1Net::LDAP::RFC(3) User Contributed Perl Documentation Net::LDAP::RFC(3)
2
6 Net::LDAP::RFC - List of related RFCs
7
9 none
10
12 The LDAP protocol is defined in the following RFCs
13
15 RFC-4510 Lightweight Directory Access Protocol (LDAP): Technical
16 Specification Road Map
17 http://www.ietf.org/rfc/rfc4510.txt
18 The Lightweight Directory Access Protocol (LDAP) is an Internet
20 protocol for accessing distributed directory services that act in
21 accordance with X.500 data and service models. This document provides
22 a road map of the LDAP Technical Specification.
23 RFC-4511 Lightweight Directory Access Protocol (LDAP): The Protocol
25 http://www.ietf.org/rfc/rfc4511.txt
26 This document describes the protocol elements, along with their
28 semantics and encodings, of the Lightweight Directory Access Protocol
29 (LDAP). LDAP provides access to distributed directory services that
30 act in accordance with X.500 data and service models. These protocol
31 elements are based on those described in the X.500 Directory Access
32 Protocol (DAP).
33 RFC-4512 Lightweight Directory Access Protocol (LDAP): Directory
35 Information Models
36 http://www.ietf.org/rfc/rfc4512.txt
37 The Lightweight Directory Access Protocol (LDAP) is an Internet
39 protocol for accessing distributed directory services that act in
40 accordance with X.500 data and service models. This document describes
41 the X.500 Directory Information Models, as used in LDAP.
42 RFC-4513 Lightweight Directory Access Protocol (LDAP): Authentication
44 Methods and Security Mechanisms
45 http://www.ietf.org/rfc/rfc4513.txt
46 This document describes authentication methods and security mechanisms
48 of the Lightweight Directory Access Protocol (LDAP). This document
49 details establishment of Transport Layer Security (TLS) using the
50 StartTLS operation.
51 This document details the simple Bind authentication method including
53 anonymous, unauthenticated, and name/password mechanisms and the Simple
54 Authentication and Security Layer (SASL) Bind authentication method
55 including the EXTERNAL mechanism.
56 This document discusses various authentication and authorization states
58 through which a session to an LDAP server may pass and the actions that
59 trigger these state changes.
60 RFC-4514 Lightweight Directory Access Protocol (LDAP): String
62 Representation of Distinguished Names
63 http://www.ietf.org/rfc/rfc4514.txt
64 The X.500 Directory uses distinguished names (DNs) as primary keys to
66 entries in the directory. This document defines the string
67 representation used in the Lightweight Directory Access Protocol (LDAP)
68 to transfer distinguished names. The string representation is designed
69 to give a clean representation of commonly used distinguished names,
70 while being able to represent any distinguished name.
71 RFC-4515 Lightweight Directory Access Protocol (LDAP): String
73 Representation of Search Filters
74 http://www.ietf.org/rfc/rfc4515.txt
75 Lightweight Directory Access Protocol (LDAP) search filters are
77 transmitted in the LDAP protocol using a binary representation that is
78 appropriate for use on the network. This document defines a human-
79 readable string representation of LDAP search filters that is
80 appropriate for use in LDAP URLs (RFC 4516) and in other applications.
81 RFC-4516 Lightweight Directory Access Protocol (LDAP): Uniform Resource
83 Locator
84 http://www.ietf.org/rfc/rfc4516.txt
85 This document describes a format for a Lightweight Directory Access
87 Protocol (LDAP) Uniform Resource Locator (URL). An LDAP URL describes
88 an LDAP search operation that is used to retrieve information from an
89 LDAP directory, or, in the context of an LDAP referral or reference, an
90 LDAP URL describes a service where an LDAP operation may be progressed.
91 RFC-4517 Lightweight Directory Access Protocol (LDAP): Syntaxes and
93 Matching Rules
94 http://www.ietf.org/rfc/rfc4517.txt
95 Each attribute stored in a Lightweight Directory Access Protocol (LDAP)
97 directory, whose values may be transferred in the LDAP protocol, has a
98 defined syntax that constrains the structure and format of its values.
99 The comparison semantics for values of a syntax are not part of the
100 syntax definition but are instead provided through separately defined
101 matching rules. Matching rules specify an argument, an assertion
102 value, which also has a defined syntax. This document defines a base
103 set of syntaxes and matching rules for use in defining attributes for
104 LDAP directories.
105 RFC-4518 Lightweight Directory Access Protocol (LDAP): Internationalized
107 String Preparation
108 http://www.ietf.org/rfc/rfc4518.txt
109 The previous Lightweight Directory Access Protocol (LDAP) technical
111 specifications did not precisely define how character string matching
112 is to be performed. This led to a number of usability and
113 interoperability problems. This document defines string preparation
114 algorithms for character-based matching rules defined for use in LDAP.
115 RFC-4519 Lightweight Directory Access Protocol (LDAP): Schema for User
117 Applications
118 http://www.ietf.org/rfc/rfc4519.txt
119 This document is an integral part of the Lightweight Directory Access
121 Protocol (LDAP) technical specification. It provides a technical
122 specification of attribute types and object classes intended for use by
123 LDAP directory clients for many directory services, such as White
124 Pages. These objects are widely used as a basis for the schema in many
125 LDAP directories. This document does not cover attributes used for the
126 administration of directory servers, nor does it include directory
127 objects defined for specific uses in other documents.
128
130 RFC-6171 The Lightweight Directory Access Protocol (LDAP) Don't Use Copy
131 Control
132 http://www.ietf.org/rfc/rfc6171.txt
133 This document defines the Lightweight Directory Access Protocol (LDAP)
135 Don't Use Copy control extension which allows a client to specify that
136 copied information should not be used in providing service. This
137 control is based upon the X.511 dontUseCopy service control option.
138 RFC-5020 The Lightweight Directory Access Protocol (LDAP) entryDN
140 Operational Attribute
141 http://www.ietf.org/rfc/rfc5020.txt
142 This document describes the LDAP/X.500 'entryDN' operational attribute.
144 The attribute provides a copy of the entry's distinguished name for use
145 in attribute value assertions.
