Menu Close

Chapter 5. Directory Entry Schema Reference

5.1. About Directory Server Schema

This chapter provides an overview of some of the basic concepts of the directory schema and lists the files in which the schema is described. It describes object classes, attributes, and object identifiers (OIDs) and briefly discusses extending server schema and schema checking.

5.1.1. Schema Definitions

The directory schema is a set of rules that defines how data can be stored in the directory. Directory information is stored discrete entries, and each entry is comprised of a set of attributes and their values. The kind of identity being described in the entry is defined in the entry’s object classes. An object class specifies the kind of object the entry describes through the defined set of attributes for the object class.

Basically, the schema files are lists of the kinds of entries that can be create (the object classes) and the ways that those entries can be described (the attributes). The schema defines what the object classes and attributes are. The schema also defines the format that the attribute values contain (the attribute’s syntax) and whether there can only be a single instance of that attribute.

Additional schema files can be added to the Directory Server configuration and loaded in the server, so the schema is customizable and can be extended as required.

For more detailed information about object classes, attributes, and how the Directory Server uses the schema, see the Deployment Guide.

Warning

The Directory Server fails to start if the schema definitions contain too few or too many characters. Use exactly one space in those places where the LDAP standards allow the use of zero or many spaces; for example, the place between the NAME keyword and the name of an attribute type.

5.1.1.1. Object Classes

In LDAP, an object class defines the set of attributes that can be used to define an entry. The LDAP standard provides object classes for many common types of entries, such as people (person and inetOrgPerson), groups (groupOfUniqueNames), locations (locality), organizations and divisions (organization and organizationalUnit), and equipment (device).

In a schema file, an object class is identified by the objectclasses line, then followed by its OID, name, a description, its direct superior object class (an object class which is required to be used in conjunction with the object class and which shares its attributes with this object class), and the list of required (MUST) and allowed (MAY) attributes.

This is shown in Example 5.1, “person Object Class Schema Entry”.

Example 5.1. person Object Class Schema Entry

objectClasses: ( 2.5.6.6 NAME 'person' DESC 'Standard LDAP objectclass' SUP top MUST ( sn $ cn ) MAY ( description $ seeAlso $ telephoneNumber $ userPassword ) X-ORIGIN 'RFC 2256' )
5.1.1.1.1. Required and Allowed Attributes

Every object class defines a number of required attributes and of allowed attributes. Required attributes must be present in entries using the specified object class, while allowed attributes are permissible and available for the entry to use, but are not required for the entry to be valid.

As in Example 5.1, “person Object Class Schema Entry”, the person object class requires the cn, sn, and objectClass attributes and allows the description, seeAlso, telephoneNumber, and userPassword attributes.

Note

All entries require the objectClass attribute, which lists the object classes assigned to the entry.

5.1.1.1.2. Object Class Inheritance

An entry can have more than one object class. For example, the entry for a person is defined by the person object class, but the same person may also be described by attributes in the inetOrgPerson and organizationalPerson object classes.

Additionally, object classes can be hierarchical. An object class can inherit attributes from another class, in addition to its own required and allowed attributes. The second object class is the superior object class of the first.

The server’s object class structure determines the list of required and allowed attributes for a particular entry. For example, a user’s entry has to have the inetOrgPerson object class. In that case, the entry must also include the superior object class for inetOrgPerson, organizationalPerson, and the superior object class for organizationalPerson, which is person:

objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson

When the inetOrgPerson object class is assigned to an entry, the entry automatically inherits the required and allowed attributes from the superior object classes.

5.1.1.2. Attributes

Directory entries are composed of attributes and their values. These pairs are called attribute-value assertions or AVAs. Any piece of information in the directory is associated with a descriptive attribute. For instance, the cn attribute is used to store a person’s full name, such as cn: John Smith.

Additional attributes can supply additional information about John Smith:

givenname: John
surname: Smith
mail: jsmith@example.com

In a schema file, an attribute is identified by the attributetypes line, then followed by its OID, name, a description, syntax (allowed format for its value), optionally whether the attribute is single- or multi-valued, and where the attribute is defined.

This is shown in Example 5.2, “description Attribute Schema Entry”.

Example 5.2. description Attribute Schema Entry

attributetypes: ( 2.5.4.13 NAME 'description' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' )

Some attributes can be abbreviated. These abbreviations are listed as part of the attribute definition:

attributetypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) ...
5.1.1.2.1. Directory Server Attribute Syntaxes

The attribute’s syntax defines the format of the values which the attribute allows; as with other schema elements, the syntax is defined for an attribute using the syntax’s OID in the schema file entry. In the Directory Server Console, the syntax is referenced by its friendly name.

The Directory Server uses the attribute’s syntax to perform sorting and pattern matching on entries.

For more information about LDAP attribute syntaxes, see RFC 4517.

Table 5.1. Supported LDAP Attribute Syntaxes

NameOIDDefinition

Binary

1.3.6.1.4.1.1466.115.121.1.5

Deprecated. Use Octet string instead.

Bit String

1.3.6.1.4.1.1466.115.121.1.6

For values which are bitstings, such as '0101111101’B.

Boolean

1.3.6.1.4.1.1466.115.121.1.7

For attributes with only two allowed values, TRUE or FALSE.

Country String

1.3.6.1.4.1.1466.115.121.1.11

For values which are limited to exactly two printable string characters; for example, US for the United States.

DN

1.3.6.1.4.1.1466.115.121.1.12

For values which are distinguished names (DNs).

Delivery Method

1.3.6.1.4.1.1466.115.121.1.14

For values which are contained a preferred method of delivering information or contacting an entity. The different values are separated by a dollar sign ($). For example:

[literal,subs="+quotes,verbatim"] …​. telephone $ physical …​.

Directory String

1.3.6.1.4.1.1466.115.121.1.15

For values which are valid UTF-8 strings. These values are not necessarily case-insensitive. Both case-sensitive and case-insensitive matching rules are available for Directory String and related syntaxes.

Enhanced Guide

1.3.6.1.4.1.1466.115.121.1.21

For values which contain complex search parameters based on attributes and filters.

Facsimile

1.3.6.1.4.1.1466.115.121.1.22

For values which contain fax numbers.

Fax

1.3.6.1.4.1.1466.115.121.1.23

For values which contain the images of transmitted faxes.

Generalized Time

1.3.6.1.4.1.1466.115.121.1.24

For values which are encoded as printable strings. The time zone must be specified. It is strongly recommended to use GMT time.

Guide

1.3.6.1.4.1.1466.115.121.1.25

Obsolete. For values which contain complex search parameters based on attributes and filters.

IA5 String

1.3.6.1.4.1.1466.115.121.1.26

For values which are valid strings. These values are not necessarily case-insensitive. Both case-sensitive and case-insensitive matching rules are available for IA5 String and related syntaxes.

Integer

1.3.6.1.4.1.1466.115.121.1.27

For values which are whole numbers.

JPEG

1.3.6.1.4.1.1466.115.121.1.28

For values which contain image data.

Name and Optional UID

1.3.6.1.4.1.1466.115.121.1.34

For values which contain a combination value of a DN and (optional) unique ID.

Numeric String

1.3.6.1.4.1.1466.115.121.1.36

For values which contain a string of both numerals and spaces.

OctetString

1.3.6.1.4.1.1466.115.121.1.40

For values which are binary; this replaces the binary syntax.

Object Class Description

1.3.6.1.4.1.1466.115.121.1.37

For values which contain object class definitions.

OID

1.3.6.1.4.1.1466.115.121.1.38

For values which contain OID definitions.

Postal Address

1.3.6.1.4.1.1466.115.121.1.41

For values which are encoded in the format postal-address = dstring * ("$" dstring). For example:

[literal,subs="+quotes,verbatim"] …​. 1234 Main St.$Raleigh, NC 12345$USA …​.

Each dstring component is encoded as a DirectoryString value. Backslashes and dollar characters, if they occur, are quoted, so that they will not be mistaken for line delimiters. Many servers limit the postal address to 6 lines of up to thirty characters.

Printable String

1.3.6.1.4.1.1466.115.121.1.44

For values which contain printable strings.

Space-Insensitive String

2.16.840.1.113730.3.7.1

For values which contain space-insensitive strings.

TelephoneNumber

1.3.6.1.4.1.1466.115.121.1.50

For values which are in the form of telephone numbers. It is recommended to use telephone numbers in international form.

Teletex Terminal Identifier

1.3.6.1.4.1.1466.115.121.1.51

For values which contain an international telephone number.

Telex Number

1.3.6.1.4.1.1466.115.121.1.52

For values which contain a telex number, country code, and answerback code of a telex terminal.

URI

 

For values in the form of a URL, introduced by a string such as http://, https://, ftp://, ldap://, and ldaps://. The URI has the same behavior as IA5 String. See RFC 4517 for more information on this syntax.

5.1.1.2.2. Single- and Multi-Valued Attributes

By default, most attributes are multi-valued. This means that an entry can contain the same attribute multiple times, with different values. For example:

dn: uid=jsmith,ou=marketing,ou=people,dc=example,dc=com
ou: marketing
ou: people

The cn, tel, and objectclass attributes, for example, all can have more than one value. Attributes that are single-valued — that is, only one instance of the attribute can be specified — are specified in the schema as only allowing a single value. For example, uidNumber can only have one possible value, so its schema entry has the term SINGLE-VALUE. If the attribute is multi-valued, there is no value expression.

5.1.2. Default Directory Server Schema Files

Template schema definitions for Directory Server are stored in the /etc/dirsrv/schema directory. These default schema files are used to generate the schema files for new Directory Server instances. Each server instance has its own instance-specific schema directory in /etc/dirsrv/slapd-instance/schema. The schema files in the instance directory are used only by that instance.

To modify the directory schema, create new attributes and new object classes in the instance-specific schema directory. Because the default schema is used for creating new instances and each individual instance has its own schema files, it is possible to have slightly different schema for each instance, matching the use of each instance.

Any custom attributes added using the Directory Server Console or LDAP commands are stored in the 99user.ldif file; other custom schema files can be added to the /etc/dirsrv/slapd-instance/schema directory for each instance. Do not make any modifications with the standard files that come with Red Hat Directory Server.

For more information about how the Directory Server stores information and suggestions for planning directory schema, see the Deployment Guide.

Table 5.2. Schema Files

Schema FilePurpose

00core.ldif

Recommended core schema from the X.500 and LDAP standards (RFCs). This schema is used by the Directory Server itself for the instance configuration and to start the server instance.

01core389.ldif

Recommended core schema from the X.500 and LDAP standards (RFCs). This schema is used by the Directory Server itself for the instance configuration and to start the server instance.

