1Net::LDAP::RFC(3)     User Contributed Perl Documentation    Net::LDAP::RFC(3)
2
3
4

NAME

6       Net::LDAP::RFC - List of related RFCs
7

SYNOPSIS

9         none
10

DESCRIPTION

12       The LDAP protocol is defined in the following RFCs
13

Core LDAP Specification

15   RFC-4510 Lightweight Directory Access Protocol (LDAP): Technical
16       Specification Road Map
17       http://www.ietf.org/rfc/rfc4510.txt
18
19       The Lightweight Directory Access Protocol (LDAP) is an Internet
20       protocol for accessing distributed directory services that act in
21       accordance with X.500 data and service models.  This document provides
22       a road map of the LDAP Technical Specification.
23
24   RFC-4511 Lightweight Directory Access Protocol (LDAP): The Protocol
25       http://www.ietf.org/rfc/rfc4511.txt
26
27       This document describes the protocol elements, along with their
28       semantics and encodings, of the Lightweight Directory Access Protocol
29       (LDAP).  LDAP provides access to distributed directory services that
30       act in accordance with X.500 data and service models.  These protocol
31       elements are based on those described in the X.500 Directory Access
32       Protocol (DAP).
33
34   RFC-4512 Lightweight Directory Access Protocol (LDAP): Directory
35       Information Models
36       http://www.ietf.org/rfc/rfc4512.txt
37
38       The Lightweight Directory Access Protocol (LDAP) is an Internet
39       protocol for accessing distributed directory services that act in
40       accordance with X.500 data and service models.  This document describes
41       the X.500 Directory Information Models, as used in LDAP.
42
43   RFC-4513 Lightweight Directory Access Protocol (LDAP): Authentication
44       Methods and Security Mechanisms
45       http://www.ietf.org/rfc/rfc4513.txt
46
47       This document describes authentication methods and security mechanisms
48       of the Lightweight Directory Access Protocol (LDAP).  This document
49       details establishment of Transport Layer Security (TLS) using the
50       StartTLS operation.
51
52       This document details the simple Bind authentication method including
53       anonymous, unauthenticated, and name/password mechanisms and the Simple
54       Authentication and Security Layer (SASL) Bind authentication method
55       including the EXTERNAL mechanism.
56
57       This document discusses various authentication and authorization states
58       through which a session to an LDAP server may pass and the actions that
59       trigger these state changes.
60
61   RFC-4514 Lightweight Directory Access Protocol (LDAP): String
62       Representation of Distinguished Names
63       http://www.ietf.org/rfc/rfc4514.txt
64
65       The X.500 Directory uses distinguished names (DNs) as primary keys to
66       entries in the directory.  This document defines the string
67       representation used in the Lightweight Directory Access Protocol (LDAP)
68       to transfer distinguished names.  The string representation is designed
69       to give a clean representation of commonly used distinguished names,
70       while being able to represent any distinguished name.
71
72   RFC-4515 Lightweight Directory Access Protocol (LDAP): String
73       Representation of Search Filters
74       http://www.ietf.org/rfc/rfc4515.txt
75
76       Lightweight Directory Access Protocol (LDAP) search filters are
77       transmitted in the LDAP protocol using a binary representation that is
78       appropriate for use on the network.  This document defines a human-
79       readable string representation of LDAP search filters that is
80       appropriate for use in LDAP URLs (RFC 4516) and in other applications.
81
82   RFC-4516 Lightweight Directory Access Protocol (LDAP): Uniform Resource
83       Locator
84       http://www.ietf.org/rfc/rfc4516.txt
85
86       This document describes a format for a Lightweight Directory Access
87       Protocol (LDAP) Uniform Resource Locator (URL).  An LDAP URL describes
88       an LDAP search operation that is used to retrieve information from an
89       LDAP directory, or, in the context of an LDAP referral or reference, an
90       LDAP URL describes a service where an LDAP operation may be progressed.
91
92   RFC-4517 Lightweight Directory Access Protocol (LDAP): Syntaxes and
93       Matching Rules
94       http://www.ietf.org/rfc/rfc4517.txt
95
96       Each attribute stored in a Lightweight Directory Access Protocol (LDAP)
97       directory, whose values may be transferred in the LDAP protocol, has a
98       defined syntax that constrains the structure and format of its values.
99       The comparison semantics for values of a syntax are not part of the
100       syntax definition but are instead provided through separately defined
101       matching rules.  Matching rules specify an argument, an assertion
102       value, which also has a defined syntax.  This document defines a base
103       set of syntaxes and matching rules for use in defining attributes for
104       LDAP directories.
105
106   RFC-4518 Lightweight Directory Access Protocol (LDAP): Internationalized
107       String Preparation
108       http://www.ietf.org/rfc/rfc4518.txt
109
110       The previous Lightweight Directory Access Protocol (LDAP) technical
111       specifications did not precisely define how character string matching
112       is to be performed.  This led to a number of usability and
113       interoperability problems.  This document defines string preparation
114       algorithms for character-based matching rules defined for use in LDAP.
115
116   RFC-4519 Lightweight Directory Access Protocol (LDAP): Schema for User
117       Applications
118       http://www.ietf.org/rfc/rfc4519.txt
119
120       This document is an integral part of the Lightweight Directory Access
121       Protocol (LDAP) technical specification.  It provides a technical
122       specification of attribute types and object classes intended for use by
123       LDAP directory clients for many directory services, such as White
124       Pages.  These objects are widely used as a basis for the schema in many
125       LDAP directories.  This document does not cover attributes used for the
126       administration of directory servers, nor does it include directory
127       objects defined for specific uses in other documents.
128
130   RFC-6171 The Lightweight Directory Access Protocol (LDAP) Don't Use Copy
131       Control
132       http://www.ietf.org/rfc/rfc6171.txt
133
134       This document defines the Lightweight Directory Access Protocol (LDAP)
135       Don't Use Copy control extension which allows a client to specify that
136       copied information should not be used in providing service.  This
137       control is based upon the X.511 dontUseCopy service control option.