146 RFC-4792 Encoding Instructions for the Generic String Encoding Rules (GSER)
148 http://www.ietf.org/rfc/rfc4792.txt
149 Abstract Syntax Notation One (ASN.1) defines a general framework for
151 annotating types in an ASN.1 specification with encoding instructions
152 that alter how values of those types are encoded according to ASN.1
153 encoding rules. This document defines the supporting notation for
154 encoding instructions that apply to the Generic String Encoding Rules
155 (GSER), and in particular defines an encoding instruction to provide a
156 machine-processable representation for the declaration of a GSER
157 ChoiceOfStrings type.
158 RFC-4532 Lightweight Directory Access Protocol (LDAP) Who am I? Operation
160 http://www.ietf.org/rfc/rfc4532.txt
161 This specification provides a mechanism for Lightweight Directory
163 Access Protocol (LDAP) clients to obtain the authorization identity the
164 server has associated with the user or application entity. This
165 mechanism is specified as an LDAP extended operation called the LDAP
166 "Who am I?" operation.
167 RFC-4530 Lightweight Directory Access Protocol (LDAP) entryUUID Operational
169 Attribute
170 http://www.ietf.org/rfc/rfc4530.txt
171 This document describes the LDAP/X.500 'entryUUID' operational
173 attribute and associated matching rules and syntax. The attribute
174 holds a server-assigned Universally Unique Identifier (UUID) for the
175 object. Directory clients may use this attribute to distinguish
176 objects identified by a distinguished name or to locate an object after
177 renaming.
178 RFC-4528 Lightweight Directory Access Protocol (LDAP) Assertion Control
180 http://www.ietf.org/rfc/rfc4528.txt
181 This document defines the Lightweight Directory Access Protocol (LDAP)
183 Assertion Control, which allows a client to specify that a directory
184 operation should only be processed if an assertion applied to the
185 target entry of the operation is true. It can be used to construct
186 "test and set", "test and clear", and other conditional operations.
187 RFC-4527 Lightweight Directory Access Protocol (LDAP) Read Entry Controls
189 http://www.ietf.org/rfc/rfc4527.txt
190 This document specifies an extension to the Lightweight Directory
192 Access Protocol (LDAP) to allow the client to read the target entry of
193 an update operation. The client may request to read the entry before
194 and/or after the modifications are applied. These reads are done as an
195 atomic part of the update operation.
196 RFC-4526 Lightweight Directory Access Protocol (LDAP) Absolute True and
198 False Filters
199 http://www.ietf.org/rfc/rfc4526.txt
200 This document extends the Lightweight Directory Access Protocol (LDAP)
202 to support absolute True and False filters based upon similar
203 capabilities found in X.500 directory systems. The document also
204 extends the String Representation of LDAP Search Filters to support
205 these filters.
206 RFC-4524 COSINE LDAP/X.500 Schema
208 http://www.ietf.org/rfc/rfc4524.txt
209 This document provides a collection of schema elements for use with the
211 Lightweight Directory Access Protocol (LDAP) from the COSINE and
212 Internet X.500 pilot projects.
213 RFC-4523 Lightweight Directory Access Protocol (LDAP) Schema Definitions
215 for X.509 Certificates
216 http://www.ietf.org/rfc/rfc4523.txt
217 This document describes schema for representing X.509 certificates,
219 X.521 security information, and related elements in directories
220 accessible using the Lightweight Directory Access Protocol (LDAP). The
221 LDAP definitions for these X.509 and X.521 schema elements replace
222 those provided in RFCs 2252 and 2256.
223 RFC-4522 Lightweight Directory Access Protocol (LDAP): The Binary Encoding
225 Option
226 http://www.ietf.org/rfc/rfc4522.txt
227 Each attribute stored in a Lightweight Directory Access Protocol (LDAP)
229 directory has a defined syntax (i.e., data type). A syntax definition
230 specifies how attribute values conforming to the syntax are normally
231 represented when transferred in LDAP operations. This representation
232 is referred to as the LDAP-specific encoding to distinguish it from
233 other methods of encoding attribute values. This document defines an
234 attribute option, the binary option, that can be used to specify that
235 the associated attribute values are instead encoded according to the
236 Basic Encoding Rules (BER) used by X.500 directories.
237 RFC-4370 Lightweight Directory Access Protocol (LDAP) Proxied Authorization
239 Control
240 http://www.ietf.org/rfc/rfc4370.txt
241 This document defines the Lightweight Directory Access Protocol (LDAP)
243 Proxy Authorization Control. The Proxy Authorization Control allows a
244 client to request that an operation be processed under a provided
245 authorization identity instead of under the current authorization
246 identity associated with the connection.
247 RFC-4104 Policy Core Extension Lightweight Directory Access Protocol Schema
249 (PCELS)
250 http://www.ietf.org/rfc/rfc4104.txt
251 This document defines a number of changes and extensions to the Policy
253 Core Lightweight Directory Access Protocol (LDAP) Schema (RFC 3703)
254 based on the model extensions defined by the Policy Core Information
255 Model (PCIM) Extensions (RFC 3460). These changes and extensions
256 consist of new LDAP object classes and attribute types. Some of the
257 schema items defined in this document re-implement existing concepts in
258 accordance with their new semantics introduced by RFC 3460. The other
259 schema items implement new concepts, not covered by RFC 3703. This
260 document updates RFC 3703.
261 RFC-3928 Lightweight Directory Access Protocol (LDAP) Client Update
263 Protocol (LCUP)
264 http://www.ietf.org/rfc/rfc3928.txt
265 This document defines the Lightweight Directory Access Protocol (LDAP)
267 Client Update Protocol (LCUP). The protocol is intended to allow an
268 LDAP client to synchronize with the content of a directory information
269 tree (DIT) stored by an LDAP server and to be notified about the
270 changes to that content.
