Net::LDAP::RFC
Net::LDAP::RFC(3) User Contributed Perl Documentation Net::LDAP::RFC(3)
NAME
Net::LDAP::RFC - List of related RFC’s
SYNOPSIS
none
DESCRIPTION
The LDAP protocol is defined in the following RFC’s
Core LDAP Specification
RFC-4510 Lightweight Directory Access Protocol (LDAP): Technical Spec-
ification Road Map
http://www.ietf.org/rfc/rfc4510.txt
The Lightweight Directory Access Protocol (LDAP) is an Internet proto-
col for accessing distributed directory services that act in accor-
dance with X.500 data and service models. This document provides a
road map of the LDAP Technical Specification.
RFC-4511 Lightweight Directory Access Protocol (LDAP): The Protocol
http://www.ietf.org/rfc/rfc4511.txt
This document describes the protocol elements, along with their seman-
tics and encodings, of the Lightweight Directory Access Protocol
(LDAP). LDAP provides access to distributed directory services that
act in accordance with X.500 data and service models. These protocol
elements are based on those described in the X.500 Directory Access
Protocol (DAP).
RFC-4512 Lightweight Directory Access Protocol (LDAP): Directory
Information Models
http://www.ietf.org/rfc/rfc4512.txt
The Lightweight Directory Access Protocol (LDAP) is an Internet proto-
col for accessing distributed directory services that act in accor-
dance with X.500 data and service models. This document describes the
X.500 Directory Information Models, as used in LDAP.
RFC-4513 Lightweight Directory Access Protocol (LDAP): Authentication
Methods and Security Mechanisms
http://www.ietf.org/rfc/rfc4513.txt
This document describes authentication methods and security mechanisms
of the Lightweight Directory Access Protocol (LDAP). This document
details establishment of Transport Layer Security (TLS) using the
StartTLS operation.
This document details the simple Bind authentication method including
anonymous, unauthenticated, and name/password mechanisms and the Sim-
ple Authentication and Security Layer (SASL) Bind authentication
method including the EXTERNAL mechanism.
This document discusses various authentication and authorization
states through which a session to an LDAP server may pass and the
actions that trigger these state changes.
RFC-4514 Lightweight Directory Access Protocol (LDAP): String Repre-
sentation of Distinguished Names
http://www.ietf.org/rfc/rfc4514.txt
The X.500 Directory uses distinguished names (DNs) as primary keys to
entries in the directory. This document defines the string represen-
tation used in the Lightweight Directory Access Protocol (LDAP) to
transfer distinguished names. The string representation is designed
to give a clean representation of commonly used distinguished names,
while being able to represent any distinguished name.
RFC-4515 Lightweight Directory Access Protocol (LDAP): String Repre-
sentation of Search Filters
http://www.ietf.org/rfc/rfc4515.txt
Lightweight Directory Access Protocol (LDAP) search filters are trans-
mitted in the LDAP protocol using a binary representation that is
appropriate for use on the network. This document defines a human-
readable string representation of LDAP search filters that is appro-
priate for use in LDAP URLs (RFC 4516) and in other applications.
RFC-4516 Lightweight Directory Access Protocol (LDAP): Uniform
Resource Locator
http://www.ietf.org/rfc/rfc4516.txt
This document describes a format for a Lightweight Directory Access
Protocol (LDAP) Uniform Resource Locator (URL). An LDAP URL describes
an LDAP search operation that is used to retrieve information from an
LDAP directory, or, in the context of an LDAP referral or reference,
an LDAP URL describes a service where an LDAP operation may be pro-
gressed.
RFC-4517 Lightweight Directory Access Protocol (LDAP): Syntaxes and
Matching Rules
http://www.ietf.org/rfc/rfc4517.txt
Each attribute stored in a Lightweight Directory Access Protocol
(LDAP) directory, whose values may be transferred in the LDAP proto-
col, has a defined syntax that constrains the structure and format of
its values. The comparison semantics for values of a syntax are not
part of the syntax definition but are instead provided through sepa-
rately defined matching rules. Matching rules specify an argument, an
assertion value, which also has a defined syntax. This document
defines a base set of syntaxes and matching rules for use in defining
attributes for LDAP directories.
RFC-4518 Lightweight Directory Access Protocol (LDAP): International-
ized String Preparation
http://www.ietf.org/rfc/rfc4518.txt
The previous Lightweight Directory Access Protocol (LDAP) technical
specifications did not precisely define how character string matching
is to be performed. This led to a number of usability and interoper-
ability problems. This document defines string preparation algorithms
for character-based matching rules defined for use in LDAP.
RFC-4519 Lightweight Directory Access Protocol (LDAP): Schema for User
Applications
http://www.ietf.org/rfc/rfc4519.txt
This document is an integral part of the Lightweight Directory Access
Protocol (LDAP) technical specification. It provides a technical
specification of attribute types and object classes intended for use
by LDAP directory clients for many directory services, such as White
Pages. These objects are widely used as a basis for the schema in
many LDAP directories. This document does not cover attributes used
for the administration of directory servers, nor does it include
directory objects defined for specific uses in other documents.
Other LDAP Related RFCs - Proposed Standards
RFC-4532 Lightweight Directory Access Protocol (LDAP) Who am I? Opera-
tion
http://www.ietf.org/rfc/rfc4532.txt
This specification provides a mechanism for Lightweight Directory
Access Protocol (LDAP) clients to obtain the authorization identity
the server has associated with the user or application entity. This
mechanism is specified as an LDAP extended operation called the LDAP
"Who am I?" operation.
