Chapter 5. Directory Entry Schema Reference
5.1. About Directory Server Schema
This chapter provides an overview of some of the basic concepts of the directory schema and lists the files in which the schema is described. It describes object classes, attributes, and object identifiers (OIDs) and briefly discusses extending server schema and schema checking.
5.1.1. Schema Definitions
The directory schema is a set of rules that defines how data can be stored in the directory. Directory information is stored discrete entries, and each entry is comprised of a set of attributes and their values. The kind of identity being described in the entry is defined in the entry’s object classes. An object class specifies the kind of object the entry describes through the defined set of attributes for the object class.
Basically, the schema files are lists of the kinds of entries that can be create (the object classes) and the ways that those entries can be described (the attributes). The schema defines what the object classes and attributes are. The schema also defines the format that the attribute values contain (the attribute’s syntax) and whether there can only be a single instance of that attribute.
Additional schema files can be added to the Directory Server configuration and loaded in the server, so the schema is customizable and can be extended as required.
For more detailed information about object classes, attributes, and how the Directory Server uses the schema, see the Deployment Guide.
The Directory Server fails to start if the schema definitions contain too few or too many characters. Use exactly one space in those places where the LDAP standards allow the use of zero or many spaces; for example, the place between the NAME keyword and the name of an attribute type.
5.1.1.1. Object Classes
In LDAP, an object class defines the set of attributes that can be used to define an entry. The LDAP standard provides object classes for many common types of entries, such as people (person and inetOrgPerson), groups (groupOfUniqueNames), locations (locality), organizations and divisions (organization and organizationalUnit), and equipment (device).
In a schema file, an object class is identified by the objectclasses line, then followed by its OID, name, a description, its direct superior object class (an object class which is required to be used in conjunction with the object class and which shares its attributes with this object class), and the list of required (MUST) and allowed (MAY) attributes.
This is shown in Example 5.1, “person Object Class Schema Entry”.
Example 5.1. person Object Class Schema Entry
objectClasses: ( 2.5.6.6 NAME 'person' DESC 'Standard LDAP objectclass' SUP top MUST ( sn $ cn ) MAY ( description $ seeAlso $ telephoneNumber $ userPassword ) X-ORIGIN 'RFC 2256' )
5.1.1.1.1. Required and Allowed Attributes
Every object class defines a number of required attributes and of allowed attributes. Required attributes must be present in entries using the specified object class, while allowed attributes are permissible and available for the entry to use, but are not required for the entry to be valid.
As in Example 5.1, “person Object Class Schema Entry”, the person object class requires the cn, sn, and objectClass attributes and allows the description, seeAlso, telephoneNumber, and userPassword attributes.
All entries require the objectClass attribute, which lists the object classes assigned to the entry.
5.1.1.1.2. Object Class Inheritance
An entry can have more than one object class. For example, the entry for a person is defined by the person object class, but the same person may also be described by attributes in the inetOrgPerson and organizationalPerson object classes.
Additionally, object classes can be hierarchical. An object class can inherit attributes from another class, in addition to its own required and allowed attributes. The second object class is the superior object class of the first.
The server’s object class structure determines the list of required and allowed attributes for a particular entry. For example, a user’s entry has to have the inetOrgPerson object class. In that case, the entry must also include the superior object class for inetOrgPerson, organizationalPerson, and the superior object class for organizationalPerson, which is person:
objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson
When the inetOrgPerson object class is assigned to an entry, the entry automatically inherits the required and allowed attributes from the superior object classes.
5.1.1.2. Attributes
Directory entries are composed of attributes and their values. These pairs are called attribute-value assertions or AVAs. Any piece of information in the directory is associated with a descriptive attribute. For instance, the cn attribute is used to store a person’s full name, such as cn: John Smith.
Additional attributes can supply additional information about John Smith:
givenname: John surname: Smith mail: jsmith@example.com
In a schema file, an attribute is identified by the attributetypes line, then followed by its OID, name, a description, syntax (allowed format for its value), optionally whether the attribute is single- or multi-valued, and where the attribute is defined.
This is shown in Example 5.2, “description Attribute Schema Entry”.
Example 5.2. description Attribute Schema Entry
attributetypes: ( 2.5.4.13 NAME 'description' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' )
Some attributes can be abbreviated. These abbreviations are listed as part of the attribute definition:
attributetypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) ...5.1.1.2.1. Directory Server Attribute Syntaxes
The attribute’s syntax defines the format of the values which the attribute allows; as with other schema elements, the syntax is defined for an attribute using the syntax’s OID in the schema file entry. In the Directory Server Console, the syntax is referenced by its friendly name.
The Directory Server uses the attribute’s syntax to perform sorting and pattern matching on entries.
For more information about LDAP attribute syntaxes, see RFC 4517.
Table 5.1. Supported LDAP Attribute Syntaxes
| Name | OID | Definition |
|---|---|---|
| Binary | 1.3.6.1.4.1.1466.115.121.1.5 | Deprecated. Use Octet string instead. |
| Bit String | 1.3.6.1.4.1.1466.115.121.1.6 |
For values which are bitstings, such as |
| Boolean | 1.3.6.1.4.1.1466.115.121.1.7 | For attributes with only two allowed values, TRUE or FALSE. |
| Country String | 1.3.6.1.4.1.1466.115.121.1.11 | For values which are limited to exactly two printable string characters; for example, US for the United States. |
| DN | 1.3.6.1.4.1.1466.115.121.1.12 | For values which are distinguished names (DNs). |
| Delivery Method | 1.3.6.1.4.1.1466.115.121.1.14 | For values which are contained a preferred method of delivering information or contacting an entity. The different values are separated by a dollar sign ($). For example: [literal,subs="+quotes,verbatim"] …. telephone $ physical …. |
| Directory String | 1.3.6.1.4.1.1466.115.121.1.15 | For values which are valid UTF-8 strings. These values are not necessarily case-insensitive. Both case-sensitive and case-insensitive matching rules are available for Directory String and related syntaxes. |
| Enhanced Guide | 1.3.6.1.4.1.1466.115.121.1.21 | For values which contain complex search parameters based on attributes and filters. |
| Facsimile | 1.3.6.1.4.1.1466.115.121.1.22 | For values which contain fax numbers. |
| Fax | 1.3.6.1.4.1.1466.115.121.1.23 | For values which contain the images of transmitted faxes. |
| Generalized Time | 1.3.6.1.4.1.1466.115.121.1.24 | For values which are encoded as printable strings. The time zone must be specified. It is strongly recommended to use GMT time. |
| Guide | 1.3.6.1.4.1.1466.115.121.1.25 | Obsolete. For values which contain complex search parameters based on attributes and filters. |
| IA5 String | 1.3.6.1.4.1.1466.115.121.1.26 | For values which are valid strings. These values are not necessarily case-insensitive. Both case-sensitive and case-insensitive matching rules are available for IA5 String and related syntaxes. |
| Integer | 1.3.6.1.4.1.1466.115.121.1.27 | For values which are whole numbers. |
| JPEG | 1.3.6.1.4.1.1466.115.121.1.28 | For values which contain image data. |
| Name and Optional UID | 1.3.6.1.4.1.1466.115.121.1.34 | For values which contain a combination value of a DN and (optional) unique ID. |
| Numeric String | 1.3.6.1.4.1.1466.115.121.1.36 | For values which contain a string of both numerals and spaces. |
| OctetString | 1.3.6.1.4.1.1466.115.121.1.40 | For values which are binary; this replaces the binary syntax. |
| Object Class Description | 1.3.6.1.4.1.1466.115.121.1.37 | For values which contain object class definitions. |
| OID | 1.3.6.1.4.1.1466.115.121.1.38 | For values which contain OID definitions. |
| Postal Address | 1.3.6.1.4.1.1466.115.121.1.41 |
For values which are encoded in the format [literal,subs="+quotes,verbatim"] …. 1234 Main St.$Raleigh, NC 12345$USA …. Each dstring component is encoded as a DirectoryString value. Backslashes and dollar characters, if they occur, are quoted, so that they will not be mistaken for line delimiters. Many servers limit the postal address to 6 lines of up to thirty characters. |
| Printable String | 1.3.6.1.4.1.1466.115.121.1.44 | For values which contain printable strings. |
| Space-Insensitive String | 2.16.840.1.113730.3.7.1 | For values which contain space-insensitive strings. |
| TelephoneNumber | 1.3.6.1.4.1.1466.115.121.1.50 | For values which are in the form of telephone numbers. It is recommended to use telephone numbers in international form. |
| Teletex Terminal Identifier | 1.3.6.1.4.1.1466.115.121.1.51 | For values which contain an international telephone number. |
| Telex Number | 1.3.6.1.4.1.1466.115.121.1.52 | For values which contain a telex number, country code, and answerback code of a telex terminal. |
| URI |
For values in the form of a URL, introduced by a string such as |
5.1.1.2.2. Single- and Multi-Valued Attributes
By default, most attributes are multi-valued. This means that an entry can contain the same attribute multiple times, with different values. For example:
dn: uid=jsmith,ou=marketing,ou=people,dc=example,dc=com ou: marketing ou: people
The cn, tel, and objectclass attributes, for example, all can have more than one value. Attributes that are single-valued — that is, only one instance of the attribute can be specified — are specified in the schema as only allowing a single value. For example, uidNumber can only have one possible value, so its schema entry has the term SINGLE-VALUE. If the attribute is multi-valued, there is no value expression.
5.1.2. Default Directory Server Schema Files
Template schema definitions for Directory Server are stored in the /etc/dirsrv/schema directory. These default schema files are used to generate the schema files for new Directory Server instances. Each server instance has its own instance-specific schema directory in /etc/dirsrv/slapd-instance/schema. The schema files in the instance directory are used only by that instance.
To modify the directory schema, create new attributes and new object classes in the instance-specific schema directory. Because the default schema is used for creating new instances and each individual instance has its own schema files, it is possible to have slightly different schema for each instance, matching the use of each instance.