271 RFC-3909 Lightweight Directory Access Protocol (LDAP) Cancel Operation
273 http://www.ietf.org/rfc/rfc3909.txt
274 This specification describes a Lightweight Directory Access Protocol
276 (LDAP) extended operation to cancel (or abandon) an outstanding
277 operation. Unlike the LDAP Abandon operation, but like the X.511
278 Directory Access Protocol (DAP) Abandon operation, this operation has a
279 response which provides an indication of its outcome.
280 RFC-3876 Returning Matched Values with the Lightweight Directory Access
282 Protocol version 3 (LDAPv3)
283 http://www.ietf.org/rfc/rfc3876.txt
284 This document describes a control for the Lightweight Directory Access
286 Protocol version 3 that is used to return a subset of attribute values
287 from an entry. Specifically, only those values that match a "values
288 return" filter. Without support for this control, a client must
289 retrieve all of an attribute's values and search for specific values
290 locally.
291 RFC-3866 Language Tags and Ranges in the Lightweight Directory Access
293 Protocol (LDAP)
294 http://www.ietf.org/rfc/rfc3866.txt
295 It is often desirable to be able to indicate the natural language
297 associated with values held in a directory and to be able to query the
298 directory for values which fulfill the user's language needs. This
299 document details the use of Language Tags and Ranges in the Lightweight
300 Directory Access Protocol (LDAP).
301 RFC-3727 ASN.1 Module Definition for the LDAP and X.500 Component Matching
303 Rules
304 http://www.ietf.org/rfc/rfc3727.txt
305 This document updates the specification of the component matching rules
307 for Lightweight Directory Access Protocol (LDAP) and X.500 directories
308 (RFC3687) by collecting the Abstract Syntax Notation One (ASN.1)
309 definitions of the component matching rules into an appropriately
310 identified ASN.1 module so that other specifications may reference the
311 component matching rule definitions from within their own ASN.1
312 modules.
313 RFC-3703 Policy Core Lightweight Directory Access Protocol (LDAP) Schema
315 http://www.ietf.org/rfc/rfc3703.txt
316 This document defines a mapping of the Policy Core Information Model to
318 a form that can be implemented in a directory that uses Lightweight
319 Directory Access Protocol (LDAP) as its access protocol. This model
320 defines two hierarchies of object classes: structural classes
321 representing information for representing and controlling policy data
322 as specified in RFC 3060, and relationship classes that indicate how
323 instances of the structural classes are related to each other. Classes
324 are also added to the LDAP schema to improve the performance of a
325 client's interactions with an LDAP server when the client is retrieving
326 large amounts of policy-related information. These classes exist only
327 to optimize LDAP retrievals: there are no classes in the information
328 model that correspond to them.
329 RFC-3698 Lightweight Directory Access Protocol (LDAP): Additional Matching
331 Rules
332 http://www.ietf.org/rfc/rfc3698.txt
333 This document provides a collection of matching rules for use with the
335 Lightweight Directory Access Protocol (LDAP). As these matching rules
336 are simple adaptations of matching rules specified for use with the
337 X.500 Directory, most are already in wide use.
338 RFC-3687 Lightweight Directory Access Protocol (LDAP) and X.500 Component
340 Matching Rules
341 http://www.ietf.org/rfc/rfc3687.txt
342 The syntaxes of attributes in a Lightweight Directory Access Protocol
344 (LDAP) or X.500 directory range from simple data types, such as text
345 string, integer, or Boolean, to complex structured data types, such as
346 the syntaxes of the directory schema operational attributes. Matching
347 rules defined for the complex syntaxes usually only provide the most
348 immediately useful matching capability. This document defines generic
349 matching rules that can match any user selected component parts in an
350 attribute value of any arbitrarily complex attribute syntax.
351 RFC-3672 Subentries in the Lightweight Directory Access Protocol (LDAP)
353 http://www.ietf.org/rfc/rfc3672.txt
354 In X.500 directories, subentries are special entries used to hold
356 information associated with a subtree or subtree refinement. This
357 document adapts X.500 subentries mechanisms for use with the
358 Lightweight Directory Access Protocol (LDAP).
359 RFC-3671 Collective Attributes in the Lightweight Directory Access Protocol
361 (LDAP)
362 http://www.ietf.org/rfc/rfc3671.txt
363 X.500 collective attributes allow common characteristics to be shared
365 between collections of entries. This document summarizes the X.500
366 information model for collective attributes and describes use of
367 collective attributes in LDAP (Lightweight Directory Access Protocol).
368 This document provides schema definitions for collective attributes for
369 use in LDAP.
370 RFC-3296 Named Subordinate References in Lightweight Directory Access
372 Protocol (LDAP) Directories
373 http://www.ietf.org/rfc/rfc3296.txt
374 This document details schema and protocol elements for representing and
376 managing named subordinate references in Lightweight Directory Access
377 Protocol (LDAP) Directories.
378 RFC-3062 LDAP Password Modify Extended Operation
380 http://www.ietf.org/rfc/rfc3062.txt
381 The integration of the Lightweight Directory Access Protocol (LDAP) and
383 external authentication services has introduced non-DN authentication
384 identities and allowed for non-directory storage of passwords. As
385 such, mechanisms which update the directory (e.g., Modify) cannot be
386 used to change a user's password. This document describes an LDAP
387 extended operation to allow modification of user passwords which is not
388 dependent upon the form of the authentication identity nor the password
389 storage mechanism used.
390 RFC-2891 LDAP Control Extension for Server Side Sorting of Search Results
392 http://www.ietf.org/rfc/rfc2891.txt
393 This document describes two LDAPv3 control extensions for server side
395 sorting of search results. These controls allows a client to specify
396 the attribute types and matching rules a server should use when
397 returning the results to an LDAP search request. The controls may be
398 useful when the LDAP client has limited functionality or for some other
399 reason cannot sort the results but still needs them sorted. Other
400 permissible controls on search operations are not defined in this
401 extension.
