier
Description
Specifies the attribute values used by an indirect CoS to identify the template entry.
cosAttribute
value. This attribute is used by all types of
This attribute is defined in Directory Server.
Syntax
DirectoryString, single-valued.
OID
2.16.840.1.113730.3.1.577
cosPriority
Definition
Specifies which template provides the attribute value when CoS templates compete to provide an attribute value. This attribute represents the global priority of a particular template. A priority of zero is the highest priority.
This attribute is defined in Directory Server.
Chapter 3 Attribute Reference 81
Syntax
INTEGER, single-valued.
OID
2.16.840.1.113730.3.1.569
cosSpecifier
Description
Specifies the attribute value used by a classic CoS, which, along with the template entry’s DN, identifies the template entry.
This attribute is defined in Directory Server.
Syntax
DirectoryString, single-valued.
OID
2.16.840.1.113730.3.1.551
cosTargetTree
Definition
Determines the subtrees of the DIT to which the CoS schema applies. The values for this attribute for the schema and for multiple CoS schema may overlap their target trees in an arbitrary fashion.
This attribute is defined in Directory Server.
Syntax
DirectoryString, single-valued.
OID
2.16.840.1.113730.3.1.552
82 Red Hat Directory Server Schema Reference • May 2005
cosTemplateDn
Definition
The DN of the template entry which contains a list of the shared attribute values. Changes to the template entry attribute values are automatically applied to all the entries within the scope of the CoS. A single CoS might have more than one template entry associated with it.
This attribute is defined in Directory Server.
Syntax
DirectoryString, single-valued.
OID
2.16.840.1.113730.3.1.553
crossCertificatePair
Definition
This attribute is to be stored and requested in the binary form, as
crossCertificatePair;binary
.
For example:
crosscertificatepair;binary:: AAAAAA==
This attribute is defined in RFC 2256.
Syntax
Binary, multi-valued.
OID
2.5.4.40
dc (domainComponent)
Definition
Specifies one component of a domain name.
For example:
Chapter 3 Attribute Reference 83
domainComponent: example
or
dc: example
This attribute is defined in RFC 2247.
Syntax
DirectoryString, single-valued.
OID
0.9.2342.19200300.100.1.25
deltaRevocationList
Definition
This attribute is to be stored and requested in the binary form, as
deltaRevocationList;binary
This attribute is defined in RFC 2256.
.
Syntax
Binary, multi-valued.
OID
2.5.4.53
departmentNumber
Definition
Identifies the entry’s department number.
For example:
departmentNumber: 2604
This attribute is defined in RFC 2798.
Syntax
DirectoryString, multi-valued.
84 Red Hat Directory Server Schema Reference • May 2005
OID
2.16.840.1.113730.3.1.2
description
Definition
Provides a human-readable description of the object. For
organization
For example:
description: Quality control inspector for the ME2873 product line.
This attribute is defined in RFC 2256.
Syntax
DirectoryString, multi-valued.
OID
2.5.4.13
person
, this often includes their role or work assignment.
and
destinationIndicator
Definition
The country and city associated with the entry; needed to provide Public Telegram Service. Generally used in conjunction with
For example:
destinationIndicator: Stow, Ohio, USA
This attribute is defined in RFC 2256.
Syntax
DirectoryString, multi-valued.
OID
2.5.4.27
registeredAddress
Chapter 3 Attribute Reference 85
.
displayName
Definition
Preferred name of a person to be used when displaying entries. Especially useful in displaying a preferred name for an entry within a one-line summary list. Since other attribute types, such as cn, are multivalued, they can not be used to display a preferred name.
For example:
displayName: Michigan Smith
This attribute is defined in RFC 2798.
Syntax
DirectoryString, single-valued.
OID
2.16.840.1.113730.3.1.241
dITRedirect
Definition
Used to indicate that the object described by one entry now has a newer entry in the directory tree. This attribute may be used when an individual’s place of work changes, and the individual acquires a new organizational DN.
For example:
ditRedirect: cn=jdoe, o=example.com
This attribute is defined in RFC 1274.
Syntax
DN
OID
0.9.2342.19200300.100.1.54
86 Red Hat Directory Server Schema Reference • May 2005
dmdName
Definition
The value of this attribute specifies a directory management domain (DMD), the administrative authority which operates the Directory Server.
This attribute is defined in RFC 2256.
Syntax
DirectoryString, multi-valued.
OID
2.5.4.54
dn (distinguishedName)
Definition
Defines the distinguished name (DN) for the entry.
For example:
dn: uid=Jane Doe,ou=Quality Control,dc=example,dc=com
This attribute is defined in RFC 2256.