Any custom attributes added using the Directory Server Console or LDAP commands are stored in the 99user.ldif file; other custom schema files can be added to the /etc/dirsrv/slapd-instance/schema directory for each instance. Do not make any modifications with the standard files that come with Red Hat Directory Server.
For more information about how the Directory Server stores information and suggestions for planning directory schema, see the Deployment Guide.
Table 5.2. Schema Files
| Schema File | Purpose |
|---|---|
| 00core.ldif | Recommended core schema from the X.500 and LDAP standards (RFCs). This schema is used by the Directory Server itself for the instance configuration and to start the server instance. |
| 01core389.ldif | Recommended core schema from the X.500 and LDAP standards (RFCs). This schema is used by the Directory Server itself for the instance configuration and to start the server instance. |
| 02common.ldif | Standard-related schema from RFC 2256, LDAPv3, and standard schema defined by Directory Server which is used to configure entries. |
| 05rfc2927.ldif | Schema from RFC 2927, "MIME Directory Profile for LDAP Schema." |
| 05rfc4523.ldif | Schema definitions for X.509 certificates. |
| 05rfc4524.ldif | Cosine LDAP/X.500 schema. |
| 06inetorgperson.ldif | inetorgperson schema elements from RFC 2798, RFC 2079, and part of RFC 1274. |
| 10rfc2307.ldif | Schema from RFC 2307, "An Approach for Using LDAP as a Network Information Service." |
| 20subscriber.ldif | Common schema element for Directory Server-Nortel subscriber interoperability. |
| 25java-object.ldif | Schema from RFC 2713, "Schema for Representing Java Objects in an LDAP Directory." |
| 28pilot.ldif | Schema from the pilot RFCs, especially RFC 1274, that are no longer recommended for use in new deployments. |
| 30ns-common.ldif | Common schema. |
| 50ns-admin.ldif | Schemas used by the Administration Server. |
| 50ns-certificate.ldif | Schemas used by Red Hat Certificate System. |
| 50ns-directory.ldif | Schema used by legacy Directory Server 4.x servers. |
| 50ns-mail.ldif | Schema for mail servers. |
| 50ns-value.ldif | Schema for value items in Directory Server. |
| 50ns-web.ldif | Schema for web servers. |
| 60autofs.ldif | Object classes for automount configuration; this is one of several schema files used for NIS servers. |
| 60eduperson.ldif | Schema elements for education-related people and organization entries. |
| 60mozilla.ldif | Schema elements for Mozilla-related user profiles. |
| 60nss-ldap.ldif | Schema elements for GSS-API service names. |
| 60pam-plugin.ldif | Schema elements for integrating directory services with PAM modules. |
| 60pureftpd.ldif | Schema elements for defining FTP user accounts. |
| 60rfc2739.ldif | Schema elements for calendars and vCard properties. |
| 60rfc3712.ldif | Schema elements for configuring printers. |
| 60sabayon.ldif | Schema elements for defining sabayon user entries. |
| 60sudo.ldif | Schema elements for defining sudo users and roles. |
| 60trust.ldif | Schema elements for defining trust relationships for NSS or PAM. |
| 99user.ldif | Custom schema elements added through the Directory Server Console. |
5.1.3. Object Identifiers (OIDs)
All schema elements have object identifiers (OIDs) assigned to them, including attributes and object classes. An OID is a sequence of integers, usually written as a dot-separated string. All custom attributes and classes must conform to the X.500 and LDAP standards.
If an OID is not specified for a schema element, Directory Server automatically uses ObjectClass_name-oid and attribute_name-oid. However, using text OIDs instead of numeric OIDs can lead to problems with clients, server interoperability, and server behavior, assigning a numeric OID is strongly recommended.
OIDs can be built on. The base OID is a root number which is used for every schema element for an organization, and then schema elements can be incremented from there. For example, a base OID could be 1. The company then uses 1.1 for attributes, so every new attribute has an OID of 1.1.x. It uses 1.2 for object classes, so every new object class has an OID of 1.2.x.
For Directory Server-defined schema elements, the base OIDs are as follows:
-
The Netscape base OID is
2.16.840.1.113730. -
The Directory Server base OID is
2.16.840.1.113730.3. -
All Netscape-defined attributes have the base OID
2.16.840.1.113370.3.1. -
All Netscape-defined object classes have the base OID
2.16.840.1.113730.3.2.
For more information about OIDs or to request a prefix, go to the Internet Assigned Number Authority (IANA) website at http://www.iana.org/.
5.1.4. Extending the Schema
The Directory Server schema includes hundreds of object classes and attributes that can be used to meet most of directory requirements. This schema can be extended with new object classes and attributes that meet evolving requirements for the directory service in the enterprise by creating custom schema files.
When adding new attributes to the schema, a new object class should be created to contain them. Adding a new attribute to an existing object class can compromise the Directory Server’s compatibility with existing LDAP clients that rely on the standard LDAP schema and may cause difficulties when upgrading the server.
For more information about extending server schema, see the Deployment Guide.
5.1.5. Schema Checking
Schema checking means that the Directory Server checks every entry when it is created, modified, or in a database imported using LDIF to make sure that it complies with the schema definitions in the schema files. Schema checking verifies three things:
- Object classes and attributes used in the entry are defined in the directory schema.
- Attributes required for an object class are contained in the entry.
- Only attributes allowed by the object class are contained in the entry.
You should run Directory Server with schema checking turned on. For information on enabling schema checking, see the Administration Guide.
5.1.6. Syntax Validation
Syntax validation means that the Directory Server checks that the value of an attribute matches the required syntax for that attribute. For example, syntax validation will confirm that a new telephoneNumber attribute actually has a valid telephone number for its value.
With its basic configuration, syntax validation (like schema checking) will check any directory modification to make sure the attribute value matches the required syntax and will reject any modifications that violate the syntax. Optionally, syntax validation can be configured to log warning messages about syntax violations, and either reject the change or allow the modification process to succeed.
All syntaxes are validated against RFC 4514, except for DNs. By default, DNs are validated against RFC 1779 or RFC 2253, which are less strict than RFC 4514. Strict validation for DNs has to be explicitly configured.
This feature checks all attribute syntaxes listed in Table 5.1, “Supported LDAP Attribute Syntaxes”, with the exception of binary syntaxes (which cannot be verified) and non-standard syntaxes, which do not have a defined required format. The unvalidated syntaxes are as follows:
- Fax (binary)
- OctetString (binary)
- JPEG (binary)
- Binary (non-standard)
- Space Insensitive String (non-standard)
- URI (non-standard)
When syntax validation is enabled, new attribute values are checked whenever an attribute is added or modified to an entry. (This does not include replication changes, since the syntax would have been checked on the supplier server.) It is also possible to check existing attribute values for syntax violations by running the syntax-validation.pl script.
For information on options for syntax validation, see the Administration Guide.
5.2. Entry Attribute Reference
The attributes listed in this reference are manually assigned or available to directory entries. The attributes are listed in alphabetical order with their definition, syntax, and OID.
5.2.1. abstract
The abstract attribute contains an abstract for a document entry.
| OID | 0.9.2342.19200300.102.1.9 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Internet White Pages Pilot |
5.2.2. accessTo
This attribute defines what specific hosts or servers a user is allowed to access.
| OID | 5.3.6.1.1.1.1.1 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | nss_ldap/pam_ldap |
5.2.3. accountInactivityLimit
The accountInactivityLimit attribute sets the time period, in seconds, from the last login time of an account before that account is locked for inactivity.
| OID | 1.3.6.1.4.1.11.1.3.2.1.3 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Directory Server |
5.2.4. acctPolicySubentry
The acctPolicySubentry attribute identifies any entry which belongs to an account policy (specifically, an account lockout policy). The value of this attribute points to the account policy which is applied to the entry.
This can be set on an individual user entry or on a CoS template entry or role entry.
| OID | 1.3.6.1.4.1.11.1.3.2.1.2 |
| Syntax | DN |
| Multi- or Single-Valued | Single-valued |
| Defined in | Directory Server |
5.2.5. administratorContactInfo
This attribute contains the contact information for the LDAP or server administrator.
| OID | 2.16.840.1.113730.3.1.74 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.6. adminRole
This attribute contains the role assigned to the user identified in the entry.
| OID | 2.16.840.1.113730.3.1.601 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape Administration Services |
5.2.7. adminUrl
This attribute contains the URL of the Administration Server.
| OID | 2.16.840.1.113730.3.1.75 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.8. aliasedObjectName
The aliasedObjectName attribute is used by the Directory Server to identify alias entries. This attribute contains the DN (distinguished name) for the entry for which this entry is the alias. For example:
aliasedObjectName: uid=jdoe,ou=people,dc=example,dc=com
| OID | 2.5.4.1 |
| Syntax | DN |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.9. associatedDomain
The associatedDomain attribute contains the DNS domain associated with the entry in the directory tree. For example, the entry with the distinguished name c=US,o=Example Corporation has the associated domain of EC.US. These domains should be represented in RFC 822 order.
associatedDomain:US
| OID | 0.9.2342.19200300.100.1.37 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.10. associatedName
The associatedName identifies an organizational directory tree entry associated with a DNS domain. For example:
associatedName: c=us
| OID | 0.9.2342.19200300.100.1.38 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.11. attributeTypes
This attribute is used in a schema file to identify an attribute defined within the subschema.
| OID | 2.5.21.5 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.12. audio
The audio attribute contains a sound file using a binary format. This attribute uses a u-law encoded sound data. For example:
audio:: AAAAAA==
| OID | 0.9.2342.19200300.100.1.55 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.13. authorCn
The authorCn attribute contains the common name of the document’s author. For example:
authorCn: John Smith
| OID | 0.9.2342.19200300.102.1.11 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Internet White Pages Pilot |
5.2.14. authorityRevocationList
The authorityRevocationList attribute contains a list of revoked CA certificates. This attribute should be requested and stored in a binary format, like authorityRevocationList;binary. For example:
authorityrevocationlist;binary:: AAAAAA==
| OID | 2.5.4.38 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.15. authorSn
The authorSn attribute contains the last name or family name of the author of a document entry. For example:
authorSn: Smith
| OID | 0.9.2342.19200300.102.1.12 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Internet White Pages Pilot |
5.2.16. automountInformation
This attribute contains information used by the autofs automounter.
