[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Sanity check - LDAP DSA Schema
Attached is a short schema description of an LDAP directory service agent object class (ldapDSA), that makes use of labeledURI presentation addresses instead of OSI ones. If there's no violent opposition, I expect to make the LDUP information model refer to these definitions (they're broken out here from the LDUP schema for the same reason we broke out the ldapSubEntry definition - 'cause they seem more generally useful than for just LDUP).
Ed
=================
Ed Reed, Technologist
Novell Product Management
+1 801 222 3944 (new number!)
INTERNET-DRAFT
draft-ietf-ldup-dsa-schema-00.txt
Ed Reed
Novell, Inc.
August 29, 1999
LDAP DSA Schema
1. Status of this Memo
This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft expires on February 29, 1999.
2. Abstract
This document defines an object class called ldapDSA and associated
classes and attributes which MAY be used in lieu of their X.520 and
X.521 definitions to describe LDAP servers (ldapDSAs).
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. The
sections below reiterate these definitions and include some additional
ones.
Reed [Page 1]
Expires February 29, 2000
�
INTERNET-DRAFT 29 August 1999
LDAP DSA Schema
3. Attribute Definitions
3.1 ldapPresentationAddress Attribute
( l.fred.l NAME 'ldapPresentationAddress'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
This attribute is used to indicate how to access a network service,
application entity, etc.
The ldapPresentationAddress attribute is nearly identical to that of
the 'ref' attribute (2.16.840.1.113730.3.1.34) defined in [NAMEDREF],
except that it is not an operational attribute.
(copied from [NAMEDREF]) The ldapPresentationAddress attribute type
has IA5 syntax and is case sensitive. The ref attribute is multi-
valued. Values placed in the attribute MUST conform to the
specification given for the labeledURI attribute defined in [RFC2079].
The labeledURI specification defines a format that is a URI,
optionally followed by whitespace and a label. This document does not
make use of the label portion of the syntax. Future documents MAY
enable new functionality by imposing additional structure on the label
portion of the syntax as it appears in the ref attribute.
If the URI contained in the ref attribute refers to an LDAPv3 server,
it must be in the LDAP URI format described in [RFC2255].
4. Class Definitions
4.1 ldapApplicationEntity Class
( 1.fred.1 NAME 'ldapApplicationEntity'
DESC 'LDAP Application Entity class'
SUP top STRUCTURAL
MUST ( ldapPresentationAddress $ cn )
MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
description ) )
The ldapApplicationEntity class is used to identify software services
and their addresses on the internet. It differs from its X.500 and
[RFC2252] parallel (applicationEntity) in that the presentationAddress
is replaced with the ldapPresentationAddress (defined above).
Reed [Page 2]
Expires February 29, 2000
�
INTERNET-DRAFT 29 August 1999
LDAP DSA Schema
The attribute supportedApplicationContext may have no meaning for LDAP
usage, but is retained for backward compatibility with parallel
definitions of this class.
4.2 ldapDSA Class
( 1.3.6.1.4.1.1466.115.121.1.?? NAME 'ldapDSA'
DESC 'LDAP DSA class'
SUP ldapApplicationEntity STRUCTURAL
MAY ( knowledgeInformation ) )
The ldapDSA class is used to represent an LDAP directory service
agent, and to provide network address information as to how to talk to
it. It is derived from the LDAP version of the X.500 and [RFC2256]
defined applicationEntity.
The attribute knowledgeInformation may have no meaning for LDAP usage
(yet), but is retained for backward compatibility with parallel
definitions of this class.
5. Security Considerations
The ldapDSA class will be used to represent directory service agents
in LDAP, and as such, its attributes, particularly the
ldapPresentationAddress of the ldapDSA, will be relied upon by client
applications and other directories as contact information for the
ldapDSA. Access controls to prevent unauthorized modification of
ldapDSA attributes, in particular the ldapPresentationAddress, are
strongly recommended.
6. References
[RFC2079] M. Smith, "Definition of an X.500 Attribute Type and an
Object Class to Hold Uniform Resource Identifiers (URIs)", RFC2079,
January 1997
[RFC2251] S. Kille, M. Wahl, and T. Howes, "Lightweight Directory
Access Protocol (v3)", RFC 2251, December 1997
[RFC2252] M. Wahl, A. Coulbeck, T. Howes, and S. Kille, "Lightweight
Directory Access Protocol (v3): Attribute Syntax Definitions", RFC
2252, December 1997
Reed [Page 3]
Expires February 29, 2000
�
INTERNET-DRAFT 29 August 1999
LDAP DSA Schema
[RFC2255] T. Howes and M. Smith, "The LDAP URL Format", RFC 2255,
December 1997
[RFC2256] M. Wahl, "A Summary of the X.500(96) User Schema for use
with LDAPv3", RFC 2256, December 1997
[NAMEDREF] C. Lukas, T. Howes, M. Roszkowski, M. Smith, and M. Wahl,
"Named Referrals in LDAP Directories", draft-ietf-ldapext-namedref-
00.txt, June 1999
[X.500] ITU-T Rec. X.501, "The Directory: Models", 1993
7. Copyright Notice
Copyright (C) The Internet Society (1999). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published and
distributed, in whole or in part, without restriction of any kind,
provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of developing
Internet standards in which case the procedures for copyrights defined
in the Internet Standards process must be followed, or as required to
translate it into languages other than English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT
NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN
WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."
8. Acknowledgements
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to pertain
to the implementation or use of the technology described in this
Reed [Page 4]
Expires February 29, 2000
�
INTERNET-DRAFT 29 August 1999
LDAP DSA Schema
document or the extent to which any license under such rights might or
might not be available; neither does it represent that it has made any
effort to identify any such rights. Information on the IETF's
procedures with respect to rights in standards-track and standards-
related documentation can be found in BCP-11. Copies of claims of
rights made available for publication and any assurances of licenses
to be made available, or the result of an attempt made to obtain a
general license or permission for the use of such proprietary rights
by implementors or users of this specification can be obtained from
the IETF Secretariat.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice
this standard. Please address the information to the IETF Executive
Director.
9. Author's Address
Edwards E. Reed
Novell, Inc.
122 E 1700 S
Provo, UT 84606
USA
E-mail: Ed_Reed@Novell.com
LDUP Mailing List: ietf-ldup@imc.org
Reed [Page 5]
Expires February 29, 2000
�
BEGIN:VCARD
VERSION:2.1
X-GWTYPE:USER
FN:Ed Reed
TEL;WORK:801-222-3944
ORG:;Product Management
TEL;PREF;FAX:TBD
EMAIL;WORK;PREF;NGW:ED REED@novell.com
N:Reed;Ed
TITLE:Technologist
ADR;DOM;WORK;PARCEL;POSTAL:;ORM-A-211
LABEL;DOM;WORK;PARCEL;POSTAL;ENCODING=QUOTED-PRINTABLE:Ed Reed=0A=
ORM-A-211
X-GWUSERID:ED REED
END:VCARD