Page 1
Red Hat Directory
Server 8.1
Schema Reference
Ella Deon Lackey
Publication date: April 28, 2009, updated on January 11, 2010
Page 2
Schema Reference
Red Hat Directory Server 8.1 Schema Reference
Author Ella Deon Lackey
Copyright © 2008 Red Hat, Inc
Copyright © 2009 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons
Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available
at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this
document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert,
Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity
Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
All other trademarks are the property of their respective owners.
1801 Varsity Drive
Raleigh, NC 27606-2072 USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
PO Box 13588
Research Triangle Park, NC 27709 USA
Page 3
iii
Preface xv
1. Purpose and Contents ................................................................................................... xv
2. Prerequisite Reading ..................................................................................................... xv
3. Examples and Formatting .............................................................................................. xvi
4. Additional Reading ....................................................................................................... xvii
5. Giving Feedback ......................................................................................................... xviii
6. Documentation History ................................................................................................. xviii
1. About Directory Server Schema 1
1.1. Schema Definitions ...................................................................................................... 1
1.2. Default Directory Server Schema Files .......................................................................... 5
1.3. Object Identifiers (OIDs) ............................................................................................... 6
1.4. Extending the Schema ................................................................................................. 7
1.5. Schema Checking ........................................................................................................ 7
2. Directory Server Attribute Reference 9
2.1. abstract ....................................................................................................................... 9
2.2. accessTo ..................................................................................................................... 9
2.3. administratorContactInfo ............................................................................................... 9
2.4. adminRole ................................................................................................................... 9
2.5. adminUrl .................................................................................................................... 10
2.6. aliasedObjectName ..................................................................................................... 10
2.7. associatedDomain ...................................................................................................... 10
2.8. associatedName ......................................................................................................... 10
2.9. attributetypes .............................................................................................................. 11
2.10. audio ....................................................................................................................... 11
2.11. authorCn .................................................................................................................. 11
2.12. authorityRevocationList ............................................................................................. 11
2.13. authorSn .................................................................................................................. 12
2.14. automountInformation ............................................................................................... 12
2.15. bootFile .................................................................................................................... 12
2.16. bootParameter .......................................................................................................... 13
2.17. buildingName ........................................................................................................... 13
2.18. businessCategory ..................................................................................................... 13
2.19. c (countryName) ....................................................................................................... 13
2.20. cACertificate ............................................................................................................. 14
2.21. carLicense ................................................................................................................ 14
2.22. certificateRevocationList ............................................................................................ 14
2.23. cn (commonName) ................................................................................................... 15
2.24. co (friendlyCountryName) .......................................................................................... 15
2.25. cosAttribute .............................................................................................................. 15
2.26. cosIndirectSpecifier ................................................................................................... 15
2.27. cosPriority ................................................................................................................ 16
2.28. cosSpecifier .............................................................................................................. 16
2.29. cosTargetTree ........................................................................................................... 16
2.30. cosTemplateDn ......................................................................................................... 16
2.31. crossCertificatePair ................................................................................................... 17
2.32. dc (domainComponent) ............................................................................................. 17
2.33. deltaRevocationList ................................................................................................... 17
2.34. departmentNumber ................................................................................................... 17
2.35. description ................................................................................................................ 18
2.36. destinationIndicator ................................................................................................... 18
Page 4
Schema Reference
iv
2.37. displayName ............................................................................................................ 18
2.38. dITRedirect .............................................................................................................. 18
2.39. dmdName ................................................................................................................ 19
2.40. dn (distinguishedName) ............................................................................................ 19
2.41. dNSRecord .............................................................................................................. 19
2.42. documentAuthor ....................................................................................................... 19
2.43. documentIdentifier .................................................................................................... 20
2.44. documentLocation ..................................................................................................... 20
2.45. documentPublisher ................................................................................................... 20
2.46. documentStore ......................................................................................................... 20
2.47. documentTitle ........................................................................................................... 21
2.48. documentVersion ...................................................................................................... 21
2.49. drink (favouriteDrink) ................................................................................................. 21
2.50. dSAQuality ............................................................................................................... 21
2.51. employeeNumber ..................................................................................................... 22
2.52. employeeType .......................................................................................................... 22
2.53. enhancedSearchGuide .............................................................................................. 22
2.54. fax (facsimileTelephoneNumber) ................................................................................ 22
2.55. gecos ....................................................................................................................... 23
2.56. generationQualifier .................................................................................................... 23
2.57. gidNumber ............................................................................................................... 23
2.58. givenname ............................................................................................................... 24
2.59. homeDirectory .......................................................................................................... 24
2.60. homePhone .............................................................................................................. 24
2.61. homePostalAddress .................................................................................................. 25
2.62. host ......................................................................................................................... 25
2.63. houseIdentifier .......................................................................................................... 26
2.64. inetDomainBaseDN ................................................................................................... 26
2.65. inetDomainStatus ..................................................................................................... 26
2.66. inetSubscriberAccountId ............................................................................................ 26
2.67. inetSubscriberChallenge ............................................................................................ 26
2.68. inetSubscriberResponse ............................................................................................ 27
2.69. inetUserHttpURL ....................................................................................................... 27
2.70. inetUserStatus .......................................................................................................... 27
2.71. info .......................................................................................................................... 27
2.72. initials ...................................................................................................................... 28
2.73. installationTimeStamp ............................................................................................... 28
2.74. internationalISDNNumber .......................................................................................... 28
2.75. ipHostNumber .......................................................................................................... 28
2.76. ipNetmaskNumber .................................................................................................... 29
2.77. ipNetworkNumber ..................................................................................................... 29
2.78. ipProtocolNumber ..................................................................................................... 29
2.79. ipServicePort ............................................................................................................ 30
2.80. ipServiceProtocol ...................................................................................................... 30
2.81. janetMailbox ............................................................................................................. 30
2.82. jpegPhoto ................................................................................................................. 31
2.83. keyWords ................................................................................................................. 31
2.84. knowledgeInformation ............................................................................................... 31
2.85. l (localityName) ........................................................................................................ 31
2.86. labeledURI ............................................................................................................... 32
2.87. lastModifiedBy .......................................................................................................... 32
Page 5
v
2.88. lastModifiedTime ....................................................................................................... 32
2.89. loginShell ................................................................................................................. 32
2.90. macAddress ............................................................................................................. 33
2.91. mail ......................................................................................................................... 33
2.92. mailAccessDomain ................................................................................................... 33
2.93. mailAlternateAddress ................................................................................................ 34
2.94. mailAutoReplyMode .................................................................................................. 34
2.95. mailAutoReplyText .................................................................................................... 34
2.96. mailDeliveryOption .................................................................................................... 34
2.97. mailEnhancedUniqueMember .................................................................................... 35
2.98. mailForwardingAddress ............................................................................................. 35
2.99. mailHost ................................................................................................................... 35
2.100. mailMessageStore .................................................................................................. 35
2.101. mailPreferenceOption .............................................................................................. 35
2.102. mailProgramDeliveryInfo .......................................................................................... 36
2.103. mailQuota ............................................................................................................... 36
2.104. mailRoutingAddress ................................................................................................ 36
2.105. manager ................................................................................................................. 36
2.106. member .................................................................................................................. 37
2.107. memberCertificateDescription .................................................................................. 37
2.108. memberNisNetgroup ............................................................................................... 38
2.109. memberOf .............................................................................................................. 38
2.110. memberUid ............................................................................................................. 38
2.111. memberURL ........................................................................................................... 39
2.112. mgrpAddHeader ...................................................................................................... 39
2.113. mgrpAllowedBroadcaster ......................................................................................... 39
2.114. mgrpAllowedDomain ............................................................................................... 39
2.115. mgrpApprovePassword ............................................................................................ 40
2.116. mgrpBroadcasterPolicy ............................................................................................ 40
2.117. mgrpDeliverTo ......................................................................................................... 40
2.118. mgrpErrorsTo .......................................................................................................... 40
2.119. mgrpModerator ....................................................................................................... 40
2.120. mgrpMsgMaxSize ................................................................................................... 41
2.121. mgrpMsgRejectAction ............................................................................................. 41
2.122. mgrpMsgRejectText ................................................................................................. 41
2.123. mgrpNoDuplicateChecks ......................................................................................... 41
2.124. mgrpRemoveHeader ............................................................................................... 41
2.125. mgrpRFC822MailMember ........................................................................................ 42
2.126. mobile .................................................................................................................... 42
2.127. mozillaCustom1 ...................................................................................................... 42
2.128. mozillaCustom2 ...................................................................................................... 42
2.129. mozillaCustom3 ...................................................................................................... 42
2.130. mozillaCustom4 ...................................................................................................... 43
2.131. mozillaHomeCountryName ...................................................................................... 43
2.132. mozillaHomeLocalityName ....................................................................................... 43
2.133. mozillaHomePostalCode .......................................................................................... 43
2.134. mozillaHomeState ................................................................................................... 43
2.135. mozillaHomeStreet .................................................................................................. 44
2.136. mozillaHomeStreet2 ................................................................................................ 44
2.137. mozillaHomeUrl ...................................................................................................... 44
2.138. mozillaNickname (xmozillanickname) ....................................................................... 44
Page 6
Schema Reference
vi
2.139. mozillaSecondEmail (xmozillasecondemail) .............................................................. 44
2.140. mozillaUseHtmlMail (xmozillausehtmlmail) ................................................................ 45
2.141. mozillaWorkStreet2 ................................................................................................. 45
2.142. mozillaWorkUrl ........................................................................................................ 45
2.143. multiLineDescription ................................................................................................ 45
2.144. name ..................................................................................................................... 45
2.145. netscapeReversiblePassword .................................................................................. 46
2.146. NisMapEntry ........................................................................................................... 46
2.147. nisMapName .......................................................................................................... 46
2.148. nisNetgroupTriple .................................................................................................... 46
2.149. nsAccessLog .......................................................................................................... 47
2.150. nsAdminAccessAddresses ....................................................................................... 47
2.151. nsAdminAccessHosts .............................................................................................. 47
2.152. nsAdminAccountInfo ............................................................................................... 47
2.153. nsAdminCacheLifetime ............................................................................................ 48
2.154. nsAdminCgiWaitPid ................................................................................................. 48
2.155. nsAdminDomainName ............................................................................................. 48
2.156. nsAdminEnableEnduser .......................................................................................... 48
2.157. nsAdminEndUserHTMLIndex ................................................................................... 48
2.158. nsAdminGroupName ............................................................................................... 49
2.159. nsAdminOneACLDir ................................................................................................ 49
2.160. nsAdminSIEDN ....................................................................................................... 49
2.161. nsAdminUsers ........................................................................................................ 49
2.162. nsAIMid .................................................................................................................. 49
2.163. nsBaseDN .............................................................................................................. 50
2.164. nsBindDN ............................................................................................................... 50
2.165. nsBindPassword ..................................................................................................... 50
2.166. nsBuildNumber ....................................................................................................... 50
2.167. nsBuildSecurity ....................................................................................................... 50
2.168. nsCertConfig .......................................................................................................... 51
2.169. nsCertfile ................................................................................................................ 51
2.170. nsClassname .......................................................................................................... 51
2.171. nsConfigRoot .......................................................................................................... 51
2.172. nscpAIMScreenname .............................................................................................. 51
2.173. nsDefaultAcceptLanguage ....................................................................................... 52
2.174. nsDefaultObjectClass .............................................................................................. 52
2.175. nsDeleteclassname ................................................................................................. 52
2.176. nsDirectoryFailoverList ............................................................................................ 52
2.177. nsDirectoryInfoRef .................................................................................................. 52
2.178. nsDirectoryURL ...................................................................................................... 53
2.179. nsDisplayName ....................................................................................................... 53
2.180. nsErrorLog ............................................................................................................. 53
2.181. nsExecRef .............................................................................................................. 53
2.182. nsExpirationDate ..................................................................................................... 53
2.183. nsGroupRDNComponent ......................................................................................... 54
2.184. nsHardwarePlatform ................................................................................................ 54
2.185. nsHelpRef .............................................................................................................. 54
2.186. nsHostLocation ....................................................................................................... 54
2.187. nsICQid .................................................................................................................. 54
2.188. nsInstalledLocation ................................................................................................. 55
2.189. nsJarfilename ......................................................................................................... 55
Page 7
vii
2.190. nsKeyfile ................................................................................................................ 55
2.191. nsLdapSchemaVersion ............................................................................................ 55
2.192. nsLicensedFor ........................................................................................................ 55
2.193. nsLicenseEndTime .................................................................................................. 56
2.194. nsLicenseStartTime ................................................................................................. 56
2.195. nsLogSuppress ....................................................................................................... 56
2.196. nsmsgDisallowAccess ............................................................................................. 56
2.197. nsmsgNumMsgQuota .............................................................................................. 57
2.198. nsMSNid ................................................................................................................ 57
2.199. nsNickName ........................................................................................................... 57
2.200. nsNYR ................................................................................................................... 57
2.201. nsOsVersion ........................................................................................................... 57
2.202. nsPidLog ................................................................................................................ 58
2.203. nsPreference .......................................................................................................... 58
2.204. nsProductName ...................................................................................................... 58
2.205. nsProductVersion .................................................................................................... 58
2.206. nsRevisionNumber .................................................................................................. 58
2.207. nsSecureServerPort ................................................................................................ 59
2.208. nsSerialNumber ...................................................................................................... 59
2.209. nsServerAddress .................................................................................................... 59
2.210. nsServerCreationClassname .................................................................................... 59
2.211. nsServerID ............................................................................................................. 60
2.212. nsServerMigrationClassname .................................................................................. 60
2.213. nsServerPort .......................................................................................................... 60
2.214. nsServerSecurity ..................................................................................................... 60
2.215. nsSNMPContact ..................................................................................................... 61
2.216. nsSNMPDescription ................................................................................................ 61
2.217. nsSNMPEnabled ..................................................................................................... 61
2.218. nsSNMPLocation .................................................................................................... 61
2.219. nsSNMPMasterHost ................................................................................................ 61
2.220. nsSNMPMasterPort ................................................................................................. 62
2.221. nsSNMPOrganization .............................................................................................. 62
2.222. nsSSL2 .................................................................................................................. 62
2.223. nsSSL2Ciphers ....................................................................................................... 62
2.224. nsSSL3 .................................................................................................................. 62
2.225. nsSSL3Ciphers ....................................................................................................... 63
2.226. nsSSL3SessionTimeout ........................................................................................... 63
2.227. nsSSLActivation ...................................................................................................... 63
2.228. nsSSLclientauth ...................................................................................................... 63
2.229. nsSSLPersonalitySSL ............................................................................................. 64
2.230. nsSSLSessionTimeout ............................................................................................ 64
2.231. nsSSLSupportedCiphers ......................................................................................... 64
2.232. nsSSLToken ........................................................................................................... 64
2.233. nsSuiteSpotUser ..................................................................................................... 64
2.234. nsTaskLabel ........................................................................................................... 65
2.235. nsUniqueAttribute ................................................................................................... 65
2.236. nsUserIDFormat ..................................................................................................... 65
2.237. nsUserRDNComponent ........................................................................................... 65
2.238. nsValueBin ............................................................................................................. 65
2.239. nsValueCES ........................................................................................................... 66
2.240. nsValueCIS ............................................................................................................ 66
Page 8
Schema Reference
viii
2.241. nsValueDefault ........................................................................................................ 66
2.242. nsValueDescription ................................................................................................. 66
2.243. nsValueDN ............................................................................................................. 66
2.244. nsValueFlags .......................................................................................................... 66
2.245. nsValueHelpURL ..................................................................................................... 67
2.246. nsValueInt .............................................................................................................. 67
2.247. nsValueSyntax ........................................................................................................ 67
2.248. nsValueTel .............................................................................................................. 67
2.249. nsValueType ........................................................................................................... 67
2.250. nsVendor ................................................................................................................ 67
2.251. nsViewConfiguration ............................................................................................... 68
2.252. nsViewFilter ............................................................................................................ 68
2.253. nsWellKnownJarfiles ............................................................................................... 68
2.254. nswmExtendedUserPrefs ........................................................................................ 68
2.255. nsYIMid .................................................................................................................. 68
2.256. ntGroupAttributes .................................................................................................... 69
2.257. ntGroupCreateNewGroup ........................................................................................ 69
2.258. ntGroupDeleteGroup ............................................................................................... 69
2.259. ntGroupDomainId .................................................................................................... 69
2.260. ntGroupId ............................................................................................................... 70
2.261. ntGroupType ........................................................................................................... 70
2.262. ntUniqueId .............................................................................................................. 70