The automountInformation attribute is defined in 60autofs.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 60autofs.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.33 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.17. bootFile
This attribute contains the boot image file name.
The bootFile attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.24 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.18. bootParameter
This attribute contains the value for rpc.bootparamd.
The bootParameter attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.23 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.19. buildingName
The buildingName attribute contains the building name associated with the entry. For example:
buildingName: 14
| OID | 0.9.2342.19200300.100.1.48 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.20. businessCategory
The businessCategory attribute identifies the type of business in which the entry is engaged. The attribute value should be a broad generalization, such as a corporate division level. For example:
businessCategory: Engineering
| OID | 2.5.4.15 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.21. c (countryName)
The countryName, or c, attribute contains the two-character country code to represent the country names. The country codes are defined by the ISO. For example:
countryName: GB c: US
| OID | 2.5.4.6 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.22. cACertificate
The cACertificate attribute contains a CA certificate. The attribute should be requested and stored binary format, such as cACertificate;binary. For example:
cACertificate;binary:: AAAAAA==
| OID | 2.5.4.37 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.23. carLicense
The carLicense attribute contains an entry’s automobile license plate number. For example:
carLicense: 6ABC246
| OID | 2.16.840.1.113730.3.1.1 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.24. certificateRevocationList
The certificateRevocationList attribute contains a list of revoked user certificates. The attribute value is to be requested and stored in binary form, as certificateACertificate;binary. For example:
certificateRevocationList;binary:: AAAAAA==
| OID | 2.5.4.39 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.25. cn (commonName)
The commonName attribute contains the name of an entry. For user entries, the cn attribute is typically the person’s full name. For example:
commonName: John Smith cn: Bill Anderson
With the LDAPReplica or LDAPServerobject object classes, the cn attribute value has the following format:
cn: replicater.example.com:17430/dc%3Dexample%2Cdc%3com
| OID | 2.5.4.3 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.26. co (friendlyCountryName)
The friendlyCountryName attribute contains a country name; this can be any string. Often, the country is used with the ISO-designated two-letter country code, while the co attribute contains a readable country name. For example:
friendlyCountryName: Ireland co: Ireland
| OID | 0.9.2342.19200300.100.1.43 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.27. cosAttribute
The cosAttribute contains the name of the attribute for which to generate a value for the CoS. There can be more than one cosAttribute value specified. This attribute is used by all types of CoS definition entries.
| OID | 2.16.840.1.113730.3.1.550 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.28. cosIndirectSpecifier
The cosIndirectSpecifier specifies the attribute values used by an indirect CoS to identify the template entry.
| OID | 2.16.840.1.113730.3.1.577 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Directory Server |
5.2.29. cosPriority
The cosPriority attribute specifies which template provides the attribute value when CoS templates compete to provide an attribute value. This attribute represents the global priority of a template. A priority of zero is the highest priority.
| OID | 2.16.840.1.113730.3.1.569 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in | Directory Server |
5.2.30. cosSpecifier
The cosSpecifier attribute contains the attribute value used by a classic CoS, which, along with the template entry’s DN, identifies the template entry.
| OID | 2.16.840.1.113730.3.1.551 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Directory Server |
5.2.31. cosTargetTree
The cosTargetTree attribute defines the subtrees to which the CoS schema applies. The values for this attribute for the schema and for multiple CoS schema may overlap their target trees arbitrarily.
| OID | 2.16.840.1.113730.3.1.552 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Directory Server |
5.2.32. cosTemplateDn
The cosTemplateDn attribute contains the DN of the template entry which contains a list of the shared attribute values. Changes to the template entry attribute values are automatically applied to all the entries within the scope of the CoS. A single CoS might have more than one template entry associated with it.
| OID | 2.16.840.1.113730.3.1.553 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Directory Server |
5.2.33. crossCertificatePair
The value for the crossCertificatePair attribute must be requested and stored in binary format, such as certificateCertificateRepair;binary. For example:
crossCertificatePair;binary:: AAAAAA==
| OID | 2.5.4.40 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.34. dc (domainComponent)
The dc attribute contains one component of a domain name. For example:
dc: example domainComponent: example
| OID | 0.9.2342.19200300.100.1.25 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.35. deltaRevocationList
The deltaRevocationList attribute contains a certificate revocation list (CRL). The attribute value is requested and stored in binary format, such as deltaRevocationList;binary.
| OID | 2.5.4.53 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.36. departmentNumber
The departmentNumber attribute contains an entry’s department number. For example:
departmentNumber: 2604
| OID | 2.16.840.1.113730.3.1.2 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.37. description
The description attribute provides a human-readable description for an entry. For person or organization object classes, this can be used for the entry’s role or work assignment. For example:
description: Quality control inspector for the ME2873 product line.
| OID | 2.5.4.13 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.38. destinationIndicator
The destinationIndicator attribute contains the city and country associated with the entry. This attribute was once required to provide public telegram service and is generally used in conjunction with the registeredAddress attribute. For example:
destinationIndicator: Stow, Ohio, USA
| OID | 2.5.4.27 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.39. displayName
The displayName attributes contains the preferred name of a person to use when displaying that person’s entry. This is especially useful for showing the preferred name for an entry in a one-line summary list. Since other attribute types, such as cn, are multi-valued, they cannot be used to display a preferred name. For example:
displayName: John Smith
| OID | 2.16.840.1.113730.3.1.241 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.40. dITRedirect
The dITRedirect attribute indicates that the object described by one entry now has a newer entry in the directory tree. This attribute may be used when an individual’s place of work changes, and the individual acquires a new organizational DN.
dITRedirect: cn=jsmith,dc=example,dc=com
| OID | 0.9.2342.19200300.100.1.54 |
| Syntax | DN |
| Defined in |
5.2.41. dmdName
The dmdName attribute value specifies a directory management domain (DMD), the administrative authority that operates the Directory Server.
| OID | 2.5.4.54 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.42. dn (distinguishedName)
The dn attribute contains an entry’s distinguished name. For example:
dn: uid=Barbara Jensen,ou=Quality Control,dc=example,dc=com
| OID | 2.5.4.49 |
| Syntax | DN |
| Defined in |
5.2.43. dNSRecord
The dNSRecord attribute contains DNS resource records, including type A (Address), type MX (Mail Exchange), type NS (Name Server), and type SOA (Start of Authority) resource records. For example:
dNSRecord: IN NS ns.uu.net
| OID | 0.9.2342.19200300.100.1.26 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Internet Directory Pilot |
5.2.44. documentAuthor
The documentAuthor attribute contains the DN of the author of a document entry. For example:
documentAuthor: uid=Barbara Jensen,ou=People,dc=example,dc=com
| OID | 0.9.2342.19200300.100.1.14 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.45. documentIdentifier
The documentIdentifier attribute contains a unique identifier for a document. For example:
documentIdentifier: L3204REV1
| OID | 0.9.2342.19200300.100.1.11 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.46. documentLocation
The documentLocation attribute contains the location of the original version of a document. For example:
documentLocation: Department Library
| OID | 0.9.2342.19200300.100.1.15 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.47. documentPublisher
The documentPublisher attribute contains the person or organization who published a document. For example:
documentPublisher: Southeastern Publishing
| OID | 0.9.2342.19200300.100.1.56 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.48. documentStore
The documentStore attribute contains information on where the document is stored.
| OID | 0.9.2342.19200300.102.1.10 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Internet White Pages Pilot |
5.2.49. documentTitle
The documentTitle attribute contains a document’s title. For example:
documentTitle: Red Hat Directory Server Administrator Guide
| OID | 0.9.2342.19200300.100.1.12 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.50. documentVersion
The documentVersion attribute contains the current version number for the document. For example:
documentVersion: 1.1
| OID | 0.9.2342.19200300.100.1.13 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.51. drink (favouriteDrink)
The favouriteDrink attribute contains a person’s favorite beverage. This can be shortened to drink. For example:
favouriteDrink: iced tea drink: cranberry juice
| OID | 0.9.2342.19200300.100.1.5 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.52. dSAQuality
The dSAQuality attribute contains the rating of the directory system agents' (DSA) quality. This attribute allows a DSA manager to indicate the expected level of availability of the DSA. For example:
dSAQuality: high
| OID | 0.9.2342.19200300.100.1.49 |
| Syntax | Directory-String |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.53. employeeNumber
The employeeNumber attribute contains the employee number for the person. For example:
employeeNumber: 3441
| OID | 2.16.840.1.113730.3.1.3 |
| Syntax | Directory-String |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.54. employeeType
The employeeType attribute contains the employment type for the person. For example:
employeeType: Full time
| OID | 2.16.840.1.113730.3.1.4 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.55. enhancedSearchGuide
The enhancedSearchGuide attribute contains information used by an X.500 client to construct search filters. For example:
enhancedSearchGuide: (uid=bjensen)
| OID | 2.5.4.47 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.56. fax (facsimileTelephoneNumber)
The facsimileTelephoneNumber attribute contains the entry’s facsimile number; this attribute can be abbreviated as fax. For example:
facsimileTelephoneNumber: +1 415 555 1212 fax: +1 415 555 1212
| OID | 2.5.4.23 |
| Syntax | TelephoneNumber |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.57. gecos
The gecos attribute is used to determine the GECOS field for the user. This is comparable to the cn attribute, although using a gecos attribute allows additional information to be embedded in the GECOS field aside from the common name. This field is also useful if the common name stored in the directory is not the user’s full name.
gecos: John Smith
The gecos attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.2 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.58. generationQualifier
The generationQualifier attribute contains the generation qualifier for a person’s name, which is usually appended as a suffix to the name. For example:
generationQualifier:III
| OID | 2.5.4.44 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.59. gidNumber
The gidNumber attribute contains a unique numeric identifier for a group entry or to identify the group for a user entry. This is analogous to the group number in Unix.
gidNumber: 100
The gidNumber attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.1 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.60. givenName
The givenName attribute contains an entry’s given name, which is usually the first name. For example:
givenName: Rachel
| OID | 2.5.4.42 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.61. homeDirectory
The homeDirectory attribute contains the path to the user’s home directory.
homeDirectory: /home/jsmith
The homeDirectory attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.3 |
| Syntax | IA5String |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.62. homePhone
The homePhone attribute contains the entry’s residential phone number. For example:
homePhone: 415-555-1234
Although RFC 1274 defines both homeTelephoneNumber and homePhone as names for the residential phone number attribute, Directory Server only implements the homePhone name.
| OID | 0.9.2342.19200300.100.1.20 |
| Syntax | TelephoneNumber |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.63. homePostalAddress
The homePostalAddress attribute contains an entry’s home mailing address. Since this attribute generally spans multiple lines, each line break has to be represented by a dollar sign ($). To represent an actual dollar sign ($) or backslash (\) in the attribute value, use the escaped hex values \24 and \5c, respectively. For example:
homePostalAddress: 1234 Ridgeway Drive$Santa Clara, CA$99555
To represent the following string:
The dollar ($) value can be found in the c:\cost file.
