Network Working Group A. Sciberras, Ed.
Request for Comments: 4519 eB2Bcom
Obsoletes: 2256 June 2006
Updates: 2247, 2798, 2377
Category: Standards Track
Network Working Group A. Sciberras, Ed.
Request for Comments: 4519 eB2Bcom
Obsoletes: 2256 June 2006
Updates: 2247, 2798, 2377
Category: Standards Track
Lightweight Directory Access Protocol (LDAP): Schema for User Applications
轻量级目录访问协议(LDAP):用户应用程序的模式
Status of This Memo
关于下段备忘
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2006).
版权所有(C)互联网协会(2006年)。
Abstract
摘要
This document is an integral part of the Lightweight Directory Access Protocol (LDAP) technical specification. It provides a technical specification of attribute types and object classes intended for use by LDAP directory clients for many directory services, such as White Pages. These objects are widely used as a basis for the schema in many LDAP directories. This document does not cover attributes used for the administration of directory servers, nor does it include directory objects defined for specific uses in other documents.
本文档是轻量级目录访问协议(LDAP)技术规范的组成部分。它提供了属性类型和对象类的技术规范,供LDAP目录客户端用于许多目录服务,如白页。在许多LDAP目录中,这些对象被广泛用作模式的基础。本文档不包括用于管理目录服务器的属性,也不包括为其他文档中的特定用途定义的目录对象。
Table of Contents
目录
1. Introduction ....................................................3
1.1. Relationship with Other Specifications .....................3
1.2. Conventions ................................................4
1.3. General Issues .............................................4
2. Attribute Types .................................................4
2.1. 'businessCategory' .........................................5
2.2. 'c' ........................................................5
2.3. 'cn' .......................................................5
2.4. 'dc' .......................................................6
2.5. 'description' ..............................................6
2.6. 'destinationIndicator' .....................................7
2.7. 'distinguishedName' ........................................7
2.8. 'dnQualifier' ..............................................8
2.9. 'enhancedSearchGuide' ......................................8
2.10. 'facsimileTelephoneNumber' ................................9
2.11. 'generationQualifier' .....................................9
2.12. 'givenName' ...............................................9
2.13. 'houseIdentifier' .........................................9
2.14. 'initials' ...............................................10
2.15. 'internationalISDNNumber' ................................10
2.16. 'l' ......................................................10
2.17. 'member' .................................................11
2.18. 'name' ...................................................11
2.19. 'o' ......................................................11
2.20. 'ou' .....................................................12
2.21. 'owner' ..................................................12
2.22. 'physicalDeliveryOfficeName' .............................12
2.23. 'postalAddress' ..........................................13
2.24. 'postalCode' .............................................13
2.25. 'postOfficeBox' ..........................................14
2.26. 'preferredDeliveryMethod' ................................14
2.27. 'registeredAddress' ......................................14
2.28. 'roleOccupant' ...........................................15
2.29. 'searchGuide' ............................................15
2.30. 'seeAlso' ................................................15
2.31. 'serialNumber' ...........................................16
2.32. 'sn' .....................................................16
2.33. 'st' .....................................................16
2.34. 'street' .................................................17
2.35. 'telephoneNumber' ........................................17
2.36. 'teletexTerminalIdentifier' ..............................17
2.37. 'telexNumber' ............................................18
2.38. 'title' ..................................................18
2.39. 'uid' ....................................................18
2.40. 'uniqueMember' ...........................................19
2.41. 'userPassword' ...........................................19
1. Introduction ....................................................3
1.1. Relationship with Other Specifications .....................3
1.2. Conventions ................................................4
1.3. General Issues .............................................4
2. Attribute Types .................................................4
2.1. 'businessCategory' .........................................5
2.2. 'c' ........................................................5
2.3. 'cn' .......................................................5
2.4. 'dc' .......................................................6
2.5. 'description' ..............................................6
2.6. 'destinationIndicator' .....................................7
2.7. 'distinguishedName' ........................................7
2.8. 'dnQualifier' ..............................................8
2.9. 'enhancedSearchGuide' ......................................8
2.10. 'facsimileTelephoneNumber' ................................9
2.11. 'generationQualifier' .....................................9
2.12. 'givenName' ...............................................9
2.13. 'houseIdentifier' .........................................9
2.14. 'initials' ...............................................10
2.15. 'internationalISDNNumber' ................................10
2.16. 'l' ......................................................10
2.17. 'member' .................................................11
2.18. 'name' ...................................................11
2.19. 'o' ......................................................11
2.20. 'ou' .....................................................12
2.21. 'owner' ..................................................12
2.22. 'physicalDeliveryOfficeName' .............................12
2.23. 'postalAddress' ..........................................13
2.24. 'postalCode' .............................................13
2.25. 'postOfficeBox' ..........................................14
2.26. 'preferredDeliveryMethod' ................................14
2.27. 'registeredAddress' ......................................14
2.28. 'roleOccupant' ...........................................15
2.29. 'searchGuide' ............................................15
2.30. 'seeAlso' ................................................15
2.31. 'serialNumber' ...........................................16
2.32. 'sn' .....................................................16
2.33. 'st' .....................................................16
2.34. 'street' .................................................17
2.35. 'telephoneNumber' ........................................17
2.36. 'teletexTerminalIdentifier' ..............................17
2.37. 'telexNumber' ............................................18
2.38. 'title' ..................................................18
2.39. 'uid' ....................................................18
2.40. 'uniqueMember' ...........................................19
2.41. 'userPassword' ...........................................19
2.42. 'x121Address' ............................................20
2.43. 'x500UniqueIdentifier' ...................................20
3. Object Classes .................................................20
3.1. 'applicationProcess' ......................................21
3.2. 'country' .................................................21
3.3. 'dcObject' ................................................21
3.4. 'device' ..................................................21
3.5. 'groupOfNames' ............................................22
3.6. 'groupOfUniqueNames' ......................................22
3.7. 'locality' ................................................23
3.8. 'organization' ............................................23
3.9. 'organizationalPerson' ....................................24
3.10. 'organizationalRole' .....................................24
3.11. 'organizationalUnit' .....................................24
3.12. 'person' .................................................25
3.13. 'residentialPerson' ......................................25
3.14. 'uidObject' ..............................................26
4. IANA Considerations ............................................26
5. Security Considerations ........................................28
6. Acknowledgements ...............................................28
7. References .....................................................29
7.1. Normative References ......................................29
7.2. Informative References ....................................30
Appendix A Changes Made Since RFC 2256 ...........................32
2.42. 'x121Address' ............................................20
2.43. 'x500UniqueIdentifier' ...................................20
3. Object Classes .................................................20
3.1. 'applicationProcess' ......................................21
3.2. 'country' .................................................21
3.3. 'dcObject' ................................................21
3.4. 'device' ..................................................21
3.5. 'groupOfNames' ............................................22
3.6. 'groupOfUniqueNames' ......................................22
3.7. 'locality' ................................................23
3.8. 'organization' ............................................23
3.9. 'organizationalPerson' ....................................24
3.10. 'organizationalRole' .....................................24
3.11. 'organizationalUnit' .....................................24
3.12. 'person' .................................................25
3.13. 'residentialPerson' ......................................25
3.14. 'uidObject' ..............................................26
4. IANA Considerations ............................................26
5. Security Considerations ........................................28
6. Acknowledgements ...............................................28
7. References .....................................................29
7.1. Normative References ......................................29
7.2. Informative References ....................................30
Appendix A Changes Made Since RFC 2256 ...........................32
This document provides an overview of attribute types and object classes intended for use by Lightweight Directory Access Protocol (LDAP) directory clients for many directory services, such as White Pages. Originally specified in the X.500 [X.500] documents, these objects are widely used as a basis for the schema in many LDAP directories. This document does not cover attributes used for the administration of directory servers, nor does it include directory objects defined for specific uses in other documents.
本文档概述了轻量级目录访问协议(LDAP)目录客户端用于许多目录服务(如白页)的属性类型和对象类。这些对象最初是在X.500[X.500]文档中指定的,在许多LDAP目录中广泛用作模式的基础。本文档不包括用于管理目录服务器的属性,也不包括为其他文档中的特定用途定义的目录对象。
This document is an integral part of the LDAP technical specification [RFC4510], which obsoletes the previously defined LDAP technical specification, RFC 3377, in its entirety. In terms of RFC 2256, Sections 6 and 8 of RFC 2256 are obsoleted by [RFC4517]. Sections 5.1, 5.2, 7.1, and 7.2 of RFC 2256 are obsoleted by [RFC4512]. The remainder of RFC 2256 is obsoleted by this document. The technical specification for the 'dc' attribute type and 'dcObject' object class found in RFC 2247 are superseded by sections 2.4 and 3.3 of this document. The remainder of RFC 2247 remains in force.
本文档是LDAP技术规范[RFC4510]不可分割的一部分,该规范完全废除了先前定义的LDAP技术规范RFC 3377。就RFC 2256而言,[RFC4517]废除了RFC 2256第6节和第8节。[RFC4512]废除了RFC 2256第5.1、5.2、7.1和7.2节。RFC 2256的其余部分已被本文件淘汰。RFC 2247中的“dc”属性类型和“dcObject”对象类的技术规范由本文件第2.4节和第3.3节取代。RFC 2247的其余部分仍然有效。
This document updates RFC 2798 by replacing the informative description of the 'uid' attribute type with the definitive description provided in Section 2.39 of this document.
本文件更新了RFC 2798,将“uid”属性类型的信息性描述替换为本文件第2.39节中提供的最终描述。
This document updates RFC 2377 by replacing the informative description of the 'uidObject' object class with the definitive description provided in Section 3.14 of this document.
本文件更新了RFC 2377,将“uidObject”对象类的信息性描述替换为本文件第3.14节中提供的最终描述。
A number of schema elements that were included in the previous revision of the LDAP Technical Specification are not included in this revision of LDAP. PKI-related schema elements are now specified in [RFC4523]. Unless reintroduced in future technical specifications, the remainder are to be considered Historic.