138
139   RFC-5020 The Lightweight Directory Access Protocol (LDAP) entryDN
140       Operational Attribute
141       http://www.ietf.org/rfc/rfc5020.txt
142
143       This document describes the LDAP/X.500 'entryDN' operational attribute.
144       The attribute provides a copy of the entry's distinguished name for use
145       in attribute value assertions.
146
147   RFC-4792 Encoding Instructions for the Generic String Encoding Rules (GSER)
148       http://www.ietf.org/rfc/rfc4792.txt
149
150       Abstract Syntax Notation One (ASN.1) defines a general framework for
151       annotating types in an ASN.1 specification with encoding instructions
152       that alter how values of those types are encoded according to ASN.1
153       encoding rules.  This document defines the supporting notation for
154       encoding instructions that apply to the Generic String Encoding Rules
155       (GSER), and in particular defines an encoding instruction to provide a
156       machine-processable representation for the declaration of a GSER
157       ChoiceOfStrings type.
158
159   RFC-4532 Lightweight Directory Access Protocol (LDAP) Who am I? Operation
160       http://www.ietf.org/rfc/rfc4532.txt
161
162       This specification provides a mechanism for Lightweight Directory
163       Access Protocol (LDAP) clients to obtain the authorization identity the
164       server has associated with the user or application entity.  This
165       mechanism is specified as an LDAP extended operation called the LDAP
166       "Who am I?" operation.
167
168   RFC-4530 Lightweight Directory Access Protocol (LDAP) entryUUID Operational
169       Attribute
170       http://www.ietf.org/rfc/rfc4530.txt
171
172       This document describes the LDAP/X.500 'entryUUID' operational
173       attribute and associated matching rules and syntax.  The attribute
174       holds a server-assigned Universally Unique Identifier (UUID) for the
175       object.  Directory clients may use this attribute to distinguish
176       objects identified by a distinguished name or to locate an object after
177       renaming.
178
179   RFC-4528 Lightweight Directory Access Protocol (LDAP) Assertion Control
180       http://www.ietf.org/rfc/rfc4528.txt
181
182       This document defines the Lightweight Directory Access Protocol (LDAP)
183       Assertion Control, which allows a client to specify that a directory
184       operation should only be processed if an assertion applied to the
185       target entry of the operation is true.  It can be used to construct
186       "test and set", "test and clear", and other conditional operations.
187
188   RFC-4527 Lightweight Directory Access Protocol (LDAP) Read Entry Controls
189       http://www.ietf.org/rfc/rfc4527.txt
190
191       This document specifies an extension to the Lightweight Directory
192       Access Protocol (LDAP) to allow the client to read the target entry of
193       an update operation.  The client may request to read the entry before
194       and/or after the modifications are applied.  These reads are done as an
195       atomic part of the update operation.
196
197   RFC-4526 Lightweight Directory Access Protocol (LDAP) Absolute True and
198       False Filters
199       http://www.ietf.org/rfc/rfc4526.txt
200
201       This document extends the Lightweight Directory Access Protocol (LDAP)
202       to support absolute True and False filters based upon similar
203       capabilities found in X.500 directory systems.  The document also
204       extends the String Representation of LDAP Search Filters to support
205       these filters.
206
207   RFC-4524 COSINE LDAP/X.500 Schema
208       http://www.ietf.org/rfc/rfc4524.txt
209
210       This document provides a collection of schema elements for use with the
211       Lightweight Directory Access Protocol (LDAP) from the COSINE and
212       Internet X.500 pilot projects.
213
214   RFC-4523 Lightweight Directory Access Protocol (LDAP) Schema Definitions
215       for X.509 Certificates
216       http://www.ietf.org/rfc/rfc4523.txt
217
218       This document describes schema for representing X.509 certificates,
219       X.521 security information, and related elements in directories
220       accessible using the Lightweight Directory Access Protocol (LDAP).  The
221       LDAP definitions for these X.509 and X.521 schema elements replace
222       those provided in RFCs 2252 and 2256.
223
224   RFC-4522 Lightweight Directory Access Protocol (LDAP): The Binary Encoding
225       Option
226       http://www.ietf.org/rfc/rfc4522.txt
227
228       Each attribute stored in a Lightweight Directory Access Protocol (LDAP)
229       directory has a defined syntax (i.e., data type).  A syntax definition
230       specifies how attribute values conforming to the syntax are normally
231       represented when transferred in LDAP operations.  This representation
232       is referred to as the LDAP-specific encoding to distinguish it from
233       other methods of encoding attribute values.  This document defines an
234       attribute option, the binary option, that can be used to specify that
235       the associated attribute values are instead encoded according to the
236       Basic Encoding Rules (BER) used by X.500 directories.
237
238   RFC-4370 Lightweight Directory Access Protocol (LDAP) Proxied Authorization
239       Control
240       http://www.ietf.org/rfc/rfc4370.txt
241
242       This document defines the Lightweight Directory Access Protocol (LDAP)
243       Proxy Authorization Control.  The Proxy Authorization Control allows a
244       client to request that an operation be processed under a provided
245       authorization identity instead of under the current authorization
246       identity associated with the connection.
247
248   RFC-4104 Policy Core Extension Lightweight Directory Access Protocol Schema
249       (PCELS)
250       http://www.ietf.org/rfc/rfc4104.txt
251
252       This document defines a number of changes and extensions to the Policy
253       Core Lightweight Directory Access Protocol (LDAP) Schema (RFC 3703)
254       based on the model extensions defined by the Policy Core Information
255       Model (PCIM) Extensions (RFC 3460).  These changes and extensions
256       consist of new LDAP object classes and attribute types.  Some of the
257       schema items defined in this document re-implement existing concepts in
258       accordance with their new semantics introduced by RFC 3460.  The other
259       schema items implement new concepts, not covered by RFC 3703.  This
260       document updates RFC 3703.
261
262   RFC-3928 Lightweight Directory Access Protocol (LDAP) Client Update
263       Protocol (LCUP)
264       http://www.ietf.org/rfc/rfc3928.txt
265
266       This document defines the Lightweight Directory Access Protocol (LDAP)
267       Client Update Protocol (LCUP).  The protocol is intended to allow an
268       LDAP client to synchronize with the content of a directory information
269       tree (DIT) stored by an LDAP server and to be notified about the
270       changes to that content.
