A Summary of the X.500(96) User Schema for use with LDAPv3
RFC 2256

Document Type RFC - Proposed Standard (December 1997; No errata)
Updated by RFC 3377
Author Mark Wahl 
Last updated 2013-03-02
Stream IETF
Formats plain text html pdf htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 2256 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                            M. Wahl
Request for Comments: 2256                           Critical Angle Inc.
Category: Standards Track                                  December 1997

       A Summary of the X.500(96) User Schema for use with LDAPv3

1. Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1997).  All Rights Reserved.


   This document describes a directory access protocol that provides
   both read and update access.  Update access requires secure
   authentication, but this document does not mandate implementation of
   any satisfactory authentication mechanisms.

   In accordance with RFC 2026, section 4.4.1, this specification is
   being approved by IESG as a Proposed Standard despite this
   limitation, for the following reasons:

   a. to encourage implementation and interoperability testing of
      these protocols (with or without update access) before they
      are deployed, and

   b. to encourage deployment and use of these protocols in read-only
      applications.  (e.g. applications where LDAPv3 is used as
      a query language for directories which are updated by some
      secure mechanism other than LDAP), and

   c. to avoid delaying the advancement and deployment of other Internet
      standards-track protocols which require the ability to query, but
      not update, LDAPv3 directory servers.

   Readers are hereby warned that until mandatory authentication
   mechanisms are standardized, clients and servers written according to
   this specification which make use of update functionality are

Wahl                        Standards Track                     [Page 1]
RFC 2256                     LDAPv3 Schema                 December 1997

   Implementors are hereby discouraged from deploying LDAPv3 clients or
   servers which implement the update functionality, until a Proposed
   Standard for mandatory authentication in LDAPv3 has been approved and
   published as an RFC.

2. Abstract

   This document provides an overview of the attribute types and object
   classes defined by the ISO and ITU-T committees in the X.500
   documents, in particular those intended for use by directory clients.
   This is the most widely used schema for LDAP/X.500 directories, and
   many other schema definitions for white pages objects use it as a
   basis.  This document does not cover attributes used for the
   administration of X.500 directory servers, nor does it include
   attributes defined by other ISO/ITU-T documents.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in RFC 2119 [6].

3. General Issues

   This document references syntaxes given in section 6 of this document
   and section 6 of [1].  Matching rules are listed in section 8 of this
   document and section 8 of [1].

   The attribute type and object class definitions are written using the
   BNF form of AttributeTypeDescription and ObjectClassDescription given
   in [1].  Lines have been folded for readability.

4. Source

   The schema definitions in this document are based on those found in
   X.500 [2],[3],[4],[5], and updates to these documents, specifically:

        Sections                Source
        ============            ============
        5.1  - 5.2              X.501(93)
        5.3  - 5.36             X.520(88)
        5.37 - 5.41             X.509(93)
        5.42 - 5.52             X.520(93)
        5.53 - 5.54             X.509(96)
        5.55                    X.520(96)
        6.1                     RFC 1274
        6.2                     (new syntax)
        6.3  - 6.6              RFC 1274
        7.1  - 7.2              X.501(93)
        7.3  - 7.18             X.521(93)

Wahl                        Standards Track                     [Page 2]
RFC 2256                     LDAPv3 Schema                 December 1997

        7.19 - 7.21             X.509(96)
        7.22                    X.521(96)

   Some attribute names are different from those found in X.520(93).

   Three new attributes supportedAlgorithms, deltaRevocationList and
   dmdName, and the objectClass dmd, are defined in the X.500(96)

5. Attribute Types

   An LDAP server implementation SHOULD recognize the attribute types
   described in this section.

5.1. objectClass

   The values of the objectClass attribute describe the kind of object
Show full document text