String Representation for LDAP Binds

This chapter describes the LDAP-style string representations of simple and structured attributes, search filters and distinguished names. The meta controller (metacp) uses these string representations in LDAP binds to enter and display directory information. (See Bind Types and Bind IDs in the metacp section for details.)

This chapter provides:

An overview of the elements and format of simple and structured attributes
An overview of the elements and format of distinguished names
An overview of the elements and format of search filters
A table of reserved characters for attributes
A description of attribute syntax

Refer to the following documents for additional information about LDAP:

Wahl, M., Howes, T., and S. Kille, "Lightweight Directory Access Protocol (v3)", RFC 2251, December 1997.
Wahl, M., Coulbeck, A., Howes, T., and S. Kille, "Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions", RFC 2252, December 1997.
Kille, S., Wahl, M., and T. Howes, "Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names", RFC 2253, December 1997.
Howes, T., "A String Representation of LDAP Search Filters", RFC 2254, December 1997.
Yergeau, F., "UTF-8, a transformation format of Unicode and ISO 10646", RFC 2279, January 1998.

Simple and Structured Attributes

Simple attributes are in the form:

type=simple_value[;_simple_value_ … ]

Structured attributes are in the form:

type=structured_value[;_structured_value_ … ]

Each of the elements in simple and structured attributes is described in the following sections.

Attribute Types

For both simple and structured attributes, the type parameter identifies the attribute.

Attribute types are identified internally by OID (object identifiers), a unique series of integers separated by the period (.) character. For example, 2.5.4.3 is the OID for the Common-Name attribute type. You can identify attributes by OID, but to make it easier to specify attributes, the metacp commands allow you to identify them by LDAP names in command lines.

The LDAP name(s) of an attribute are specified in the directory schema. For example, the LDAP name c or countryName represents the Country attribute type, the LDAP name cn or commonName represents the Common-Name attribute type. When specifying LDAP names in metacp commands, LDAP names are treated case-insensitive; for example, cn, Cn, and CN are all valid ways to specify the LDAP name for the Common-Name attribute type independent of the exact value for the LDAP name specified in the directory schema.

When you display attributes, metacp uses

the exact LDAP name value in results, when the LDAP name was specified in the request.
the first exact LDAP name value specified in the system, when specifying options like -allattr in requests.
the object identifier (OID), when the object identifier was specified in the request.

To obtain the LDAP names of attribute types, use metacp to read the directory schema as shown in the following example:

metacp> bind -protocol LDAPv3
metacp> show cn=LDAPGlobalSchemaSubentry -allattr -pretty

Simple Attribute Values

For simple attributes, the simple_value parameter is the value assigned to the attribute. simple_value can be only a simple value, not another attribute. To enter more than one simple_value, separate each with a semicolon as shown in the following examples:

{telephoneNumber=+1 964 123 456}
{2.5.4.20=+1 964 123 456}
{telephoneNumber=+1 964 123 456;+1 965 234 543}

Simple attribute values are always treated as UTF-8 strings for LDAP binds.

Structured Attribute Values

The LDAP protocol generally handles all attribute values as UTF-8 strings. There is no common rule how to specify structured attribute values. To obtain information about the structured attribute syntaxes that are supported by the Identity store and how they are specified, refer to the String Representations for Structured Attribute Syntaxes section in this chapter and to RFC 2252 (Attribute Syntax Definitions). When displayed, structured attribute values are not broken into subcomponents in pretty mode.

Attribute Lists for Simple and Structured Attributes

Most metacp operations allow you to specify more than one simple or structured attribute on the command line. To specify more than one attribute, separate each attribute type and value string with white space.

The following -attribute option specifies an objectClass, description and telephoneNumber simple attributes, all separated by a space. Note that the description and telephoneNumber attributes are enclosed in braces ({ }) because they contain white space for readability.

-attribute objectClass=organizationalUnit
                 {description=Engineering Department}
                 {telephoneNumber=+1 964 123 4567}

Attribute Values in a File

For LDAPv3 binds, attribute values can also be specified in a file or written to a file. The syntax is as follows:

attribute[;binary]_FILE=filename1[;filename2 …]

where attribute specifies the attribute type and filename the name of the file containing the attribute value. When specifying multiple attribute values each value is saved in a separate file. filename1;filename2 … then specify the value files. When reading multiple attribute values .number is appended to filename where number is 1 to n (total number of values). The first value is written to filename.