RFC-4530 Lightweight Directory Access Protocol (LDAP) entryUUID Opera-
tional Attribute
http://www.ietf.org/rfc/rfc4530.txt
This document describes the LDAP/X.500 ’entryUUID’ operational
attribute and associated matching rules and syntax. The attribute
holds a server-assigned Universally Unique Identifier (UUID) for the
object. Directory clients may use this attribute to distinguish
objects identified by a distinguished name or to locate an object
after renaming.
RFC-4528 Lightweight Directory Access Protocol (LDAP) Assertion Con-
trol
http://www.ietf.org/rfc/rfc4528.txt
This document defines the Lightweight Directory Access Protocol (LDAP)
Assertion Control, which allows a client to specify that a directory
operation should only be processed if an assertion applied to the tar-
get entry of the operation is true. It can be used to construct "test
and set", "test and clear", and other conditional operations.
RFC-4527 Lightweight Directory Access Protocol (LDAP) Read Entry Con-
trols
http://www.ietf.org/rfc/rfc4527.txt
This document specifies an extension to the Lightweight Directory
Access Protocol (LDAP) to allow the client to read the target entry of
an update operation. The client may request to read the entry before
and/or after the modifications are applied. These reads are done as
an atomic part of the update operation.
RFC-4526 Lightweight Directory Access Protocol (LDAP) Absolute True
and False Filters
http://www.ietf.org/rfc/rfc4526.txt
This document extends the Lightweight Directory Access Protocol (LDAP)
to support absolute True and False filters based upon similar capabil-
ities found in X.500 directory systems. The document also extends the
String Representation of LDAP Search Filters to support these filters.
RFC-4524 COSINE LDAP/X.500 Schema
http://www.ietf.org/rfc/rfc4524.txt
This document provides a collection of schema elements for use with
the Lightweight Directory Access Protocol (LDAP) from the COSINE and
Internet X.500 pilot projects.
RFC-4523 Lightweight Directory Access Protocol (LDAP) Schema Defini-
tions for X.509 Certificates
http://www.ietf.org/rfc/rfc4523.txt
This document describes schema for representing X.509 certificates,
X.521 security information, and related elements in directories acces-
sible using the Lightweight Directory Access Protocol (LDAP). The
LDAP definitions for these X.509 and X.521 schema elements replace
those provided in RFCs 2252 and 2256.
RFC-4522 Lightweight Directory Access Protocol (LDAP): The Binary
Encoding Option
http://www.ietf.org/rfc/rfc4522.txt
Each attribute stored in a Lightweight Directory Access Protocol
(LDAP) directory has a defined syntax (i.e., data type). A syntax
definition specifies how attribute values conforming to the syntax are
normally represented when transferred in LDAP operations. This repre-
sentation is referred to as the LDAP-specific encoding to distinguish
it from other methods of encoding attribute values. This document
defines an attribute option, the binary option, that can be used to
specify that the associated attribute values are instead encoded
according to the Basic Encoding Rules (BER) used by X.500 directories.
RFC-4370 Lightweight Directory Access Protocol (LDAP) Proxied Autho-
rization Control
http://www.ietf.org/rfc/rfc4370.txt
This document defines the Lightweight Directory Access Protocol (LDAP)
Proxy Authorization Control. The Proxy Authorization Control allows a
client to request that an operation be processed under a provided
authorization identity instead of under the current authorization
identity associated with the connection.
RFC-3928 Lightweight Directory Access Protocol (LDAP) Client Update
Protocol (LCUP)
http://www.ietf.org/rfc/rfc3928.txt
This document defines the Lightweight Directory Access Protocol (LDAP)
Client Update Protocol (LCUP). The protocol is intended to allow an
LDAP client to synchronize with the content of a directory information
tree (DIT) stored by an LDAP server and to be notified about the
changes to that content.
RFC-3909 Lightweight Directory Access Protocol (LDAP) Cancel Operation
http://www.ietf.org/rfc/rfc3909.txt
This specification describes a Lightweight Directory Access Protocol
(LDAP) extended operation to cancel (or abandon) an outstanding opera-
tion. Unlike the LDAP Abandon operation, but like the X.511 Directory
Access Protocol (DAP) Abandon operation, this operation has a response
which provides an indication of its outcome.
RFC-3876 Returning Matched Values with the Lightweight Directory
Access Protocol version 3 (LDAPv3)
http://www.ietf.org/rfc/rfc3876.txt
This document describes a control for the Lightweight Directory Access
Protocol version 3 that is used to return a subset of attribute values
from an entry. Specifically, only those values that match a "values
return" filter. Without support for this control, a client must
retrieve all of an attribute’s values and search for specific values
locally.
RFC-3866 Language Tags and Ranges in the Lightweight Directory Access
Protocol (LDAP)
http://www.ietf.org/rfc/rfc3866.txt
It is often desirable to be able to indicate the natural language
associated with values held in a directory and to be able to query the
directory for values which fulfill the user’s language needs. This
document details the use of Language Tags and Ranges in the
Lightweight Directory Access Protocol (LDAP).
