Network Working Group M. Wahl Request for Comments: 2252 Critical Angle Inc. Category: Standards Track A. Coulbeck Isode Inc. T. Howes Netscape Communications Corp. S. Kille Isode Limited December 1997 Lightweight Directory Access Protocol (v3):
Attribute Syntax Definitions
1. Status of this Memo
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for扶正解毒散
improvements. Plea refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited. Copyright Notice
Copyright (C) The Internet Society (1997). All Rights Rerved.
IESG Note
返本还原This document describes a directory access protocol that provides
both read and update access. Update access requires cure
authentication, but this document does not mandate implementation of any satisfactory authentication mechanisms.
In accordance with RFC 2026, ction 4.4.1, this specification is
being approved by IESG as a Propod Standard despite this
limitation, for the following reasons:
a. to encourage implementation and interoperability testing of
椰汁的功效与作用the protocols (with or without update access) before they
are deployed, and
b. to encourage deployment and u of the protocols in read-only
applications. (e.g. applications where LDAPv3 is ud as
a query language for directories which are updated by some
cure mechanism other than LDAP), and
Wahl, et. al. Standards Track [Page 1]
c. to avoid delaying the advancement and deployment of other Internet standards-track protocols which require the ability to query, but not update, LDAPv3 directory rvers.
Readers are hereby warned that until mandatory authentication
mechanisms are standardized, clients and rvers written according to this specification which make u of update functionality are
UNLIKELY TO INTEROPERATE, or MAY INTEROPERATE ONLY IF AUTHENTICATION IS REDUCED TO AN UNACCEPTABLY WEAK LEVEL.
Implementors are hereby discouraged from deploying LDAPv3 clients or rvers which implement the update functionality, until a Propod
Standard for mandatory authentication in LDAPv3 has been approved and published as an RFC.
2. Abstract
The Lightweight Directory Access Protocol (LDAP) [1] requires that
the contents of AttributeValue fields in protocol elements be octet
strings. This document defines a t of syntaxes for LDAPv3, and the rules by which attribute values of the syntaxes are reprented as octet strings for transmission in the LDAP protocol. The syntaxes
defined in this document are referenced by this and other documents
that define attribute types. This document also defines the t of
attribute types which LDAP rvers should support.
3. Overview
This document defines the framework for developing schemas for
directories accessible via the Lightweight Directory Access Protocol. Schema is the collection of attribute type definitions, object class definitions and other information which a rver us to determine
how to match a filter or attribute value asrtion (in a compare
operation) against the attributes of an entry, and whether to permit add and modify operations.
Section 4 states the general requirements and notations for attribute types, object class, syntax and matching rule definitions.
Section 5 lists attributes, ction 6 syntaxes and ction 7 object
class.
Additional documents define schemas for reprenting real-world
objects as directory entries.
Wahl, et. al. Standards Track [Page 2]
4. General Issues
This document describes encodings ud in an Internet protocol.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [4].
Attribute Type and Object Class definitions are written in a string
reprentation of the AttributeTypeDescription and
ObjectClassDescription data types defined in X.501(93) [3].
Implementors are strongly advid to first read the description of
how schema is reprented in X.500 before reading the rest of this
document.
4.1. Common Encoding Aspects
For the purpos of defining the encoding rules for attribute
syntaxes, the following BNF definitions will be ud. They are bad on the BNF styles of RFC 822 [13].
a = "a" / "b" / "c" / "d" / "e" / "f" / "g" / "h" / "i" /
"j" / "k" / "l" / "m" / "n" / "o" / "p" / "q" / "r" /
凉拌海带菜"s" / "t" / "u" / "v" / "w" / "x" / "y" / "z" / "A" /
"B" / "C" / "D" / "E" / "F" / "G" / "H" / "I" / "J" /
"K" / "L" / "M" / "N" / "O" / "P" / "Q" / "R" / "S" /
"T" / "U" / "V" / "W" / "X" / "Y" / "Z"
d = "0" / "1" / "2" / "3" / "4" /
"5" / "6" / "7" / "8" / "9"
hex-digit = d / "a" / "b" / "c" / "d" / "e" / "f" /
"A" / "B" / "C" / "D" / "E" / "F"
k = a / d / "-" / ";"
p = a / d / """ / "(" / ")" / "+" / "," /
"-" / "." / "/" / ":" / "?" / " "
letterstring = 1*a
numericstring = 1*d
anhstring = 1*k
keystring = a [ anhstring ]
printablestring = 1*p
Wahl, et. al. Standards Track [Page 3]
space = 1*" "
龙卷风英语
whsp = [ space ]
utf8 = <any quence of octets formed from the UTF-8 [9] transformation of a character from ISO10646 [10]> dstring = 1*utf8
qdstring = whsp "’" dstring "’" whsp
qdstringlist = [ qdstring *( qdstring ) ]
qdstrings = qdstring / ( whsp "(" qdstringlist ")" whsp )
In the following BNF for the string reprentation of OBJECT
IDENTIFIERs, descr is the syntactic reprentation of an object
descriptor, which consists of letters and digits, starting with a
letter. An OBJECT IDENTIFIER in the numericoid format should not
have leading zeroes (e.g. "0.9.3" is permitted but "0.09.3" should
not be generated).