If the keyword ;binary is specified, the file contains the valid ASN.1 encoded value of the attribute.

For the X.509 attributes Authority Revocation List, CA-Certificate, Certificate Revocation List, Cross-Certificate-Pair, Delta Revocation List, and User Certificate the file always contains the valid ASN.1 encoded value of the attribute regardless of specifying the keyword ;binary.

Specifying the attribute value in a file is possible for the following dirxcp operations:

obj create (-attribute option)
obj modify (-addattr, -changeattr, -removeattr, -replaceattr options)
obj compare (-attribute option)
obj show (-attribute option)
obj search (-attribute option)

Examples:

The following example adds two pictures to the jpegPhoto attribute. The files "/tmp/john1.jpg" and "/tmp/john2.jpg" contain the binary representation of the pictures.
```
modify cn=Huber,ou=sales,o=pqr,c=de -addattr \
           {jpegPhoto_FILE=/tmp/john1.jpg;/tmp/john2.jpg}
```
Compare the jpegPhoto attribute. The file "pict.jpg" contains the value of the jpegPhoto attribute in binary representation.
```
compare cn=zapf,ou=asw,o=sni,c=de \
              -attr jpegPhoto_FILE=pict.jpg
```
Modify the value of the jpegPhoto attribute. The file "pict_old.jpg" contains the old value and the file "pict_new.jpg" contains the new value.
```
modify cn=Mayer,ou=sales,o=pqr,c=de \
            -changeattr jpegPhoto_FILE=pict_old.jpg \
             jpegPhoto_FILE=pict_new.jpg
```

Create an entry. The file "cert.cer" contains the ASN.1 encoded value of the user certificate attribute.

create cn=Huber,ou=sales,o=pqr,c=de -attr \
           {objectClass=person;organizaionalPerson;strongAuthenticationUser} \
            sn=Huber {userCertificate;binary_FILE=cert.cer}

Show an entry. The ASN.1 encoded value of the user certificate attribute is written to the file "huber.cer".
```
show cn=Huber,ou=sales,o=pqr,c=de -attr \
         {userCertificate;binary_FILE=huber.cer}
```

Search several objects. The result contains eight objects two of them containing multiple attribute values.

search o=pqr,c=de -subtree -attr jpegPhoto_FILE=photo.jpg

The output is as follows:

{ou=Sales,o=pqr,c=de}
{{cn=Smith John,ou=Sales,o=pqr,c=de}}
{cn=Mayer,ou=Sales,o=pqr,c=de}
{cn=Hohner,ou=Sales,o=pqr,c=de
{jpegPhoto_FILE=photo.jpg;photo.jpg.1;photo.jpg.2}}
{cn=Richter,ou=Sales,o=pqr,c=de}
{cn=Abele,ou=Sales,o=pqr,c=de
{jpegPhoto_FILE=photo.jpg.3;photo.jpg.4}}
{cn=Reichel,ou=Sales,o=pqr,c=de}
{cn=hohner2,ou=Sales,o=pqr,c=de}

Binary Attribute Values

The LDAP v3 protocol supports the specification of attribute values in binary format, that is the ASN.1 encoding of the attribute value. To display and specify the binary attribute values on the user interface of metacp the Base-64 encoded representation of the attribute value is used. To specify or read attribute values in binary format the syntax is as follows:

{attribute;binary}

to read the attribute value binary

{attribute;binary=attribute_value}

to specify the attribute value binary

where attribute specifies the attribute type and attribute_value specifies the Base-64 encoding of the binary attribute value when creating or modifying this value.

When the syntax of the attribute is not OCTET STRING null bytes in the value are not allowed.