RFC-3727 ASN.1 Module Definition for the LDAP and X.500 Component
Matching Rules
http://www.ietf.org/rfc/rfc3727.txt
This document updates the specification of the component matching
rules for Lightweight Directory Access Protocol (LDAP) and X.500
directories (RFC3687) by collecting the Abstract Syntax Notation One
(ASN.1) definitions of the component matching rules into an appropri-
ately identified ASN.1 module so that other specifications may refer-
ence the component matching rule definitions from within their own
ASN.1 modules.
RFC-3703 Policy Core Lightweight Directory Access Protocol (LDAP)
Schema
http://www.ietf.org/rfc/rfc3703.txt
This document defines a mapping of the Policy Core Information Model
to a form that can be implemented in a directory that uses Lightweight
Directory Access Protocol (LDAP) as its access protocol. This model
defines two hierarchies of object classes: structural classes repre-
senting information for representing and controlling policy data as
specified in RFC 3060, and relationship classes that indicate how
instances of the structural classes are related to each other.
Classes are also added to the LDAP schema to improve the performance
of a client’s interactions with an LDAP server when the client is
retrieving large amounts of policy-related information. These classes
exist only to optimize LDAP retrievals: there are no classes in the
information model that correspond to them.
RFC-3698 Lightweight Directory Access Protocol (LDAP): Additional
Matching Rules
http://www.ietf.org/rfc/rfc3698.txt
This document provides a collection of matching rules for use with the
Lightweight Directory Access Protocol (LDAP). As these matching rules
are simple adaptations of matching rules specified for use with the
X.500 Directory, most are already in wide use.
RFC-3687 Lightweight Directory Access Protocol (LDAP) and X.500 Compo-
nent Matching Rules
http://www.ietf.org/rfc/rfc3687.txt
The syntaxes of attributes in a Lightweight Directory Access Protocol
(LDAP) or X.500 directory range from simple data types, such as text
string, integer, or boolean, to complex structured data types, such as
the syntaxes of the directory schema operational attributes. Matching
rules defined for the complex syntaxes usually only provide the most
immediately useful matching capability. This document defines generic
matching rules that can match any user selected component parts in an
attribute value of any arbitrarily complex attribute syntax.
RFC-3672 Subentries in the Lightweight Directory Access Protocol
(LDAP)
http://www.ietf.org/rfc/rfc3672.txt
In X.500 directories, subentries are special entries used to hold
information associated with a subtree or subtree refinement. This
document adapts X.500 subentries mechanisms for use with the
Lightweight Directory Access Protocol (LDAP).
RFC-3671 Collective Attributes in the Lightweight Directory Access
Protocol (LDAP)
http://www.ietf.org/rfc/rfc3671.txt
X.500 collective attributes allow common characteristics to be shared
between collections of entries. This document summarizes the X.500
information model for collective attributes and describes use of col-
lective attributes in LDAP (Lightweight Directory Access Protocol).
This document provides schema definitions for collective attributes
for use in LDAP.
RFC-3296 Named Subordinate References in Lightweight Directory Access
Protocol (LDAP) Directories
http://www.ietf.org/rfc/rfc3296.txt
This document details schema and protocol elements for representing
and managing named subordinate references in Lightweight Directory
Access Protocol (LDAP) Directories.
RFC-3062 LDAP Password Modify Extended Operation
http://www.ietf.org/rfc/rfc3062.txt
The integration of the Lightweight Directory Access Protocol (LDAP)
and external authentication services has introduced non-DN authentica-
tion identities and allowed for non-directory storage of passwords.
As such, mechanisms which update the directory (e.g., Modify) cannot
be used to change a user’s password. This document describes an LDAP
extended operation to allow modification of user passwords which is
not dependent upon the form of the authentication identity nor the
password storage mechanism used.
RFC-2891 LDAP Control Extension for Server Side Sorting of Search
Results
http://www.ietf.org/rfc/rfc2891.txt
This document describes two LDAPv3 control extensions for server side
sorting of search results. These controls allows a client to specify
the attribute types and matching rules a server should use when
returning the results to an LDAP search request. The controls may be
useful when the LDAP client has limited functionality or for some
other reason cannot sort the results but still needs them sorted.
Other permissible controls on search operations are not defined in
this extension.
RFC-2849 The LDAP Data Interchange Format (LDIF) - Technical Specifi-
cation
http://www.ietf.org/rfc/rfc2849.txt
This document describes a file format suitable for describing direc-
tory information or modifications made to directory information. The
file format, known as LDIF, for LDAP Data Interchange Format, is typi-
cally used to import and export directory information between LDAP-
based directory servers, or to describe a set of changes which are to
be applied to a directory.
RFC-2831 Using Digest Authentication as a SASL Mechanism
http://www.ietf.org/rfc/rfc2831.txt
This specification defines how HTTP Digest Authentication can be used
as a SASL [RFC 2222] mechanism for any protocol that has a SASL pro-
file. It is intended both as an improvement over CRAM-MD5 [RFC 2195]
and as a convenient way to support a single authentication mechanism
for web, mail, LDAP, and other protocols.
