xref: /netbsd-src/external/bsd/openldap/dist/doc/drafts/draft-stroeder-namedobject-xx.txt (revision e670fd5c413e99c2f6a37901bb21c537fcd322d2) 
1
2
3
4Network Working Group                                        M. Stroeder
5Internet-Draft                                           January 7, 2013
6Intended status: Informational
7Expires: July 11, 2013
8
9
10             Lightweight Directory Access Protocol (LDAP):
11              Structural Object Classes for Named Objects
12                     draft-stroeder-namedobject-01
13
14Abstract
15
16   This document defines structural object classes that can be used when
17   no other structural object class seems suitable.  Especially the
18   object classes will give the possibility to associate a common name
19   and a free-form description with the object.
20
21Status of this Memo
22
23   This Internet-Draft is submitted in full conformance with the
24   provisions of BCP 78 and BCP 79.
25
26   Internet-Drafts are working documents of the Internet Engineering
27   Task Force (IETF).  Note that other groups may also distribute
28   working documents as Internet-Drafts.  The list of current Internet-
29   Drafts is at http://datatracker.ietf.org/drafts/current/.
30
31   Internet-Drafts are draft documents valid for a maximum of six months
32   and may be updated, replaced, or obsoleted by other documents at any
33   time.  It is inappropriate to use Internet-Drafts as reference
34   material or to cite them other than as "work in progress."
35
36   This Internet-Draft will expire on July 11, 2013.
37
38Copyright Notice
39
40   Copyright (c) 2013 IETF Trust and the persons identified as the
41   document authors.  All rights reserved.
42
43   This document is subject to BCP 78 and the IETF Trust's Legal
44   Provisions Relating to IETF Documents
45   (http://trustee.ietf.org/license-info) in effect on the date of
46   publication of this document.  Please review these documents
47   carefully, as they describe your rights and restrictions with respect
48   to this document.  Code Components extracted from this document must
49   include Simplified BSD License text as described in Section 4.e of
50   the Trust Legal Provisions and are provided without warranty as
51   described in the Simplified BSD License.
52
53
54
55Stroeder                  Expires July 11, 2013                 [Page 1]
56
57Internet-Draft             LDAP Named Objects               January 2013
58
59
60Table of Contents
61
62   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
63   2.  Object Class Definitions  . . . . . . . . . . . . . . . . . . . 3
64     2.1.  'namedObject' . . . . . . . . . . . . . . . . . . . . . . . 3
65     2.2.  'namedPolicy' . . . . . . . . . . . . . . . . . . . . . . . 4
66   3.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . 4
67   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4
68   5.  Security Considerations . . . . . . . . . . . . . . . . . . . . 4
69   6.  References  . . . . . . . . . . . . . . . . . . . . . . . . . . 5
70     6.1.  Normative References  . . . . . . . . . . . . . . . . . . . 5
71     6.2.  Informative References  . . . . . . . . . . . . . . . . . . 5
72   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . . . 5
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111Stroeder                  Expires July 11, 2013                 [Page 2]
112
113Internet-Draft             LDAP Named Objects               January 2013
114
115
1161.  Introduction
117
118   Standards for LDAP directories often define additional schema
119   elements, especially auxiliary object classes that are intended to
120   hold various attributes needed by that standard.  When adding entries
121   with such an auxiliary object class it is up to the directory
122   operator to choose an appropriate structural object class required to
123   add the entry.  Often the structural object classes used were defined
124   for other purposes and thus seem too complex for this simple purpose.
125
126   Inspired by unfinished [I-D.howard-namedobject] this document defines
127   structural object classes, 'namedObject' and 'namedPolicy'.  Only
128   attributes defined in [RFC4519] and [RFC4524] are used within these
129   simple object classes.  Arbitrary auxiliary object classes may be
130   thus associated with entries which have such a structural object
131   class.
132
133   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
134   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
135   document are to be interpreted as described in [RFC2119].
136
137   This document is being discussed on the ldapext@ietf.org mailing
138   list.
139
140
1412.  Object Class Definitions
142
143   The object classes definitions in this section are using the
144   attributes 'cn' and 'description' defined in [RFC4519] and
145   'uniqueIdentifier' defined in [RFC4524].