When encoding ’oid’ elements in a value, the descr encoding option
SHOULD be ud in preference to the numericoid. An object descriptor is a more readable alias for a number OBJECT IDENTIFIER, and the
(where assigned and known by the implementation) SHOULD be ud in
preference to numeric oids to the greatest extent possible. Examples of object descriptors in LDAP are attribute type, object class and
matching rule names.
oid = descr / numericoid
descr = keystring
numericoid = numericstring *( "." numericstring )
woid = whsp oid whsp
; t of oids of either form
oids = woid / ( "(" oidlist ")" )
oidlist = woid *( "$" woid )
; object descriptors ud as schema element names
qdescrs = qdescr / ( whsp "(" qdescrlist ")" whsp )
qdescrlist = [ qdescr *( qdescr ) ]
Wahl, et. al. Standards Track [Page 4]
qdescr = whsp "’" descr "’" whsp
4.2. Attribute Types
The attribute types are described by sample values for the subschema
"attributeTypes" attribute, which is written in the
AttributeTypeDescription syntax. While lines have been folded for
readability, the values transferred in protocol would not contain
newlines.
The AttributeTypeDescription is encoded according to the following
BNF, and the productions for oid, qdescrs and qdstring are given in
ction 4.1. Implementors should note that future versions of this
document may have expanded this BNF to include additional terms.
Terms which begin with the characters "X-" are rerved for private
experiments, and MUST be followed by a <qdstrings>.
AttributeTypeDescription = "(" whsp
numericoid whsp ; AttributeType identifier
[ "NAME" qdescrs ] ; name ud in AttributeType好看的二次元图片
[ "DESC" qdstring ] ; description
[ "OBSOLETE" whsp ]
[ "SUP" woid ] ; derived from this other
; AttributeType
[ "EQUALITY" woid ; Matching Rule name
[ "ORDERING" woid ; Matching Rule name
[ "SUBSTR" woid ] ; Matching Rule name
[ "SYNTAX" whsp noidlen whsp ] ; e ction 4.3
[ "SINGLE-VALUE" whsp ] ; default multi-valued
[ "COLLECTIVE" whsp ] ; default not collective
[ "NO-USER-MODIFICATION" whsp ]; default ur modifiable
[ "USAGE" whsp AttributeUsage ]; default urApplications
whsp ")"
AttributeUsage =
"urApplications" /
"directoryOperation" /
"distributedOperation" / ; DSA-shared
"dSAOperation" ; DSA-specific, value depends on rver Servers are not required to provide the same or any text in the
description part of the subschema values they maintain. Servers
SHOULD provide at least one of the "SUP" and "SYNTAX" fields for each AttributeTypeDescription.
Servers MUST implement all the attribute types referenced in ctions 5.1, 5.2 and 5.3.
Wahl, et. al. Standards Track [Page 5]
Servers MAY recognize additional names and attributes not listed in
this document, and if they do so, MUST publish the definitions of the types in the attributeTypes attribute of their subschema entries.
洛克菲勒Schema developers MUST NOT create attribute definitions who names
conflict with attributes defined for u with LDAP in existing
standards-track RFCs.
An AttributeDescription can be ud as the value in a NAME part of an AttributeTypeDescription. Note that the are ca innsitive.
Note that the AttributeTypeDescription does not list the matching
rules which can can be ud with that attribute type in an
extensibleMatch arch filter. This is done using the
渐进眼镜
matchingRuleU attribute described in ction 4.5.
This document refines the schema description of X.501 by requiring
that the syntax field in an AttributeTypeDescription be a string
reprentation of an OBJECT IDENTIFIER for the LDAP string syntax
definition, and an optional indication of the maximum length of a
value of this attribute (defined in ction 4.3.2).
4.3. Syntaxes
This ction defines general requirements for LDAP attribute value
syntax encodings. All documents defining attribute syntax encodings
for u with LDAP are expected to conform to the requirements.
The encoding rules defined for a given attribute syntax must produce octet strings. To the greatest extent possible, encoded octet
strings should be usable in their native encoded form for display
purpos. In particular, encoding rules for attribute syntaxes
defining non-binary values should produce strings that can be
displayed with little or no translation by clients implementing LDAP. There are a few cas (e.g. audio) however, when it is not nsible
to produce a printable reprentation, and clients MUST NOT assume
that an unrecognized syntax is a string reprentation.
In encodings where an arbitrary string, not a Distinguished Name, is ud as part of a larger production, and other than as part of a
Distinguished Name, a backslash quoting mechanism is ud to escape
the following parator symbol character (such as "’", "$" or "#") if it should occur in that string. The backslash is followed by a pair of hexadecimal digits reprenting the next character. A backslash
itlf in the string which forms part of a larger syntax is always
transmitted as ’\5C’ or ’\5c’. An example is given in ction 6.27. Wahl, et. al. Standards Track [Page 6]