02common.ldif

Standard-related schema from RFC 2256, LDAPv3, and standard schema defined by Directory Server which is used to configure entries.

05rfc2927.ldif

Schema from RFC 2927, "MIME Directory Profile for LDAP Schema."

05rfc4523.ldif

Schema definitions for X.509 certificates.

05rfc4524.ldif

Cosine LDAP/X.500 schema.

06inetorgperson.ldif

inetorgperson schema elements from RFC 2798, RFC 2079, and part of RFC 1274.

10rfc2307.ldif

Schema from RFC 2307, "An Approach for Using LDAP as a Network Information Service."

20subscriber.ldif

Common schema element for Directory Server-Nortel subscriber interoperability.

25java-object.ldif

Schema from RFC 2713, "Schema for Representing Java Objects in an LDAP Directory."

28pilot.ldif

Schema from the pilot RFCs, especially RFC 1274, that are no longer recommended for use in new deployments.

30ns-common.ldif

Common schema.

50ns-admin.ldif

Schemas used by the Administration Server.

50ns-certificate.ldif

Schemas used by Red Hat Certificate System.

50ns-directory.ldif

Schema used by legacy Directory Server 4.x servers.

50ns-mail.ldif

Schema for mail servers.

50ns-value.ldif

Schema for value items in Directory Server.

50ns-web.ldif

Schema for web servers.

60autofs.ldif

Object classes for automount configuration; this is one of several schema files used for NIS servers.

60eduperson.ldif

Schema elements for education-related people and organization entries.

60mozilla.ldif

Schema elements for Mozilla-related user profiles.

60nss-ldap.ldif

Schema elements for GSS-API service names.

60pam-plugin.ldif

Schema elements for integrating directory services with PAM modules.

60pureftpd.ldif

Schema elements for defining FTP user accounts.

60rfc2739.ldif

Schema elements for calendars and vCard properties.

60rfc3712.ldif

Schema elements for configuring printers.

60sabayon.ldif

Schema elements for defining sabayon user entries.

60sudo.ldif

Schema elements for defining sudo users and roles.

60trust.ldif

Schema elements for defining trust relationships for NSS or PAM.

99user.ldif

Custom schema elements added through the Directory Server Console.

5.1.3. Object Identifiers (OIDs)

All schema elements have object identifiers (OIDs) assigned to them, including attributes and object classes. An OID is a sequence of integers, usually written as a dot-separated string. All custom attributes and classes must conform to the X.500 and LDAP standards.

Warning

If an OID is not specified for a schema element, Directory Server automatically uses ObjectClass_name-oid and attribute_name-oid. However, using text OIDs instead of numeric OIDs can lead to problems with clients, server interoperability, and server behavior, assigning a numeric OID is strongly recommended.

OIDs can be built on. The base OID is a root number which is used for every schema element for an organization, and then schema elements can be incremented from there. For example, a base OID could be 1. The company then uses 1.1 for attributes, so every new attribute has an OID of 1.1.x. It uses 1.2 for object classes, so every new object class has an OID of 1.2.x.

For Directory Server-defined schema elements, the base OIDs are as follows:

  • The Netscape base OID is 2.16.840.1.113730.
  • The Directory Server base OID is 2.16.840.1.113730.3.
  • All Netscape-defined attributes have the base OID 2.16.840.1.113370.3.1.
  • All Netscape-defined object classes have the base OID 2.16.840.1.113730.3.2.

For more information about OIDs or to request a prefix, go to the Internet Assigned Number Authority (IANA) website at http://www.iana.org/.

5.1.4. Extending the Schema

The Directory Server schema includes hundreds of object classes and attributes that can be used to meet most of directory requirements. This schema can be extended with new object classes and attributes that meet evolving requirements for the directory service in the enterprise by creating custom schema files.

When adding new attributes to the schema, a new object class should be created to contain them. Adding a new attribute to an existing object class can compromise the Directory Server’s compatibility with existing LDAP clients that rely on the standard LDAP schema and may cause difficulties when upgrading the server.

For more information about extending server schema, see the Deployment Guide.

5.1.5. Schema Checking

Schema checking means that the Directory Server checks every entry when it is created, modified, or in a database imported using LDIF to make sure that it complies with the schema definitions in the schema files. Schema checking verifies three things:

  • Object classes and attributes used in the entry are defined in the directory schema.
  • Attributes required for an object class are contained in the entry.
  • Only attributes allowed by the object class are contained in the entry.

You should run Directory Server with schema checking turned on. For information on enabling schema checking, see the Administration Guide.

5.1.6. Syntax Validation

Syntax validation means that the Directory Server checks that the value of an attribute matches the required syntax for that attribute. For example, syntax validation will confirm that a new telephoneNumber attribute actually has a valid telephone number for its value.

With its basic configuration, syntax validation (like schema checking) will check any directory modification to make sure the attribute value matches the required syntax and will reject any modifications that violate the syntax. Optionally, syntax validation can be configured to log warning messages about syntax violations, and either reject the change or allow the modification process to succeed.

All syntaxes are validated against RFC 4514, except for DNs. By default, DNs are validated against RFC 1779 or RFC 2253, which are less strict than RFC 4514. Strict validation for DNs has to be explicitly configured.

This feature checks all attribute syntaxes listed in Table 5.1, “Supported LDAP Attribute Syntaxes”, with the exception of binary syntaxes (which cannot be verified) and non-standard syntaxes, which do not have a defined required format. The unvalidated syntaxes are as follows:

  • Fax (binary)
  • OctetString (binary)
  • JPEG (binary)
  • Binary (non-standard)
  • Space Insensitive String (non-standard)
  • URI (non-standard)

When syntax validation is enabled, new attribute values are checked whenever an attribute is added or modified to an entry. (This does not include replication changes, since the syntax would have been checked on the supplier server.) It is also possible to check existing attribute values for syntax violations by running the syntax-validation.pl script.

For information on options for syntax validation, see the Administration Guide.

5.2. Entry Attribute Reference

The attributes listed in this reference are manually assigned or available to directory entries. The attributes are listed in alphabetical order with their definition, syntax, and OID.

5.2.1. abstract

The abstract attribute contains an abstract for a document entry.

OID

0.9.2342.19200300.102.1.9

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Internet White Pages Pilot

5.2.2. accessTo

This attribute defines what specific hosts or servers a user is allowed to access.

OID

5.3.6.1.1.1.1.1

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

nss_ldap/pam_ldap

5.2.3. accountInactivityLimit

The accountInactivityLimit attribute sets the time period, in seconds, from the last login time of an account before that account is locked for inactivity.

OID

1.3.6.1.4.1.11.1.3.2.1.3

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Directory Server

5.2.4. acctPolicySubentry

The acctPolicySubentry attribute identifies any entry which belongs to an account policy (specifically, an account lockout policy). The value of this attribute points to the account policy which is applied to the entry.

This can be set on an individual user entry or on a CoS template entry or role entry.

OID

1.3.6.1.4.1.11.1.3.2.1.2

Syntax

DN

Multi- or Single-Valued

Single-valued

Defined in

Directory Server

5.2.5. administratorContactInfo

This attribute contains the contact information for the LDAP or server administrator.

OID

2.16.840.1.113730.3.1.74

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Administration Services

5.2.6. adminRole

This attribute contains the role assigned to the user identified in the entry.

OID

2.16.840.1.113730.3.1.601

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape Administration Services

5.2.7. adminUrl

This attribute contains the URL of the Administration Server.

OID

2.16.840.1.113730.3.1.75

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Administration Services

5.2.8. aliasedObjectName

The aliasedObjectName attribute is used by the Directory Server to identify alias entries. This attribute contains the DN (distinguished name) for the entry for which this entry is the alias. For example:

aliasedObjectName: uid=jdoe,ou=people,dc=example,dc=com

OID

2.5.4.1

Syntax

DN

Multi- or Single-Valued

Single-valued

Defined in

RFC 2256

5.2.9. associatedDomain

The associatedDomain attribute contains the DNS domain associated with the entry in the directory tree. For example, the entry with the distinguished name c=US,o=Example Corporation has the associated domain of EC.US. These domains should be represented in RFC 822 order.

associatedDomain:US

OID

0.9.2342.19200300.100.1.37

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.10. associatedName

The associatedName identifies an organizational directory tree entry associated with a DNS domain. For example:

associatedName: c=us

OID

0.9.2342.19200300.100.1.38

Syntax

DN

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.11. attributeTypes

This attribute is used in a schema file to identify an attribute defined within the subschema.

OID

2.5.21.5

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2252

5.2.12. audio

The audio attribute contains a sound file using a binary format. This attribute uses a u-law encoded sound data. For example:

audio:: AAAAAA==

OID

0.9.2342.19200300.100.1.55

Syntax

Binary

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.13. authorCn

The authorCn attribute contains the common name of the document’s author. For example:

authorCn: John Smith

OID

0.9.2342.19200300.102.1.11

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Internet White Pages Pilot

5.2.14. authorityRevocationList

The authorityRevocationList attribute contains a list of revoked CA certificates. This attribute should be requested and stored in a binary format, like authorityRevocationList;binary. For example:

authorityrevocationlist;binary:: AAAAAA==

OID

2.5.4.38

Syntax

Binary

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.15. authorSn

The authorSn attribute contains the last name or family name of the author of a document entry. For example:

authorSn: Smith

OID

0.9.2342.19200300.102.1.12

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Internet White Pages Pilot

5.2.16. automountInformation

This attribute contains information used by the autofs automounter.

Note

The automountInformation attribute is defined in 60autofs.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 60autofs.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.

OID

1.3.6.1.1.1.1.33

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

RFC 2307

5.2.17. bootFile

This attribute contains the boot image file name.

Note

The bootFile attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.

OID

1.3.6.1.1.1.1.24

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2307

5.2.18. bootParameter

This attribute contains the value for rpc.bootparamd.

Note

The bootParameter attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.