2.263. ntUserAcctExpires ................................................................................................... 71
2.264. ntUserAuthFlags ..................................................................................................... 71
2.265. ntUserBadPwCount ................................................................................................. 71
2.266. ntUserCodePage .................................................................................................... 71
2.267. ntUserComment ...................................................................................................... 72
2.268. ntUserCountryCode ................................................................................................. 72
2.269. ntUserCreateNewAccount ........................................................................................ 72
2.270. ntUserDeleteAccount ............................................................................................... 72
2.271. ntUserDomainId ...................................................................................................... 72
2.272. ntUserFlags ............................................................................................................ 73
2.273. ntUserHomeDir ....................................................................................................... 73
2.274. ntUserHomeDirDrive ............................................................................................... 73
2.275. ntUserLastLogoff ..................................................................................................... 73
2.276. ntUserLastLogon ..................................................................................................... 74
2.277. ntUserLogonHours .................................................................................................. 74
2.278. ntUserLogonServer ................................................................................................. 74
2.279. ntUserMaxStorage .................................................................................................. 74
2.280. ntUserNumLogons .................................................................................................. 75
2.281. ntUserParms .......................................................................................................... 75
2.282. ntUserPasswordExpired .......................................................................................... 75
2.283. ntUserPrimaryGroupId ............................................................................................. 75
2.284. ntUserPriv .............................................................................................................. 75
2.285. ntUserProfile ........................................................................................................... 76
2.286. ntUserScriptPath ..................................................................................................... 76
2.287. ntUserUniqueId ....................................................................................................... 76
2.288. ntUserUnitsPerWeek ............................................................................................... 76
2.289. ntUserUsrComment ................................................................................................. 77
2.290. ntUserWorkstations ................................................................................................. 77
2.291. o (organizationName) .............................................................................................. 77
Page 9
ix
2.292. objectClass ............................................................................................................. 77
2.293. objectClasses ......................................................................................................... 78
2.294. obsoletedByDocument ............................................................................................ 78
2.295. obsoletesDocument ................................................................................................. 78
2.296. oncRpcNumber ....................................................................................................... 78
2.297. organizationalStatus ................................................................................................ 79
2.298. otherMailbox ........................................................................................................... 79
2.299. ou (organizationalUnitName) ................................................................................... 79
2.300. owner ..................................................................................................................... 79
2.301. pager ..................................................................................................................... 80
2.302. pamExcludeSuffix ................................................................................................... 80
2.303. pamFallback ........................................................................................................... 80
2.304. pamIDAttr ............................................................................................................... 80
2.305. pamIDMapMethod ................................................................................................... 80
2.306. pamIncludeSuffix .................................................................................................... 81
2.307. pamMissingSuffix .................................................................................................... 81
2.308. pamSecure ............................................................................................................. 81
2.309. pamService ............................................................................................................ 81
2.310. parentOrganization .................................................................................................. 81
2.311. personalSignature ................................................................................................... 82
2.312. personalTitle ........................................................................................................... 82
2.313. photo ..................................................................................................................... 82
2.314. physicalDeliveryOfficeName .................................................................................... 82
2.315. postalAddress ......................................................................................................... 83
2.316. postalCode ............................................................................................................. 83
2.317. postOfficeBox ......................................................................................................... 83
2.318. preferredDeliveryMethod ......................................................................................... 84
2.319. preferredLanguage .................................................................................................. 84
2.320. preferredLocale ....................................................................................................... 84
2.321. preferredTimeZone .................................................................................................. 84
2.322. presentationAddress ............................................................................................... 85
2.323. protocolInformation ................................................................................................. 85
2.324. ref .......................................................................................................................... 85
2.325. registeredAddress ................................................................................................... 85
2.326. roleOccupant .......................................................................................................... 86
2.327. roomNumber .......................................................................................................... 86
2.328. searchGuide ........................................................................................................... 86
2.329. secretary ................................................................................................................ 86
2.330. seeAlso .................................................................................................................. 87
2.331. serialNumber .......................................................................................................... 87
2.332. serverHostName ..................................................................................................... 87
2.333. serverProductName ................................................................................................ 87
2.334. serverRoot .............................................................................................................. 88
2.335. serverVersionNumber .............................................................................................. 88
2.336. shadowExpire ......................................................................................................... 88
2.337. shadowFlag ............................................................................................................ 89
2.338. shadowInactive ....................................................................................................... 89
2.339. shadowLastChange ................................................................................................. 89
2.340. shadowMax ............................................................................................................ 90
2.341. shadowMin ............................................................................................................. 90
2.342. shadowWarning ...................................................................................................... 91
Page 10
Schema Reference
x
2.343. singleLevelQuality ................................................................................................... 91
2.344. sn (surname) .......................................................................................................... 91
2.345. st (stateOrProvinceName) ....................................................................................... 91
2.346. street ..................................................................................................................... 92
2.347. subject ................................................................................................................... 92
2.348. subtreeMaximumQuality .......................................................................................... 92
2.349. subtreeMinimumQuality ........................................................................................... 92
2.350. supportedAlgorithms ............................................................................................... 93
2.351. supportedApplicationContext .................................................................................... 93
2.352. telephoneNumber ................................................................................................... 93
2.353. teletexTerminalIdentifier ........................................................................................... 93
2.354. telexNumber ........................................................................................................... 94
2.355. textEncodedORAddress .......................................................................................... 94
2.356. title ......................................................................................................................... 94
2.357. ttl (TimeToLive) ....................................................................................................... 95
2.358. uid (userID) ............................................................................................................ 95
2.359. uidNumber .............................................................................................................. 95
2.360. uniqueIdentifier ....................................................................................................... 96
2.361. uniqueMember ........................................................................................................ 96
2.362. updatedByDocument ............................................................................................... 96
2.363. updatesDocument ................................................................................................... 96
2.364. userCertificate ........................................................................................................ 96
2.365. userClass ............................................................................................................... 97
2.366. userPassword ......................................................................................................... 97
2.367. userPKCS12 ........................................................................................................... 97
2.368. userSMIMECertificate .............................................................................................. 98
2.369. vacationEndDate ..................................................................................................... 98
2.370. vacationStartDate ................................................................................................... 98
2.371. x121Address .......................................................................................................... 98
2.372. x500UniqueIdentifier ............................................................................................... 98
3. Directory Server Object Class Reference 101
3.1. account .................................................................................................................... 101
3.2. alias ......................................................................................................................... 102
3.3. bootableDevice ......................................................................................................... 103
3.4. cacheObject ............................................................................................................. 104
3.5. cosClassicDefinition .................................................................................................. 104
3.6. cosDefinition ............................................................................................................. 105
3.7. cosIndirectDefinition .................................................................................................. 106
3.8. cosPointerDefinition .................................................................................................. 106
3.9. cosSuperDefinition .................................................................................................... 107
3.10. cosTemplate ........................................................................................................... 108
3.11. country ................................................................................................................... 108
3.12. dcObject ................................................................................................................. 109
3.13. device .................................................................................................................... 110
3.14. document ............................................................................................................... 110
3.15. documentSeries ...................................................................................................... 112
3.16. domain ................................................................................................................... 113
3.17. domainRelatedObject .............................................................................................. 114
3.18. dSA ....................................................................................................................... 115
3.19. extensibleObject ..................................................................................................... 116
3.20. friendlyCountry ....................................................................................................... 116
Page 11
xi
3.21. groupOfCertificates ................................................................................................. 117
3.22. groupOfMailEnhancedUniqueNames ........................................................................ 118
3.23. groupOfNames ....................................................................................................... 119
3.24. groupOfUniqueNames ............................................................................................. 119
3.25. groupOfURLs ......................................................................................................... 120
3.26. ieee802Device ........................................................................................................ 121
3.27. inetAdmin ............................................................................................................... 122
3.28. inetDomain ............................................................................................................. 123
3.29. inetOrgPerson ........................................................................................................ 123
3.30. inetSubscriber ......................................................................................................... 126
3.31. inetUser ................................................................................................................. 126
3.32. ipHost .................................................................................................................... 127
3.33. ipNetwork ............................................................................................................... 128
3.34. ipProtocol ............................................................................................................... 129
3.35. ipService ................................................................................................................ 130
3.36. labeledURIObject .................................................................................................... 130
3.37. locality .................................................................................................................... 131
3.38. mailGroup .............................................................................................................. 132
3.39. mailRecipient .......................................................................................................... 132
3.40. netscapeCertificateServer ........................................................................................ 133
3.41. netscapeDirectoryServer ......................................................................................... 134
3.42. NetscapeLinkedOrganization ................................................................................... 134
3.43. netscapeMachineData ............................................................................................. 135
3.44. NetscapePreferences .............................................................................................. 135
3.45. netscapeReversiblePasswordObject ......................................................................... 135
3.46. netscapeServer ....................................................................................................... 136
3.47. netscapeWebServer ................................................................................................ 137
3.48. newPilotPerson ....................................................................................................... 137
3.49. nisMap ................................................................................................................... 139
3.50. nisNetgroup ............................................................................................................ 139
3.51. nisObject ................................................................................................................ 140
3.52. nsAdminConfig ....................................................................................................... 141
3.53. nsAdminConsoleUser .............................................................................................. 142
3.54. nsAdminDomain ..................................................................................................... 142
3.55. nsAdminGlobalParameters ...................................................................................... 142
3.56. nsAdminGroup ........................................................................................................ 143
3.57. nsAdminObject ....................................................................................................... 144
3.58. nsAdminResourceEditorExtension ............................................................................ 144
3.59. nsAdminServer ....................................................................................................... 145
3.60. nsAIMpresence ....................................................................................................... 145
3.61. nsApplication .......................................................................................................... 146
3.62. nsCertificateServer .................................................................................................. 147
3.63. nsComplexRoleDefinition ......................................................................................... 148
3.64. nsContainer ............................................................................................................ 148
3.65. nsCustomView ........................................................................................................ 149
3.66. nsDefaultObjectClasses .......................................................................................... 149
3.67. nsDirectoryInfo ....................................................................................................... 149
3.68. nsDirectoryServer ................................................................................................... 150
3.69. nsEncryptionConfig ................................................................................................. 151
3.70. nsEncryptionModule ................................................................................................ 152
3.71. nsFilteredRoleDefinition ........................................................................................... 152
Page 12
Schema Reference
xii
3.72. nsGlobalParameters ................................................................................................ 153
3.73. nsHost ................................................................................................................... 154
3.74. nsICQpresence ....................................................................................................... 155
3.75. nsLicenseUser ........................................................................................................ 155
3.76. nsManagedRoleDefinition ........................................................................................ 156
3.77. nsMessagingServerUser .......................................................................................... 156
3.78. nsMSNpresence ..................................................................................................... 157
3.79. nsNestedRoleDefinition ........................................................................................... 158
3.80. nsResourceRef ....................................................................................................... 158
3.81. nsRoleDefinition ...................................................................................................... 159
3.82. nsSimpleRoleDefinition ............................................................................................ 159
3.83. nsSNMP ................................................................................................................. 160
3.84. nsTask ................................................................................................................... 161
3.85. nsTaskGroup .......................................................................................................... 162
3.86. nsTopologyCustomView ........................................................................................... 162
3.87. nsTopologyPlugin .................................................................................................... 163
3.88. nsValueItem ............................................................................................................ 163
3.89. nsView ................................................................................................................... 164
3.90. nsYIMpresence ....................................................................................................... 164
3.91. ntGroup .................................................................................................................. 165
3.92. ntUser .................................................................................................................... 166
3.93. oncRpc .................................................................................................................. 168
3.94. organization ............................................................................................................ 169
3.95. organizationalPerson ............................................................................................... 171
3.96. organizationalRole .................................................................................................. 172
3.97. organizationalUnit ................................................................................................... 173
3.98. pamConfig .............................................................................................................. 175
3.99. person .................................................................................................................... 176
3.100. pilotObject ............................................................................................................ 176
3.101. pilotOrganization ................................................................................................... 177
3.102. posixAccount ........................................................................................................ 179
3.103. posixGroup ........................................................................................................... 180
3.104. referral ................................................................................................................. 181
3.105. residentialPerson .................................................................................................. 181
3.106. RFC822LocalPart .................................................................................................. 182
3.107. room .................................................................................................................... 184
3.108. shadowAccount ..................................................................................................... 184
3.109. simpleSecurityObject ............................................................................................. 186
3.110. strongAuthenticationUser ....................................................................................... 186
4. Operational Attributes and Object Classes 187
4.1. accountUnlockTime ................................................................................................... 187
4.2. aci ........................................................................................................................... 187
4.3. altServer .................................................................................................................. 187
4.4. copiedFrom .............................................................................................................. 188
4.5. copyingFrom ............................................................................................................ 188
4.6. createTimestamp ...................................................................................................... 188
4.7. creatorsName ........................................................................................................... 188
4.8. dITContentRules ....................................................................................................... 188
4.9. dITStructureRules ..................................................................................................... 189
4.10. hasSubordinates ..................................................................................................... 189
4.11. LDAPsubentry ......................................................................................................... 189
Page 13
xiii
4.12. ldapSyntaxes .......................................................................................................... 190
4.13. matchingRules ........................................................................................................ 190
4.14. matchingRuleUse .................................................................................................... 190
4.15. modifyTimestamp .................................................................................................... 190
4.16. modifiersName ....................................................................................................... 190
4.17. nameForms ............................................................................................................ 191
4.18. namingContexts ...................................................................................................... 191
4.19. nsAccountLock ....................................................................................................... 191
4.20. nsAIMStatusGraphic ............................................................................................... 191
4.21. nsAIMStatusText ..................................................................................................... 191
4.22. nsBackendSuffix ..................................................................................................... 192
4.23. nscpEntryDN .......................................................................................................... 192
4.24. nsDS5ReplConflict .................................................................................................. 192
4.25. nsICQStatusGraphic ............................................................................................... 192
4.26. nsICQStatusText ..................................................................................................... 192
4.27. nsIdleTimeout ......................................................................................................... 193
4.28. nsLookThroughLimit ................................................................................................ 193
4.29. nsParentUniqueId ................................................................................................... 193
4.30. nsRole ................................................................................................................... 193
4.31. nsRoleDn ............................................................................................................... 194
4.32. nsRoleFilter ............................................................................................................ 194
4.33. nsSchemaCSN ....................................................................................................... 194
4.34. nsSizeLimit ............................................................................................................. 195
4.35. nsTimeLimit ............................................................................................................ 195
4.36. nsTombstone (Object Class) .................................................................................... 195
4.37. nsUniqueID ............................................................................................................ 196
4.38. nsYIMStatusGraphic ............................................................................................... 196
4.39. nsYIMStatusText ..................................................................................................... 196
4.40. numSubordinates .................................................................................................... 196
4.41. passwordGraceUserTime ........................................................................................ 196
4.42. passwordRetryCount ............................................................................................... 197
4.43. pwdpolicysubentry ................................................................................................... 197
4.44. subschemaSubentry ................................................................................................ 197
4.45. supportedControl .................................................................................................... 197
4.46. supportedExtension ................................................................................................. 197
4.47. supportedFeatures .................................................................................................. 198
4.48. supportedLDAPVersion ........................................................................................... 198
4.49. supportedSASLMechanisms .................................................................................... 198
4.50. vendorName ........................................................................................................... 198
4.51. vendorVersion ......................................................................................................... 198
4.52. glue (Object Class) ................................................................................................. 199
4.53. passwordObject (Object Class) ................................................................................ 199
4.54. subschema (Object Class) ...................................................................................... 200
Index 203
Page 14
xiv
Page 15
xv
Preface
Welcome to the Red Hat Directory Server Schema Reference. Red Hat Directory Server is a powerful
and scalable distributed directory server application that uses the Lightweight Directory Access
Protocol (LDAP) standard. Directory Server creates centralized and distributed data repositories for
use with an intranet, extranet, and Internet applications. Integrating Directory Server into a computing
infrastructure smooths interactions and services for customers, clients, and employees.