271
272   RFC-3909 Lightweight Directory Access Protocol (LDAP) Cancel Operation
273       http://www.ietf.org/rfc/rfc3909.txt
274
275       This specification describes a Lightweight Directory Access Protocol
276       (LDAP) extended operation to cancel (or abandon) an outstanding
277       operation.  Unlike the LDAP Abandon operation, but like the X.511
278       Directory Access Protocol (DAP) Abandon operation, this operation has a
279       response which provides an indication of its outcome.
280
281   RFC-3876 Returning Matched Values with the Lightweight Directory Access
282       Protocol version 3 (LDAPv3)
283       http://www.ietf.org/rfc/rfc3876.txt
284
285       This document describes a control for the Lightweight Directory Access
286       Protocol version 3 that is used to return a subset of attribute values
287       from an entry.  Specifically, only those values that match a "values
288       return" filter.  Without support for this control, a client must
289       retrieve all of an attribute's values and search for specific values
290       locally.
291
292   RFC-3866 Language Tags and Ranges in the Lightweight Directory Access
293       Protocol (LDAP)
294       http://www.ietf.org/rfc/rfc3866.txt
295
296       It is often desirable to be able to indicate the natural language
297       associated with values held in a directory and to be able to query the
298       directory for values which fulfill the user's language needs.  This
299       document details the use of Language Tags and Ranges in the Lightweight
300       Directory Access Protocol (LDAP).
301
302   RFC-3727 ASN.1 Module Definition for the LDAP and X.500 Component Matching
303       Rules
304       http://www.ietf.org/rfc/rfc3727.txt
305
306       This document updates the specification of the component matching rules
307       for Lightweight Directory Access Protocol (LDAP) and X.500 directories
308       (RFC3687) by collecting the Abstract Syntax Notation One (ASN.1)
309       definitions of the component matching rules into an appropriately
310       identified ASN.1 module so that other specifications may reference the
311       component matching rule definitions from within their own ASN.1
312       modules.
313
314   RFC-3703 Policy Core Lightweight Directory Access Protocol (LDAP) Schema
315       http://www.ietf.org/rfc/rfc3703.txt
316
317       This document defines a mapping of the Policy Core Information Model to
318       a form that can be implemented in a directory that uses Lightweight
319       Directory Access Protocol (LDAP) as its access protocol.  This model
320       defines two hierarchies of object classes: structural classes
321       representing information for representing and controlling policy data
322       as specified in RFC 3060, and relationship classes that indicate how
323       instances of the structural classes are related to each other.  Classes
324       are also added to the LDAP schema to improve the performance of a
325       client's interactions with an LDAP server when the client is retrieving
326       large amounts of policy-related information.  These classes exist only
327       to optimize LDAP retrievals: there are no classes in the information
328       model that correspond to them.
329
330   RFC-3698 Lightweight Directory Access Protocol (LDAP): Additional Matching
331       Rules
332       http://www.ietf.org/rfc/rfc3698.txt
333
334       This document provides a collection of matching rules for use with the
335       Lightweight Directory Access Protocol (LDAP).  As these matching rules
336       are simple adaptations of matching rules specified for use with the
337       X.500 Directory, most are already in wide use.
338
339   RFC-3687 Lightweight Directory Access Protocol (LDAP) and X.500 Component
340       Matching Rules
341       http://www.ietf.org/rfc/rfc3687.txt
342
343       The syntaxes of attributes in a Lightweight Directory Access Protocol
344       (LDAP) or X.500 directory range from simple data types, such as text
345       string, integer, or Boolean, to complex structured data types, such as
346       the syntaxes of the directory schema operational attributes.  Matching
347       rules defined for the complex syntaxes usually only provide the most
348       immediately useful matching capability.  This document defines generic
349       matching rules that can match any user selected component parts in an
350       attribute value of any arbitrarily complex attribute syntax.
351
352   RFC-3672 Subentries in the Lightweight Directory Access Protocol (LDAP)
353       http://www.ietf.org/rfc/rfc3672.txt
354
355       In X.500 directories, subentries are special entries used to hold
356       information associated with a subtree or subtree refinement.  This
357       document adapts X.500 subentries mechanisms for use with the
358       Lightweight Directory Access Protocol (LDAP).
359
360   RFC-3671 Collective Attributes in the Lightweight Directory Access Protocol
361       (LDAP)
362       http://www.ietf.org/rfc/rfc3671.txt
363
364       X.500 collective attributes allow common characteristics to be shared
365       between collections of entries.  This document summarizes the X.500
366       information model for collective attributes and describes use of
367       collective attributes in LDAP (Lightweight Directory Access Protocol).
368       This document provides schema definitions for collective attributes for
369       use in LDAP.
370
371   RFC-3296 Named Subordinate References in Lightweight Directory Access
372       Protocol (LDAP) Directories
373       http://www.ietf.org/rfc/rfc3296.txt
374
375       This document details schema and protocol elements for representing and
376       managing named subordinate references in Lightweight Directory Access
377       Protocol (LDAP) Directories.
378
379   RFC-3062 LDAP Password Modify Extended Operation
380       http://www.ietf.org/rfc/rfc3062.txt
381
382       The integration of the Lightweight Directory Access Protocol (LDAP) and
383       external authentication services has introduced non-DN authentication
384       identities and allowed for non-directory storage of passwords.  As
385       such, mechanisms which update the directory (e.g., Modify) cannot be
386       used to change a user's password.  This document describes an LDAP
387       extended operation to allow modification of user passwords which is not
388       dependent upon the form of the authentication identity nor the password
389       storage mechanism used.
390
391   RFC-2891 LDAP Control Extension for Server Side Sorting of Search Results
392       http://www.ietf.org/rfc/rfc2891.txt
393
394       This document describes two LDAPv3 control extensions for server side
395       sorting of search results. These controls allows a client to specify
396       the attribute types and matching rules a server should use when
397       returning the results to an LDAP search request. The controls may be
398       useful when the LDAP client has limited functionality or for some other
399       reason cannot sort the results but still needs them sorted. Other
400       permissible controls on search operations are not defined in this
401       extension.