Syntax
DN
OID
2.5.4.49
dNSRecord
Definition
Specifies DNS resource records, including type A (Address), type MX (Mail Exchange), type NS (Name Server), and type SOA (Start of Authority) resource records.
For example:
Chapter 3 Attribute Reference 87
dNSRecord: IN NS ns.uu.net
This attribute is defined in Internet directory pilot.
Syntax
IA5String, multi-valued.
OID
0.9.2342.19200300.100.1.26
documentAuthor
Definition
Contains the distinguished name of the author of a document entry.
For example:
documentAuthor: uid=John Doe,ou=People,dc=example,dc=com
This attribute is defined in RFC 1274.
Syntax
DN, multi-valued.
OID
0.9.2342.19200300.100.1.14
documentIdentifier
Definition
Specifies a unique identifier for a document.
For example:
documentIdentifier: L3204REV1
This attribute is defined in RFC 1274.
Syntax
DirectoryString, multi-valued.
88 Red Hat Directory Server Schema Reference • May 2005
OID
0.9.2342.19200300.100.1.11
documentLocation
Definition
Defines the location of the original copy of a document entry.
For example:
documentLocation: Department Library
This attribute is defined in RFC 1274.
Syntax
DirectoryString, multi-valued.
OID
0.9.2342.19200300.100.1.15
documentPublisher
Definition
The person and/or organization that published a document.
For example:
documentPublisher: Southeastern Publishing
This attribute is defined in RFC 1274.
Syntax
DirectoryString, single-valued.
OID
0.9.2342.19200300.100.1.56
Chapter 3 Attribute Reference 89
documentStore
Definition
Contains information on where the document is stored. This attribute is defined in Internet White Pages Pilot.
Syntax
DirectoryString, multi-valued.
OID
0.9.2342.19200300.102.1.10
documentTitle
Definition
Contains the title of a document entry.
For example:
documentTitle: Red Hat Directory Server Administrator’s Guide
This attribute is defined in RFC 1274.
Syntax
DirectoryString, multi-valued.
OID
0.9.2342.19200300.100.1.12
documentVersion
Definition
Defines the version of a document entry.
For example:
documentVersion: 1.1
This attribute is defined in RFC 1274.
90 Red Hat Directory Server Schema Reference • May 2005
Syntax
DirectoryString, multi-valued.
OID
0.9.2342.19200300.100.1.13
drink (favoriteDrink)
Definition
Describes the favorite drink of a person entry.
For example:
drink: soda
or
favoriteDrink: soda
This attribute is defined in RFC 1274.
Syntax
DirectoryString, multi-valued.
OID
0.9.2342.19200300.100.1.5
dSAQuality
Definition
Specifies the purported quality of a DSA. This attribute allows a DSA manager to indicate the expected level of availability of the DSA.
For example:
dSAQuality: high
This attribute is defined in RFC 1274.
Syntax
DirectoryString, single-valued.
Chapter 3 Attribute Reference 91
OID
0.9.2342.19200300.100.1.49
employeeNumber
Definition
Identifies the entry’s employee number.
For example:
employeeNumber: 3440
This attribute is defined in RFC 2798.
Syntax
DirectoryString, single-valued.
OID
2.16.840.1.113730.3.1.3
employeeType
Definition
Identifies the entry’s type of employment.
For example:
employeeType: Full time
This attribute is defined in RFC 2798.
Syntax
DirectoryString, multi-valued.
OID
2.16.840.1.113730.3.1.4
92 Red Hat Directory Server Schema Reference • May 2005
enhancedSearchGuide
Definition
Used by X.500 clients when construcing search filters.
For example:
enhancedSearchGuide: (uid=mhughes)
This attribute is defined in RFC 2798.
Syntax
DirectoryString, multi-valued.
OID
2.5.4.47
fax (facsimileTelephoneNumber)
Definition
Identifies the fax number at which the entry can be reached. Abbreviation:
fax
.
For example:
facsimileTelephoneNumber: +1 415 555 1212
or:
fax: +1 415 555 1212
This attribute is defined in RFC 2256.
Syntax
TelephoneNumber, multi-valued.
OID
2.5.4.23
Chapter 3 Attribute Reference 93
generationQualifier
Definition
Contains the generation qualifier part of the name, typically appearing in the suffix.
For example:
generationQualifier:III
This attribute is defined in RFC 2256.
Syntax
DirectoryString, multi-valued.
OID
2.5.4.44
givenName
Definition
Identifies the entry’s given name, usually a person’s first name.
For example:
givenName: Hecuba
This attribute is defined in RFC 2256.
Syntax
DirectoryString, multi-valued.