The Directory Server Schema Reference describes most of the common object classes and attributes
defined by standard Directory Server schema. This reference is intended for system administrators
who manage and maintain Red Hat Directory Server and define the directory schema.
1. Purpose and Contents
The schema reference covers information about attributes and object classes used by entries in the
Directory Server:
• An overview of some of the basic concepts of the directory schema, including lists and descriptions
of default schema files, and descriptions of object classes, attributes, object identifiers (OIDs),
schema checking, and extending server schema.
• Alphabetical lists of the standard attributes, with definitions of their use, OIDs, and attribute syntax.
• Alphabetical lists of the standard object classes with descriptions of the object class, OIDs, and lists
of required and allowed attributes. (The defined attributes for the object classes do not include the
required and allowed attributes which are inherited from any superior object classes.)
• Directory Server's operational attributes and special attributes and object classes used by the server
as part of its configuration, to perform tasks, or to manage databases.
This guide is intended as a reference for schema elements that are used to describe directory entries,
like users, groups, and equipment, and some schema elements that are used to organize data in the
directory, like views and roles.
However, this schema reference does not cover core schema used to configure the Directory Server
itself. The directory service is also configured as directory entries within the cn=config subtree. For
descriptions of those attributes, see the Configuration, Command, and File Reference.
2. Prerequisite Reading
This guide is a reference covering the standard schema and the standard object classes and
attributes. However, this guide does not describe how to design, customize or maintain the schema,
nor does it give any information on replication. Those concepts are described in the Deployment
Guide. Read that book before continuing with this manual.
Preliminary planning for your schema needs depends on deciding how to represent the data which will
be stored in the directory and the kinds of identities — different people, equipment, and facilities —
which will be represented. Chose predefined schema elements to meet as many of the data needs as
possible. These predefined schema elements are listed in this guide. After fully utilizing the standard
schema, then begin planning how to extend the schema.
Page 16
Preface
xvi
3. Examples and Formatting
Each of the examples used in this guide, such as file locations and commands, have certain defined
conventions.
3.1. Command and File Examples
All of the examples for Red Hat Directory Server commands, file locations, and other usage are given
for Red Hat Enterprise Linux 5 (32-bit) systems. Be certain to use the appropriate commands and files
for your platform.
To start the Red Hat Directory Server:
/etc/init.d/dirsv start
Example 1. Example Command
3.2. Tool Locations
The tools for Red Hat Directory Server are located in the /usr/bin and the /usr/sbin directories.
These tools can be run from any location without specifying the tool location.
3.3. LDAP Locations
There is another important consideration with the Red Hat Directory Server tools. The LDAP tools
referenced in this guide are Mozilla LDAP, installed with Red Hat Directory Server in the /usr/lib/
mozldap directory on Red Hat Enterprise Linux 5 (32-bit) (or /usr/lib64/mozldap for 64-bit
systems).
However, Red Hat Enterprise Linux systems also include LDAP tools from OpenLDAP in the /usr/
bin directory. It is possible to use the OpenLDAP commands as shown in the examples, but you must
use the -x argument to disable SASL, which OpenLDAP tools use by default.
3.4. Text Formatting and Styles
Certain words are represented in different fonts, styles, and weights. Different character formatting is
used to indicate the function or purpose of the phrase being highlighted.
Formatting Style Purpose
Monospace font Monospace is used for commands, package
names, files and directory paths, and any text
displayed in a prompt.
Monospace
with a
background
This type of formatting is used for anything
entered or returned in a command prompt.
Italicized text Any text which is italicized is a variable, such
as instance_name or hostname. Occasionally,
this is also used to emphasize a new term or
other phrase.
Bolded text Most phrases which are in bold are application
names, such as Cygwin, or are fields or
Page 17
Additional Reading
xvii
Formatting Style Purpose
options in a user interface, such as a User
Name Here: field or Save button.
Other formatting styles draw attention to important text.
NOTE
A note provides additional information that can help illustrate the behavior of the system or
provide more detail for a specific issue.
IMPORTANT
Important information is necessary, but possibly unexpected, such as a configuration
change that will not persist after a reboot.
WARNING
A warning indicates potential data loss, as may happen when tuning hardware for
maximum performance.
4. Additional Reading
The Directory Server Administrator's Guide describes how to set up, configure, and administer Red
Hat Directory Server and its contents. this manual does not describe many of the basic directory and
architectural concepts that you need to deploy, install, and administer a directory service successfully.
Those concepts are contained in the Red Hat Directory Server Deployment Guide. You should read
that book before continuing with this manual.
When you are familiar with Directory Server concepts and have done some preliminary planning for
your directory service, install the Directory Server. The instructions for installing the various Directory
Server components are contained in the Red Hat Directory Server Installation Guide. Many of the
scripts and commands used to install and administer the Directory Server are explained in detail in the
Red Hat Directory Server Configuration, Command, and File Reference.
Also, Managing Servers with Red Hat Console contains general background information on how to
use the Red Hat Console. You should read and understand the concepts in that book before you
attempt to administer Directory Server.
The document set for Directory Server contains the following guides:
• Red Hat Directory Server Release Notes contain important information on new features, fixed bugs,
known issues and workarounds, and other important deployment information for this specific version
of Directory Server.
• Red Hat Directory Server Deployment Guide provides an overview for planning a deployment of the
Directory Server.
• Red Hat Directory Server Administrator's Guide contains procedures for the day-to-day maintenance
of the directory service. Includes information on configuring server-side plug-ins.
Page 18
Preface
xviii
• Red Hat Directory Server Configuration, Command, and File Reference provides reference
information on the command-line scripts, configuration attributes, and log files shipped with
Directory Server.
• Red Hat Directory Server Installation Guide contains procedures for installing your Directory Server
as well as procedures for migrating from a previous installation of Directory Server.
• Red Hat Directory Server Schema Reference provides reference information about the Directory
Server schema.
• Red Hat Directory Server Plug-in Programmer's Guide describes how to write server plug-ins in
order to customize and extend the capabilities of Directory Server.
• Using Red Hat Console gives an overview of the primary user interface and how it interacts with
the Directory Server and Administration Server, as well as how to perform basic management tasks
through the main Console window.
• Using the Admin Server describes the different tasks and tools associated with the Administration
Server and how to use the Administration Server with the Configuration and User Directory Server
instances.
For the latest information about Directory Server, including current release notes, complete product
documentation, technical notes, and deployment information, see the Red Hat Directory Server
documentation site at http://www.redhat.com/docs/manuals/dir-server/.
5. Giving Feedback
If there is any error in this Schema Reference or there is any way to improve the documentation,
please let us know. Bugs can be filed against the documentation for Red Hat Directory Server through
Bugzilla, http://bugzilla.redhat.com/bugzilla. Make the bug report as specific as possible, so we can be
more effective in correcting any issues:
• Select the Red Hat Directory Server product.
• Set the component to Doc - schema-reference.
• Set the version number to 8.1.
• For errors, give the page number (for the PDF) or URL (for the HTML), and give a succinct
description of the problem, such as incorrect procedure or typo.
For enhancements, put in what information needs to be added and why.
• Give a clear title for the bug. For example, "Incorrect command example for setup
script options" is better than "Bad example".
We appreciate receiving any feedback — requests for new sections, corrections, improvements,
enhancements, even new ways of delivering the documentation or new styles of docs. You are
welcome to contact Red Hat Content Services directly at mailto:docs@redhat.com.
6. Documentation History
Revision 8.1.5 January 11, 2010 Ella Deon Lackey
Expanding description of shadowExpire attribute, per Bugzilla #537262.
Page 19
Documentation History
xix
Revision 8.1.4 September 17, 2009 Ella Deon Lackey
Completing tech review from Noriko, adding new object classes (and some required attributes) for
the standard object class reference. From Bugzilla #236147.
Revision 8.1.3 September 11, 2009 Ella Deon Lackey
Fixing instance-specific directory location.
Revision 8.1.2 September 9, 2009 Ella Deon Lackey
Removing any references to the Directory Server Gateway or Org Chart.
Revision 8.1.1 September 5, 2009 Ella Deon Lackey
Adding the HPUX schema file directory to the default schema file overview section, per Bugzilla
#521140.
Revision 8.1.0 April 28, 2009 Ella Deon Lackey dlackey@redhat.com
Initial draft for version 8.1.
Page 20
xx
Page 21
Chapter 1.
1
About Directory Server Schema
This chapter provides an overview of some of the basic concepts of the directory schema and lists the
files in which the schema is described. It describes object classes, attributes, and object identifiers
(OIDs) and briefly discusses extending server schema and schema checking.
1.1. Schema Definitions
The directory schema is a set of rules that defines how data can be stored in the directory. Directory
information is stored discrete entries, and each entry is comprised of a set of attributes and their
values. The kind of identity being described in the entry is defined in the entry's object classes. An
object class specifies the kind of object the entry describes through the defined set of attributes for the
object class.
Basically, the schema files are lists of the kinds of entries that can be create (the object classes) and
the ways that those entries can be described (the attributes). The schema defines what the object
classes and attributes are. The schema also defines the format that the attribute values contain (the
attribute's syntax) and whether there can only be a single instance of that attribute.
Additional schema files can be added to the Directory Server configuration and loaded in the server,
so the schema is customizable and can be extended as desired.
For more detailed information about object classes, attributes, and how the Directory Server uses the
schema, see the Deployment Guide.
CAUTION
The Directory Server fails to start if the schema definitions contain too few or too many
characters. Use exactly one space in those places where the LDAP standards allow the
use of zero or many spaces; for example, the place between the NAME keyword and the
name of an attribute type.
1.1.1. Object Classes
In LDAP, an object class defines the set of attributes that can be used to define an entry. The LDAP
standard provides object classes for many common types of entries, such as people (person and
inetOrgPerson), groups (groupOfUniqueNames), locations (locality), organizations and
divisions (organization and organizationalUnit), and equipment (device).
In a schema file, an object class is identified by the objectclasses line, then followed by its OID,
name, a description, its direct superior object class (an object class which is required to be used in
conjunction with the object class and which shares its attributes with this object class), and the list of
required (MUST) and allowed (MAY) attributes.
This is shown in Example 1.1, “person Object Class Schema Entry”.
objectClasses: ( 2.5.6.6 NAME 'person' DESC 'Standard LDAP objectclass' SUP top MUST ( sn $
cn ) MAY ( description $ seeAlso $ telephoneNumber $ userPassword ) X-ORIGIN 'RFC 2256' )
Example 1.1. person Object Class Schema Entry
Page 22
Chapter 1. About Directory Server Schema
2
1.1.1.1. Required and Allowed Attributes
Every object class defines a number of required attributes and of allowed attributes. Required
attributes must be present in entries using the specified object class, while allowed attributes are
permissible and available for the entry to use, but are not required for the entry to be valid.
As in Example 1.1, “person Object Class Schema Entry”, the person object class requires the cn,
sn, and objectClass attributes and allows the description, seeAlso, telephoneNumber, and
userPassword attributes.
NOTE
All entries require the objectClass attribute, which lists the object classes assigned to
the entry.
1.1.1.2. Object Class Inheritance
An entry can have more than one object class. For example, the entry for a person is defined
by the person object class, but the same person may also be described by attributes in the
inetOrgPerson and organizationalPerson object classes.
Additionally, object classes can be hierarchical. An object class can inherit attributes from another
class, in addition to its own required and allowed attributes. The second object class is the superior
object class of the first.
The server's object class structure determines the list of required and allowed attributes for a particular
entry. For example, a user's entry has to have the inetOrgPerson object class. In that case, the
entry must also include the superior object class for inetOrgPerson, organizationalPerson,
and the superior object class for organizationalPerson, which is person:
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
When the inetOrgPerson object class is assigned to an entry, the entry automatically inherits the
required and allowed attributes from the superior object classes.
1.1.2. Attributes
Directory entries are composed of attributes and their values. These pairs are called attribute-value
assertions or AVAs. Any piece of information in the directory is associated with a descriptive attribute.
For instance, the cn attribute is used to store a person's full name, such as cn: John Smith.
Additional attributes can supply additional information about John Smith:
givenname: John
surname: Smith
mail: jsmith@example.com
In a schema file, an attribute is identified by the attributetypes line, then followed by its OID,
name, a description, syntax (allowed format for its value), optionally whether the attribute is single- or
multi-valued, and where the attribute is defined.
Page 23
Attributes
3
This is shown in Example 1.2, “description Attribute Schema Entry”.
attributetypes: ( 2.5.4.13 NAME 'description' DESC 'Standard LDAP attribute type' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' )
Example 1.2. description Attribute Schema Entry
Some attributes can be abbreviated. These abbreviations are listed as part of the attribute definition:
attributetypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) ...
1.1.2.1. Attribute Syntax
The attribute's syntax defines the format of the values which the attribute allows; as with other schema
elements, the syntax is defined for an attribute using the syntax's OID, as listed in Table 1.1, “LDAP
Attribute Syntax”.
The Directory Server uses the attribute's syntax to perform sorting and pattern matching on entries.
Syntax Method OID Definition
Binary 1.3.6.1.4.1.1466.115.121.1.5 Indicates that values for this
attribute are binary.
Boolean 1.3.6.1.4.1.1466.115.121.1.7 Indicates that this attribute has
one of only two values, true or
false.
Country String 1.3.6.1.4.1.1466.115.121.1.11 Indicates that values for this
attribute are limited to exactly
two printable string characters;
for example, US for the United
States.
DN 1.3.6.1.4.1.1466.115.121.1.12 Indicates that values for this
attribute are DNs.
DirectoryString 1.3.6.1.4.1.1466.115.121.1.15 Indicates that values for this
attribute are case-insensitive
strings.
GeneralizedTime 1.3.6.1.4.1.1466.115.121.1.24 Indicates that values for this
attribute are encoded as
printable strings. The time zone
must be specified. It is strongly
recommended to use GMT
time.
IA5String 1.3.6.1.4.1.1466.115.121.1.26 Indicates that values for this
attribute are case-exact strings.