OID

1.3.6.1.1.1.1.23

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2307

5.2.19. buildingName

The buildingName attribute contains the building name associated with the entry. For example:

buildingName: 14

OID

0.9.2342.19200300.100.1.48

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.20. businessCategory

The businessCategory attribute identifies the type of business in which the entry is engaged. The attribute value should be a broad generalization, such as a corporate division level. For example:

businessCategory: Engineering

OID

2.5.4.15

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.21. c (countryName)

The countryName, or c, attribute contains the two-character country code to represent the country names. The country codes are defined by the ISO. For example:

countryName: GB
c: US

OID

2.5.4.6

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

RFC 2256

5.2.22. cACertificate

The cACertificate attribute contains a CA certificate. The attribute should be requested and stored binary format, such as cACertificate;binary. For example:

cACertificate;binary:: AAAAAA==

OID

2.5.4.37

Syntax

Binary

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.23. carLicense

The carLicense attribute contains an entry’s automobile license plate number. For example:

carLicense: 6ABC246

OID

2.16.840.1.113730.3.1.1

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2798

5.2.24. certificateRevocationList

The certificateRevocationList attribute contains a list of revoked user certificates. The attribute value is to be requested and stored in binary form, as certificateACertificate;binary. For example:

certificateRevocationList;binary:: AAAAAA==

OID

2.5.4.39

Syntax

Binary

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.25. cn (commonName)

The commonName attribute contains the name of an entry. For user entries, the cn attribute is typically the person’s full name. For example:

commonName: John Smith
cn: Bill Anderson

With the LDAPReplica or LDAPServerobject object classes, the cn attribute value has the following format:

cn: replicater.example.com:17430/dc%3Dexample%2Cdc%3com

OID

2.5.4.3

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.26. co (friendlyCountryName)

The friendlyCountryName attribute contains a country name; this can be any string. Often, the country is used with the ISO-designated two-letter country code, while the co attribute contains a readable country name. For example:

friendlyCountryName: Ireland
co: Ireland

OID

0.9.2342.19200300.100.1.43

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.27. cosAttribute

The cosAttribute contains the name of the attribute for which to generate a value for the CoS. There can be more than one cosAttribute value specified. This attribute is used by all types of CoS definition entries.

OID

2.16.840.1.113730.3.1.550

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Directory Server

5.2.28. cosIndirectSpecifier

The cosIndirectSpecifier specifies the attribute values used by an indirect CoS to identify the template entry.

OID

2.16.840.1.113730.3.1.577

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Directory Server

5.2.29. cosPriority

The cosPriority attribute specifies which template provides the attribute value when CoS templates compete to provide an attribute value. This attribute represents the global priority of a template. A priority of zero is the highest priority.

OID

2.16.840.1.113730.3.1.569

Syntax

Integer

Multi- or Single-Valued

Single-valued

Defined in

Directory Server

5.2.30. cosSpecifier

The cosSpecifier attribute contains the attribute value used by a classic CoS, which, along with the template entry’s DN, identifies the template entry.

OID

2.16.840.1.113730.3.1.551

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Directory Server

5.2.31. cosTargetTree

The cosTargetTree attribute defines the subtrees to which the CoS schema applies. The values for this attribute for the schema and for multiple CoS schema may overlap their target trees arbitrarily.

OID

2.16.840.1.113730.3.1.552

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Directory Server

5.2.32. cosTemplateDn

The cosTemplateDn attribute contains the DN of the template entry which contains a list of the shared attribute values. Changes to the template entry attribute values are automatically applied to all the entries within the scope of the CoS. A single CoS might have more than one template entry associated with it.

OID

2.16.840.1.113730.3.1.553

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Directory Server

5.2.33. crossCertificatePair

The value for the crossCertificatePair attribute must be requested and stored in binary format, such as certificateCertificateRepair;binary. For example:

crossCertificatePair;binary:: AAAAAA==

OID

2.5.4.40

Syntax

Binary

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.34. dc (domainComponent)

The dc attribute contains one component of a domain name. For example:

dc: example
domainComponent: example

OID

0.9.2342.19200300.100.1.25

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

RFC 2247

5.2.35. deltaRevocationList

The deltaRevocationList attribute contains a certificate revocation list (CRL). The attribute value is requested and stored in binary format, such as deltaRevocationList;binary.

OID

2.5.4.53

Syntax

Binary

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.36. departmentNumber

The departmentNumber attribute contains an entry’s department number. For example:

departmentNumber: 2604

OID

2.16.840.1.113730.3.1.2

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2798

5.2.37. description

The description attribute provides a human-readable description for an entry. For person or organization object classes, this can be used for the entry’s role or work assignment. For example:

description: Quality control inspector for the ME2873 product line.

OID

2.5.4.13

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.38. destinationIndicator

The destinationIndicator attribute contains the city and country associated with the entry. This attribute was once required to provide public telegram service and is generally used in conjunction with the registeredAddress attribute. For example:

destinationIndicator: Stow, Ohio, USA

OID

2.5.4.27

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.39. displayName

The displayName attributes contains the preferred name of a person to use when displaying that person’s entry. This is especially useful for showing the preferred name for an entry in a one-line summary list. Since other attribute types, such as cn, are multi-valued, they cannot be used to display a preferred name. For example:

displayName: John Smith

OID

2.16.840.1.113730.3.1.241

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

RFC 2798

5.2.40. dITRedirect

The dITRedirect attribute indicates that the object described by one entry now has a newer entry in the directory tree. This attribute may be used when an individual’s place of work changes, and the individual acquires a new organizational DN.

dITRedirect: cn=jsmith,dc=example,dc=com

OID

0.9.2342.19200300.100.1.54

Syntax

DN

Defined in

RFC 1274

5.2.41. dmdName

The dmdName attribute value specifies a directory management domain (DMD), the administrative authority that operates the Directory Server.

OID

2.5.4.54

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

RFC 2256

5.2.42. dn (distinguishedName)

The dn attribute contains an entry’s distinguished name. For example:

dn: uid=Barbara Jensen,ou=Quality Control,dc=example,dc=com

OID

2.5.4.49

Syntax

DN

Defined in

RFC 2256

5.2.43. dNSRecord

The dNSRecord attribute contains DNS resource records, including type A (Address), type MX (Mail Exchange), type NS (Name Server), and type SOA (Start of Authority) resource records. For example:

dNSRecord: IN NS ns.uu.net

OID

0.9.2342.19200300.100.1.26

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

Internet Directory Pilot

5.2.44. documentAuthor

The documentAuthor attribute contains the DN of the author of a document entry. For example:

documentAuthor: uid=Barbara Jensen,ou=People,dc=example,dc=com

OID

0.9.2342.19200300.100.1.14

Syntax

DN

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.45. documentIdentifier

The documentIdentifier attribute contains a unique identifier for a document. For example:

documentIdentifier: L3204REV1

OID

0.9.2342.19200300.100.1.11

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.46. documentLocation

The documentLocation attribute contains the location of the original version of a document. For example:

documentLocation: Department Library

OID

0.9.2342.19200300.100.1.15

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.47. documentPublisher

The documentPublisher attribute contains the person or organization who published a document. For example:

documentPublisher: Southeastern Publishing

OID

0.9.2342.19200300.100.1.56

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

RFC 1274

5.2.48. documentStore

The documentStore attribute contains information on where the document is stored.

OID

0.9.2342.19200300.102.1.10

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Internet White Pages Pilot

5.2.49. documentTitle

The documentTitle attribute contains a document’s title. For example:

documentTitle: Red Hat Directory Server Administrator Guide

OID

0.9.2342.19200300.100.1.12

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.50. documentVersion

The documentVersion attribute contains the current version number for the document. For example:

documentVersion: 1.1

OID

0.9.2342.19200300.100.1.13

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.51. drink (favouriteDrink)

The favouriteDrink attribute contains a person’s favorite beverage. This can be shortened to drink. For example:

favouriteDrink: iced tea
drink: cranberry juice

OID

0.9.2342.19200300.100.1.5

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.52. dSAQuality

The dSAQuality attribute contains the rating of the directory system agents' (DSA) quality. This attribute allows a DSA manager to indicate the expected level of availability of the DSA. For example:

dSAQuality: high

OID

0.9.2342.19200300.100.1.49

Syntax

Directory-String

Multi- or Single-Valued

Single-valued

Defined in

RFC 1274

5.2.53. employeeNumber

The employeeNumber attribute contains the employee number for the person. For example:

employeeNumber: 3441

OID

2.16.840.1.113730.3.1.3

Syntax

Directory-String

Multi- or Single-Valued

Single-valued

Defined in

RFC 2798

5.2.54. employeeType

The employeeType attribute contains the employment type for the person. For example:

employeeType: Full time

OID

2.16.840.1.113730.3.1.4

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2798

5.2.55. enhancedSearchGuide

The enhancedSearchGuide attribute contains information used by an X.500 client to construct search filters. For example:

enhancedSearchGuide: (uid=bjensen)

OID

2.5.4.47

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2798

5.2.56. fax (facsimileTelephoneNumber)

The facsimileTelephoneNumber attribute contains the entry’s facsimile number; this attribute can be abbreviated as fax. For example:

facsimileTelephoneNumber: +1 415 555 1212
fax: +1 415 555 1212

OID

2.5.4.23

Syntax

TelephoneNumber

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.57. gecos

The gecos attribute is used to determine the GECOS field for the user. This is comparable to the cn attribute, although using a gecos attribute allows additional information to be embedded in the GECOS field aside from the common name. This field is also useful if the common name stored in the directory is not the user’s full name.

gecos: John Smith
Note

The gecos attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.

OID

1.3.6.1.1.1.1.2

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

RFC 2307

5.2.58. generationQualifier

The generationQualifier attribute contains the generation qualifier for a person’s name, which is usually appended as a suffix to the name. For example:

generationQualifier:III

OID

2.5.4.44

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.59. gidNumber

The gidNumber attribute contains a unique numeric identifier for a group entry or to identify the group for a user entry. This is analogous to the group number in Unix.

gidNumber: 100
Note

The gidNumber attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.

OID

1.3.6.1.1.1.1.1

Syntax

Integer

Multi- or Single-Valued

Single-valued

Defined in

RFC 2307

5.2.60. givenName

The givenName attribute contains an entry’s given name, which is usually the first name. For example:

givenName: Rachel

OID

2.5.4.42

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.61. homeDirectory

The homeDirectory attribute contains the path to the user’s home directory.

homeDirectory: /home/jsmith
Note

The homeDirectory attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.

OID

1.3.6.1.1.1.1.3

Syntax

IA5String

Multi- or Single-Valued

Single-valued

Defined in

RFC 2307

5.2.62. homePhone

The homePhone attribute contains the entry’s residential phone number. For example:

homePhone: 415-555-1234
Note

Although RFC 1274 defines both homeTelephoneNumber and homePhone as names for the residential phone number attribute, Directory Server only implements the homePhone name.

OID

0.9.2342.19200300.100.1.20

Syntax

TelephoneNumber

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.63. homePostalAddress

The homePostalAddress attribute contains an entry’s home mailing address. Since this attribute generally spans multiple lines, each line break has to be represented by a dollar sign ($). To represent an actual dollar sign ($) or backslash (\) in the attribute value, use the escaped hex values \24 and \5c, respectively. For example:

homePostalAddress: 1234 Ridgeway Drive$Santa Clara, CA$99555

To represent the following string:

The dollar ($) value can be found
in the c:\cost file.

The entry value is:

The dollar (\24) value can be found$in the c:\c5cost file.