OID
2.5.4.42
homePhone
Definition
Identifies the entry’s home phone number.
For example:
94 Red Hat Directory Server Schema Reference • May 2005
homeTelephoneNumber: 415-555-1212
or
homePhone: 415-555-1234
This attribute is defined in RFC 1274.
Syntax
TelephoneNumber, multi-valued.
OID
0.9.2342.19200300.100.1.20
homePostalAddress
Definition
Identifies the entry’s home mailing address. This field is intended to include multiple lines, but each line within the entry should be separated by a dollar sign ($). To represent an actual dollar sign ($) or backslash (\) within this text, use the escaped hex values
\24
and
\5c
, respectively.
To identify an entry’s home mailing address:
homePostalAddress: 1234 Ridgeway Drive$Santa Clara, CA$99555
Additionally, to represent the string:
The dollar ($) value can be found in the c:\cost file.
provide the string:
The dollar (\24) value can be found$in the c:\5ccost file.
This attribute is defined in RFC 1274.
Syntax
DirectoryString, multi-valued.
OID
0.9.2342.19200300.100.1.39
Chapter 3 Attribute Reference 95
host
Definition
Defines the hostname of a computer.
For example:
host: mozilla
This attribute is defined in RFC 1274.
Syntax
DirectoryString, multi-valued.
OID
0.9.2342.19200300.100.1.9
houseIdentifier
Definition
Identifes a building in a location.
info
For example:
houseIdentifier: B105
This attribute is defined in RFC 2256.
Syntax
DirectoryString, multi-valued.
OID
2.5.4.51
Definition
Specifies any general information pertinent to an object. It is recommended that specific usage of this attribute type is avoided and that specific requirements are met by other (possibly additional) attribute types.
96 Red Hat Directory Server Schema Reference • May 2005
initials
For example:
info: not valid
This attribute is defined in RFC 1274.
Syntax
DirectoryString, multi-valued.
OID
0.9.2342.19200300.100.1.4
Definition
Identifies the entry’s initials. Does not identify the entry’s surname.
For example:
initials: BFA
This attribute is defined in RFC 2256.
Syntax
DirectoryString, multi-valued.
OID
2.5.4.43
internationalISDNNumber
Definition
Contains the ISDN number of the entry. This is in the internationally agreed format for ISDN addresses given in CCITT Rec. E. 164.
This attribute is defined in RFC 2256.
Syntax
IA5String, multi-valued.
Chapter 3 Attribute Reference 97
OID
2.5.4.25
janetMailbox
Definition
Specifies an email address. This attribute is intended for the convenience of U.K. users unfamiliar with RFC 822 mail addresses. Entries using this attribute must also include an
This attribute is defined in RFC 1274.
Syntax
DirectoryString, multi-valued.
OID
0.9.2342.19200300.100.1.46
rfc822Mailbox
attribute.
jpegPhoto
Definition
Contains a JPEG photo of the entry.
For example:
jpegPhoto:: AAAAAA==
This attribute is defined in RFC 2798.
Syntax
Binary, multi-valued.
OID
0.9.2342.19200300.100.1.60
98 Red Hat Directory Server Schema Reference • May 2005
keyWords
Definition
Contains keywords for the entry.
For example:
keyWords: directory LDAP X.500
This attribute is defined in Internet White Pages Pilot.
Syntax
DirectoryString, multi-valued.
OID
0.9.2342.19200300.102.1.7
knowledgeInformation
Definition
This attribute is no longer used.
This attribute is defined in RFC 2256.
Syntax
DirectoryString, multi-valued.
OID
2.5.4.2
l (localityName)
Definition
Identifies the county, city, or other geographical area in which the entry is located or with which it is in some other way associated.
For example:
localityName: Santa Clara
or
Chapter 3 Attribute Reference 99
l: Santa Clara
This attribute is defined in RFC 2256.
Syntax
DirectoryString, multi-valued.
OID
2.5.4.7
labeledURI
Definition
Specifies a Uniform Resource Identifier (URI) that is relevant in some way to the entry. Values placed in the attribute should consist of a URI (currently only URLs are supported) optionally followed by one or more space characters and a label.
For example:
labeledURI: http://home.example.com
labeledURI: http://home.example.com Red Hat website
This attribute is defined in RFC 2079.
Syntax
IA5String, multi-valued.
OID
1.3.6.1.4.1.250.1.57
lastModifiedBy
Definition
Specifies the distinguished name of the last user to modify the associated entry.
For example:
lastModifiedby: cn=Jane Doe,ou=Quality Control,o=example.com
This attribute is defined in RFC 1274.
100 Red Hat Directory Server Schema Reference • May 2005
Loading...