RFC-2739 Calendar Attributes for vCard and LDAP
http://www.ietf.org/rfc/rfc2739.txt
When scheduling a calendar entity, such as an event, it is a prerequi-
site that an organizer has the calendar address of each attendee that
will be invited to the event. Additionally, access to an attendee’s
current "busy time" provides an a priori indication of whether the
attendee will be free to participate in the event. In order to meet
these challenges, a calendar user agent (CUA) needs a mechanism to
locate individual user’s calendar and free/busy time. This memo
defines three mechanisms for obtaining a URI to a user’s calendar and
free/busy time. These include:
RFC-2589 Extensions for Dynamic Directory Services
http://www.ietf.org/rfc/rfc2589.txt
LDAP supports lightweight access to static directory services, allow-
ing relatively fast search and update access. Static directory ser-
vices store information about people that persists in its accuracy and
value over a long period of time. Dynamic directory services are dif-
ferent in that they store information about people that only persists
in its accuracy and value while people are online. Though the protocol
operations and attributes used by dynamic directory services are simi-
lar to the ones used for static directory services, clients that are
bound to a dynamic directory service need to periodically refresh
their presence at the server to keep directory entries from getting
stale in the presence of client application crashes. A flow control
mechanism from the server is also described that allows a server to
inform clients how often they should refresh their presence.
RFC-2559 Internet X.509 Public Key Infrastructure Operational Proto-
cols - LDAPv2
http://www.ietf.org/rfc/rfc2559.txt
The protocol described in this document is designed to satisfy some of
the operational requirements within the Internet X.509 PKI. Specifi-
cally, this document addresses requirements to provide access to PKI
repositories for the purposes of retrieving PKI information and manag-
ing that same information. The mechanism described in this document
is based on the LDAPv2, defined in RFC 1777, defining a profile of
that protocol for use within the PKIX and updates encodings for cer-
tificates and revocation lists from RFC 1778. Additional mechanisms
addressing PKIX operational requirements are specified in separate
documents.
RFC-2247 Using Domains in LDAP/X.500 Distinguished Names
http://www.ietf.org/rfc/rfc2247.txt
LDAP uses X.500-compatible distinguished names for providing unique
identification of entries. This document defines an algorithm by which
a name registered with the Internet Domain Name Service can be repre-
sented as an LDAP distinguished name.
RFC-2222 Simple Authentication and Security Layer (SASL)
http://www.ietf.org/rfc/rfc2222.txt
This document describes a method for adding authentication support to
connection-based protocols. To use this specification, a protocol
includes a command for identifying and authenticating a user to a
server and for optionally negotiating protection of subsequent proto-
col interactions. If its use is negotiated, a security layer is
inserted between the protocol and the connection. This document
describes how a protocol specifies such a command, defines several
mechanisms for use by the command, and defines the protocol used for
carrying a negotiated security layer over the connection.
RFC-2218 A Common Schema for the Internet White Pages Service
http://www.ietf.org/rfc/rfc2218.txt
This IETF Integrated Directory Services(IDS) Working Group proposes a
standard specification for a simple Internet White Pages service by
defining a common schema for use by the various White Pages servers.
This schema is independent of specific implementations of the White
Pages service. This document specifies the minimum set of core
attributes of a White Pages entry for an individual and describes how
new objects with those attributes can be defined and published. It
does not describe how to represent other objects in the White Pages
service. Further, it does not address the search sort expectations
within a particular service.
RFC-2164 Use of an X.500/LDAP directory to support MIXER address map-
ping
http://www.ietf.org/rfc/rfc2164.txt
MIXER (RFC 2156) defines an algorithm for use of a set of global map-
ping between X.400 and RFC 822 addresses. This specification defines
how to represent and maintain these mappings (MIXER Conformant Global
Address Mappings of MCGAMs) in an X.500 or LDAP directory. Mechanisms
for representing OR Address and Domain hierarchies within the DIT.
These techniques are used to define two independent subtrees in the
DIT, which contain the mapping information.
RFC-2079 Definition of an X.500 Attribute Type and an Object Class to
Hold Uniform Resource Identifiers
http://www.ietf.org/rfc/rfc2079.txt
URLs are being widely used to specify the location of Internet
resources. There is an urgent need to be able to include URLs in
directories that conform to the LDAP and X.500 information models, and
a desire to include other types of URIs as they are defined. A number
of independent groups are already experimenting with the inclusion of
URLs in LDAP and X.500 directories. This document builds on the exper-
imentation to date and defines a new attribute type and an auxiliary
object class to allow URIs, including URLs, to be stored in directory
entries in a standard way.
Other LDAP Related RFCs - Best Current Practice
RFC-4521 Considerations for Lightweight Directory Access Protocol
(LDAP) Extensions
http://www.ietf.org/rfc/rfc4521.txt
The Lightweight Directory Access Protocol (LDAP) is extensible. It
provides mechanisms for adding new operations, extending existing
operations, and expanding user and system schemas. This document dis-
cusses considerations for designers of LDAP extensions.
RFC-4520 Internet Assigned Numbers Authority (IANA) Considerations for
the Lightweight Directory Access Protocol (LDAP)
http://www.ietf.org/rfc/rfc4520.txt
This document provides procedures for registering extensible elements
of the Lightweight Directory Access Protocol (LDAP). The document
also provides guidelines to the Internet Assigned Numbers Authority
(IANA) describing conditions under which new values can be assigned.
RFC-2148 Deployment of the Internet White Pages Service
http://www.ietf.org/rfc/rfc2148.txt
The Internet is used for information exchange and communication
between its users. It can only be effective as such if users are able
to find each other’s addresses. Therefore the Internet benefits from
an adequate White Pages Service, i.e., a directory service offering
(Internet) address information related to people and organizations.