402 RFC-2849 The LDAP Data Interchange Format (LDIF) - Technical Specification
404 http://www.ietf.org/rfc/rfc2849.txt
405 This document describes a file format suitable for describing directory
407 information or modifications made to directory information. The file
408 format, known as LDIF, for LDAP Data Interchange Format, is typically
409 used to import and export directory information between LDAP-based
410 directory servers, or to describe a set of changes which are to be
411 applied to a directory.
412 RFC-2831 Using Digest Authentication as a SASL Mechanism
414 http://www.ietf.org/rfc/rfc2831.txt
415 This specification defines how HTTP Digest Authentication can be used
417 as a SASL [RFC 2222] mechanism for any protocol that has a SASL
418 profile. It is intended both as an improvement over CRAM-MD5 [RFC 2195]
419 and as a convenient way to support a single authentication mechanism
420 for web, mail, LDAP, and other protocols.
421 RFC-2739 Calendar Attributes for vCard and LDAP
423 http://www.ietf.org/rfc/rfc2739.txt
424 When scheduling a calendar entity, such as an event, it is a
426 prerequisite that an organizer has the calendar address of each
427 attendee that will be invited to the event. Additionally, access to an
428 attendee's current "busy time" provides an a priori indication of
429 whether the attendee will be free to participate in the event. In order
430 to meet these challenges, a calendar user agent (CUA) needs a mechanism
431 to locate individual user's calendar and free/busy time. This memo
432 defines three mechanisms for obtaining a URI to a user's calendar and
433 free/busy time. These include:
434 RFC-2589 Extensions for Dynamic Directory Services
436 http://www.ietf.org/rfc/rfc2589.txt
437 LDAP supports lightweight access to static directory services, allowing
439 relatively fast search and update access. Static directory services
440 store information about people that persists in its accuracy and value
441 over a long period of time. Dynamic directory services are different in
442 that they store information about people that only persists in its
443 accuracy and value while people are online. Though the protocol
444 operations and attributes used by dynamic directory services are
445 similar to the ones used for static directory services, clients that
446 are bound to a dynamic directory service need to periodically refresh
447 their presence at the server to keep directory entries from getting
448 stale in the presence of client application crashes. A flow control
449 mechanism from the server is also described that allows a server to
450 inform clients how often they should refresh their presence.
451 RFC-2559 Internet X.509 Public Key Infrastructure Operational Protocols -
453 LDAPv2
454 http://www.ietf.org/rfc/rfc2559.txt
455 The protocol described in this document is designed to satisfy some of
457 the operational requirements within the Internet X.509 PKI.
458 Specifically, this document addresses requirements to provide access to
459 PKI repositories for the purposes of retrieving PKI information and
460 managing that same information. The mechanism described in this
461 document is based on the LDAPv2, defined in RFC 1777, defining a
462 profile of that protocol for use within the PKIX and updates encodings
463 for certificates and revocation lists from RFC 1778. Additional
464 mechanisms addressing PKIX operational requirements are specified in
465 separate documents.
466 RFC-2247 Using Domains in LDAP/X.500 Distinguished Names
468 http://www.ietf.org/rfc/rfc2247.txt
469 LDAP uses X.500-compatible distinguished names for providing unique
471 identification of entries. This document defines an algorithm by which
472 a name registered with the Internet Domain Name Service can be
473 represented as an LDAP distinguished name.
474 RFC-2222 Simple Authentication and Security Layer (SASL)
476 http://www.ietf.org/rfc/rfc2222.txt
477 This document describes a method for adding authentication support to
479 connection-based protocols. To use this specification, a protocol
480 includes a command for identifying and authenticating a user to a
481 server and for optionally negotiating protection of subsequent protocol
482 interactions. If its use is negotiated, a security layer is inserted
483 between the protocol and the connection. This document describes how a
484 protocol specifies such a command, defines several mechanisms for use
485 by the command, and defines the protocol used for carrying a negotiated
486 security layer over the connection.
487 RFC-2218 A Common Schema for the Internet White Pages Service
489 http://www.ietf.org/rfc/rfc2218.txt
490 This IETF Integrated Directory Services(IDS) Working Group proposes a
492 standard specification for a simple Internet White Pages service by
493 defining a common schema for use by the various White Pages servers.
494 This schema is independent of specific implementations of the White
495 Pages service. This document specifies the minimum set of core
496 attributes of a White Pages entry for an individual and describes how
497 new objects with those attributes can be defined and published. It does
498 not describe how to represent other objects in the White Pages service.
499 Further, it does not address the search sort expectations within a
500 particular service.
501 RFC-2164 Use of an X.500/LDAP directory to support MIXER address mapping
503 http://www.ietf.org/rfc/rfc2164.txt
504 MIXER (RFC 2156) defines an algorithm for use of a set of global
506 mapping between X.400 and RFC 822 addresses. This specification defines
507 how to represent and maintain these mappings (MIXER Conformant Global
508 Address Mappings of MCGAMs) in an X.500 or LDAP directory. Mechanisms
509 for representing OR Address and Domain hierarchies within the DIT.
510 These techniques are used to define two independent subtrees in the
511 DIT, which contain the mapping information.
512 RFC-2079 Definition of an X.500 Attribute Type and an Object Class to Hold
514 Uniform Resource Identifiers
515 http://www.ietf.org/rfc/rfc2079.txt
516 URLs are being widely used to specify the location of Internet
518 resources. There is an urgent need to be able to include URLs in
519 directories that conform to the LDAP and X.500 information models, and
520 a desire to include other types of URIs as they are defined. A number
521 of independent groups are already experimenting with the inclusion of
522 URLs in LDAP and X.500 directories. This document builds on the
523 experimentation to date and defines a new attribute type and an
524 auxiliary object class to allow URIs, including URLs, to be stored in
525 directory entries in a standard way.
526
528 RFC-4521 Considerations for Lightweight Directory Access Protocol (LDAP)
529 Extensions
530 http://www.ietf.org/rfc/rfc4521.txt
531 The Lightweight Directory Access Protocol (LDAP) is extensible. It
533 provides mechanisms for adding new operations, extending existing
534 operations, and expanding user and system schemas. This document
535 discusses considerations for designers of LDAP extensions.