Specifying the attribute value in binary format is possible for the following metacp operations:

obj create (-attribute option)
obj modify (-addattr, -changeattr, -removeattr options)
obj compare (-attribute option)
obj search (-attribute option)
obj show (-attribute option)

Examples:

The following example creates the person cn=TestUser1, ou=Development, o=PQR, c=de with the attribute MHS-OR-Address (mhsOraddresses). The Base-64 encoded value of the MHS-OR-Address represents the value \{/G=j/S=testUser1/O=PQR/PRMD=pqr/ADMD=/C=de}.

create {cn=TestUser1, ou=Development, o=PQR, c=de} -attr sn=testp \
{objectClass=organizationalPerson;person;top;mhsUser} \
{mhsOraddresses;binary=MIAwgGGAEwJkZQAAYoATASAAAKKAEwNwcXIAAIMDUFFSpYCACXRlc3RVc2VyMYEBagAAAAAAAA==}

The following example displays the Street Address attribute (street) of the person cn=Digger, ou=Development, o=PQR, c=de Base-64 encoded:

show cn=Digger,ou=Development,o=pqr,c=de -attr {street;binary} -p

The output of the sample command as follows:

1) cn=Digger,ou=Development,o=PQR,c=de
    street\;binary : MjQgRG91Z2FuIFN0cmVldA==

Distinguished Names

A distinguished name consists of a list of one or more relative distinguished names (RDNs), separated by a comma (,).The list of relative distinguished names starts with the last namepart and ends with the first namepart under the root entry.For example:

cn=schmid+ou=ap11,ou=dap11,o=dbp,c=de

Each RDN consists of one or more naming attributes in the following format:

type=value[+type=value]…

where type is an LDAP name or an OID that corresponds to a naming attribute type and value is the string representation that corresponds to the attribute syntax assigned to the attribute type. The plus sign (+) is used to separate multiple AVAs within one RDN. For example:

c=de

2.5.6.2=de

ou=dap11+l=munich

When the name of the root entry is specified, the slash (/) must be used.

Search Filters

Use search filter expressions to specify a filter in a metacp search operation.A search filter is composed of one or more simple attributes, structured attributes, or distinguished name strings, and search filter operators.Specify a search filter in the following format:

([logical_operator](type matching_operator value)[(type matching_operator value) …])

where:

logical_operator is one of the following operators:

Operator Meaning

&

To "logically AND" two specified conditions

|

To "logically OR" two specified conditions

!

To "logically NEGATE" a specified condition
type specifies an LDAP name or an object identifier.

Operator	Meaning
&	To "logically AND" two specified conditions
\|	To "logically OR" two specified conditions
!	To "logically NEGATE" a specified condition

matching_operator is one of the following operators:

Operator	Meaning
=	To specify equality
~=	To specify phonetic matching
>=	To match values that are greater than or equal to a specified value
⇐	To match values that are less than or equal to a specified value

Operator

Meaning

To specify equality

To specify phonetic matching

To match values that are greater than or equal to a specified value

⇐

To match values that are less than or equal to a specified value

value specifies the attribute value in LDAP syntax. An asterisk (*) is used to specify substrings or to check for the presence of an attribute.

No SPACE character is permitted between type and matching_operator and matching_operator and value.

Search Filter Expression Example

The following sample search filter string

(&((cn~=schmid)\
(|(objectClass=organizationalPerson)\
(objectClass=residentialPerson))\
(!(sn=ronnie))))

directs metacp to search for names that meet all the following criteria:

Have an object class attribute value of Organizational-Person or Residential-Person
Have a Common-Name attribute value that approximately matches schmid
Do not have a Surname attribute value of ronnie.

The following search filter string tests for the presence of the Common-Name attribute type:

(&(c=de)(cn=*))

Reserved Attribute Characters

The following table describes reserved characters used for LDAP binds.(See Bind Types and Bind IDs in the metacp section for details.)

Character	Purpose
\{}	For attributes and distinguished names: Encloses the entire attribute (type and value) or distinguished name to indicate that white space is part of an attribute value. For example, \{cn=Henry Mueller} or \{o=SNI AG, c=de}
;	For attributes: Separates multiple values.
\	Escapes a reserved character.