The entry value is:
The dollar (\24) value can be found$in the c:\c5cost file.
| OID | 0.9.2342.19200300.100.1.39 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.64. host
The host contains the host name of a computer. For example:
host: labcontroller01
| OID | 0.9.2342.19200300.100.1.9 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.65. houseIdentifier
The houseIdentifier contains an identifier for a specific building at a location. For example:
houseIdentifier: B105
| OID | 2.5.4.51 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.66. inetDomainBaseDN
This attribute identifies the base DN of user subtree for a DNS domain.
| OID | 2.16.840.1.113730.3.1.690 |
| Syntax | DN |
| Multi- or Single-Valued | Single-valued |
| Defined in | Subscriber interoperability |
5.2.67. inetDomainStatus
This attribute shows the current status of the domain. A domain has a status of active, inactive, or deleted.
| OID | 2.16.840.1.113730.3.1.691 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Subscriber interoperability |
5.2.68. inetSubscriberAccountId
This attribute contains the a unique attribute used to link the user entry for the subscriber to a billing system.
| OID | 2.16.840.1.113730.3.1.694 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Subscriber interoperability |
5.2.69. inetSubscriberChallenge
The inetSubscriberChallenge attribute contains some kind of question or prompt, the challenge phrase, which is used to confirm the identity of the user in the subscriberIdentity attribute. This attribute is used in conjunction with the inetSubscriberResponse attribute, which contains the response to the challenge.
| OID | 2.16.840.1.113730.3.1.695 |
| Syntax | IA5String |
| Multi- or Single-Valued | Single-valued |
| Defined in | Subscriber interoperability |
5.2.70. inetSubscriberResponse
The inetSubscriberResponse attribute contains the answer to the challenge question in the inetSubscriberChallenge attribute to verify the user in the subscriberIdentity attribute.
| OID | 2.16.840.1.113730.3.1.696 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Subscriber interoperability |
5.2.71. inetUserHttpURL
This attribute contains the web addresses associated with the user.
| OID | 2.16.840.1.113730.3.1.693 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Subscriber interoperability |
5.2.72. inetUserStatus
This attribute shows the current status of the user (subscriber). A user has a status of active, inactive, or deleted.
| OID | 2.16.840.1.113730.3.1.692 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-Valued |
| Defined in | Subscriber interoperability |
5.2.73. info
The info attribute contains any general information about an object. Avoid using this attribute for specific information and rely instead on specific, possibly custom, attribute types. For example:
info: not valid
| OID | 0.9.2342.19200300.100.1.4 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.74. initials
The initials contains a person’s initials; this does not contain the entry’s surname. For example:
initials: BAJ
Directory Server and Active Directory handle the initials attribute differently. The Directory Server allows a practically unlimited number of characters, while Active Directory has a restriction of six characters. If an entry is synced with a Windows peer and the value of the initials attribute is longer than six characters, then the value is automatically truncated to six characters when it is synchronized. There is no information written to the error log to indicate that synchronization changed the attribute value, either.
| OID | 2.5.4.43 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.75. installationTimeStamp
This contains the time that the server instance was installed.
| OID | 2.16.840.1.113730.3.1.73 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-Valued |
| Defined in | Netscape Administration Services |
5.2.76. internationalISDNNumber
The internationalISDNNumber attribute contains the ISDN number of a document entry. This attribute uses the internationally recognized format for ISDN addresses given in CCITT Rec. E. 164.
| OID | 2.5.4.25 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.77. ipHostNumber
This contains the IP address for a server.
The ipHostNumber attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.19 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-Valued |
| Defined in |
5.2.78. ipNetmaskNumber
This contains the IP netmask for the server.
The ipHostNumber attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 2.16.840.1.113730.3.1.73 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-Valued |
| Defined in |
5.2.79. ipNetworkNumber
This identifies the IP network.
The ipNetworkNumber attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.20 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-Valued |
| Defined in |
5.2.80. ipProtocolNumber
This attribute identifies the IP protocol version number.
The ipProtocolNumber attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.17 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-Valued |
| Defined in |
5.2.81. ipServicePort
This attribute gives the port used by the IP service.
The ipServicePort attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.15 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-Valued |
| Defined in |
5.2.82. ipServiceProtocol
This identifies the protocol used by the IP service.
The ipServiceProtocol attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.16 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-Valued |
| Defined in |
5.2.83. janetMailbox
The janetMailbox contains a JANET email address, usually for users located in the United Kingdom who do not use RFC 822 email address. Entries with this attribute must also contain the rfc822Mailbox attribute.
| OID | 0.9.2342.19200300.100.1.46 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.84. jpegPhoto
The jpegPhoto attribute contains a JPEG photo, a binary value. For example:
jpegPhoto:: AAAAAA==
| OID | 0.9.2342.19200300.100.1.60 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.85. keyWords
The keyWord attribute contains keywords associated with the entry. For example:
keyWords: directory LDAP X.500
| OID | 0.9.2342.19200300.102.1.7 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Internet White Pages Pilot |
5.2.86. knowledgeInformation
This attribute is no longer used.
| OID | 2.5.4.2 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.87. l (localityName)
The localityName, or l, attribute contains the county, city, or other geographical designation associated with the entry. For example:
localityName: Santa Clara l: Santa Clara
| OID | 2.5.4.7 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.88. labeledURI
The labeledURI contains a Uniform Resource Identifier (URI) which is related, in some way, to the entry. Values placed in the attribute should consist of a URI (currently only URLs are supported), optionally followed by one or more space characters and a label.
labeledURI: http://home.example.com labeledURI: http://home.example.com Example website
| OID | 1.3.6.1.4.1.250.1.57 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.89. loginShell
The loginShell attribute contains the path to a script that is launched automatically when a user logs into the domain.
loginShell: c:\scripts\jsmith.bat
The loginShell attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.4 |
| Syntax | IA5String |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.90. macAddress
This attribute gives the MAC address for a server or piece of equipment.
The macAddress attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.22 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.91. mail
The mail attribute contains a user’s primary email address. This attribute value is retrieved and displayed by whitepage applications. For example:
mail: jsmith@example.com
| OID | 0.9.2342.19200300.100.1.3 |
| Syntax | DirectyString |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.92. mailAccessDomain
This attribute lists the domain which a user can use to access the messaging server.
| OID | 2.16.840.1.113730.3.1.12 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.93. mailAlternateAddress
The mailAlternateAddress attribute contains additional email addresses for a user. This attribute does not reflect the default or primary email address; that email address is set by the mail attribute.
For example:
mailAlternateAddress: jsmith@example.com mailAlternateAddress: smith1701@alt.com
| OID | 2.16.840.1.113730.3.1.13 |
| Syntax | DirectyString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.94. mailAutoReplyMode
This attribute sets whether automatic replies are enabled for the messaging server.
| OID | 2.16.840.1.113730.3.1.14 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.95. mailAutoReplyText
This attribute stores the text to used in an auto-reply email.
| OID | 2.16.840.1.113730.3.1.15 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.96. mailDeliveryOption
This attribute defines the mail delivery mechanism to use for the mail user.
| OID | 2.16.840.1.113730.3.1.16 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.97. mailEnhancedUniqueMember
This attribute contains the DN of a unique member of a mail group.
| OID | 2.16.840.1.113730.3.1.31 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.98. mailForwardingAddress
This attribute contains an email address to which to forward a user’s email.
| OID | 2.16.840.1.113730.3.1.17 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.99. mailHost
The mailHost attribute contains the host name of a mail server. For example:
mailHost: mail.example.com
| OID | 2.16.840.1.113730.3.1.18 |
| Syntax | DirectyString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.100. mailMessageStore
This identifies the location of a user’s email box.
| OID | 2.16.840.1.113730.3.1.19 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.101. mailPreferenceOption
The mailPreferenceOption defines whether a user should be included on a mailing list, both electronic and physical. There are three options.
| 0 | Does not appear in mailing lists. |
| 1 | Add to any mailing lists. |
| 2 | Added only to mailing lists which the provider views as relevant to the user interest. |
If the attribute is absent, then the default is to assume that the user is not included on any mailing list. This attribute should be interpreted by anyone using the directory to derive mailing lists and its value respected. For example:
mailPreferenceOption: 0
| OID | 0.9.2342.19200300.100.1.47 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.102. mailProgramDeliveryInfo
This attribute contains any commands to use for programmed mail delivery.
| OID | 2.16.840.1.113730.3.1.20 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.103. mailQuota
This attribute sets the amount of disk space allowed for a user’s mail box.
| OID | 2.16.840.1.113730.3.1.21 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.104. mailRoutingAddress
This attribute contains the routing address to use when forwarding the emails received by the user to another messaging server.
| OID | 2.16.840.1.113730.3.1.24 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.105. manager
The manager contains the distinguished name (DN) of the manager for the person. For example:
manager: cn=Bill Andersen,ou=Quality Control,dc=example,dc=com
| OID | 0.9.2342.19200300.100.1.10 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.106. member
The member attribute contains the distinguished names (DNs) of each member of a group. For example:
member: cn=John Smith,dc=example,dc=com
| OID | 2.5.4.31 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.107. memberCertificateDescription
This attribute is a multi-valued attribute where each value is a description, a pattern, or a filter matching the subject DN of a certificate, usually a certificate used for TLS client authentication.
memberCertificateDescription matches any certificate that contains a subject DN with the same attribute-value assertions (AVAs) as the description. The description may contain multiple ou AVAs. A matching DN must contain those same ou AVAs, in the same order, although it may be interspersed with other AVAs, including other ou AVAs. For any other attribute type (not ou), there should be at most one AVA of that type in the description. If there are several, all but the last are ignored.
