Red Hat SummitChapter 5. Directory Entry Schema Reference
5.1. About Directory Server Schema
This chapter provides an overview of some of the basic concepts of the directory schema and lists the files in which the schema is described. It describes object classes, attributes, and object identifiers (OIDs) and briefly discusses extending server schema and schema checking.
5.1.1. Schema Definitions
The directory schema is a set of rules that defines how data can be stored in the directory. Directory information is stored discrete entries, and each entry is comprised of a set of attributes and their values. The kind of identity being described in the entry is defined in the entry’s object classes. An object class specifies the kind of object the entry describes through the defined set of attributes for the object class.
Basically, the schema files are lists of the kinds of entries that can be create (the object classes) and the ways that those entries can be described (the attributes). The schema defines what the object classes and attributes are. The schema also defines the format that the attribute values contain (the attribute’s syntax) and whether there can only be a single instance of that attribute.
Additional schema files can be added to the Directory Server configuration and loaded in the server, so the schema is customizable and can be extended as required.
For more detailed information about object classes, attributes, and how the Directory Server uses the schema, see the Deployment Guide.
The Directory Server fails to start if the schema definitions contain too few or too many characters. Use exactly one space in those places where the LDAP standards allow the use of zero or many spaces; for example, the place between the NAME keyword and the name of an attribute type.
5.1.1.1. Object Classes
In LDAP, an object class defines the set of attributes that can be used to define an entry. The LDAP standard provides object classes for many common types of entries, such as people (person and inetOrgPerson), groups (groupOfUniqueNames), locations (locality), organizations and divisions (organization and organizationalUnit), and equipment (device).
In a schema file, an object class is identified by the objectclasses line, then followed by its OID, name, a description, its direct superior object class (an object class which is required to be used in conjunction with the object class and which shares its attributes with this object class), and the list of required (MUST) and allowed (MAY) attributes.
This is shown in Example 5.1, “person Object Class Schema Entry”.
Example 5.1. person Object Class Schema Entry
objectClasses: ( 2.5.6.6 NAME 'person' DESC 'Standard LDAP objectclass' SUP top MUST ( sn $ cn ) MAY ( description $ seeAlso $ telephoneNumber $ userPassword ) X-ORIGIN 'RFC 2256' )5.1.1.1.1. Required and Allowed Attributes
Every object class defines a number of required attributes and of allowed attributes. Required attributes must be present in entries using the specified object class, while allowed attributes are permissible and available for the entry to use, but are not required for the entry to be valid.
As in Example 5.1, “person Object Class Schema Entry”, the person object class requires the cn, sn, and objectClass attributes and allows the description, seeAlso, telephoneNumber, and userPassword attributes.
All entries require the objectClass attribute, which lists the object classes assigned to the entry.
5.1.1.1.2. Object Class Inheritance
An entry can have more than one object class. For example, the entry for a person is defined by the person object class, but the same person may also be described by attributes in the inetOrgPerson and organizationalPerson object classes.
Additionally, object classes can be hierarchical. An object class can inherit attributes from another class, in addition to its own required and allowed attributes. The second object class is the superior object class of the first.
The server’s object class structure determines the list of required and allowed attributes for a particular entry. For example, a user’s entry has to have the inetOrgPerson object class. In that case, the entry must also include the superior object class for inetOrgPerson, organizationalPerson, and the superior object class for organizationalPerson, which is person:
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
When the inetOrgPerson object class is assigned to an entry, the entry automatically inherits the required and allowed attributes from the superior object classes.
5.1.1.2. Attributes
Directory entries are composed of attributes and their values. These pairs are called attribute-value assertions or AVAs. Any piece of information in the directory is associated with a descriptive attribute. For instance, the cn attribute is used to store a person’s full name, such as cn: John Smith.
Additional attributes can supply additional information about John Smith:
givenname: John
surname: Smith
mail: jsmith@example.com
In a schema file, an attribute is identified by the attributetypes line, then followed by its OID, name, a description, syntax (allowed format for its value), optionally whether the attribute is single- or multi-valued, and where the attribute is defined.
This is shown in Example 5.2, “description Attribute Schema Entry”.
Example 5.2. description Attribute Schema Entry
attributetypes: ( 2.5.4.13 NAME 'description' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' )Some attributes can be abbreviated. These abbreviations are listed as part of the attribute definition:
attributetypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) ...5.1.1.2.1. Directory Server Attribute Syntaxes
The attribute’s syntax defines the format of the values which the attribute allows; as with other schema elements, the syntax is defined for an attribute using the syntax’s OID in the schema file entry. In the Directory Server Console, the syntax is referenced by its friendly name.
The Directory Server uses the attribute’s syntax to perform sorting and pattern matching on entries.
For more information about LDAP attribute syntaxes, see RFC 4517.
| Name | OID | Definition |
|---|---|---|
| Binary | 1.3.6.1.4.1.1466.115.121.1.5 | Deprecated. Use Octet string instead. |
| Bit String | 1.3.6.1.4.1.1466.115.121.1.6 |
For values which are bitstings, such as |
| Boolean | 1.3.6.1.4.1.1466.115.121.1.7 | For attributes with only two allowed values, TRUE or FALSE. |
| Country String | 1.3.6.1.4.1.1466.115.121.1.11 | For values which are limited to exactly two printable string characters; for example, US for the United States. |
| DN | 1.3.6.1.4.1.1466.115.121.1.12 | For values which are distinguished names (DNs). |
| Delivery Method | 1.3.6.1.4.1.1466.115.121.1.14 | For values which are contained a preferred method of delivering information or contacting an entity. The different values are separated by a dollar sign ($). For example: [literal,subs="+quotes,verbatim"] …. telephone $ physical …. |
| Directory String | 1.3.6.1.4.1.1466.115.121.1.15 | For values which are valid UTF-8 strings. These values are not necessarily case-insensitive. Both case-sensitive and case-insensitive matching rules are available for Directory String and related syntaxes. |
| Enhanced Guide | 1.3.6.1.4.1.1466.115.121.1.21 | For values which contain complex search parameters based on attributes and filters. |
| Facsimile | 1.3.6.1.4.1.1466.115.121.1.22 | For values which contain fax numbers. |
| Fax | 1.3.6.1.4.1.1466.115.121.1.23 | For values which contain the images of transmitted faxes. |
| Generalized Time | 1.3.6.1.4.1.1466.115.121.1.24 | For values which are encoded as printable strings. The time zone must be specified. It is strongly recommended to use GMT time. |
| Guide | 1.3.6.1.4.1.1466.115.121.1.25 | Obsolete. For values which contain complex search parameters based on attributes and filters. |
| IA5 String | 1.3.6.1.4.1.1466.115.121.1.26 | For values which are valid strings. These values are not necessarily case-insensitive. Both case-sensitive and case-insensitive matching rules are available for IA5 String and related syntaxes. |
| Integer | 1.3.6.1.4.1.1466.115.121.1.27 | For values which are whole numbers. |
| JPEG | 1.3.6.1.4.1.1466.115.121.1.28 | For values which contain image data. |
| Name and Optional UID | 1.3.6.1.4.1.1466.115.121.1.34 | For values which contain a combination value of a DN and (optional) unique ID. |
| Numeric String | 1.3.6.1.4.1.1466.115.121.1.36 | For values which contain a string of both numerals and spaces. |
| OctetString | 1.3.6.1.4.1.1466.115.121.1.40 | For values which are binary; this replaces the binary syntax. |
| Object Class Description | 1.3.6.1.4.1.1466.115.121.1.37 | For values which contain object class definitions. |
| OID | 1.3.6.1.4.1.1466.115.121.1.38 | For values which contain OID definitions. |
| Postal Address | 1.3.6.1.4.1.1466.115.121.1.41 |
For values which are encoded in the format [literal,subs="+quotes,verbatim"] …. 1234 Main St.$Raleigh, NC 12345$USA …. Each dstring component is encoded as a DirectoryString value. Backslashes and dollar characters, if they occur, are quoted, so that they will not be mistaken for line delimiters. Many servers limit the postal address to 6 lines of up to thirty characters. |
| Printable String | 1.3.6.1.4.1.1466.115.121.1.44 | For values which contain printable strings. |
| Space-Insensitive String | 2.16.840.1.113730.3.7.1 | For values which contain space-insensitive strings. |
| TelephoneNumber | 1.3.6.1.4.1.1466.115.121.1.50 | For values which are in the form of telephone numbers. It is recommended to use telephone numbers in international form. |
| Teletex Terminal Identifier | 1.3.6.1.4.1.1466.115.121.1.51 | For values which contain an international telephone number. |
| Telex Number | 1.3.6.1.4.1.1466.115.121.1.52 | For values which contain a telex number, country code, and answerback code of a telex terminal. |
| URI |
For values in the form of a URL, introduced by a string such as |
5.1.1.2.2. Single- and Multi-Valued Attributes
By default, most attributes are multi-valued. This means that an entry can contain the same attribute multiple times, with different values. For example:
dn: uid=jsmith,ou=marketing,ou=people,dc=example,dc=com
ou: marketing
ou: people
The cn, tel, and objectclass attributes, for example, all can have more than one value. Attributes that are single-valued — that is, only one instance of the attribute can be specified — are specified in the schema as only allowing a single value. For example, uidNumber can only have one possible value, so its schema entry has the term SINGLE-VALUE. If the attribute is multi-valued, there is no value expression.
5.1.2. Default Directory Server Schema Files
Template schema definitions for Directory Server are stored in the /etc/dirsrv/schema directory. These default schema files are used to generate the schema files for new Directory Server instances. Each server instance has its own instance-specific schema directory in /etc/dirsrv/slapd-instance/schema. The schema files in the instance directory are used only by that instance.
To modify the directory schema, create new attributes and new object classes in the instance-specific schema directory. Because the default schema is used for creating new instances and each individual instance has its own schema files, it is possible to have slightly different schema for each instance, matching the use of each instance.
Any custom attributes added using the Directory Server Console or LDAP commands are stored in the 99user.ldif file; other custom schema files can be added to the /etc/dirsrv/slapd-instance/schema directory for each instance. Do not make any modifications with the standard files that come with Red Hat Directory Server.
For more information about how the Directory Server stores information and suggestions for planning directory schema, see the Deployment Guide.
| Schema File | Purpose |
|---|---|
| 00core.ldif | Recommended core schema from the X.500 and LDAP standards (RFCs). This schema is used by the Directory Server itself for the instance configuration and to start the server instance. |
| 01core389.ldif | Recommended core schema from the X.500 and LDAP standards (RFCs). This schema is used by the Directory Server itself for the instance configuration and to start the server instance. |
| 02common.ldif | Standard-related schema from RFC 2256, LDAPv3, and standard schema defined by Directory Server which is used to configure entries. |
| 05rfc2927.ldif | Schema from RFC 2927, "MIME Directory Profile for LDAP Schema." |
| 05rfc4523.ldif | Schema definitions for X.509 certificates. |
| 05rfc4524.ldif | Cosine LDAP/X.500 schema. |
| 06inetorgperson.ldif | inetorgperson schema elements from RFC 2798, RFC 2079, and part of RFC 1274. |
| 10rfc2307.ldif | Schema from RFC 2307, "An Approach for Using LDAP as a Network Information Service." |
| 20subscriber.ldif | Common schema element for Directory Server-Nortel subscriber interoperability. |
| 25java-object.ldif | Schema from RFC 2713, "Schema for Representing Java Objects in an LDAP Directory." |
| 28pilot.ldif | Schema from the pilot RFCs, especially RFC 1274, that are no longer recommended for use in new deployments. |
| 30ns-common.ldif | Common schema. |
| 50ns-admin.ldif | Schemas used by the Administration Server. |
| 50ns-certificate.ldif | Schemas used by Red Hat Certificate System. |
| 50ns-directory.ldif | Schema used by legacy Directory Server 4.x servers. |
| 50ns-mail.ldif | Schema for mail servers. |
| 50ns-value.ldif | Schema for value items in Directory Server. |
| 50ns-web.ldif | Schema for web servers. |
| 60autofs.ldif | Object classes for automount configuration; this is one of several schema files used for NIS servers. |
| 60eduperson.ldif | Schema elements for education-related people and organization entries. |
| 60mozilla.ldif | Schema elements for Mozilla-related user profiles. |
| 60nss-ldap.ldif | Schema elements for GSS-API service names. |
| 60pam-plugin.ldif | Schema elements for integrating directory services with PAM modules. |
| 60pureftpd.ldif | Schema elements for defining FTP user accounts. |
| 60rfc2739.ldif | Schema elements for calendars and vCard properties. |
| 60rfc3712.ldif | Schema elements for configuring printers. |
| 60sabayon.ldif | Schema elements for defining sabayon user entries. |
| 60sudo.ldif | Schema elements for defining sudo users and roles. |
| 60trust.ldif | Schema elements for defining trust relationships for NSS or PAM. |
| 99user.ldif | Custom schema elements added through the Directory Server Console. |
5.1.3. Object Identifiers (OIDs)
All schema elements have object identifiers (OIDs) assigned to them, including attributes and object classes. An OID is a sequence of integers, usually written as a dot-separated string. All custom attributes and classes must conform to the X.500 and LDAP standards.
If an OID is not specified for a schema element, Directory Server automatically uses ObjectClass_name-oid and attribute_name-oid. However, using text OIDs instead of numeric OIDs can lead to problems with clients, server interoperability, and server behavior, assigning a numeric OID is strongly recommended.
OIDs can be built on. The base OID is a root number which is used for every schema element for an organization, and then schema elements can be incremented from there. For example, a base OID could be 1. The company then uses 1.1 for attributes, so every new attribute has an OID of 1.1.x. It uses 1.2 for object classes, so every new object class has an OID of 1.2.x.
For Directory Server-defined schema elements, the base OIDs are as follows:
-
The Netscape base OID is
2.16.840.1.113730. -
The Directory Server base OID is
2.16.840.1.113730.3. -
All Netscape-defined attributes have the base OID
2.16.840.1.113370.3.1. -
All Netscape-defined object classes have the base OID
2.16.840.1.113730.3.2.
For more information about OIDs or to request a prefix, go to the Internet Assigned Number Authority (IANA) website at http://www.iana.org/.
5.1.4. Extending the Schema
The Directory Server schema includes hundreds of object classes and attributes that can be used to meet most of directory requirements. This schema can be extended with new object classes and attributes that meet evolving requirements for the directory service in the enterprise by creating custom schema files.
When adding new attributes to the schema, a new object class should be created to contain them. Adding a new attribute to an existing object class can compromise the Directory Server’s compatibility with existing LDAP clients that rely on the standard LDAP schema and may cause difficulties when upgrading the server.
For more information about extending server schema, see the Deployment Guide.
5.1.5. Schema Checking
Schema checking means that the Directory Server checks every entry when it is created, modified, or in a database imported using LDIF to make sure that it complies with the schema definitions in the schema files. Schema checking verifies three things:
- Object classes and attributes used in the entry are defined in the directory schema.
- Attributes required for an object class are contained in the entry.
- Only attributes allowed by the object class are contained in the entry.
You should run Directory Server with schema checking turned on. For information on enabling schema checking, see the Administration Guide.
5.1.6. Syntax Validation
Syntax validation means that the Directory Server checks that the value of an attribute matches the required syntax for that attribute. For example, syntax validation will confirm that a new telephoneNumber attribute actually has a valid telephone number for its value.
With its basic configuration, syntax validation (like schema checking) will check any directory modification to make sure the attribute value matches the required syntax and will reject any modifications that violate the syntax. Optionally, syntax validation can be configured to log warning messages about syntax violations, and either reject the change or allow the modification process to succeed.
All syntaxes are validated against RFC 4514, except for DNs. By default, DNs are validated against RFC 1779 or RFC 2253, which are less strict than RFC 4514. Strict validation for DNs has to be explicitly configured.
This feature checks all attribute syntaxes listed in Table 5.1, “Supported LDAP Attribute Syntaxes”, with the exception of binary syntaxes (which cannot be verified) and non-standard syntaxes, which do not have a defined required format. The unvalidated syntaxes are as follows:
- Fax (binary)
- OctetString (binary)
- JPEG (binary)
- Binary (non-standard)
- Space Insensitive String (non-standard)
- URI (non-standard)
When syntax validation is enabled, new attribute values are checked whenever an attribute is added or modified to an entry. (This does not include replication changes, since the syntax would have been checked on the supplier server.) It is also possible to check existing attribute values for syntax violations by running the syntax-validation.pl script.
For information on options for syntax validation, see the Administration Guide.
5.2. Entry Attribute Reference
The attributes listed in this reference are manually assigned or available to directory entries. The attributes are listed in alphabetical order with their definition, syntax, and OID.
5.2.1. abstract
The abstract attribute contains an abstract for a document entry.
| OID | 0.9.2342.19200300.102.1.9 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Internet White Pages Pilot |
5.2.2. accessTo
This attribute defines what specific hosts or servers a user is allowed to access.
| OID | 5.3.6.1.1.1.1.1 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | nss_ldap/pam_ldap |
5.2.3. accountInactivityLimit
The accountInactivityLimit attribute sets the time period, in seconds, from the last login time of an account before that account is locked for inactivity.
| OID | 1.3.6.1.4.1.11.1.3.2.1.3 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Directory Server |
5.2.4. acctPolicySubentry
The acctPolicySubentry attribute identifies any entry which belongs to an account policy (specifically, an account lockout policy). The value of this attribute points to the account policy which is applied to the entry.
This can be set on an individual user entry or on a CoS template entry or role entry.
| OID | 1.3.6.1.4.1.11.1.3.2.1.2 |
| Syntax | DN |
| Multi- or Single-Valued | Single-valued |
| Defined in | Directory Server |
5.2.5. administratorContactInfo
This attribute contains the contact information for the LDAP or server administrator.
| OID | 2.16.840.1.113730.3.1.74 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.6. adminRole
This attribute contains the role assigned to the user identified in the entry.
| OID | 2.16.840.1.113730.3.1.601 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape Administration Services |
5.2.7. adminUrl
This attribute contains the URL of the Administration Server.
| OID | 2.16.840.1.113730.3.1.75 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.8. aliasedObjectName
The aliasedObjectName attribute is used by the Directory Server to identify alias entries. This attribute contains the DN (distinguished name) for the entry for which this entry is the alias. For example:
aliasedObjectName: uid=jdoe,ou=people,dc=example,dc=com| OID | 2.5.4.1 |
| Syntax | DN |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.9. associatedDomain
The associatedDomain attribute contains the DNS domain associated with the entry in the directory tree. For example, the entry with the distinguished name c=US,o=Example Corporation has the associated domain of EC.US. These domains should be represented in RFC 822 order.
associatedDomain:US| OID | 0.9.2342.19200300.100.1.37 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.10. associatedName
The associatedName identifies an organizational directory tree entry associated with a DNS domain. For example:
associatedName: c=us| OID | 0.9.2342.19200300.100.1.38 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.11. attributeTypes
This attribute is used in a schema file to identify an attribute defined within the subschema.
| OID | 2.5.21.5 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.12. audio
The audio attribute contains a sound file using a binary format. This attribute uses a u-law encoded sound data. For example:
audio:: AAAAAA==| OID | 0.9.2342.19200300.100.1.55 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.13. authorCn
The authorCn attribute contains the common name of the document’s author. For example:
authorCn: John Smith| OID | 0.9.2342.19200300.102.1.11 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Internet White Pages Pilot |
5.2.14. authorityRevocationList
The authorityRevocationList attribute contains a list of revoked CA certificates. This attribute should be requested and stored in a binary format, like authorityRevocationList;binary. For example:
authorityrevocationlist;binary:: AAAAAA==| OID | 2.5.4.38 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.15. authorSn
The authorSn attribute contains the last name or family name of the author of a document entry. For example:
authorSn: Smith| OID | 0.9.2342.19200300.102.1.12 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Internet White Pages Pilot |
5.2.16. automountInformation
This attribute contains information used by the autofs automounter.