Character

Purpose

\{}

For attributes and distinguished names: Encloses the entire attribute (type and value) or distinguished name to indicate that white space is part of an attribute value. For example,
\{cn=Henry Mueller} or \{o=SNI AG, c=de}

;

For attributes: Separates multiple values.

Escapes a reserved character.

RFC 2252 specifies additional reserved characters that also must be escaped in attribute values.

Attribute Syntax

The attribute syntax of all attribute types is treated as UTF-8 strings for LDAP binds.

Undefined Types

To specify an attribute type that has not been assigned an LDAP name in the directory schema, use the attribute type OID, for example, 1.2.325.67890.4.2.

In the output, the metacp program returns a string in the form:

oid=attribute_value

For example:

1.2.325.67890.4.2=xyz

indicates that the attribute with the object identifier 1.2.325.67890.4.2 has a value of xyz.The value of the attribute type must be specified according to its attribute syntax.

String Representations for Simple Attribute Syntaxes

The following section describes the string representations for simple attribute syntaxes supported.All other simple attribute syntaxes not described in this section are treated as UTF-8 string.

Attribute Type Syntax

Specify an attribute type as an LDAP name (defined in the meta directory schema) or a dotted notation (for example, 1.2.5.6).

For LDAP names only the following characters are permitted: A to Z, a to z (case ignore), 0 to 9, and - (hyphen).

Bit String Syntax

Specify a bit string as a sequence of 1’s and 0’s enclosed by the character ' and the character B appended (for example, '11110100100001001101101'B).

Boolean Syntax

Specify a boolean as the string TRUE or FALSE.

Object ID Syntax

Specify an OID as an LDAP name (defined in the directory schema) or a dotted notation. For example, Organizational-Person could be specified as organizationalPerson or 2.5.6.7.

Generalized Time Syntax

Specify generalized time as a simple string. The value of the string is the concatenation of the 8 year-month-day digits (YYYYMMDD), plus the six hour-minute-second digits (HHMMSS), plus a time zone difference of Z (designating GMT), +HHMM, or -HHMM. The three possible forms, then, are:

YYYYMMDDHHMMSSZ
YYYYMMDDHHMMSS+HHMM
YYYYMMDDHHMMSS-HHMM

For example, 19970101123000Z specifies Jan 1, 1997, 12:30:00 GMT.

The only difference between generalized time and UTC time is that the year is specified with four digits instead of two.

IA5 String Syntax

Specify an IA5 string using 7-bit ASCII characters, with valid Hex values in the range 20 to 7E (for example, smith@pqr.de).

Integer String Syntax

Specify as an integer in the range 0 to 2**32 -1 (4,294,967,295). For example, 65535.

Numeric String Syntax

Specify as a sequence of digits (0 to 9) and space (for example, 4711 13).

Preferred Delivery Method Syntax

Preferred-delivery-method syntax is a syntax for single-valued attributes that document the order of preference for message delivery methods. Specify this syntax in the following format:

preferredDeliveryMethod=option [$option…]

option is one or more of the following keywords that describe the delivery methods and the order of preference:

any - Any method of delivery
mhs - Message handling system delivery
physical - Physical delivery
telex - Telex delivery
teletex - Teletex delivery
g3fax - G3 FAX delivery
g4fax - G4 FAX delivery
ia5 - IA5 terminal delivery
videotex - Videotex delivery
telephone - Telephone delivery

The keywords are specified diminishing order of preference, with the most preferred method first in the list. Separate multiple keywords with a dollar sign ($). For example:

preferredDeliveryMethod=mhs$teletex$telephone

Printable String Syntax

Specify a printable string as a sequence of characters. Valid characters are

A to Z,
a to z,
0 to 9,
the space character,

and the special characters:

' (apostrophe),
( (left parenthesis),
) (right parenthesis),
+ (plus sign),
, (comma),
- (hyphen),
. (period),
/ (slash),
: (colon),
= (equal sign),
? (question mark).

An example of Printable String Syntax follows:

Smith/PQR AG.