OID

0.9.2342.19200300.100.1.39

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.64. host

The host contains the host name of a computer. For example:

host: labcontroller01

OID

0.9.2342.19200300.100.1.9

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.65. houseIdentifier

The houseIdentifier contains an identifier for a specific building at a location. For example:

houseIdentifier: B105

OID

2.5.4.51

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.66. inetDomainBaseDN

This attribute identifies the base DN of user subtree for a DNS domain.

OID

2.16.840.1.113730.3.1.690

Syntax

DN

Multi- or Single-Valued

Single-valued

Defined in

Subscriber interoperability

5.2.67. inetDomainStatus

This attribute shows the current status of the domain. A domain has a status of active, inactive, or deleted.

OID

2.16.840.1.113730.3.1.691

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Subscriber interoperability

5.2.68. inetSubscriberAccountId

This attribute contains the a unique attribute used to link the user entry for the subscriber to a billing system.

OID

2.16.840.1.113730.3.1.694

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Subscriber interoperability

5.2.69. inetSubscriberChallenge

The inetSubscriberChallenge attribute contains some kind of question or prompt, the challenge phrase, which is used to confirm the identity of the user in the subscriberIdentity attribute. This attribute is used in conjunction with the inetSubscriberResponse attribute, which contains the response to the challenge.

OID

2.16.840.1.113730.3.1.695

Syntax

IA5String

Multi- or Single-Valued

Single-valued

Defined in

Subscriber interoperability

5.2.70. inetSubscriberResponse

The inetSubscriberResponse attribute contains the answer to the challenge question in the inetSubscriberChallenge attribute to verify the user in the subscriberIdentity attribute.

OID

2.16.840.1.113730.3.1.696

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

Subscriber interoperability

5.2.71. inetUserHttpURL

This attribute contains the web addresses associated with the user.

OID

2.16.840.1.113730.3.1.693

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

Subscriber interoperability

5.2.72. inetUserStatus

This attribute shows the current status of the user (subscriber). A user has a status of active, inactive, or deleted.

OID

2.16.840.1.113730.3.1.692

Syntax

DirectoryString

Multi- or Single-Valued

Single-Valued

Defined in

Subscriber interoperability

5.2.73. info

The info attribute contains any general information about an object. Avoid using this attribute for specific information and rely instead on specific, possibly custom, attribute types. For example:

info: not valid

OID

0.9.2342.19200300.100.1.4

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.74. initials

The initials contains a person’s initials; this does not contain the entry’s surname. For example:

initials: BAJ

Directory Server and Active Directory handle the initials attribute differently. The Directory Server allows a practically unlimited number of characters, while Active Directory has a restriction of six characters. If an entry is synced with a Windows peer and the value of the initials attribute is longer than six characters, then the value is automatically truncated to six characters when it is synchronized. There is no information written to the error log to indicate that synchronization changed the attribute value, either.

OID

2.5.4.43

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.75. installationTimeStamp

This contains the time that the server instance was installed.

OID

2.16.840.1.113730.3.1.73

Syntax

DirectoryString

Multi- or Single-Valued

Multi-Valued

Defined in

Netscape Administration Services

5.2.76. internationalISDNNumber

The internationalISDNNumber attribute contains the ISDN number of a document entry. This attribute uses the internationally recognized format for ISDN addresses given in CCITT Rec. E. 164.

OID

2.5.4.25

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.77. ipHostNumber

This contains the IP address for a server.

Note

The ipHostNumber attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.

OID

1.3.6.1.1.1.1.19

Syntax

DirectoryString

Multi- or Single-Valued

Multi-Valued

Defined in

RFC 2307

5.2.78. ipNetmaskNumber

This contains the IP netmask for the server.

Note

The ipHostNumber attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.

OID

2.16.840.1.113730.3.1.73

Syntax

DirectoryString

Multi- or Single-Valued

Multi-Valued

Defined in

RFC 2307

5.2.79. ipNetworkNumber

This identifies the IP network.

Note

The ipNetworkNumber attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.

OID

1.3.6.1.1.1.1.20

Syntax

DirectoryString

Multi- or Single-Valued

Single-Valued

Defined in

RFC 2307

5.2.80. ipProtocolNumber

This attribute identifies the IP protocol version number.

Note

The ipProtocolNumber attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.

OID

1.3.6.1.1.1.1.17

Syntax

Integer

Multi- or Single-Valued

Single-Valued

Defined in

RFC 2307

5.2.81. ipServicePort

This attribute gives the port used by the IP service.

Note

The ipServicePort attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.

OID

1.3.6.1.1.1.1.15

Syntax

Integer

Multi- or Single-Valued

Single-Valued

Defined in

RFC 2307

5.2.82. ipServiceProtocol

This identifies the protocol used by the IP service.

Note

The ipServiceProtocol attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.

OID

1.3.6.1.1.1.1.16

Syntax

DirectoryString

Multi- or Single-Valued

Multi-Valued

Defined in

RFC 2307

5.2.83. janetMailbox

The janetMailbox contains a JANET email address, usually for users located in the United Kingdom who do not use RFC 822 email address. Entries with this attribute must also contain the rfc822Mailbox attribute.

OID

0.9.2342.19200300.100.1.46

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.84. jpegPhoto

The jpegPhoto attribute contains a JPEG photo, a binary value. For example:

jpegPhoto:: AAAAAA==

OID

0.9.2342.19200300.100.1.60

Syntax

Binary

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2798

5.2.85. keyWords

The keyWord attribute contains keywords associated with the entry. For example:

keyWords: directory LDAP X.500

OID

0.9.2342.19200300.102.1.7

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Internet White Pages Pilot

5.2.86. knowledgeInformation

This attribute is no longer used.

OID

2.5.4.2

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.87. l (localityName)

The localityName, or l, attribute contains the county, city, or other geographical designation associated with the entry. For example:

localityName: Santa Clara
l: Santa Clara

OID

2.5.4.7

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.88. labeledURI

The labeledURI contains a Uniform Resource Identifier (URI) which is related, in some way, to the entry. Values placed in the attribute should consist of a URI (currently only URLs are supported), optionally followed by one or more space characters and a label.

labeledURI: http://home.example.com
labeledURI: http://home.example.com Example website

OID

1.3.6.1.4.1.250.1.57

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2709

5.2.89. loginShell

The loginShell attribute contains the path to a script that is launched automatically when a user logs into the domain.

loginShell: c:\scripts\jsmith.bat
Note

The loginShell attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.

OID

1.3.6.1.1.1.1.4

Syntax

IA5String

Multi- or Single-Valued

Single-valued

Defined in

RFC 2307

5.2.90. macAddress

This attribute gives the MAC address for a server or piece of equipment.

Note

The macAddress attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.

OID

1.3.6.1.1.1.1.22

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2307

5.2.91. mail

The mail attribute contains a user’s primary email address. This attribute value is retrieved and displayed by whitepage applications. For example:

mail: jsmith@example.com

OID

0.9.2342.19200300.100.1.3

Syntax

DirectyString

Multi- or Single-Valued

Single-valued

Defined in

RFC 1274

5.2.92. mailAccessDomain

This attribute lists the domain which a user can use to access the messaging server.

OID

2.16.840.1.113730.3.1.12

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Messaging Server

5.2.93. mailAlternateAddress

The mailAlternateAddress attribute contains additional email addresses for a user. This attribute does not reflect the default or primary email address; that email address is set by the mail attribute.

For example:

mailAlternateAddress: jsmith@example.com
mailAlternateAddress: smith1701@alt.com

OID

2.16.840.1.113730.3.1.13

Syntax

DirectyString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.94. mailAutoReplyMode

This attribute sets whether automatic replies are enabled for the messaging server.

OID

2.16.840.1.113730.3.1.14

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Messaging Server

5.2.95. mailAutoReplyText

This attribute stores the text to used in an auto-reply email.

OID

2.16.840.1.113730.3.1.15

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Messaging Server

5.2.96. mailDeliveryOption

This attribute defines the mail delivery mechanism to use for the mail user.

OID

2.16.840.1.113730.3.1.16

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Messaging Server

5.2.97. mailEnhancedUniqueMember

This attribute contains the DN of a unique member of a mail group.

OID

2.16.840.1.113730.3.1.31

Syntax

DN

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Messaging Server

5.2.98. mailForwardingAddress

This attribute contains an email address to which to forward a user’s email.

OID

2.16.840.1.113730.3.1.17

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Messaging Server

5.2.99. mailHost

The mailHost attribute contains the host name of a mail server. For example:

mailHost: mail.example.com

OID

2.16.840.1.113730.3.1.18

Syntax

DirectyString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Messaging Server

5.2.100. mailMessageStore

This identifies the location of a user’s email box.

OID

2.16.840.1.113730.3.1.19

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Messaging Server

5.2.101. mailPreferenceOption

The mailPreferenceOption defines whether a user should be included on a mailing list, both electronic and physical. There are three options.

0

Does not appear in mailing lists.

1

Add to any mailing lists.

2

Added only to mailing lists which the provider views as relevant to the user interest.

If the attribute is absent, then the default is to assume that the user is not included on any mailing list. This attribute should be interpreted by anyone using the directory to derive mailing lists and its value respected. For example:

mailPreferenceOption: 0

OID

0.9.2342.19200300.100.1.47

Syntax

Integer

Multi- or Single-Valued

Single-valued

Defined in

RFC 1274

5.2.102. mailProgramDeliveryInfo

This attribute contains any commands to use for programmed mail delivery.

OID

2.16.840.1.113730.3.1.20

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Messaging Server

5.2.103. mailQuota

This attribute sets the amount of disk space allowed for a user’s mail box.

OID

2.16.840.1.113730.3.1.21

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Messaging Server

5.2.104. mailRoutingAddress

This attribute contains the routing address to use when forwarding the emails received by the user to another messaging server.

OID

2.16.840.1.113730.3.1.24

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Messaging Server

5.2.105. manager

The manager contains the distinguished name (DN) of the manager for the person. For example:

manager: cn=Bill Andersen,ou=Quality Control,dc=example,dc=com

OID

0.9.2342.19200300.100.1.10

Syntax

DN

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.106. member

The member attribute contains the distinguished names (DNs) of each member of a group. For example:

member: cn=John Smith,dc=example,dc=com

OID

2.5.4.31

Syntax

DN

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.107. memberCertificateDescription

This attribute is a multi-valued attribute where each value is a description, a pattern, or a filter matching the subject DN of a certificate, usually a certificate used for TLS client authentication.

memberCertificateDescription matches any certificate that contains a subject DN with the same attribute-value assertions (AVAs) as the description. The description may contain multiple ou AVAs. A matching DN must contain those same ou AVAs, in the same order, although it may be interspersed with other AVAs, including other ou AVAs. For any other attribute type (not ou), there should be at most one AVA of that type in the description. If there are several, all but the last are ignored.