LDAP技术规范先前版本中包含的许多模式元素不包括在本版本的LDAP中。与PKI相关的架构元素现在在[RFC4523]中指定。除非在未来的技术规范中重新引入,否则其余部分将被视为历史性的。
The descriptions in this document SHALL be considered definitive for use in LDAP.
本文件中的说明应视为LDAP中使用的最终说明。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中所述进行解释。
This document references Syntaxes defined in Section 3 of [RFC4517] and Matching Rules defined in Section 4 of [RFC4517].
本文档引用了[RFC4517]第3节中定义的语法和[RFC4517]第4节中定义的匹配规则。
The definitions of Attribute Types and Object Classes are written using the Augmented Backus-Naur Form (ABNF) [RFC4234] of AttributeTypeDescription and ObjectClassDescription given in [RFC4512]. Lines have been folded for readability. When such values are transferred as attribute values in the LDAP Protocol, the values will not contain line breaks.
属性类型和对象类的定义是使用[RFC4512]中给出的AttributeTypeDescription和ObjectClassDescription的扩展的Backus Naur表单(ABNF)[RFC4234]编写的。为便于阅读,行已折叠。当这些值在LDAP协议中作为属性值传输时,这些值将不包含换行符。
The attribute types contained in this section hold user information.
本节中包含的属性类型保存用户信息。
There is no requirement that servers implement the 'searchGuide' and 'teletexTerminalIdentifier' attribute types. In fact, their use is greatly discouraged.
不要求服务器实现“searchGuide”和“Teletexterminalidentier”属性类型。事实上,他们的使用是非常不鼓励的。
An LDAP server implementation SHOULD recognize the rest of the attribute types described in this section.
LDAP服务器实现应该识别本节中描述的其余属性类型。
The 'businessCategory' attribute type describes the kinds of business performed by an organization. Each kind is one value of this multi-valued attribute. (Source: X.520 [X.520])
“businessCategory”属性类型描述组织执行的业务类型。每种类型都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.15 NAME 'businessCategory' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
(2.5.4.15名称'businessCategory'相等caseIgnoreMatch SUBSTR caseIgnoreMatch语法1.3.6.1.4.1.1466.115.121.1.15)
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.15参考目录字符串语法[RFC4517]。
Examples: "banking", "transportation", and "real estate".
例如:“银行”、“交通”和“房地产”。
The 'c' ('countryName' in X.500) attribute type contains a two-letter ISO 3166 [ISO3166] country code. (Source: X.520 [X.520])
“c”(“X.500”中的“countryName”)属性类型包含两个字母的ISO 3166[ISO3166]国家代码。(来源:X.520[X.520])
( 2.5.4.6 NAME 'c' SUP name SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 SINGLE-VALUE )
(2.5.4.6名称“c”辅助名称语法1.3.6.1.4.1.1466.115.121.1.11单值)
1.3.6.1.4.1.1466.115.121.1.11 refers to the Country String syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.11参考国家/地区字符串语法[RFC4517]。
Examples: "DE", "AU" and "FR".
例如:“DE”、“AU”和“FR”。
The 'cn' ('commonName' in X.500) attribute type contains names of an object. Each name is one value of this multi-valued attribute. If the object corresponds to a person, it is typically the person's full name. (Source: X.520 [X.520])
“cn”(“commonName”在X.500中)属性类型包含对象的名称。每个名称都是此多值属性的一个值。如果对象对应于一个人,则通常是该人的全名。(来源:X.520[X.520])
( 2.5.4.3 NAME 'cn' SUP name )
(2.5.4.3名称“cn”SUP名称)
Examples: "Martin K Smith", "Marty Smith" and "printer12".
示例:“Martin K Smith”、“Marty Smith”和“printer12”。
The 'dc' ('domainComponent' in RFC 1274) attribute type is a string holding one component, a label, of a DNS domain name [RFC1034][RFC2181] naming a host [RFC1123]. That is, a value of this attribute is a string of ASCII characters adhering to the following ABNF [RFC4234]:
“dc”(RFC 1274中的“domainComponent”)属性类型是一个字符串,其中包含一个DNS域名[RFC1034][RFC2181]的组件,即一个标签,用于命名主机[RFC1123]。也就是说,此属性的值是符合以下ABNF[RFC4234]的ASCII字符字符串:
label = (ALPHA / DIGIT) [*61(ALPHA / DIGIT / HYPHEN) (ALPHA / DIGIT)]
ALPHA = %x41-5A / %x61-7A ; "A"-"Z" / "a"-"z"
DIGIT = %x30-39 ; "0"-"9"
HYPHEN = %x2D ; hyphen ("-")
label = (ALPHA / DIGIT) [*61(ALPHA / DIGIT / HYPHEN) (ALPHA / DIGIT)]
ALPHA = %x41-5A / %x61-7A ; "A"-"Z" / "a"-"z"
DIGIT = %x30-39 ; "0"-"9"
HYPHEN = %x2D ; hyphen ("-")
The encoding of IA5String for use in LDAP is simply the characters of the ASCII label. The equality matching rule is case insensitive, as is today's DNS. (Source: RFC 2247 [RFC2247] and RFC 1274 [RFC 1274])
LDAP中使用的IA5String的编码只是ASCII标签的字符。与今天的DNS一样,相等匹配规则不区分大小写。(来源:RFC 2247[RFC2247]和RFC 1274[RFC 1274])
( 0.9.2342.19200300.100.1.25 NAME 'dc' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
(0.9.2342.19200300.100.1.25名称“dc”相等caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch语法1.3.6.1.4.1.1466.115.121.1.26单值)
1.3.6.1.4.1.1466.115.121.1.26 refers to the IA5 String syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.26参考IA5字符串语法[RFC4517]。
Examples: Valid values include "example" and "com" but not "example.com". The latter is invalid as it contains multiple domain components.
示例:有效值包括“example”和“com”,但不包括“example.com”。后者无效,因为它包含多个域组件。
It is noted that the directory service will not ensure that values of this attribute conform to the host label restrictions [RFC1123] illustrated by the <label> production provided above. It is the directory client's responsibility to ensure that the labels it stores in this attribute are appropriately restricted.
需要注意的是,目录服务不会确保该属性的值符合上面提供的<label>产品所示的主机标签限制[RFC1123]。目录客户端负责确保其存储在此属性中的标签受到适当限制。
Directory applications supporting International Domain Names SHALL use the ToASCII method [RFC3490] to produce the domain component label. The special considerations discussed in Section 4 of RFC 3490 [RFC3490] should be taken, depending on whether the domain component is used for "stored" or "query" purposes.
支持国际域名的目录应用程序应使用ToASCII方法[RFC3490]生成域组件标签。应考虑RFC 3490[RFC3490]第4节中讨论的特殊注意事项,这取决于域组件是用于“存储”还是“查询”目的。
The 'description' attribute type contains human-readable descriptive phrases about the object. Each description is one value of this multi-valued attribute. (Source: X.520 [X.520])
“description”属性类型包含有关对象的人类可读的描述性短语。每个描述都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.13 NAME 'description' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
(2.5.4.13名称“说明”相等caseIgnoreMatch子字符串caseIgnoreMatch语法1.3.6.1.4.1.1466.115.121.1.15)
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.15参考目录字符串语法[RFC4517]。
Examples: "a color printer", "Maintenance is done every Monday, at 1pm.", and "distribution list for all technical staff".
例如:“彩色打印机”、“每周一下午1点进行维护”和“所有技术人员的分发清单”。
The 'destinationIndicator' attribute type contains country and city strings associated with the object (the addressee) needed to provide the Public Telegram Service. The strings are composed in accordance with CCITT Recommendations F.1 [F.1] and F.31 [F.31]. Each string is one value of this multi-valued attribute. (Source: X.520 [X.520])
“destinationIndicator”属性类型包含与提供公共电报服务所需的对象(收件人)关联的国家和城市字符串。字符串按照CCITT建议F.1[F.1]和F.31[F.31]组成。每个字符串都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.27 NAME 'destinationIndicator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
(2.5.4.27名称'destinationIndicator'相等caseIgnoreMatch SUBSTR caseIgnoreMatch语法1.3.6.1.4.1.1466.115.121.1.44)
1.3.6.1.4.1.1466.115.121.1.44 refers to the Printable String syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.44参考可打印字符串语法[RFC4517]。
Examples: "AASD" as a destination indicator for Sydney, Australia. "GBLD" as a destination indicator for London, United Kingdom.
示例:“AASD”作为澳大利亚悉尼的目的地指标。“GBLD”作为英国伦敦的目的地指标。
It is noted that the directory will not ensure that values of this attribute conform to the F.1 and F.31 CCITT Recommendations. It is the application's responsibility to ensure destination indicators that it stores in this attribute are appropriately constructed.
需要注意的是,该目录不会确保该属性的值符合F.1和F.31 CCITT建议。应用程序负责确保其存储在该属性中的目标指示器得到适当构造。
The 'distinguishedName' attribute type is not used as the name of the object itself, but it is instead a base type from which some user attribute types with a DN syntax can inherit.
“DifferentizedName”属性类型不用作对象本身的名称,而是一种基本类型,具有DN语法的某些用户属性类型可以从中继承。
It is unlikely that values of this type itself will occur in an entry. LDAP server implementations that do not support attribute subtyping need not recognize this attribute in requests. Client implementations MUST NOT assume that LDAP servers are capable of performing attribute subtyping.