The automountInformation attribute is defined in 60autofs.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 60autofs.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.33 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.17. bootFile
This attribute contains the boot image file name.
The bootFile attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.24 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.18. bootParameter
This attribute contains the value for rpc.bootparamd.
The bootParameter attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.23 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.19. buildingName
The buildingName attribute contains the building name associated with the entry. For example:
buildingName: 14| OID | 0.9.2342.19200300.100.1.48 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.20. businessCategory
The businessCategory attribute identifies the type of business in which the entry is engaged. The attribute value should be a broad generalization, such as a corporate division level. For example:
businessCategory: Engineering| OID | 2.5.4.15 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.21. c (countryName)
The countryName, or c, attribute contains the two-character country code to represent the country names. The country codes are defined by the ISO. For example:
countryName: GB
c: US| OID | 2.5.4.6 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.22. cACertificate
The cACertificate attribute contains a CA certificate. The attribute should be requested and stored binary format, such as cACertificate;binary. For example:
cACertificate;binary:: AAAAAA==| OID | 2.5.4.37 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.23. carLicense
The carLicense attribute contains an entry’s automobile license plate number. For example:
carLicense: 6ABC246| OID | 2.16.840.1.113730.3.1.1 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.24. certificateRevocationList
The certificateRevocationList attribute contains a list of revoked user certificates. The attribute value is to be requested and stored in binary form, as certificateACertificate;binary. For example:
certificateRevocationList;binary:: AAAAAA==| OID | 2.5.4.39 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.25. cn (commonName)
The commonName attribute contains the name of an entry. For user entries, the cn attribute is typically the person’s full name. For example:
commonName: John Smith
cn: Bill Anderson
With the LDAPReplica or LDAPServerobject object classes, the cn attribute value has the following format:
cn: replicater.example.com:17430/dc%3Dexample%2Cdc%3com| OID | 2.5.4.3 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.26. co (friendlyCountryName)
The friendlyCountryName attribute contains a country name; this can be any string. Often, the country is used with the ISO-designated two-letter country code, while the co attribute contains a readable country name. For example:
friendlyCountryName: Ireland
co: Ireland| OID | 0.9.2342.19200300.100.1.43 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.27. cosAttribute
The cosAttribute contains the name of the attribute for which to generate a value for the CoS. There can be more than one cosAttribute value specified. This attribute is used by all types of CoS definition entries.
| OID | 2.16.840.1.113730.3.1.550 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.28. cosIndirectSpecifier
The cosIndirectSpecifier specifies the attribute values used by an indirect CoS to identify the template entry.
| OID | 2.16.840.1.113730.3.1.577 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Directory Server |
5.2.29. cosPriority
The cosPriority attribute specifies which template provides the attribute value when CoS templates compete to provide an attribute value. This attribute represents the global priority of a template. A priority of zero is the highest priority.
| OID | 2.16.840.1.113730.3.1.569 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in | Directory Server |
5.2.30. cosSpecifier
The cosSpecifier attribute contains the attribute value used by a classic CoS, which, along with the template entry’s DN, identifies the template entry.
| OID | 2.16.840.1.113730.3.1.551 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Directory Server |
5.2.31. cosTargetTree
The cosTargetTree attribute defines the subtrees to which the CoS schema applies. The values for this attribute for the schema and for multiple CoS schema may overlap their target trees arbitrarily.
| OID | 2.16.840.1.113730.3.1.552 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Directory Server |
5.2.32. cosTemplateDn
The cosTemplateDn attribute contains the DN of the template entry which contains a list of the shared attribute values. Changes to the template entry attribute values are automatically applied to all the entries within the scope of the CoS. A single CoS might have more than one template entry associated with it.
| OID | 2.16.840.1.113730.3.1.553 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Directory Server |
5.2.33. crossCertificatePair
The value for the crossCertificatePair attribute must be requested and stored in binary format, such as certificateCertificateRepair;binary. For example:
crossCertificatePair;binary:: AAAAAA==| OID | 2.5.4.40 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.34. dc (domainComponent)
The dc attribute contains one component of a domain name. For example:
dc: example
domainComponent: example| OID | 0.9.2342.19200300.100.1.25 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.35. deltaRevocationList
The deltaRevocationList attribute contains a certificate revocation list (CRL). The attribute value is requested and stored in binary format, such as deltaRevocationList;binary.
| OID | 2.5.4.53 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.36. departmentNumber
The departmentNumber attribute contains an entry’s department number. For example:
departmentNumber: 2604| OID | 2.16.840.1.113730.3.1.2 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.37. description
The description attribute provides a human-readable description for an entry. For person or organization object classes, this can be used for the entry’s role or work assignment. For example:
description: Quality control inspector for the ME2873 product line.| OID | 2.5.4.13 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.38. destinationIndicator
The destinationIndicator attribute contains the city and country associated with the entry. This attribute was once required to provide public telegram service and is generally used in conjunction with the registeredAddress attribute. For example:
destinationIndicator: Stow, Ohio, USA| OID | 2.5.4.27 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.39. displayName
The displayName attributes contains the preferred name of a person to use when displaying that person’s entry. This is especially useful for showing the preferred name for an entry in a one-line summary list. Since other attribute types, such as cn, are multi-valued, they cannot be used to display a preferred name. For example:
displayName: John Smith| OID | 2.16.840.1.113730.3.1.241 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.40. dITRedirect
The dITRedirect attribute indicates that the object described by one entry now has a newer entry in the directory tree. This attribute may be used when an individual’s place of work changes, and the individual acquires a new organizational DN.
dITRedirect: cn=jsmith,dc=example,dc=com| OID | 0.9.2342.19200300.100.1.54 |
| Syntax | DN |
| Defined in |
5.2.41. dmdName
The dmdName attribute value specifies a directory management domain (DMD), the administrative authority that operates the Directory Server.
| OID | 2.5.4.54 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.42. dn (distinguishedName)
The dn attribute contains an entry’s distinguished name. For example:
dn: uid=Barbara Jensen,ou=Quality Control,dc=example,dc=com| OID | 2.5.4.49 |
| Syntax | DN |
| Defined in |
5.2.43. dNSRecord
The dNSRecord attribute contains DNS resource records, including type A (Address), type MX (Mail Exchange), type NS (Name Server), and type SOA (Start of Authority) resource records. For example:
dNSRecord: IN NS ns.uu.net| OID | 0.9.2342.19200300.100.1.26 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Internet Directory Pilot |
5.2.44. documentAuthor
The documentAuthor attribute contains the DN of the author of a document entry. For example:
documentAuthor: uid=Barbara Jensen,ou=People,dc=example,dc=com| OID | 0.9.2342.19200300.100.1.14 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.45. documentIdentifier
The documentIdentifier attribute contains a unique identifier for a document. For example:
documentIdentifier: L3204REV1| OID | 0.9.2342.19200300.100.1.11 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.46. documentLocation
The documentLocation attribute contains the location of the original version of a document. For example:
documentLocation: Department Library| OID | 0.9.2342.19200300.100.1.15 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.47. documentPublisher
The documentPublisher attribute contains the person or organization who published a document. For example:
documentPublisher: Southeastern Publishing| OID | 0.9.2342.19200300.100.1.56 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.48. documentStore
The documentStore attribute contains information on where the document is stored.
| OID | 0.9.2342.19200300.102.1.10 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Internet White Pages Pilot |
5.2.49. documentTitle
The documentTitle attribute contains a document’s title. For example:
documentTitle: Red Hat Directory Server Administrator Guide| OID | 0.9.2342.19200300.100.1.12 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.50. documentVersion
The documentVersion attribute contains the current version number for the document. For example:
documentVersion: 1.1| OID | 0.9.2342.19200300.100.1.13 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.51. drink (favouriteDrink)
The favouriteDrink attribute contains a person’s favorite beverage. This can be shortened to drink. For example:
favouriteDrink: iced tea
drink: cranberry juice| OID | 0.9.2342.19200300.100.1.5 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.52. dSAQuality
The dSAQuality attribute contains the rating of the directory system agents' (DSA) quality. This attribute allows a DSA manager to indicate the expected level of availability of the DSA. For example:
dSAQuality: high| OID | 0.9.2342.19200300.100.1.49 |
| Syntax | Directory-String |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.53. employeeNumber
The employeeNumber attribute contains the employee number for the person. For example:
employeeNumber: 3441| OID | 2.16.840.1.113730.3.1.3 |
| Syntax | Directory-String |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.54. employeeType
The employeeType attribute contains the employment type for the person. For example:
employeeType: Full time| OID | 2.16.840.1.113730.3.1.4 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.55. enhancedSearchGuide
The enhancedSearchGuide attribute contains information used by an X.500 client to construct search filters. For example:
enhancedSearchGuide: (uid=bjensen)| OID | 2.5.4.47 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.56. fax (facsimileTelephoneNumber)
The facsimileTelephoneNumber attribute contains the entry’s facsimile number; this attribute can be abbreviated as fax. For example:
facsimileTelephoneNumber: +1 415 555 1212
fax: +1 415 555 1212| OID | 2.5.4.23 |
| Syntax | TelephoneNumber |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.57. gecos
The gecos attribute is used to determine the GECOS field for the user. This is comparable to the cn attribute, although using a gecos attribute allows additional information to be embedded in the GECOS field aside from the common name. This field is also useful if the common name stored in the directory is not the user’s full name.
gecos: John Smith
The gecos attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.2 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.58. generationQualifier
The generationQualifier attribute contains the generation qualifier for a person’s name, which is usually appended as a suffix to the name. For example:
generationQualifier:III| OID | 2.5.4.44 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.59. gidNumber
The gidNumber attribute contains a unique numeric identifier for a group entry or to identify the group for a user entry. This is analogous to the group number in Unix.
gidNumber: 100
The gidNumber attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.1 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.60. givenName
The givenName attribute contains an entry’s given name, which is usually the first name. For example:
givenName: Rachel| OID | 2.5.4.42 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.61. homeDirectory
The homeDirectory attribute contains the path to the user’s home directory.
homeDirectory: /home/jsmith
The homeDirectory attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.3 |
| Syntax | IA5String |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.62. homePhone
The homePhone attribute contains the entry’s residential phone number. For example:
homePhone: 415-555-1234
Although RFC 1274 defines both homeTelephoneNumber and homePhone as names for the residential phone number attribute, Directory Server only implements the homePhone name.
| OID | 0.9.2342.19200300.100.1.20 |
| Syntax | TelephoneNumber |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.63. homePostalAddress
The homePostalAddress attribute contains an entry’s home mailing address. Since this attribute generally spans multiple lines, each line break has to be represented by a dollar sign ($). To represent an actual dollar sign ($) or backslash (\) in the attribute value, use the escaped hex values \24 and \5c, respectively. For example:
homePostalAddress: 1234 Ridgeway Drive$Santa Clara, CA$99555To represent the following string:
The dollar ($) value can be found
in the c:\cost file.The entry value is:
The dollar (\24) value can be found$in the c:\c5cost file.| OID | 0.9.2342.19200300.100.1.39 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.64. host
The host contains the host name of a computer. For example:
host: labcontroller01| OID | 0.9.2342.19200300.100.1.9 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.65. houseIdentifier
The houseIdentifier contains an identifier for a specific building at a location. For example:
houseIdentifier: B105| OID | 2.5.4.51 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.66. inetDomainBaseDN
This attribute identifies the base DN of user subtree for a DNS domain.
| OID | 2.16.840.1.113730.3.1.690 |
| Syntax | DN |
| Multi- or Single-Valued | Single-valued |
| Defined in | Subscriber interoperability |
5.2.67. inetDomainStatus
This attribute shows the current status of the domain. A domain has a status of active, inactive, or deleted.
| OID | 2.16.840.1.113730.3.1.691 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Subscriber interoperability |
5.2.68. inetSubscriberAccountId
This attribute contains the a unique attribute used to link the user entry for the subscriber to a billing system.
| OID | 2.16.840.1.113730.3.1.694 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Subscriber interoperability |
5.2.69. inetSubscriberChallenge
The inetSubscriberChallenge attribute contains some kind of question or prompt, the challenge phrase, which is used to confirm the identity of the user in the subscriberIdentity attribute. This attribute is used in conjunction with the inetSubscriberResponse attribute, which contains the response to the challenge.
| OID | 2.16.840.1.113730.3.1.695 |
| Syntax | IA5String |
| Multi- or Single-Valued | Single-valued |
| Defined in | Subscriber interoperability |
5.2.70. inetSubscriberResponse
The inetSubscriberResponse attribute contains the answer to the challenge question in the inetSubscriberChallenge attribute to verify the user in the subscriberIdentity attribute.
| OID | 2.16.840.1.113730.3.1.696 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Subscriber interoperability |
5.2.71. inetUserHttpURL
This attribute contains the web addresses associated with the user.
| OID | 2.16.840.1.113730.3.1.693 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Subscriber interoperability |
5.2.72. inetUserStatus
This attribute shows the current status of the user (subscriber). A user has a status of active, inactive, or deleted.
| OID | 2.16.840.1.113730.3.1.692 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-Valued |
| Defined in | Subscriber interoperability |
5.2.73. info
The info attribute contains any general information about an object. Avoid using this attribute for specific information and rely instead on specific, possibly custom, attribute types. For example:
info: not valid| OID | 0.9.2342.19200300.100.1.4 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.74. initials
The initials contains a person’s initials; this does not contain the entry’s surname. For example:
initials: BAJ
Directory Server and Active Directory handle the initials attribute differently. The Directory Server allows a practically unlimited number of characters, while Active Directory has a restriction of six characters. If an entry is synced with a Windows peer and the value of the initials attribute is longer than six characters, then the value is automatically truncated to six characters when it is synchronized. There is no information written to the error log to indicate that synchronization changed the attribute value, either.
| OID | 2.5.4.43 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.75. installationTimeStamp
This contains the time that the server instance was installed.
| OID | 2.16.840.1.113730.3.1.73 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-Valued |
| Defined in | Netscape Administration Services |
5.2.76. internationalISDNNumber
The internationalISDNNumber attribute contains the ISDN number of a document entry. This attribute uses the internationally recognized format for ISDN addresses given in CCITT Rec. E. 164.
| OID | 2.5.4.25 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.77. ipHostNumber
This contains the IP address for a server.
The ipHostNumber attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.19 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-Valued |
| Defined in |
5.2.78. ipNetmaskNumber
This contains the IP netmask for the server.
The ipHostNumber attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 2.16.840.1.113730.3.1.73 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-Valued |
| Defined in |
5.2.79. ipNetworkNumber
This identifies the IP network.
The ipNetworkNumber attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.20 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-Valued |
| Defined in |
5.2.80. ipProtocolNumber
This attribute identifies the IP protocol version number.
The ipProtocolNumber attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.17 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-Valued |
| Defined in |
5.2.81. ipServicePort
This attribute gives the port used by the IP service.
The ipServicePort attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.15 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-Valued |
| Defined in |
5.2.82. ipServiceProtocol
This identifies the protocol used by the IP service.
The ipServiceProtocol attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.16 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-Valued |
| Defined in |
5.2.83. janetMailbox
The janetMailbox contains a JANET email address, usually for users located in the United Kingdom who do not use RFC 822 email address. Entries with this attribute must also contain the rfc822Mailbox attribute.
| OID | 0.9.2342.19200300.100.1.46 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.84. jpegPhoto
The jpegPhoto attribute contains a JPEG photo, a binary value. For example:
jpegPhoto:: AAAAAA==| OID | 0.9.2342.19200300.100.1.60 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.85. keyWords
The keyWord attribute contains keywords associated with the entry. For example:
keyWords: directory LDAP X.500| OID | 0.9.2342.19200300.102.1.7 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Internet White Pages Pilot |
5.2.86. knowledgeInformation
This attribute is no longer used.
| OID | 2.5.4.2 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.87. l (localityName)
The localityName, or l, attribute contains the county, city, or other geographical designation associated with the entry. For example:
localityName: Santa Clara
l: Santa Clara| OID | 2.5.4.7 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.88. labeledURI
The labeledURI contains a Uniform Resource Identifier (URI) which is related, in some way, to the entry. Values placed in the attribute should consist of a URI (currently only URLs are supported), optionally followed by one or more space characters and a label.
labeledURI: http://home.example.com
labeledURI: http://home.example.com Example website| OID | 1.3.6.1.4.1.250.1.57 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.89. loginShell
The loginShell attribute contains the path to a script that is launched automatically when a user logs into the domain.
loginShell: c:\scripts\jsmith.bat
The loginShell attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.4 |
| Syntax | IA5String |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.90. macAddress
This attribute gives the MAC address for a server or piece of equipment.
The macAddress attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.22 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.91. mail
The mail attribute contains a user’s primary email address. This attribute value is retrieved and displayed by whitepage applications. For example:
mail: jsmith@example.com| OID | 0.9.2342.19200300.100.1.3 |
| Syntax | DirectyString |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.92. mailAccessDomain
This attribute lists the domain which a user can use to access the messaging server.
| OID | 2.16.840.1.113730.3.1.12 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.93. mailAlternateAddress
The mailAlternateAddress attribute contains additional email addresses for a user. This attribute does not reflect the default or primary email address; that email address is set by the mail attribute.