A matching DN must contain that same AVA but no other AVA of the same type nearer the root (later, syntactically).

AVAs are considered the same if they contain the same attribute description (case-insensitive comparison) and the same attribute value (case-insensitive comparison, leading and trailing whitespace ignored, and consecutive whitespace characters treated as a single space).

To be considered a member of a group with the following memberCertificateDescription value, a certificate needs to include ou=x, ou=A, and dc=example, but not dc=company.

memberCertificateDescription: {ou=x,ou=A,dc=company,dc=example}

To match the group’s requirements, a certificate’s subject DNs must contain the same ou attribute types in the same order as defined in the memberCertificateDescription attribute.

OID

2.16.840.1.113730.3.1.199

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

Directory Server

5.2.108. memberNisNetgroup

This attribute merges the attribute values of another netgroup into the current one by listing the name of the merging netgroup.

Note

The memberNisNetgroup attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.

OID

1.3.6.1.1.1.1.13

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2307

5.2.109. memberOf

This attribute contains the name of a group to which the user is a member.

memberOf is the default attribute generated by the MemberOf Plug-in on the user entry of a group member. This attribute is automatically synchronized to the listed member attributes in a group entry, so that displaying group membership for entries is managed by Directory Server.

Note

This attribute is only synchronized between group entries and the corresponding members' user entries if the MemberOf Plug-in is enabled and is configured to use this attribute.

OID

1.2.840.113556.1.2.102

Syntax

DN

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Delegated Administrator

5.2.110. memberUid

The memberUid attribute contains the login name of the member of a group; this can be different than the DN identified in the member attribute.

memberUID: jsmith
Note

The memberUID attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.

OID

1.3.6.1.1.1.1.12

Syntax

IA5String

Multi- or Single-Valued

Single-valued

Defined in

RFC 2307

5.2.111. memberURL

This attribute identifies a URL associated with each member of a group. Any type of labeled URL can be used.

memberURL: ldap://cn=jsmith,ou=people,dc=example,dc=com

OID

2.16.840.1.113730.3.1.198

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

Directory Server

5.2.112. mepManagedBy

This attribute contains a pointer in an automatically-generated entry that points back to the DN of the originating entry. This attribute is set by the Managed Entries Plug-in and cannot be modified manually.

OID

2.16.840.1.113730.3.1.2086

Syntax

DN

Multi- or Single-Valued

Single-valued

Defined in

Directory Server

5.2.113. mepManagedEntry

This attribute contains a pointer to an automatically-generated entry which corresponds to the current entry. This attribute is set by the Managed Entries Plug-in and cannot be modified manually.

OID

2.16.840.1.113730.3.1.2087

Syntax

DN

Multi- or Single-Valued

Single-valued

Defined in

Directory Server

5.2.114. mepMappedAttr

This attribute sets an attribute in the Managed Entries template entry which must exist in the generated entry. The mapping means that some value of the originating entry is used to supply the given attribute. The values of these attributes will be tokens in the form attribute: $attr. For example:

mepMappedAttr: gidNumber: $gidNumber

As long as the syntax of the expanded token of the attribute does not violate the required attribute syntax, then other terms and strings can be used in the attribute. For example:

mepMappedAttr: cn: Managed Group for $cn

OID

2.16.840.1.113730.3.1.2089

Syntax

OctetString

Multi- or Single-Valued

Multi-valued

Defined in

Directory Server

5.2.115. mepRDNAttr

This attribute sets which attribute to use as the naming attribute in the automatically-generated entry created by the Managed Entries Plug-in. Whatever attribute type is given in the naming attribute should be present in the managed entries template entry as a mepMappedAttr.

OID

2.16.840.1.113730.3.1.2090

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Directory Server

5.2.116. mepStaticAttr

This attribute sets an attribute with a defined value that must be added to the automatically-generated entry managed by the Managed Entries Plug-in. This value will be used for every entry generated by that instance of the Managed Entries Plug-in.

mepStaticAttr: posixGroup

OID

2.16.840.1.113730.3.1.2088

Syntax

OctetString

Multi- or Single-Valued

Multi-valued

Defined in

Directory Server

5.2.117. mgrpAddHeader

This attribute contains information about the header in the messages.

OID

2.16.840.1.113730.3.1.781

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Messaging Server

5.2.118. mgrpAllowedBroadcaster

This attribute sets whether to allow the user to send broadcast messages.

OID

2.16.840.1.113730.3.1.22

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Messaging Server

5.2.119. mgrpAllowedDomain

This attribute sets the domains for the mail group.

OID

2.16.840.1.113730.3.1.23

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Messaging Server

5.2.120. mgrpApprovePassword

This attribute sets whether a user must approve a password used to access their email.

OID

mgrpApprovePassword-oid

Syntax

IA5String

Multi- or Single-Valued

Single-valued

Defined in

Netscape Messaging Server

5.2.121. mgrpBroadcasterPolicy

This attribute defines the policy for broadcasting emails.

OID

2.16.840.1.113730.3.1.788

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Messaging Server

5.2.122. mgrpDeliverTo

This attribute contains information about the delivery destination for email.

OID

2.16.840.1.113730.3.1.25

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Messaging Server

5.2.123. mgrpErrorsTo

This attribute contains information about where to deliver error messages for the messaging server.

OID

2.16.840.1.113730.3.1.26

Syntax

IA5String

Multi- or Single-Valued

Single-valued

Defined in

Netscape Messaging Server

5.2.124. mgrpModerator

This attribute contains the contact name for the mailing list moderator.

OID

2.16.840.1.113730.3.1.33

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Messaging Server

5.2.125. mgrpMsgMaxSize

This attribute sets the maximum size allowed for email messages.

OID

2.16.840.1.113730.3.1.32

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape Messaging Server

5.2.126. mgrpMsgRejectAction

This attribute defines what actions the messaging server should take for rejected messages.

OID

2.16.840.1.113730.3.1.28

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Messaging Server

5.2.127. mgrpMsgRejectText

This attribute sets the text to use for rejection notifications.

OID

2.16.840.1.113730.3.1.29

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Messaging Server

5.2.128. mgrpNoDuplicateChecks

This attribute defines whether the messaging server checks for duplicate emails.

OID

2.16.840.1.113730.3.1.789

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape Messaging Server

5.2.129. mgrpRemoveHeader

This attribute sets whether the header is removed in reply messages.

OID

2.16.840.1.113730.3.1.801

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Messaging Server

5.2.130. mgrpRFC822MailMember

This attribute identifies the member of a mail group.

OID

2.16.840.1.113730.3.1.30

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Messaging Server

5.2.131. mobile

The mobile, or mobileTelephoneNumber, contains the entry’s mobile or cellular phone number. For example:

mobileTelephoneNumber: 415-555-4321

OID

0.9.2342.19200300.100.1.41

Syntax

TelephoneNumber

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.132. mozillaCustom1

This attribute is used by Mozilla Thunderbird to manage a shared address book.

OID

1.3.6.1.4.1.13769.4.1

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Mozilla Address Book

5.2.133. mozillaCustom2

This attribute is used by Mozilla Thunderbird to manage a shared address book.

OID

1.3.6.1.4.1.13769.4.2

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Mozilla Address Book

5.2.134. mozillaCustom3

This attribute is used by Mozilla Thunderbird to manage a shared address book.

OID

1.3.6.1.4.1.13769.4.3

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Mozilla Address Book

5.2.135. mozillaCustom4

This attribute is used by Mozilla Thunderbird to manage a shared address book.

OID

1.3.6.1.4.1.13769.4.4

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Mozilla Address Book

5.2.136. mozillaHomeCountryName

This attribute sets the country used by Mozilla Thunderbird in a shared address book.

OID

1.3.6.1.4.1.13769.3.6

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Mozilla Address Book

5.2.137. mozillaHomeLocalityName

This attribute sets the city used by Mozilla Thunderbird in a shared address book.

OID

1.3.6.1.4.1.13769.3.3

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Mozilla Address Book

5.2.138. mozillaHomePostalCode

This attribute sets the postal code used by Mozilla Thunderbird in a shared address book.

OID

1.3.6.1.4.1.13769.3.5

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Mozilla Address Book

5.2.139. mozillaHomeState

This attribute sets the state or province used by Mozilla Thunderbird in a shared address book.

OID

1.3.6.1.4.1.13769.3.4

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Mozilla Address Book

5.2.140. mozillaHomeStreet

This attribute sets the street address used by Mozilla Thunderbird in a shared address book.

OID

1.3.6.1.4.1.13769.3.1

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Mozilla Address Book

5.2.141. mozillaHomeStreet2

This attribute contains the second line of a street address used by Mozilla Thunderbird in a shared address book.

OID

1.3.6.1.4.1.13769.3.2

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Mozilla Address Book

5.2.142. mozillaHomeUrl

This attribute contains a URL used by Mozilla Thunderbird in a shared address book.

OID

1.3.6.1.4.1.13769.3.7

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Mozilla Address Book

5.2.143. mozillaNickname (xmozillanickname)

This attribute contains a nickname used by Mozilla Thunderbird for a shared address book.

OID

1.3.6.1.4.1.13769.2.1

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Mozilla Address Book

5.2.144. mozillaSecondEmail (xmozillasecondemail)

This attribute contains an alternate or secondary email address for an entry in a shared address book for Mozilla Thunderbird.

OID

1.3.6.1.4.1.13769.2.2

Syntax

IA5String

Multi- or Single-Valued

Single-valued

Defined in

Mozilla Address Book

5.2.145. mozillaUseHtmlMail (xmozillausehtmlmail)

This attribute sets an email type preference for an entry in a shared address book in Mozilla Thunderbird.

OID

1.3.6.1.4.1.13769.2.3

Syntax

Boolean

Multi- or Single-Valued

Single-valued

Defined in

Mozilla Address Book

5.2.146. mozillaWorkStreet2

This attribute contains a street address for a workplace or office for an entry in Mozilla Thunderbird’s shared address book.

OID

1.3.6.1.4.1.13769.3.8

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Mozilla Address Book

5.2.147. mozillaWorkUrl

This attribute contains a URL for a work site in an entry in a shared address book in Mozilla Thunderbird.

OID

1.3.6.1.4.1.13769.3.9

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Mozilla Address Book

5.2.148. multiLineDescription

This attribute contains a description of an entry which spans multiple lines in the LDIF file.

OID

1.3.6.1.4.1.250.1.2

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Internet White Pages Pilot

5.2.149. name

The name attribute identifies the attribute supertype which can be used to form string attribute types for naming.