这种类型的值本身不太可能出现在条目中。不支持属性子类型的LDAP服务器实现不需要在请求中识别此属性。客户端实现不能假定LDAP服务器能够执行属性子类型。
(Source: X.520 [X.520])
(来源:X.520[X.520])
( 2.5.4.49 NAME 'distinguishedName' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
(2.5.4.49名称“DifferentiedName”相等DifferentiedNameMatch语法1.3.6.1.4.1.1466.115.121.1.12)
1.3.6.1.4.1.1466.115.121.1.12 refers to the DN syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.12参考DN语法[RFC4517]。
The 'dnQualifier' attribute type contains disambiguating information strings to add to the relative distinguished name of an entry. The information is intended for use when merging data from multiple sources in order to prevent conflicts between entries that would otherwise have the same name. Each string is one value of this multi-valued attribute. It is recommended that a value of the 'dnQualifier' attribute be the same for all entries from a particular source. (Source: X.520 [X.520])
“dnQualifier”属性类型包含要添加到条目的相对可分辨名称的消歧信息字符串。该信息用于合并来自多个源的数据时,以防止具有相同名称的条目之间发生冲突。每个字符串都是此多值属性的一个值。建议来自特定源的所有条目的“dnQualifier”属性值相同。(来源:X.520[X.520])
( 2.5.4.46 NAME 'dnQualifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
(2.5.4.46名称“dnQualifier”相等caseIgnoreMatch排序caseIgnoreOrderingMatch子字符串caseIgnoreSubstringsMatch语法1.3.6.1.4.1.1466.115.121.1.44)
1.3.6.1.4.1.1466.115.121.1.44 refers to the Printable String syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.44参考可打印字符串语法[RFC4517]。
Examples: "20050322123345Z" - timestamps can be used to disambiguate information. "123456A" - serial numbers can be used to disambiguate information.
示例:“2005032212345Z”-时间戳可用于消除信息歧义。“123456A”-序列号可用于消除信息歧义。
The 'enhancedSearchGuide' attribute type contains sets of information for use by directory clients in constructing search filters. Each set is one value of this multi-valued attribute. (Source: X.520 [X.520])
“enhancedSearchGuide”属性类型包含目录客户端在构造搜索筛选器时使用的信息集。每个集合都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.47 NAME 'enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
(2.5.4.47名称“enhancedSearchGuide”语法1.3.6.1.4.1.1466.115.121.1.21)
1.3.6.1.4.1.1466.115.121.1.21 refers to the Enhanced Guide syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.21参考增强指南语法[RFC4517]。
Examples: "person#(sn$APPROX)#wholeSubtree" and "organizationalUnit#(ou$SUBSTR)#oneLevel".
例如:“个人(sn$近似)#整体子目录”和“组织单元(ou$子目录)#一级”。
The 'facsimileTelephoneNumber' attribute type contains telephone numbers (and, optionally, the parameters) for facsimile terminals. Each telephone number is one value of this multi-valued attribute. (Source: X.520 [X.520])
“facsimileTelephoneNumber”属性类型包含传真终端的电话号码(以及可选的参数)。每个电话号码都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.23 NAME 'facsimileTelephoneNumber' SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
(2.5.4.23名称“facsimileTelephoneNumber”语法1.3.6.1.4.1.1466.115.121.1.22)
1.3.6.1.4.1.1466.115.121.1.22 refers to the Facsimile Telephone Number syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.22参考传真电话号码语法[RFC4517]。
Examples: "+61 3 9896 7801" and "+81 3 347 7418$fineResolution".
例如:“+61 3 9896 7801”和“+81 3 347 7418$FineeResolution”。
The 'generationQualifier' attribute type contains name strings that are typically the suffix part of a person's name. Each string is one value of this multi-valued attribute. (Source: X.520 [X.520])
“generationQualifier”属性类型包含名称字符串,这些字符串通常是人名的后缀部分。每个字符串都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.44 NAME 'generationQualifier' SUP name )
(2.5.4.44名称“generationQualifier”辅助名称)
Examples: "III", "3rd", and "Jr.".
例如:“三级”、“三级”和“小级”。
The 'givenName' attribute type contains name strings that are the part of a person's name that is not their surname. Each string is one value of this multi-valued attribute. (Source: X.520 [X.520])
“givenName”属性类型包含姓名字符串,这些字符串是人名的一部分,而不是其姓氏。每个字符串都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.42 NAME 'givenName' SUP name )
(2.5.4.42名称“givenName”辅助名称)
Examples: "Andrew", "Charles", and "Joanne".
例如:“安德鲁”、“查尔斯”和“乔安妮”。
The 'houseIdentifier' attribute type contains identifiers for a building within a location. Each identifier is one value of this multi-valued attribute. (Source: X.520 [X.520])
“houseIdentifier”属性类型包含位置内建筑的标识符。每个标识符都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.51 NAME 'houseIdentifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
(2.5.4.51名称'houseIdentifier'相等caseIgnoreMatch SUBSTR caseIgnoreMatch语法1.3.6.1.4.1.1466.115.121.1.15)
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.15参考目录字符串语法[RFC4517]。
Example: "20" to represent the house number 20.
示例:“20”表示20号房屋。
The 'initials' attribute type contains strings of initials of some or all of an individual's names, except the surname(s). Each string is one value of this multi-valued attribute. (Source: X.520 [X.520])
“initials”属性类型包含除姓氏外的个人部分或全部姓名的首字母字符串。每个字符串都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.43 NAME 'initials' SUP name )
(2.5.4.43名称“缩写”SUP名称)
Examples: "K. A." and "K".
例如:“K.A.”和“K”。
The 'internationalISDNNumber' attribute type contains Integrated Services Digital Network (ISDN) addresses, as defined in the International Telecommunication Union (ITU) Recommendation E.164 [E.164]. Each address is one value of this multi-valued attribute. (Source: X.520 [X.520])
“internationalISDNNumber”属性类型包含国际电信联盟(ITU)建议E.164[E.164]中定义的综合业务数字网(ISDN)地址。每个地址都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.25 NAME 'internationalISDNNumber' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )
(2.5.4.25名称“internationalISDNNumber”相等数字字符串匹配SUBSTR数字字符串SUBSTRINGSMATCH语法1.3.6.1.4.1.1466.115.121.1.36)
1.3.6.1.4.1.1466.115.121.1.36 refers to the Numeric String syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.36指数字字符串语法[RFC4517]。
Example: "0198 333 333".
例如:“0198 333 333”。
The 'l' ('localityName' in X.500) attribute type contains names of a locality or place, such as a city, county, or other geographic region. Each name is one value of this multi-valued attribute. (Source: X.520 [X.520])
“l”(X.500中的“LocationName”)属性类型包含一个地区或地方的名称,例如城市、县或其他地理区域。每个名称都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.7 NAME 'l' SUP name )
(2.5.4.7名称“l”辅助名称)
Examples: "Geneva", "Paris", and "Edinburgh".
例如:“日内瓦”、“巴黎”和“爱丁堡”。
The 'member' attribute type contains the distinguished names of objects that are on a list or in a group. Each name is one value of this multi-valued attribute. (Source: X.520 [X.520])
“成员”属性类型包含列表或组中对象的可分辨名称。每个名称都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.31 NAME 'member' SUP distinguishedName )
(2.5.4.31名称“成员”辅助识别名称)
Examples: "cn=James Clarke,ou=Finance,o=Widget\, Inc." and "cn=John Xerri,ou=Finance,o=Widget\, Inc." may be two members of the financial team (group) at Widget, Inc., in which case, both of these distinguished names would be present as individual values of the member attribute.
示例:“cn=James Clarke,ou=Finance,o=Widget\,Inc.”和“cn=John Xerri,ou=Finance,o=Widget\,Inc.”可能是Widget,Inc.财务团队(组)的两名成员,在这种情况下,这两个可分辨名称将作为成员属性的单个值出现。
The 'name' attribute type is the attribute supertype from which user attribute types with the name syntax inherit. Such attribute types are typically used for naming. The attribute type is multi-valued.
“名称”属性类型是具有名称语法的用户属性类型从中继承的属性超类型。此类属性类型通常用于命名。属性类型是多值的。
It is unlikely that values of this type itself will occur in an entry. LDAP server implementations that do not support attribute subtyping need not recognize this attribute in requests. Client implementations MUST NOT assume that LDAP servers are capable of performing attribute subtyping. (Source: X.520 [X.520])
这种类型的值本身不太可能出现在条目中。不支持属性子类型的LDAP服务器实现不需要在请求中识别此属性。客户端实现不能假定LDAP服务器能够执行属性子类型。(来源:X.520[X.520])
( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
(2.5.4.41名称“名称”相等caseIgnoreMatch SUBSTR caseignoresubstrings匹配语法1.3.6.1.4.1.1466.115.121.1.15)
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.15参考目录字符串语法[RFC4517]。
The 'o' ('organizationName' in X.500) attribute type contains the names of an organization. Each name is one value of this multi-valued attribute.
“o”(“X.500中的“organizationName”)属性类型包含组织的名称。每个名称都是此多值属性的一个值。
(Source: X.520 [X.520])
(来源:X.520[X.520])
( 2.5.4.10 NAME 'o' SUP name )
(2.5.4.10名称“o”SUP名称)
Examples: "Widget", "Widget, Inc.", and "Widget, Incorporated.".
示例:“Widget”、“Widget,Inc.”和“Widget,Incorporated.”。
The 'ou' ('organizationalUnitName' in X.500) attribute type contains the names of an organizational unit. Each name is one value of this multi-valued attribute. (Source: X.520 [X.520])
“ou”(X.500中的“organizationalUnitName”)属性类型包含组织单位的名称。每个名称都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.11 NAME 'ou' SUP name )
(2.5.4.11名称“ou”SUP名称)
Examples: "Finance", "Human Resources", and "Research and Development".
例如:“金融”、“人力资源”和“研究与开发”。
The 'owner' attribute type contains the distinguished names of objects that have an ownership responsibility for the object that is owned. Each owner's name is one value of this multi-valued attribute. (Source: X.520 [X.520])
“owner”属性类型包含对所拥有的对象负有所有权责任的对象的可分辨名称。每个所有者的名称都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.32 NAME 'owner' SUP distinguishedName )
(2.5.4.32名称“业主”辅助识别名称)
Example: The mailing list object, whose DN is "cn=All Employees, ou=Mailing List,o=Widget\, Inc.", is owned by the Human Resources Director.