For example:
mailAlternateAddress: jsmith@example.com
mailAlternateAddress: smith1701@alt.com| OID | 2.16.840.1.113730.3.1.13 |
| Syntax | DirectyString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.94. mailAutoReplyMode
This attribute sets whether automatic replies are enabled for the messaging server.
| OID | 2.16.840.1.113730.3.1.14 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.95. mailAutoReplyText
This attribute stores the text to used in an auto-reply email.
| OID | 2.16.840.1.113730.3.1.15 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.96. mailDeliveryOption
This attribute defines the mail delivery mechanism to use for the mail user.
| OID | 2.16.840.1.113730.3.1.16 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.97. mailEnhancedUniqueMember
This attribute contains the DN of a unique member of a mail group.
| OID | 2.16.840.1.113730.3.1.31 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.98. mailForwardingAddress
This attribute contains an email address to which to forward a user’s email.
| OID | 2.16.840.1.113730.3.1.17 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.99. mailHost
The mailHost attribute contains the host name of a mail server. For example:
mailHost: mail.example.com| OID | 2.16.840.1.113730.3.1.18 |
| Syntax | DirectyString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.100. mailMessageStore
This identifies the location of a user’s email box.
| OID | 2.16.840.1.113730.3.1.19 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.101. mailPreferenceOption
The mailPreferenceOption defines whether a user should be included on a mailing list, both electronic and physical. There are three options.
| 0 | Does not appear in mailing lists. |
| 1 | Add to any mailing lists. |
| 2 | Added only to mailing lists which the provider views as relevant to the user interest. |
If the attribute is absent, then the default is to assume that the user is not included on any mailing list. This attribute should be interpreted by anyone using the directory to derive mailing lists and its value respected. For example:
mailPreferenceOption: 0| OID | 0.9.2342.19200300.100.1.47 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.102. mailProgramDeliveryInfo
This attribute contains any commands to use for programmed mail delivery.
| OID | 2.16.840.1.113730.3.1.20 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.103. mailQuota
This attribute sets the amount of disk space allowed for a user’s mail box.
| OID | 2.16.840.1.113730.3.1.21 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.104. mailRoutingAddress
This attribute contains the routing address to use when forwarding the emails received by the user to another messaging server.
| OID | 2.16.840.1.113730.3.1.24 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.105. manager
The manager contains the distinguished name (DN) of the manager for the person. For example:
manager: cn=Bill Andersen,ou=Quality Control,dc=example,dc=com| OID | 0.9.2342.19200300.100.1.10 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.106. member
The member attribute contains the distinguished names (DNs) of each member of a group. For example:
member: cn=John Smith,dc=example,dc=com| OID | 2.5.4.31 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.107. memberCertificateDescription
This attribute is a multi-valued attribute where each value is a description, a pattern, or a filter matching the subject DN of a certificate, usually a certificate used for TLS client authentication.
memberCertificateDescription matches any certificate that contains a subject DN with the same attribute-value assertions (AVAs) as the description. The description may contain multiple ou AVAs. A matching DN must contain those same ou AVAs, in the same order, although it may be interspersed with other AVAs, including other ou AVAs. For any other attribute type (not ou), there should be at most one AVA of that type in the description. If there are several, all but the last are ignored.
A matching DN must contain that same AVA but no other AVA of the same type nearer the root (later, syntactically).
AVAs are considered the same if they contain the same attribute description (case-insensitive comparison) and the same attribute value (case-insensitive comparison, leading and trailing whitespace ignored, and consecutive whitespace characters treated as a single space).
To be considered a member of a group with the following memberCertificateDescription value, a certificate needs to include ou=x, ou=A, and dc=example, but not dc=company.
memberCertificateDescription: {ou=x,ou=A,dc=company,dc=example}
To match the group’s requirements, a certificate’s subject DNs must contain the same ou attribute types in the same order as defined in the memberCertificateDescription attribute.
| OID | 2.16.840.1.113730.3.1.199 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.108. memberNisNetgroup
This attribute merges the attribute values of another netgroup into the current one by listing the name of the merging netgroup.
The memberNisNetgroup attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.13 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.109. memberOf
This attribute contains the name of a group to which the user is a member.
memberOf is the default attribute generated by the MemberOf Plug-in on the user entry of a group member. This attribute is automatically synchronized to the listed member attributes in a group entry, so that displaying group membership for entries is managed by Directory Server.
This attribute is only synchronized between group entries and the corresponding members' user entries if the MemberOf Plug-in is enabled and is configured to use this attribute.
| OID | 1.2.840.113556.1.2.102 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Delegated Administrator |
5.2.110. memberUid
The memberUid attribute contains the login name of the member of a group; this can be different than the DN identified in the member attribute.
memberUID: jsmith
The memberUID attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.12 |
| Syntax | IA5String |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.111. memberURL
This attribute identifies a URL associated with each member of a group. Any type of labeled URL can be used.
memberURL: ldap://cn=jsmith,ou=people,dc=example,dc=com| OID | 2.16.840.1.113730.3.1.198 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.112. mepManagedBy
This attribute contains a pointer in an automatically-generated entry that points back to the DN of the originating entry. This attribute is set by the Managed Entries Plug-in and cannot be modified manually.
| OID | 2.16.840.1.113730.3.1.2086 |
| Syntax | DN |
| Multi- or Single-Valued | Single-valued |
| Defined in | Directory Server |
5.2.113. mepManagedEntry
This attribute contains a pointer to an automatically-generated entry which corresponds to the current entry. This attribute is set by the Managed Entries Plug-in and cannot be modified manually.
| OID | 2.16.840.1.113730.3.1.2087 |
| Syntax | DN |
| Multi- or Single-Valued | Single-valued |
| Defined in | Directory Server |
5.2.114. mepMappedAttr
This attribute sets an attribute in the Managed Entries template entry which must exist in the generated entry. The mapping means that some value of the originating entry is used to supply the given attribute. The values of these attributes will be tokens in the form attribute: $attr. For example:
mepMappedAttr: gidNumber: $gidNumberAs long as the syntax of the expanded token of the attribute does not violate the required attribute syntax, then other terms and strings can be used in the attribute. For example:
mepMappedAttr: cn: Managed Group for $cn| OID | 2.16.840.1.113730.3.1.2089 |
| Syntax | OctetString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.115. mepRDNAttr
This attribute sets which attribute to use as the naming attribute in the automatically-generated entry created by the Managed Entries Plug-in. Whatever attribute type is given in the naming attribute should be present in the managed entries template entry as a mepMappedAttr.
| OID | 2.16.840.1.113730.3.1.2090 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Directory Server |
5.2.116. mepStaticAttr
This attribute sets an attribute with a defined value that must be added to the automatically-generated entry managed by the Managed Entries Plug-in. This value will be used for every entry generated by that instance of the Managed Entries Plug-in.
mepStaticAttr: posixGroup| OID | 2.16.840.1.113730.3.1.2088 |
| Syntax | OctetString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.117. mgrpAddHeader
This attribute contains information about the header in the messages.
| OID | 2.16.840.1.113730.3.1.781 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.118. mgrpAllowedBroadcaster
This attribute sets whether to allow the user to send broadcast messages.
| OID | 2.16.840.1.113730.3.1.22 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.119. mgrpAllowedDomain
This attribute sets the domains for the mail group.
| OID | 2.16.840.1.113730.3.1.23 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.120. mgrpApprovePassword
This attribute sets whether a user must approve a password used to access their email.
| OID | mgrpApprovePassword-oid |
| Syntax | IA5String |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape Messaging Server |
5.2.121. mgrpBroadcasterPolicy
This attribute defines the policy for broadcasting emails.
| OID | 2.16.840.1.113730.3.1.788 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.122. mgrpDeliverTo
This attribute contains information about the delivery destination for email.
| OID | 2.16.840.1.113730.3.1.25 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.123. mgrpErrorsTo
This attribute contains information about where to deliver error messages for the messaging server.
| OID | 2.16.840.1.113730.3.1.26 |
| Syntax | IA5String |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape Messaging Server |
5.2.124. mgrpModerator
This attribute contains the contact name for the mailing list moderator.
| OID | 2.16.840.1.113730.3.1.33 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.125. mgrpMsgMaxSize
This attribute sets the maximum size allowed for email messages.
| OID | 2.16.840.1.113730.3.1.32 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape Messaging Server |
5.2.126. mgrpMsgRejectAction
This attribute defines what actions the messaging server should take for rejected messages.
| OID | 2.16.840.1.113730.3.1.28 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.127. mgrpMsgRejectText
This attribute sets the text to use for rejection notifications.
| OID | 2.16.840.1.113730.3.1.29 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.128. mgrpNoDuplicateChecks
This attribute defines whether the messaging server checks for duplicate emails.
| OID | 2.16.840.1.113730.3.1.789 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape Messaging Server |
5.2.129. mgrpRemoveHeader
This attribute sets whether the header is removed in reply messages.
| OID | 2.16.840.1.113730.3.1.801 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.130. mgrpRFC822MailMember
This attribute identifies the member of a mail group.
| OID | 2.16.840.1.113730.3.1.30 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.131. mobile
The mobile, or mobileTelephoneNumber, contains the entry’s mobile or cellular phone number. For example:
mobileTelephoneNumber: 415-555-4321| OID | 0.9.2342.19200300.100.1.41 |
| Syntax | TelephoneNumber |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.132. mozillaCustom1
This attribute is used by Mozilla Thunderbird to manage a shared address book.
| OID | 1.3.6.1.4.1.13769.4.1 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.133. mozillaCustom2
This attribute is used by Mozilla Thunderbird to manage a shared address book.
| OID | 1.3.6.1.4.1.13769.4.2 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.134. mozillaCustom3
This attribute is used by Mozilla Thunderbird to manage a shared address book.
| OID | 1.3.6.1.4.1.13769.4.3 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.135. mozillaCustom4
This attribute is used by Mozilla Thunderbird to manage a shared address book.
| OID | 1.3.6.1.4.1.13769.4.4 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.136. mozillaHomeCountryName
This attribute sets the country used by Mozilla Thunderbird in a shared address book.
| OID | 1.3.6.1.4.1.13769.3.6 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.137. mozillaHomeLocalityName
This attribute sets the city used by Mozilla Thunderbird in a shared address book.
| OID | 1.3.6.1.4.1.13769.3.3 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.138. mozillaHomePostalCode
This attribute sets the postal code used by Mozilla Thunderbird in a shared address book.
| OID | 1.3.6.1.4.1.13769.3.5 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.139. mozillaHomeState
This attribute sets the state or province used by Mozilla Thunderbird in a shared address book.
| OID | 1.3.6.1.4.1.13769.3.4 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.140. mozillaHomeStreet
This attribute sets the street address used by Mozilla Thunderbird in a shared address book.
| OID | 1.3.6.1.4.1.13769.3.1 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.141. mozillaHomeStreet2
This attribute contains the second line of a street address used by Mozilla Thunderbird in a shared address book.
| OID | 1.3.6.1.4.1.13769.3.2 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.142. mozillaHomeUrl
This attribute contains a URL used by Mozilla Thunderbird in a shared address book.
| OID | 1.3.6.1.4.1.13769.3.7 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.143. mozillaNickname (xmozillanickname)
This attribute contains a nickname used by Mozilla Thunderbird for a shared address book.
| OID | 1.3.6.1.4.1.13769.2.1 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Mozilla Address Book |
5.2.144. mozillaSecondEmail (xmozillasecondemail)
This attribute contains an alternate or secondary email address for an entry in a shared address book for Mozilla Thunderbird.
| OID | 1.3.6.1.4.1.13769.2.2 |
| Syntax | IA5String |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.145. mozillaUseHtmlMail (xmozillausehtmlmail)
This attribute sets an email type preference for an entry in a shared address book in Mozilla Thunderbird.
| OID | 1.3.6.1.4.1.13769.2.3 |
| Syntax | Boolean |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.146. mozillaWorkStreet2
This attribute contains a street address for a workplace or office for an entry in Mozilla Thunderbird’s shared address book.
| OID | 1.3.6.1.4.1.13769.3.8 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.147. mozillaWorkUrl
This attribute contains a URL for a work site in an entry in a shared address book in Mozilla Thunderbird.
| OID | 1.3.6.1.4.1.13769.3.9 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.148. multiLineDescription
This attribute contains a description of an entry which spans multiple lines in the LDIF file.
| OID | 1.3.6.1.4.1.250.1.2 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Internet White Pages Pilot |
5.2.149. name
The name attribute identifies the attribute supertype which can be used to form string attribute types for naming.
It is unlikely that values of this type will occur in an entry. LDAP server implementations that do not support attribute subtyping do not need to recognize this attribute in requests. Client implementations should not assume that LDAP servers are capable of performing attribute subtyping.
| OID | 2.5.4.41 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.150. netscapeReversiblePassword
This attribute contains the password for HTTP Digest/MD5 authentication.
| OID | 2.16.840.1.113730.3.1.812 |
| Syntax | OctetString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Web Server |
5.2.151. NisMapEntry
This attribute contains the information for a NIS map to be used by Network Information Services.
This attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.27 |
| Syntax | IA5String |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.152. nisMapName
This attribute contains the name of a mapping used by a NIS server.
| OID | 1.3.6.1.1.1.1.26 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.153. nisNetgroupTriple
This attribute contains information on a netgroup used by a NIS server.
This attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.14 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.154. nsAccessLog
This entry identifies the access log used by a server.
| OID | nsAccessLog-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.155. nsAdminAccessAddresses
This attribute contains the IP address of the Administration Server used by the instance.
| OID | nsAdminAccessAddresses-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.156. nsAdminAccessHosts
This attribute contains the host name of the Administration Server.
| OID | nsAdminAccessHosts-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.157. nsAdminAccountInfo
This attribute contains other information about the Administration Server account.
| OID | nsAdminAccountInfo-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.158. nsAdminCacheLifetime
This sets the length of time to store the cache used by the Directory Server.
| OID | nsAdminCacheLifetime-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.159. nsAdminCgiWaitPid
This attribute defines the wait time for Administration Server CGI process IDs.
| OID | nsAdminCgiWaitPid-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.160. nsAdminDomainName
This attribute contains the name of the administration domain containing the Directory Server instance.
| OID | nsAdminDomainName-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.161. nsAdminEnableEnduser
This attribute sets whether to allow end user access to admin services.
| OID | nsAdminEnableEnduser-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.162. nsAdminEndUserHTMLIndex
This attribute sets whether to allow end users to access the HTML index of admin services.
| OID | nsAdminEndUserHTMLIndex-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.163. nsAdminGroupName
This attribute gives the name of the admin guide.
| OID | nsAdminGroupName-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.164. nsAdminOneACLDir
This attribute gives the directory path to the directory containing access control lists for the Administration Server.
| OID | nsAdminOneACLDir-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.165. nsAdminSIEDN
This attribute contains the DN of the serer instance entry (SIE) for the Administration Server.
| OID | nsAdminSIEDN-oid |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.166. nsAdminUsers
This attribute gives the path and name of the file which contains the information for the Administration Server admin user.
| OID | nsAdminUsers-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.167. nsAIMid
This attribute contains the AOL Instant Messaging user ID for the user.
| OID | 2.16.840.1.113730.3.2.300 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.168. nsBaseDN
This contains the base DN used in the Directory Server’s server instance definition entry.
| OID | nsBaseDN-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.169. nsBindDN
This attribute contains the bind DN defined in the Directory Server SIE.
| OID | nsBindDN-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.170. nsBindPassword
This attribute contains the password used by the bind DN defined in nsBindDN.
| OID | nsBindPassword-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.171. nsBuildNumber
This defines, in the Directory Server SIE, the build number of the server instance.
| OID | nsBuildNumber-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.172. nsBuildSecurity
This defines, in the Directory Server SIE, the build security level.
| OID | nsBuildSecurity-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.173. nsCertConfig
This attribute defines the configuration for the Red Hat Certificate System.
| OID | nsCertConfig-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Certificate System |
5.2.174. nsClassname
| OID | nsClassname-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.175. nsConfigRoot
This attribute contains the root DN of the configuration directory.
| OID | nsConfigRoot-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.176. nscpAIMScreenname
This attribute gives the AIM screen name of a user.
| OID | 1.3.6.1.4.1.13769.2.4 |
| Syntax | TelephoneString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Mozilla Address Book |
5.2.177. nsDefaultAcceptLanguage
This attribute contains the language codes which are accepted for HTML clients.
| OID | nsDefaultAcceptLanguage-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.178. nsDefaultObjectClass
This attribute stores object class information in a container entry.
| OID | nsDefaultObjectClass-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.179. nsDeleteclassname
| OID | nsDeleteclassname-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.180. nsDirectoryFailoverList
This attribute contains a list of Directory Servers to use for failover.
| OID | nsDirectoryFailoverList-oid |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.181. nsDirectoryInfoRef
This attribute refers to a DN of an entry with information about the server.
| OID | nsDirectoryInfoRef-oid |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.182. nsDirectoryURL
This attribute contains the Directory Server URL.
| OID | nsDirectoryURL-oid |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.183. nsDisplayName
This attribute contains a display name.
| OID | nsDisplayName-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.184. nsErrorLog
This attribute identifies the error log used by the server.
| OID | nsErrorLog-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.185. nsExecRef
This attribute contains the path or location of an executable which can be used to perform server tasks.
| OID | nsExecRef-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.186. nsExpirationDate
This attribute contains the expiration date of an application.
| OID | nsExpirationDate-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.187. nsGroupRDNComponent
This attribute defines the attribute to use for the RDN of a group entry.
| OID | nsGroupRDNComponent-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.188. nsHardwarePlatform
This attribute indicates the hardware on which the server is running. The value of this attribute is the same as the output from uname -m. For example:
nsHardwarePlatform:i686| OID | nsHardwarePlatform-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.189. nsHelpRef
This attribute contains a reference to an online help file.
| OID | nsHelpRef-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.190. nsHostLocation
This attribute contains information about the server host.
| OID | nsHostLocation-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.191. nsICQid
This attribute contains an ICQ ID for the user.
| OID | 2.16.840.1.113730.3.1.2014 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.192. nsInstalledLocation
This attribute contains the installation directory for Directory Servers which are version 7.1 or older.
| OID | nsInstalledLocation-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.193. nsJarfilename
This attribute gives the jar file name used by the Console.
| OID | nsJarfilename-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.194. nsLdapSchemaVersion
This gives the version number of the LDAP directory schema.
| OID | nsLdapSchemaVersion-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.195. nsLicensedFor
The nsLicensedFor attribute identifies the server the user is licensed to use. Administration Server expects each nsLicenseUser entry to contain zero or more instances of this attribute. Valid keywords for this attribute include the following:
-
slapdfor a licensed Directory Server client. -
mailfor a licensed mail server client. -
newsfor a licensed news server client. -
calfor a licensed calender server client.
For example:
nsLicensedFor: slapd| OID | 2.16.840.1.113730.3.1.36 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Administration Server |
5.2.196. nsLicenseEndTime
Reserved for future use.
| OID | 2.16.840.1.113730.3.1.38 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Administration Server |
5.2.197. nsLicenseStartTime
Reserved for future use.
| OID | 2.16.840.1.113730.3.1.37 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Administration Server |
5.2.198. nsLogSuppress
This attribute sets whether to suppress server logging.
| OID | nsLogSuppress-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.199. nsmsgDisallowAccess
This attribute defines access to a messaging server.
| OID | nsmsgDisallowAccess-oid |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.200. nsmsgNumMsgQuota
This attribute sets a quota for the number of messages which will be kept by the messaging server.
| OID | nsmsgNumMsgQuota-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.201. nsMSNid
This attribute contains the MSN instant messaging ID for the user.
| OID | 2.16.840.1.113730.3.1.2016 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.202. nsNickName
This attribute gives a nickname for an application.
| OID | nsNickName-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.203. nsNYR
| OID | nsNYR-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Administration Services |
5.2.204. nsOsVersion
This attribute contains the version number of the operating system for the host on which the server is running.
| OID | nsOsVersion-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.205. nsPidLog
| OID | nsPidLog-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.206. nsPreference
This attribute stores the Console preference settings.
| OID | nsPreference-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.207. nsProductName
This contains the name of the product, such as Red Hat Directory Server or Administration Server.
| OID | nsProductName-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.208. nsProductVersion
This contains the version number of the Directory Server or Administration Server.
| OID | nsProductVersion-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.209. nsRevisionNumber
This attribute contains the revision number of the Directory Server or Administration Server.
| OID | nsRevisionNumber-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.210. nsSecureServerPort
This attribute contains the TLS port for the Directory Server.