402
403   RFC-2849 The LDAP Data Interchange Format (LDIF) - Technical Specification
404       http://www.ietf.org/rfc/rfc2849.txt
405
406       This document describes a file format suitable for describing directory
407       information or modifications made to directory information. The file
408       format, known as LDIF, for LDAP Data Interchange Format, is typically
409       used to import and export directory information between LDAP-based
410       directory servers, or to describe a set of changes which are to be
411       applied to a directory.
412
413   RFC-2831 Using Digest Authentication as a SASL Mechanism
414       http://www.ietf.org/rfc/rfc2831.txt
415
416       This specification defines how HTTP Digest Authentication can be used
417       as a SASL [RFC 2222] mechanism for any protocol that has a SASL
418       profile. It is intended both as an improvement over CRAM-MD5 [RFC 2195]
419       and as a convenient way to support a single authentication mechanism
420       for web, mail, LDAP, and other protocols.
421
422   RFC-2739 Calendar Attributes for vCard and LDAP
423       http://www.ietf.org/rfc/rfc2739.txt
424
425       When scheduling a calendar entity, such as an event, it is a
426       prerequisite that an organizer has the calendar address of each
427       attendee that will be invited to the event. Additionally, access to an
428       attendee's current "busy time" provides an a priori indication of
429       whether the attendee will be free to participate in the event. In order
430       to meet these challenges, a calendar user agent (CUA) needs a mechanism
431       to locate individual user's calendar and free/busy time. This memo
432       defines three mechanisms for obtaining a URI to a user's calendar and
433       free/busy time. These include:
434
435   RFC-2589 Extensions for Dynamic Directory Services
436       http://www.ietf.org/rfc/rfc2589.txt
437
438       LDAP supports lightweight access to static directory services, allowing
439       relatively fast search and update access. Static directory services
440       store information about people that persists in its accuracy and value
441       over a long period of time. Dynamic directory services are different in
442       that they store information about people that only persists in its
443       accuracy and value while people are online. Though the protocol
444       operations and attributes used by dynamic directory services are
445       similar to the ones used for static directory services, clients that
446       are bound to a dynamic directory service need to periodically refresh
447       their presence at the server to keep directory entries from getting
448       stale in the presence of client application crashes. A flow control
449       mechanism from the server is also described that allows a server to
450       inform clients how often they should refresh their presence.
451
452   RFC-2559 Internet X.509 Public Key Infrastructure Operational Protocols -
453       LDAPv2
454       http://www.ietf.org/rfc/rfc2559.txt
455
456       The protocol described in this document is designed to satisfy some of
457       the operational requirements within the Internet X.509 PKI.
458       Specifically, this document addresses requirements to provide access to
459       PKI repositories for the purposes of retrieving PKI information and
460       managing that same information.  The mechanism described in this
461       document is based on the LDAPv2, defined in RFC 1777, defining a
462       profile of that protocol for use within the PKIX and updates encodings
463       for certificates and revocation lists from RFC 1778. Additional
464       mechanisms addressing PKIX operational requirements are specified in
465       separate documents.
466
467   RFC-2247 Using Domains in LDAP/X.500 Distinguished Names
468       http://www.ietf.org/rfc/rfc2247.txt
469
470       LDAP uses X.500-compatible distinguished names for providing unique
471       identification of entries. This document defines an algorithm by which
472       a name registered with the Internet Domain Name Service can be
473       represented as an LDAP distinguished name.
474
475   RFC-2222 Simple Authentication and Security Layer (SASL)
476       http://www.ietf.org/rfc/rfc2222.txt
477
478       This document describes a method for adding authentication support to
479       connection-based protocols. To use this specification, a protocol
480       includes a command for identifying and authenticating a user to a
481       server and for optionally negotiating protection of subsequent protocol
482       interactions. If its use is negotiated, a security layer is inserted
483       between the protocol and the connection. This document describes how a
484       protocol specifies such a command, defines several mechanisms for use
485       by the command, and defines the protocol used for carrying a negotiated
486       security layer over the connection.
487
488   RFC-2218 A Common Schema for the Internet White Pages Service
489       http://www.ietf.org/rfc/rfc2218.txt
490
491       This IETF Integrated Directory Services(IDS) Working Group proposes a
492       standard specification for a simple Internet White Pages service by
493       defining a common schema for use by the various White Pages servers.
494       This schema is independent of specific implementations of the White
495       Pages service. This document specifies the minimum set of core
496       attributes of a White Pages entry for an individual and describes how
497       new objects with those attributes can be defined and published. It does
498       not describe how to represent other objects in the White Pages service.
499       Further, it does not address the search sort expectations within a
500       particular service.
501
502   RFC-2164 Use of an X.500/LDAP directory to support MIXER address mapping
503       http://www.ietf.org/rfc/rfc2164.txt
504
505       MIXER (RFC 2156) defines an algorithm for use of a set of global
506       mapping between X.400 and RFC 822 addresses. This specification defines
507       how to represent and maintain these mappings (MIXER Conformant Global
508       Address Mappings of MCGAMs) in an X.500 or LDAP directory. Mechanisms
509       for representing OR Address and Domain hierarchies within the DIT.
510       These techniques are used to define two independent subtrees in the
511       DIT, which contain the mapping information.
512
513   RFC-2079 Definition of an X.500 Attribute Type and an Object Class to Hold
514       Uniform Resource Identifiers
515       http://www.ietf.org/rfc/rfc2079.txt
516
517       URLs are being widely used to specify the location of Internet
518       resources. There is an urgent need to be able to include URLs in
519       directories that conform to the LDAP and X.500 information models, and
520       a desire to include other types of URIs as they are defined. A number
521       of independent groups are already experimenting with the inclusion of
522       URLs in LDAP and X.500 directories. This document builds on the
523       experimentation to date and defines a new attribute type and an
524       auxiliary object class to allow URIs, including URLs, to be stored in
525       directory entries in a standard way.