示例:邮件列表对象的DN为“cn=All Employees,ou=Mail list,o=Widget\,Inc.”,由人力资源总监拥有。
Therefore, the value of the 'owner' attribute within the mailing list object, would be the DN of the director (role): "cn=Human Resources Director,ou=employee,o=Widget\, Inc.".
因此,邮件列表对象中“owner”属性的值将是主管(角色)的DN:“cn=人力资源主管,ou=员工,o=Widget\,Inc.”。
The 'physicalDeliveryOfficeName' attribute type contains names that a Postal Service uses to identify a post office. (Source: X.520 [X.520])
“physicalDeliveryOfficeName”属性类型包含邮政服务用于标识邮局的名称。(来源:X.520[X.520])
( 2.5.4.19 NAME 'physicalDeliveryOfficeName' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
(2.5.4.19名称'physicalDeliveryOfficeName'相等caseIgnoreMatch SUBSTR caseIgnoreMatch语法1.3.6.1.4.1.1466.115.121.1.15)
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.15参考目录字符串语法[RFC4517]。
Examples: "Bremerhaven, Main" and "Bremerhaven, Bonnstrasse".
示例:“布雷默黑文,缅因州”和“布雷默黑文,邦斯特劳斯州”。
The 'postalAddress' attribute type contains addresses used by a Postal Service to perform services for the object. Each address is one value of this multi-valued attribute. (Source: X.520 [X.520])
“postalAddress”属性类型包含邮政服务用于为对象执行服务的地址。每个地址都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.16 NAME 'postalAddress' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
(2.5.4.16名称“PostLaddress”相等caseIgnoreListMatch子字符串caseIgnoreListSubstringsMatch语法1.3.6.1.4.1.1466.115.121.1.41)
1.3.6.1.4.1.1466.115.121.1.41 refers to the Postal Address syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.41参考邮政地址语法[RFC4517]。
Example: "15 Main St.$Ottawa$Canada".
示例:“15个主要圣彼得堡$渥太华$加拿大”。
The 'postalCode' attribute type contains codes used by a Postal Service to identify postal service zones. Each code is one value of this multi-valued attribute. (Source: X.520 [X.520])
“postalCode”属性类型包含邮政服务用于标识邮政服务区域的代码。每个代码都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.17 NAME 'postalCode' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
(2.5.4.17名称'postalCode'相等caseIgnoreMatch SUBSTR caseIgnoreMatch语法1.3.6.1.4.1.1466.115.121.1.15)
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.15参考目录字符串语法[RFC4517]。
Example: "22180", to identify Vienna, VA, in the USA.
示例:“22180”,用于识别美国弗吉尼亚州维也纳。
The 'postOfficeBox' attribute type contains postal box identifiers that a Postal Service uses when a customer arranges to receive mail at a box on the premises of the Postal Service. Each postal box identifier is a single value of this multi-valued attribute. (Source: X.520 [X.520])
“postOfficeBox”属性类型包含邮政服务在客户安排在邮政服务场所的邮箱接收邮件时使用的邮箱标识符。每个邮政信箱标识符都是此多值属性的单个值。(来源:X.520[X.520])
( 2.5.4.18 NAME 'postOfficeBox' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
(2.5.4.18名称'postOfficeBox'相等caseIgnoreMatch SUBSTR caseIgnoreMatch语法1.3.6.1.4.1.1466.115.121.1.15)
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.15参考目录字符串语法[RFC4517]。
Example: "Box 45".
示例:“方框45”。
The 'preferredDeliveryMethod' attribute type contains an indication of the preferred method of getting a message to the object. (Source: X.520 [X.520])
“preferredDeliveryMethod”属性类型包含获取对象消息的首选方法的指示。(来源:X.520[X.520])
( 2.5.4.28 NAME 'preferredDeliveryMethod' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SINGLE-VALUE )
(2.5.4.28名称“preferredDeliveryMethod”语法1.3.6.1.4.1.1466.115.121.1.14单值)
1.3.6.1.4.1.1466.115.121.1.14 refers to the Delivery Method syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.14参考交付方法语法[RFC4517]。
Example: If the mhs-delivery Delivery Method is preferred over telephone-delivery, which is preferred over all other methods, the value would be: "mhs $ telephone".
示例:如果mhs交付方式优于电话交付方式,而电话交付方式优于所有其他方式,则该值将为:“mhs$电话”。
The 'registeredAddress' attribute type contains postal addresses suitable for reception of telegrams or expedited documents, where it is necessary to have the recipient accept delivery. Each address is one value of this multi-valued attribute. (Source: X.520 [X.520])
“registeredAddress”属性类型包含适用于接收电报或加急文件的邮政地址,其中必须让收件人接收邮件。每个地址都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.26 NAME 'registeredAddress' SUP postalAddress SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
(2.5.4.26名称“registeredAddress”辅助邮资语法1.3.6.1.4.1.1466.115.121.1.41)
1.3.6.1.4.1.1466.115.121.1.41 refers to the Postal Address syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.41参考邮政地址语法[RFC4517]。
Example: "Receptionist$Widget, Inc.$15 Main St.$Ottawa$Canada".
示例:“接待员$Widget,Inc.$15 Main St.$渥太华$Canada”。
The 'roleOccupant' attribute type contains the distinguished names of objects (normally people) that fulfill the responsibilities of a role object. Each distinguished name is one value of this multi-valued attribute. (Source: X.520 [X.520])
“roleOccupant”属性类型包含履行角色对象职责的对象(通常是人)的可分辨名称。每个可分辨名称都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.33 NAME 'roleOccupant' SUP distinguishedName )
(2.5.4.33名称“角色扮演者”辅助识别名称)
Example: The role object, "cn=Human Resources Director,ou=Position,o=Widget\, Inc.", is fulfilled by two people whose object names are "cn=Mary Smith,ou=employee,o=Widget\, Inc." and "cn=James Brown,ou=employee,o=Widget\, Inc.". The 'roleOccupant' attribute will contain both of these distinguished names, since they are the occupants of this role.
示例:角色对象“cn=HumanResourcesDirector,ou=Position,o=Widget\,Inc.”由两个人完成,他们的对象名是“cn=Mary Smith,ou=employee,o=Widget\,Inc.”和“cn=James Brown,ou=employee,o=Widget\,Inc.”。“roleOccupant”属性将包含这两个可分辨名称,因为它们是此角色的使用者。
The 'searchGuide' attribute type contains sets of information for use by clients in constructing search filters. It is superseded by 'enhancedSearchGuide', described above in Section 2.9. Each set is one value of this multi-valued attribute. (Source: X.520 [X.520])
“searchGuide”属性类型包含供客户端在构造搜索筛选器时使用的信息集。它被上文第2.9节所述的“enhancedSearchGuide”取代。每个集合都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.14 NAME 'searchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
(2.5.4.14名称“searchGuide”语法1.3.6.1.4.1.1466.115.121.1.25)
1.3.6.1.4.1.1466.115.121.1.25 refers to the Guide syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.25参考指南语法[RFC4517]。
Example: "person#sn$EQ".
示例:“个人#sn$EQ”。
The 'seeAlso' attribute type contains the distinguished names of objects that are related to the subject object. Each related object name is one value of this multi-valued attribute. (Source: X.520 [X.520])
“seeAllow”属性类型包含与主题对象相关的对象的可分辨名称。每个相关对象名称都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.34 NAME 'seeAlso' SUP distinguishedName )
(2.5.4.34名称“另见”辅助区分名称)
Example: The person object "cn=James Brown,ou=employee,o=Widget\, Inc." is related to the role objects "cn=Football Team Captain,ou=sponsored activities,o=Widget\, Inc." and "cn=Chess Team,ou=sponsored activities,o=Widget\, Inc.". Since the role objects are related to the person object, the 'seeAlso' attribute will contain the distinguished name of each role object as separate values.
示例:person对象“cn=James Brown,ou=employee,o=Widget\,Inc.”与角色对象“cn=Football Team Captain,ou=consorted activities,o=Widget\,Inc.”和“cn=Chess Team,ou=consorted activities,o=Widget\,Inc.”相关。由于角色对象与person对象相关,“seeAllow”属性将包含每个角色对象的可分辨名称作为单独的值。
The 'serialNumber' attribute type contains the serial numbers of devices. Each serial number is one value of this multi-valued attribute. (Source: X.520 [X.520])
“serialNumber”属性类型包含设备的序列号。每个序列号都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.5 NAME 'serialNumber' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
(2.5.4.5名称'serialNumber'相等caseIgnoreMatch SUBSTR CaseIgnoreSubStrings匹配语法1.3.6.1.4.1.1466.115.121.1.44)
1.3.6.1.4.1.1466.115.121.1.44 refers to the Printable String syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.44参考可打印字符串语法[RFC4517]。
Examples: "WI-3005" and "XF551426".
示例:“WI-3005”和“XF551426”。
The 'sn' ('surname' in X.500) attribute type contains name strings for the family names of a person. Each string is one value of this multi-valued attribute. (Source: X.520 [X.520])
“sn”(“X.500”中的“姓氏”)属性类型包含个人姓氏的名称字符串。每个字符串都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.4 NAME 'sn' SUP name )
(2.5.4.4名称“序列号”辅助名称)
Example: "Smith".
例如:“史密斯”。
The 'st' ('stateOrProvinceName' in X.500) attribute type contains the full names of states or provinces. Each name is one value of this multi-valued attribute. (Source: X.520 [X.520])
“st”(X.500中的“stateOrProvinceName”)属性类型包含州或省的全名。每个名称都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.8 NAME 'st' SUP name )
(2.5.4.8名称“st”SUP名称)
Example: "California".