This attribute does not configure the TLS port for the Directory Server. This is configured in nsslapd-secureport configuration attribute in the Directory Server’s dse.ldif file. Configuration attributes are described in the Configuration, Command, and File Reference.
| OID | nsSecureServerPort-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.211. nsSerialNumber
This attribute contains a serial number or tracking number assigned to a specific server application, such as Red Hat Directory Server or Administration Server.
| OID | nsSerialNumber-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.212. nsServerAddress
This attribute contains the IP address of the server host on which the Directory Server is running.
| OID | nsServerAddress-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.213. nsServerCreationClassname
This attribute gives the class name to use when creating a server.
| OID | nsServerCreationClassname-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.214. nsServerID
This contains the server’s instance name. For example:
nsServerID: slapd-example| OID | nsServerID-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.215. nsServerMigrationClassname
This attribute contains the name of the class to use when migrating a server.
| OID | nsServerMigrationClassname-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.216. nsServerPort
This attribute contains the standard LDAP port for the Directory Server.
This attribute does not configure the standard port for the Directory Server. This is configured in nsslapd-port configuration attribute in the Directory Server’s dse.ldif file. Configuration attributes are described in the Configuration, Command, and File Reference.
| OID | nsServerPort-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.217. nsServerSecurity
This shows whether the Directory Server requires a secure TLS or SSL connection.
| OID | nsServerSecurity-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.218. nsSNMPContact
This attribute contains the contact information provided by the SNMP.
| OID | 2.16.840.1.113730.3.1.235 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.219. nsSNMPDescription
This contains a description of the SNMP service.
| OID | 2.16.840.1.113730.3.1.236 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.220. nsSNMPEnabled
This attribute shows whether SNMP is enabled for the server.
| OID | 2.16.840.1.113730.3.1.232 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.221. nsSNMPLocation
This attribute shows the location provided by the SNMP service.
| OID | 2.16.840.1.113730.3.1.234 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.222. nsSNMPMasterHost
This attribute shows the host name for the SNMP master agent.
| OID | 2.16.840.1.113730.3.1.237 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.223. nsSNMPMasterPort
This attribute shows the port number for the SNMP subagent.
| OID | 2.16.840.1.113730.3.1.238 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.224. nsSNMPOrganization
This attribute contains the organization information provided by SNMP.
| OID | 2.16.840.1.113730.3.1.233 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.225. nsSuiteSpotUser
This attribute has been obsoleted.
This attribute identifies the Unix user who installed the server.
| OID | nsSuiteSpotUser-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.226. nsTaskLabel
| OID | nsTaskLabel-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.227. nsUniqueAttribute
This sets a unique attribute for the server preferences.
| OID | nsUniqueAttribute-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.228. nsUserIDFormat
This attribute sets the format to use to generate the uid attribute from the givenname and sn attributes.
| OID | nsUserIDFormat-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.229. nsUserRDNComponent
This attribute sets the attribute type to set the RDN for user entries.
| OID | nsUserRDNComponent-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.230. nsValueBin
| OID | 2.16.840.1.113730.3.1.247 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape servers — value item |
5.2.231. nsValueCES
| OID | 2.16.840.1.113730.3.1.244 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape servers — value item |
5.2.232. nsValueCIS
| OID | 2.16.840.1.113730.3.1.243 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape servers — value item |
5.2.233. nsValueDefault
| OID | 2.16.840.1.113730.3.1.250 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape servers — value item |
5.2.234. nsValueDescription
| OID | 2.16.840.1.113730.3.1.252 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape servers — value item |
5.2.235. nsValueDN
| OID | 2.16.840.1.113730.3.1.248 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape servers — value item |
5.2.236. nsValueFlags
| OID | 2.16.840.1.113730.3.1.251 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape servers — value item |
5.2.237. nsValueHelpURL
| OID | 2.16.840.1.113730.3.1.254 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape servers — value item |
5.2.238. nsValueInt
| OID | 2.16.840.1.113730.3.1.246 |
| Syntax | Integer |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape servers — value item |
5.2.239. nsValueSyntax
| OID | 2.16.840.1.113730.3.1.253 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape servers — value item |
5.2.240. nsValueTel
| OID | 2.16.840.1.113730.3.1.245 |
| Syntax | TelephoneString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape servers — value item |
5.2.241. nsValueType
| OID | 2.16.840.1.113730.3.1.249 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape servers — value item |
5.2.242. nsVendor
This contains the name of the server vendor.
| OID | nsVendor-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.243. nsViewConfiguration
This attribute stores the view configuration used by Console.
| OID | nsViewConfiguration-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.244. nsViewFilter
This attribute sets the attribute-value pair which is used to identify entries belonging to the view.
| OID | 2.16.840.1.113730.3.1.3023 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.245. nsWellKnownJarfiles
| OID | nsWellKnownJarfiles-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.246. nswmExtendedUserPrefs
This attribute is used to store user preferences for accounts in a messaging server.
| OID | 2.16.840.1.113730.3.1.520 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.247. nsYIMid
This attribute contains the Yahoo instant messaging user name for the user.
| OID | 2.16.840.1.113730.3.1.2015 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.248. ntGroupAttributes
This attribute points to a binary file which contains information about the group. For example:
ntGroupAttributes:: IyEvYmluL2tzaAoKIwojIGRlZmF1bHQgdmFsdWUKIwpIPSJgaG9zdG5hb| OID | 2.16.840.1.113730.3.1.536 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.249. ntGroupCreateNewGroup
The ntGroupCreateNewGroup attribute is used by Windows Sync to determine whether the Directory Server should create new group entry when a new group is created on a Windows server. true creates the new entry; false ignores the Windows entry.
| OID | 2.16.840.1.113730.3.1.45 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.250. ntGroupDeleteGroup
The ntGroupDeleteGroup attribute is used by Windows Sync to determine whether the Directory Server should delete a group entry when the group is deleted on a Windows sync peer server. true means the account is deleted; false ignores the deletion.
| OID | 2.16.840.1.113730.3.1.46 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.251. ntGroupDomainId
The ntGroupDomainID attribute contains the domain ID string for a group.
ntGroupDomainId: DS HR Group| OID | 2.16.840.1.113730.3.1.44 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.252. ntGroupId
The ntGroupId attribute points to a binary file which identifies the group. For example:
ntGroupId: IOUnHNjjRgghghREgfvItrGHyuTYhjIOhTYtyHJuSDwOopKLhjGbnGFtr| OID | 2.16.840.1.113730.3.1.110 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.253. ntGroupType
In Active Directory, there are two major types of groups: security and distribution. Security groups are most similar to groups in Directory Server, since security groups can have policies configured for access controls, resource restrictions, and other permissions. Distribution groups are for mailing distribution. These are further broken down into global and local groups. The Directory Server ntGroupType supports all four group types:
The ntGroupType attribute identifies the type of Windows group. The valid values are as follows:
-
-21483646for global/security -
-21483644for domain local/security -
2for global/distribution -
4for domain local/distribution
This value is set automatically when the Windows groups are synchronized. To determine the type of group, you must manually configure it when the group gets created. By default, Directory Server groups do not have this attribute and are synchronized as global/security groups.
ntGroupType: -21483646| OID | 2.16.840.1.113730.3.1.47 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.254. ntUniqueId
The ntUniqueId attribute contains a generated number used for internal server identification and operation. For example:
ntUniqueId: 352562404224a44ab040df02e4ef500b| OID | 2.16.840.1.113730.3.1.111 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.255. ntUserAcctExpires
This attribute indicates when the entry’s Windows account will expire. This value is stored as a string in GMT format. For example:
ntUserAcctExpires: 20081015203415| OID | 2.16.840.1.113730.3.1.528 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.256. ntUserAuthFlags
This attribute contains authorization flags set for the Windows account.
| OID | 2.16.840.1.113730.3.1.60 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.257. ntUserBadPwCount
This attribute sets the number of bad password failures are allowed before an account is locked.
| OID | 2.16.840.1.113730.3.1.531 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.258. ntUserCodePage
The ntUserCodePage attribute contains the code page for the user’s language of choice. For example:
ntUserCodePage: AAAAAA==| OID | 2.16.840.1.113730.3.1.533 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.259. ntUserComment
This attribute contains a text description or note about the user entry.
| OID | 2.16.840.1.113730.3.1.522 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.260. ntUserCountryCode
This attribute contains the two-character country code for the country where the user is located.
| OID | 2.16.840.1.113730.3.1.532 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.261. ntUserCreateNewAccount
The ntUserCreateNewAccount attribute is used by Windows Sync to determine whether the Directory Server should create a new user entry when a new user is created on a Windows server. true creates the new entry; false ignores the Windows entry.
| OID | 2.16.840.1.113730.3.1.42 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.262. ntUserDeleteAccount
The ntUserDeleteAccount attribute IS Used by Windows Sync to determine whether a Directory Server entry will be automatically deleted when the user is deleted from the Windows sync peer server. true means the user entry is deleted; false ignores the deletion.
| OID | 2.16.840.1.113730.3.1.43 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.263. ntUserDomainId
The ntUserDomainId attribute contains the Windows domain login ID. For example:
ntUserDomainId: jsmith| OID | 2.16.840.1.113730.3.1.41 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.264. ntUserFlags
This attribute contains additional flags set for the Windows account.
| OID | 2.16.840.1.113730.3.1.523 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.265. ntUserHomeDir
The ntUserHomeDir attribute contains an ASCII string representing the Windows user’s home directory. This attribute can be null. For example:
ntUserHomeDir: c:\jsmith| OID | 2.16.840.1.113730.3.1.521 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.266. ntUserHomeDirDrive
This attribute contains information about the drive on which the user’s home directory is stored.
| OID | 2.16.840.1.113730.3.1.535 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.267. ntUserLastLogoff
The ntUserLastLogoff attribute contains the time of the last logoff. This value is stored as a string in GMT format.
If security logging is turned on, then this attribute is updated on synchronization only if some other aspect of the user’s entry has changed.
ntUserLastLogoff: 20201015203415Z| OID | 2.16.840.1.113730.3.1.527 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.268. ntUserLastLogon
The ntUserLastLogon attribute contains the time that the user last logged into the Windows domain. This value is stored as a string in GMT format. If security logging is turned on, then this attribute is updated on synchronization only if some other aspect of the user’s entry has changed.
ntUserLastLogon: 20201015203415Z| OID | 2.16.840.1.113730.3.1.526 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.269. ntUserLogonHours
The ntUserLogonHours attribute contains the time periods that a user is allowed to log onto the Active Directory domain. This attribute corresponds to the logonHours attribute in Active Directory.
| OID | 2.16.840.1.113730.3.1.530 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.270. ntUserLogonServer
The ntUserLogonServer attribute defines the Active Directory server to which the user’s logon request is forwarded.
| OID | 2.16.840.1.113730.3.1.65 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.271. ntUserMaxStorage
The ntUserMaxStorage attribute contains the maximum amount of disk space available for the user.
ntUserMaxStorage: 4294967295| OID | 2.16.840.1.113730.3.1.529 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.272. ntUserNumLogons
This attribute shows the number of successful logons to the Active Directory domain for the user.
| OID | 2.16.840.1.113730.3.1.64 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.273. ntUserParms
The ntUserParms attribute contains a Unicode string reserved for use by applications.
| OID | 2.16.840.1.113730.3.1.62 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.274. ntUserPasswordExpired
This attribute shows whether the password for the Active Directory account has expired.
| OID | 2.16.840.1.113730.3.1.68 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.275. ntUserPrimaryGroupId
The ntUserPrimaryGroupId attribute contains the group ID of the primary group to which the user belongs.
| OID | 2.16.840.1.113730.3.1.534 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.276. ntUserPriv
This attribute shows the type of privileges allowed for the user.
| OID | 2.16.840.1.113730.3.1.59 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.277. ntUserProfile
The ntUserProfile attribute contains the path to a user’s profile. For example:
ntUserProfile: c:\jsmith\profile.txt| OID | 2.16.840.1.113730.3.1.67 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.278. ntUserScriptPath
The ntUserScriptPath attribute contains the path to an ASCII script used by the user to log into the domain.
ntUserScriptPath: c:\jstorm\lscript.bat| OID | 2.16.840.1.113730.3.1.524 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.279. ntUserUniqueId
The ntUserUniqueId attribute contains a unique numeric ID for the Windows user.
| OID | 2.16.840.1.113730.3.1.66 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.280. ntUserUnitsPerWeek
The ntUserUnitsPerWeek attribute contains the total amount of time that the user has spent logged into the Active Directory domain.
| OID | 2.16.840.1.113730.3.1.63 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.281. ntUserUsrComment
The ntUserUsrComment attribute contains additional comments about the user.
| OID | 2.16.840.1.113730.3.1.61 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.282. ntUserWorkstations
The ntUserWorkstations attribute contains a list of names, in ASCII strings, of work stations which the user is allowed to log in to. There can be up to eight work stations listed, separated by commas. Specify null to permit users to log on from any workstation. For example:
ntUserWorkstations: firefly| OID | 2.16.840.1.113730.3.1.525 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.283. o (organizationName)
The organizationName, or o, attribute contains the organization name. For example:
organizationName: Example Corporation
o: Example Corporation| OID | 2.5.4.10 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.284. objectClass
The objectClass attribute identifies the object classes used for an entry. For example:
objectClass: person| OID | 2.5.4.0 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.285. objectClasses
This attribute is used in a schema file to identify an object class allowed by the subschema definition.
| OID | 2.5.21.6 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.286. obsoletedByDocument
The obsoletedByDocument attribute contains the distinguished name of a document which obsoletes the current document entry.
| OID | 0.9.2342.19200300.102.1.4 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Internet White Pages Pilot |
5.2.287. obsoletesDocument
The obsoletesDocument attribute contains the distinguished name of a documented which is obsoleted by the current document entry.
| OID | 0.9.2342.19200300.102.1.3 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Internet White Pages Pilot |
5.2.288. oncRpcNumber
The oncRpcNumber attribute contains part of the RPC map and stores the RPC number for UNIX RPCs.
The oncRpcNumber attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.18 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.289. organizationalStatus
The organizationalStatus identifies the person’s category within an organization.
organizationalStatus: researcher| OID | 0.9.2342.19200300.100.1.45 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.290. otherMailbox
The otherMailbox attribute contains values for email types other than X.400 and RFC 822.
otherMailbox: internet $ jsmith@example.com| OID | 0.9.2342.19200300.100.1.22 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.291. ou (organizationalUnitName)
The organizationalUnitName, or ou, contains the name of an organizational division or a subtree within the directory hierarchy.
organizationalUnitName: Marketing
ou: Marketing| OID | 2.5.4.11 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.292. owner
The owner attribute contains the DN of the person responsible for an entry. For example:
owner: cn=John Smith,ou=people,dc=example,dc=com| OID | 2.5.4.32 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.293. pager
The pagerTelephoneNumber, or pager, attribute contains a person’s pager phone number.
pagerTelephoneNumber: 415-555-6789
pager: 415-555-6789| OID | 0.9.2342.19200300.100.1.42 |
| Syntax | TelephoneNumber |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.294. parentOrganization
The parentOrganization attribute identifies the parent organization of an organization or organizational unit.
| OID | 1.3.6.1.4.1.1466.101.120.41 |
| Syntax | DN |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape |
5.2.295. personalSignature
The personalSignature attribute contains the entry’s signature file, in binary format.
personalSignature:: AAAAAA==| OID | 0.9.2342.19200300.100.1.53 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.296. personalTitle
The personalTitle attribute contains a person’s honorific, such as Ms., Dr., Prof., and Rev.
personalTitle: Mr.| OID | 0.9.2342.19200300.100.1.40 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.297. photo
The photo attribute contains a photo file, in a binary format.
photo:: AAAAAA==| OID | 0.9.2342.19200300.100.1.7 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.298. physicalDeliveryOfficeName
The physicalDeliveryOffice contains the city or town in which a physical postal delivery office is located.
physicalDeliveryOfficeName: Raleigh| OID | 2.5.4.19 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.299. postalAddress
The postalAddress attribute identifies the entry’s mailing address. This field is intended to include multiple lines. When represented in LDIF format, each line should be separated by a dollar sign ($).
To represent an actual dollar sign ($) or backslash (\) within the entry text, use the escaped hex values \24 and \5c respectively. For example, to represent the string:
The dollar ($) value can be found
in the c:\cost file.provide the string:
The dollar (\24) value can be found$in the c:\5ccost file.| OID | 2.5.4.16 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.300. postalCode
The postalCode contains the zip code for an entry located within the United States.
postalCode: 44224| OID | 2.5.4.17 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.301. postOfficeBox
The postOfficeBox attribute contains the postal address number or post office box number for an entry’s physical mailing address.
postOfficeBox: 1234| OID | 2.5.4.18 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.302. preferredDeliveryMethod
The preferredDeliveryMethod contains an entry’s preferred contact or delivery method. For example:
preferredDeliveryMethod: telephone| OID | 2.5.4.28 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.303. preferredLanguage
The preferredLanguage attribute contains a person’s preferred written or spoken language. The value should conform to the syntax for HTTP Accept-Language header values.
| OID | 2.16.840.1.113730.3.1.39 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.304. preferredLocale
A locale identifies language-specific information about how users of a specific region, culture, or custom expect data to be presented, including how data of a given language is interpreted and how data is to be sorted. Directory Server supports three locales for American English, Japanese, and German.
The preferredLocale attribute sets which locale is preferred by a user.
| OID | 1.3.6.1.4.1.1466.101.120.42 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape |
5.2.305. preferredTimeZone
The preferredTimeZone attribute sets the time zone to use for the user entry.
| OID | 1.3.6.1.4.1.1466.101.120.43 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape |
5.2.306. presentationAddress
The presentationAddress attribute contains the OSI presentation address for an entry. This attribute includes the OSI Network Address and up to three selectors, one each for use by the transport, session, and presentation entities. For example:
presentationAddress: TELEX+00726322+RFC-1006+02+130.59.2.1| OID | 2.5.4.29 |
| Syntax | IA5String |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.307. protocolInformation
The protocolInformation attribute, used together with the presentationAddress attribute, provides additional information about the OSO network service.
| OID | 2.5.4.48 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.308. pwdReset
When an administrator changes the password of a user, Directory Server sets the pwdReset operational attribute in the user’s entry to true. Applications can use this attribute to identify if a password of a user has been reset by an administrator.
The pwdReset attribute is an operational attribute and, therefore, users cannot edit it.
| OID | 1.3.6.1.4.1.1466.115.121.1.7 |
| Syntax | Boolean |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.309. ref
The ref attribute is used to support LDAPv3 smart referrals. The value of this attribute is an LDAP URL:
ldap: host_name:port_number/subtree_dnThe port number is optional.