It is unlikely that values of this type will occur in an entry. LDAP server implementations that do not support attribute subtyping do not need to recognize this attribute in requests. Client implementations should not assume that LDAP servers are capable of performing attribute subtyping.

OID

2.5.4.41

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.150. netscapeReversiblePassword

This attribute contains the password for HTTP Digest/MD5 authentication.

OID

2.16.840.1.113730.3.1.812

Syntax

OctetString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Web Server

5.2.151. NisMapEntry

This attribute contains the information for a NIS map to be used by Network Information Services.

Note

This attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.

OID

1.3.6.1.1.1.1.27

Syntax

IA5String

Multi- or Single-Valued

Single-valued

Defined in

RFC 2307

5.2.152. nisMapName

This attribute contains the name of a mapping used by a NIS server.

OID

1.3.6.1.1.1.1.26

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2307

5.2.153. nisNetgroupTriple

This attribute contains information on a netgroup used by a NIS server.

Note

This attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.

OID

1.3.6.1.1.1.1.14

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2307

5.2.154. nsAccessLog

This entry identifies the access log used by a server.

OID

nsAccessLog-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.155. nsAdminAccessAddresses

This attribute contains the IP address of the Administration Server used by the instance.

OID

nsAdminAccessAddresses-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Administration Services

5.2.156. nsAdminAccessHosts

This attribute contains the host name of the Administration Server.

OID

nsAdminAccessHosts-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Administration Services

5.2.157. nsAdminAccountInfo

This attribute contains other information about the Administration Server account.

OID

nsAdminAccountInfo-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Administration Services

5.2.158. nsAdminCacheLifetime

This sets the length of time to store the cache used by the Directory Server.

OID

nsAdminCacheLifetime-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Administration Services

5.2.159. nsAdminCgiWaitPid

This attribute defines the wait time for Administration Server CGI process IDs.

OID

nsAdminCgiWaitPid-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Administration Services

5.2.160. nsAdminDomainName

This attribute contains the name of the administration domain containing the Directory Server instance.

OID

nsAdminDomainName-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Administration Services

5.2.161. nsAdminEnableEnduser

This attribute sets whether to allow end user access to admin services.

OID

nsAdminEnableEnduser-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Administration Services

5.2.162. nsAdminEndUserHTMLIndex

This attribute sets whether to allow end users to access the HTML index of admin services.

OID

nsAdminEndUserHTMLIndex-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Administration Services

5.2.163. nsAdminGroupName

This attribute gives the name of the admin guide.

OID

nsAdminGroupName-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Administration Services

5.2.164. nsAdminOneACLDir

This attribute gives the directory path to the directory containing access control lists for the Administration Server.

OID

nsAdminOneACLDir-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Administration Services

5.2.165. nsAdminSIEDN

This attribute contains the DN of the serer instance entry (SIE) for the Administration Server.

OID

nsAdminSIEDN-oid

Syntax

DN

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Administration Services

5.2.166. nsAdminUsers

This attribute gives the path and name of the file which contains the information for the Administration Server admin user.

OID

nsAdminUsers-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Administration Services

5.2.167. nsAIMid

This attribute contains the AOL Instant Messaging user ID for the user.

OID

2.16.840.1.113730.3.2.300

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Directory Server

5.2.168. nsBaseDN

This contains the base DN used in the Directory Server’s server instance definition entry.

OID

nsBaseDN-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Directory Server

5.2.169. nsBindDN

This attribute contains the bind DN defined in the Directory Server SIE.

OID

nsBindDN-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Directory Server

5.2.170. nsBindPassword

This attribute contains the password used by the bind DN defined in nsBindDN.

OID

nsBindPassword-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Directory Server

5.2.171. nsBuildNumber

This defines, in the Directory Server SIE, the build number of the server instance.

OID

nsBuildNumber-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.172. nsBuildSecurity

This defines, in the Directory Server SIE, the build security level.

OID

nsBuildSecurity-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.173. nsCertConfig

This attribute defines the configuration for the Red Hat Certificate System.

OID

nsCertConfig-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Certificate System

5.2.174. nsClassname

OID

nsClassname-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.175. nsConfigRoot

This attribute contains the root DN of the configuration directory.

OID

nsConfigRoot-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.176. nscpAIMScreenname

This attribute gives the AIM screen name of a user.

OID

1.3.6.1.4.1.13769.2.4

Syntax

TelephoneString

Multi- or Single-Valued

Multi-valued

Defined in

Mozilla Address Book

5.2.177. nsDefaultAcceptLanguage

This attribute contains the language codes which are accepted for HTML clients.

OID

nsDefaultAcceptLanguage-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.178. nsDefaultObjectClass

This attribute stores object class information in a container entry.

OID

nsDefaultObjectClass-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Administration Services

5.2.179. nsDeleteclassname

OID

nsDeleteclassname-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Administration Services

5.2.180. nsDirectoryFailoverList

This attribute contains a list of Directory Servers to use for failover.

OID

nsDirectoryFailoverList-oid

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.181. nsDirectoryInfoRef

This attribute refers to a DN of an entry with information about the server.

OID

nsDirectoryInfoRef-oid

Syntax

DN

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.182. nsDirectoryURL

This attribute contains the Directory Server URL.

OID

nsDirectoryURL-oid

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.183. nsDisplayName

This attribute contains a display name.

OID

nsDisplayName-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Administration Services

5.2.184. nsErrorLog

This attribute identifies the error log used by the server.

OID

nsErrorLog-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.185. nsExecRef

This attribute contains the path or location of an executable which can be used to perform server tasks.

OID

nsExecRef-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.186. nsExpirationDate

This attribute contains the expiration date of an application.

OID

nsExpirationDate-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.187. nsGroupRDNComponent

This attribute defines the attribute to use for the RDN of a group entry.

OID

nsGroupRDNComponent-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.188. nsHardwarePlatform

This attribute indicates the hardware on which the server is running. The value of this attribute is the same as the output from uname -m. For example:

nsHardwarePlatform:i686

OID

nsHardwarePlatform-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.189. nsHelpRef

This attribute contains a reference to an online help file.

OID

nsHelpRef-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.190. nsHostLocation

This attribute contains information about the server host.

OID

nsHostLocation-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.191. nsICQid

This attribute contains an ICQ ID for the user.

OID

2.16.840.1.113730.3.1.2014

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Directory Server

5.2.192. nsInstalledLocation

This attribute contains the installation directory for Directory Servers which are version 7.1 or older.

OID

nsInstalledLocation-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.193. nsJarfilename

This attribute gives the jar file name used by the Console.

OID

nsJarfilename-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.194. nsLdapSchemaVersion

This gives the version number of the LDAP directory schema.

OID

nsLdapSchemaVersion-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.195. nsLicensedFor

The nsLicensedFor attribute identifies the server the user is licensed to use. Administration Server expects each nsLicenseUser entry to contain zero or more instances of this attribute. Valid keywords for this attribute include the following:

  • slapd for a licensed Directory Server client.
  • mail for a licensed mail server client.
  • news for a licensed news server client.
  • cal for a licensed calender server client.

For example:

nsLicensedFor: slapd

OID

2.16.840.1.113730.3.1.36

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Administration Server

5.2.196. nsLicenseEndTime

Reserved for future use.

OID

2.16.840.1.113730.3.1.38

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Administration Server

5.2.197. nsLicenseStartTime

Reserved for future use.

OID

2.16.840.1.113730.3.1.37

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Administration Server

5.2.198. nsLogSuppress

This attribute sets whether to suppress server logging.

OID

nsLogSuppress-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape

5.2.199. nsmsgDisallowAccess

This attribute defines access to a messaging server.

OID

nsmsgDisallowAccess-oid

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Messaging Server

5.2.200. nsmsgNumMsgQuota

This attribute sets a quota for the number of messages which will be kept by the messaging server.

OID

nsmsgNumMsgQuota-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Messaging Server

5.2.201. nsMSNid

This attribute contains the MSN instant messaging ID for the user.

OID

2.16.840.1.113730.3.1.2016

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Directory Server

5.2.202. nsNickName

This attribute gives a nickname for an application.

OID

nsNickName-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape

5.2.203. nsNYR

OID

nsNYR-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Administration Services

5.2.204. nsOsVersion

This attribute contains the version number of the operating system for the host on which the server is running.

OID

nsOsVersion-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape

5.2.205. nsPidLog

OID

nsPidLog-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape

5.2.206. nsPreference

This attribute stores the Console preference settings.

OID

nsPreference-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Administration Services

5.2.207. nsProductName

This contains the name of the product, such as Red Hat Directory Server or Administration Server.

OID

nsProductName-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape

5.2.208. nsProductVersion

This contains the version number of the Directory Server or Administration Server.

OID

nsProductVersion-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape

5.2.209. nsRevisionNumber

This attribute contains the revision number of the Directory Server or Administration Server.

OID

nsRevisionNumber-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape

5.2.210. nsSecureServerPort

This attribute contains the TLS port for the Directory Server.

Note

This attribute does not configure the TLS port for the Directory Server. This is configured in nsslapd-secureport configuration attribute in the Directory Server’s dse.ldif file. Configuration attributes are described in the Configuration, Command, and File Reference.

OID

nsSecureServerPort-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Directory Server

5.2.211. nsSerialNumber

This attribute contains a serial number or tracking number assigned to a specific server application, such as Red Hat Directory Server or Administration Server.

OID

nsSerialNumber-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape

5.2.212. nsServerAddress

This attribute contains the IP address of the server host on which the Directory Server is running.

OID

nsServerAddress-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape

5.2.213. nsServerCreationClassname

This attribute gives the class name to use when creating a server.

OID

nsServerCreationClassname-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape

5.2.214. nsServerID

This contains the server’s instance name. For example:

nsServerID: slapd-example

OID

nsServerID-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape

5.2.215. nsServerMigrationClassname

This attribute contains the name of the class to use when migrating a server.

OID

nsServerMigrationClassname-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape

5.2.216. nsServerPort

This attribute contains the standard LDAP port for the Directory Server.

Note

This attribute does not configure the standard port for the Directory Server. This is configured in nsslapd-port configuration attribute in the Directory Server’s dse.ldif file. Configuration attributes are described in the Configuration, Command, and File Reference.

OID

nsServerPort-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape

5.2.217. nsServerSecurity

This shows whether the Directory Server requires a secure TLS or SSL connection.

OID

nsServerSecurity-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape

5.2.218. nsSNMPContact

This attribute contains the contact information provided by the SNMP.

OID

2.16.840.1.113730.3.1.235

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Directory Server

5.2.219. nsSNMPDescription

This contains a description of the SNMP service.