例如:“加利福尼亚”。
The 'street' ('streetAddress' in X.500) attribute type contains site information from a postal address (i.e., the street name, place, avenue, and the house number). Each street is one value of this multi-valued attribute. (Source: X.520 [X.520])
“street”(X.500中的“streetAddress”)属性类型包含来自邮政地址(即街道名称、地点、大道和门牌号)的站点信息。每条街道都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.9 NAME 'street' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
(2.5.4.9名称“街道”相等caseIgnoreMatch SUBSTR caseignoresubstrings匹配语法1.3.6.1.4.1.1466.115.121.1.15)
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.15参考目录字符串语法[RFC4517]。
Example: "15 Main St.".
例如:“主大街15号”。
The 'telephoneNumber' attribute type contains telephone numbers that comply with the ITU Recommendation E.123 [E.123]. Each number is one value of this multi-valued attribute. (Source: X.520 [X.520])
“电话号码”属性类型包含符合ITU建议E.123[E.123]的电话号码。每个数字都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.20 NAME 'telephoneNumber' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
(2.5.4.20名称“电话号码”相等电话号码Match SUBSTR电话号码SubstringsMatch语法1.3.6.1.4.1.1466.115.121.1.50)
1.3.6.1.4.1.1466.115.121.1.50 refers to the Telephone Number syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.50参考电话号码语法[RFC4517]。
Example: "+1 234 567 8901".
例如:“+12345678901”。
The withdrawal of Recommendation F.200 has resulted in the withdrawal of this attribute. (Source: X.520 [X.520])
撤回建议F.200导致撤回这一属性。(来源:X.520[X.520])
( 2.5.4.22 NAME 'teletexTerminalIdentifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
(2.5.4.22名称“Teletexterminalidentier”语法1.3.6.1.4.1.1466.115.121.1.51)
1.3.6.1.4.1.1466.115.121.1.51 refers to the Teletex Terminal Identifier syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.51是指电传终端标识符语法[RFC4517]。
The 'telexNumber' attribute type contains sets of strings that are a telex number, country code, and answerback code of a telex terminal. Each set is one value of this multi-valued attribute. (Source: X.520 [X.520])
“电传号码”属性类型包含一组字符串,这些字符串是电传终端的电传号码、国家代码和应答代码。每个集合都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.21 NAME 'telexNumber' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
(2.5.4.21名称“电传号码”语法1.3.6.1.4.1.1466.115.121.1.52)
1.3.6.1.4.1.1466.115.121.1.52 refers to the Telex Number syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.52是指电传号码语法[RFC4517]。
Example: "12345$023$ABCDE".
示例:“12345$023$ABCDE”。
The 'title' attribute type contains the title of a person in their organizational context. Each title is one value of this multi-valued attribute. (Source: X.520 [X.520])
“title”属性类型包含组织上下文中人员的头衔。每个标题都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.12 NAME 'title' SUP name ) Examples: "Vice President", "Software Engineer", and "CEO".
(2.5.4.12名称‘title’SUP NAME)示例:“副总裁”、“软件工程师”和“首席执行官”。
The 'uid' ('userid' in RFC 1274) attribute type contains computer system login names associated with the object. Each name is one value of this multi-valued attribute. (Source: RFC 2798 [RFC2798] and RFC 1274 [RFC1274])
“uid”(RFC 1274中的“userid”)属性类型包含与对象关联的计算机系统登录名。每个名称都是此多值属性的一个值。(来源:RFC 2798[RFC2798]和RFC 1274[RFC1274])
( 0.9.2342.19200300.100.1.1 NAME 'uid' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
(0.9.2342.19200300.100.1.1名称“uid”相等caseIgnoreMatch SUBSTR caseIgnoreMatch语法1.3.6.1.4.1.1466.115.121.1.15)
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.15参考目录字符串语法[RFC4517]。
Examples: "s9709015", "admin", and "Administrator".
示例:“s9709015”、“管理员”和“管理员”。
The 'uniqueMember' attribute type contains the distinguished names of an object that is on a list or in a group, where the relative distinguished names of the object include a value that distinguishes between objects when a distinguished name has been reused. Each distinguished name is one value of this multi-valued attribute. (Source: X.520 [X.520])
“uniqueMember”属性类型包含列表或组中对象的可分辨名称,其中对象的相对可分辨名称包括一个值,该值在可分辨名称被重用时可区分对象。每个可分辨名称都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.50 NAME 'uniqueMember' EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
(2.5.4.50名称“uniqueMember”相等uniqueMemberMatch语法1.3.6.1.4.1.1466.115.121.1.34)
1.3.6.1.4.1.1466.115.121.1.34 refers to the Name and Optional UID syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.34是指名称和可选UID语法[RFC4517]。
Example: If "ou=1st Battalion,o=Defense,c=US" is a battalion that was disbanded, establishing a new battalion with the "same" name would have a unique identifier value added, resulting in "ou=1st Battalion, o=Defense,c=US#'010101'B".
示例:如果“ou=1营,o=Defense,c=US”是一个解散的营,则使用“相同”名称建立一个新营将添加一个唯一标识符值,结果是“ou=1营,o=Defense,c=US#'010101'B”。
The 'userPassword' attribute contains octet strings that are known only to the user and the system to which the user has access. Each string is one value of this multi-valued attribute.
“userPassword”属性包含仅用户和用户有权访问的系统知道的八位字节字符串。每个字符串都是此多值属性的一个值。
The application SHOULD prepare textual strings used as passwords by transcoding them to Unicode, applying SASLprep [RFC4013], and encoding as UTF-8. The determination of whether a password is textual is a local client matter. (Source: X.509 [X.509])
应用程序应该通过将文本字符串转换为Unicode、应用SASLprep[RFC4013]并编码为UTF-8来准备用作密码的文本字符串。确定密码是否为文本密码是本地客户端的问题。(来源:X.509[X.509])
( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
(2.5.4.35名称“userPassword”相等八位字符串匹配语法1.3.6.1.4.1.1466.115.121.1.40)
1.3.6.1.4.1.1466.115.121.1.40 refers to the Octet String syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.40指八位字节字符串语法[RFC4517]。
Passwords are stored using an Octet String syntax and are not encrypted. Transfer of cleartext passwords is strongly discouraged where the underlying transport service cannot guarantee confidentiality and may result in disclosure of the password to unauthorized parties.
密码使用八位字节字符串语法存储,不加密。如果基础传输服务不能保证机密性,并且可能导致密码泄露给未经授权的方,则强烈反对传输明文密码。
An example of a need for multiple values in the 'userPassword' attribute is an environment where every month the user is expected to
“userPassword”属性中需要多个值的一个例子是,用户每月都需要
use a different password generated by some automated system. During transitional periods, like the last and first day of the periods, it may be necessary to allow two passwords for the two consecutive periods to be valid in the system.
使用一些自动系统生成的不同密码。在过渡期间,如期间的最后一天和第一天,可能需要允许两个连续期间的两个密码在系统中有效。
The 'x121Address' attribute type contains data network addresses as defined by ITU Recommendation X.121 [X.121]. Each address is one value of this multi-valued attribute. (Source: X.520 [X.520])
“x121Address”属性类型包含ITU建议X.121[X.121]定义的数据网络地址。每个地址都是此多值属性的一个值。(来源:X.520[X.520])
( 2.5.4.24 NAME 'x121Address' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )
(2.5.4.24名称“x121Address”相等数字字符串匹配SUBSTR数字字符串SUBSTRINGSMATCH语法1.3.6.1.4.1.1466.115.121.1.36)
1.3.6.1.4.1.1466.115.121.1.36 refers to the Numeric String syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.36指数字字符串语法[RFC4517]。
Example: "36111222333444555".
例如:“361112223344555”。
The 'x500UniqueIdentifier' attribute type contains binary strings that are used to distinguish between objects when a distinguished name has been reused. Each string is one value of this multi-valued attribute.
“x500UniqueIdentifier”属性类型包含二进制字符串,用于在重用可分辨名称时区分对象。每个字符串都是此多值属性的一个值。
In X.520 [X.520], this attribute type is called 'uniqueIdentifier'. This is a different attribute type from both the 'uid' and 'uniqueIdentifier' LDAP attribute types. The 'uniqueIdentifier' attribute type is defined in [RFC4524]. (Source: X.520 [X.520])
在X.520[X.520]中,此属性类型称为“唯一标识符”。这是与“uid”和“uniqueIdentifier”LDAP属性类型不同的属性类型。[RFC4524]中定义了“uniqueIdentifier”属性类型。(来源:X.520[X.520])
( 2.5.4.45 NAME 'x500UniqueIdentifier' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
(2.5.4.45名称'x500UniqueIdentifier'相等位字符串匹配语法1.3.6.1.4.1.1466.115.121.1.6)
1.3.6.1.4.1.1466.115.121.1.6 refers to the Bit String syntax [RFC4517].
1.3.6.1.4.1.1466.115.121.1.6指位字符串语法[RFC4517]。
LDAP servers SHOULD recognize all the Object Classes listed here as values of the 'objectClass' attribute (see [RFC4512]).