536 RFC-4520 Internet Assigned Numbers Authority (IANA) Considerations for the
538 Lightweight Directory Access Protocol (LDAP)
539 http://www.ietf.org/rfc/rfc4520.txt
540 This document provides procedures for registering extensible elements
542 of the Lightweight Directory Access Protocol (LDAP). The document also
543 provides guidelines to the Internet Assigned Numbers Authority (IANA)
544 describing conditions under which new values can be assigned.
545 RFC-2148 Deployment of the Internet White Pages Service
547 http://www.ietf.org/rfc/rfc2148.txt
548 The Internet is used for information exchange and communication between
550 its users. It can only be effective as such if users are able to find
551 each other's addresses. Therefore the Internet benefits from an
552 adequate White Pages Service, i.e., a directory service offering
553 (Internet) address information related to people and organizations.
554 This document describes the way in which the Internet White Pages
556 Service (from now on abbreviated as IWPS) is best exploited using
557 today's experience, today's protocols, today's products and today's
558 procedures.
559
561 RFC-5803 Lightweight Directory Access Protocol (LDAP) Schema for Storing
562 Salted Challenge Response Authentication Mechanism (SCRAM) Secrets
563 http://www.ietf.org/rfc/rfc5803.txt
564 This memo describes how the "authPassword" Lightweight Directory Access
566 Protocol (LDAP) attribute can be used for storing secrets used by the
567 Salted Challenge Response Authentication Mechanism (SCRAM) mechanism in
568 the Simple Authentication and Security Layer (SASL) framework.
569 RFC-4876 A Configuration Profile Schema for Lightweight Directory Access
571 Protocol (LDAP)-Based Agents
572 http://www.ietf.org/rfc/rfc4828.txt
573 This document consists of two primary components, a schema for agents
575 that make use of the Lightweight Directory Access protocol (LDAP) and a
576 proposed use case of that schema, for distributed configuration of
577 similar directory user agents. A set of attribute types and an object
578 class are proposed. In the proposed use case, directory user agents
579 (DUAs) can use this schema to determine directory data location and
580 access parameters for specific services they support. In addition, in
581 the proposed use case, attribute and object class mapping allows DUAs
582 to reconfigure their expected (default) schema to match that of the end
583 user's environment. This document is intended to be a skeleton for
584 future documents that describe configuration of specific DUA services.
585 RFC-4529 Requesting Attributes by Object Class in the Lightweight Directory
587 Access Protocol (LDAP)
588 http://www.ietf.org/rfc/rfc4529.txt
589 The Lightweight Directory Access Protocol (LDAP) search operation
591 provides mechanisms for clients to request all user application
592 attributes, all operational attributes, and/or attributes selected by
593 their description. This document extends LDAP to support a mechanism
594 that LDAP clients may use to request the return of all attributes of an
595 object class.
596 RFC-4525 Lightweight Directory Access Protocol (LDAP) Modify-Increment
598 Extension
599 http://www.ietf.org/rfc/rfc4525.txt
600 This document describes an extension to the Lightweight Directory
602 Access Protocol (LDAP) Modify operation to support an increment
603 capability. This extension is useful in provisioning applications,
604 especially when combined with the assertion control and/or the pre-
605 read or post-read control extension.
606 RFC-4403 Lightweight Directory Access Protocol (LDAP) Schema for Universal
608 Description, Discovery, and Integration version 3 (UDDIv3)
609 http://www.ietf.org/rfc/rfc4403.txt
610 This document defines the Lightweight Directory Access Protocol
612 (LDAPv3) schema for representing Universal Description, Discovery, and
613 Integration (UDDI) data types in an LDAP directory. It defines the
614 LDAP object class and attribute definitions and containment rules to
615 model UDDI entities, defined in the UDDI version 3 information model,
616 in an LDAPv3-compliant directory.
617 RFC-4373 Lightweight Directory Access Protocol (LDAP) Bulk
619 Update/Replication Protocol (LBURP)
620 http://www.ietf.org/rfc/rfc4373.txt
621 The Lightweight Directory Access Protocol (LDAP) Bulk
623 Update/Replication Protocol (LBURP) allows an LDAP client to perform a
624 bulk update to an LDAP server. The protocol frames a sequenced set of
625 update operations within a pair of LDAP extended operations to notify
626 the server that the update operations in the framed set are related in
627 such a way that the ordering of all operations can be preserved during
628 processing even when they are sent asynchronously by the client.
629 Update operations can be grouped within a single protocol message to
630 maximize the efficiency of client-server communication.
631 The protocol is suitable for efficiently making a substantial set of
633 updates to the entries in an LDAP server.
634 RFC-3944 H.350 Directory Services
636 http://www.ietf.org/rfc/rfc3944.txt
637 The International Telecommunications Union Standardization Sector (ITU-
639 T) has created the H.350 series of Recommendations that specify
640 directory services architectures in support of multimedia conferencing
641 protocols. The goal of the architecture is to 'directory enable'
642 multimedia conferencing so that these services can leverage existing
643 identity management and enterprise directories. A particular goal is
644 to enable an enterprise or service provider to maintain a canonical
645 source of users and their multimedia conferencing systems, so that
646 multiple call servers from multiple vendors, supporting multiple
647 protocols, can all access the same data store.
648 Because SIP is an IETF standard, the contents of H.350 and H.350.4 are
650 made available via this document to the IETF community. This document
651 contains the entire normative text of ITU-T Recommendations H.350 and
652 H.350.4 in sections 4 and 5, respectively. The remaining sections are
653 included only in this document, not in the ITU-T version.
654 RFC-3829 Lightweight Directory Access Protocol (LDAP) Authorization
656 Identity Request and Response Controls
657 http://www.ietf.org/rfc/rfc3829.txt
658 This document extends the Lightweight Directory Access Protocol (LDAP)
660 bind operation with a mechanism for requesting and returning the
661 authorization identity it establishes. Specifically, this document
662 defines the Authorization Identity Request and Response controls for
663 use with the Bind operation.