This document describes the way in which the Internet White Pages Ser-
vice (from now on abbreviated as IWPS) is best exploited using today’s
experience, today’s protocols, today’s products and today’s proce-
dures.
Other LDAP Related RFCs - Informational
RFC-4525 Lightweight Directory Access Protocol (LDAP) Modify-Increment
Extension
http://www.ietf.org/rfc/rfc4525.txt
This document describes an extension to the Lightweight Directory
Access Protocol (LDAP) Modify operation to support an increment capa-
bility. This extension is useful in provisioning applications, espe-
cially when combined with the assertion control and/or the pre- read
or post-read control extension.
RFC-4403 Lightweight Directory Access Protocol (LDAP) Schema for Uni-
versal Description, Discovery, and Integration version 3 (UDDIv3)
http://www.ietf.org/rfc/rfc4403.txt
This document defines the Lightweight Directory Access Protocol
(LDAPv3) schema for representing Universal Description, Discovery, and
Integration (UDDI) data types in an LDAP directory. It defines the
LDAP object class and attribute definitions and containment rules to
model UDDI entities, defined in the UDDI version 3 information model,
in an LDAPv3-compliant directory.
RFC-4373 Lightweight Directory Access Protocol (LDAP) Bulk
Update/Replication Protocol (LBURP)
http://www.ietf.org/rfc/rfc4373.txt
The Lightweight Directory Access Protocol (LDAP) Bulk Update/Replica-
tion Protocol (LBURP) allows an LDAP client to perform a bulk update
to an LDAP server. The protocol frames a sequenced set of update
operations within a pair of LDAP extended operations to notify the
server that the update operations in the framed set are related in
such a way that the ordering of all operations can be preserved during
processing even when they are sent asynchronously by the client.
Update operations can be grouped within a single protocol message to
maximize the efficiency of client-server communication.
The protocol is suitable for efficiently making a substantial set of
updates to the entries in an LDAP server.
RFC-3944 H.350 Directory Services
http://www.ietf.org/rfc/rfc3944.txt
The International Telecommunications Union Standardization Sector
(ITU-T) has created the H.350 series of Recommendations that specify
directory services architectures in support of multimedia conferencing
protocols. The goal of the architecture is to ’directory enable’ mul-
timedia conferencing so that these services can leverage existing
identity management and enterprise directories. A particular goal is
to enable an enterprise or service provider to maintain a canonical
source of users and their multimedia conferencing systems, so that
multiple call servers from multiple vendors, supporting multiple pro-
tocols, can all access the same data store.
Because SIP is an IETF standard, the contents of H.350 and H.350.4 are
made available via this document to the IETF community. This document
contains the entire normative text of ITU-T Recommendations H.350 and
H.350.4 in sections 4 and 5, respectively. The remaining sections are
included only in this document, not in the ITU-T version.
RFC-3829 Lightweight Directory Access Protocol (LDAP) Authorization
Identity Request and Response Controls
http://www.ietf.org/rfc/rfc3829.txt
This document extends the Lightweight Directory Access Protocol (LDAP)
bind operation with a mechanism for requesting and returning the
authorization identity it establishes. Specifically, this document
defines the Authorization Identity Request and Response controls for
use with the Bind operation.
RFC-3712 Lightweight Directory Access Protocol (LDAP): Schema for
Printer Services
http://www.ietf.org/rfc/rfc3712.txt
This document defines a schema, object classes and attributes, for
printers and printer services, for use with directories that support
Lightweight Directory Access Protocol v3 (LDAP-TS). This document is
based on the printer attributes listed in Appendix E of Internet
Printing Protocol/1.1 (IPP) (RFC 2911). A few additional printer
attributes are based on definitions in the Printer MIB (RFC 1759).
RFC-3494 Lightweight Directory Access Protocol version 2 (LDAPv2) to
Historic Status
http://www.ietf.org/rfc/rfc3494.txt
This document recommends the retirement of version 2 of the
Lightweight Directory Access Protocol (LDAPv2) and other dependent
specifications, and discusses the reasons for doing so. This document
recommends RFC 1777, 1778, 1779, 1781, and 2559 (as well as documents
they superseded) be moved to Historic status.
RFC-3384 Lightweight Directory Access Protocol (version 3) Replication
Requirements
http://www.ietf.org/rfc/rfc3384.txt
This document discusses the fundamental requirements for replication
of data accessible via the Lightweight Directory Access Protocol (ver-
sion 3) (LDAPv3). It is intended to be a gathering place for general
replication requirements needed to provide interoperability between
informational directories.
RFC-3112 LDAP Authentication Password Schema
http://www.ietf.org/rfc/rfc3112.txt
This document describes schema in support of user/password authentica-
tion in a LDAP (Lightweight Directory Access Protocol) directory
including the authPassword attribute type. This attribute type holds
values derived from the user’s password(s) (commonly using crypto-
graphic strength one-way hash). authPassword is intended to used
instead of userPassword.
RFC-3045 Storing Vendor Information in the LDAP root DSE
http://www.ietf.org/rfc/rfc3045.txt
This document specifies two Lightweight Directory Access Protocol
(LDAP) attributes, vendorName and vendorVersion that MAY be included
in the root DSA-specific Entry (DSE) to advertise vendor-specific
information. These two attributes supplement the attributes defined
in section 3.4 of RFC 2251.