For example:
ref: ldap://server.example.com:389/ou=People,dc=example,dc=com| OID | 2.16.840.1.113730.3.1.34 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | LDAPv3 Referrals Internet Draft |
5.2.310. registeredAddress
This attribute contains a postal address for receiving telegrams or expedited documents. The recipient’s signature is usually required on delivery.
| OID | 2.5.4.26 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.311. roleOccupant
This attribute contains the distinguished name of the person acting in the role defined in the organizationalRole entry.
roleOccupant: uid=bjensen,dc=example,dc=com| OID | 2.5.4.33 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.312. roomNumber
This attribute specifies the room number of an object. The cn attribute should be used for naming room objects.
roomNumber: 230| OID | 0.9.2342.19200300.100.1.6 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.313. searchGuide
The searchGuide attribute specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation. When constructing search filters, use the enhancedSearchGuide attribute instead.
| OID | 2.5.4.14 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.314. secretary
The secretary attribute identifies an entry’s secretary or administrative assistant.
secretary: cn=John Smith,dc=example,dc=com| OID | 0.9.2342.19200300.100.1.21 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.315. seeAlso
The seeAlso attribute identifies another Directory Server entry that may contain information related to this entry.
seeAlso: cn=Quality Control Inspectors,ou=manufacturing,dc=example,dc=com| OID | 2.5.4.34 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.316. serialNumber
The serialNumber attribute contains the serial number of a device.
serialNumber: 555-1234-AZ| OID | 2.5.4.5 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.317. serverHostName
The serverHostName attribute contains the host name of the server on which the Directory Server is running.
| OID | 2.16.840.1.113730.3.1.76 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Red Hat Administration Services |
5.2.318. serverProductName
The serverProductName attribute contains the name of the server product.
| OID | 2.16.840.1.113730.3.1.71 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Red Hat Administration Services |
5.2.319. serverRoot
This attribute is obsolete.
This attribute shows the installation directory (server root) of Directory Servers version 7.1 or older.
| OID | 2.16.840.1.113730.3.1.70 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.320. serverVersionNumber
The serverVersionNumber attribute contains the server version number.
| OID | 2.16.840.1.113730.3.1.72 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Red Hat Administration Services |
5.2.321. shadowExpire
The shadowExpire attribute contains the date that the shadow account expires. The format of the date is in the number days since EPOCH, in UTC. To calculate this on the system, run a command like the following, using -d for the current date and -u to specify UTC:
$ echo date -u -d 20100108 +%s /24/60/60 |bc
14617
The result (14617 in the example) is then the value of shadowExpire.
shadowExpire: 14617
The shadowExpire attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.10 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.322. shadowFlag
The shadowFlag attribute identifies what area in the shadow map stores the flag values.
shadowFlag: 150
The shadowFlag attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.11 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.323. shadowInactive
The shadowInactive attribute sets how long, in days, the shadow account can be inactive.
shadowInactive: 15
The shadowInactive attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.9 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.324. shadowLastChange
The shadowLastChange attribute contains the number of days between January 1, 1970 and the day when the user password was last set. For example, if an account’s password was last set on Nov 4, 2016, the shadowLastChange attribute is set to 0
The following exceptions are existing:
-
When the
passwordMustChangeparameter is enabled in thecn=configentry, new accounts have0set in theshadowLastChangeattribute. -
When you create an account without password, the
shadowLastChangeattribute is not added.
The shadowLastChange attribute is automatically updated for accounts synchronized from Active Directory.
The shadowLastChange attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.5 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.325. shadowMax
The shadowMax attribute sets the maximum number of days that a shadow password is valid.
shadowMax: 10
The shadowMax attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.7 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.326. shadowMin
The shadowMin attribute sets the minimum number of days that must pass between changing the shadow password.
shadowMin: 3
The shadowMin attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.6 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.327. shadowWarning
The shadowWarning attribute sets how may days in advance of password expiration to send a warning to the user.
shadowWarning: 2
The shadowWarning attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.8 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.328. singleLevelQuality
The singleLevelQuality specifies the purported data quality at the level immediately below in the directory tree.
| OID | 0.9.2342.19200300.100.1.50 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.329. sn (surname)
The surname, or sn, attribute contains an entry’s surname, also called a last name or family name.
surname: Jensen
sn: Jensen| OID | 2.5.4.4 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.330. st (stateOrProvinceName)
The stateOrProvinceName, or st, attributes contains the entry’s state or province.
stateOrProvinceName: California
st: California| OID | 2.5.4.8 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.331. street
The streetAddress, or street, attribute contains an entry’s street name and residential address.
streetAddress: 1234 Ridgeway Drive
street: 1234 Ridgeway Drive| OID | 2.5.4.9 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.332. subject
The subject attribute contains information about the subject matter of the document entry.
subject: employee option grants| OID | 0.9.2342.19200300.102.1.8 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Internet White Pages Pilot |
5.2.333. subtreeMaximumQuality
The subtreeMaximumQuality attribute specifies the purported maximum data quality for a directory subtree.
| OID | 0.9.2342.19200300.100.1.52 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.334. subtreeMinimumQuality
The subtreeMinimumQuality specifies the purported minimum data quality for a directory subtree.
| OID | 0.9.2342.19200300.100.1.51 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.335. supportedAlgorithms
The supportedAlgorithms attribute contains algorithms which are requested and stored in a binary form, such as supportedAlgorithms;binary.
supportedAlgorithms:: AAAAAA==| OID | 2.5.4.52 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.336. supportedApplicationContext
This attribute contains the identifiers of OSI application contexts.
| OID | 2.5.4.30 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.337. telephoneNumber
The telephoneNumber contains an entry’s phone number. For example:
telephoneNumber: 415-555-2233| OID | 2.5.4.20 |
| Syntax | TelephoneNumber |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.338. teletexTerminalIdentifier
The teletexTerminalIdentifier attribute contains an entry’s teletex terminal identifier. The first printable string in the example is the encoding of the first portion of the teletex terminal identifier to be encoded, and the subsequent 0 or more octet strings are subsequent portions of the teletex terminal identifier:
teletex-id = ttx-term 0*("$" ttx-param)
ttx-term = printablestring
ttx-param = ttx-key ":" ttx-value
ttx-key = "graphic" / "control" / "misc" / "page" / "private"
ttx-value = octetstring| OID | 2.5.4.22 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.339. telexNumber
This attribute defines the telex number of the entry. The format of the telex number is as follows:
actual-number "$" country "$" answerback- actual-number is the syntactic representation of the number portion of the telex number being encoded.
- country is the TELEX country code.
- answerback is the answerback code of a TELEX terminal.
| OID | 2.5.4.21 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.340. title
The title attribute contains a person’s title within the organization.
title: Senior QC Inspector| OID | 2.5.4.12 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.341. ttl (TimeToLive)
The TimeToLive, or ttl, attribute contains the time, in seconds, that cached information about an entry should be considered valid. Once the specified time has elapsed, the information is considered out of date. A value of zero (0) indicates that the entry should not be cached.
TimeToLive: 120
ttl: 120| OID | 1.3.6.1.4.250.1.60 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | LDAP Caching Internet Draft |
5.2.342. uid (userID)
The userID, more commonly uid, attribute contains the entry’s unique user name.
userID: jsmith
uid: jsmith| OID | 0.9.2342.19200300.100.1.1 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.343. uidNumber
The uidNumber attribute contains a unique numeric identifier for a user entry. This is analogous to the user number in Unix.
uidNumber: 120
The uidNumber attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.0 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.344. uniqueIdentifier
This attribute identifies a specific item used to distinguish between two entries when a distinguished name has been reused. This attribute is intended to detect any instance of a reference to a distinguished name that has been deleted. This attribute is assigned by the server.
uniqueIdentifier:: AAAAAA==| OID | 0.9.2342.19200300.100.1.44 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.345. uniqueMember
The uniqueMember attribute identifies a group of names associated with an entry where each name was given a uniqueIdentifier to ensure its uniqueness. A value for the uniqueMember attribute is a DN followed by the uniqueIdentifier.
| OID | 2.5.4.50 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.346. updatedByDocument
The updatedByDocument attribute contains the distinguished name of a document that is an updated version of the document entry.
| OID | 0.9.2342.19200300.102.1.6 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Internet White Pages Pilot |
5.2.347. updatesDocument
The updatesDocument attribute contains the distinguished name of a document for which this document is an updated version.
| OID | 0.9.2342.19200300.102.1.5 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Internet White Pages Pilot |
5.2.348. userCertificate
This attribute is stored and requested in the binary form, as userCertificate;binary.
userCertificate;binary:: AAAAAA==| OID | 2.5.4.36 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.349. userClass
This attribute specifies a category of computer user. The semantics of this attribute are arbitrary. The organizationalStatus attribute makes no distinction between computer users and other types of users users and may be more applicable.
userClass: intern| OID | 0.9.2342.19200300.100.1.8 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.350. userPassword
This attribute identifies the entry’s password and encryption method in the format {encryption method}encrypted password. For example:
userPassword: {sha}FTSLQhxXpA05Transferring cleartext passwords is strongly discouraged where the underlying transport service cannot guarantee confidentiality. Transferring in cleartext may result in disclosure of the password to unauthorized parties.
| OID | 2.5.4.35 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.351. userPKCS12
This attribute provides a format for the exchange of personal identity information. The attribute is stored and requested in binary form, as userPKCS12;binary. The attribute values are PFX PDUs stored as binary data.
| OID | 2.16.840.1.113730.3.1.216 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.352. userSMIMECertificate
The userSMIMECertificate attribute contains certificates which can be used by mail clients for S/MIME. This attribute requests and stores data in a binary format. For example:
userSMIMECertificate;binary:: AAAAAA==| OID | 2.16.840.1.113730.3.1.40 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.353. vacationEndDate
This attribute shows the ending date of the user’s vacation period.
| OID | 2.16.840.1.113730.3.1.708 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.354. vacationStartDate
This attribute shows the start date of the user’s vacation period.
| OID | 2.16.840.1.113730.3.1.707 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.355. x121Address
The x121Address attribute contains a user’s X.121 address.
| OID | 2.5.4.24 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.356. x500UniqueIdentifier
Reserved for future use. An X.500 identifier is a binary method of identification useful for differentiating objects when a distinguished name has been reused.
x500UniqueIdentifier:: AAAAAA==| OID | 2.5.4.45 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.3. Entry Object Class Reference
This reference is an alphabetical list of the object classes accepted by the default schema. It gives a definition of each object class and lists its required and allowed attributes. The object classes listed are available to support entry information.
The required attributes listed for an object class must be present in the entry when that object class is added to the directory’s ldif file. If an object class has a superior object class, both of these object classes with all required attributes must be present in the entry. If required attributes are not listed in the ldif file, than the server will not restart.
The LDAP RFCs and X.500 standards allow for an object class to have more than one superior object class. This behavior is not currently supported by Directory Server.
5.3.1. account
The account object class defines entries for computer accounts. This object class is defined in RFC 1274.
Superior Class
top
OID
0.9.2342.19200300.100.4.5
| Attribute | Definition |
|---|---|
| Gives the object classes for the entry. | |
| Gives the defined account’s user ID. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. | |
| Gives the host name for the machine on which the account resides. | |
| Gives the city or geographical location of the entry. | |
| Gives the organization to which the account belongs. | |
| Gives the organizational unit or division to which the account belongs. | |
| Contains a URL to another entry or site with related information. |
5.3.2. accountpolicy
The accountpolicy object class defines entries for account inactivation or expiration policies. This is used for a user directory configuration entry, which works in conjunction with the Account Policy Plug-in configuration.
Superior Class
top
OID
1.3.6.1.4.1.11.1.3.2.2.1
| Attribute | Definition |
|---|---|
| Sets the period, in seconds, from the last login time of an account before that account is locked for inactivity. |
5.3.3. alias
The alias object class points to other directory entries. This object class is defined in RFC 2256.
Aliasing entries is not supported in Red Hat Directory Server.
Superior Class
top
OID
2.5.6.1
| Attribute | Definition |
|---|---|
| Defines the object classes for the entry. | |
| Gives the distinguished name of the entry for which this entry is an alias. |
5.3.4. bootableDevice
The bootableDevice object class points to a device with boot parameters. This object class is defined in RFC 2307.
This object class is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
Superior Class
top
OID
1.3.6.1.1.1.2.12
| Attribute | Definition |
|---|---|
| Defines the object classes for the entry. | |
| Gives the common name of the device. |
| Attribute | Definition |
|---|---|
| Gives the boot image file. | |
| Gives the parameters used by the boot process for the device. | |
| Gives a text description of the entry. | |
| Gives the city or geographical location of the entry. | |
| Gives the organization to which the device belongs. | |
| Gives the organizational unit or division to which the device belongs. | |
| Gives the DN (distinguished name) of the person responsible for the device. | |
| Contains a URL to another entry or site with related information. | |
| Contains the serial number of the device. |
5.3.5. cacheObject
The cacheObject is an object that contains the time to live (ttl) attribute type. This object class is defined in the LDAP Caching Internet Draft.
Superior Class
top
OID
1.3.6.1.4.1.250.3.18
| Attribute | Definition |
|---|---|
| Defines the object classes for the entry. |
| Attribute | Definition |
|---|---|
| The time that the object remains (lives) in the cache. |
5.3.6. cosClassicDefinition
The cosClassicDefinition object class defines a class of service template entry using the entry’s DN (distinguished name), given in the Section 5.2.32, “cosTemplateDn” attribute, and the value of one of the target attributes, specified in the Section 5.2.30, “cosSpecifier” attribute.
This object class is defined in RFC 1274.
Superior Class
cosSuperDefinition
OID
2.16.840.1.113730.3.2.100
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
|
Provides the name of the attribute for which the CoS generates a value. There can be more than one |
| Attribute | Definition |
|---|---|
| Gives the common name of the entry. | |
| Specifies the attribute value used by a classic CoS, which, along with the template entry’s DN, identifies the template entry. | |
| Provides the DN of the template entry which is associated with the CoS definition. | |
| Gives a text description of the entry. |
5.3.7. cosDefinition
The cosDefinition object class defines which class of service is being used; this object class provide compatibility with the DS4.1 CoS Plug-in.
This object class is defined in RFC 1274.
Superior Class
top
OID
2.16.840.1.113730.3.2.84
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
| Attribute | Definition |
|---|---|
| Evaluates what rights are granted or denied when the Directory Server receives an LDAP request from a client. | |
| Gives the common name of the entry. | |
|
Provides the name of the attribute for which the CoS generates a value. There can be more than one | |
| Specifies the attribute value used by a classic CoS, which, along with the template entry’s DN, identifies the template entry. | |
| Defines the subtrees in the directory to which the CoS schema applies. | |
| Provides the DN of the template entry which is associated with the CoS definition. | |
| Gives the user ID for the entry. |
5.3.8. cosIndirectDefinition
The cosIndirectDefinition defines the template entry using the value of one of the target entry’s attributes. The attribute of the target entry is specified in the Section 5.2.28, “cosIndirectSpecifier” attribute.
This object class is defined by Directory Server.
Superior Class
cosSuperDefinition
OID
2.16.840.1.113730.3.2.102
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
|
Provides the name of the attribute for which the CoS generates a value. There can be more than one |
| Attribute | Definition |
|---|---|
| Gives the common name of the entry. | |
| Specifies the attribute value used by an indirect CoS to identify the template entry. | |
| Gives a text description of the entry. |
5.3.9. cosPointerDefinition
This object class identifies the template entry associated with the CoS definition using the template entry’s DN value. The DN of the template entry is specified in the Section 5.2.28, “cosIndirectSpecifier” attribute.
This object class is defined by Directory Server.
Superior Class
cosSuperDefinition
OID
2.16.840.1.113730.3.2.101
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
|
Provides the name of the attribute for which the CoS generates a value. There can be more than one |
| Attribute | Definition |
|---|---|
| Gives the common name of the entry. | |
| Provides the DN of the template entry which is associated with the CoS definition. | |
| Gives a text description of the entry. |
5.3.10. cosSuperDefinition
All CoS definition object classes inherit from the cosSuperDefinition object class.
This object class is defined by Directory Server.
Superior Class
LDAPsubentry
OID
2.16.840.1.113730.3.2.99
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
|
Provides the name of the attribute for which the CoS generates a value. There can be more than one |
| Attribute | Definition |
|---|---|
| Gives the common name of the entry. | |
| Gives a text description of the entry. |
5.3.11. cosTemplate
The cosTemplate object class contains a list of the shared attribute values for the CoS.
This object class is defined by Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.128
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
| Attribute | Definition |
|---|---|
| Gives the common name of the entry. | |
| Specifies which template provides the attribute value when CoS templates compete to provide an attribute value. |
5.3.12. country
The country object class defines entries which represent countries. This object class is defined in RFC 2256.
Superior Class
top
OID
2.5.6.2
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Contains the two-character code representing country names, as defined by ISO, in the directory. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. | |
| Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search. |
5.3.13. dcObject
The dcObject object class allows domain components to be defined for an entry. This object class is defined as auxiliary because it is commonly used in combination with another object class, such as o (organization), ou (organizationalUnit), or l (locality).
For example:
dn: dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
objectClass: dcObject
dc: example
ou: Example CorporationThis object class is defined in RFC 2247.
Superior Class
top
OID
1.3.6.1.4.1.1466.344
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Contains one component of a domain name. |
5.3.14. device
The device object class stores information about network devices, such as printers, in the directory. This object class is defined in RFC 2247.
Superior Class
top
OID
2.5.6.14
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the device. | |
| Gives the common name of the device. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. | |
| Gives the city or geographical location of the entry. | |
| Gives the organization to which the device belongs. | |
| Gives the organizational unit or division to which the device belongs. | |
| Gives the DN (distinguished name) of the person responsible for the device. | |
| Contains a URL to another entry or site with related information. | |
| Contains the serial number of the device. |
5.3.15. document
The document object class defines directory entries that represent documents. RFC 1247.
Superior Class
top
OID
0.9.2342.19200300.100.4.6
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the unique ID for the document. |
| Attribute | Definition |
|---|---|
| Contains the abstract for the document. | |
| Stores a sound file in binary format. | |
| Gives the author’s common name or given name. | |
| Gives the author’s surname. | |
| Gives the common name of the entry. | |
| Gives a text description of the entry. | |
| Contains the DN (distinguished name) of the entry to use as a redirect for the document entry. | |
| Contains the DN (distinguished name) of the author. | |
| Gives the location of the original document. | |
| Identifies the person or organization that published the document. | |
| Contains the title of the document. | |
| Gives the version number of the document. | |
| Contains information about the document. | |
| Stores a JPG image. | |
| Contains keywords related to the document. | |
| Gives the city or geographical location of the entry. | |
| Gives the DN (distinguished name) of the last user which modified the document entry. | |
| Gives the time of the last modification. | |
| Gives the DN (distinguished name) of the entry’s manager. | |
| Gives the organization to which the document belongs. | |
| Gives the DN (distinguished name) of another document entry which obsoletes this document. | |
| Gives the DN (distinguished name) of another document entry which is obsoleted by this document. | |
| Gives the organizational unit or division to which the document belongs. | |
| Stores a photo of the document in binary format. | |
| Contains a URL to another entry or site with related information. | |
| Describes the subject of the document. | |
| Distinguishes between two entries when a distinguished name has been reused. | |
| Gives the DN (distinguished name) of another document entry which updates this document. | |
| Gives the DN (distinguished name) of another document entry which is updated by this document. |
5.3.16. documentSeries
The documentSeries object class defines an entry that represents a series of documents. This object class is defined in RFC 1274.
Superior Class
top
OID
0.9.2342.19200300.100.4.9
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. | |
| Gives the place where the document series is physically located. | |
| Gives the organization to which the document series belongs. | |
| Gives the organizational unit or division to which the series belongs. | |
| Contains a URL to another entry or site with related information. | |
| Gives the telephone number of the person responsible for the document series. |
5.3.17. domain
The domain object class defines directory entries that represent DNS domains. Use the Section 5.2.34, “dc (domainComponent)” attribute to name entries of this object class.
This object class is also used for Internet domain names, such as example.com.
The domain object class can only be used for a directory entry which does not correspond to an organization, organizational unit, or any other object which has an object class defined for it. object for which an object class has been defined.