LDAP服务器应将此处列出的所有对象类识别为“objectClass”属性的值(请参见[RFC4512])。
The 'applicationProcess' object class definition is the basis of an entry that represents an application executing in a computer system. (Source: X.521 [X.521])
“applicationProcess”对象类定义是表示在计算机系统中执行的应用程序的条目的基础。(来源:X.521[X.521])
( 2.5.6.11 NAME 'applicationProcess' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $ description ) )
(2.5.6.11名称“申请流程”SUP-top结构必须cn-MAY(另请参见$ou$l$说明))
The 'country' object class definition is the basis of an entry that represents a country. (Source: X.521 [X.521])
“国家”对象类定义是表示国家的条目的基础。(来源:X.521[X.521])
( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c MAY ( searchGuide $ description ) )
(2.5.6.2名称“国家”SUP top STRUCTURAL c MAY(searchGuide$说明))
The 'dcObject' object class permits an entry to contains domain component information. This object class is defined as auxiliary, because it will be used in conjunction with an existing structural object class. (Source: RFC 2247 [RFC2247])
“dcObject”对象类允许输入包含域组件信息的项。此对象类被定义为辅助对象,因为它将与现有结构对象类一起使用。(来源:RFC 2247[RFC2247])
( 1.3.6.1.4.1.1466.344 NAME 'dcObject' SUP top AUXILIARY MUST dc )
(1.3.6.1.4.1.1466.344名称“dcObject”辅助必须为dc)
The 'device' object class is the basis of an entry that represents an appliance, computer, or network element. (Source: X.521 [X.521])
“设备”对象类是表示设备、计算机或网络元素的条目的基础。(来源:X.521[X.521])
( 2.5.6.14 NAME 'device' SUP top STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
(2.5.6.14名称“设备”支持顶部结构必须为cn-MAY(序列号$另见$所有者$ou$o$l$说明))
The 'groupOfNames' object class is the basis of an entry that represents a set of named objects including information related to the purpose or maintenance of the set. (Source: X.521 [X.521])
“groupOfNames”对象类是表示一组命名对象的条目的基础,其中包括与该集合的用途或维护相关的信息。(来源:X.521[X.521])
( 2.5.6.9 NAME 'groupOfNames' SUP top STRUCTURAL MUST ( member $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
(2.5.6.9名称“groupOfNames”SUP top STRUCTURAL MUST(会员$cn)MAY(业务类别$SEE另见$owner$ou$o$description))
The 'groupOfUniqueNames' object class is the same as the 'groupOfNames' object class except that the object names are not repeated or reassigned within a set scope. (Source: X.521 [X.521])
“groupOfUniqueNames”对象类与“groupOfNames”对象类相同,只是对象名称在设置的范围内没有重复或重新分配。(来源:X.521[X.521])
( 2.5.6.17 NAME 'groupOfUniqueNames' SUP top STRUCTURAL MUST ( uniqueMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
(2.5.6.17命名“groupOfUniqueNames”SUP top STRUCTURAL MUST(uniqueMember$cn)MAY(businessCategory$另见$owner$ou$o$说明))
The 'locality' object class is the basis of an entry that represents a place in the physical world. (Source: X.521 [X.521])
“Location”对象类是表示物理世界中某个位置的条目的基础。(来源:X.521[X.521])
( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
(2.5.6.3名称“地点”辅助顶部结构可能(街道$另见$搜索指南$st$l$说明))
The 'organization' object class is the basis of an entry that represents a structured group of people. (Source: X.521 [X.521])
“organization”对象类是表示结构化人员组的条目的基础。(来源:X.521[X.521])
( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
(2.5.6.4名称“组织”支持顶部结构必须(用户密码$searchGuide$另请参见$businessCategory$X121地址$registeredAddress$destinationIndicator$preferredDeliveryMethod$telexNumber$teletexTerminalIdentifier$telephoneNumber$internationalISDNNumber$facsimileTelephoneNumber$street$postOfficeBox$postalCode$postalAddress$physicalDeliveryOfficeName$st$l$d描述)
The 'organizationalPerson' object class is the basis of an entry that represents a person in relation to an organization. (Source: X.521 [X.521])
“organizationalPerson”对象类是表示与组织相关的人员的条目的基础。(来源:X.521[X.521])
( 2.5.6.7 NAME 'organizationalPerson' SUP person STRUCTURAL MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
(2.5.6.7名称“组织人员”辅助人员(标题$X121地址$registeredAddress$destinationIndicator$preferredDeliveryMethod$telexNumber$teletexTerminalIdentifier$telephoneNumber$InternationalIsDN号码$facsimileTelephoneNumber$street$postOfficeBox$postalCode$postalAddress$physicalDeliveryOfficeName$ou$st$l))
The 'organizationalRole' object class is the basis of an entry that represents a job, function, or position in an organization. (Source: X.521 [X.521])
“organizationalRole”对象类是表示组织中的职务、职能或职位的条目的基础。(来源:X.521[X.521])
( 2.5.6.8 NAME 'organizationalRole' SUP top STRUCTURAL MUST cn MAY ( x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
(2.5.6.8名称“组织角色”支持顶部结构(X121地址$registeredAddress$destinationIndicator$preferredDeliveryMethod$telexNumber$teletexTerminalIdentifier$telephoneNumber$facsimileTelephoneNumber$另请参见$roleOccupant$preferredDeliveryMethod$street$postOfficeBox$postalCode$Postladdress$physicalDeliveryOfficeName$ou$st$l$des(抄录)
The 'organizationalUnit' object class is the basis of an entry that represents a piece of an organization. (Source: X.521 [X.521])
“organizationalUnit”对象类是表示组织一部分的条目的基础。(来源:X.521[X.521])
( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST ou MAY ( businessCategory $ description $ destinationIndicator $ facsimileTelephoneNumber $ internationalISDNNumber $ l $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ preferredDeliveryMethod $ registeredAddress $ searchGuide $ seeAlso $ st $ street $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ userPassword $ x121Address ) )
(2.5.6.5必须将“组织单元”的名称命名为顶部结构单元(业务类别$description$destinationIndicator$facsimileTelephoneNumber$internationalISDNNumber$l$physicalDeliveryOfficeName$postalAddress$postalCode$postOfficeBox$PreferredDelivery方法$registeredAddress$searchGuide$另请参见$st$street$电话号码$Teletexterminalidentier$电传号码$userPassword$x(地址)
The 'person' object class is the basis of an entry that represents a human being. (Source: X.521 [X.521])
“person”对象类是表示人的条目的基础。(来源:X.521[X.521])
( 2.5.6.6 NAME 'person' SUP top STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
(2.5.6.6名称“人员”支持顶部结构必须(sn$cn)可以(用户密码$telephoneNumber$另见$description))
The 'residentialPerson' object class is the basis of an entry that includes a person's residence in the representation of the person. (Source: X.521 [X.521])
“residentialPerson”对象类是一个条目的基础,该条目将一个人的住所包含在该人的表示中。(来源:X.521[X.521])
( 2.5.6.10 NAME 'residentialPerson' SUP person STRUCTURAL MUST l MAY ( businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l ) )
(2.5.6.10“住户人员”的姓名(业务类别$X121地址$registeredAddress$destinationIndicator$preferredDeliveryMethod$telexNumber$Teletexterminalidentier$telephoneNumber$InternationalIsDN号码$FacSimiletPhoneNumber$preferredDeliveryMethod$street$postOfficeBox$postalCode$postalAddress$physicalDeliveryOfficeName$st$l))
The 'uidObject' object class permits an entry to contains user identification information. This object class is defined as auxiliary, because it will be used in conjunction with an existing structural object class. (Source: RFC 2377 [RFC2377])
“uidObject”对象类允许输入包含用户标识信息的项。此对象类被定义为辅助对象,因为它将与现有结构对象类一起使用。(来源:RFC22377[RFC2377])
( 1.3.6.1.1.3.1 NAME 'uidObject' SUP top AUXILIARY MUST uid )
(1.3.6.1.1.3.1名称“uidObject”辅助顶部辅助必须为uid)
The Internet Assigned Numbers Authority (IANA) has updated the LDAP descriptors registry as indicated in the following template:
Internet分配号码管理局(IANA)已更新LDAP描述符注册表,如以下模板所示:
Subject: Request for LDAP Descriptor Registration Update
Descriptor (short name): see comments
Object Identifier: see comments
Person & email address to contact for further information:
Andrew Sciberras <andrew.sciberras@eb2bcom.com>
Usage: (A = attribute type, O = Object Class) see comment
Specification: RFC 4519
Author/Change Controller: IESG
Subject: Request for LDAP Descriptor Registration Update
Descriptor (short name): see comments
Object Identifier: see comments
Person & email address to contact for further information:
Andrew Sciberras <andrew.sciberras@eb2bcom.com>
Usage: (A = attribute type, O = Object Class) see comment
Specification: RFC 4519
Author/Change Controller: IESG
Comments
评论
In the LDAP descriptors registry, the following descriptors (short names) have been updated to refer to RFC 4519. Names that need to be reserved, rather than assigned to an Object Identifier, will contain an Object Identifier value of RESERVED.