UTC Time Syntax

Specify UTC time as a simple string.The value of the string is the concatenation of the six year-month-day digits (YYMMDD), plus the six hour-minute-second digits (HHMMSS), plus a time zone difference of Z (designating GMT), +HHMM, or -HHMM.The three possible forms, then, are:

YYMMDDHHMMSSZ
YYMMDDHHMMSS+HHMM
YYMMDDHHMMSS-HHMM

For example, 970101123000Z specifies Jan 1, 1997, 12:30:00 GMT.

String Representations for Structured Attribute Syntaxes

This section describes the following structured attribute syntaxes supported by DirX Identity for LDAP binds.

Syntaxes for schema attribute types
Attribute-Type-Description
Object-Class-Description
Syntaxes for Message Handling System (MHS) attribute types
OR-Address
Syntaxes for miscellaneous attribute types and subcomponents
Facsimile-Telephone-Number
Name-And-Optional-UID
Postal-Address
Teletex-Terminal-Identifier
Telex-Number

All attributes with a structured attribute syntax that is not described in this section must be specified in binary format for LDAP binds. (See the Binary Attribute Values section in this chapter for details.)

Attribute-Type-Description

An attribute syntax for directory schema attributes that specify attribute types. The attributeTypes attribute is an example of such attributes in the default directory schema:

Synopsis

attributeTypes=(attribute_identifier
[NAME [(]'attribute_type_name' [… )] ]
[DESC 'attribute_type_description' ]
[OBSOLETE]
[SUP derivation ]
[EQUALITY equality_matching_rule ]
[ORDERING ordering_matching_rule ]
[SUBSTR substrings_matching_rule ]
[SYNTAX attribute_syntax [{length}] ]
[SINGLE-VALUE]
[COLLECTIVE]
[NO-USER-MODIFICATION]
)

Attribute Type

attributeTypes: The LDAP name or OID that corresponds to a structured attribute with the Attribute-Type-Description syntax. The LDAP Attribute-Types (attributeTypes) operational attribute, which specifies the attribute types used within the schema, has the Attribute-Type-Description attribute syntax. The attributeTypes attribute is multivalued; each value describes one attribute type. The information held in this attribute should be complete and in accordance with the registered definition of each attribute type. The attributeTypes attribute also provides the LDAP names of the attribute types.

Components

attribute_identifer

An object identifier (OID) that corresponds to an attribute type.

NAME 'attribute_type_name'

A string (of up to 1024 characters long) that provides the LDAP name(s) for the attribute type. The values are enclosed in single quotation marks (') and separated by a whitespace character. A list of LDAP names is enclosed in parentheses (( … )). For LDAP names only the following characters are permitted: A to Z, a to z (case ignore), 0 to 9, and - (hyphen). A maximum of five LDAP names can be specified.

DESC 'attribute_type_description'

A UTF-8 string (of up to 1024 characters long) that describes the attribute type. The value is enclosed in single quotation marks (').

OBSOLETE

The keyword OBSOLETE indicates that the attribute type is no longer supported (but its characteristics are maintained). If an attribute type is deleted it is set to OBSOLETE, that is this attribute cannot be added to an entry or modified. (The error Unwilling to Perform is returned.) The values of obsolete attributes are returned by search and read operations. The default is that the specified attribute type is supported and the keyword OBSOLETE is omitted.

SUP derivation

Specifies the attribute type LDAP name or OID that corresponds to the attribute type of which this attribute is a subtype. This component is used only for attributes defined with a supertype.

EQUALITY equality_matching_rule

Specifies the LDAP name or OID of an equality matching rule. This is an optional component, but it should be specified for attributes defined with equality matching rules.

ORDERING ordering_matching_rule

Specifies the LDAP name or OID of an ordering matching rule. This is an optional component, but it should be specified for attributes defined with ordering matching rules.

SUBSTR substrings_matching_rule

Specifies the LDAP name or OID of a substrings matching rule. This is an optional component, but it should be specified for attributes defined with substrings matching rules.

SYNTAX attribute_syntax [{ length }]

Specifies the OID of the attribute type syntax for use with LDAP, and an optional indication of the maximum length length of a value of this attribute.

SINGLE-VALUE

The keyword SINGLE-VALUE indicates that the attribute type is single-valued. The default is that the specified attribute type is multivalued and the keyword SINGLE-VALUE is omitted.