664 RFC-3712 Lightweight Directory Access Protocol (LDAP): Schema for Printer
666 Services
667 http://www.ietf.org/rfc/rfc3712.txt
668 This document defines a schema, object classes and attributes, for
670 printers and printer services, for use with directories that support
671 Lightweight Directory Access Protocol v3 (LDAP-TS). This document is
672 based on the printer attributes listed in Appendix E of Internet
673 Printing Protocol/1.1 (IPP) (RFC 2911). A few additional printer
674 attributes are based on definitions in the Printer MIB (RFC 1759).
675 RFC-3494 Lightweight Directory Access Protocol version 2 (LDAPv2) to
677 Historic Status
678 http://www.ietf.org/rfc/rfc3494.txt
679 This document recommends the retirement of version 2 of the Lightweight
681 Directory Access Protocol (LDAPv2) and other dependent specifications,
682 and discusses the reasons for doing so. This document recommends RFC
683 1777, 1778, 1779, 1781, and 2559 (as well as documents they superseded)
684 be moved to Historic status.
685 RFC-3384 Lightweight Directory Access Protocol (version 3) Replication
687 Requirements
688 http://www.ietf.org/rfc/rfc3384.txt
689 This document discusses the fundamental requirements for replication of
691 data accessible via the Lightweight Directory Access Protocol (version
692 3) (LDAPv3). It is intended to be a gathering place for general
693 replication requirements needed to provide interoperability between
694 informational directories.
695 RFC-3112 LDAP Authentication Password Schema
697 http://www.ietf.org/rfc/rfc3112.txt
698 This document describes schema in support of user/password
700 authentication in a LDAP (Lightweight Directory Access Protocol)
701 directory including the authPassword attribute type. This attribute
702 type holds values derived from the user's password(s) (commonly using
703 cryptographic strength one-way hash). authPassword is intended to used
704 instead of userPassword.
705 RFC-3045 Storing Vendor Information in the LDAP root DSE
707 http://www.ietf.org/rfc/rfc3045.txt
708 This document specifies two Lightweight Directory Access Protocol
710 (LDAP) attributes, vendorName and vendorVersion that MAY be included in
711 the root DSA-specific Entry (DSE) to advertise vendor-specific
712 information. These two attributes supplement the attributes defined in
713 section 3.4 of RFC 2251.
714 RFC-2985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0
716 http://www.ietf.org/rfc/rfc2985.txt
717 This memo provides a selection of object classes and attribute types
719 for use in conjunction with public-key cryptography and Lightweight
720 Directory Access Protocol (LDAP) accessible directories. It also
721 includes ASN.1 syntax for all constructs.
722 RFC-2967 TISDAG - Technical Infrastructure for Swedish Directory Access
724 Gateways
725 http://www.ietf.org/rfc/rfc2967.txt
726 The strength of the TISDAG (Technical Infrastructure for Swedish
728 Directory Access Gateways) project's DAG proposal is that it defines
729 the necessary technical infrastructure to provide a single-access-
730 point service for information on Swedish Internet users. The resulting
731 service will provide uniform access for all information -- the same
732 level of access to information (7x24 service), and the same information
733 made available, irrespective of the service provider responsible for
734 maintaining that information, their directory service protocols, or the
735 end-user's client access protocol.
736 RFC-2927 MIME Directory Profile for LDAP Schema
738 http://www.ietf.org/rfc/rfc2927.txt
739 This document defines a multipurpose internet mail extensions (MIME)
741 directory profile for holding a lightweight directory access protocol
742 (LDAP) schema. It is intended for communication with the Internet
743 schema listing service.
744 RFC-2926 Conversion of LDAP Schemas to and from SLP Templates
746 http://www.ietf.org/rfc/rfc2926.txt
747 This document describes a procedure for mapping between Service
749 Location Protocol (SLP) service advertisements and lightweight
750 directory access protocol (LDAP) descriptions of services. The
751 document covers two aspects of the mapping. One aspect is mapping
752 between SLP service type templates and LDAP directory schema. Because
753 the SLP service type template grammar is relatively simple, mapping
754 from service type templates to LDAP types is straightforward. Mapping
755 in the other direction is straightforward if the attributes are
756 restricted to use just a few of the syntaxes defined in RFC 2252. If
757 arbitrary ASN.1 types occur in the schema, then the mapping is more
758 complex and may even be impossible. The second aspect is
759 representation of service information in an LDAP directory. The
760 recommended representation simplifies interoperability with SLP by
761 allowing SLP directory agents to backend into LDAP directory servers.
762 The resulting system allows service advertisements to propagate easily
763 between SLP and LDAP.
764 RFC-2820 Access Control Requirements for LDAP
766 http://www.ietf.org/rfc/rfc2820.txt
767 This document describes the fundamental requirements of an access
769 control list (ACL) model for the LDAP directory service. It is
770 intended to be a gathering place for access control requirements needed
771 to provide authorized access to and interoperability between
772 directories.
773 RFC-2798 Definition of the inetOrgPerson Object Class
775 http://www.ietf.org/rfc/rfc2798.txt
776 While the X.500 standards define many useful attribute types [X520] and
778 object classes [X521], they do not define a person object class that
779 meets the requirements found in today's Internet and Intranet directory
780 service deployments. We define a new object class called inetOrgPerson
781 for use in LDAP and X.500 directory services that extends the X.521
782 standard organizationalPerson class to meet these needs.
783 RFC-2714 Schema for Representing CORBA Objects in an LDAP Directory
785 http://www.ietf.org/rfc/rfc2714.txt
786 CORBA is the Common Object Request Broker Architecture defined by the
788 Object Management Group. This document defines the schema for
789 representing CORBA object references in an LDAP directory.