OID

2.16.840.1.113730.3.1.236

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Directory Server

5.2.220. nsSNMPEnabled

This attribute shows whether SNMP is enabled for the server.

OID

2.16.840.1.113730.3.1.232

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Directory Server

5.2.221. nsSNMPLocation

This attribute shows the location provided by the SNMP service.

OID

2.16.840.1.113730.3.1.234

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Directory Server

5.2.222. nsSNMPMasterHost

This attribute shows the host name for the SNMP master agent.

OID

2.16.840.1.113730.3.1.237

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Directory Server

5.2.223. nsSNMPMasterPort

This attribute shows the port number for the SNMP subagent.

OID

2.16.840.1.113730.3.1.238

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Directory Server

5.2.224. nsSNMPOrganization

This attribute contains the organization information provided by SNMP.

OID

2.16.840.1.113730.3.1.233

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Directory Server

5.2.225. nsSuiteSpotUser

This attribute has been obsoleted.

This attribute identifies the Unix user who installed the server.

OID

nsSuiteSpotUser-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape

5.2.226. nsTaskLabel

OID

nsTaskLabel-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape

5.2.227. nsUniqueAttribute

This sets a unique attribute for the server preferences.

OID

nsUniqueAttribute-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Administration Services

5.2.228. nsUserIDFormat

This attribute sets the format to use to generate the uid attribute from the givenname and sn attributes.

OID

nsUserIDFormat-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Administration Services

5.2.229. nsUserRDNComponent

This attribute sets the attribute type to set the RDN for user entries.

OID

nsUserRDNComponent-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Administration Services

5.2.230. nsValueBin

OID

2.16.840.1.113730.3.1.247

Syntax

Binary

Multi- or Single-Valued

Multi-valued

Defined in

Netscape servers — value item

5.2.231. nsValueCES

OID

2.16.840.1.113730.3.1.244

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

Netscape servers — value item

5.2.232. nsValueCIS

OID

2.16.840.1.113730.3.1.243

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape servers — value item

5.2.233. nsValueDefault

OID

2.16.840.1.113730.3.1.250

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape servers — value item

5.2.234. nsValueDescription

OID

2.16.840.1.113730.3.1.252

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape servers — value item

5.2.235. nsValueDN

OID

2.16.840.1.113730.3.1.248

Syntax

DN

Multi- or Single-Valued

Multi-valued

Defined in

Netscape servers — value item

5.2.236. nsValueFlags

OID

2.16.840.1.113730.3.1.251

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape servers — value item

5.2.237. nsValueHelpURL

OID

2.16.840.1.113730.3.1.254

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

Netscape servers — value item

5.2.238. nsValueInt

OID

2.16.840.1.113730.3.1.246

Syntax

Integer

Multi- or Single-Valued

Multi-valued

Defined in

Netscape servers — value item

5.2.239. nsValueSyntax

OID

2.16.840.1.113730.3.1.253

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape servers — value item

5.2.240. nsValueTel

OID

2.16.840.1.113730.3.1.245

Syntax

TelephoneString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape servers — value item

5.2.241. nsValueType

OID

2.16.840.1.113730.3.1.249

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape servers — value item

5.2.242. nsVendor

This contains the name of the server vendor.

OID

nsVendor-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape

5.2.243. nsViewConfiguration

This attribute stores the view configuration used by Console.

OID

nsViewConfiguration-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Administration Services

5.2.244. nsViewFilter

This attribute sets the attribute-value pair which is used to identify entries belonging to the view.

OID

2.16.840.1.113730.3.1.3023

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

Directory Server

5.2.245. nsWellKnownJarfiles

OID

nsWellKnownJarfiles-oid

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Administration Services

5.2.246. nswmExtendedUserPrefs

This attribute is used to store user preferences for accounts in a messaging server.

OID

2.16.840.1.113730.3.1.520

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Messaging Server

5.2.247. nsYIMid

This attribute contains the Yahoo instant messaging user name for the user.

OID

2.16.840.1.113730.3.1.2015

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Directory Server

5.2.248. ntGroupAttributes

This attribute points to a binary file which contains information about the group. For example:

ntGroupAttributes:: IyEvYmluL2tzaAoKIwojIGRlZmF1bHQgdmFsdWUKIwpIPSJgaG9zdG5hb

OID

2.16.840.1.113730.3.1.536

Syntax

Binary

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.249. ntGroupCreateNewGroup

The ntGroupCreateNewGroup attribute is used by Windows Sync to determine whether the Directory Server should create new group entry when a new group is created on a Windows server. true creates the new entry; false ignores the Windows entry.

OID

2.16.840.1.113730.3.1.45

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.250. ntGroupDeleteGroup

The ntGroupDeleteGroup attribute is used by Windows Sync to determine whether the Directory Server should delete a group entry when the group is deleted on a Windows sync peer server. true means the account is deleted; false ignores the deletion.

OID

2.16.840.1.113730.3.1.46

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.251. ntGroupDomainId

The ntGroupDomainID attribute contains the domain ID string for a group.

ntGroupDomainId: DS HR Group

OID

2.16.840.1.113730.3.1.44

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.252. ntGroupId

The ntGroupId attribute points to a binary file which identifies the group. For example:

ntGroupId: IOUnHNjjRgghghREgfvItrGHyuTYhjIOhTYtyHJuSDwOopKLhjGbnGFtr

OID

2.16.840.1.113730.3.1.110

Syntax

Binary

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.253. ntGroupType

In Active Directory, there are two major types of groups: security and distribution. Security groups are most similar to groups in Directory Server, since security groups can have policies configured for access controls, resource restrictions, and other permissions. Distribution groups are for mailing distribution. These are further broken down into global and local groups. The Directory Server ntGroupType supports all four group types:

The ntGroupType attribute identifies the type of Windows group. The valid values are as follows:

  • -21483646 for global/security
  • -21483644 for domain local/security
  • 2 for global/distribution
  • 4 for domain local/distribution

This value is set automatically when the Windows groups are synchronized. To determine the type of group, you must manually configure it when the group gets created. By default, Directory Server groups do not have this attribute and are synchronized as global/security groups.

ntGroupType: -21483646

OID

2.16.840.1.113730.3.1.47

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.254. ntUniqueId

The ntUniqueId attribute contains a generated number used for internal server identification and operation. For example:

ntUniqueId: 352562404224a44ab040df02e4ef500b

OID

2.16.840.1.113730.3.1.111

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.255. ntUserAcctExpires

This attribute indicates when the entry’s Windows account will expire. This value is stored as a string in GMT format. For example:

ntUserAcctExpires: 20081015203415

OID

2.16.840.1.113730.3.1.528

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.256. ntUserAuthFlags

This attribute contains authorization flags set for the Windows account.

OID

2.16.840.1.113730.3.1.60

Syntax

Binary

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.257. ntUserBadPwCount

This attribute sets the number of bad password failures are allowed before an account is locked.

OID

2.16.840.1.113730.3.1.531

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.258. ntUserCodePage

The ntUserCodePage attribute contains the code page for the user’s language of choice. For example:

ntUserCodePage: AAAAAA==

OID

2.16.840.1.113730.3.1.533

Syntax

Binary

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.259. ntUserComment

This attribute contains a text description or note about the user entry.

OID

2.16.840.1.113730.3.1.522

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.260. ntUserCountryCode

This attribute contains the two-character country code for the country where the user is located.

OID

2.16.840.1.113730.3.1.532

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.261. ntUserCreateNewAccount

The ntUserCreateNewAccount attribute is used by Windows Sync to determine whether the Directory Server should create a new user entry when a new user is created on a Windows server. true creates the new entry; false ignores the Windows entry.

OID

2.16.840.1.113730.3.1.42

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.262. ntUserDeleteAccount

The ntUserDeleteAccount attribute IS Used by Windows Sync to determine whether a Directory Server entry will be automatically deleted when the user is deleted from the Windows sync peer server. true means the user entry is deleted; false ignores the deletion.

OID

2.16.840.1.113730.3.1.43

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.263. ntUserDomainId

The ntUserDomainId attribute contains the Windows domain login ID. For example:

ntUserDomainId: jsmith

OID

2.16.840.1.113730.3.1.41

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.264. ntUserFlags

This attribute contains additional flags set for the Windows account.

OID

2.16.840.1.113730.3.1.523

Syntax

Binary

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.265. ntUserHomeDir

The ntUserHomeDir attribute contains an ASCII string representing the Windows user’s home directory. This attribute can be null. For example:

ntUserHomeDir: c:\jsmith

OID

2.16.840.1.113730.3.1.521

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.266. ntUserHomeDirDrive

This attribute contains information about the drive on which the user’s home directory is stored.

OID

2.16.840.1.113730.3.1.535

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.267. ntUserLastLogoff

The ntUserLastLogoff attribute contains the time of the last logoff. This value is stored as a string in GMT format.

If security logging is turned on, then this attribute is updated on synchronization only if some other aspect of the user’s entry has changed.

ntUserLastLogoff: 20201015203415Z

OID

2.16.840.1.113730.3.1.527

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.268. ntUserLastLogon

The ntUserLastLogon attribute contains the time that the user last logged into the Windows domain. This value is stored as a string in GMT format. If security logging is turned on, then this attribute is updated on synchronization only if some other aspect of the user’s entry has changed.

ntUserLastLogon: 20201015203415Z

OID

2.16.840.1.113730.3.1.526

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.269. ntUserLogonHours

The ntUserLogonHours attribute contains the time periods that a user is allowed to log onto the Active Directory domain. This attribute corresponds to the logonHours attribute in Active Directory.

OID

2.16.840.1.113730.3.1.530

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.270. ntUserLogonServer

The ntUserLogonServer attribute defines the Active Directory server to which the user’s logon request is forwarded.

OID

2.16.840.1.113730.3.1.65

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.271. ntUserMaxStorage

The ntUserMaxStorage attribute contains the maximum amount of disk space available for the user.

ntUserMaxStorage: 4294967295

OID

2.16.840.1.113730.3.1.529

Syntax

Binary

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.272. ntUserNumLogons

This attribute shows the number of successful logons to the Active Directory domain for the user.

OID

2.16.840.1.113730.3.1.64

Syntax

Binary

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.273. ntUserParms

The ntUserParms attribute contains a Unicode string reserved for use by applications.

OID

2.16.840.1.113730.3.1.62

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.274. ntUserPasswordExpired

This attribute shows whether the password for the Active Directory account has expired.

OID

2.16.840.1.113730.3.1.68

Syntax

Binary

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.275. ntUserPrimaryGroupId

The ntUserPrimaryGroupId attribute contains the group ID of the primary group to which the user belongs.