526
528   RFC-4521 Considerations for Lightweight Directory Access Protocol (LDAP)
529       Extensions
530       http://www.ietf.org/rfc/rfc4521.txt
531
532       The Lightweight Directory Access Protocol (LDAP) is extensible.  It
533       provides mechanisms for adding new operations, extending existing
534       operations, and expanding user and system schemas.  This document
535       discusses considerations for designers of LDAP extensions.
536
537   RFC-4520 Internet Assigned Numbers Authority (IANA) Considerations for the
538       Lightweight Directory Access Protocol (LDAP)
539       http://www.ietf.org/rfc/rfc4520.txt
540
541       This document provides procedures for registering extensible elements
542       of the Lightweight Directory Access Protocol (LDAP).  The document also
543       provides guidelines to the Internet Assigned Numbers Authority (IANA)
544       describing conditions under which new values can be assigned.
545
546   RFC-2148 Deployment of the Internet White Pages Service
547       http://www.ietf.org/rfc/rfc2148.txt
548
549       The Internet is used for information exchange and communication between
550       its users. It can only be effective as such if users are able to find
551       each other's addresses. Therefore the Internet benefits from an
552       adequate White Pages Service, i.e., a directory service offering
553       (Internet) address information related to people and organizations.
554
555       This document describes the way in which the Internet White Pages
556       Service (from now on abbreviated as IWPS) is best exploited using
557       today's experience, today's protocols, today's products and today's
558       procedures.
559
561   RFC-5803 Lightweight Directory Access Protocol (LDAP) Schema for Storing
562       Salted Challenge Response Authentication Mechanism (SCRAM) Secrets
563       http://www.ietf.org/rfc/rfc5803.txt
564
565       This memo describes how the "authPassword" Lightweight Directory Access
566       Protocol (LDAP) attribute can be used for storing secrets used by the
567       Salted Challenge Response Authentication Mechanism (SCRAM) mechanism in
568       the Simple Authentication and Security Layer (SASL) framework.
569
570   RFC-4876 A Configuration Profile Schema for Lightweight Directory Access
571       Protocol (LDAP)-Based Agents
572       http://www.ietf.org/rfc/rfc4828.txt
573
574       This document consists of two primary components, a schema for agents
575       that make use of the Lightweight Directory Access protocol (LDAP) and a
576       proposed use case of that schema, for distributed configuration of
577       similar directory user agents.  A set of attribute types and an object
578       class are proposed.  In the proposed use case, directory user agents
579       (DUAs) can use this schema to determine directory data location and
580       access parameters for specific services they support.  In addition, in
581       the proposed use case, attribute and object class mapping allows DUAs
582       to reconfigure their expected (default) schema to match that of the end
583       user's environment.  This document is intended to be a skeleton for
584       future documents that describe configuration of specific DUA services.
585
586   RFC-4529 Requesting Attributes by Object Class in the Lightweight Directory
587       Access Protocol (LDAP)
588       http://www.ietf.org/rfc/rfc4529.txt
589
590       The Lightweight Directory Access Protocol (LDAP) search operation
591       provides mechanisms for clients to request all user application
592       attributes, all operational attributes, and/or attributes selected by
593       their description.  This document extends LDAP to support a mechanism
594       that LDAP clients may use to request the return of all attributes of an
595       object class.
596
597   RFC-4525 Lightweight Directory Access Protocol (LDAP) Modify-Increment
598       Extension
599       http://www.ietf.org/rfc/rfc4525.txt
600
601       This document describes an extension to the Lightweight Directory
602       Access Protocol (LDAP) Modify operation to support an increment
603       capability.  This extension is useful in provisioning applications,
604       especially when combined with the assertion control and/or the pre-
605       read or post-read control extension.
606
607   RFC-4403 Lightweight Directory Access Protocol (LDAP) Schema for Universal
608       Description, Discovery, and Integration version 3 (UDDIv3)
609       http://www.ietf.org/rfc/rfc4403.txt
610
611       This document defines the Lightweight Directory Access Protocol
612       (LDAPv3) schema for representing Universal Description, Discovery, and
613       Integration (UDDI) data types in an LDAP directory.  It defines the
614       LDAP object class and attribute definitions and containment rules to
615       model UDDI entities, defined in the UDDI version 3 information model,
616       in an LDAPv3-compliant directory.
617
618   RFC-4373 Lightweight Directory Access Protocol (LDAP) Bulk
619       Update/Replication Protocol (LBURP)
620       http://www.ietf.org/rfc/rfc4373.txt
621
622       The Lightweight Directory Access Protocol (LDAP) Bulk
623       Update/Replication Protocol (LBURP) allows an LDAP client to perform a
624       bulk update to an LDAP server.  The protocol frames a sequenced set of
625       update operations within a pair of LDAP extended operations to notify
626       the server that the update operations in the framed set are related in
627       such a way that the ordering of all operations can be preserved during
628       processing even when they are sent asynchronously by the client.
629       Update operations can be grouped within a single protocol message to
630       maximize the efficiency of client-server communication.
631
632       The protocol is suitable for efficiently making a substantial set of
633       updates to the entries in an LDAP server.
634
635   RFC-3944 H.350 Directory Services
636       http://www.ietf.org/rfc/rfc3944.txt
637
638       The International Telecommunications Union Standardization Sector (ITU-
639       T) has created the H.350 series of Recommendations that specify
640       directory services architectures in support of multimedia conferencing
641       protocols.  The goal of the architecture is to 'directory enable'
642       multimedia conferencing so that these services can leverage existing
643       identity management and enterprise directories.  A particular goal is
644       to enable an enterprise or service provider to maintain a canonical
645       source of users and their multimedia conferencing systems, so that
646       multiple call servers from multiple vendors, supporting multiple
647       protocols, can all access the same data store.
648
649       Because SIP is an IETF standard, the contents of H.350 and H.350.4 are
650       made available via this document to the IETF community.  This document
651       contains the entire normative text of ITU-T Recommendations H.350 and
652       H.350.4 in sections 4 and 5, respectively.  The remaining sections are
653       included only in this document, not in the ITU-T version.