A matching DN must contain that same AVA but no other AVA of the same type nearer the root (later, syntactically).
AVAs are considered the same if they contain the same attribute description (case-insensitive comparison) and the same attribute value (case-insensitive comparison, leading and trailing whitespace ignored, and consecutive whitespace characters treated as a single space).
To be considered a member of a group with the following memberCertificateDescription value, a certificate needs to include ou=x, ou=A, and dc=example, but not dc=company.
memberCertificateDescription: {ou=x,ou=A,dc=company,dc=example}
To match the group’s requirements, a certificate’s subject DNs must contain the same ou attribute types in the same order as defined in the memberCertificateDescription attribute.
| OID | 2.16.840.1.113730.3.1.199 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.108. memberNisNetgroup
This attribute merges the attribute values of another netgroup into the current one by listing the name of the merging netgroup.
The memberNisNetgroup attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.13 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.109. memberOf
This attribute contains the name of a group to which the user is a member.
memberOf is the default attribute generated by the MemberOf Plug-in on the user entry of a group member. This attribute is automatically synchronized to the listed member attributes in a group entry, so that displaying group membership for entries is managed by Directory Server.
This attribute is only synchronized between group entries and the corresponding members' user entries if the MemberOf Plug-in is enabled and is configured to use this attribute.
| OID | 1.2.840.113556.1.2.102 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Delegated Administrator |
5.2.110. memberUid
The memberUid attribute contains the login name of the member of a group; this can be different than the DN identified in the member attribute.
memberUID: jsmith
The memberUID attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.12 |
| Syntax | IA5String |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.111. memberURL
This attribute identifies a URL associated with each member of a group. Any type of labeled URL can be used.
memberURL: ldap://cn=jsmith,ou=people,dc=example,dc=com
| OID | 2.16.840.1.113730.3.1.198 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.112. mepManagedBy
This attribute contains a pointer in an automatically-generated entry that points back to the DN of the originating entry. This attribute is set by the Managed Entries Plug-in and cannot be modified manually.
| OID | 2.16.840.1.113730.3.1.2086 |
| Syntax | DN |
| Multi- or Single-Valued | Single-valued |
| Defined in | Directory Server |
5.2.113. mepManagedEntry
This attribute contains a pointer to an automatically-generated entry which corresponds to the current entry. This attribute is set by the Managed Entries Plug-in and cannot be modified manually.
| OID | 2.16.840.1.113730.3.1.2087 |
| Syntax | DN |
| Multi- or Single-Valued | Single-valued |
| Defined in | Directory Server |
5.2.114. mepMappedAttr
This attribute sets an attribute in the Managed Entries template entry which must exist in the generated entry. The mapping means that some value of the originating entry is used to supply the given attribute. The values of these attributes will be tokens in the form attribute: $attr. For example:
mepMappedAttr: gidNumber: $gidNumber
As long as the syntax of the expanded token of the attribute does not violate the required attribute syntax, then other terms and strings can be used in the attribute. For example:
mepMappedAttr: cn: Managed Group for $cn
| OID | 2.16.840.1.113730.3.1.2089 |
| Syntax | OctetString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.115. mepRDNAttr
This attribute sets which attribute to use as the naming attribute in the automatically-generated entry created by the Managed Entries Plug-in. Whatever attribute type is given in the naming attribute should be present in the managed entries template entry as a mepMappedAttr.
| OID | 2.16.840.1.113730.3.1.2090 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Directory Server |
5.2.116. mepStaticAttr
This attribute sets an attribute with a defined value that must be added to the automatically-generated entry managed by the Managed Entries Plug-in. This value will be used for every entry generated by that instance of the Managed Entries Plug-in.
mepStaticAttr: posixGroup
| OID | 2.16.840.1.113730.3.1.2088 |
| Syntax | OctetString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.117. mgrpAddHeader
This attribute contains information about the header in the messages.
| OID | 2.16.840.1.113730.3.1.781 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.118. mgrpAllowedBroadcaster
This attribute sets whether to allow the user to send broadcast messages.
| OID | 2.16.840.1.113730.3.1.22 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.119. mgrpAllowedDomain
This attribute sets the domains for the mail group.
| OID | 2.16.840.1.113730.3.1.23 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.120. mgrpApprovePassword
This attribute sets whether a user must approve a password used to access their email.
| OID | mgrpApprovePassword-oid |
| Syntax | IA5String |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape Messaging Server |
5.2.121. mgrpBroadcasterPolicy
This attribute defines the policy for broadcasting emails.
| OID | 2.16.840.1.113730.3.1.788 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.122. mgrpDeliverTo
This attribute contains information about the delivery destination for email.
| OID | 2.16.840.1.113730.3.1.25 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.123. mgrpErrorsTo
This attribute contains information about where to deliver error messages for the messaging server.
| OID | 2.16.840.1.113730.3.1.26 |
| Syntax | IA5String |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape Messaging Server |
5.2.124. mgrpModerator
This attribute contains the contact name for the mailing list moderator.
| OID | 2.16.840.1.113730.3.1.33 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.125. mgrpMsgMaxSize
This attribute sets the maximum size allowed for email messages.
| OID | 2.16.840.1.113730.3.1.32 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape Messaging Server |
5.2.126. mgrpMsgRejectAction
This attribute defines what actions the messaging server should take for rejected messages.
| OID | 2.16.840.1.113730.3.1.28 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.127. mgrpMsgRejectText
This attribute sets the text to use for rejection notifications.
| OID | 2.16.840.1.113730.3.1.29 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.128. mgrpNoDuplicateChecks
This attribute defines whether the messaging server checks for duplicate emails.
| OID | 2.16.840.1.113730.3.1.789 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape Messaging Server |
5.2.129. mgrpRemoveHeader
This attribute sets whether the header is removed in reply messages.
| OID | 2.16.840.1.113730.3.1.801 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.130. mgrpRFC822MailMember
This attribute identifies the member of a mail group.
| OID | 2.16.840.1.113730.3.1.30 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.131. mobile
The mobile, or mobileTelephoneNumber, contains the entry’s mobile or cellular phone number. For example:
mobileTelephoneNumber: 415-555-4321
| OID | 0.9.2342.19200300.100.1.41 |
| Syntax | TelephoneNumber |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.132. mozillaCustom1
This attribute is used by Mozilla Thunderbird to manage a shared address book.
| OID | 1.3.6.1.4.1.13769.4.1 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.133. mozillaCustom2
This attribute is used by Mozilla Thunderbird to manage a shared address book.
| OID | 1.3.6.1.4.1.13769.4.2 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.134. mozillaCustom3
This attribute is used by Mozilla Thunderbird to manage a shared address book.
| OID | 1.3.6.1.4.1.13769.4.3 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.135. mozillaCustom4
This attribute is used by Mozilla Thunderbird to manage a shared address book.
| OID | 1.3.6.1.4.1.13769.4.4 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.136. mozillaHomeCountryName
This attribute sets the country used by Mozilla Thunderbird in a shared address book.
| OID | 1.3.6.1.4.1.13769.3.6 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.137. mozillaHomeLocalityName
This attribute sets the city used by Mozilla Thunderbird in a shared address book.
| OID | 1.3.6.1.4.1.13769.3.3 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.138. mozillaHomePostalCode
This attribute sets the postal code used by Mozilla Thunderbird in a shared address book.
| OID | 1.3.6.1.4.1.13769.3.5 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.139. mozillaHomeState
This attribute sets the state or province used by Mozilla Thunderbird in a shared address book.
| OID | 1.3.6.1.4.1.13769.3.4 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.140. mozillaHomeStreet
This attribute sets the street address used by Mozilla Thunderbird in a shared address book.
| OID | 1.3.6.1.4.1.13769.3.1 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.141. mozillaHomeStreet2
This attribute contains the second line of a street address used by Mozilla Thunderbird in a shared address book.
| OID | 1.3.6.1.4.1.13769.3.2 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.142. mozillaHomeUrl
This attribute contains a URL used by Mozilla Thunderbird in a shared address book.
| OID | 1.3.6.1.4.1.13769.3.7 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.143. mozillaNickname (xmozillanickname)
This attribute contains a nickname used by Mozilla Thunderbird for a shared address book.
| OID | 1.3.6.1.4.1.13769.2.1 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Mozilla Address Book |
5.2.144. mozillaSecondEmail (xmozillasecondemail)
This attribute contains an alternate or secondary email address for an entry in a shared address book for Mozilla Thunderbird.
| OID | 1.3.6.1.4.1.13769.2.2 |
| Syntax | IA5String |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.145. mozillaUseHtmlMail (xmozillausehtmlmail)
This attribute sets an email type preference for an entry in a shared address book in Mozilla Thunderbird.
| OID | 1.3.6.1.4.1.13769.2.3 |
| Syntax | Boolean |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.146. mozillaWorkStreet2
This attribute contains a street address for a workplace or office for an entry in Mozilla Thunderbird’s shared address book.
| OID | 1.3.6.1.4.1.13769.3.8 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.147. mozillaWorkUrl
This attribute contains a URL for a work site in an entry in a shared address book in Mozilla Thunderbird.
| OID | 1.3.6.1.4.1.13769.3.9 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Mozilla Address Book |
5.2.148. multiLineDescription
This attribute contains a description of an entry which spans multiple lines in the LDIF file.
| OID | 1.3.6.1.4.1.250.1.2 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Internet White Pages Pilot |
5.2.149. name
The name attribute identifies the attribute supertype which can be used to form string attribute types for naming.