146
147   If the optional attribute 'uniqueIdentifier' contains a value it
148   SHOULD be used to form the RDN of the entry.  Otherwise the
149   mandantory attribute 'cn' SHOULD be used to form the RDN of the entry
150   if there are no other appropriate naming attributes available.  Other
151   attributes allowed by auxiliary classes also MAY be used for naming
152   purposes.
153
154   LDAP clients displaying a list of entries of these object classes
155   SHOULD use mandantory attribute 'cn' to display select lists, hyper-
156   links etc.
157
1582.1.  'namedObject'
159
160   The 'namedObject' object class definition is the basis of an entry
161   that represents an arbitrary named object.  The attribute 'cn' MUST
162   be added to the entry.  The attributes 'uniqueIdentifier' and
163   'description' MAY be added to the entry.
164
165
166
167Stroeder                  Expires July 11, 2013                 [Page 3]
168
169Internet-Draft             LDAP Named Objects               January 2013
170
171
172   ( 1.3.6.1.4.1.5427.1.389.6.20
173     NAME 'namedObject'
174     SUP top
175     STRUCTURAL
176     MUST cn
177     MAY ( uniqueIdentifier $ description ) )
178
1792.2.  'namedPolicy'
180
181   The 'namedPolicy' object class definition is sub-classed from
182   'namedObject'.  It SHOULD only be used for entries which represents
183   an arbitrary policy.  A typical example would be to use it along with
184   auxiliary object class 'pwdPolicy' defined in
185   [I-D.behera-ldap-password-policy].
186
187   The rationale for an extra structural object class is to have the
188   possibility to associate a specific set of policy-related auxiliary
189   object classes without having to restrict the more general
190   'namedObject' class.
191
192   ( 1.3.6.1.4.1.5427.1.389.6.21
193     NAME 'namedPolicy'
194     SUP namedObject
195     STRUCTURAL )
196
197
1983.  Acknowledgements
199
200   The 'namedObject' object class definition in this document supersedes
201   the specification of the 'namedObject' in [I-D.howard-namedobject] by
202   L. Howard.
203
204
2054.  IANA Considerations
206
207   The OID arc used for the object class defintions is:
208   iso(1) org(3) dod(6) internet(1) private(4) enter-prise(1)
209   stroeder.com(5427) public(1) ldap(389) objectClasses(6)
210
211
2125.  Security Considerations
213
214   The introduction of these object classes does not impact the security
215   of the Internet or a particular LDAP directory service.
216
217   Security considerations for LDAP in general are discussed in
218   documents comprising the technical specification [RFC4510].
219
220
221
222
223Stroeder                  Expires July 11, 2013                 [Page 4]
224
225Internet-Draft             LDAP Named Objects               January 2013
226
227
2286.  References
229
2306.1.  Normative References
231
232   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
233              Requirement Levels", BCP 14, RFC 2119, March 1997.
234
235   [RFC4510]  Zeilenga, K., "Lightweight Directory Access Protocol
236              (LDAP): Technical Specification Road Map", RFC 4510,
237              June 2006.
238
239   [RFC4519]  Sciberras, A., "Lightweight Directory Access Protocol
240              (LDAP): Schema for User Applications", RFC 4519,
241              June 2006.
242
243   [RFC4524]  Zeilenga, K., "COSINE LDAP/X.500 Schema", RFC 4524,
244              June 2006.
245
2466.2.  Informative References
247
248   [I-D.behera-ldap-password-policy]
249              Sermersheim, J., Poitou, L., and H. Chu, "Password Policy
250              for LDAP Directories",
251              draft-behera-ldap-password-policy-10 (work in progress),
252              August 2009.
253
254   [I-D.howard-namedobject]
255              Howard, L., "A Structural Object Class for Arbitrary
256              Auxiliary Object Classes", draft-howard-namedobject-00
257              (work in progress), June 2002.
258
259
260Author's Address
261
262   Michael Stroeder
263   Karlsruhe
264   Germany
265
266   Email: michael@stroeder.com
267   URI:   http://www.stroeder.com
268
269
270
271
272
273
274
275
276
277
278
279Stroeder                  Expires July 11, 2013                 [Page 5]
280
281