在LDAP描述符注册表中,以下描述符(简称)已更新,以引用RFC 4519。需要保留而不是分配给对象标识符的名称将包含对象标识符值reserved。
NAME Type OID
------------------------ ---- ----------------------------
applicationProcess O 2.5.6.11
businessCategory A 2.5.4.15
c A 2.5.4.6
cn A 2.5.4.3
commonName A 2.5.4.3
country O 2.5.6.2
countryName A 2.5.4.6
dc A 0.9.2342.19200300.100.1.25
dcObject O 1.3.6.1.4.1.1466.344
description A 2.5.4.13
destinationIndicator A 2.5.4.27
device O 2.5.6.14
NAME Type OID
------------------------ ---- ----------------------------
applicationProcess O 2.5.6.11
businessCategory A 2.5.4.15
c A 2.5.4.6
cn A 2.5.4.3
commonName A 2.5.4.3
country O 2.5.6.2
countryName A 2.5.4.6
dc A 0.9.2342.19200300.100.1.25
dcObject O 1.3.6.1.4.1.1466.344
description A 2.5.4.13
destinationIndicator A 2.5.4.27
device O 2.5.6.14
NAME Type OID
------------------------ ---- ----------------------------
distinguishedName A 2.5.4.49
dnQualifier A 2.5.4.46
domainComponent A 0.9.2342.19200300.100.1.25
enhancedSearchGuide A 2.5.4.47
facsimileTelephoneNumber A 2.5.4.23
generationQualifier A 2.5.4.44
givenName A 2.5.4.42
gn A RESERVED
groupOfNames O 2.5.6.9
groupOfUniqueNames O 2.5.6.17
houseIdentifier A 2.5.4.51
initials A 2.5.4.43
internationalISDNNumber A 2.5.4.25
l A 2.5.4.7
locality O 2.5.6.3
localityName A 2.5.4.7
member A 2.5.4.31
name A 2.5.4.41
o A 2.5.4.10
organization O 2.5.6.4
organizationName A 2.5.4.10
organizationalPerson O 2.5.6.7
organizationalRole O 2.5.6.8
organizationalUnit O 2.5.6.5
organizationalUnitName A 2.5.4.11
ou A 2.5.4.11
owner A 2.5.4.32
person O 2.5.6.6
physicalDeliveryOfficeName A 2.5.4.19
postalAddress A 2.5.4.16
postalCode A 2.5.4.17
postOfficeBox A 2.5.4.18
preferredDeliveryMethod A 2.5.4.28
registeredAddress A 2.5.4.26
residentialPerson O 2.5.6.10
roleOccupant A 2.5.4.33
searchGuide A 2.5.4.14
seeAlso A 2.5.4.34
serialNumber A 2.5.4.5
sn A 2.5.4.4
st A 2.5.4.8
street A 2.5.4.9
surname A 2.5.4.4
telephoneNumber A 2.5.4.20
teletexTerminalIdentifier A 2.5.4.22
telexNumber A 2.5.4.21
NAME Type OID
------------------------ ---- ----------------------------
distinguishedName A 2.5.4.49
dnQualifier A 2.5.4.46
domainComponent A 0.9.2342.19200300.100.1.25
enhancedSearchGuide A 2.5.4.47
facsimileTelephoneNumber A 2.5.4.23
generationQualifier A 2.5.4.44
givenName A 2.5.4.42
gn A RESERVED
groupOfNames O 2.5.6.9
groupOfUniqueNames O 2.5.6.17
houseIdentifier A 2.5.4.51
initials A 2.5.4.43
internationalISDNNumber A 2.5.4.25
l A 2.5.4.7
locality O 2.5.6.3
localityName A 2.5.4.7
member A 2.5.4.31
name A 2.5.4.41
o A 2.5.4.10
organization O 2.5.6.4
organizationName A 2.5.4.10
organizationalPerson O 2.5.6.7
organizationalRole O 2.5.6.8
organizationalUnit O 2.5.6.5
organizationalUnitName A 2.5.4.11
ou A 2.5.4.11
owner A 2.5.4.32
person O 2.5.6.6
physicalDeliveryOfficeName A 2.5.4.19
postalAddress A 2.5.4.16
postalCode A 2.5.4.17
postOfficeBox A 2.5.4.18
preferredDeliveryMethod A 2.5.4.28
registeredAddress A 2.5.4.26
residentialPerson O 2.5.6.10
roleOccupant A 2.5.4.33
searchGuide A 2.5.4.14
seeAlso A 2.5.4.34
serialNumber A 2.5.4.5
sn A 2.5.4.4
st A 2.5.4.8
street A 2.5.4.9
surname A 2.5.4.4
telephoneNumber A 2.5.4.20
teletexTerminalIdentifier A 2.5.4.22
telexNumber A 2.5.4.21
NAME Type OID
------------------------ ---- ----------------------------
title A 2.5.4.12
uid A 0.9.2342.19200300.100.1.1
uidObject O 1.3.6.1.1.3.1
uniqueMember A 2.5.4.50
userid A 0.9.2342.19200300.100.1.1
userPassword A 2.5.4.35
x121Address A 2.5.4.24
x500UniqueIdentifier A 2.5.4.45
NAME Type OID
------------------------ ---- ----------------------------
title A 2.5.4.12
uid A 0.9.2342.19200300.100.1.1
uidObject O 1.3.6.1.1.3.1
uniqueMember A 2.5.4.50
userid A 0.9.2342.19200300.100.1.1
userPassword A 2.5.4.35
x121Address A 2.5.4.24
x500UniqueIdentifier A 2.5.4.45
Attributes of directory entries are used to provide descriptive information about the real-world objects they represent, which can be people, organizations, or devices. Most countries have privacy laws regarding the publication of information about people.
目录项的属性用于提供有关它们所表示的真实对象的描述性信息,这些对象可以是人、组织或设备。大多数国家都有关于发布个人信息的隐私法。
Transfer of cleartext passwords is strongly discouraged where the underlying transport service cannot guarantee confidentiality and integrity, since this may result in disclosure of the password to unauthorized parties.
如果基础传输服务不能保证机密性和完整性,则强烈不鼓励传输明文密码,因为这可能会导致密码泄露给未经授权的方。
Multiple attribute values for the 'userPassword' attribute need to be used with care. Especially reset/deletion of a password by an administrator without knowing the old user password gets tricky or impossible if multiple values for different applications are present.
需要谨慎使用“userPassword”属性的多个属性值。特别是,如果存在不同应用程序的多个值,管理员在不知道旧用户密码的情况下重置/删除密码会变得棘手或不可能。
Certainly, applications that intend to replace the 'userPassword' value(s) with new value(s) should use modify/replaceValues (or modify/deleteAttribute+addAttribute). In addition, server implementations are encouraged to provide administrative controls that, if enabled, restrict the 'userPassword' attribute to one value.
当然,打算用新值替换“userPassword”值的应用程序应该使用modify/replaceValues(或modify/deleteAttribute+addAttribute)。此外,鼓励服务器实现提供管理控制,如果启用,将“userPassword”属性限制为一个值。
Note that when used for authentication purposes [RFC4513], the user need only prove knowledge of one of the values, not all of the values.
注意,当用于身份验证目的[RFC4513]时,用户只需证明了解其中一个值,而不是所有值。
The definitions, on which this document is based, have been developed by committees for telecommunications and international standards.
本文件所依据的定义由电信和国际标准委员会制定。
This document is an update of RFC 2256 by Mark Wahl. RFC 2256 was a product of the IETF ASID Working Group.
本文件是Mark Wahl对RFC 2256的更新。RFC2256是IETF ASID工作组的产品。
The 'dc' attribute type definition and the 'dcObject' object class definition in this document supersede the specification in RFC 2247 by S. Kille, M. Wahl, A. Grimstad, R. Huber, and S. Sataluri.
本文档中的“dc”属性类型定义和“dcObject”对象类定义由S.Kille、M.Wahl、A.Grimstad、R.Huber和S.Sataluri取代RFC 2247中的规范。
The 'uid' attribute type definition in this document supersedes the specification of the 'userid' in RFC 1274 by P. Barker and S. Kille and of the uid in RFC 2798 by M. Smith.
本文档中的“uid”属性类型定义取代了P.Barker和S.Kille在RFC 1274中对“用户ID”的规定以及M.Smith在RFC 2798中对uid的规定。
The 'uidObject' object class definition in this document supersedes the specification of the 'uidObject' in RFC 2377 by A. Grimstad, R. Huber, S. Sataluri, and M. Wahl.
本文件中的“uidObject”对象类定义由A.Grimstad、R.Huber、S.Sataluri和M.Wahl取代RFC 2377中的“uidObject”规范。
This document is based upon input of the IETF LDAPBIS working group. The author wishes to thank S. Legg and K. Zeilenga for their significant contribution to this update. The author would also like to thank Kathy Dally, who edited early versions of this document.
本文件基于IETF LDAPBIS工作组的输入。作者希望感谢S.Legg和K.Zeilenga对本次更新的重大贡献。作者还要感谢编辑本文件早期版本的Kathy Dally。
[E.123] Notation for national and international telephone numbers, ITU-T Recommendation E.123, 1988
[E.123]国家和国际电话号码的符号,ITU-T建议E.123,1988
[E.164] The international public telecommunication numbering plan, ITU-T Recommendation E.164, 1997
[E.164]国际公共电信编号计划,ITU-T建议E.164,1997年
[F.1] Operational Provisions For The International Public Telegram Service Transmission System, CCITT Recommendation F.1, 1992
[F.1]国际公共电报业务传输系统的操作规定,CCITT建议F.11992
[F.31] Telegram Retransmission System, CCITT Recommendation F.31, 1988
[F.31]电报重传系统,CCITT建议F.311988
[ISO3166] ISO 3166, "Codes for the representation of names of countries".
[ISO3166]ISO 3166,“国家名称表示代码”。
[RFC1034] Mockapetris, P., "Domain names - concepts and facilities", STD 13, RFC 1034, November 1987.
[RFC1034]Mockapetris,P.,“域名-概念和设施”,STD 13,RFC 1034,1987年11月。
[RFC1123] Braden, R., "Requirements for Internet Hosts - Application and Support", STD 3, RFC 1123, October 1989.
[RFC1123]Braden,R.,“互联网主机的要求-应用和支持”,STD 3,RFC 1123,1989年10月。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS Specification", RFC 2181, July 1997.
[RFC2181]Elz,R.和R.Bush,“DNS规范的澄清”,RFC 21811997年7月。
[RFC3490] Faltstrom, P., Hoffman, P., and A. Costello, "Internationalizing Domain Names in Applications (IDNA)", RFC 3490, March 2003.
[RFC3490]Faltstrom,P.,Hoffman,P.,和A.Costello,“应用程序中的域名国际化(IDNA)”,RFC 34902003年3月。
[RFC4013] Zeilenga, K., "SASLprep: Stringprep Profile for User Names and Passwords", RFC 4013, February 2005.
[RFC4013]Zeilenga,K.,“SASLprep:用户名和密码的Stringprep配置文件”,RFC40113,2005年2月。
[RFC4234] Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", RFC 4234, October 2005.
[RFC4234]Crocker,D.和P.Overell,“语法规范的扩充BNF:ABNF”,RFC 4234,2005年10月。
[RFC4510] Zeilenga, K., Ed., "Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map", RFC 4510, June 2006.
[RFC4510]Zeilenga,K.,Ed.“轻量级目录访问协议(LDAP):技术规范路线图”,RFC45102006年6月。
[RFC4512] Zeilenga, K., "Lightweight Directory Access Protocol (LDAP): Directory Information Models", RFC 4512, June 2006.