Integer 1.3.6.1.4.1.1466.115.121.1.27 Indicates that valid values for
this attribute are numbers.
OctetString 1.3.6.1.4.1.1466.115.121.1.40 Indicates that values for this
attribute are binary; this is
the same as using the binary
syntax.
Page 24
Chapter 1. About Directory Server Schema
4
Syntax Method OID Definition
Postal Address 1.3.6.1.4.1.1466.115.121.1.41 Indicates that values for this
attribute are encoded in the
format postal-address =
dstring* ("$" dstring). For
example:
1234 Main St.$Raleigh, NC
12345$USA
Each dstring component is
encoded as a DirectoryString
value. Backslashes and dollar
characters, if they occur, are
quoted, so that they will not
be mistaken for line delimiters.
Many servers limit the postal
address to 6 lines of up to thirty
characters.
TelephoneNumber 1.3.6.1.4.1.1466.115.121.1.50 Indicates that values for this
attribute are in the form of
telephone numbers. It is
recommended to use telephone
numbers in international form.
URI Indicates that the values for
this attribute are in the form
of a URL, introduced by a
string such as http://,
https://, ftp://, ldap://,
and ldaps://. The URI
has the same behavior as
IA5String. See RFC 2396
for more information on this
syntax.
Table 1.1. LDAP Attribute Syntax
1.1.2.2. Single- and Multi-Valued Attributes
By default, most attributes are multi-valued. This means that an entry can contain the same attribute
multiple times, with different values. For example:
dn: uid=jsmith, ou=marketing, ou=people, dc=example, dc=com
ou: marketing
ou: people
The cn, tel, and objectclass attributes, for example, all can have more than one value. Attributes
that are single-valued — that is, only one instance of the attribute can be specified — are specified
in the schema as only allowing a single value. For example, uidNumber can only have one possible
value, so its schema entry has the term SINGLE-VALUE. If the attribute is multi-valued, there is no
value expression.
Page 25
Default Directory Server Schema Files
5
1.2. Default Directory Server Schema Files
Template schema definitions for Directory Server are stored in the /etc/dirsrv/schema
directory. These default schema files are used to generate the schema files for new Directory Server
instances. Each server instance has its own instance-specific schema directory in /etc/dirsrv/
slapd-instance_name/schema (/etc/opt/dirsrv/slapd-instance_name/schema on HPUX). The schema files in the instance directory are used only by that instance.
To modify the directory schema, create new attributes and new object classes in the instance-specific
schema directory. Because the default schema is used for creating new instances and each individual
instance has its own schema files, it is possible to have slightly different schema for each instance,
matching the use of each instance.
Any custom attributes added using the Directory Server Console or LDAP commands are stored
in the 99user.ldif file; other custom schema files can be added to the /etc/dirsrv/
slapd-instance_name/schema directory for each instance. Do not make any modifications with
the standard files that come with Red Hat Directory Server.
For more information about how the Directory Server stores information and suggestions for planning
directory schema, see the Deployment Guide.
Schema File Purpose
00core.ldif Recommended core schema from the X.500 and
LDAP standards (RFCs). This schema is used
by the Directory Server itself for the instance
configuration and to start the server instance.
01common.ldif Standard-related schema from RFC 2256,
LDAPv3, and standard schema defined by
Directory Server which is used to configure
entries.
05rfc2247.ldif Schema from RFC 2247 and related pilot
schema, defined in "Using Domains in LDAP/
X.500 Distinguished Names."
05rfc2927.ldif Schema from RFC 2927, "MIME Directory Profile
for LDAP Schema."
10rfc2307.ldif Schema from RFC 2307, "An Approach for Using
LDAP as a Network Information Service."
10presence.ldif Schema for presence information; the file lists
the default object classes with the allowed
attributes that must be added to a user's entry in
order for instant-messaging presence information
to be available for that user.
20subscriber.ldif Common schema element for Directory Server-
Nortel subscriber interoperability.
25java-object.ldif Schema from RFC 2713, "Schema for
Representing Java Objects in an LDAP
Directory."
28pilot.ldif Schema from the pilot RFCs, especially RFC
1274, that are no longer recommended for use in
new deployments.
Page 26
Chapter 1. About Directory Server Schema
6
Schema File Purpose
30ns-common.ldif Common schema.
50ns-admin.ldif Schemas used by the Administration Server.
50ns-certificate.ldif Schemas used by Red Hat Certificate System.
50ns-directory.ldif Schema used by legacy Directory Server 4.x
servers.
50ns-mail.ldif Schema for mail servers.
50ns-value.ldif Schema for value items in Directory Server.
50ns-web.ldif Schema for web servers.
60autofs.ldif Object classes for automount configuration;
this is one of several schema files used for NIS
servers.
60eduperson.ldif Schema elements for education-related people
and organization entries.
60mozilla.ldif Schema elements for Mozilla-related user
profiles.
60nss-ldap.ldif Schema elements for GSS-API service names.
60pam-plugin.ldif Schema elements for integrating directory
services with PAM modules.
60pureftpd.ldif Schema elements for defining FTP user
accounts.
60rfc2739.ldif Schema elements for calendars and vCard
properties.
60rfc3712.ldif Schema elements for configuring printers.
60sabayon.ldif Schema elements for defining sabayon user
entries.
60sudo.ldif Schema elements for defining sudo users and
roles.
60trust.ldif Schema elements for defining trust relationships
for NSS or PAM.
99user.ldif Custom schema elements added through the
Directory Server Console.
Table 1.2. Schema Files
1.3. Object Identifiers (OIDs)
All schema elements have object identifiers (OIDs) assigned to them, including attributes and object
classes. An OID is a sequence of integers, usually written as a dot-separated string. All custom
attributes and classes must conform to the X.500 and LDAP standards.
CAUTION
If an OID is not specified for a schema element, Directory Server automatically uses
ObjectClass_name-oid and attribute_name-oid. However, using text OIDs instead
Page 27
Extending the Schema
7
of numeric OIDs can lead to problems with clients, server interoperability, and server
behavior, assigning a numeric OID is strongly recommended.
OIDs can be built on. The base OID is a root number which is used for every schema element for an
organization, and then schema elements can be incremented from there. For example, a base OID
could be 1. The company then uses 1.1 for attributes, so every new attribute has an OID of 1.1.x. It
uses 1.2 for object classes, so every new object class has an OID of 1.2.x.
For Directory Server-defined schema elements, the base OIDs are as follows:
• The Netscape base OID is 2.16.840.1.113730.
• The Directory Server base OID is 2.16.840.1.113730.3.
• All Netscape-defined attributes have the base OID 2.16.840.1.113370.3.1.
• All Netscape-defined object classes have the base OID 2.16.840.1.113730.3.2.
For more information about OIDs or to request a prefix, go to the Internet Assigned Number Authority
(IANA) website at http://www.iana.org/.
1.4. Extending the Schema
The Directory Server schema includes hundreds of object classes and attributes that can be used
to meet most of directory requirements. This schema can be extended with new object classes and
attributes that meet evolving requirements for the directory service in the enterprise by creating
custom schema files.
When adding new attributes to the schema, a new object class should be created to contain them.
Adding a new attribute to an existing object class can compromise the Directory Server's compatibility
with existing LDAP clients that rely on the standard LDAP schema and may cause difficulties when
upgrading the server.
For more information about extending server schema, see the Deployment Guide.
1.5. Schema Checking
Schema checking means that the Directory Server checks every entry when it is created, modified,
or in a database imported using LDIF to make sure that it complies with the schema definitions in the
schema files. Schema checking verifies three things:
• Object classes and attributes used in the entry are defined in the directory schema.
• Attributes required for an object class are contained in the entry.
• Only attributes allowed by the object class are contained in the entry.
You should run Directory Server with schema checking turned on. For information on enabling schema
checking, see the Administrator's Guide.
Page 28
8
Page 29
Chapter 2.
9
Directory Server Attribute Reference
This chapter contains reference information about Red Hat Directory Server (Directory Server)
attributes. The attributes are listed in alphabetical order with their definition, syntax, and OID.
This chapter contains information about attributes that describe directory entries, like users, groups,
and equipment. This intent — describing directory data — also covers some schema elements that are
used to organize data in the directory, like views and roles.
However, this attribute reference does not cover core schema used to configure the Directory Server
itself. The directory service is also configured as directory entries within the cn=config subtree. For
descriptions of those configuration attributes, see the Configuration, Command, and File Reference.
2.1. abstract
The abstract attribute contains an abstract for a document entry.
OID 0.9.2342.19200300.102.1.9
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Internet White Pages Pilot
2.2. accessTo
This attribute defines what specific hosts or servers a user is allowed to access.
OID 5.3.6.1.1.1.1.1
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in nss_ldap/pam_ldap
2.3. administratorContactInfo
This attribute contains the contact information for the LDAP or server administrator.
OID 2.16.840.1.113730.3.1.74
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.4. adminRole
This attribute contains the role assigned to the user identified in the entry.
OID 2.16.840.1.113730.3.1.601
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Page 30
Chapter 2. Directory Server Attribute Reference
10
Defined in Netscape Administration Services
2.5. adminUrl
This attribute contains the URL of the Administration Server.
OID 2.16.840.1.113730.3.1.75
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.6. aliasedObjectName
The aliasedObjectName attribute is used by the Directory Server to identify alias entries. This
attribute contains the DN (distinguished name) for the entry for which this entry is the alias. For
example:
aliasedObjectName: uid=jdoe,ou=people,dc=example,dc=com
OID 2.5.4.1
Syntax DN
Multi- or Single-Valued Single-valued
Defined in RFC 2256
1
2.7. associatedDomain
The associatedDomain attribute contains the DNS domain associated with the entry in the directory
tree. For example, the entry with the distinguished name c=US, o=Example Corporation has the
associated domain of EC.US. These domains should be represented in RFC 822 order.
associatedDomain:US
OID 0.9.2342.19200300.100.1.37
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
2
2.8. associatedName
The associatedName identifies an organizational directory tree entry associated with a DNS domain.
For example:
associatedName: c=us
OID 0.9.2342.19200300.100.1.38
Syntax DN
Page 31
attributetypes
11
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
3
2.9. attributetypes
This attribute is used in a schema file to identify an attribute defined within the subschema.
OID 2.5.21.5
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2252
4
2.10. audio
The audio attribute contains a sound file using a binary format. This attribute uses a u-law encoded
sound data. For example:
audio:: AAAAAA==
OID 0.9.2342.19200300.100.1.55
Syntax Binary
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
5
2.11. authorCn
The authorCn attribute contains the common name of the document's author. For example:
authorCn: John Smith
OID 0.9.2342.19200300.102.1.11
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Internet White Pages Pilot
2.12. authorityRevocationList
The authorityRevocationList attribute contains a list of revoked CA certificates. This attribute
should be requested and stored in a binary format, like authorityRevocationList;binary. For
example:
authorityRevocationList;binary:: AAAAAA==
OID 2.5.4.38
Syntax Binary
Page 32
Chapter 2. Directory Server Attribute Reference
12
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
6
2.13. authorSn
The authorSn attribute contains the last name or family name of the author of a document entry. For
example:
authorSn: Smith
OID 0.9.2342.19200300.102.1.12
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Internet White Pages Pilot
2.14. automountInformation
This attribute contains information used by the autofs automounter.
NOTE
The automountInformation attribute is defined in 60autofs.ldif in the Directory
Server. To use the updated RFC 2307 schema, remove the 60autofs.ldif file and
copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to
the /etc/dirsrv/slapd-instance_name/schema directory.
OID 1.3.6.1.1.1.1.33
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in RFC 2307
7
2.15. bootFile
This attribute contains the boot image file name.
NOTE
The bootFile attribute is defined in 10rfc2307.ldif in the Directory Server. To
use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the
10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/
dirsrv/slapd-instance_name/schema directory.
OID 1.3.6.1.1.1.1.24
Syntax IA5String
Multi- or Single-Valued Multi-valued
Page 33
bootParameter
13
Defined in RFC 2307
8
2.16. bootParameter
This attribute contains the value for rpc.bootparamd.
NOTE
The bootParameter attribute is defined in 10rfc2307.ldif in the Directory Server.
To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the
10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/
dirsrv/slapd-instance_name/schema directory.
OID 1.3.6.1.1.1.1.23
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in RFC 2307
9
2.17. buildingName
The buildingName attribute contains the building name associated with the entry. For example:
buildingName: 14
OID 0.9.2342.19200300.100.1.48
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
10
2.18. businessCategory
The businessCategory attribute identifies the type of business in which the entry is engaged. The
attribute value should be a broad generalization, such as a corporate division level. For example:
businessCategory: Engineering
OID 2.5.4.15
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
11
2.19. c (countryName)
The countryName, or c, attribute contains the two-character country code to represent the country
names. The country codes are defined by the ISO. For example:
Page 34
Chapter 2. Directory Server Attribute Reference
14
countryName: GB
c: US
OID 2.5.4.6
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in RFC 2256
12
2.20. cACertificate
The cACertificate attribute contains a CA certificate. The attribute should be requested and stored
binary format, such as cACertificate;binary. For example:
cACertificate;binary:: AAAAAA==
OID 2.5.4.37
Syntax Binary
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
13
2.21. carLicense
The carLicense attribute contains an entry's automobile license plate number. For example:
carLicense: 6ABC246
OID 2.16.840.1.113730.3.1.1
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2798
14
2.22. certificateRevocationList
The certificateRevocationList attribute contains a list of revoked user
certificates. The attribute value is to be requested and stored in binary form, as
certificateACertificate;binary. For example:
certificateRevocationList;binary:: AAAAAA==
OID 2.5.4.39
Syntax Binary
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
15
Page 35
cn (commonName)
15
2.23. cn (commonName)
The commonName attribute contains the name of an entry. For user entries, the cn attribute is typically
the person's full name. For example:
commonName: John Smith
cn: Bill Anderson
With the LDAPReplica or LDAPServerobject object classes, the cn attribute value has the
following format:
cn: replicater.example.com:17430/dc%3Dexample%2Cdc%3com
OID 2.5.4.3
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
16
2.24. co (friendlyCountryName)
The friendlyCountryName attribute contains a country name; this can be any string. Often, the
country is used with the ISO-designated two-letter country code, while the co attribute contains a
readable country name. For example:
friendlyCountryName: Ireland
co: Ireland
OID 0.9.2342.19200300.100.1.43
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
17
2.25. cosAttribute
The cosAttribute contains the name of the attribute for which to generate a value for the CoS.
There can be more than one cosAttribute value specified. This attribute is used by all types of
CoS definition entries.
OID 2.16.840.1.113730.3.1.550
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Directory Server
2.26. cosIndirectSpecifier
The cosIndirectSpecifier specifies the attribute values used by an indirect CoS to identify the
template entry.
Page 36
Chapter 2. Directory Server Attribute Reference
16
OID 2.16.840.1.113730.3.1.577
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Directory Server
2.27. cosPriority
The cosPriority attribute specifies which template provides the attribute value when CoS
templates compete to provide an attribute value. This attribute represents the global priority of a
template. A priority of zero is the highest priority.
OID 2.16.840.1.113730.3.1.569
Syntax Integer
Multi- or Single-Valued Single-valued
Defined in Directory Server
2.28. cosSpecifier
The cosSpecifier attribute contains the attribute value used by a classic CoS, which, along with the
template entry's DN, identifies the template entry.
OID 2.16.840.1.113730.3.1.551
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Directory Server
2.29. cosTargetTree
The cosTargetTree attribute defines the subtrees to which the CoS schema applies. The values for
this attribute for the schema and for multiple CoS schema may overlap their target trees arbitrarily.