This object class is defined in RFC 2252.
Superior Class
top
OID
0.9.2342.19200300.100.4.13
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Contains one component of a domain name. |
| Attribute | Definition |
|---|---|
| Gives the name of an entry within the organizational directory tree which is associated with a DNS domain. | |
| Gives the type of business in which this domain is engaged. | |
| Gives a text description of the entry. | |
| Gives the country and city associated with the entry; this was once required to provide public telegram service. | |
| Gives the fax number for the domain. | |
| Gives the ISDN number for the domain. | |
| Gives the city or geographical location of the entry. | |
| Gives the organization to which the entry belongs. | |
| Gives a location where physical deliveries can be made. | |
| Gives the post office box number for the domain. | |
| Contains the mailing address for the domain. | |
| Gives the postal code for the domain, such as the zip code in the United States. | |
| Shows the person’s preferred method of contact or message delivery. | |
| Gives a postal address suitable to receive expedited documents when the recipient must verify delivery. | |
| Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search. | |
| Contains a URL to another entry or site with related information. | |
| Gives the state or province where the domain is located. | |
| Gives the street name and address number for the domain’s physical location. | |
| Gives the phone number for the domain. | |
| Gives the ID for a domain’s teletex terminal. | |
| Gives the telex number for the domain. | |
| Stores the password with which the entry can bind to the directory. | |
| Gives the X.121 address for the domain. |
5.3.18. domainRelatedObject
The domainRelatedObject object class defines entries that represent DNS or NRS domains which are equivalent to an X.500 domain, such as an organization or organizational unit.
This object class is defined in RFC 1274.
Superior Class
top
OID
0.9.2342.19200300.100.4.17
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Specifies a DNS domain associated with an object in the directory tree. |
5.3.19. dSA
The dSA object class defines entries that represent DSAs.
This object class is defined in RFC 1274.
Superior Class
top
OID
2.5.6.13
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. | |
| Contains the entry’s OSI presentation address. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. | |
| Gives the city or geographical location of the entry. | |
| Gives the organization to which the entry belongs. | |
| Gives the organizational unit or division to which the entry belongs. | |
| Contains a URL to another entry or site with related information. | |
| Contains the identifiers of OSI application contexts. |
5.3.20. extensibleObject
When present in an entry, extensibleObject permits the entry to hold optionally any attribute. The allowed attribute list of this class is implicitly the set of all attributes known to the server.
This object class is defined in RFC 2252.
Superior Class
top
OID
1.3.6.1.4.1.1466.101.120.111
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
Allowed Attributes
All attributes known to the server.
5.3.21. friendlyCountry
The friendlyCountry object class defines country entries within the directory. This object class allows more friendly names than the country object class.
This object class is defined in RFC 1274.
Superior Class
top
OID
0.9.2342.19200300.100.4.18
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Stores the human-readable country name. | |
| Contains the two-character code representing country names, as defined by ISO, in the directory. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. | |
| Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search. |
5.3.22. groupOfCertificates
The groupOfCertificates object class describes a set of X.509 certificates. Any certificate that matches one of the Section 5.2.107, “memberCertificateDescription” values is considered a member of the group.
Superior Class
top
OID
2.16.840.1.113730.3.2.31
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. |
| Attribute | Definition |
|---|---|
| Gives the type of business in which the group is engaged. | |
| Gives a text description of the entry. | |
| Contains the values used to determine if a particular certificate is a member of this group. | |
| Gives the organization to which the entry belongs. | |
| Gives the organizational unit or division to which the entry belongs. | |
| Contains the DN (distinguished name) of the person responsible for the group. | |
| Contains a URL to another entry or site with related information. |
5.3.23. groupOfMailEnhancedUniqueNames
The groupOfMailEnhancedUniqueNames object class is used for a mail group which must have unique members. This object class is defined for Netscape Messaging Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.5
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. |
| Attribute | Definition |
|---|---|
| Gives the type of business in which the group is engaged. | |
| Gives a text description of the entry. | |
| Contains a unique DN value to identify a member of the mail group. | |
| Gives the organization to which the entry belongs. | |
| Gives the organizational unit or division to which the entry belongs. | |
| Contains the DN (distinguished name) of the person responsible for the group. | |
| Contains a URL to another entry or site with related information. |
5.3.24. groupOfNames
The groupOfNames object class contains entries for a group of names. This object class is defined in RFC 2256.
The definition for this object class in Directory Server differs from the standard definition. In the standard definition, Section 5.2.106, “member” is a required attribute, while in Directory Server it is an allowed attribute. Directory Server, therefore, allows a group to have no members.
Superior Class
top
OID
2.5.6.9
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. |
| Attribute | Definition |
|---|---|
| Gives the type of business in which the entry is engaged. | |
| Gives a text description of the entry. | |
| Contains the DN (distinguished name) of a group member. | |
| Gives the organization to which the entry belongs. | |
| Gives the organizational unit or division to which the entry belongs. | |
| Contains the DN (distinguished name) of the person responsible for the group. | |
| Contains a URL to another entry or site with related information. |
5.3.25. groupOfUniqueNames
The groupOfUniqueNames object class defines a group which contains unique names.
The definition for this object class in Directory Server differs from the standard definition. In the standard definition, Section 5.2.345, “uniqueMember” is a required attribute, while in Directory Server it is an allowed attribute. Directory Server, therefore, allows a group to have no members.
This object class is defined in RFC 2256.
Superior Class
top
OID
2.5.6.17
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. |
| Attribute | Definition |
|---|---|
| Gives the type of business in which the entry is engaged. | |
| Gives a text description of the entry. | |
| Gives the organization to which the entry belongs. | |
| Gives the organizational unit or division to which the entry belongs. | |
| Contains the DN (distinguished name) of the person responsible for the group. | |
| Contains a URL to another entry or site with related information. | |
| Contains the DN (distinguished name) of a member of the group; this DN must be unique. |
5.3.26. groupOfURLs
The groupOfURLs object class is an auxiliary object class for the groupOfUniqueNames and groupOfNames object classes. This group consists of a list of labeled URLs.
Superior Class
top
OID
2.16.840.1.113730.3.2.33
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. |
| Attribute | Definition |
|---|---|
| Gives the type of business in which the group is engaged. | |
| Gives a text description of the entry. | |
| Contains a URL associated with each member of the group. | |
| Gives the organization to which the entry belongs. | |
| Gives the organizational unit or division to which the entry belongs. | |
| Contains the DN (distinguished name) of the person responsible for the group. | |
| Contains a URL to another entry or site with related information. |
5.3.27. ieee802Device
The ieee802Device object class points to a device with a MAC address. This object class is defined in RFC 2307.
This object class is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
Superior Class
top
OID
1.3.6.1.1.1.2.11
| Attribute | Definition |
|---|---|
| Defines the object classes for the entry. | |
| Gives the common name of the device. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. | |
| Gives the city or geographical location of the entry. | |
| Gives the MAC address of the device. | |
| Gives the organization to which the device belongs. | |
| Gives the organizational unit or division to which the device belongs. | |
| Gives the DN (distinguished name) of the person responsible for the device. | |
| Contains a URL to another entry or site with related information. | |
| Contains the serial number of the device. |
5.3.28. inetAdmin
The inetAdmin object class is a marker for an administrative group or user. This object class is defined for the Netscape Delegated Administrator.
Superior Class
top
OID
2.16.840.1.113730.3.2.112
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
| Attribute | Definition |
|---|---|
| Identifies a role to which the administrative user belongs. | |
| Contains a group name to which the administrative user belongs. This is dynamically managed by the MemberOf Plug-in. |
5.3.29. inetDomain
The inetDomain object class is a auxiliary class for virtual domain nodes. This object class is defined for the Netscape Delegated Administrator.
Superior Class
top
OID
2.16.840.1.113730.3.2.129
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
| Attribute | Definition |
|---|---|
| Defines the base DN of the user subtree for a DNS domain. | |
| Gives the status of the domain. The status can be active, inactive, or deleted. |
5.3.30. inetOrgPerson
The inetOrgPerson object class defines entries representing people in an organization’s enterprise network. This object class inherits the Section 5.2.25, “cn (commonName)” and Section 5.2.329, “sn (surname)” attributes from the person object class.
This object class is defined in RFC 2798.
Superior Class
person
OID
2.16.840.1.113730.3.2.2
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. | |
| Gives the person’s family name or last name. |
| Attribute | Definition |
|---|---|
| Stores a sound file in binary format. | |
| Gives the type of business in which the entry is engaged. | |
| Gives the license plate number of the person’s vehicle. | |
| Gives the department for which the person works. | |
| Gives a text description of the entry. | |
| Gives the country and city associated with the entry; this was once required to provide public telegram service. | |
| Shows the preferred name of a person to use when displaying entries. | |
| Contains the person’s employee number. | |
| Shows the person’s type of employment (for example, full time). | |
| Contains the person’s fax number. | |
| Contains the person’s first name. | |
| Gives the person’s home phone number. | |
| Gives the person’s home mailing address. | |
| Gives the person’s initials. | |
| Contains the ISDN number for the entry. | |
| Stores a JPG image. | |
| Gives the city or geographical location of the entry. | |
| Contains a URL which is relevant to the entry. | |
| Contains the person’s email address. | |
| Contains the DN (distinguished name) of the direct supervisor of the person entry. | |
| Gives the person’s mobile phone number. | |
| Gives the organization to which the entry belongs. | |
| Gives the organizational unit or division to which the entry belongs. | |
| Gives the person’s pager number. | |
| Stores a photo of a person, in binary format. | |
| Gives a location where physical deliveries can be made. | |
| Gives the post office box number for the entry. | |
| Contains the mailing address for the entry. | |
| Gives the postal code for the entry, such as the zip code in the United States. | |
| Shows the person’s preferred method of contact or message delivery. | |
| Gives the person’s preferred written or spoken language. | |
| Gives a postal address suitable to receive expedited documents when the recipient must verify delivery. | |
| Gives the room number where the person is located. | |
| Contains the DN (distinguished name) of the person’s secretary or administrative assistant. | |
| Contains a URL to another entry or site with related information. | |
| Gives the state or province where the entry is located. | |
| Gives the street name and number for the person’s physical location. | |
| Gives the telephone number for the entry. | |
| Gives the identifier for the person’s teletex terminal. | |
| Gives the telex number associated with the entry. | |
| Shows the person’s job title. | |
| Contains the person’s user ID (usually his logon ID). | |
| Stores a user’s certificate in cleartext (not used). | |
| Stores the password with which the entry can bind to the directory. | |
| Stores the person’s certificate in binary form so it can be used by S/MIME clients. | |
| Gives the X.121 address for the person. | |
| Reserved for future use. |
5.3.31. inetSubscriber
The inetSubscriber object class is used for general user account management. This object class is defined for the Netscape subscriber interoperability.
Superior Class
top
OID
2.16.840.1.113730.3.2.134
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
| Attribute | Definition |
|---|---|
| Contains a unique attribute linking the subscriber to a billing system. | |
| Contains some kind of question or prompt, the challenge phrase, which is used to confirm the identity of the user. | |
| Contains the answer to the challenge question. |
5.3.32. inetUser
The inetUser object class is an auxiliary class which must be present in an entry in order to deliver subscriber services. This object class is defined for the Netscape subscriber interoperability.
Superior Class
top
OID
2.16.840.1.113730.3.2.130
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
| Attribute | Definition |
|---|---|
| Contains web addresses associated with the user. | |
| Gives the status of the user. The status can be active, inactive, or deleted. | |
| Contains a group name to which the user belongs. This is dynamically managed by the MemberOf Plug-in. | |
| Contains the person’s user ID (usually his logon ID). | |
| Stores the password with which the user can use to access the user account. |
5.3.33. ipHost
The ipHost object class stores IP information about a host. This object class is defined in RFC 2307.
This object class is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
Superior Class
top
OID
1.3.6.1.1.1.2.6
| Attribute | Definition |
|---|---|
| Defines the object classes for the entry. | |
| Gives the common name of the device. | |
| Contains the IP address of the device or host. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. | |
| Gives the city or geographical location of the entry. | |
| Contains the DN (distinguished name) of the maintainer or supervisor of the entry. | |
| Gives the organization to which the device belongs. | |
| Gives the organizational unit or division to which the device belongs. | |
| Gives the DN (distinguished name) of the person responsible for the device. | |
| Contains a URL to another entry or site with related information. | |
| Contains the serial number of the device. |
5.3.34. ipNetwork
The ipNetwork object class stores IP information about a network. This object class is defined in RFC 2307.
This object class is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
Superior Class
top
OID
1.3.6.1.1.1.2.7
| Attribute | Definition |
|---|---|
| Defines the object classes for the entry. | |
| Gives the common name of the device. | |
| Contains the IP number for the network. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. | |
| Gives the city or geographical location of the entry. | |
| Contains the DN (distinguished name) of the maintainer or supervisor of the entry. | |
| Contains the IP netmask for the network. |
5.3.35. ipProtocol
The ipProtocol object class shows the IP protocol version. This object class is defined in RFC 2307.
This object class is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
Superior Class
top
OID
1.3.6.1.1.1.2.4
| Attribute | Definition |
|---|---|
| Defines the object classes for the entry. | |
| Gives the common name of the device. | |
| Contains the IP protocol number for the network. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. |
5.3.36. ipService
The ipService object class stores information about the IP service. This object class is defined in RFC 2307.
This object class is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
Superior Class
top
OID
1.3.6.1.1.1.2.3
| Attribute | Definition |
|---|---|
| Defines the object classes for the entry. | |
| Gives the common name of the device. | |
| Gives the port number used by the IP service. | |
| Contains the IP protocol number for the service. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. |
5.3.37. labeledURIObject
This object class can be added to existing directory objects to allow URI values to be included. Using this object class does not preclude including the Section 5.2.88, “labeledURI” attribute type directly in other object classes as appropriate.
This object class is defined in RFC 2079.
Superior Class
top
OID
1.3.6.1.4.1.250.3.15
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
| Attribute | Definition |
|---|---|
| Gives a URI which is relevant to the entry’s object. |
5.3.38. locality
The locality object class defines entries that represent localities or geographic areas.
This object class is defined in RFC 2256.
Superior Class
top
OID
2.5.6.3
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. | |
| Gives the city or geographical location of the entry. | |
| Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search. | |
| Contains a URL to another entry or site with related information. | |
| Gives the state or province associated with the locality. | |
| Gives a street and number associated with the locality. |
5.3.39. mailGroup
The mailGroup object class defines the mail attributes for a group. This object is defined in the schema for the Netscape Messaging Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.4
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
| Attribute | Definition |
|---|---|
| Gives the common name of the entry. | |
| Stores email addresses for the group. | |
| Contains secondary email addresses for the group. | |
| Contains the host name of the mail server. | |
| Contains the DN (distinguished name) of the person responsible for the group. |
5.3.40. mailRecipient
The mailRecipient object class defines a mail account for a user. This object is defined in the schema for the Netscape Messaging Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.3
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
| Attribute | Definition |
|---|---|
| Gives the common name of the entry. | |
| Stores email addresses for the group. | |
| Contains the domain from which the user can access the messaging server. | |
| Contains secondary email addresses for the group. | |
| Specifies whether autoreply mode for the account is enabled. | |
| Contains the text use for automatic reply emails. | |
| Specifies the mail delivery mechanism to be used for the mail user. | |
| Specifies the mail delivery mechanism to use for the mail user. | |
| Contains the host name of the mail server. | |
| Specifies the location of the user’s mail box. | |
| Specifies the commands used for programmed mail delivery. | |
| Specifies the disk space allowed for the user’s mail box. | |
| Contains a routing address to use when forwarding the mail from this entry’s account to another messaging server. | |
| Contains a text description of the entry which spans more than one line. | |
| Gives the defined account’s user ID. | |
| Stores the password with which the entry can access the account. |
5.3.41. mepManagedEntry
The mepManagedEntry object class identifies an entry which was been generated by an instance of the Managed Entries Plug-in. This object class is defined in Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.319
| Attribute | Definition |
|---|---|
| Gives the DN of the originating entry which corresponds to the managed entry. |
5.3.42. mepOriginEntry
The mepOriginEntry object class identifies an entry which is within a subtree that is monitored by an instance of the Managed Entries Plug-in and which has had a managed entry created by the plug-in, for which this is the originating entry. This object class is defined in Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.320
| Attribute | Definition |
|---|---|
| Gives the DN of the managed entry entry which was created by the Managed Entries Plug-in instance and which corresponds to this originating entry. |
5.3.43. mepTemplateEntry
The mepTemplateEntry object class identifies an entry which is used as a template by an instance of the Managed Entries Plug-in to create the managed entries. This object class is defined in Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.321
| Attribute | Definition |
|---|---|
| Gives the common name of the entry. | |
| Contains an attribute-token pair that the plug-in uses to create an attribute in the managed entry with a value taken from the originating entry. | |
| Specifies which attribute to use as the naming attribute in the managed entry. | |
| Contains an attribute-value pair that will be used, with that specified value, in the managed entry. |
5.3.44. netscapeCertificateServer
The netscapeCertificateServer object class stores information about a Netscape certificate server. This object is defined in the schema for the Netscape Certificate Management System.
Superior Class
top
OID
2.16.840.1.113730.3.2.18
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
5.3.45. netscapeDirectoryServer
The netscapeDirectoryServer object class stores information about a Directory Server instance. This object is defined in the schema for the Netscape Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.23
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
5.3.46. NetscapeLinkedOrganization
NetscapeLinkedOrganization is an auxiliary object class. This object is defined in the schema for the Netscape server suite.
Superior Class
top
OID
1.3.6.1.4.1.1466.101.120.141
| Attribute | Definition |
|---|---|
| Identifies the parent organization for the linked organization defined for the server suite. |
5.3.47. netscapeMachineData
The netscapeMachineData object class distinguishes between machine data and non-machine data. This object is defined in the schema for the Netscape Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.32
5.3.48. NetscapePreferences
NetscapePreferences is an auxiliary object class which stores the user preferences. This object is defined by Netscape.
Superior Class
top
OID
1.3.6.1.4.1.1466.101.120.142
| Attribute | Definition |
|---|---|
| Gives the person’s preferred written or spoken language. | |
| Gives the person’s preferred locale. A locale setting defines cultural or national settings like date formats and currencies. | |
| Gives the person’s preferred time zone. |
5.3.49. netscapeReversiblePasswordObject
netscapeReversiblePasswordObject is an auxiliary object class to store a password. This object is defined in the schema for the Netscape Web Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.154
| Attribute | Definition |
|---|---|
| Contains a password used for HTTP Digest/MD5 authentication. |
5.3.50. netscapeServer
The netscapeServer object class contains instance-specific information about a Netscape server and its installation.
Superior Class
top
OID
2.16.840.1.113730.3.2.10
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. |
| Attribute | Definition |
|---|---|
| Contains the contact information for the server administrator. | |
| Contains the URL for the Administration Server used by the instance. | |
| Gives a text description of the entry. | |
| Contains the time that the server instance was installed. | |
| Contains the host name of the server on which the Directory Server instance is running. | |
| Contains the product name of the server type. | |
| Specifies the top directory where the server product is installed. | |
| Contains the product version number. | |
| Stores the password with which the entry can bind to the directory. |
5.3.51. netscapeWebServer
The netscapeWebServer object class identifies an installed Netscape Web Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.29
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. | |
| Contains the server’s name or ID. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. | |
| Contains the server’s port number. |
5.3.52. newPilotPerson
The newPilotPerson object class is a subclass of the person to allow additional attributes to be assigned to entries of the person object class. This object class inherits the Section 5.2.25, “cn (commonName)” and Section 5.2.329, “sn (surname)” attributes from the person object class.