[RFC4512]Zeilenga,K.,“轻量级目录访问协议(LDAP):目录信息模型”,RFC4512,2006年6月。
[RFC4517] Legg, S., Ed., "Lightweight Directory Access Protocol (LDAP): Syntaxes and Matching Rules", RFC 4517, June 2006.
[RFC4517]Legg,S.,Ed.,“轻量级目录访问协议(LDAP):语法和匹配规则”,RFC4517,2006年6月。
[X.121] International numbering plan for public data networks, ITU-T Recommendation X.121, 1996
[X.121]公共数据网络国际编号计划,ITU-T建议X.121,1996年
[X.509] The Directory: Authentication Framework, ITU-T Recommendation X.509, 1993
[X.509]目录:认证框架,ITU-T建议X.5091993
[X.520] The Directory: Selected Attribute Types, ITU-T Recommendation X.520, 1993
[X.520]目录:选定属性类型,ITU-T建议X.520,1993
[X.521] The Directory: Selected Object Classes. ITU-T Recommendation X.521, 1993
[X.521]目录:选定的对象类。ITU-T建议X.5211993
[RFC1274] Barker, P. and S. Kille, "The COSINE and Internet X.500 Schema", RFC 1274, November 1991.
[RFC1274]巴克,P.和S.基尔,“余弦和互联网X.500模式”,RFC1274,1991年11月。
[RFC2247] Kille, S., Wahl, M., Grimstad, A., Huber, R., and S. Sataluri, "Using Domains in LDAP/X.500 Distinguished Names", RFC 2247, January 1998.
[RFC2247]Kille,S.,Wahl,M.,Grimstad,A.,Huber,R.,和S.Sataluri,“在LDAP/X.500可分辨名称中使用域”,RFC 2247,1998年1月。
[RFC2377] Grimstad, A., Huber, R., Sataluri, S., and M. Wahl, "Naming Plan for Internet Directory-Enabled Applications", RFC 2377, September 1998.
[RFC2377]Grimstad,A.,Huber,R.,Sataluri,S.,和M.Wahl,“互联网目录启用应用程序的命名计划”,RFC 2377,1998年9月。
[RFC2798] Smith, M., "Definition of the inetOrgPerson LDAP Object Class", RFC 2798, April 2000.
[RFC2798]Smith,M.,“inetOrgPerson LDAP对象类的定义”,RFC 2798,2000年4月。
[RFC4513] Harrison R., Ed., "Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms", RFC 4513, June 2006.
[RFC4513]Harrison R.,Ed.,“轻量级目录访问协议(LDAP):认证方法和安全机制”,RFC4513,2006年6月。
[RFC4523] Zeilenga, K., "Lightweight Directory Access Protocol (LDAP) Schema Definitions for X.509 Certificates", RFC 4523, June 2006.
[RFC4523]Zeilenga,K.,“X.509证书的轻型目录访问协议(LDAP)模式定义”,RFC4523,2006年6月。
[RFC4524] Zeilenga, E., Ed., "COSINE LDAP/X.500 Schema", RFC 4524, June 2006.
[RFC4524]Zeilenga,E.,编辑,“余弦LDAP/X.500模式”,RFC4524,2006年6月。
[X.500] ITU-T Recommendations X.500 (1993) | ISO/IEC 9594-1:1994, Information Technology - Open Systems Interconnection - The Directory: Overview of concepts, models and services.
[X.500]ITU-T建议X.500(1993)| ISO/IEC 9594-1:1994,信息技术-开放系统互连-目录:概念、模型和服务概述。
This appendix lists the changes that have been made from RFC 2256 to RFC 4519.
本附录列出了从RFC 2256到RFC 4519的变更。
This appendix is not a normative part of this specification, which has been provided for informational purposes only.
本附录不是本规范的规范性部分,仅供参考。
1. Replaced the document title.
1. 替换了文档标题。
2. Removed the IESG Note.
2. 删除了IESG注释。
3. Dependencies on RFC 1274 have been eliminated.
3. 已消除对RFC 1274的依赖。
4. Added a Security Considerations section and an IANA Considerations section.
4. 添加了安全注意事项部分和IANA注意事项部分。
5. Deleted the conformance requirement for subschema object classes in favor of a statement in [RFC4517].
5. 删除了子模式对象类的一致性要求,以支持[RFC4517]中的一条语句。
6. Added explanation to attribute types and to each object class.
6. 为属性类型和每个对象类添加了解释。
7. Removed Section 4, Syntaxes, and Section 6, Matching Rules, (moved to [RFC4517]).
7. 删除了第4节语法和第6节匹配规则(移至[RFC4517])。
8. Removed the certificate-related attribute types: authorityRevocationList, cACertificate, certificateRevocationList, crossCertificatePair, deltaRevocationList, supportedAlgorithms, and userCertificate.
8. 已删除与证书相关的属性类型:authorityRevocationList、cACertificate、CertificateJournalist、crossCertificatePair、DeltarRevocationList、supportedAlgorithms和userCertificate。
Removed the certificate-related Object Classes: certificationAuthority, certificationAuthority-V2, cRLDistributionPoint, strongAuthenticationUser, and userSecurityInformation
已删除与证书相关的对象类:certificationAuthority、certificationAuthority-V2、cRLDistributionPoint、strongAuthenticationUser和userSecurityInformation
LDAP PKI is now discussed in [RFC4523].
LDAP PKI现在在[RFC4523]中讨论。
9. Removed the dmdName, knowledgeInformation, presentationAddress, protocolInformation, and supportedApplicationContext attribute types and the dmd, applicationEntity, and dSA object classes.
9. 删除了dmdName、knowledgeInformation、presentationAddress、protocolInformation和supportedApplicationContext属性类型以及dmd、applicationEntity和dSA对象类。
10. Deleted the aliasedObjectName and objectClass attribute type definitions. Deleted the alias and top object class definitions. They are included in [RFC4512].
10. 删除了AliaseObjectName和objectClass属性类型定义。删除了别名和顶级对象类定义。它们包含在[RFC4512]中。
11. Added the 'dc' attribute type from RFC 2247, making the distinction between 'stored' and 'query' values when preparing IDN strings.
11. 从RFC 2247中添加了“dc”属性类型,在准备IDN字符串时区分“存储”和“查询”值。
12. Numerous editorial changes.
12. 许多编辑上的变化。
13. Removed upper bound after the SYNTAX oid in all attribute definitions where it appeared.
13. 删除了出现语法oid的所有属性定义中语法oid后的上限。
14. Added text about Unicode, SASLprep [RFC4013], and UTF-8 for userPassword.
14. 添加了有关Unicode、SASLprep[RFC4013]和用户密码的UTF-8的文本。
15. Included definitions, comments and references for 'dcObject' and 'uidObject'.
15. 包括“dcObject”和“UIDOObject”的定义、注释和参考。
16. Replaced PKI schema references to use RFC 4523.
16. 替换PKI架构引用以使用RFC 4523。
17. Spelt out and referenced ABNF on first usage.
17. 在第一次使用时拼写并引用ABNF。
18. Removed Section 2.4 (Source). Replaced the source table with explicit references for each definition.
18. 删除第2.4节(来源)。用每个定义的显式引用替换源表。
19. All references to an attribute type or object class are enclosed in single quotes.
19. 对属性类型或对象类的所有引用都用单引号括起来。
20. The layout of attribute type definitions has been changed to provide consistency throughout the document: > Section Heading > Description of Attribute type > Multivalued description > Source Information > Definition > Example > Additional Comments
20. 属性类型定义的布局已更改,以在整个文档中提供一致性:>节标题>属性类型描述>多值描述>源信息>定义>示例>其他注释
Adding this consistent output included the addition of examples to some definitions.
添加此一致性输出包括在某些定义中添加示例。
21. References to alternate names for attributes types are provided with a reference to where they were originally specified.
21. 对属性类型的备用名称的引用提供了对它们最初指定位置的引用。
22. Clarification of the description of 'distinguishedName' and 'name', in regards to these attribute types being supertypes.
22. 澄清关于这些属性类型为超类型的“DifferentizedName”和“name”的描述。
23. Spelt out ISDN on first usage.
23. 在第一次使用时详细说明ISDN。
24. Inserted a reference to [RFC4517] for the 'teletexTerminalIdentifier' definition's SYNTAX OID.
24. 为“Teletexterminalidentier”定义的语法OID插入了对[RFC4517]的引用。
25. Additional names were added to the IANA Considerations. Names include 'commonName', 'dcObject', 'domainComponent', 'GN', 'localityName', 'organizationName', 'organizationUnitName', 'surname', 'uidObject' and 'userid'.
25. IANA注意事项中增加了其他名称。名称包括“commonName”、“dcObject”、“domainComponent”、“GN”、“LocationName”、“organizationName”、“organizationUnitName”、“姓氏”、“uidObject”和“userid”。
26. Renamed all instances of supercede to supersede.
26. 已重命名“替换”的所有实例以替换。
27. Moved [F.1], [F.31] and [RFC4013] from informative to normative references.
27. 将[F.1]、[F.31]和[RFC4013]从资料性参考文件移至规范性参考文件。
28. Changed the 'c' definition to be consistent with X.500.
28. 将“c”定义更改为与X.500一致。
Author's Address
作者地址
Andrew Sciberras eB2Bcom Suite 3, Woodhouse Corporate Centre, 935 Station Street, Box Hill North, Victoria 3129 AUSTRALIA
Andrew Sciberas eB2Bcom澳大利亚维多利亚州博克斯山北站街935号伍德豪斯企业中心3号套房,邮编:3129
Phone: +61 3 9896 7833
EMail: andrew.sciberras@eb2bcom.com
Phone: +61 3 9896 7833
EMail: andrew.sciberras@eb2bcom.com
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2006).
版权所有(C)互联网协会(2006年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA).
RFC编辑器功能的资金由IETF行政支持活动(IASA)提供。