COLLECTIVE

The keyword COLLECTIVE indicates that the attribute type is a collective attribute. The default is that the specified attribute type is not collective and the keyword COLLECTIVE is omitted.

NO-USER-MODIFICATION

The keyword NO-USER-MODIFICATION indicates that the attribute type is not modifiable by users. The default is that the specified attribute type is user modifiable and the keyword NO-USER-MODIFICATION is omitted.

USAGE usage

Specifies how the attribute is to be used. This value is one of the following keywords:

userApplications - For normal user attributes
directoryOperation - For attributes used by the directory server as part of non-distributed operations (for example, timestamps, access control attributes)
distributedOperation - For operational attributes used by several directory servers as part of distributed operations (e.g., knowledge-reference attributes)
dSAOperation - For operational attributes that are used purely locally to the directory server

The default value is userApplications.

Description

The LDAP Attribute-Types attribute is provided only to permit an LDAP server to publish the static details of the attributes that it supports within its schema.

The components of this syntax are separated by a whitespace character.

For each attribute type either the SUP or the SYNTAX component must be specified.

Examples

attributeTypes=
....
( 2.5.4.20 NAME 'telephoneNumber' EQUALITY telephoneNumberMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 {32} )
....

Object-Class-Description

An attribute syntax for schema attributes that specify object classes. The objectClasses attribute is an example of such attributes in the default directory schema.

Synopsis

objectClasses=( object_class_identifier
[NAME 'object_class_name' ]
[DESC 'object_class_description' ]
[OBSOLETE ]
superior_object_class[$ … )]]
[kind]
attribute_type [$ … )]]
attribute_type [$ …)]])

Attribute Type

objectClasses: The LDAP name or OID that corresponds to a structured attribute with the Object-Class-Description syntax. The LDAP Object-Classes (objectClasses) operational attribute is a multi-valued attribute of the schema used to describe which object classes are supported by the directory server. Each value describes one object class. The objectClasses attribute provides the LDAP names of the object classes.

The information specified for this attribute should be complete and in accordance with the registered definition of each object class.

Components

object_class_identifer

An OID that corresponds to an object class.

NAME 'object_class_name'

A string (of up to 1024 characters long) that corresponds to LDAP name given to the object class. Only one LDAP name is provided. It is enclosed in single quotation marks ('). For LDAP names only the following characters are permitted: A to Z, a to z (case ignore), 0 to 9, and - (hyphen).

DESC 'object_class_description'

A UTF-8 string (of up to 1024 characters long) that describes the object class. The value is enclosed in single quotation marks (').

OBSOLETE

The keyword OBSOLETE indicates that the object class is no longer supported (but its characteristics are maintained). If an object class is deleted it is set to OBSOLETE, that is this enrties of this object class cannot be added or modified. (The error Unwilling to Perform is returned.) Entries of obsolete object classes are returned by search and read operations. The default is that the specified object class is supported and the keyword OBSOLETE is omitted.

SUP derivation

Specifies the LDAP names or OIDs that corresponds to the object classes (if any) that are the superclass for this object class. A list of object classes is enclosed in parentheses and the object classes are separated by a $ character.

kind

Specifies the kind of object class that the object class registration specifies. The value is one of the following keywords:

STRUCTURAL - Represents a real-world object (for example, device, organization) that is concrete enough to have a place in the DIT
AUXILIARY - Descriptive of real-world objects (usually being applicable to more than one)
ABSTRACT - Represents an abstraction of real-world objects which does not exist in it own right

MUST attribute_types

Specifies one or more LDAP names or OIDs that correspond to attributes that are registered as mandatory for entries of this object class. A list of attributes is enclosed in parentheses and the attribute types are separated by a $ character.

MAY attribute_types

Specifies one or more LDAP names or OIDs that correspond to attributes that are registered as optional for entries of this object class. A list of attributes is enclosed in parentheses and the attribute types are separated by a $ character.

Description

The Object-Class-Description permits a LDAP server to publish the static details of the object classes it supports.

The components of this syntax are separated by a whitespace character.

The sequence of the components must be provided as specified in the synopsis section above.