This object class is defined in Internet White Pages Pilot.
Superior Class
person
OID
0.9.2342.19200300.100.4.4
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. | |
| Gives the person’s family name or last name. |
| Attribute | Definition |
|---|---|
| Gives the type of business in which the entry is engaged. | |
| Gives a text description of the entry. | |
| Gives the person’s favorite drink. | |
| Gives the person’s home phone number. | |
| Gives the person’s home mailing address. | |
| Gives the person’s email address; this is primarily for use in Great Britain or organizations which do no use RFC 822 mail addresses. | |
| Contains the person’s email address. | |
| Indicates the user’s preference for including his name on mailing lists (electronic or physical). | |
| Gives the person’s mobile phone number. | |
| Gives the common job category for a person’s function. | |
| Contains values for electronic mailbox types other than X.400 and RFC 822. | |
| Gives the person’s pager number. | |
| Contains the person’s signature file. | |
| Gives the person’s honorific. | |
| Shows the person’s preferred method of contact or message delivery. | |
| Gives the room number where the person is located. | |
| Contains the DN (distinguished name) of the person’s secretary or administrative assistant. | |
| Contains a URL to another entry or site with related information. | |
| Gives the telephone number for the entry. | |
| Contains the person’s user ID (usually his logon ID). | |
| Describes the type of computer user this entry is. | |
| Stores the password with which the entry can bind to the directory. |
5.3.53. nisMap
This object class points to a NIS map.
This object class is defined in RFC 2307, which defines object classes and attributes to use LDAP as a network information service.
This object class is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
Superior Class
top
OID
1.3.6.1.1.1.2.13
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Contains the NIS map name. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. |
5.3.54. nisNetgroup
This object class contains a netgroup used within a NIS domain. Adding this object class allows administrators to use netgroups to control login and service authentication in NIS.
This object class is defined in RFC 2307, which defines object classes and attributes to use LDAP as a network information service.
This object class is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
Superior Class
top
OID
1.3.6.1.1.1.2.8
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. | |
| Merges the attribute values of another netgroup into the current one by listing the name of the merging netgroup. | |
|
Contains a user name ( |
5.3.55. nisObject
This object class contains information about an object in a NIS domain.
This object class is defined in RFC 2307, which defines object classes and attributes to use LDAP as a network information service.
This object class is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
Superior Class
top
OID
1.3.6.1.1.1.2.10
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. | |
| Identifies the NIS map entry. | |
| Contains the name of the NIS map. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. |
5.3.56. nsAdminConfig
This object class stores the configuration parameters for the Administration Server. This object is defined for the Administration Services.
Superior Class
nsConfig
OID
nsAdminConfig-oid
| Attribute | Definition |
|---|---|
| Identifies the Administration Server IP addresses. | |
| Contains the Administration Server host name or a list of Administration Server host names. | |
| Notes the length of the cache timeout period. | |
| Contains the PID of the CGI process the server is waiting for. | |
| Sets whether to allow or disallow end user access to the Administration Server web services pages. | |
| Contains the path of the local ACL directory for the Administration Server. | |
| Points to the file which contains the admin user info. |
5.3.57. nsAdminConsoleUser
This object class stores the configuration parameters for the Administration Server. This object is defined for the Administration Services.
Superior Class
top
OID
nsAdminConsoleUser-oid
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. |
| Attribute | Definition |
|---|---|
| Stores preference information for console settings. |
5.3.58. nsAdminDomain
This object class stores user information to access Admin Console. This object is defined for the Administration Services.
Superior Class
organizationalUnit
OID
nsAdminDomain-oid
| Attribute | Definition |
|---|---|
| Identifies the administration domain for the servers. |
5.3.59. nsAdminGlobalParameters
This object class stores the configuration parameters for the Administration Server. This object is defined for the Administration Services.
Superior Class
top
OID
nsAdminGlobalParameters-oid
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. |
| Attribute | Definition |
|---|---|
| Sets whether to allow or disallow end-user access to the HTML index pages. | |
| Gives the nickname for the application. |
5.3.60. nsAdminGroup
This object class stores group information for administrator users in the Administration Server. This object is defined for the Administration Services.
Superior Class
top
OID
nsAdminGroup-oid
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. | |
| Contains the name for the admin group. | |
| Shows the DN of the server instance entry (SIE) for the Administration Server instance. | |
| Gives the full path to the Administration Server instance’s configuration directory. |
5.3.61. nsAdminObject
This object class contains information about an object used by Administration Server, such as a task. This object is defined for the Administration Services.
Superior Class
top
OID
nsAdminObject-oid
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. |
| Attribute | Definition |
|---|---|
| Contains the class name associated with the task or resource editor for the Administration Server. | |
| Gives the name of the JAR file used by the Administration Server Console to access the object. |
5.3.62. nsAdminResourceEditorExtension
This object class contains an extension used by the Console Resource Editor. This object is defined for the Administration Services.
Superior Class
nsAdminObject
OID
nsAdminResourceEditorExtension-oid
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. |
| Attribute | Definition |
|---|---|
| Contains information about the Administration Server account. | |
| Contains the name of a class to be deleted. |
5.3.63. nsAdminServer
This object class defines the Administration Server instance. This object is defined for the Administration Services.
Superior Class
top
OID
nsAdminServer-oid
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. | |
|
Contains the Directory Server ID, such as |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. |
5.3.64. nsAIMpresence
nsAIMpresence is an auxiliary object class which defines the status of an AOL instance messaging account. This object is defined for the Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.300
| Attribute | Definition |
|---|---|
| Contains the AIM user ID for the entry. | |
| Contains a pointer to the graphic image which indicates the AIM account’s status. | |
| Contains the text to indicate the AIM account’s status. |
5.3.65. nsApplication
nsApplication defines an application or server entry. This is defined by Netscape.
Superior Class
top
OID
nsApplication-oid
| Attribute | Definition |
|---|---|
| Defines the object classes for the entry. | |
| Gives the common name of the entry. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. | |
| Contains the time that the server instance was installed. | |
| Contains the build number for the server instance. | |
| Contains the level of security used to make the build. | |
| Contains the date that the license for the application expires. | |
| For servers which are version 7.1 or older, shows the installation directory for the server. | |
| Gives the version of the LDAP schema files used by the Directory Server. | |
| Gives the nickname for the application. | |
| Gives the name of the server product. | |
| Shows the version number of the server product. | |
| Contains the revision number (minor version) for the product. | |
| Gives the serial number assigned to the server product. | |
| Gives the class to use to migrate a server instance. | |
| Gives the class to use to create a server instance. | |
| Contains the name of the vendor who designed the server. |
5.3.66. nsCertificateServer
The nsCertificateServer object class stores information about a Red Hat Certificate System instance. This object is defined in the schema for the Certificate System.
Superior Class
top
OID
nsCertificateServer-oid
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Contains the server’s name or ID. |
| Attribute | Definition |
|---|---|
| Contains configuration settings for a Red Hat Certificate System instance. | |
| Contains the server’s port number. | |
| Contains the host name of the server on which the Directory Server instance is running. |
5.3.67. nsComplexRoleDefinition
Any role that is not a simple role is, by definition, a complex role.
This object class is defined by Directory Server.
Superior Class
nsRoleDefinition
OID
2.16.840.1.113730.3.2.95
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
| Attribute | Definition |
|---|---|
| Gives the common name of the entry. | |
| Gives a text description of the entry. |
5.3.68. nsContainer
Some entries do not define any specific entity, but they create a defined space within the directory tree as a parent entry for similar or related child entries. These are container entries, and they are identified by the nsContainer object class.
Superior Class
top
OID
2.16.840.1.113730.3.2.104
| Attribute | Definition |
|---|---|
| objectClass | Defines the object classes for the entry. |
| cn | Gives the common name of the entry. |
5.3.69. nsCustomView
The nsCustomView object class defines information about custom views of the Directory Server data in the Directory Server Console. This is defined for Administration Services.
Superior Class
nsAdminObject
OID
nsCustomView-oid
| Attribute | Definition |
|---|---|
| Contains the name of the custom view setting profile. |
5.3.70. nsDefaultObjectClasses
nsDefaultObjectClasses sets default object classes to use when creating a new object of a certain type within the directory. This is defined for Administration Services.
Superior Class
top
OID
nsDefaultObjectClasses-oid
| Attribute | Definition |
|---|---|
| Defines the object classes for the entry. | |
| Gives the common name of the device. |
| Attribute | Definition |
|---|---|
| Contains an object class to assign by default to an object type. |
5.3.71. nsDirectoryInfo
nsDirectoryInfo contains information about a directory instance. This is defined for Administration Services.
Superior Class
top
OID
nsDirectoryInfo-oid
| Attribute | Definition |
|---|---|
| Defines the object classes for the entry. | |
| Gives the common name of the device. |
| Attribute | Definition |
|---|---|
| Contains the bind DN defined for the server in its server instance entry. | |
| Contains the password for the bind identity in the SIE. | |
|
Contains a list of URLs of other Directory Server instances to use for failover support if the instance in | |
| Contains a reference to a distinguished name (DN) in the directory. | |
| Contains a URL to access the Directory Server instance. |
5.3.72. nsDirectoryServer
nsDirectoryServer is the defining object class for a Directory Server instance. This is defined for the Directory Server.
Superior Class
top
OID
nsDirectoryServer-oid
| Attribute | Definition |
|---|---|
| Defines the object classes for the entry. | |
| Contains the server’s name or ID. |
| Attribute | Definition |
|---|---|
| Contains the base DN for the server instance. | |
| Contains the bind DN defined for the server in its server instance entry. | |
| Contains the password for the bind identity in the SIE. | |
| Contains the server’s TLS port number. | |
| Contains the server’s port number. | |
| Contains the host name of the server on which the Directory Server instance is running. |
5.3.73. nsFilteredRoleDefinition
The nsFilteredRoleDefinition object class defines how entries are assigned to the role, depending upon the attributes contained by each entry.
This object class is defined in Directory Server.
Superior Class
nsComplexRoleDefinition
OID
2.16.840.1.113730.3.2.97
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Specifies the filter used to identify entries in the filtered role. |
| Attribute | Definition |
|---|---|
| Gives the common name of the entry. | |
| Gives a text description of the entry. |
5.3.74. nsGlobalParameters
The nsGlobalParameters object class contains global preference settings.
This object class is defined in Administrative Services.
Superior Class
top
OID
nsGlobalParameters-oid
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. |
| Attribute | Definition |
|---|---|
| Defines the default attribute type used in the RDN of the group entry. | |
| Defines a unique attribute in the preferences. | |
|
Sets the format to generate the user ID from the | |
| Sets the attribute type to use as the naming component in the user DN. | |
| nsNYR | Not used. |
| nsWellKnownJarfiles | Not used. |
5.3.75. nsHost
The nsHost object class stores information about the server host.
This object class is defined in Administrative Services.
Superior Class
top
OID
nsHost-oid
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. | |
| Gives the city or geographical location of the entry. | |
|
Identifies the hardware platform for the host on which the Directory Server instance is running. This is the same information as running | |
| Gives the location of the server host. | |
| Contains the operating system version of the server host. | |
| Contains the host name of the server on which the Directory Server instance is running. |
5.3.76. nsICQpresence
nsICQpresence is an auxiliary object class which defines the status of an ICQ messaging account. This object is defined for the Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.301
| Attribute | Definition |
|---|---|
| Contains the ICQ user ID for the entry. | |
| Contains a pointer to the graphic image which indicates the ICQ account’s status. | |
| Contains the text to indicate the ICQ account’s status. |
5.3.77. nsLicenseUser
The nsLicenseUser object class tracks tracks licenses for servers that are licensed on a per-client basis. nsLicenseUser is intended to be used with the inetOrgPerson object class. You can manage the contents of this object class through the Users and Groups area of the Administration Server.
This object class is defined in the Administration Server schema.
Superior Class
top
OID
2.16.840.1.113730.3.2.7
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
| Attribute | Definition |
|---|---|
| Identifies the server that the user is licensed to use. | |
| Reserved for future use. | |
| Reserved for future use. |
5.3.78. nsManagedRoleDefinition
The nsManagedRoleDefinition object class specifies the member assignments of a role to an explicit, enumerated list of members.
This object class is defined in Directory Server.
Superior Class
nsComplexRoleDefinition
OID
2.16.840.1.113730.3.2.96
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
| Attribute | Definition |
|---|---|
| Gives the common name of the entry. | |
| Gives a text description of the entry. |
5.3.79. nsMessagingServerUser
nsICQpresence is an auxiliary object class that describes a messaging server user. This object class is defined for Netscape Messaging Server.
Superior Class
top
OID
2.16.840.113730.3.2.37
| Attribute | Definition |
|---|---|
| Gives the object classes for the entry. |
| Attribute | Definition |
|---|---|
| Gives the common name of the entry. | |
| Contains the domain from which the user can access the messaging server. | |
| Contains secondary email addresses for the group. | |
| Specifies whether autoreply mode for the account is enabled. | |
| Contains the text use for automatic reply emails. | |
| Specifies the mail delivery mechanism to be used for the mail user. | |
| Specifies the mail delivery mechanism to use for the mail user. | |
| Specifies the location of the user’s mail box. | |
| Specifies the commands used for programmed mail delivery. | |
| Specifies the disk space allowed for the user’s mail box. | |
| Sets limits on the mail protocols available to the user. | |
| Specifies the number of messages allowed for the user’s mail box. | |
| Stores the extended preferences for the user. | |
| Contains the end date for a vacation period. | |
| Contains the start date for a vacation period. |
5.3.80. nsMSNpresence
nsMSNpresence is an auxiliary object class which defines the status of an MSN instance messaging account. This object is defined for the Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.303
| Attribute | Definition |
|---|---|
| Contains the MSN user ID for the entry. |
5.3.81. nsNestedRoleDefinition
The nsNestedRoleDefinition object class specifies one or more roles, of any type, are included as members within the role.
This object class is defined in Directory Server.
Superior Class
nsComplexRoleDefinition
OID
2.16.840.1.113730.3.2.98
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Specifies the roles assigned to an entry. |
| Attribute | Definition |
|---|---|
| Gives the common name of the entry. | |
| Gives a text description of the entry. |
5.3.82. nsResourceRef
The nsNestedRoleDefinition object class configures a resource reference.
This object class is defined in the Administration Services.
Superior Class
top
OID
nsResourceRef-oid
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. |
| Attribute | Definition |
|---|---|
| Contains a URL to another entry or site with related information. |
5.3.83. nsRoleDefinition
All role definition object classes inherit from the nsRoleDefinition object class.
This object class is defined by Directory Server.
Superior Class
LDAPsubentry
OID
2.16.840.1.113730.3.2.93
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
| Attribute | Definition |
|---|---|
| Gives the common name of the entry. | |
| Gives a text description of the entry. |
5.3.84. nsSimpleRoleDefinition
Roles containing this object class are called simple roles because they have a deliberately limited flexibility, which makes it easy to:
- Enumerate the members of a role.
- Determine whether a given entry possesses a particular role.
- Enumerate all the roles possessed by a given entry.
- Assign a particular role to a given entry.
- Remove a particular role from a given entry.
This object class is defined by Directory Server.
Superior Class
nsRoleDefinition
OID
2.16.840.1.113730.3.2.94
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
| Attribute | Definition |
|---|---|
| Gives the common name of the entry. | |
| Gives a text description of the entry. |
5.3.85. nsSNMP
This object class defines the configuration for the SNMP plug-in object used by the Directory Server.
This object class is defined in Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.41
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. | |
| Sets whether SNMP is enabled for the Directory Server instance. |
| Attribute | Definition |
|---|---|
| Contains the contact information provided by the SNMP agent. | |
| Contains a text description of the SNMP setup. | |
| Contains the location information or configuration for the SNMP agent. | |
| Contains the host name for the server where the SNMP master agent is located. | |
| Contains the port to access the SNMP subagent. | |
| Contains the organization name or information provided by the SNMP service. |
5.3.86. nsTask
This object class defines the configuration for tasks performed by the Directory Server.
This object class is defined for the Administrative Services.
Superior Class
top
OID
nsTask-oid
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. |
| Attribute | Definition |
|---|---|
| Contains a reference to the program which will perform the task. | |
| Contains a reference to an online (HTML) help file associated with the task window. | |
| Sets whether to suppress logging for the task. | |
| Contains a label associated with the task in the Console. |
5.3.87. nsTaskGroup
This object class defines the information for a group of tasks in the Console.
This object class is defined for the Administrative Services.
Superior Class
top
OID
nsTaskGroup-oid
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. |
| Attribute | Definition |
|---|---|
| Contains a label associated with the task in the Console. |
5.3.88. nsTopologyCustomView
This object class configures the topology views used for the profile in the Console.
This object class is defined for the Administrative Services.
Superior Class
nsCustomView
OID
nsTopologyCustomView-oid
| Attribute | Definition |
|---|---|
| Gives the common name of the entry. |
| Attribute | Definition |
|---|---|
| Contains the view configuration to use in the Console. |
5.3.89. nsTopologyPlugin
This object class configures the topology plug-in used to set views in the Console.
This object class is defined for the Administrative Services.
Superior Class
nsAdminObject
OID
nsTopologyPlugin-oid
5.3.90. nsValueItem
This object class defines a value item object configuration, which is used to specify information that is dependent on the value type of an entry. A value item relates to the allowed attribute value syntax for an entry attribute, such as binary or case-sensitive string.
This object class is defined in Netscape Servers - Value Item.
Superior Class
top
OID
2.16.840.1.113730.3.2.45
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. |
| Attribute | Definition |
|---|---|
| Contains information or operations related to the binary value type. | |
| Contains information or operations related to the case-exact string (CES) value type. | |
| Contains information or operations related to the case-insensitive (CIS) value type. | |
| Sets the default value type to use for an attribute or configuration parameter. | |
| Gives a text description of the value item setting. | |
| Contains information or operations related to the DN value type. | |
| Sets flags for the value item object. | |
| Contains a reference to an online (HTML) help file associated with the value item object. | |
| Contains information or operations related to the integer value type. | |
| Defines the syntax to use for the value item object. | |
| Contains information or operations related to the telephone string value type. | |
| Sets which value type to apply. |
5.3.91. nsView
This object class is used for a view entry in the directory tree.
This object class is defined in Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.304
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. | |
| Identifies the filter used by the view plug-in. |
5.3.92. nsYIMpresence
nsYIMpresence is an auxiliary object class which defines the status of a Yahoo instance messaging account. This object is defined for the Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.302
| Attribute | Definition |
|---|---|
| Contains the Yahoo user ID for the entry. | |
| Contains a pointer to the graphic image which indicates the Yahoo account’s status. | |
| Contains the text to indicate the Yahoo account’s status. |
5.3.93. ntGroup
The ntGroup object class holds data for a group entry stored in a Windows Active Directory server. Several Directory Server attributes correspond directly to or are mapped to match Windows group attributes. When you create a new group in the Directory Server that is to be synchronized with a Windows server group, Directory Server attributes are assigned to the Windows entry. These attributes may then be added, modified, or deleted in the entry through either directory service.