654
655   RFC-3829 Lightweight Directory Access Protocol (LDAP) Authorization
656       Identity Request and Response Controls
657       http://www.ietf.org/rfc/rfc3829.txt
658
659       This document extends the Lightweight Directory Access Protocol (LDAP)
660       bind operation with a mechanism for requesting and returning the
661       authorization identity it establishes.  Specifically, this document
662       defines the Authorization Identity Request and Response controls for
663       use with the Bind operation.
664
665   RFC-3712 Lightweight Directory Access Protocol (LDAP): Schema for Printer
666       Services
667       http://www.ietf.org/rfc/rfc3712.txt
668
669       This document defines a schema, object classes and attributes, for
670       printers and printer services, for use with directories that support
671       Lightweight Directory Access Protocol v3 (LDAP-TS).  This document is
672       based on the printer attributes listed in Appendix E of Internet
673       Printing Protocol/1.1 (IPP) (RFC 2911).  A few additional printer
674       attributes are based on definitions in the Printer MIB (RFC 1759).
675
676   RFC-3494 Lightweight Directory Access Protocol version 2 (LDAPv2) to
677       Historic Status
678       http://www.ietf.org/rfc/rfc3494.txt
679
680       This document recommends the retirement of version 2 of the Lightweight
681       Directory Access Protocol (LDAPv2) and other dependent specifications,
682       and discusses the reasons for doing so.  This document recommends RFC
683       1777, 1778, 1779, 1781, and 2559 (as well as documents they superseded)
684       be moved to Historic status.
685
686   RFC-3384 Lightweight Directory Access Protocol (version 3) Replication
687       Requirements
688       http://www.ietf.org/rfc/rfc3384.txt
689
690       This document discusses the fundamental requirements for replication of
691       data accessible via the Lightweight Directory Access Protocol (version
692       3) (LDAPv3).  It is intended to be a gathering place for general
693       replication requirements needed to provide interoperability between
694       informational directories.
695
696   RFC-3112 LDAP Authentication Password Schema
697       http://www.ietf.org/rfc/rfc3112.txt
698
699       This document describes schema in support of user/password
700       authentication in a LDAP (Lightweight Directory Access Protocol)
701       directory including the authPassword attribute type.  This attribute
702       type holds values derived from the user's password(s) (commonly using
703       cryptographic strength one-way hash).  authPassword is intended to used
704       instead of userPassword.
705
706   RFC-3045 Storing Vendor Information in the LDAP root DSE
707       http://www.ietf.org/rfc/rfc3045.txt
708
709       This document specifies two Lightweight Directory Access Protocol
710       (LDAP) attributes, vendorName and vendorVersion that MAY be included in
711       the root DSA-specific Entry (DSE) to advertise vendor-specific
712       information.  These two attributes supplement the attributes defined in
713       section 3.4 of RFC 2251.
714
715   RFC-2985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0
716       http://www.ietf.org/rfc/rfc2985.txt
717
718       This memo provides a selection of object classes and attribute types
719       for use in conjunction with public-key cryptography and Lightweight
720       Directory Access Protocol (LDAP) accessible directories.  It also
721       includes ASN.1 syntax for all constructs.
722
723   RFC-2967 TISDAG - Technical Infrastructure for Swedish Directory Access
724       Gateways
725       http://www.ietf.org/rfc/rfc2967.txt
726
727       The strength of the TISDAG (Technical Infrastructure for Swedish
728       Directory Access Gateways) project's DAG proposal is that it defines
729       the necessary technical infrastructure to provide a single-access-
730       point service for information on Swedish Internet users.  The resulting
731       service will provide uniform access for all information -- the same
732       level of access to information (7x24 service), and the same information
733       made available, irrespective of the service provider responsible for
734       maintaining that information, their directory service protocols, or the
735       end-user's client access protocol.
736
737   RFC-2927 MIME Directory Profile for LDAP Schema
738       http://www.ietf.org/rfc/rfc2927.txt
739
740       This document defines a multipurpose internet mail extensions (MIME)
741       directory profile for holding a lightweight directory access protocol
742       (LDAP) schema.  It is intended for communication with the Internet
743       schema listing service.
744
745   RFC-2926 Conversion of LDAP Schemas to and from SLP Templates
746       http://www.ietf.org/rfc/rfc2926.txt
747
748       This document describes a procedure for mapping between Service
749       Location Protocol (SLP) service advertisements and lightweight
750       directory access protocol (LDAP) descriptions of services.  The
751       document covers two aspects of the mapping.  One aspect is mapping
752       between SLP service type templates and LDAP directory schema.  Because
753       the SLP service type template grammar is relatively simple, mapping
754       from service type templates to LDAP types is straightforward.  Mapping
755       in the other direction is straightforward if the attributes are
756       restricted to use just a few of the syntaxes defined in RFC 2252.  If
757       arbitrary ASN.1 types occur in the schema, then the mapping is more
758       complex and may even be impossible.  The second aspect is
759       representation of service information in an LDAP directory.  The
760       recommended representation simplifies interoperability with SLP by
761       allowing SLP directory agents to backend into LDAP directory servers.
762       The resulting system allows service advertisements to propagate easily
763       between SLP and LDAP.
764
765   RFC-2820 Access Control Requirements for LDAP
766       http://www.ietf.org/rfc/rfc2820.txt
767
768       This document describes the fundamental requirements of an access
769       control list (ACL) model for the LDAP directory service.  It is
770       intended to be a gathering place for access control requirements needed
771       to provide authorized access to and interoperability between
772       directories.
773
774   RFC-2798 Definition of the inetOrgPerson Object Class
775       http://www.ietf.org/rfc/rfc2798.txt
776
777       While the X.500 standards define many useful attribute types [X520] and
778       object classes [X521], they do not define a person object class that
779       meets the requirements found in today's Internet and Intranet directory
780       service deployments. We define a new object class called inetOrgPerson
781       for use in LDAP and X.500 directory services that extends the X.521
782       standard organizationalPerson class to meet these needs.