OID 2.16.840.1.113730.3.1.552
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Directory Server
2.30. cosTemplateDn
The cosTemplateDn attribute contains the DN of the template entry which contains a list of the
shared attribute values. Changes to the template entry attribute values are automatically applied to
all the entries within the scope of the CoS. A single CoS might have more than one template entry
associated with it.
OID 2.16.840.1.113730.3.1.553
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Page 37
crossCertificatePair
17
Defined in Directory Server
2.31. crossCertificatePair
The value for the crossCertificatePair attribute must be requested and stored in binary format,
such as certificateCertificatePair;binary. For example:
crossCertificatePair;binary:: AAAAAA==
OID 2.5.4.40
Syntax Binary
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
18
2.32. dc (domainComponent)
The dc attribute contains one component of a domain name. For example:
dc: example
domainComponent: example
OID 0.9.2342.19200300.100.1.25
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in RFC 2247
19
2.33. deltaRevocationList
The deltaRevocationList attribute contains a certificate revocation list (CRL). The attribute value
is requested and stored in binary format, such as deltaRevocationList;binary.
OID 2.5.4.53
Syntax Binary
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
20
2.34. departmentNumber
The departmentNumber attribute contains an entry's department number. For example:
departmentNumber: 2604
OID 2.16.840.1.113730.3.1.2
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Page 38
Chapter 2. Directory Server Attribute Reference
18
Defined in RFC 2798
21
2.35. description
The description attribute provides a human-readable description for an entry. For person or
organization object classes, this can be used for the entry's role or work assignment. For example:
description: Quality control inspector for the ME2873 product line.
OID 2.5.4.13
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
22
2.36. destinationIndicator
The destinationIndicator attribute contains the city and country associated with the entry. This
attribute was once required to provide public telegram service and is generally used in conjunction
with the registeredAddress attribute. For example:
destinationIndicator: Stow, Ohio, USA
OID 2.5.4.27
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
23
2.37. displayName
The displayName attributes contains the preferred name of a person to use when displaying that
person's entry. This is especially useful for showing the preferred name for an entry in a one-line
summary list. Since other attribute types, such as cn, are multi-valued, they can not be used to display
a preferred name. For example:
displayName: John Smith
OID 2.16.840.1.113730.3.1.241
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in RFC 2798
24
2.38. dITRedirect
The dITRedirect attribute indicates that the object described by one entry now has a newer entry
in the directory tree. This attribute may be used when an individual's place of work changes, and the
individual acquires a new organizational DN.
Page 39
dmdName
19
dITRedirect: cn=jsmith, dc=example,dc=com
OID 0.9.2342.19200300.100.1.54
Syntax DN
Defined in RFC 1274
25
2.39. dmdName
The dmdName attribute value specifies a directory management domain (DMD), the administrative
authority that operates the Directory Server.
OID 2.5.4.54
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in RFC 2256
26
2.40. dn (distinguishedName)
The dn attribute contains an entry's distinguished name. For example:
dn: uid=Barbara Jensen,ou=Quality Control,dc=example,dc=com
OID 2.5.4.49
Syntax DN
Defined in RFC 2256
27
2.41. dNSRecord
The dNSRecord attribute contains DNS resource records, including type A (Address), type MX (Mail
Exchange), type NS (Name Server), and type SOA (Start of Authority) resource records. For example:
dNSRecord: IN NS ns.uu.net
OID 0.9.2342.19200300.100.1.26
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in Internet Directory Pilot
2.42. documentAuthor
The documentAuthor attribute contains the DN of the author of a document entry. For example:
documentAuthor: uid=Barbara Jensen,ou=People,dc=example,dc=com
OID 0.9.2342.19200300.100.1.14
Page 40
Chapter 2. Directory Server Attribute Reference
20
Syntax DN
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
28
2.43. documentIdentifier
The documentIdentifier attribute contains a unique identifier for a document. For example:
documentIdentifier: L3204REV1
OID 0.9.2342.19200300.100.1.11
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
29
2.44. documentLocation
The documentLocation attribute contains the location of the original version of a document. For
example:
documentLocation: Department Library
OID 0.9.2342.19200300.100.1.15
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
30
2.45. documentPublisher
The documentPublisher attribute contains the person or organization who published a document.
For example:
documentPublisher: Southeastern Publishing
OID 0.9.2342.19200300.100.1.56
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in RFC 1274
31
2.46. documentStore
The documentStore attribute contains information on where the document is stored.
OID 0.9.2342.19200300.102.1.10
Syntax DirectoryString
Page 41
documentTitle
21
Multi- or Single-Valued Multi-valued
Defined in Internet White Pages Pilot
2.47. documentTitle
The documentTitle attribute contains a document's title. For example:
documentTitle: Red Hat Directory Server Administrator Guide
OID 0.9.2342.19200300.100.1.12
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
32
2.48. documentVersion
The documentVersion attribute contains the current version number for the document. For example:
documentVersion: 1.1
OID 0.9.2342.19200300.100.1.13
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
33
2.49. drink (favouriteDrink)
The favouriteDrink attribute contains a person's favorite beverage. This can be shortened to
drink. For example:
favouriteDrink: iced tea
drink: cranberry juice
OID 0.9.2342.19200300.100.1.5
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
34
2.50. dSAQuality
The dSAQuality attribute contains the rating of the directory system agents' (DSA) quality. This
attribute allows a DSA manager to indicate the expected level of availability of the DSA. For example:
dSAQuality: high
OID 0.9.2342.19200300.100.1.49
Page 42
Chapter 2. Directory Server Attribute Reference
22
Syntax Directory-String
Multi- or Single-Valued Single-valued
Defined in RFC 1274
35
2.51. employeeNumber
The employeeNumber attribute contains the employee number for the person. For example:
employeeNumber: 3441
OID 2.16.840.1.113730.3.1.3
Syntax Directory-String
Multi- or Single-Valued Single-valued
Defined in RFC 2798
36
2.52. employeeType
The employeeType attribute contains the employment type for the person. For example:
employeeType: Full time
OID 2.16.840.1.113730.3.1.4
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2798
37
2.53. enhancedSearchGuide
The enhancedSearchGuide attribute contains information used by an X.500 client to construct
search filters. For example:
enhancedSearchGuide: (uid=bjensen)
OID 2.5.4.47
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2798
38
2.54. fax (facsimileTelephoneNumber)
The facsimileTelephoneNumber attribute contains the entry's facsimile number; this attribute can
be abbreviated as fax. For example:
facsimileTelephoneNumber: +1 415 555 1212
fax: +1 415 555 1212
Page 43
gecos
23
OID 2.5.4.23
Syntax TelephoneNumber
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
39
2.55. gecos
The gecos attribute is used to determine the GECOS field for the user. This is comparable to the
cn attribute, although using a gecos attribute allows additional information to be embedded in the
GECOS field aside from the common name. This field is also useful if the common name stored in the
directory is not the user's full name.
gecos: John Smith
NOTE
The gecos attribute is defined in 10rfc2307.ldif in the Directory Server. To use
the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the
10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/
dirsrv/slapd-instance_name/schema directory.
OID 1.3.6.1.1.1.1.2
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in RFC 2307
40
2.56. generationQualifier
The generationQualifier attribute contains the generation qualifier for a person's name, which is
usually appended as a suffix to the name. For example:
generationQualifier:III
OID 2.5.4.44
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
41
2.57. gidNumber
The gidNumber attribute contains a unique numeric identifier for a group entry or to identify the group
for a user entry. This is analogous to the group number in Unix.
gidNumber: 100
Page 44
Chapter 2. Directory Server Attribute Reference
24
NOTE
The gidNumber attribute is defined in 10rfc2307.ldif in the Directory Server. To
use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the
10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/
dirsrv/slapd-instance_name/schema directory.
OID 1.3.6.1.1.1.1.1
Syntax Integer
Multi- or Single-Valued Single-valued
Defined in RFC 2307
42
2.58. givenname
The givenname attribute contains an entry's given name, which is usually the first name. For
example:
givenname: Rachel
OID 2.5.4.42
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
43
2.59. homeDirectory
The homeDirectory attribute contains the path to the user's home directory.
homeDirectory: /home/jsmith
NOTE
The homeDirectory attribute is defined in 10rfc2307.ldif in the Directory Server.
To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the
10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/
dirsrv/slapd-instance_name/schema directory.
OID 1.3.6.1.1.1.1.3
Syntax IA5String
Multi- or Single-Valued Single-valued
Defined in RFC 2307
44
2.60. homePhone
The homePhone attribute contains the entry's residential phone number. For example:
Page 45
homePostalAddress
25
homePhone: 415-555-1234
NOTE
Although RFC 1274 defines both homeTelephoneNumber and homePhone as names for
the residential phone number attribute, Directory Server only implements the homePhone
name.
OID 0.9.2342.19200300.100.1.20
Syntax TelephoneNumber
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
45
2.61. homePostalAddress
The homePostalAddress attribute contains an entry's home mailing address. Since this attribute
generally spans multiple lines, each line break has to be represented by a dollar sign ($). To represent
an actual dollar sign ($) or backslash (\) in the attribute value, use the escaped hex values \24 and
\5c, respectively. For example:
homePostalAddress: 1234 Ridgeway Drive$Santa Clara, CA$99555
To represent the following string:
The dollar ($) value can be found
in the c:\cost file.
The entry value is:
The dollar (\24) value can be found$in the c:\c5cost file.
OID 0.9.2342.19200300.100.1.39
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
46
2.62. host
The host contains the hostname of a computer. For example:
host: labcontroller01
OID 0.9.2342.19200300.100.1.9
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
47
Page 46
Chapter 2. Directory Server Attribute Reference
26
2.63. houseIdentifier
The houseIdentifier contains an identifier for a specific building at a location. For example:
houseIdentifier: B105
OID 2.5.4.51
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
48
2.64. inetDomainBaseDN
This attribute identifies the base DN of user subtree for a DNS domain.
OID 2.16.840.1.113730.3.1.690
Syntax DN
Multi- or Single-Valued Single-valued
Defined in Subscriber interoperability
2.65. inetDomainStatus
This attribute shows the current status of the domain. A domain has a status of active, inactive,
or deleted.
OID 2.16.840.1.113730.3.1.691
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Subscriber interoperability
2.66. inetSubscriberAccountId
This attribute contains the a unique attribute used to link the user entry for the subscriber to a billing
system.
OID 2.16.840.1.113730.3.1.694
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Subscriber interoperability
2.67. inetSubscriberChallenge
The inetSubscriberChallenge attribute contains some kind of question or prompt, the challenge
phrase, which is used to confirm the identity of the user in the subscriberIdentity attribute. This
attribute is used in conjunction with the inetSubscriberResponse attribute, which contains the
response to the challenge.
Page 47
inetSubscriberResponse
27
OID 2.16.840.1.113730.3.1.695
Syntax IA5String
Multi- or Single-Valued Single-valued
Defined in Subscriber interoperability
2.68. inetSubscriberResponse
The inetSubscriberResponse attribute contains the answer to the challenge question in the
inetSubscriberChallenge attribute to verify the user in the subscriberIdentity attribute.
OID 2.16.840.1.113730.3.1.696
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in Subscriber interoperability
2.69. inetUserHttpURL
This attribute contains the web addresses associated with the user.
OID 2.16.840.1.113730.3.1.693
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in Subscriber interoperability
2.70. inetUserStatus
This attribute shows the current status of the user (subscriber). A user has a status of active,
inactive, or deleted.
OID 2.16.840.1.113730.3.1.692
Syntax DirectoryString
Multi- or Single-Valued Single-Valued
Defined in Subscriber interoperability
2.71. info
The info attribute contains any general information about an object. Avoid using this attribute for
specific information and rely instead on specific, possibly custom, attribute types. For example:
info: not valid
OID 0.9.2342.19200300.100.1.4
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
49
Page 48
Chapter 2. Directory Server Attribute Reference
28
2.72. initials
The initials contains a person's initials; this does not contain the entry's surname. For example:
initials: BAJ
Directory Server and Active Directory handle the initials attribute differently. The Directory Server
allows a practically unlimited number of characters, while Active Directory has a restriction of six
characters. If an entry is synced with a Windows peer and the value of the initials attribute is
longer than six characters, then the value is automatically truncated to six characters when it is
synchronized. There is no information written to the error log to indicate that synchronization changed
the attribute value, either.
OID 2.5.4.43
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
50
2.73. installationTimeStamp
This contains the time that the server instance was installed.
OID 2.16.840.1.113730.3.1.73
Syntax DirectoryString
Multi- or Single-Valued Multi-Valued
Defined in Netscape Administration Services
2.74. internationalISDNNumber
The internationalISDNNumber attribute contains the ISDN number of a document entry. This
attribute uses the internationally recognized format for ISDN addresses given in CCITT Rec. E. 164.
OID 2.5.4.25
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
51
2.75. ipHostNumber
This contains the IP address for a server.
NOTE
The ipHostNumber attribute is defined in 10rfc2307.ldif in the Directory Server.
To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the
10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/
dirsrv/slapd-instance_name/schema directory.
Page 49
ipNetmaskNumber
29
OID 1.3.6.1.1.1.1.19
Syntax DirectoryString
Multi- or Single-Valued Multi-Valued
Defined in RFC 2307
52
2.76. ipNetmaskNumber
This contains the IP netmask for the server.
NOTE
The ipHostNumber attribute is defined in 10rfc2307.ldif in the Directory Server.
To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the
10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/
dirsrv/slapd-instance_name/schema directory.
OID 2.16.840.1.113730.3.1.73
Syntax DirectoryString
Multi- or Single-Valued Multi-Valued
Defined in RFC 2307
53
2.77. ipNetworkNumber
This identifies the IP network.
NOTE
The ipNetworkNumber attribute is defined in 10rfc2307.ldif in the Directory Server.
To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the
10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/
dirsrv/slapd-instance_name/schema directory.
OID 1.3.6.1.1.1.1.20
Syntax DirectoryString
Multi- or Single-Valued Single-Valued
Defined in RFC 2307
54
2.78. ipProtocolNumber
This attribute identifies the IP protocol version number.
NOTE
The ipProtocolNumber attribute is defined in 10rfc2307.ldif in the Directory
Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and
Page 50
Chapter 2. Directory Server Attribute Reference
30
copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to
the /etc/dirsrv/slapd-instance_name/schema directory.
OID 1.3.6.1.1.1.1.17
Syntax Integer
Multi- or Single-Valued Single-Valued
Defined in RFC 2307
55
2.79. ipServicePort
This attribute gives the port used by the IP service.
NOTE
The ipServicePort attribute is defined in 10rfc2307.ldif in the Directory Server.
To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the
10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/
dirsrv/slapd-instance_name/schema directory.
OID 1.3.6.1.1.1.1.15
Syntax Integer
Multi- or Single-Valued Single-Valued
Defined in RFC 2307
56
2.80. ipServiceProtocol
This identifies the protocol used by the IP service.
NOTE
The ipServiceProtocol attribute is defined in 10rfc2307.ldif in the Directory
Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and
copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to
the /etc/dirsrv/slapd-instance_name/schema directory.
OID 1.3.6.1.1.1.1.16
Syntax DirectoryString
Multi- or Single-Valued Multi-Valued
Defined in RFC 2307
57
2.81. janetMailbox
The janetMailbox contains a JANET email address, usually for users located in the United
Kingdom who do not use RFC 822 email address. Entries with this attribute must also contain the
rfc822Mailbox attribute.