790 RFC-2713 Schema for Representing Java Objects in an LDAP Directory
792 http://www.ietf.org/rfc/rfc2713.txt
793 This document defines the schema for representing Java objects in an
795 LDAP directory. It defines schema elements to represent a Java
796 serialized object, a Java marshalled object, a Java remote object, and
797 a JNDI reference.
798 RFC-2696 LDAP Control Extension for Simple Paged Results Manipulation
800 http://www.ietf.org/rfc/rfc2696.txt
801 This document describes an LDAPv3 control extension for simple paging
803 of search results. This control extension allows a client to control
804 the rate at which an LDAP server returns the results of an LDAP search
805 operation. This control may be useful when the LDAP client has limited
806 resources and may not be able to process the entire result set from a
807 given LDAP query, or when the LDAP client is connected over a low-
808 bandwidth connection. Other operations on the result set are not
809 defined in this extension. This extension is not designed to provide
810 more sophisticated result set management.
811 RFC-1823 The LDAP Application Program Interface
813 http://www.ietf.org/rfc/rfc1823.txt
814 This document defines a C language application program interface to
816 LDAP, which is designed to be powerful, yet simple to use. It defines
817 compatible synchronous and asynchronous interfaces to LDAP to suit a
818 wide variety of applications. This document gives a brief overview of
819 the LDAP model, then an overview of how the API is used by an
820 application program to obtain LDAP information. The API calls are
821 described in detail, followed by an appendix that provides some example
822 code demonstrating the use of the API.
823
825 RFC-5805 Lightweight Directory Access Protocol (LDAP) Transactions
826 http://www.ietf.org/rfc/rfc5805.txt
827 Lightweight Directory Access Protocol (LDAP) update operations, such as
829 Add, Delete, and Modify operations, have atomic, consistency,
830 isolation, durability (ACID) properties. Each of these update
831 operations act upon an entry. It is often desirable to update two or
832 more entries in a single unit of interaction, a transaction.
833 Transactions are necessary to support a number of applications
834 including resource provisioning. This document extends LDAP to support
835 transactions.
836 RFC-4533 The Lightweight Directory Access Protocol (LDAP) Content
838 Synchronization Operation
839 http://www.ietf.org/rfc/rfc4533.txt
840 This specification describes the Lightweight Directory Access Protocol
842 (LDAP) Content Synchronization Operation. The operation allows a
843 client to maintain a copy of a fragment of the Directory Information
844 Tree (DIT). It supports both polling for changes and listening for
845 changes. The operation is defined as an extension of the LDAP Search
846 Operation.
847 RFC-4531 Lightweight Directory Access Protocol (LDAP) Turn Operation
849 http://www.ietf.org/rfc/rfc4531.txt
850 This specification describes a Lightweight Directory Access Protocol
852 (LDAP) extended operation to reverse (or "turn") the roles of client
853 and server for subsequent protocol exchanges in the session, or to
854 enable each peer to act as both client and server with respect to the
855 other.
856 RFC-3663 Domain Administrative Data in Lightweight Directory Access
858 Protocol (LDAP)
859 http://www.ietf.org/rfc/rfc3663.txt
860 Domain registration data has typically been exposed to the general
862 public via Nicname/Whois for administrative purposes. This document
863 describes the Referral Lightweight Directory Access Protocol (LDAP)
864 Service, an experimental service using LDAP and well-known LDAP types
865 to make domain administrative data available.
866 RFC-3088 OpenLDAP Root Service - An experimental LDAP referral service
868 http://www.ietf.org/rfc/rfc3088.txt
869 The OpenLDAP Project is operating an experimental LDAP (Lightweight
871 Directory Access Protocol) referral service known as the "OpenLDAP Root
872 Service". The automated system generates referrals based upon service
873 location information published in DNS SRV RRs (Domain Name System
874 location of services resource records). This document describes this
875 service.
876 RFC-2657 LDAPv2 Client vs. the Index Mesh
878 http://www.ietf.org/rfc/rfc2657.txt
879 LDAPv2 clients as implemented according to RFC 1777 have no notion of
881 referral. The integration between such a client and an Index Mesh, as
882 defined by the Common Indexing Protocol, heavily depends on referrals
883 and therefore needs to be handled in a special way. This document
884 defines one possible way of doing this.
885 RFC-2649 Signed Directory Operations Using S/MIME
887 http://www.ietf.org/rfc/rfc2649.txt
888 This document defines an LDAPv3 based mechanism for signing directory
890 operations in order to create a secure journal of changes that have
891 been made to each directory entry. Both client and server based
892 signatures are supported. An object class for subsequent retrieval are
893 'journal entries' is also defined. This document specifies LDAPv3
894 controls that enable this functionality. It also defines an LDAPv3
895 schema that allows for subsequent browsing of the journal information.
896 RFC-2307 An Approach for Using LDAP as a Network Information Service
898 http://www.ietf.org/rfc/rfc2307.txt
899 This document describes an experimental mechanism for mapping entities
901 related to TCP/IP and the UNIX system into X.500 entries so that they
902 may be resolved with the LDAP. A set of attribute types and object
903 classes are proposed, along with specific guidelines for interpreting
904 them. The intention is to assist the deployment of LDAP as an
905 organizational nameservice. No proposed solutions are intended as
906 standards for the Internet. Rather, it is hoped that a general
907 consensus will emerge as to the appropriate solution to such problems,
908 leading eventually to the adoption of standards. The proposed mechanism
909 has already been implemented with some success.
910
912 draft-wahl-ldap-adminaddr -- Administrator Address Attribute
913 Organizations running multiple directory servers need an ability for
914 administrators to determine who is responsible for a particular server.
915 This is conceptually similar to the 'sysContact' object of SNMP. The
916 administratorsAddress attribute allows a server administrator to
917 provide the contact information of the responsible party for an LDAP
918 server. This can be used by management clients which are, for example,
919 checking the state of a replication or referral topology, to provide a
920 way for the user of the management client to send email to manager of a
921 particular server.