783
784   RFC-2714 Schema for Representing CORBA Objects in an LDAP Directory
785       http://www.ietf.org/rfc/rfc2714.txt
786
787       CORBA is the Common Object Request Broker Architecture defined by the
788       Object Management Group. This document defines the schema for
789       representing CORBA object references in an LDAP directory.
790
791   RFC-2713 Schema for Representing Java Objects in an LDAP Directory
792       http://www.ietf.org/rfc/rfc2713.txt
793
794       This document defines the schema for representing Java objects in an
795       LDAP directory. It defines schema elements to represent a Java
796       serialized object, a Java marshalled object, a Java remote object, and
797       a JNDI reference.
798
799   RFC-2696 LDAP Control Extension for Simple Paged Results Manipulation
800       http://www.ietf.org/rfc/rfc2696.txt
801
802       This document describes an LDAPv3 control extension for simple paging
803       of search results. This control extension allows a client to control
804       the rate at which an LDAP server returns the results of an LDAP search
805       operation. This control may be useful when the LDAP client has limited
806       resources and may not be able to process the entire result set from a
807       given LDAP query, or when the LDAP client is connected over a low-
808       bandwidth connection. Other operations on the result set are not
809       defined in this extension. This extension is not designed to provide
810       more sophisticated result set management.
811
812   RFC-1823 The LDAP Application Program Interface
813       http://www.ietf.org/rfc/rfc1823.txt
814
815       This document defines a C language application program interface to
816       LDAP, which is designed to be powerful, yet simple to use. It defines
817       compatible synchronous and asynchronous interfaces to LDAP to suit a
818       wide variety of applications. This document gives a brief overview of
819       the LDAP model, then an overview of how the API is used by an
820       application program to obtain LDAP information. The API calls are
821       described in detail, followed by an appendix that provides some example
822       code demonstrating the use of the API.
823
825   RFC-5805 Lightweight Directory Access Protocol (LDAP) Transactions
826       http://www.ietf.org/rfc/rfc5805.txt
827
828       Lightweight Directory Access Protocol (LDAP) update operations, such as
829       Add, Delete, and Modify operations, have atomic, consistency,
830       isolation, durability (ACID) properties.  Each of these update
831       operations act upon an entry.  It is often desirable to update two or
832       more entries in a single unit of interaction, a transaction.
833       Transactions are necessary to support a number of applications
834       including resource provisioning.  This document extends LDAP to support
835       transactions.
836
837   RFC-4533 The Lightweight Directory Access Protocol (LDAP) Content
838       Synchronization Operation
839       http://www.ietf.org/rfc/rfc4533.txt
840
841       This specification describes the Lightweight Directory Access Protocol
842       (LDAP) Content Synchronization Operation.  The operation allows a
843       client to maintain a copy of a fragment of the Directory Information
844       Tree (DIT).  It supports both polling for changes and listening for
845       changes.  The operation is defined as an extension of the LDAP Search
846       Operation.
847
848   RFC-4531 Lightweight Directory Access Protocol (LDAP) Turn Operation
849       http://www.ietf.org/rfc/rfc4531.txt
850
851       This specification describes a Lightweight Directory Access Protocol
852       (LDAP) extended operation to reverse (or "turn") the roles of client
853       and server for subsequent protocol exchanges in the session, or to
854       enable each peer to act as both client and server with respect to the
855       other.
856
857   RFC-3663 Domain Administrative Data in Lightweight Directory Access
858       Protocol (LDAP)
859       http://www.ietf.org/rfc/rfc3663.txt
860
861       Domain registration data has typically been exposed to the general
862       public via Nicname/Whois for administrative purposes.  This document
863       describes the Referral Lightweight Directory Access Protocol (LDAP)
864       Service, an experimental service using LDAP and well-known LDAP types
865       to make domain administrative data available.
866
867   RFC-3088 OpenLDAP Root Service - An experimental LDAP referral service
868       http://www.ietf.org/rfc/rfc3088.txt
869
870       The OpenLDAP Project is operating an experimental LDAP (Lightweight
871       Directory Access Protocol) referral service known as the "OpenLDAP Root
872       Service".  The automated system generates referrals based upon service
873       location information published in DNS SRV RRs (Domain Name System
874       location of services resource records).  This document describes this
875       service.
876
877   RFC-2657 LDAPv2 Client vs. the Index Mesh
878       http://www.ietf.org/rfc/rfc2657.txt
879
880       LDAPv2 clients as implemented according to RFC 1777 have no notion of
881       referral. The integration between such a client and an Index Mesh, as
882       defined by the Common Indexing Protocol, heavily depends on referrals
883       and therefore needs to be handled in a special way. This document
884       defines one possible way of doing this.
885
886   RFC-2649 Signed Directory Operations Using S/MIME
887       http://www.ietf.org/rfc/rfc2649.txt
888
889       This document defines an LDAPv3 based mechanism for signing directory
890       operations in order to create a secure journal of changes that have
891       been made to each directory entry. Both client and server based
892       signatures are supported. An object class for subsequent retrieval are
893       'journal entries' is also defined. This document specifies LDAPv3
894       controls that enable this functionality. It also defines an LDAPv3
895       schema that allows for subsequent browsing of the journal information.
896
897   RFC-2307 An Approach for Using LDAP as a Network Information Service
898       http://www.ietf.org/rfc/rfc2307.txt
899
900       This document describes an experimental mechanism for mapping entities
901       related to TCP/IP and the UNIX system into X.500 entries so that they
902       may be resolved with the LDAP. A set of attribute types and object
903       classes are proposed, along with specific guidelines for interpreting
904       them. The intention is to assist the deployment of LDAP as an
905       organizational nameservice.  No proposed solutions are intended as
906       standards for the Internet. Rather, it is hoped that a general
907       consensus will emerge as to the appropriate solution to such problems,
908       leading eventually to the adoption of standards. The proposed mechanism
909       has already been implemented with some success.
910

Expired but still interesting Internet Drafts

912   draft-wahl-ldap-adminaddr -- Administrator Address Attribute
913       Organizations running multiple directory servers need an ability for
914       administrators to determine who is responsible for a particular server.