It is unlikely that values of this type will occur in an entry. LDAP server implementations that do not support attribute subtyping do not need to recognize this attribute in requests. Client implementations should not assume that LDAP servers are capable of performing attribute subtyping.
| OID | 2.5.4.41 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.150. netscapeReversiblePassword
This attribute contains the password for HTTP Digest/MD5 authentication.
| OID | 2.16.840.1.113730.3.1.812 |
| Syntax | OctetString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Web Server |
5.2.151. NisMapEntry
This attribute contains the information for a NIS map to be used by Network Information Services.
This attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.27 |
| Syntax | IA5String |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.152. nisMapName
This attribute contains the name of a mapping used by a NIS server.
| OID | 1.3.6.1.1.1.1.26 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.153. nisNetgroupTriple
This attribute contains information on a netgroup used by a NIS server.
This attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.14 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.154. nsAccessLog
This entry identifies the access log used by a server.
| OID | nsAccessLog-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.155. nsAdminAccessAddresses
This attribute contains the IP address of the Administration Server used by the instance.
| OID | nsAdminAccessAddresses-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.156. nsAdminAccessHosts
This attribute contains the host name of the Administration Server.
| OID | nsAdminAccessHosts-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.157. nsAdminAccountInfo
This attribute contains other information about the Administration Server account.
| OID | nsAdminAccountInfo-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.158. nsAdminCacheLifetime
This sets the length of time to store the cache used by the Directory Server.
| OID | nsAdminCacheLifetime-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.159. nsAdminCgiWaitPid
This attribute defines the wait time for Administration Server CGI process IDs.
| OID | nsAdminCgiWaitPid-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.160. nsAdminDomainName
This attribute contains the name of the administration domain containing the Directory Server instance.
| OID | nsAdminDomainName-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.161. nsAdminEnableEnduser
This attribute sets whether to allow end user access to admin services.
| OID | nsAdminEnableEnduser-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.162. nsAdminEndUserHTMLIndex
This attribute sets whether to allow end users to access the HTML index of admin services.
| OID | nsAdminEndUserHTMLIndex-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.163. nsAdminGroupName
This attribute gives the name of the admin guide.
| OID | nsAdminGroupName-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.164. nsAdminOneACLDir
This attribute gives the directory path to the directory containing access control lists for the Administration Server.
| OID | nsAdminOneACLDir-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.165. nsAdminSIEDN
This attribute contains the DN of the serer instance entry (SIE) for the Administration Server.
| OID | nsAdminSIEDN-oid |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.166. nsAdminUsers
This attribute gives the path and name of the file which contains the information for the Administration Server admin user.
| OID | nsAdminUsers-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.167. nsAIMid
This attribute contains the AOL Instant Messaging user ID for the user.
| OID | 2.16.840.1.113730.3.2.300 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.168. nsBaseDN
This contains the base DN used in the Directory Server’s server instance definition entry.
| OID | nsBaseDN-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.169. nsBindDN
This attribute contains the bind DN defined in the Directory Server SIE.
| OID | nsBindDN-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.170. nsBindPassword
This attribute contains the password used by the bind DN defined in nsBindDN.
| OID | nsBindPassword-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.171. nsBuildNumber
This defines, in the Directory Server SIE, the build number of the server instance.
| OID | nsBuildNumber-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.172. nsBuildSecurity
This defines, in the Directory Server SIE, the build security level.
| OID | nsBuildSecurity-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.173. nsCertConfig
This attribute defines the configuration for the Red Hat Certificate System.
| OID | nsCertConfig-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Certificate System |
5.2.174. nsClassname
| OID | nsClassname-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.175. nsConfigRoot
This attribute contains the root DN of the configuration directory.
| OID | nsConfigRoot-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.176. nscpAIMScreenname
This attribute gives the AIM screen name of a user.
| OID | 1.3.6.1.4.1.13769.2.4 |
| Syntax | TelephoneString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Mozilla Address Book |
5.2.177. nsDefaultAcceptLanguage
This attribute contains the language codes which are accepted for HTML clients.
| OID | nsDefaultAcceptLanguage-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.178. nsDefaultObjectClass
This attribute stores object class information in a container entry.
| OID | nsDefaultObjectClass-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.179. nsDeleteclassname
| OID | nsDeleteclassname-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.180. nsDirectoryFailoverList
This attribute contains a list of Directory Servers to use for failover.
| OID | nsDirectoryFailoverList-oid |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.181. nsDirectoryInfoRef
This attribute refers to a DN of an entry with information about the server.
| OID | nsDirectoryInfoRef-oid |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.182. nsDirectoryURL
This attribute contains the Directory Server URL.
| OID | nsDirectoryURL-oid |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.183. nsDisplayName
This attribute contains a display name.
| OID | nsDisplayName-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.184. nsErrorLog
This attribute identifies the error log used by the server.
| OID | nsErrorLog-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.185. nsExecRef
This attribute contains the path or location of an executable which can be used to perform server tasks.
| OID | nsExecRef-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.186. nsExpirationDate
This attribute contains the expiration date of an application.
| OID | nsExpirationDate-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.187. nsGroupRDNComponent
This attribute defines the attribute to use for the RDN of a group entry.
| OID | nsGroupRDNComponent-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.188. nsHardwarePlatform
This attribute indicates the hardware on which the server is running. The value of this attribute is the same as the output from uname -m. For example:
nsHardwarePlatform:i686
| OID | nsHardwarePlatform-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.189. nsHelpRef
This attribute contains a reference to an online help file.
| OID | nsHelpRef-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.190. nsHostLocation
This attribute contains information about the server host.
| OID | nsHostLocation-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.191. nsICQid
This attribute contains an ICQ ID for the user.
| OID | 2.16.840.1.113730.3.1.2014 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.192. nsInstalledLocation
This attribute contains the installation directory for Directory Servers which are version 7.1 or older.
| OID | nsInstalledLocation-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.193. nsJarfilename
This attribute gives the jar file name used by the Console.
| OID | nsJarfilename-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.194. nsLdapSchemaVersion
This gives the version number of the LDAP directory schema.
| OID | nsLdapSchemaVersion-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.195. nsLicensedFor
The nsLicensedFor attribute identifies the server the user is licensed to use. Administration Server expects each nsLicenseUser entry to contain zero or more instances of this attribute. Valid keywords for this attribute include the following:
-
slapdfor a licensed Directory Server client. -
mailfor a licensed mail server client. -
newsfor a licensed news server client. -
calfor a licensed calender server client.
For example:
nsLicensedFor: slapd
| OID | 2.16.840.1.113730.3.1.36 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Administration Server |
5.2.196. nsLicenseEndTime
Reserved for future use.
| OID | 2.16.840.1.113730.3.1.38 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Administration Server |
5.2.197. nsLicenseStartTime
Reserved for future use.
| OID | 2.16.840.1.113730.3.1.37 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Administration Server |
5.2.198. nsLogSuppress
This attribute sets whether to suppress server logging.
| OID | nsLogSuppress-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.199. nsmsgDisallowAccess
This attribute defines access to a messaging server.
| OID | nsmsgDisallowAccess-oid |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.200. nsmsgNumMsgQuota
This attribute sets a quota for the number of messages which will be kept by the messaging server.
| OID | nsmsgNumMsgQuota-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.201. nsMSNid
This attribute contains the MSN instant messaging ID for the user.
| OID | 2.16.840.1.113730.3.1.2016 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.202. nsNickName
This attribute gives a nickname for an application.
| OID | nsNickName-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.203. nsNYR
| OID | nsNYR-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Administration Services |
5.2.204. nsOsVersion
This attribute contains the version number of the operating system for the host on which the server is running.
| OID | nsOsVersion-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.205. nsPidLog
| OID | nsPidLog-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.206. nsPreference
This attribute stores the Console preference settings.
| OID | nsPreference-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.207. nsProductName
This contains the name of the product, such as Red Hat Directory Server or Administration Server.
| OID | nsProductName-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.208. nsProductVersion
This contains the version number of the Directory Server or Administration Server.
| OID | nsProductVersion-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.209. nsRevisionNumber
This attribute contains the revision number of the Directory Server or Administration Server.
| OID | nsRevisionNumber-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.210. nsSecureServerPort
This attribute contains the TLS port for the Directory Server.
This attribute does not configure the TLS port for the Directory Server. This is configured in nsslapd-secureport configuration attribute in the Directory Server’s dse.ldif file. Configuration attributes are described in the Configuration, Command, and File Reference.
| OID | nsSecureServerPort-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.211. nsSerialNumber
This attribute contains a serial number or tracking number assigned to a specific server application, such as Red Hat Directory Server or Administration Server.
| OID | nsSerialNumber-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.212. nsServerAddress
This attribute contains the IP address of the server host on which the Directory Server is running.
| OID | nsServerAddress-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.213. nsServerCreationClassname
This attribute gives the class name to use when creating a server.
| OID | nsServerCreationClassname-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.214. nsServerID
This contains the server’s instance name. For example:
nsServerID: slapd-example
| OID | nsServerID-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.215. nsServerMigrationClassname
This attribute contains the name of the class to use when migrating a server.
| OID | nsServerMigrationClassname-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.216. nsServerPort
This attribute contains the standard LDAP port for the Directory Server.