RFC-2985 PKCS #9: Selected Object Classes and Attribute Types Version
2.0
http://www.ietf.org/rfc/rfc2985.txt
This memo provides a selection of object classes and attribute types
for use in conjunction with public-key cryptography and Lightweight
Directory Access Protocol (LDAP) accessible directories. It also
includes ASN.1 syntax for all constructs.
RFC-2967 TISDAG - Technical Infrastructure for Swedish Directory
Access Gateways
http://www.ietf.org/rfc/rfc2967.txt
The strength of the TISDAG (Technical Infrastructure for Swedish
Directory Access Gateways) project’s DAG proposal is that it defines
the necessary technical infrastructure to provide a single-access-
point service for information on Swedish Internet users. The result-
ing service will provide uniform access for all information -- the
same level of access to information (7x24 service), and the same
information made available, irrespective of the service provider
responsible for maintaining that information, their directory service
protocols, or the end-user’s client access protocol.
RFC-2927 MIME Directory Profile for LDAP Schema
http://www.ietf.org/rfc/rfc2927.txt
This document defines a multipurpose internet mail extensions (MIME)
directory profile for holding a lightweight directory access protocol
(LDAP) schema. It is intended for communication with the Internet
schema listing service.
RFC-2926 Conversion of LDAP Schemas to and from SLP Templates
http://www.ietf.org/rfc/rfc2926.txt
This document describes a procedure for mapping between Service Loca-
tion Protocol (SLP) service advertisements and lightweight directory
access protocol (LDAP) descriptions of services. The document covers
two aspects of the mapping. One aspect is mapping between SLP service
type templates and LDAP directory schema. Because the SLP service
type template grammar is relatively simple, mapping from service type
templates to LDAP types is straightforward. Mapping in the other
direction is straightforward if the attributes are restricted to use
just a few of the syntaxes defined in RFC 2252. If arbitrary ASN.1
types occur in the schema, then the mapping is more complex and may
even be impossible. The second aspect is representation of service
information in an LDAP directory. The recommended representation sim-
plifies interoperability with SLP by allowing SLP directory agents to
backend into LDAP directory servers. The resulting system allows ser-
vice advertisements to propagate easily between SLP and LDAP.
RFC-2820 Access Control Requirements for LDAP
http://www.ietf.org/rfc/rfc2820.txt
This document describes the fundamental requirements of an access con-
trol list (ACL) model for the LDAP directory service. It is intended
to be a gathering place for access control requirements needed to pro-
vide authorized access to and interoperability between directories.
RFC-2798 Definition of the inetOrgPerson Object Class
http://www.ietf.org/rfc/rfc2798.txt
While the X.500 standards define many useful attribute types [X520]
and object classes [X521], they do not define a person object class
that meets the requirements found in today’s Internet and Intranet
directory service deployments. We define a new object class called
inetOrgPerson for use in LDAP and X.500 directory services that
extends the X.521 standard organizationalPerson class to meet these
needs.
RFC-2714 Schema for Representing CORBA Objects in an LDAP Directory
http://www.ietf.org/rfc/rfc2714.txt
CORBA is the Common Object Request Broker Architecture defined by the
Object Management Group. This document defines the schema for repre-
senting CORBA object references in an LDAP directory.
RFC-2713 Schema for Representing Java Objects in an LDAP Directory
http://www.ietf.org/rfc/rfc2713.txt
This document defines the schema for representing Java objects in an
LDAP directory. It defines schema elements to represent a Java serial-
ized object, a Java marshalled object, a Java remote object, and a
JNDI reference.
RFC-2696 LDAP Control Extension for Simple Paged Results Manipulation
http://www.ietf.org/rfc/rfc2696.txt
This document describes an LDAPv3 control extension for simple paging
of search results. This control extension allows a client to control
the rate at which an LDAP server returns the results of an LDAP search
operation. This control may be useful when the LDAP client has limited
resources and may not be able to process the entire result set from a
given LDAP query, or when the LDAP client is connected over a low-
bandwidth connection. Other operations on the result set are not
defined in this extension. This extension is not designed to provide
more sophisticated result set management.
RFC-1823 The LDAP Application Program Interface
http://www.ietf.org/rfc/rfc1823.txt
This document defines a C language application program interface to
LDAP, which is designed to be powerful, yet simple to use. It defines
compatible synchronous and asynchronous interfaces to LDAP to suit a
wide variety of applications. This document gives a brief overview of
the LDAP model, then an overview of how the API is used by an applica-
tion program to obtain LDAP information. The API calls are described
in detail, followed by an appendix that provides some example code
demonstrating the use of the API.
Other LDAP Related RFCs - Experimental
RFC-4533 The Lightweight Directory Access Protocol (LDAP) Content Syn-
chronization Operation
http://www.ietf.org/rfc/rfc4533.txt
This specification describes the Lightweight Directory Access Protocol
(LDAP) Content Synchronization Operation. The operation allows a
client to maintain a copy of a fragment of the Directory Information
Tree (DIT). It supports both polling for changes and listening for
changes. The operation is defined as an extension of the LDAP Search
Operation.
RFC-4531 Lightweight Directory Access Protocol (LDAP) Turn Operation
http://www.ietf.org/rfc/rfc4531.txt
This specification describes a Lightweight Directory Access Protocol
(LDAP) extended operation to reverse (or "turn") the roles of client
and server for subsequent protocol exchanges in the session, or to
enable each peer to act as both client and server with respect to the
other.