Page 51
jpegPhoto
31
OID 0.9.2342.19200300.100.1.46
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
58
2.82. jpegPhoto
The jpegPhoto attribute contains a JPEG photo, a binary value. For example:
jpegPhoto:: AAAAAA==
OID 0.9.2342.19200300.100.1.60
Syntax Binary
Multi- or Single-Valued Multi-valued
Defined in RFC 2798
59
2.83. keyWords
The keyWords attribute contains keywords associated with the entry. For example:
keyWords: directory LDAP X.500
OID 0.9.2342.19200300.102.1.7
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Internet White Pages Pilot
2.84. knowledgeInformation
This attribute is no longer used.
OID 2.5.4.2
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
60
2.85. l (localityName)
The localityName, or l, attribute contains the county, city, or other geographical designation
associated with the entry. For example:
localityName: Santa Clara
l: Santa Clara
OID 2.5.4.7
Page 52
Chapter 2. Directory Server Attribute Reference
32
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
61
2.86. labeledURI
The labeledURI contains a Uniform Resource Identifier (URI) which is related, in some way, to
the entry. Values placed in the attribute should consist of a URI (currently only URLs are supported),
optionally followed by one or more space characters and a label.
labeledURI: http://home.example.com
labeledURI: http://home.example.com Example website
OID 1.3.6.1.4.1.250.1.57
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in RFC 2709
62
2.87. lastModifiedBy
The lastModifiedBy attribute contains the distinguished name (DN) of the user who last edited the
entry. For example:
lastModifiedBy: cn=Barbara Jensen,ou=Engineering,dc=example,dc=com
OID 0.9.2342.19200300.100.1.24
Syntax DN
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
63
2.88. lastModifiedTime
The lastModifiedTime attribute contains the time, in UTC format, an entry was last modified. For
example:
lastModifiedTime: Thursday, 22-Sep-93 14:15:00 GMT
OID 0.9.2342.19200300.100.1.23
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
64
2.89. loginShell
The loginShell attribute contains the path to a script that is launched automatically when a user
logs into the domain.
Page 53
macAddress
33
loginShell: c:\scripts\jsmith.bat
NOTE
The loginShell attribute is defined in 10rfc2307.ldif in the Directory Server. To
use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the
10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/
dirsrv/slapd-instance_name/schema directory.
OID 1.3.6.1.1.1.1.4
Syntax IA5String
Multi- or Single-Valued Single-valued
Defined in RFC 2307
65
2.90. macAddress
This attribute gives the MAC address for a server or piece of equipment.
NOTE
The macAddress attribute is defined in 10rfc2307.ldif in the Directory Server. To
use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the
10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/
dirsrv/slapd-instance_name/schema directory.
OID 1.3.6.1.1.1.1.22
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2307
66
2.91. mail
The mail attribute contains a user's primary email address. This attribute value is retrieved and
displayed by whitepage applications. For example:
mail: jsmith@example.com
OID 0.9.2342.19200300.100.1.3
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in RFC 1274
67
2.92. mailAccessDomain
This attribute lists the domain which a user can use to access the messaging server.
Page 54
Chapter 2. Directory Server Attribute Reference
34
OID 2.16.840.1.113730.3.1.12
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Messaging Server
2.93. mailAlternateAddress
The mailAlternateAddress attribute contains additional email addresses for a user. This attribute
does not reflect the default or primary email address; that email address is set by the mail attribute.
For example:
mailAlternateAddress: jsmith@example.com
mailAlternateAddress: smith1701@alt.com
OID 2.16.840.1.113730.3.1.13
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
68
2.94. mailAutoReplyMode
This attribute sets whether automatic replies are enabled for the messaging server.
OID 2.16.840.1.113730.3.1.14
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Messaging Server
2.95. mailAutoReplyText
This attribute stores the text to used in an auto-reply email.
OID 2.16.840.1.113730.3.1.15
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Messaging Server
2.96. mailDeliveryOption
This attribute defines the mail delivery mechanism to use for the mail user.
OID 2.16.840.1.113730.3.1.16
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Messaging Server
Page 55
mailEnhancedUniqueMember
35
2.97. mailEnhancedUniqueMember
This attribute contains the DN of a unique member of a mail group.
OID 2.16.840.1.113730.3.1.31
Syntax DN
Multi- or Single-Valued Multi-valued
Defined in Netscape Messaging Server
2.98. mailForwardingAddress
This attribute contains an email address to which to forward a user's email.
OID 2.16.840.1.113730.3.1.17
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Messaging Server
2.99. mailHost
The mailHost attribute contains the hostname of a mail server. For example:
mailHost: mail.example.com
OID 2.16.840.1.113730.3.1.18
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Messaging Server
2.100. mailMessageStore
This identifies the location of a user's email box.
OID 2.16.840.1.113730.3.1.19
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in Netscape Messaging Server
2.101. mailPreferenceOption
The mailPreferenceOption defines whether a user should be included on a mailing list, both
electronic and physical. There are three options.
0 Does not appear in mailing lists.
1 Add to any mailing lists.
Page 56
Chapter 2. Directory Server Attribute Reference
36
2 Added only to mailing lists which the provider views as relevant to the user
interest.
If the attribute is absent, then the default is to assume that the user is not included on any mailing list.
This attribute should be interpreted by anyone using the directory to derive mailing lists and its value
respected. For example:
mailPreferenceOption: 0
OID 0.9.2342.19200300.100.1.47
Syntax Integer
Multi- or Single-Valued Single-valued
Defined in RFC 1274
69
2.102. mailProgramDeliveryInfo
This attribute contains any commands to use for programmed mail delivery.
OID 2.16.840.1.113730.3.1.20
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in Netscape Messaging Server
2.103. mailQuota
This attribute sets the amount of disk space allowed for a user's mail box.
OID 2.16.840.1.113730.3.1.21
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Messaging Server
2.104. mailRoutingAddress
This attribute contains the routing address to use when forwarding the emails received by the user to
another messaging server.
OID 2.16.840.1.113730.3.1.24
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Messaging Server
2.105. manager
The manager contains the distinguished name (DN) of the manager for the person. For example:
manager: cn=Bill Andersen, ou=Quality Control, dc=example,dc=com
Page 57
member
37
OID 0.9.2342.19200300.100.1.10
Syntax DN
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
70
2.106. member
The member attribute contains the distinguished names (DNs) of each member of a group. For
example:
member: cn=John Smith, dc=example,dc=com
OID 2.5.4.31
Syntax DN
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
71
2.107. memberCertificateDescription
This attribute is a multi-valued attribute where each value is a description, a pattern, or a filter
matching the subject DN of a certificate, usually a certificate used for SSL client authentication.
memberCertificateDescription matches any certificate that contains a subject DN with the
same attribute-value assertions (AVAs) as the description. The description may contain multiple ou
AVAs. A matching DN must contain those same ou AVAs, in the same order, although it may be
interspersed with other AVAs, including other ou AVAs. For any other attribute type (not ou), there
should be at most one AVA of that type in the description. If there are several, all but the last are
ignored.
A matching DN must contain that same AVA but no other AVA of the same type nearer the root (later,
syntactically).
AVAs are considered the same if they contain the same attribute description (case-insensitive
comparison) and the same attribute value (case-insensitive comparison, leading and trailing
whitespace ignored, and consecutive whitespace characters treated as a single space).
To be considered a member of a group with the following memberCertificateDescription value,
a certificate needs to include ou=x, ou=A, and dc=example, but not dc=company.
memberCertificateDescription: {ou=x, ou=A, dc=company, dc=example}
To match the group's requirements, a certificate's subject DNs must contain the same ou attribute
types in the same order as defined in the memberCertificateDescription attribute.
OID 2.16.840.1.113730.3.1.199
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in Directory Server
Page 58
Chapter 2. Directory Server Attribute Reference
38
2.108. memberNisNetgroup
This attribute merges the attribute values of another netgroup into the current one by listing the name
of the merging netgroup.
NOTE
The memberNisNetgroup attribute is defined in 10rfc2307.ldif in the Directory
Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and
copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to
the /etc/dirsrv/slapd-instance_name/schema directory.
OID 1.3.6.1.1.1.1.13
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in RFC 2307
72
2.109. memberOf
This attribute contains the name of a group to which the user is a member.
memberOf is the default attribute generated by the MemberOf Plug-in on the user entry of a group
member. This attribute is automatically synchronized to the listed member attributes in a group entry,
so that displaying group membership for entries is managed by Directory Server.
NOTE
This attribute is only synchronized between group entries and the corresponding
members' user entries if the MemberOf Plug-in is enabled and is configured to use this
attribute.
OID 1.2.840.113556.1.2.102
Syntax DN
Multi- or Single-Valued Multi-valued
Defined in Netscape Delegated Administrator
2.110. memberUid
The memberUid attribute contains the login name of the member of a group; this can be different than
the DN identified in the member attribute.
memberUid: jsmith
NOTE
The memberUid attribute is defined in 10rfc2307.ldif in the Directory Server. To
use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the
Page 59
memberURL
39
10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/
dirsrv/slapd-instance_name/schema directory.
OID 1.3.6.1.1.1.1.12
Syntax IA5String
Multi- or Single-Valued Single-valued
Defined in RFC 2307
73
2.111. memberURL
This attribute identifies a URL associated with each member of a group. Any type of labeled URL can
be used.
memberURL: ldap://cn=jsmith,ou=people,dc=example,dc=com
OID 2.16.840.1.113730.3.1.198
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in Directory Server
2.112. mgrpAddHeader
This attribute contains information about the header in the messages.
OID 2.16.840.1.113730.3.1.781
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in Netscape Messaging Server
2.113. mgrpAllowedBroadcaster
This attribute sets whether to allow the user to send broadcast messages.
OID 2.16.840.1.113730.3.1.22
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in Netscape Messaging Server
2.114. mgrpAllowedDomain
This attribute sets the domains for the mail group.
OID 2.16.840.1.113730.3.1.23
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Page 60
Chapter 2. Directory Server Attribute Reference
40
Defined in Netscape Messaging Server
2.115. mgrpApprovePassword
This attribute sets whether a user must approve a password used to access their email.
OID mgrpApprovePassword-oid
Syntax IA5String
Multi- or Single-Valued Single-valued
Defined in Netscape Messaging Server
2.116. mgrpBroadcasterPolicy
This attribute defines the policy for broadcasting emails.
OID 2.16.840.1.113730.3.1.788
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Messaging Server
2.117. mgrpDeliverTo
This attribute contains information about the delivery destination for email.
OID 2.16.840.1.113730.3.1.25
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in Netscape Messaging Server
2.118. mgrpErrorsTo
This attribute contains information about where to deliver error messages for the messaging server.
OID 2.16.840.1.113730.3.1.26
Syntax IA5String
Multi- or Single-Valued Single-valued
Defined in Netscape Messaging Server
2.119. mgrpModerator
This attribute contains the contact name for the mailing list moderator.
OID 2.16.840.1.113730.3.1.33
Syntax IA5String
Multi- or Single-Valued Multi-valued
Page 61
mgrpMsgMaxSize
41
Defined in Netscape Messaging Server
2.120. mgrpMsgMaxSize
This attribute sets the maximum size allowed for email messages.
OID 2.16.840.1.113730.3.1.32
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Netscape Messaging Server
2.121. mgrpMsgRejectAction
This attribute defines what actions the messaging server should take for rejected messages.
OID 2.16.840.1.113730.3.1.28
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Messaging Server
2.122. mgrpMsgRejectText
This attribute sets the text to use for rejection notifications.
OID 2.16.840.1.113730.3.1.29
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in Netscape Messaging Server
2.123. mgrpNoDuplicateChecks
This attribute defines whether the messaging server checks for duplicate emails.
OID 2.16.840.1.113730.3.1.789
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Netscape Messaging Server
2.124. mgrpRemoveHeader
This attribute sets whether the header is removed in reply messages.
OID 2.16.840.1.113730.3.1.801
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Messaging Server
Page 62
Chapter 2. Directory Server Attribute Reference
42
2.125. mgrpRFC822MailMember
This attribute identifies the member of a mail group.
OID 2.16.840.1.113730.3.1.30
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Messaging Server
2.126. mobile
The mobile, or mobileTelephoneNumber, contains the entry's mobile or cellular phone number.
For example:
mobileTelephoneNumber: 415-555-4321
OID 0.9.2342.19200300.100.1.41
Syntax TelephoneNumber
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
74
2.127. mozillaCustom1
This attribute is used by Mozilla Thunderbird to manage a shared address book.
OID 1.3.6.1.4.1.13769.4.1
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Mozilla Address Book
2.128. mozillaCustom2
This attribute is used by Mozilla Thunderbird to manage a shared address book.
OID 1.3.6.1.4.1.13769.4.2
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Mozilla Address Book
2.129. mozillaCustom3
This attribute is used by Mozilla Thunderbird to manage a shared address book.
OID 1.3.6.1.4.1.13769.4.3
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Page 63
mozillaCustom4
43
Defined in Mozilla Address Book
2.130. mozillaCustom4
This attribute is used by Mozilla Thunderbird to manage a shared address book.
OID 1.3.6.1.4.1.13769.4.4
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Mozilla Address Book
2.131. mozillaHomeCountryName
This attribute sets the country used by Mozilla Thunderbird in a shared address book.
OID 1.3.6.1.4.1.13769.3.6
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Mozilla Address Book
2.132. mozillaHomeLocalityName
This attribute sets the city used by Mozilla Thunderbird in a shared address book.
OID 1.3.6.1.4.1.13769.3.3
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Mozilla Address Book
2.133. mozillaHomePostalCode
This attribute sets the postal code used by Mozilla Thunderbird in a shared address book.
OID 1.3.6.1.4.1.13769.3.5
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Mozilla Address Book
2.134. mozillaHomeState
This attribute sets the state or province used by Mozilla Thunderbird in a shared address book.
OID 1.3.6.1.4.1.13769.3.4
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Page 64
Chapter 2. Directory Server Attribute Reference
44
Defined in Mozilla Address Book
2.135. mozillaHomeStreet
This attribute sets the street address used by Mozilla Thunderbird in a shared address book.
OID 1.3.6.1.4.1.13769.3.1
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Mozilla Address Book
2.136. mozillaHomeStreet2
This attribute contains the second line of a street address used by Mozilla Thunderbird in a shared
address book.
OID 1.3.6.1.4.1.13769.3.2
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Mozilla Address Book
2.137. mozillaHomeUrl
This attribute contains a URL used by Mozilla Thunderbird in a shared address book.
OID 1.3.6.1.4.1.13769.3.7
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Mozilla Address Book
2.138. mozillaNickname (xmozillanickname)
This attribute contains a nickname used by Mozilla Thunderbird for a shared address book.
OID 1.3.6.1.4.1.13769.2.1
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Mozilla Address Book
2.139. mozillaSecondEmail (xmozillasecondemail)
This attribute contains an alternate or secondary email address for an entry in a shared address book
for Mozilla Thunderbird.
OID 1.3.6.1.4.1.13769.2.2
Syntax IA5String
Page 65
mozillaUseHtmlMail (xmozillausehtmlmail)
45
Multi- or Single-Valued Single-valued
Defined in Mozilla Address Book
2.140. mozillaUseHtmlMail (xmozillausehtmlmail)
This attribute sets an email type preference for an entry in a shared address book in Mozilla
Thunderbird.
OID 1.3.6.1.4.1.13769.2.3
Syntax Boolean
Multi- or Single-Valued Single-valued
Defined in Mozilla Address Book
2.141. mozillaWorkStreet2
This attribute contains a street address for a workplace or office for an entry in Mozilla Thunderbird's
shared address book.