This attribute does not configure the standard port for the Directory Server. This is configured in nsslapd-port configuration attribute in the Directory Server’s dse.ldif file. Configuration attributes are described in the Configuration, Command, and File Reference.
| OID | nsServerPort-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.217. nsServerSecurity
This shows whether the Directory Server requires a secure TLS or SSL connection.
| OID | nsServerSecurity-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.218. nsSNMPContact
This attribute contains the contact information provided by the SNMP.
| OID | 2.16.840.1.113730.3.1.235 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.219. nsSNMPDescription
This contains a description of the SNMP service.
| OID | 2.16.840.1.113730.3.1.236 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.220. nsSNMPEnabled
This attribute shows whether SNMP is enabled for the server.
| OID | 2.16.840.1.113730.3.1.232 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.221. nsSNMPLocation
This attribute shows the location provided by the SNMP service.
| OID | 2.16.840.1.113730.3.1.234 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.222. nsSNMPMasterHost
This attribute shows the host name for the SNMP master agent.
| OID | 2.16.840.1.113730.3.1.237 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.223. nsSNMPMasterPort
This attribute shows the port number for the SNMP subagent.
| OID | 2.16.840.1.113730.3.1.238 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.224. nsSNMPOrganization
This attribute contains the organization information provided by SNMP.
| OID | 2.16.840.1.113730.3.1.233 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.225. nsSuiteSpotUser
This attribute has been obsoleted.
This attribute identifies the Unix user who installed the server.
| OID | nsSuiteSpotUser-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.226. nsTaskLabel
| OID | nsTaskLabel-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.227. nsUniqueAttribute
This sets a unique attribute for the server preferences.
| OID | nsUniqueAttribute-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.228. nsUserIDFormat
This attribute sets the format to use to generate the uid attribute from the givenname and sn attributes.
| OID | nsUserIDFormat-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.229. nsUserRDNComponent
This attribute sets the attribute type to set the RDN for user entries.
| OID | nsUserRDNComponent-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.230. nsValueBin
| OID | 2.16.840.1.113730.3.1.247 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape servers — value item |
5.2.231. nsValueCES
| OID | 2.16.840.1.113730.3.1.244 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape servers — value item |
5.2.232. nsValueCIS
| OID | 2.16.840.1.113730.3.1.243 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape servers — value item |
5.2.233. nsValueDefault
| OID | 2.16.840.1.113730.3.1.250 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape servers — value item |
5.2.234. nsValueDescription
| OID | 2.16.840.1.113730.3.1.252 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape servers — value item |
5.2.235. nsValueDN
| OID | 2.16.840.1.113730.3.1.248 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape servers — value item |
5.2.236. nsValueFlags
| OID | 2.16.840.1.113730.3.1.251 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape servers — value item |
5.2.237. nsValueHelpURL
| OID | 2.16.840.1.113730.3.1.254 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape servers — value item |
5.2.238. nsValueInt
| OID | 2.16.840.1.113730.3.1.246 |
| Syntax | Integer |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape servers — value item |
5.2.239. nsValueSyntax
| OID | 2.16.840.1.113730.3.1.253 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape servers — value item |
5.2.240. nsValueTel
| OID | 2.16.840.1.113730.3.1.245 |
| Syntax | TelephoneString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape servers — value item |
5.2.241. nsValueType
| OID | 2.16.840.1.113730.3.1.249 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape servers — value item |
5.2.242. nsVendor
This contains the name of the server vendor.
| OID | nsVendor-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape |
5.2.243. nsViewConfiguration
This attribute stores the view configuration used by Console.
| OID | nsViewConfiguration-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.244. nsViewFilter
This attribute sets the attribute-value pair which is used to identify entries belonging to the view.
| OID | 2.16.840.1.113730.3.1.3023 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.245. nsWellKnownJarfiles
| OID | nsWellKnownJarfiles-oid |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Administration Services |
5.2.246. nswmExtendedUserPrefs
This attribute is used to store user preferences for accounts in a messaging server.
| OID | 2.16.840.1.113730.3.1.520 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Netscape Messaging Server |
5.2.247. nsYIMid
This attribute contains the Yahoo instant messaging user name for the user.
| OID | 2.16.840.1.113730.3.1.2015 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Directory Server |
5.2.248. ntGroupAttributes
This attribute points to a binary file which contains information about the group. For example:
ntGroupAttributes:: IyEvYmluL2tzaAoKIwojIGRlZmF1bHQgdmFsdWUKIwpIPSJgaG9zdG5hb
| OID | 2.16.840.1.113730.3.1.536 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.249. ntGroupCreateNewGroup
The ntGroupCreateNewGroup attribute is used by Windows Sync to determine whether the Directory Server should create new group entry when a new group is created on a Windows server. true creates the new entry; false ignores the Windows entry.
| OID | 2.16.840.1.113730.3.1.45 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.250. ntGroupDeleteGroup
The ntGroupDeleteGroup attribute is used by Windows Sync to determine whether the Directory Server should delete a group entry when the group is deleted on a Windows sync peer server. true means the account is deleted; false ignores the deletion.
| OID | 2.16.840.1.113730.3.1.46 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.251. ntGroupDomainId
The ntGroupDomainID attribute contains the domain ID string for a group.
ntGroupDomainId: DS HR Group
| OID | 2.16.840.1.113730.3.1.44 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.252. ntGroupId
The ntGroupId attribute points to a binary file which identifies the group. For example:
ntGroupId: IOUnHNjjRgghghREgfvItrGHyuTYhjIOhTYtyHJuSDwOopKLhjGbnGFtr
| OID | 2.16.840.1.113730.3.1.110 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.253. ntGroupType
In Active Directory, there are two major types of groups: security and distribution. Security groups are most similar to groups in Directory Server, since security groups can have policies configured for access controls, resource restrictions, and other permissions. Distribution groups are for mailing distribution. These are further broken down into global and local groups. The Directory Server ntGroupType supports all four group types:
The ntGroupType attribute identifies the type of Windows group. The valid values are as follows:
-
-21483646for global/security -
-21483644for domain local/security -
2for global/distribution -
4for domain local/distribution
This value is set automatically when the Windows groups are synchronized. To determine the type of group, you must manually configure it when the group gets created. By default, Directory Server groups do not have this attribute and are synchronized as global/security groups.
ntGroupType: -21483646
| OID | 2.16.840.1.113730.3.1.47 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.254. ntUniqueId
The ntUniqueId attribute contains a generated number used for internal server identification and operation. For example:
ntUniqueId: 352562404224a44ab040df02e4ef500b
| OID | 2.16.840.1.113730.3.1.111 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.255. ntUserAcctExpires
This attribute indicates when the entry’s Windows account will expire. This value is stored as a string in GMT format. For example:
ntUserAcctExpires: 20081015203415
| OID | 2.16.840.1.113730.3.1.528 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.256. ntUserAuthFlags
This attribute contains authorization flags set for the Windows account.
| OID | 2.16.840.1.113730.3.1.60 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.257. ntUserBadPwCount
This attribute sets the number of bad password failures are allowed before an account is locked.
| OID | 2.16.840.1.113730.3.1.531 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.258. ntUserCodePage
The ntUserCodePage attribute contains the code page for the user’s language of choice. For example:
ntUserCodePage: AAAAAA==
| OID | 2.16.840.1.113730.3.1.533 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.259. ntUserComment
This attribute contains a text description or note about the user entry.
| OID | 2.16.840.1.113730.3.1.522 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.260. ntUserCountryCode
This attribute contains the two-character country code for the country where the user is located.
| OID | 2.16.840.1.113730.3.1.532 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.261. ntUserCreateNewAccount
The ntUserCreateNewAccount attribute is used by Windows Sync to determine whether the Directory Server should create a new user entry when a new user is created on a Windows server. true creates the new entry; false ignores the Windows entry.
| OID | 2.16.840.1.113730.3.1.42 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.262. ntUserDeleteAccount
The ntUserDeleteAccount attribute IS Used by Windows Sync to determine whether a Directory Server entry will be automatically deleted when the user is deleted from the Windows sync peer server. true means the user entry is deleted; false ignores the deletion.
| OID | 2.16.840.1.113730.3.1.43 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.263. ntUserDomainId
The ntUserDomainId attribute contains the Windows domain login ID. For example:
ntUserDomainId: jsmith
| OID | 2.16.840.1.113730.3.1.41 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.264. ntUserFlags
This attribute contains additional flags set for the Windows account.
| OID | 2.16.840.1.113730.3.1.523 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.265. ntUserHomeDir
The ntUserHomeDir attribute contains an ASCII string representing the Windows user’s home directory. This attribute can be null. For example:
ntUserHomeDir: c:\jsmith
| OID | 2.16.840.1.113730.3.1.521 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.266. ntUserHomeDirDrive
This attribute contains information about the drive on which the user’s home directory is stored.
| OID | 2.16.840.1.113730.3.1.535 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.267. ntUserLastLogoff
The ntUserLastLogoff attribute contains the time of the last logoff. This value is stored as a string in GMT format.