RFC-3663 Domain Administrative Data in Lightweight Directory Access
Protocol (LDAP)
http://www.ietf.org/rfc/rfc3663.txt
Domain registration data has typically been exposed to the general
public via Nicname/Whois for administrative purposes. This document
describes the Referral Lightweight Directory Access Protocol (LDAP)
Service, an experimental service using LDAP and well-known LDAP types
to make domain administrative data available.
RFC-3088 OpenLDAP Root Service - An experimental LDAP referral service
http://www.ietf.org/rfc/rfc3088.txt
The OpenLDAP Project is operating an experimental LDAP (Lightweight
Directory Access Protocol) referral service known as the "OpenLDAP
Root Service". The automated system generates referrals based upon
service location information published in DNS SRV RRs (Domain Name
System location of services resource records). This document
describes this service.
RFC-2657 LDAPv2 Client vs. the Index Mesh
http://www.ietf.org/rfc/rfc2657.txt
LDAPv2 clients as implemented according to RFC 1777 have no notion of
referral. The integration between such a client and an Index Mesh, as
defined by the Common Indexing Protocol, heavily depends on referrals
and therefore needs to be handled in a special way. This document
defines one possible way of doing this.
RFC-2649 Signed Directory Operations Using S/MIME
http://www.ietf.org/rfc/rfc2649.txt
This document defines an LDAPv3 based mechanism for signing directory
operations in order to create a secure journal of changes that have
been made to each directory entry. Both client and server based signa-
tures are supported. An object class for subsequent retrieval are
’journal entries’ is also defined. This document specifies LDAPv3 con-
trols that enable this functionality. It also defines an LDAPv3 schema
that allows for subsequent browsing of the journal information.
RFC-2307 An Approach for Using LDAP as a Network Information Service
http://www.ietf.org/rfc/rfc2307.txt
This document describes an experimental mechanism for mapping entities
related to TCP/IP and the UNIX system into X.500 entries so that they
may be resolved with the LDAP. A set of attribute types and object
classes are proposed, along with specific guidelines for interpreting
them. The intention is to assist the deployment of LDAP as an organi-
zational nameservice. No proposed solutions are intended as standards
for the Internet. Rather, it is hoped that a general consensus will
emerge as to the appropriate solution to such problems, leading even-
tually to the adoption of standards. The proposed mechanism has
already been implemented with some success.
Current Internet Drafts
draft-wahl-ldap-adminaddr -- Administrator Address Attribute
Organizations running multiple directory servers need an ability for
administrators to determine who is responsible for a particular
server. This is conceptually similar to the ’sysContact’ object of
SNMP. The administratorsAddress attribute allows a server administra-
tor to provide the contact information of the responsible party for an
LDAP server. This can be used by management clients which are, for
example, checking the state of a replication or referral topology, to
provide a way for the user of the management client to send email to
manager of a particular server.
draft-zeilenga-ldap-txn -- LDAP Transactions
Lightweight Directory Access Protocol (LDAP) update operations, such
as Add, Delete, and Modify operations, have atomic, consistency, iso-
lation, durability (ACID) properties. Each of these update operations
act upon an entry. However, It is often desirable to update two or
more entries in a single unit of interaction, a transaction. Transac-
tions are necessary to support a number of applications including
resource provisioning. This document defines an LDAP extension to
support transactions.
draft-joslin-config-schema -- A Configuration Profile Schema for LDAP-
based agents
This document consists of two primary components, a schema for agents
that make use of the Lightweight Directory Access protocol (LDAP) and
a proposed use case of that schema, for distributed configuration of
similar directory user agents. A set of attribute types and an
objectclass are proposed. In the proposed use case, directory user
agents (DUAs) can use this schema to determine directory data location
and access parameters for specific services they support. In addi-
tion, in the proposed use case, attribute and objectclass mapping
allows DUAs to re-configure their expected (default) schema to match
that of the end user’s environment. This document is intended to be a
skeleton for future documents that describe configuration of specific
DUA services.
draft-zeilenga-ldap-noop -- The LDAP No-Op Control
This document defines the Lightweight Directory Access Protocol (LDAP)
No-Op control which can be used to disable the normal effect of an
operation. The control can be used to discover how a server might
react to a particular update request without updating the directory.
draft-legg-ldap-transfer -- Lightweight Directory Access Protocol
(LDAP): Transfer Encoding Options
Each attribute stored in a Lightweight Directory Access Protocol
(LDAP) directory has a defined syntax (i.e., data type). A syntax
definition specifies how attribute values conforming to the syntax are
normally represented when transferred in LDAP operations. This repre-
sentation is referred to as the LDAP-specific encoding to distinguish
it from other methods of encoding attribute values. This document
introduces a new category of attribute options, called transfer encod-
ing options, that can be used to specify that the associated attribute
values are encoded according to one of these other methods.
draft-furuseth-ldap-untypedobject -- Structural object class ’namedOb-
ject’ for LDAP/X.500
This document defines an ’namedObject’ structural object class for the
Lightweight Directory Access Protocol (LDAP) and X.500. This is use-
ful for entries with no natural choice of structural object class,
e.g. if an entry must exist even though its contents are uninterest-
ing.