OID 1.3.6.1.4.1.13769.3.8
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Mozilla Address Book
2.142. mozillaWorkUrl
This attribute contains a URL for a work site in an entry in a shared address book in Mozilla
Thunderbird.
OID 1.3.6.1.4.1.13769.3.9
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Mozilla Address Book
2.143. multiLineDescription
This attribute contains a description of an entry which spans multiple lines in the LDIF file.
OID 1.3.6.1.4.1.250.1.2
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Internet White Pages Pilot
2.144. name
The name attribute identifies the attribute supertype which can be used to form string attribute types
for naming.
Page 66
Chapter 2. Directory Server Attribute Reference
46
It is unlikely that values of this type will occur in an entry. LDAP server implementations that do not
support attribute subtyping do not need to recognize this attribute in requests. Client implementations
should not assume that LDAP servers are capable of performing attribute subtyping.
OID 2.5.4.41
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
75
2.145. netscapeReversiblePassword
This attribute contains the password for HTTP Digest/MD5 authentication.
OID 2.16.840.1.113730.3.1.812
Syntax OctetString
Multi- or Single-Valued Multi-valued
Defined in Netscape Web Server
2.146. NisMapEntry
This attribute contains the information for a NIS map to be used by Network Information Services.
NOTE
This attribute is defined in 10rfc2307.ldif in the Directory Server. To use the
updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the
10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/
dirsrv/slapd-instance_name/schema directory.
OID 1.3.6.1.1.1.1.27
Syntax IA5String
Multi- or Single-Valued Single-valued
Defined in RFC 2307
76
2.147. nisMapName
This attribute contains the name of a mapping used by a NIS server.
OID 1.3.6.1.1.1.1.26
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2307
77
2.148. nisNetgroupTriple
This attribute contains information on a netgroup used by a NIS server.
Page 67
nsAccessLog
47
NOTE
This attribute is defined in 10rfc2307.ldif in the Directory Server. To use the
updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the
10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/
dirsrv/slapd-instance_name/schema directory.
OID 1.3.6.1.1.1.1.14
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in RFC 2307
78
2.149. nsAccessLog
This entry identifies the access log used by a server.
OID nsAccessLog-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
79
2.150. nsAdminAccessAddresses
This attribute contains the IP address of the Administration Server used by the instance.
OID nsAdminAccessAddresses-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.151. nsAdminAccessHosts
This attribute contains the hostname of the Administration Server.
OID nsAdminAccessHosts-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.152. nsAdminAccountInfo
This attribute contains other information about the Administration Server account.
OID nsAdminAccountInfo-oid
Syntax DirectoryString
Page 68
Chapter 2. Directory Server Attribute Reference
48
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.153. nsAdminCacheLifetime
This sets the length of time to store the cache used by the Directory Server.
OID nsAdminCacheLifetime-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.154. nsAdminCgiWaitPid
This attribute defines the wait time for Administration Server CGI process IDs.
OID nsAdminCgiWaitPid-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.155. nsAdminDomainName
This attribute contains the name of the administration domain containing the Directory Server instance.
OID nsAdminDomainName-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.156. nsAdminEnableEnduser
This attribute sets whether to allow end user access to admin services.
OID nsAdminEnableEnduser-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.157. nsAdminEndUserHTMLIndex
This attribute sets whether to allow end users to access the HTML index of admin services.
OID nsAdminEndUserHTMLIndex-oid
Syntax DirectoryString
Page 69
nsAdminGroupName
49
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.158. nsAdminGroupName
This attribute gives the name of the admin guide.
OID nsAdminGroupName-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.159. nsAdminOneACLDir
This attribute gives the directory path to the directory containing access control lists for the
Administration Server.
OID nsAdminOneACLDir-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.160. nsAdminSIEDN
This attribute contains the DN of the serer instance entry (SIE) for the Administration Server.
OID nsAdminSIEDN-oid
Syntax DN
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.161. nsAdminUsers
This attribute gives the path and name of the file which contains the information for the Administration
Server admin user.
OID nsAdminUsers-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.162. nsAIMid
This attribute contains the AOL Instant Messaging user ID for the user.
OID 2.16.840.1.113730.3.2.300
Page 70
Chapter 2. Directory Server Attribute Reference
50
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Directory Server
2.163. nsBaseDN
This contains the base DN used in the Directory Server's server instance definition entry.
OID nsBaseDN-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Directory Server
2.164. nsBindDN
This attribute contains the bind DN defined in the Directory Server SIE.
OID nsBindDN-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Directory Server
2.165. nsBindPassword
This attribute contains the password used by the bind DN defined in nsBindDN.
OID nsBindPassword-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Directory Server
2.166. nsBuildNumber
This defines, in the Directory Server SIE, the build number of the server instance.
OID nsBuildNumber-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
80
2.167. nsBuildSecurity
This defines, in the Directory Server SIE, the build security level.
OID nsBuildSecurity-oid
Page 71
nsCertConfig
51
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
81
2.168. nsCertConfig
This attribute defines the configuration for the Red Hat Certificate System.
OID nsCertConfig-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Certificate System
2.169. nsCertfile
This attribute contains the directory location of a certificate file.
OID nsCertfile-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
82
2.170. nsClassname
OID nsClassname-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
83
2.171. nsConfigRoot
This attribute contains the root DN of the configuration directory.
OID nsConfigRoot-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
84
2.172. nscpAIMScreenname
This attribute gives the AIM screen name of a user.
OID 1.3.6.1.4.1.13769.2.4
Syntax TelephoneString
Page 72
Chapter 2. Directory Server Attribute Reference
52
Multi- or Single-Valued Multi-valued
Defined in Mozilla Address Book
2.173. nsDefaultAcceptLanguage
This attribute contains the language codes which are accepted for HTML clients.
OID nsDefaultAcceptLanguage-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
85
2.174. nsDefaultObjectClass
This attribute stores object class information in a container entry.
OID nsDefaultObjectClass-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.175. nsDeleteclassname
OID nsDeleteclassname-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.176. nsDirectoryFailoverList
This attribute contains a list of Directory Servers to use for failover.
OID nsDirectoryFailoverList-oid
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
86
2.177. nsDirectoryInfoRef
This attribute refers to a DN of an entry with information about the server.
OID nsDirectoryInfoRef-oid
Syntax DN
Multi- or Single-Valued Multi-valued
Page 73
nsDirectoryURL
53
Defined in RFC 2256
87
2.178. nsDirectoryURL
This attribute contains the Directory Server URL.
OID nsDirectoryURL-oid
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
88
2.179. nsDisplayName
This attribute contains a display name.
OID nsDisplayName-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.180. nsErrorLog
This attribute identifies the error log used by the server.
OID nsErrorLog-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
89
2.181. nsExecRef
This attribute contains the path or location of an executable which can be used to perform server
tasks.
OID nsExecRef-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
90
2.182. nsExpirationDate
This attribute contains the expiration date of an application.
OID nsExpirationDate-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Page 74
Chapter 2. Directory Server Attribute Reference
54
Defined in RFC 2256
91
2.183. nsGroupRDNComponent
This attribute defines the attribute to use for the RDN of a group entry.
OID nsGroupRDNComponent-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
92
2.184. nsHardwarePlatform
This attribute indicates the hardware on which the server is running. The value of this attribute is the
same as the output from uname -m. For example:
nsHardwarePlatform:i686
OID nsHardwarePlatform-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
93
2.185. nsHelpRef
This attribute contains a reference to an online help file.
OID nsHelpRef-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
94
2.186. nsHostLocation
This attribute contains information about the server host.
OID nsHostLocation-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
95
2.187. nsICQid
This attribute contains an ICQ ID for the user.
OID 2.16.840.1.113730.3.1.2014
Page 75
nsInstalledLocation
55
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Directory Server
2.188. nsInstalledLocation
This attribute contains the installation directory for Directory Servers which are version 7.1 or older.
OID nsInstalledLocation-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
96
2.189. nsJarfilename
This attribute gives the jar file name used by the Console.
OID nsJarfilename-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
97
2.190. nsKeyfile
This attribute contains the path to the key file used by the security module.
OID nsKeyfile-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
98
2.191. nsLdapSchemaVersion
This gives the version number of the LDAP directory schema.
OID nsLdapSchemaVersion-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
99
2.192. nsLicensedFor
The nsLicensedFor attribute identifies the server the user is licensed to use. Administration
Server expects each nsLicenseUser entry to contain zero or more instances of this attribute. Valid
keywords for this attribute include the following:
Page 76
Chapter 2. Directory Server Attribute Reference
56
• slapd for a licensed Directory Server client.
• mail for a licensed mail server client.
• news for a licensed news server client.
• cal for a licensed calender server client.
For example:
nsLicensedFor: slapd
OID 2.16.840.1.113730.3.1.36
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Administration Server
2.193. nsLicenseEndTime
Reserved for future use.
OID 2.16.840.1.113730.3.1.38
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Administration Server
2.194. nsLicenseStartTime
Reserved for future use.
OID 2.16.840.1.113730.3.1.37
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Administration Server
2.195. nsLogSuppress
This attribute sets whether to suppress server logging.
OID nsLogSuppress-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape
2.196. nsmsgDisallowAccess
This attribute defines access to a messaging server.
Page 77
nsmsgNumMsgQuota
57
OID nsmsgDisallowAccess-oid
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in Netscape Messaging Server
2.197. nsmsgNumMsgQuota
This attribute sets a quota for the number of messages which will be kept by the messaging server.
OID nsmsgNumMsgQuota-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Messaging Server
2.198. nsMSNid
This attribute contains the MSN instant messaging ID for the user.
OID 2.16.840.1.113730.3.1.2016
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Directory Server
2.199. nsNickName
This attribute gives a nickname for an application.
OID nsNickName-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape
2.200. nsNYR
OID nsNYR-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Administration Services
2.201. nsOsVersion
This attribute contains the version number of the operating system for the host on which the server is
running.
Page 78
Chapter 2. Directory Server Attribute Reference
58
OID nsOsVersion-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape
2.202. nsPidLog
OID nsPidLog-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape
2.203. nsPreference
This attribute stores the Console preference settings.
OID nsPreference-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.204. nsProductName
This contains the name of the product, such as Red Hat Directory Server or Administration Server.
OID nsProductName-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape
2.205. nsProductVersion
This contains the version number of the Directory Server or Administration Server.
OID nsProductVersion-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape
2.206. nsRevisionNumber
This attribute contains the revision number of the Directory Server or Administration Server.
OID nsRevisionNumber-oid
Page 79
nsSecureServerPort
59
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape
2.207. nsSecureServerPort
This attribute contains the SSL port for the Directory Server.
NOTE
This attribute does not configure the SSL port for the Directory Server. This is configured
in nsslapd-secureport configuration attribute in the Directory Server's dse.ldif
file. Configuration attributes are described in the Configuration, Command, and File
Reference.
OID nsSecureServerPort-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Directory Server
2.208. nsSerialNumber
This attribute contains a serial number or tracking number assigned to a specific server application,
such as Red Hat Directory Server or Administration Server.
OID nsSerialNumber-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape
2.209. nsServerAddress
This attribute contains the IP address of the server host on which the Directory Server is running.
OID nsServerAddress-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape
2.210. nsServerCreationClassname
This attribute gives the class name to use when creating a server.
OID nsServerCreationClassname-oid
Syntax DirectoryString
Page 80
Chapter 2. Directory Server Attribute Reference
60
Multi- or Single-Valued Multi-valued
Defined in Netscape
2.211. nsServerID
This contains the server's instance name. For example:
nsServerID: slapd-example
OID nsServerID-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape
2.212. nsServerMigrationClassname
This attribute contains the name of the class to use when migrating a server.
OID nsServerMigrationClassname-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape
2.213. nsServerPort
This attribute contains the standard LDAP port for the Directory Server.
NOTE
This attribute does not configure the standard port for the Directory Server. This is
configured in nsslapd-port configuration attribute in the Directory Server's dse.ldif
file. Configuration attributes are described in the Configuration, Command, and File
Reference.
OID nsServerPort-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape
2.214. nsServerSecurity
This shows whether the Directory Server requires a secure (SSL/TLS) connection.
OID nsServerSecurity-oid
Page 81
nsSNMPContact
61
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape
2.215. nsSNMPContact
This attribute contains the contact information provided by the SNMP.
OID 2.16.840.1.113730.3.1.235
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Directory Server
2.216. nsSNMPDescription
This contains a description of the SNMP service.
OID 2.16.840.1.113730.3.1.236
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Directory Server
2.217. nsSNMPEnabled
This attribute shows whether SNMP is enabled for the server.
OID 2.16.840.1.113730.3.1.232
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Directory Server
2.218. nsSNMPLocation
This attribute shows the location provided by the SNMP service.
OID 2.16.840.1.113730.3.1.234
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Directory Server
2.219. nsSNMPMasterHost
This attribute shows the hostname for the SNMP master agent.
OID 2.16.840.1.113730.3.1.237
Page 82
Chapter 2. Directory Server Attribute Reference
62
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Directory Server
2.220. nsSNMPMasterPort
This attribute shows the port number for the SNMP subagent.
OID 2.16.840.1.113730.3.1.238
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Directory Server
2.221. nsSNMPOrganization
This attribute contains the organization information provided by SNMP.
OID 2.16.840.1.113730.3.1.233
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Directory Server
2.222. nsSSL2
This attribute shows whether SSL version 2 is allowed for the server. SSLv2 has been obsoleted.
OID nsSSL2-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Directory Server
2.223. nsSSL2Ciphers
This attribute contains the list of allowed SSLv2 ciphers. SSLv2 has been obsoleted.
OID nsSSL2Ciphers-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Directory Server
2.224. nsSSL3
This attribute indicates whether SSL version 3 is enabled.
OID nsSSL3-oid
Page 83
nsSSL3Ciphers
63
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Directory Server
2.225. nsSSL3Ciphers
This attribute contains the list of allowed SSL3 ciphers.
OID nsSSL3Ciphers-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape
2.226. nsSSL3SessionTimeout
This attribute shows the SSLv3 cipher session timeout period.
OID nsSSL3SessionTimeout-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape
2.227. nsSSLActivation
This attribute shows whether an SSL cipher family is enabled.
OID nsSSLActivation-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape
2.228. nsSSLclientauth
This attribute shows how the Directory Server enforces client authentication. There are three possible
values:
• require, which means all clients must use client authentication (this means the Directory Server
Console cannot be used to manage the instance, since it does not support client authentication)
• allow, which means the Directory Server accepts client authentication
• disallow, which means the Directory Server does not accept client authentication
OID nsSSLclientauth-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Page 84
Chapter 2. Directory Server Attribute Reference
64
Defined in Netscape
2.229. nsSSLPersonalitySSL
This attribute contains the certificate name to use for SSL.
OID nsSSLPersonalitySSL-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape
2.230. nsSSLSessionTimeout
This attribute sets how long an SSL session is active before it times out.
OID nsSSLSessionTimeout-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape
2.231. nsSSLSupportedCiphers
This attribute contains the supported ciphers for the server.
OID nsSSLSupportedCiphers-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape
2.232. nsSSLToken
This attribute contains the name of the token used by the server.
OID nsSSLToken-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape
2.233. nsSuiteSpotUser
This attribute has been obsoleted.
This attribute identifies the Unix user who installed the server.