If security logging is turned on, then this attribute is updated on synchronization only if some other aspect of the user’s entry has changed.
ntUserLastLogoff: 20201015203415Z
| OID | 2.16.840.1.113730.3.1.527 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.268. ntUserLastLogon
The ntUserLastLogon attribute contains the time that the user last logged into the Windows domain. This value is stored as a string in GMT format. If security logging is turned on, then this attribute is updated on synchronization only if some other aspect of the user’s entry has changed.
ntUserLastLogon: 20201015203415Z
| OID | 2.16.840.1.113730.3.1.526 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.269. ntUserLogonHours
The ntUserLogonHours attribute contains the time periods that a user is allowed to log onto the Active Directory domain. This attribute corresponds to the logonHours attribute in Active Directory.
| OID | 2.16.840.1.113730.3.1.530 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.270. ntUserLogonServer
The ntUserLogonServer attribute defines the Active Directory server to which the user’s logon request is forwarded.
| OID | 2.16.840.1.113730.3.1.65 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.271. ntUserMaxStorage
The ntUserMaxStorage attribute contains the maximum amount of disk space available for the user.
ntUserMaxStorage: 4294967295
| OID | 2.16.840.1.113730.3.1.529 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.272. ntUserNumLogons
This attribute shows the number of successful logons to the Active Directory domain for the user.
| OID | 2.16.840.1.113730.3.1.64 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.273. ntUserParms
The ntUserParms attribute contains a Unicode string reserved for use by applications.
| OID | 2.16.840.1.113730.3.1.62 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.274. ntUserPasswordExpired
This attribute shows whether the password for the Active Directory account has expired.
| OID | 2.16.840.1.113730.3.1.68 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.275. ntUserPrimaryGroupId
The ntUserPrimaryGroupId attribute contains the group ID of the primary group to which the user belongs.
| OID | 2.16.840.1.113730.3.1.534 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.276. ntUserPriv
This attribute shows the type of privileges allowed for the user.
| OID | 2.16.840.1.113730.3.1.59 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.277. ntUserProfile
The ntUserProfile attribute contains the path to a user’s profile. For example:
ntUserProfile: c:\jsmith\profile.txt
| OID | 2.16.840.1.113730.3.1.67 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.278. ntUserScriptPath
The ntUserScriptPath attribute contains the path to an ASCII script used by the user to log into the domain.
ntUserScriptPath: c:\jstorm\lscript.bat
| OID | 2.16.840.1.113730.3.1.524 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.279. ntUserUniqueId
The ntUserUniqueId attribute contains a unique numeric ID for the Windows user.
| OID | 2.16.840.1.113730.3.1.66 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.280. ntUserUnitsPerWeek
The ntUserUnitsPerWeek attribute contains the total amount of time that the user has spent logged into the Active Directory domain.
| OID | 2.16.840.1.113730.3.1.63 |
| Syntax | Binary |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.281. ntUserUsrComment
The ntUserUsrComment attribute contains additional comments about the user.
| OID | 2.16.840.1.113730.3.1.61 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.282. ntUserWorkstations
The ntUserWorkstations attribute contains a list of names, in ASCII strings, of work stations which the user is allowed to log in to. There can be up to eight work stations listed, separated by commas. Specify null to permit users to log on from any workstation. For example:
ntUserWorkstations: firefly
| OID | 2.16.840.1.113730.3.1.525 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape NT Synchronization |
5.2.283. o (organizationName)
The organizationName, or o, attribute contains the organization name. For example:
organizationName: Example Corporation o: Example Corporation
| OID | 2.5.4.10 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.284. objectClass
The objectClass attribute identifies the object classes used for an entry. For example:
objectClass: person
| OID | 2.5.4.0 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.285. objectClasses
This attribute is used in a schema file to identify an object class allowed by the subschema definition.
| OID | 2.5.21.6 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.286. obsoletedByDocument
The obsoletedByDocument attribute contains the distinguished name of a document which obsoletes the current document entry.
| OID | 0.9.2342.19200300.102.1.4 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Internet White Pages Pilot |
5.2.287. obsoletesDocument
The obsoletesDocument attribute contains the distinguished name of a documented which is obsoleted by the current document entry.
| OID | 0.9.2342.19200300.102.1.3 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Internet White Pages Pilot |
5.2.288. oncRpcNumber
The oncRpcNumber attribute contains part of the RPC map and stores the RPC number for UNIX RPCs.
The oncRpcNumber attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.
| OID | 1.3.6.1.1.1.1.18 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.289. organizationalStatus
The organizationalStatus identifies the person’s category within an organization.
organizationalStatus: researcher
| OID | 0.9.2342.19200300.100.1.45 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.290. otherMailbox
The otherMailbox attribute contains values for email types other than X.400 and RFC 822.
otherMailbox: internet $ jsmith@example.com
| OID | 0.9.2342.19200300.100.1.22 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.291. ou (organizationalUnitName)
The organizationalUnitName, or ou, contains the name of an organizational division or a subtree within the directory hierarchy.
organizationalUnitName: Marketing ou: Marketing
| OID | 2.5.4.11 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.292. owner
The owner attribute contains the DN of the person responsible for an entry. For example:
owner: cn=John Smith,ou=people,dc=example,dc=com
| OID | 2.5.4.32 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.293. pager
The pagerTelephoneNumber, or pager, attribute contains a person’s pager phone number.
pagerTelephoneNumber: 415-555-6789 pager: 415-555-6789
| OID | 0.9.2342.19200300.100.1.42 |
| Syntax | TelephoneNumber |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.294. parentOrganization
The parentOrganization attribute identifies the parent organization of an organization or organizational unit.
| OID | 1.3.6.1.4.1.1466.101.120.41 |
| Syntax | DN |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape |
5.2.295. personalSignature
The personalSignature attribute contains the entry’s signature file, in binary format.
personalSignature:: AAAAAA==
| OID | 0.9.2342.19200300.100.1.53 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.296. personalTitle
The personalTitle attribute contains a person’s honorific, such as Ms., Dr., Prof., and Rev.
personalTitle: Mr.
| OID | 0.9.2342.19200300.100.1.40 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.297. photo
The photo attribute contains a photo file, in a binary format.
photo:: AAAAAA==
| OID | 0.9.2342.19200300.100.1.7 |
| Syntax | Binary |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.298. physicalDeliveryOfficeName
The physicalDeliveryOffice contains the city or town in which a physical postal delivery office is located.
physicalDeliveryOfficeName: Raleigh
| OID | 2.5.4.19 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.299. postalAddress
The postalAddress attribute identifies the entry’s mailing address. This field is intended to include multiple lines. When represented in LDIF format, each line should be separated by a dollar sign ($).
To represent an actual dollar sign ($) or backslash (\) within the entry text, use the escaped hex values \24 and \5c respectively. For example, to represent the string:
The dollar ($) value can be found in the c:\cost file.
provide the string:
The dollar (\24) value can be found$in the c:\5ccost file.
| OID | 2.5.4.16 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.300. postalCode
The postalCode contains the zip code for an entry located within the United States.
postalCode: 44224
| OID | 2.5.4.17 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.301. postOfficeBox
The postOfficeBox attribute contains the postal address number or post office box number for an entry’s physical mailing address.
postOfficeBox: 1234
| OID | 2.5.4.18 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.302. preferredDeliveryMethod
The preferredDeliveryMethod contains an entry’s preferred contact or delivery method. For example:
preferredDeliveryMethod: telephone
| OID | 2.5.4.28 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.303. preferredLanguage
The preferredLanguage attribute contains a person’s preferred written or spoken language. The value should conform to the syntax for HTTP Accept-Language header values.
| OID | 2.16.840.1.113730.3.1.39 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.304. preferredLocale
A locale identifies language-specific information about how users of a specific region, culture, or custom expect data to be presented, including how data of a given language is interpreted and how data is to be sorted. Directory Server supports three locales for American English, Japanese, and German.
The preferredLocale attribute sets which locale is preferred by a user.
| OID | 1.3.6.1.4.1.1466.101.120.42 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape |
5.2.305. preferredTimeZone
The preferredTimeZone attribute sets the time zone to use for the user entry.
| OID | 1.3.6.1.4.1.1466.101.120.43 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Netscape |
5.2.306. presentationAddress
The presentationAddress attribute contains the OSI presentation address for an entry. This attribute includes the OSI Network Address and up to three selectors, one each for use by the transport, session, and presentation entities. For example:
presentationAddress: TELEX+00726322+RFC-1006+02+130.59.2.1
| OID | 2.5.4.29 |
| Syntax | IA5String |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.307. protocolInformation
The protocolInformation attribute, used together with the presentationAddress attribute, provides additional information about the OSO network service.
| OID | 2.5.4.48 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.308. pwdReset
When an administrator changes the password of a user, Directory Server sets the pwdReset operational attribute in the user’s entry to true. Applications can use this attribute to identify if a password of a user has been reset by an administrator.
The pwdReset attribute is an operational attribute and, therefore, users cannot edit it.
| OID | 1.3.6.1.4.1.1466.115.121.1.7 |
| Syntax | Boolean |
| Multi- or Single-Valued | Single-valued |
| Defined in |
5.2.309. ref
The ref attribute is used to support LDAPv3 smart referrals. The value of this attribute is an LDAP URL:
ldap: host_name:port_number/subtree_dn
The port number is optional.
For example:
ref: ldap://server.example.com:389/ou=People,dc=example,dc=com
| OID | 2.16.840.1.113730.3.1.34 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | LDAPv3 Referrals Internet Draft |
5.2.310. registeredAddress
This attribute contains a postal address for receiving telegrams or expedited documents. The recipient’s signature is usually required on delivery.
| OID | 2.5.4.26 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.311. roleOccupant
This attribute contains the distinguished name of the person acting in the role defined in the organizationalRole entry.
roleOccupant: uid=bjensen,dc=example,dc=com
| OID | 2.5.4.33 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.312. roomNumber
This attribute specifies the room number of an object. The cn attribute should be used for naming room objects.
roomNumber: 230
| OID | 0.9.2342.19200300.100.1.6 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.313. searchGuide
The searchGuide attribute specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation. When constructing search filters, use the enhancedSearchGuide attribute instead.
| OID | 2.5.4.14 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.314. secretary
The secretary attribute identifies an entry’s secretary or administrative assistant.
secretary: cn=John Smith,dc=example,dc=com
| OID | 0.9.2342.19200300.100.1.21 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.315. seeAlso
The seeAlso attribute identifies another Directory Server entry that may contain information related to this entry.
seeAlso: cn=Quality Control Inspectors,ou=manufacturing,dc=example,dc=com
| OID | 2.5.4.34 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.316. serialNumber
The serialNumber attribute contains the serial number of a device.
serialNumber: 555-1234-AZ
| OID | 2.5.4.5 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
5.2.317. serverHostName
The serverHostName attribute contains the host name of the server on which the Directory Server is running.
| OID | 2.16.840.1.113730.3.1.76 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Red Hat Administration Services |
5.2.318. serverProductName
The serverProductName attribute contains the name of the server product.
| OID | 2.16.840.1.113730.3.1.71 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Red Hat Administration Services |
5.2.319. serverRoot
This attribute is obsolete.
This attribute shows the installation directory (server root) of Directory Servers version 7.1 or older.
| OID | 2.16.840.1.113730.3.1.70 |
| Syntax | DirectorySt |