OID

2.16.840.1.113730.3.1.534

Syntax

Binary

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.276. ntUserPriv

This attribute shows the type of privileges allowed for the user.

OID

2.16.840.1.113730.3.1.59

Syntax

Binary

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.277. ntUserProfile

The ntUserProfile attribute contains the path to a user’s profile. For example:

ntUserProfile: c:\jsmith\profile.txt

OID

2.16.840.1.113730.3.1.67

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.278. ntUserScriptPath

The ntUserScriptPath attribute contains the path to an ASCII script used by the user to log into the domain.

ntUserScriptPath: c:\jstorm\lscript.bat

OID

2.16.840.1.113730.3.1.524

Syntax

Binary

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.279. ntUserUniqueId

The ntUserUniqueId attribute contains a unique numeric ID for the Windows user.

OID

2.16.840.1.113730.3.1.66

Syntax

Binary

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.280. ntUserUnitsPerWeek

The ntUserUnitsPerWeek attribute contains the total amount of time that the user has spent logged into the Active Directory domain.

OID

2.16.840.1.113730.3.1.63

Syntax

Binary

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.281. ntUserUsrComment

The ntUserUsrComment attribute contains additional comments about the user.

OID

2.16.840.1.113730.3.1.61

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.282. ntUserWorkstations

The ntUserWorkstations attribute contains a list of names, in ASCII strings, of work stations which the user is allowed to log in to. There can be up to eight work stations listed, separated by commas. Specify null to permit users to log on from any workstation. For example:

ntUserWorkstations: firefly

OID

2.16.840.1.113730.3.1.525

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape NT Synchronization

5.2.283. o (organizationName)

The organizationName, or o, attribute contains the organization name. For example:

organizationName: Example Corporation
o: Example Corporation

OID

2.5.4.10

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.284. objectClass

The objectClass attribute identifies the object classes used for an entry. For example:

objectClass: person

OID

2.5.4.0

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.285. objectClasses

This attribute is used in a schema file to identify an object class allowed by the subschema definition.

OID

2.5.21.6

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2252

5.2.286. obsoletedByDocument

The obsoletedByDocument attribute contains the distinguished name of a document which obsoletes the current document entry.

OID

0.9.2342.19200300.102.1.4

Syntax

DN

Multi- or Single-Valued

Multi-valued

Defined in

Internet White Pages Pilot

5.2.287. obsoletesDocument

The obsoletesDocument attribute contains the distinguished name of a documented which is obsoleted by the current document entry.

OID

0.9.2342.19200300.102.1.3

Syntax

DN

Multi- or Single-Valued

Multi-valued

Defined in

Internet White Pages Pilot

5.2.288. oncRpcNumber

The oncRpcNumber attribute contains part of the RPC map and stores the RPC number for UNIX RPCs.

Note

The oncRpcNumber attribute is defined in 10rfc2307.ldif in the Directory Server. To use the updated RFC 2307 schema, remove the 10rfc2307.ldif file and copy the 10rfc2307bis.ldif file from the /usr/share/dirsrv/data directory to the /etc/dirsrv/slapd-instance/schema directory.

OID

1.3.6.1.1.1.1.18

Syntax

Integer

Multi- or Single-Valued

Single-valued

Defined in

RFC 2307

5.2.289. organizationalStatus

The organizationalStatus identifies the person’s category within an organization.

organizationalStatus: researcher

OID

0.9.2342.19200300.100.1.45

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.290. otherMailbox

The otherMailbox attribute contains values for email types other than X.400 and RFC 822.

otherMailbox: internet $ jsmith@example.com

OID

0.9.2342.19200300.100.1.22

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.291. ou (organizationalUnitName)

The organizationalUnitName, or ou, contains the name of an organizational division or a subtree within the directory hierarchy.

organizationalUnitName: Marketing
ou: Marketing

OID

2.5.4.11

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.292. owner

The owner attribute contains the DN of the person responsible for an entry. For example:

owner: cn=John Smith,ou=people,dc=example,dc=com

OID

2.5.4.32

Syntax

DN

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.293. pager

The pagerTelephoneNumber, or pager, attribute contains a person’s pager phone number.

pagerTelephoneNumber: 415-555-6789
pager: 415-555-6789

OID

0.9.2342.19200300.100.1.42

Syntax

TelephoneNumber

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.294. parentOrganization

The parentOrganization attribute identifies the parent organization of an organization or organizational unit.

OID

1.3.6.1.4.1.1466.101.120.41

Syntax

DN

Multi- or Single-Valued

Single-valued

Defined in

Netscape

5.2.295. personalSignature

The personalSignature attribute contains the entry’s signature file, in binary format.

personalSignature:: AAAAAA==

OID

0.9.2342.19200300.100.1.53

Syntax

Binary

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.296. personalTitle

The personalTitle attribute contains a person’s honorific, such as Ms., Dr., Prof., and Rev.

personalTitle: Mr.

OID

0.9.2342.19200300.100.1.40

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.297. photo

The photo attribute contains a photo file, in a binary format.

photo:: AAAAAA==

OID

0.9.2342.19200300.100.1.7

Syntax

Binary

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.298. physicalDeliveryOfficeName

The physicalDeliveryOffice contains the city or town in which a physical postal delivery office is located.

physicalDeliveryOfficeName: Raleigh

OID

2.5.4.19

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.299. postalAddress

The postalAddress attribute identifies the entry’s mailing address. This field is intended to include multiple lines. When represented in LDIF format, each line should be separated by a dollar sign ($).

To represent an actual dollar sign ($) or backslash (\) within the entry text, use the escaped hex values \24 and \5c respectively. For example, to represent the string:

The dollar ($) value can be found
in the c:\cost file.

provide the string:

The dollar (\24) value can be found$in the c:\5ccost file.

OID

2.5.4.16

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.300. postalCode

The postalCode contains the zip code for an entry located within the United States.

postalCode: 44224

OID

2.5.4.17

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.301. postOfficeBox

The postOfficeBox attribute contains the postal address number or post office box number for an entry’s physical mailing address.

postOfficeBox: 1234

OID

2.5.4.18

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.302. preferredDeliveryMethod

The preferredDeliveryMethod contains an entry’s preferred contact or delivery method. For example:

preferredDeliveryMethod: telephone

OID

2.5.4.28

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.303. preferredLanguage

The preferredLanguage attribute contains a person’s preferred written or spoken language. The value should conform to the syntax for HTTP Accept-Language header values.

OID

2.16.840.1.113730.3.1.39

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

RFC 2798

5.2.304. preferredLocale

A locale identifies language-specific information about how users of a specific region, culture, or custom expect data to be presented, including how data of a given language is interpreted and how data is to be sorted. Directory Server supports three locales for American English, Japanese, and German.

The preferredLocale attribute sets which locale is preferred by a user.

OID

1.3.6.1.4.1.1466.101.120.42

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape

5.2.305. preferredTimeZone

The preferredTimeZone attribute sets the time zone to use for the user entry.

OID

1.3.6.1.4.1.1466.101.120.43

Syntax

DirectoryString

Multi- or Single-Valued

Single-valued

Defined in

Netscape

5.2.306. presentationAddress

The presentationAddress attribute contains the OSI presentation address for an entry. This attribute includes the OSI Network Address and up to three selectors, one each for use by the transport, session, and presentation entities. For example:

presentationAddress: TELEX+00726322+RFC-1006+02+130.59.2.1

OID

2.5.4.29

Syntax

IA5String

Multi- or Single-Valued

Single-valued

Defined in

RFC 2256

5.2.307. protocolInformation

The protocolInformation attribute, used together with the presentationAddress attribute, provides additional information about the OSO network service.

OID

2.5.4.48

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.308. pwdReset

When an administrator changes the password of a user, Directory Server sets the pwdReset operational attribute in the user’s entry to true. Applications can use this attribute to identify if a password of a user has been reset by an administrator.

Note

The pwdReset attribute is an operational attribute and, therefore, users cannot edit it.

OID

1.3.6.1.4.1.1466.115.121.1.7

Syntax

Boolean

Multi- or Single-Valued

Single-valued

Defined in

RFC draft-behera-ldap-password-policy

5.2.309. ref

The ref attribute is used to support LDAPv3 smart referrals. The value of this attribute is an LDAP URL:

ldap: host_name:port_number/subtree_dn

The port number is optional.

For example:

ref: ldap://server.example.com:389/ou=People,dc=example,dc=com

OID

2.16.840.1.113730.3.1.34

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

LDAPv3 Referrals Internet Draft

5.2.310. registeredAddress

This attribute contains a postal address for receiving telegrams or expedited documents. The recipient’s signature is usually required on delivery.

OID

2.5.4.26

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.311. roleOccupant

This attribute contains the distinguished name of the person acting in the role defined in the organizationalRole entry.

roleOccupant: uid=bjensen,dc=example,dc=com

OID

2.5.4.33

Syntax

DN

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.312. roomNumber

This attribute specifies the room number of an object. The cn attribute should be used for naming room objects.

roomNumber: 230

OID

0.9.2342.19200300.100.1.6

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.313. searchGuide

The searchGuide attribute specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation. When constructing search filters, use the enhancedSearchGuide attribute instead.

OID

2.5.4.14

Syntax

IA5String

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.314. secretary

The secretary attribute identifies an entry’s secretary or administrative assistant.

secretary: cn=John Smith,dc=example,dc=com

OID

0.9.2342.19200300.100.1.21

Syntax

DN

Multi- or Single-Valued

Multi-valued

Defined in

RFC 1274

5.2.315. seeAlso

The seeAlso attribute identifies another Directory Server entry that may contain information related to this entry.

seeAlso: cn=Quality Control Inspectors,ou=manufacturing,dc=example,dc=com

OID

2.5.4.34

Syntax

DN

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.316. serialNumber

The serialNumber attribute contains the serial number of a device.

serialNumber: 555-1234-AZ

OID

2.5.4.5

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

RFC 2256

5.2.317. serverHostName

The serverHostName attribute contains the host name of the server on which the Directory Server is running.

OID

2.16.840.1.113730.3.1.76

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Red Hat Administration Services

5.2.318. serverProductName

The serverProductName attribute contains the name of the server product.

OID

2.16.840.1.113730.3.1.71

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Red Hat Administration Services

5.2.319. serverRoot

This attribute is obsolete.

This attribute shows the installation directory (server root) of Directory Servers version 7.1 or older.

OID

2.16.840.1.113730.3.1.70

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Netscape Administration Services

5.2.320. serverVersionNumber

The serverVersionNumber attribute contains the server version number.

OID

2.16.840.1.113730.3.1.72

Syntax

DirectoryString

Multi- or Single-Valued

Multi-valued

Defined in

Red Hat