Examples

objectClasses=
....
( 2.5.6.16 NAME 'certificationAuthority' SUP top AUXILIARY MUST (cACertificate $ certificateRevocationList $ authorityRevocationList) MAY crossCertificatePair )
....

OR-Address

An attribute syntax for attributes that specify X.400 originator/recipient (OR) addresses.

Synopsis

ORAddress=[/CN=common_name]
[/I=initials]
[/Q=generation_qualifier]
[/G=given_name]
[/S=surname]
[/OU4=organizational_unit_4]
[/OU3=organizational_unit_3]
[/OU2=organizational_unit_2]
[/OU1=organizational_unit_1]
[/O=organization]
/PRMD=PRMD
/ADMD=ADMD
/C=country

Attribute Type

ORAddress: The LDAP name or OID that corresponds to a structured attribute with the OR-Address syntax. For example, mhsOraddresses is such an attribute. An OR address comprises a number of standard components and a number of optional components defined by the management domain to which the originator/recipient subscribes (know as domain defined components). In most cases only the standard components C, ADMD, PRMD, O, OU1 through OU4, S, G, Q and I are used.

Components

CN=common_name: The common name in Printable string format.
I=initials: The name initials in Printable string format.
Q=generation_qualifier: The generation qualifier in Printable string format.
G=given_name: The given name in Printable or string format.
S=surname: The surname in Printable string format.

O=organization
OU1=organizational_unit_1
OU2=organizational_unit_2
OU3=organizational_unit_3
OU4=organizational_unit_4

: An identifier of the organization and up to 4 organizational units in Printable string format.
PRMD=PRMD: An identifier of the Private Management Domain in either Printable or Numeric string format.
ADMD=ADMD: An identifier of the Administrative Management Domain in either Printable or Numeric string format.
C=country: An identifier of the country in either Printable or Numeric string format.

Description

Information about X.400 originator/recipient addresses is represented by the OR-Address attribute syntax.

The components of this attribute syntax are separated by a slash (/).

Example

mhsOraddresses=/G=Irmgard/S=Hohner/OU2=S41/OU1=MCH1/O=PQR/PRMD=PQR
/ADMD=DBP/C=de

Facsimile-Telephone-Number

An attribute syntax for attributes that specify Facsimile (FAX) numbers.

Synopsis

FacsimileTelephoneNumber=phone_number
[$fax_parameters]

Attribute Type

FacsimileTelephoneNumber: The LDAP name or OID that corresponds to a structured attribute with the Facsimile-Telephone-Number syntax. For example, facsimileTelephoneNumber is such an attribute.

Components

phone_number

The fax number in Printable string format (of up to 32 characters long).

fax_parameters

The settings for the G3 Fax parameters. Note that setting G3 parameters is hardly ever required. Specify fax_parameters in the following format:

fax_parameter[$fax_parameters]

where fax_parameter is one of the following identifiers:

twoDimensional
fineResolution
unlimitedLength
b4Length
b4Width
a3Width
uncompressed

Description

FAX numbers are represented with the Facsimile-Telephone-Number attribute syntax. The number consists the country code and number in Printable string format. You can also set G3 non-basic parameters.

The components of this attribute syntax are separated by a $ character.

Example

facsimileTelephoneNumber=+49 89 12345

Name-And-Optional-UID

An attribute syntax for attributes that identify objects by a distinguished name and an optional identifier that can remove ambiguity from names that have been re-used.

Synopsis

NameAndOptionalUID=distinguished_name
[#BIT_string]

Attribute Type

NameAndOptionalUID: The LDAP name or OID that corresponds to a structured attribute with the Name-And-Optional-UID syntax. For example, uniqueMember is such an attribute. The uniqueMember attribute can be used in objects which represent lists of names.

Components

distinguished_name: The distinguished name of the object. (See the Distinguished Names section in this chapter for details.)

Although the # character is used as separator for the components of this syntax and it may occur in a string representation of a distinguished_name, no additional special quoting is done.
BIT_string: A bit string that uniquely identifies the object. The bit string can be used when an object is removed from the Directory, and another object is subsequently given the same Directory name. The bit string must be chosen for uniqueness, such as a time-stamp (for example). (See the Bit String Syntax section in this chapter for details.)