922 draft-zeilenga-ldap-noop -- The LDAP No-Op Control
924 This document defines the Lightweight Directory Access Protocol (LDAP)
925 No-Op control which can be used to disable the normal effect of an
926 operation. The control can be used to discover how a server might
927 react to a particular update request without updating the directory.
928 draft-legg-ldap-transfer -- Lightweight Directory Access Protocol (LDAP):
930 Transfer Encoding Options
931 Each attribute stored in a Lightweight Directory Access Protocol (LDAP)
932 directory has a defined syntax (i.e., data type). A syntax definition
933 specifies how attribute values conforming to the syntax are normally
934 represented when transferred in LDAP operations. This representation
935 is referred to as the LDAP-specific encoding to distinguish it from
936 other methods of encoding attribute values. This document introduces a
937 new category of attribute options, called transfer encoding options,
938 that can be used to specify that the associated attribute values are
939 encoded according to one of these other methods.
940 draft-furuseth-ldap-untypedobject -- Structural object class 'namedObject'
942 for LDAP/X.500
943 This document defines an 'namedObject' structural object class for the
944 Lightweight Directory Access Protocol (LDAP) and X.500. This is useful
945 for entries with no natural choice of structural object class, e.g. if
946 an entry must exist even though its contents are uninteresting.
947 draft-wahl-ldap-p3p -- P3P Policy Attributes for LDAP
949 This document defines attributes that can be retrieved via Lightweight
950 Directory Access Protocol version 3 (LDAP) requests, which contain URIs
951 pointing to the privacy policy documents. These documents describe the
952 privacy policy concerning access to a directory server, and the privacy
953 policies that apply to the contents of the directory (a subtree of
954 entries).
955 draft-chu-ldap-xordered -- Ordered Entries and Values in LDAP
957 As LDAP is used more extensively for managing various kinds of data,
958 one often encounters a need to preserve both the ordering and the
959 content of data, despite the inherently unordered structure of entries
960 and attribute values in the directory. This document describes a
961 scheme to attach ordering information to attributes in a directory so
962 that the ordering may be preserved and propagated to other LDAP
963 applications.
964 draft-chu-ldap-logschema -- A Schema for Logging the LDAP Protocol
966 In order to facilitate remote administration and auditing of LDAP
967 server operation, it is desirable to provide the server's operational
968 logs themselves as a searchable LDAP directory. These logs may also be
969 used as a persistent change log to support various replication
970 mechanisms. This document defines a schema that may be used to
971 represent all of the requests that have been processed by an LDAP
972 server. It may be used by various applications for auditing, flight
973 recorder, replication, and other purposes.
974 draft-zeilenga-ldap-relax -- The LDAP Relax Rules Control
976 This document defines the Lightweight Directory Access Protocol (LDAP)
977 Relax Rules Control which allows a directory user agent (a client) to
978 request the directory service temporarily relax enforcement of various
979 data and service model rules.
980 draft-gpaterno-dhcp-ldap -- DHCP Option for LDAP Directory Services
982 discovery
983 This document defines a new DHCP option for delivering configuration
984 information for LDAP services. Through this option, the client receives
985 an LDAP URL [8] of the closest available LDAP server/replica that can
986 be used to authenticate users or look up any useful data.
987 draft-schleiff-ldap-xri -- LDAP Schema for eXtensible Resource Identifier
989 (XRI)
990 This document describes Attribute Types and an Object Class for use in
991 representing XRI (eXtensible Resource Identifier) values in LDAP
992 (Lightweight Directory Access Protocol) and X.500 directory services.
993 draft-wahl-ldap-session -- LDAP Session Tracking Control
995 Many network devices, application servers, and middleware components of
996 a enterprise software infrastructure generate some form of session
997 tracking identifiers, which are useful when analyzing activity and
998 accounting logs to group activity relating to a particular session.
999 This document discusses how Lightweight Directory Access Protocol
1000 version 3 (LDAP) clients can include session tracking identifiers with
1001 their LDAP requests. This information is provided through controls in
1002 the requests the clients send to LDAP servers. The LDAP server
1003 receiving these controls can include the session tracking identifiers
1004 the log messages it writes, enabling LDAP requests in the LDAP server's
1005 logs to be correlated with activity in logs of other components in the
1006 infrastructure. The control also enables session tracking information
1007 to be generated by LDAP servers and returned to clients and other
1008 servers. Three formats of session tracking identifiers are defined in
1009 this document.
1010 draft-wahl-ldap-subtree-source -- LDAP Subtree Data Source URI Attribute
1012 This document defines an attribute that enables administrative clients
1013 using the Lightweight Directory Access Protocol (LDAP) to determine the
1014 source of directory entries.
1015 draft-ietf-ldapext-psearch -- Persistent Search: A Simple LDAP Change
1017 Notification Mechanism
1018 This document defines two controls that extend the LDAPv3 search
1019 operation to provide a simple mechanism by which an LDAP client can
1020 receive notification of changes that occur in an LDAP server. The
1021 mechanism is designed to be very flexible yet easy for clients and
1022 servers to implement.
1023 draft-ietf-ldapext-ldapv3-vlv -- LDAP Extensions for Scrolling View
1025 Browsing of Search Results
1026 This document describes a Virtual List View control extension for
1027 the LDAP Search operation. This control is designed to allow the
1028 "virtual list box" feature, common in existing commercial e-mail
1029 address book applications, to be supported efficiently by LDAP
1030 servers. LDAP servers' inability to support this client feature is a
1031 significant impediment to LDAP replacing proprietary protocols in
1032 commercial e-mail systems.
1033 The control allows a client to specify that the server return, for
1035 a given LDAP search with associated sort keys, a contiguous subset of
1036 the search result set. This subset is specified in terms of offsets
1037 into the ordered list, or in terms of a greater than or equal
1038 comparison value.
1039
1041 Latest information on the RFCs and drafts around LDAP can be found at
1042 IETF's datatracker <https://datatracker.ietf.org>.
1043perl v5.30.0 2019-07-26 Net::LDAP::RFC(3)