draft-zeilenga-ldap-dontusecopy -- The LDAP Don’t Use Copy Control
This document defines the Lightweight Directory Access Protocol (LDAP)
Don’t Use Copy control extension which allows a client to specify that
copied information should not be used in providing service. This con-
trol is based upon the X.511 dontUseCopy service control option.
draft-wahl-ldap-p3p -- P3P Policy Attributes for LDAP
This document defines attributes that can be retrieved via Lightweight
Directory Access Protocol version 3 (LDAP) requests, which contain
URIs pointing to the privacy policy documents. These documents
describe the privacy policy concerning access to a directory server,
and the privacy policies that apply to the contents of the directory
(a subtree of entries).
draft-legg-ldap-gser-ei -- Encoding Instructions for the Generic
String Encoding Rules (GSER)
Abstract Syntax Notation One (ASN.1) defines a general framework for
annotating types in an ASN.1 specification with encoding instructions
that alter how values of those types are encoded according to ASN.1
encoding rules. This document defines the supporting notation for
encoding instructions that apply to the Generic String Encoding Rules
(GSER), and in particular defines an encoding instruction to provide a
machine-processable representation for the declaration of a GSER
ChoiceOfStrings type.
draft-chu-ldap-xordered -- Ordered Entries and Values in LDAP
As LDAP is used more extensively for managing various kinds of data,
one often encounters a need to preserve both the ordering and the con-
tent of data, despite the inherently unordered structure of entries
and attribute values in the directory. This document describes a
scheme to attach ordering information to attributes in a directory so
that the ordering may be preserved and propagated to other LDAP appli-
cations.
draft-chu-ldap-logschema -- A Schema for Logging the LDAP Protocol
In order to facilitate remote administration and auditing of LDAP
server operation, it is desirable to provide the server’s operational
logs themselves as a searchable LDAP directory. These logs may also
be used as a persistent change log to support various replication
mechanisms. This document defines a schema that may be used to repre-
sent all of the requests that have been processed by an LDAP server.
It may be used by various applications for auditing, flight recorder,
replication, and other purposes.
draft-zeilenga-ldap-entrydn -- The LDAP entryDN Operational Attribute
This document describes the LDAP/X.500 ’entryDN’ operational
attribute. The attribute provides a copy of the entry’s distinguished
name for use in attribute value assertions.
draft-zeilenga-ldap-relax -- The LDAP Relax Rules Control
This document defines the Lightweight Directory Access Protocol (LDAP)
Relax Rules Control which allows a directory user agent (a client) to
request the directory service temporarily relax enforcement of various
data and service model rules.
draft-gpaterno-dhcp-ldap -- DHCP Option for LDAP Directory Services
discovery
This document defines a new DHCP option for delivering configuration
information for LDAP services. Through this option, the client
receives an LDAP URL [8] of the closest available LDAP server/replica
that can be used to authenticate users or look up any useful data.
draft-schleiff-ldap-xri -- LDAP Schema for eXtensible Resource Identi-
fier (XRI)
This document describes Attribute Types and an Object Class for use in
representing XRI (eXtensible Resource Identifier) values in LDAP
(Lightweight Directory Access Protocol) and X.500 directory services.
draft-wahl-ldap-session -- LDAP Session Tracking Control
Many network devices, application servers, and middleware components
of a enterprise software infrastructure generate some form of session
tracking identifiers, which are useful when analyzing activity and
accounting logs to group activity relating to a particular session.
This document discusses how Lightweight Directory Access Protocol ver-
sion 3 (LDAP) clients can include session tracking identifiers with
their LDAP requests. This information is provided through controls in
the requests the clients send to LDAP servers. The LDAP server
receiving these controls can include the session tracking identifiers
the the log messages it writes, enabling LDAP requests in the LDAP
server’s logs to be correlated with activity in logs of other compo-
nents in the infrastructure. The control also enables session track-
ing information to be generated by LDAP servers and returned to
clients and other servers. Three formats of session tracking identi-
fiers are defined in this document.
draft-wahl-ldap-subtree-source -- LDAP Subtree Data Source URI
Attribute
This document defines an attribute that enables administrative clients
using the Lightweight Directory Access Protocol (LDAP) to determine
the source of directory entries.
Expired but still interesting Internet Drafts
draft-ietf-ldapext-psearch -- Persistent Search: A Simple LDAP Change
Notification Mechanism
This document defines two controls that extend the LDAPv3 search oper-
ation to provide a simple mechanism by which an LDAP client can
receive notification of changes that occur in an LDAP server. The
mechanism is designed to be very flexible yet easy for clients and
servers to implement.
draft-ietf-ldapext-ldapv3-vlv -- LDAP Extensions for Scrolling View
Browsing of Search Results
This document describes a Virtual List View control extension for
the LDAP Search operation. This control is designed to allow the
"virtual list box" feature, common in existing commercial e-mail
address book applications, to be supported efficiently by LDAP
servers. LDAP servers’ inability to support this client feature is a
significant impediment to LDAP replacing proprietary protocols in
commercial e-mail systems.
The control allows a client to specify that the server return, for
a given LDAP search with associated sort keys, a contiguous subset of
the search result set. This subset is specified in terms of offsets
into the ordered list, or in terms of a greater than or equal compari-
son value.
perl v5.8.8 2008-10-27 Net::LDAP::RFC(3)