Description

The identity of objects can be represented with the Name-And-Optional-UID attribute syntax. The attribute consists of the object distinguished name and an optional bit string that distinguishes between objects with the same distinguished name. The association between a user of the Directory and a name when the UID is present can be established by strong authentication using Version 2 (or later) certificates.

The components of this attribute syntax are separated by a # character.

Examples

uniqueMember=o=sni,c=DE#'100'B

Postal-Address

A structured attribute syntax for postal addresses.

Synopsis

PostalAddress=postal-address-string1
[$postal-address-string2]
[$postal-address-string3]
[$postal-address-string4]
[$postal-address-string5]
[$postal-address-string6]

Attribute Type

PostalAddress: The abbreviation that corresponds to a structured attribute with the Postal-Address syntax. For example, postalAddress is such an attribute.

Components

postal-address-stringn: A UTF-8 string (of up to 30 characters long) that provides a line of a postal address.

Backslashes (\) and $ characters, if they occur in a component, are escaped by using an additional backslash, for example the string A\$ represents the value A$ in a component.

Description

Postal addresses are represented with the Postal-Address attribute syntax. The attribute consists of up to 6 address lines in UTF-8 string format. Each address line is limited to 30 characters in (in accordance with ITU-T recommendation F.401). One address line is required; the remaining 5 are optional.

The components of this attribute syntax are separated by a $ character.

Example

postalAddress=PQR AG$Sales Dpt$Einstein-Ring 4$D-81789 Munich$Germany

Teletex-Terminal-Identifier

An attribute syntax for attributes that specify a Teletex terminal.

Synopsis

TeletexTerminalIdentifier=teletex-terminal
[$teletex-non-basic-parameters]

Attribute Type

TeletexTerminalIdentifier: The LDAP name or OID that corresponds to a structured attribute with the Teletex-Terminal-Identifier syntax. For example, teletexTerminalIdentifier is such an attribute.

Components

teletex-terminal: A string (of up to 1024 characters long) that identifies the terminal. Specify the teletex-terminal parameter using the Printable String syntax. See the Simple Attribute Syntax section in this chapter for a description of Printable String syntax representation.
teletex-non-basic-parameters: A component that sets non-basic parameters for various teletex options. Specify teletex-non-basic-parameters in the following format:

[$control:control_character_sets]
[$graphic:graphic_character_sets]
[$misc:miscellaneous_capabilities]
[$page:page_formats]
[$private:private_use]

where:

control:control_character_sets specifies a string that defines the control character sets to use.

graphic:graphic_character_sets specifies a string that defines the graphic character sets to use.

misc:miscellaneous_capabilities specifies a string that defines miscellaneous capabilities to use.

page:page_formats specifies a string that defines the page formats to use.

private:private_use specifies a string that defines user-defined Teletex parameters.

Description

Teletex terminals and their parameters are represented by the Teletex-Terminal-Identifier attribute syntax. The information consists of a printable string that identifies the terminal and optional non-basic, advanced parameters that control terminal parameters such as character sets, page formats and other capabilities.

The components of this attribute syntax are separated by a $ character.

Example

{teletexTerminalIdentifier=PQR AG Teletex center$page:letter}

Telex-Number

An attribute syntax for attributes that specify Telex numbers.

Synopsis

TelexNumber=telex_number
[$country_code]
[$answer_back]}

Attribute Type

TelexNumber: The LDAP name or OID that corresponds to a structured attribute with the Telex-Number syntax. For example, telexNumber is such an attribute.

Components

telex_number: The telex number in Printable string format (of up to 14 characters long).
country_code: The county code in Printable string format (of up to 4 characters long).
answer_back: The short textual string (of up to 8 characters long), in Printable string format, with which the telex station responds when required to indicate its identity. (For example, when the telex station is connected to.)

Description

Telex numbers are represented with the Telex-Number attribute syntax. The number consists of the country code, Telex number, and answer-back code.

The components of this attribute syntax are separated by a $ character.

Example

{telexNumber=24344$046$GAMEX B}