OID nsSuiteSpotUser-oid
Syntax DirectoryString
Page 85
nsTaskLabel
65
Multi- or Single-Valued Multi-valued
Defined in Netscape
2.234. nsTaskLabel
OID nsTaskLabel-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape
2.235. nsUniqueAttribute
This sets a unique attribute for the server preferences.
OID nsUniqueAttribute-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.236. nsUserIDFormat
This attribute sets the format to use to generate the uid attribute from the givenname and sn
attributes.
OID nsUserIDFormat-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.237. nsUserRDNComponent
This attribute sets the attribute type to set the RDN for user entries.
OID nsUserRDNComponent-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.238. nsValueBin
OID 2.16.840.1.113730.3.1.247
Syntax Binary
Multi- or Single-Valued Multi-valued
Defined in Netscape servers — value item
Page 86
Chapter 2. Directory Server Attribute Reference
66
2.239. nsValueCES
OID 2.16.840.1.113730.3.1.244
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in Netscape servers — value item
2.240. nsValueCIS
OID 2.16.840.1.113730.3.1.243
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape servers — value item
2.241. nsValueDefault
OID 2.16.840.1.113730.3.1.250
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape servers — value item
2.242. nsValueDescription
OID 2.16.840.1.113730.3.1.252
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape servers — value item
2.243. nsValueDN
OID 2.16.840.1.113730.3.1.248
Syntax DN
Multi- or Single-Valued Multi-valued
Defined in Netscape servers — value item
2.244. nsValueFlags
OID 2.16.840.1.113730.3.1.251
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape servers — value item
Page 87
nsValueHelpURL
67
2.245. nsValueHelpURL
OID 2.16.840.1.113730.3.1.254
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in Netscape servers — value item
2.246. nsValueInt
OID 2.16.840.1.113730.3.1.246
Syntax Integer
Multi- or Single-Valued Multi-valued
Defined in Netscape servers — value item
2.247. nsValueSyntax
OID 2.16.840.1.113730.3.1.253
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape servers — value item
2.248. nsValueTel
OID 2.16.840.1.113730.3.1.245
Syntax TelephoneString
Multi- or Single-Valued Multi-valued
Defined in Netscape servers — value item
2.249. nsValueType
OID 2.16.840.1.113730.3.1.249
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape servers — value item
2.250. nsVendor
This contains the name of the server vendor.
OID nsVendor-oid
Syntax DirectoryString
Page 88
Chapter 2. Directory Server Attribute Reference
68
Multi- or Single-Valued Multi-valued
Defined in Netscape
2.251. nsViewConfiguration
This attribute stores the view configuration used by Console.
OID nsViewConfiguration-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.252. nsViewFilter
This attribute sets the attribute-value pair which is used to identify entries belonging to the view.
OID 2.16.840.1.113730.3.1.3023
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in Directory Server
2.253. nsWellKnownJarfiles
OID nsWellKnownJarfiles-oid
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.254. nswmExtendedUserPrefs
This attribute is used to store user preferences for accounts in a messaging server.
OID 2.16.840.1.113730.3.1.520
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Messaging Server
2.255. nsYIMid
This attribute contains the Yahoo instant messaging username for the user.
OID 2.16.840.1.113730.3.1.2015
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Page 89
ntGroupAttributes
69
Defined in Directory Server
2.256. ntGroupAttributes
This attribute points to a binary file which contains information about the group. For example:
ntGroupAttributes:: IyEvYmluL2tzaAoKIwojIGRlZmF1bHQgdmFsdWUKIwpIPSJgaG9zdG5hb
OID 2.16.840.1.113730.3.1.536
Syntax Binary
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.257. ntGroupCreateNewGroup
The ntGroupCreateNewGroup attribute is used by Windows Sync to determine whether the
Directory Server should create new group entry when a new group is created on a Windows server.
true creates the new entry; false ignores the Windows entry.
OID 2.16.840.1.113730.3.1.45
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.258. ntGroupDeleteGroup
The ntGroupDeleteGroup attribute is used by Windows Sync to determine whether the Directory
Server should delete a group entry when the group is deleted on a Windows sync peer server. true
means the account is deleted; false ignores the deletion.
OID 2.16.840.1.113730.3.1.46
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.259. ntGroupDomainId
The ntGroupDomainID attribute contains the domain ID string for a group.
ntGroupDomainId: DS HR Group
OID 2.16.840.1.113730.3.1.44
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
Page 90
Chapter 2. Directory Server Attribute Reference
70
2.260. ntGroupId
The ntGroupId attribute points to a binary file which identifies the group. For example:
ntGroupId: IOUnHNjjRgghghREgfvItrGHyuTYhjIOhTYtyHJuSDwOopKLhjGbnGFtr
OID 2.16.840.1.113730.3.1.110
Syntax Binary
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.261. ntGroupType
In Active Directory, there are two major types of groups: security and distribution. Security groups
are most similar to groups in Directory Server, since security groups can have policies configured
for access controls, resource restrictions, and other permissions. Distribution groups are for mailing
distribution. These are further broken down into global and local groups. The Directory Server
ntGroupType supports all four group types:
The ntGroupType attribute identifies the type of Windows group. The valid values are as follows:
• -21483646 for global/security
• -21483644 for domain local/security
• 2 for global/distribution
• 4 for domain local/distribution
This value is set automatically when the Windows groups are synchronized. To determine the type
of group, you must manually configure it when the group gets created. By default, Directory Server
groups do not have this attribute and are synchronized as global/security groups.
ntGroupType: -21483646
OID 2.16.840.1.113730.3.1.47
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.262. ntUniqueId
The ntUniqueId attribute contains a generated number used for internal server identification and
operation. For example:
ntUniqueId: 352562404224a44ab040df02e4ef500b
OID 2.16.840.1.113730.3.1.111
Syntax DirectoryString
Page 91
ntUserAcctExpires
71
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.263. ntUserAcctExpires
This attribute indicates when the entry's Windows account will expire. This value is stored as a string
in GMT format. For example:
ntUserAcctExpires: 20081015203415
OID 2.16.840.1.113730.3.1.528
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.264. ntUserAuthFlags
This attribute contains authorization flags set for the Windows account.
OID 2.16.840.1.113730.3.1.60
Syntax Binary
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.265. ntUserBadPwCount
This attribute sets the number of bad password failures are allowed before an account is locked.
OID 2.16.840.1.113730.3.1.531
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.266. ntUserCodePage
The ntUserCodePage attribute contains the code page for the user's language of choice. For
example:
ntUserCodePage: AAAAAA==
OID 2.16.840.1.113730.3.1.533
Syntax Binary
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
Page 92
Chapter 2. Directory Server Attribute Reference
72
2.267. ntUserComment
This attribute contains a text description or note about the user entry.
OID 2.16.840.1.113730.3.1.522
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.268. ntUserCountryCode
This attribute contains the two-character country code for the country where the user is located.
OID 2.16.840.1.113730.3.1.532
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.269. ntUserCreateNewAccount
The ntUserCreateNewAccount attribute is used by Windows Sync to determine whether the
Directory Server should create a new user entry when a new user is created on a Windows server.
true creates the new entry; false ignores the Windows entry.
OID 2.16.840.1.113730.3.1.42
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.270. ntUserDeleteAccount
The ntUserDeleteAccount attribute IS Used by Windows Sync to determine whether a Directory
Server entry will be automatically deleted when the user is deleted from the Windows sync peer
server. true means the user entry is deleted; false ignores the deletion.
OID 2.16.840.1.113730.3.1.43
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.271. ntUserDomainId
The ntUserDomainID attribute contains the Windows domain login ID. For example:
ntUserDomainId: jsmith
OID 2.16.840.1.113730.3.1.41
Page 93
ntUserFlags
73
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.272. ntUserFlags
This attribute contains additional flags set for the Windows account.
OID 2.16.840.1.113730.3.1.523
Syntax Binary
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.273. ntUserHomeDir
The ntUserHomeDir attribute contains an ASCII string representing the Windows user's home
directory. This attribute can be null. For example:
ntUserHomeDir: c:\jsmith
OID 2.16.840.1.113730.3.1.521
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.274. ntUserHomeDirDrive
This attribute contains information about the drive on which the user's home directory is stored.
OID 2.16.840.1.113730.3.1.535
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.275. ntUserLastLogoff
The ntUserLastLogoff attribute contains the time of the last logoff. This value is stored as a string
in GMT format.
If security logging is turned on, then this attribute is updated on synchronization only if some other
aspect of the user's entry has changed.
ntUserLastLogoff: 20091015203415Z
OID 2.16.840.1.113730.3.1.527
Page 94
Chapter 2. Directory Server Attribute Reference
74
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.276. ntUserLastLogon
The ntUserLastLogon attribute contains the time that the user last logged into the Windows
domain. This value is stored as a string in GMT format. If security logging is turned on, then this
attribute is updated on synchronization only if some other aspect of the user's entry has changed.
ntUserLastLogon: 20091015203415Z
OID 2.16.840.1.113730.3.1.526
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.277. ntUserLogonHours
The ntUserLogonHours attribute contains the time periods that a user is allowed to log onto the
Active Directory domain. This attribute corresponds to the logonHours attribute in Active Directory.
OID 2.16.840.1.113730.3.1.530
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.278. ntUserLogonServer
The ntUserLogonServer attribute defines the Active Directory server to which the user's logon
request is forwarded.
OID 2.16.840.1.113730.3.1.65
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.279. ntUserMaxStorage
The ntUserMaxStorage attribute contains the maximum amount of disk space available for the user.
ntUserMaxStorage: 4294967295
OID 2.16.840.1.113730.3.1.529
Syntax Binary
Page 95
ntUserNumLogons
75
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.280. ntUserNumLogons
This attribute shows the number of successful logons to the Active Directory domain for the user.
OID 2.16.840.1.113730.3.1.64
Syntax Binary
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.281. ntUserParms
The ntUserParms attribute contains a Unicode string reserved for use by applications.
OID 2.16.840.1.113730.3.1.62
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.282. ntUserPasswordExpired
This attribute shows whether the password for the Active Directory account has expired.
OID 2.16.840.1.113730.3.1.68
Syntax Binary
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.283. ntUserPrimaryGroupId
The ntUserPrimaryGroupId attribute contains the group ID of the primary group to which the user
belongs.
OID 2.16.840.1.113730.3.1.534
Syntax Binary
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.284. ntUserPriv
This attribute shows the type of privileges allowed for the user.
OID 2.16.840.1.113730.3.1.59
Page 96
Chapter 2. Directory Server Attribute Reference
76
Syntax Binary
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.285. ntUserProfile
The ntUserProfile attribute contains the path to a user's profile. For example:
ntUserProfile: c:\jsmith\profile.txt
OID 2.16.840.1.113730.3.1.67
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.286. ntUserScriptPath
The ntUserScriptPath attribute contains the path to an ASCII script used by the user to log into
the domain.
ntUserScriptPath: c:\jstorm\lscript.bat
OID 2.16.840.1.113730.3.1.524
Syntax Binary
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.287. ntUserUniqueId
The ntUserUniqueId attribute contains a unique numeric ID for the Windows user.
OID 2.16.840.1.113730.3.1.66
Syntax Binary
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.288. ntUserUnitsPerWeek
The ntUserUnitsPerWeek attribute contains the total amount of time that the user has spent logged
into the Active Directory domain.
OID 2.16.840.1.113730.3.1.63
Syntax Binary
Multi- or Single-Valued Single-valued
Page 97
ntUserUsrComment
77
Defined in Netscape NT Synchronization
2.289. ntUserUsrComment
The ntUserUsrComment attribute contains additional comments about the user.
OID 2.16.840.1.113730.3.1.61
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.290. ntUserWorkstations
The ntUserWorkstations attribute contains a list of names, in ASCII strings, of work stations which
the user is allowed to log in to. There can be up to eight work stations listed, separated by commas.
Specify null to permit users to log on from any workstation. For example:
ntUserWorkstations: firefly
OID 2.16.840.1.113730.3.1.525
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Defined in Netscape NT Synchronization
2.291. o (organizationName)
The organizationName, or o, attribute contains the organization name. For example:
organizationName: Example Corporation
o: Example Corporation
OID 2.5.4.10
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
100
2.292. objectClass
The objectClass attribute identifies the object classes used for an entry. For example:
objectClass: person
OID 2.5.4.0
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Page 98
Chapter 2. Directory Server Attribute Reference
78
Defined in RFC 2256
101
2.293. objectClasses
This attribute is used in a schema file to identify an object class allowed by the subschema definition.
OID 2.5.21.6
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2252
102
2.294. obsoletedByDocument
The obsoletedByDocument attribute contains the distinguished name of a document which
obsoletes the current document entry.
OID 0.9.2342.19200300.102.1.4
Syntax DN
Multi- or Single-Valued Multi-valued
Defined in Internet White Pages Pilot
2.295. obsoletesDocument
The obsoletesDocument attribute contains the distinguished name of a documented which is
obsoleted by the current document entry.
OID 0.9.2342.19200300.102.1.3
Syntax DN
Multi- or Single-Valued Multi-valued
Defined in Internet White Pages Pilot
2.296. oncRpcNumber
The oncRpcNumber attribute contains part of the RPC map and stores the RPC number for UNIX
RPCs.
NOTE
The oncRpcNumber attribute is defined in 10rfc2307.ldif in the Directory Server.
To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the
10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/
dirsrv/slapd-instance_name/schema directory.
OID 1.3.6.1.1.1.1.18
Syntax Integer
Multi- or Single-Valued Single-valued
Page 99
organizationalStatus
79
Defined in RFC 2307
103
2.297. organizationalStatus
The organizationalStatus identifies the person's category within an organization.
organizationalStatus: researcher
OID 0.9.2342.19200300.100.1.45
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
104
2.298. otherMailbox
The otherMailbox attribute contains values for email types other than X.400 and RFC 822.
otherMailbox: internet $ jsmith@example.com
OID 0.9.2342.19200300.100.1.22
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
105
2.299. ou (organizationalUnitName)
The organizationalUnitName, or ou, contains the name of an organizational division or a subtree
within the directory hierarchy.
organizationalUnitName: Marketing
ou: Marketing
OID 2.5.4.11
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 2256
106
2.300. owner
The owner attribute contains the DN of the person responsible for an entry. For example:
owner: cn=John Smith, ou=people,dc=example,dc=com
OID 2.5.4.32
Syntax DN
Multi- or Single-Valued Multi-valued
Page 100
Chapter 2. Directory Server Attribute Reference
80
Defined in RFC 2256
107
2.301. pager
The pagerTelephoneNumber, or pager, attribute contains a person's pager phone number.
pagerTelephoneNumber: 415-555-6789
pager: 415-555-6789
OID 0.9.2342.19200300.100.1.42
Syntax TelephoneNumber
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
108
2.302. pamExcludeSuffix
This attribute specifies a suffix to exclude from PAM authentication.
OID 2.16.840.1.113730.3.1.2068
Syntax DN
Multi- or Single-Valued Multi-valued
Defined in Directory Server
2.303. pamFallback
This attribute sets whether to fall back to LDAP authentication and bind if the PAM authentication fails.
OID 2.16.840.1.113730.3.1.2072
Syntax Boolean
Multi- or Single-Valued Single-valued
Defined in Directory Server
2.304. pamIDAttr
This attribute contains the attribute name which is used to hold the PAM user ID.
OID 2.16.840.1.113730.3.1.2071
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Directory Server
2.305. pamIDMapMethod
This attribute contains the method for mapping the bind DN in the LDAP server to PAM identity.
OID 2.16.840.1.113730.3.1.2070
Loading...