This object class is defined in Netscape NT Synchronization.
Superior Class
top
OID
2.16.840.1.113730.3.2.9
| Object Class | Definition |
|---|---|
|
Allows the |
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Contains the Windows domain login ID for the group account. |
| Attribute | Definition |
|---|---|
|
Gives the common name of the entry; this corresponds to the Windows | |
|
Gives a text description of the entry; corresponds to the Windows | |
| Gives the city or geographical location of the entry. | |
| Specifies the members of the group. | |
| Specifies whether a Windows account should be created when an entry is created in the Directory Server. | |
| Specifies whether a Windows account should be deleted when an entry is deleted in the Directory Server. | |
| Gives the domain ID string for the group. | |
| Defines what kind of Windows domain group the entry is. | |
| Contains a generated ID number used by the server for operations and identification. | |
| Gives the organizational unit or division to which the entry belongs. | |
| Contains a URL to another entry or site with related information. |
5.3.94. ntUser
The ntUser entry holds data for a user entry stored in a Windows Active Directory server. Several Directory Server attributes correspond directly to or are mapped to match Windows user account fields. When you create a new person entry in the Directory Server that is to be synchronized with a Windows server, Directory Server attributes are assigned to Windows user account fields. These attributes may then be added, modified, or deleted in the entry through either directory service.
This object class is defined in Netscape NT Synchronization.
Superior Class
top
OID
2.16.840.1.113730.3.2.8
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
|
Gives the common name of the entry; this corresponds to the Windows | |
| Contains the Windows domain login ID for the user account. |
| Attribute | Definition |
|---|---|
|
Gives a text description of the entry; corresponds to the Windows | |
| Gives the country and city associated with the entry; this was once required to provide public telegram service. | |
| Gives the fax number for the user. | |
| Contains the person’s first name. | |
| Gives the person’s home phone number. | |
| Gives the person’s home mailing address. | |
| Gives the person’s initials. | |
| Gives the city or geographical location of the entry. | |
| Contains the person’s email address. | |
| Contains the DN (distinguished name) of the direct supervisor of the person entry. | |
| Gives the person’s mobile phone number. | |
| Identifies when the user’s Windows account will expire. | |
| Gives the user’s code page. | |
| Specifies whether a Windows account should be created when this entry is created in the Directory Server. | |
| Specifies whether a Windows account should be deleted when this entry is deleted in the Directory Server. | |
| Gives the path to the user’s home directory. | |
| Gives the time of the user’s last logoff from the Windows server. | |
| Gives the time of the user’s last logon to the Windows server. | |
| Shows the maximum disk space available to the user in the Windows server. | |
| Contains a Unicode string reserved for use by applications. | |
| Contains the path to the user’s Windows profile. | |
| Contains the path to the user’s Windows login script. | |
| Contains a list of Windows workstations from which the user is allowed to log into the Windows domain. | |
| Gives the organization to which the entry belongs. | |
| Gives the organizational unit or division to which the entry belongs. | |
| Gives the person’s pager number. | |
| Contains the mailing address for the entry. | |
| Gives the postal code for the entry, such as the zip code in the United States. | |
| Gives the post office box number for the entry. | |
| Gives a postal address suitable to receive expedited documents when the recipient must verify delivery. | |
| Contains a URL to another entry or site with related information. | |
| Gives the person’s family name or last name. | |
| Gives the state or province where the person is located. | |
| Gives the street name and address number for the person’s physical location. | |
| Gives the telephone number for the entry. | |
| Gives the identifier for the person’s teletex terminal. | |
| Gives the telex number associated with the entry. | |
| Shows the person’s job title. | |
| Stores a user’s certificate in cleartext (not used). | |
| Gives the X.121 address for the entry. |
5.3.95. oncRpc
The oncRpc object class defines an abstraction of an Open Network Computing Remote Procedure Call (ONC RPC). This object class is defined in RFC 2307.
This object class is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
Superior Class
top
OID
1.3.6.1.1.1.2.5
| Attribute | Definition |
|---|---|
| Defines the object classes for the entry. | |
| Gives the common name of the entry. | |
| Contains part of the RPC map and stores the RPC number for UNIX RPCs. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. |
5.3.96. organization
The organization attributes defines entries that represent organizations. An organization is generally assumed to be a large, relatively static grouping within a larger corporation or enterprise.
This object class is defined in RFC 2256.
Superior Class
top
OID
2.5.6.4
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the organization to which the entry belongs. |
| Attribute | Definition |
|---|---|
| Gives the type of business in which the entry is engaged. | |
| Gives a text description of the entry. | |
| Gives the country and city associated with the entry; this was once required to provide public telegram service. | |
| Contains the fax number for the entry. | |
| Contains the ISDN number for the entry. | |
| Gives the city or geographical location of the entry. | |
| Gives a location where physical deliveries can be made. | |
| Contains the mailing address for the entry. | |
| Gives the postal code for the entry, such as the zip code in the United States. | |
| Gives the post office box number for the entry. | |
| Shows the preferred method of contact or message delivery for the entry. | |
| Gives a postal address suitable to receive expedited documents when the recipient must verify delivery. | |
| Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search. | |
| Contains a URL to another entry or site with related information. | |
| Gives the state or province where the person is located. | |
| Gives the street name and number for the person’s physical location. | |
| Gives the telephone number of the person responsible for the organization. | |
| Gives the ID for an entry’s teletex terminal. | |
| Gives the telex number associated with the entry. | |
| Gives the password with which the entry can bind to the directory. | |
| Gives the X.121 address for the entry. |
5.3.97. organizationalPerson
The organizationalPerson object class defines entries for people employed or affiliated with the organization. This object class inherits the Section 5.2.25, “cn (commonName)” and Section 5.2.329, “sn (surname)” attributes from the person object class.
This object class is defined in RFC 2256.
Superior Class
person
OID
2.5.6.7
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. | |
| Gives the person’s family name or last name. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. | |
| Gives the country and city associated with the entry; this was once required to provide public telegram service. | |
| Contains the fax number for the entry. | |
| Contains the ISDN number for the entry. | |
| Gives the city or geographical location of the entry. | |
| Gives the organizational unit or division to which the entry belongs. | |
| Gives a location where physical deliveries can be made. | |
| Contains the mailing address for the entry. | |
| Gives the postal code for the entry, such as the zip code in the United States. | |
| Gives the post office box number for the entry. | |
| Shows the person’s preferred method of contact or message delivery. | |
| Gives a postal address suitable to receive expedited documents when the recipient must verify delivery. | |
| Contains a URL to another entry or site with related information. | |
| Gives the state or province where the person is located. | |
| Gives the street name and number for the person’s physical location. | |
| Gives the telephone number for the entry. | |
| Gives the ID for an entry’s teletex terminal. | |
| Gives the telex number associated with the entry. | |
| Shows the person’s job title. | |
| Stores the password with which the entry can bind to the directory. | |
| Gives the X.121 address for the entry. |
5.3.98. organizationalRole
The organizationalRole object class is used to define entries for roles held by people within an organization.
This object class is defined in RFC 2256.
Superior Class
top
OID
2.5.6.8
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. | |
| Gives the country and city associated with the entry; this was once required to provide public telegram service. | |
| Contains the fax number for the entry. | |
| Contains the ISDN number for the entry. | |
| Gives the city or geographical location of the entry. | |
| Gives the organizational unit or division to which the entry belongs. | |
| Gives a location where physical deliveries can be made. | |
| Contains the mailing address for the entry. | |
| Gives the postal code for the entry, such as the zip code in the United States. | |
| Gives the post office box number for the entry. | |
| Shows the role’s preferred method of contact or message delivery. | |
| Gives a postal address suitable to receive expedited documents when the recipient must verify delivery. | |
| Contains the DN (distinguished name) of the person in the role. | |
| Contains a URL to another entry or site with related information. | |
| Gives the state or province where the entry is located. | |
| Gives the street name and number for the role’s physical location. | |
| Gives the telephone number for the entry. | |
| Gives the ID for an entry’s teletex terminal. | |
| Gives the telex number associated with the entry. | |
| Gives the X.121 address for the entry. |
5.3.99. organizationalUnit
The organizationalUnit object class defines entries that represent organizational units, generally understood to be a relatively static grouping within a larger organization.
This object class is defined in RFC 2256.
Superior Class
top
OID
2.5.6.5
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the organizational unit or division to which the entry belongs. |
| Attribute | Definition |
|---|---|
| Gives the type of business in which the entry is engaged. | |
| Gives a text description of the entry. | |
| Gives the country and city associated with the entry; this was once required to provide public telegram service. | |
| Contains the fax number for the entry. | |
| Contains the ISDN number for the entry. | |
| Gives the city or geographical location of the entry. | |
| Gives a location where physical deliveries can be made. | |
| Contains the mailing address for the entry. | |
| Gives the postal code for the entry, such as the zip code in the United States. | |
| Gives the post office box number for the entry. | |
| Gives the preferred method of being contacted. | |
| Gives a postal address suitable to receive expedited documents when the recipient must verify delivery. | |
| Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search. | |
| Contains a URL to another entry or site with related information. | |
| Gives the state or province where the person is located. | |
| Gives the street name and number for the role’s physical location. | |
| Gives the telephone number for the entry. | |
| Gives the ID for an entry’s teletex terminal. | |
| Gives the telex number associated with the entry. | |
| Stores the password with which the entry can bind to the directory. | |
| Gives the X.121 address for the entry. |
5.3.100. person
The person object class represents entries for generic people. This is the base object class for the organizationalPerson object class.
This object class is defined in RFC 2256.
Superior Class
top
OID
2.5.6.6
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. | |
| Gives the person’s family name or last name. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. | |
| Contains a URL to another entry or site with related information. | |
| Gives the telephone number for the entry. | |
| Stores the password with which the entry can bind to the directory. |
5.3.101. pilotObject
The pilotObject is a subclass to allow additional attributes to be assigned to entries of all other object classes.
This object class is defined in RFC 1274.
Superior Class
top
OID
0.9.2342.19200300.100.4.3
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
| Attribute | Definition |
|---|---|
| Stores a sound file in a binary format. | |
| Contains the DN (distinguished name) of the entry to use as a redirect for the entry. | |
| Contains information about the entry. | |
| Stores a JPG image. | |
| Gives the DN (distinguished name) of the last user which modified the document entry. | |
| Gives the time the object was most recently modified. | |
| Gives the DN (distinguished name) of the entry’s manager. | |
| Stores a photo of the document in binary format. | |
| Distinguishes between two entries when a distinguished name has been reused. |
5.3.102. pilotOrganization
The pilotOrganization object class is a subclass used to add attributes to organization and organizationalUnit object class entries.
This object class is defined in RFC 1274.
Superior Class
top
OID
0.9.2342.19200300.100.4.20
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the organization to which the entry belongs. | |
| Gives the organizational unit or division to which the entry belongs. |
| Attribute | Definition |
|---|---|
| Gives the name of the building where the entry is located. | |
| Gives the type of business in which the entry is engaged. | |
| Gives a text description of the entry. | |
| Gives the country and city associated with the entry; this was once required to provide public telegram service. | |
| Contains the fax number for the entry. | |
| Contains the ISDN number for the entry. | |
| Gives the city or geographical location of the entry. | |
| Gives a location where physical deliveries can be made. | |
| Contains the mailing address for the entry. | |
| Gives the postal code for the entry, such as the zip code in the United States. | |
| Gives the post office box number for the entry. | |
| Gives the preferred method of being contacted. | |
| Gives a postal address suitable to receive expedited documents when the recipient must verify delivery. | |
| Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search. | |
| Contains a URL to another entry or site with related information. | |
| Gives the state or province where the person is located. | |
| Gives the street name and address number for the person’s physical location. | |
| Gives the telephone number for the entry. | |
| Gives the ID for an entry’s teletex terminal. | |
| Gives the telex number associated with the entry. | |
| Stores the password with which the entry can bind to the directory. | |
| Gives the X.121 address for the entry. |
5.3.103. pkiCA
The pkiCA auxiliary object class contains required or available certificates that are configured for a certificate authority. This object class is defined in RFC 4523, which defines object classes and attributes for LDAP to use to manage X.509 certificates and related certificate services.
Superior Class
top
OID
2.5.6.22
| Attribute | Definition |
|---|---|
| Contains a list of revoked CA certificates. | |
| Contains a CA certificate. | |
| Contains a list of certificates that have been revoked. | |
| Contains a pair of certificates that are used to cross-certify a pair of CAs in a FBCA-style bridge CA configuration. |
5.3.104. pkiUser
The pkiUser auxiliary object class contains required certificates for a user or client that connects to a certificate authority or element in the public key infrastructure. This object class is defined in RFC 4523, which defines object classes and attributes for LDAP to use to manage X.509 certificates and related certificate services.
Superior Class
top
OID
2.5.6.21
| Attribute | Definition |
|---|---|
| Stores a user’s certificate, usually in binary form. |
5.3.105. posixAccount
The posixAccount object class defines network accounts which use POSIX attributes. This object class is defined in RFC 2307, which defines object classes and attributes to use LDAP as a network information service.
This object class is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
Superior Class
top
OID
1.3.6.1.1.1.2.0
| Attribute | Definition |
|---|---|
| Gives the common name of the entry. | |
| Contains a unique numeric identifier for a group entry or to identify the group for a user entry, analogous to the group number in Unix. | |
| Contains the path to the user’s home directory. | |
| Gives the object classes assigned to the entry. | |
| Gives the defined account’s user ID. | |
| Contains a unique numeric identifier for a user entry, analogous to the user number in Unix. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. | |
| Used to determine the GECOS field for the user; this is based on a common name, with additional information embedded. | |
| Contains the path to a script that is launched automatically when a user logs into the domain. | |
| Stores the password with which the entry can bind to the directory. |
5.3.106. posixGroup
The posixGroup object class defines a group of network accounts which use POSIX attributes. This object class is defined in RFC 2307, which defines object classes and attributes to use LDAP as a network information service.
Superior Class
top
OID
1.3.6.1.1.1.2.2
| Attribute | Definition |
|---|---|
| Contains the path to a script that is launched automatically when a user logs into the domain. | |
| Gives the object classes assigned to the entry. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. | |
| Gives the login name of the group member; this possibly may not be the same as the member’s DN. | |
| Contains the login name of the member of a group. |
5.3.107. referral
The referral object class defines an object which supports LDAPv3 smart referrals. This object class is defined in LDAPv3 referrals Internet Draft.
Superior Class
top
OID
2.16.840.1.113730.3.2.6
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
| Attribute | Definition |
|---|---|
| Contains information for an LDAPv3 smart referral. |
5.3.108. residentialPerson
The residentialPerson object class manages a person’s residential information.
This object class is defined in RFC 2256.
Superior Class
top
OID
2.5.6.10
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. | |
| Gives the city or geographical location of the entry. | |
| Gives the person’s family name or last name. |
| Attribute | Definition |
|---|---|
| Gives the type of business in which the entry is engaged. | |
| Gives a text description of the entry. | |
| Gives the country and city associated with the entry; this was once required to provide public telegram service. | |
| Contains the fax number for the entry. | |
| Contains the ISDN number for the entry. | |
| Gives a location where physical deliveries can be made. | |
| Contains the mailing address for the entry. | |
| Gives the postal code for the entry, such as the zip code in the United States. | |
| Gives the post office box number for the entry. | |
| Shows the person’s preferred method of contact or message delivery. | |
| Gives a postal address suitable to receive expedited documents when the recipient must verify delivery. | |
| Contains a URL to another entry or site with related information. | |
| Gives the state or province where the person is located. | |
| Gives the street name and address number for the person’s physical location. | |
| Gives the telephone number for the entry. | |
| Gives the ID for an entry’s teletex terminal. | |
| Gives the telex number associated with the entry. | |
| Stores the password with which the entry can bind to the directory. | |
| Gives the X.121 address for the entry. |
5.3.109. RFC822LocalPart
The RFC822LocalPart object class defines entries that represent the local part of RFC 822 mail addresses. The directory treats this part of an RFC822 address as a domain.
This object class is defined by the Internet Directory Pilot.
Superior Class
domain
OID
0.9.2342.19200300.100.4.14
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Contains one component of a domain name. |
| Attribute | Definition |
|---|---|
| Gives the name of an entry within the organizational directory tree which is associated with a DNS domain. | |
| Gives the type of business in which the entry is engaged. | |
| Gives the common name of the entry. | |
| Gives a text description of the entry. | |
| Gives the country and city associated with the entry; this was once required to provide public telegram service. | |
| Contains the fax number for the entry. | |
| Contains the ISDN number for the entry. | |
| Gives the city or geographical location of the entry. | |
| Gives the organization to which the account belongs. | |
| Gives a location where physical deliveries can be made. | |
| Contains the mailing address for the entry. | |
| Gives the postal code for the entry, such as the zip code in the United States. | |
| Gives the post office box number for the entry. | |
| Shows the person’s preferred method of contact or message delivery. | |
| Gives a postal address suitable to receive expedited documents when the recipient must verify delivery. | |
| Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search. | |
| Contains a URL to another entry or site with related information. | |
| Gives the person’s family name or last name. | |
| Gives the state or province where the person is located. | |
| Gives the street name and address number for the person’s physical location. | |
| Gives the telephone number for the entry. | |
| Gives the identifier for the person’s teletex terminal. | |
| Gives the telex number associated with the entry. | |
| Stores the password with which the entry can bind to the directory. | |
| Gives the X.121 address for the entry. |
5.3.110. room
The room object class stores information in the directory about rooms.
Superior Class
top
OID
0.9.2342.19200300.100.4.7
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. |
| Attribute | Definition |
|---|---|
| Gives a text description of the room. | |
| Contains the room’s number. | |
| Contains a URL to another entry or site with related information. | |
| Gives the telephone number for the entry. |
5.3.111. shadowAccount
The shadowAccount object class allows the LDAP directory to be used as a shadow password service. Shadow password services relocate the password files on a host to a shadow file with tightly restricted access.
This object class is defined in RFC 2307, which defines object classes and attributes to use LDAP as a network information service.
This object class is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
Superior Class
top
OID
1.3.6.1.1.1.2.1
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the defined account’s user ID. |
| Attribute | Definition |
|---|---|
| Gives a text description of the entry. | |
| Contains the date that the shadow account expires. | |
| Identifies what area in the shadow map stores the flag values. | |
| Sets how long the shadow account can be inactive. | |
| Contains the time and date of the last modification to the shadow account. | |
| Sets the maximum number of days that a shadow password is valid. | |
| Sets the minimum number of days that must pass between changing the shadow password. | |
| Sets how may days in advance of password expiration to send a warning to the user. | |
| Stores the password with which the entry can bind to the directory. |
5.3.112. simpleSecurityObject
The simpleSecurityObject object class allow an entry to contain the userPassword attribute when an entry’s principal object classes do not allow a password attribute. Reserved for future use.
This object class is defined in RFC 1274.
Superior Class
top
OID
0.9.2342.19200300.100.4.19
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Stores the password with which the entry can bind to the directory. |
5.3.113. strongAuthenticationUser
The strongAuthenticationUser object class stores a user’s certificate in the directory.
This object class is defined in RFC 2256.
Superior Class
top
OID
2.5.6.15
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Stores a user’s certificate, usually in binary form. |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}