915       This is conceptually similar to the 'sysContact' object of SNMP. The
916       administratorsAddress attribute allows a server administrator to
917       provide the contact information of the responsible party for an LDAP
918       server. This can be used by management clients which are, for example,
919       checking the state of a replication or referral topology, to provide a
920       way for the user of the management client to send email to manager of a
921       particular server.
922
923   draft-zeilenga-ldap-noop -- The LDAP No-Op Control
924       This document defines the Lightweight Directory Access Protocol (LDAP)
925       No-Op control which can be used to disable the normal effect of an
926       operation.  The control can be used to discover how a server might
927       react to a particular update request without updating the directory.
928
929   draft-legg-ldap-transfer -- Lightweight Directory Access Protocol (LDAP):
930       Transfer Encoding Options
931       Each attribute stored in a Lightweight Directory Access Protocol (LDAP)
932       directory has a defined syntax (i.e., data type).  A syntax definition
933       specifies how attribute values conforming to the syntax are normally
934       represented when transferred in LDAP operations.  This representation
935       is referred to as the LDAP-specific encoding to distinguish it from
936       other methods of encoding attribute values.  This document introduces a
937       new category of attribute options, called transfer encoding options,
938       that can be used to specify that the associated attribute values are
939       encoded according to one of these other methods.
940
941   draft-furuseth-ldap-untypedobject -- Structural object class 'namedObject'
942       for LDAP/X.500
943       This document defines an 'namedObject' structural object class for the
944       Lightweight Directory Access Protocol (LDAP) and X.500.  This is useful
945       for entries with no natural choice of structural object class, e.g. if
946       an entry must exist even though its contents are uninteresting.
947
948   draft-wahl-ldap-p3p -- P3P Policy Attributes for LDAP
949       This document defines attributes that can be retrieved via Lightweight
950       Directory Access Protocol version 3 (LDAP) requests, which contain URIs
951       pointing to the privacy policy documents.  These documents describe the
952       privacy policy concerning access to a directory server, and the privacy
953       policies that apply to the contents of the directory (a subtree of
954       entries).
955
956   draft-chu-ldap-xordered -- Ordered Entries and Values in LDAP
957       As LDAP is used more extensively for managing various kinds of data,
958       one often encounters a need to preserve both the ordering and the
959       content of data, despite the inherently unordered structure of entries
960       and attribute values in the directory.  This document describes a
961       scheme to attach ordering information to attributes in a directory so
962       that the ordering may be preserved and propagated to other LDAP
963       applications.
964
965   draft-chu-ldap-logschema -- A Schema for Logging the LDAP Protocol
966       In order to facilitate remote administration and auditing of LDAP
967       server operation, it is desirable to provide the server's operational
968       logs themselves as a searchable LDAP directory.  These logs may also be
969       used as a persistent change log to support various replication
970       mechanisms.  This document defines a schema that may be used to
971       represent all of the requests that have been processed by an LDAP
972       server.  It may be used by various applications for auditing, flight
973       recorder, replication, and other purposes.
974
975   draft-zeilenga-ldap-relax -- The LDAP Relax Rules Control
976       This document defines the Lightweight Directory Access Protocol (LDAP)
977       Relax Rules Control which allows a directory user agent (a client) to
978       request the directory service temporarily relax enforcement of various
979       data and service model rules.
980
981   draft-gpaterno-dhcp-ldap -- DHCP Option for LDAP Directory Services
982       discovery
983       This document defines a new DHCP option for delivering configuration
984       information for LDAP services. Through this option, the client receives
985       an LDAP URL [8] of the closest available LDAP server/replica that can
986       be used to authenticate users or look up any useful data.
987
988   draft-schleiff-ldap-xri -- LDAP Schema for eXtensible Resource Identifier
989       (XRI)
990       This document describes Attribute Types and an Object Class for use in
991       representing XRI (eXtensible Resource Identifier) values in LDAP
992       (Lightweight Directory Access Protocol) and X.500 directory services.
993
994   draft-wahl-ldap-session -- LDAP Session Tracking Control
995       Many network devices, application servers, and middleware components of
996       a enterprise software infrastructure generate some form of session
997       tracking identifiers, which are useful when analyzing activity and
998       accounting logs to group activity relating to a particular session.
999       This document discusses how Lightweight Directory Access Protocol
1000       version 3 (LDAP) clients can include session tracking identifiers with
1001       their LDAP requests.  This information is provided through controls in
1002       the requests the clients send to LDAP servers.  The LDAP server
1003       receiving these controls can include the session tracking identifiers
1004       the log messages it writes, enabling LDAP requests in the LDAP server's
1005       logs to be correlated with activity in logs of other components in the
1006       infrastructure.  The control also enables session tracking information
1007       to be generated by LDAP servers and returned to clients and other
1008       servers.  Three formats of session tracking identifiers are defined in
1009       this document.
1010
1011   draft-wahl-ldap-subtree-source -- LDAP Subtree Data Source URI Attribute
1012       This document defines an attribute that enables administrative clients
1013       using the Lightweight Directory Access Protocol (LDAP) to determine the
1014       source of directory entries.
1015
1016   draft-ietf-ldapext-psearch -- Persistent Search: A Simple LDAP Change
1017       Notification Mechanism
1018       This document defines two controls that extend the LDAPv3 search
1019       operation to provide a simple mechanism by which an LDAP client can
1020       receive notification of changes that occur in an LDAP server. The
1021       mechanism is designed to be very flexible yet easy for clients and
1022       servers to implement.
1023
1024   draft-ietf-ldapext-ldapv3-vlv -- LDAP Extensions for Scrolling View
1025       Browsing of Search Results
1026       This document describes a Virtual List View control  extension  for
1027       the LDAP  Search  operation.  This control is designed to allow the
1028       "virtual list box" feature, common in existing  commercial  e-mail
1029       address  book applications, to be supported efficiently by LDAP
1030       servers. LDAP servers' inability to support this client feature is a
1031       significant impediment  to LDAP replacing proprietary protocols in
1032       commercial e-mail systems.
1033
1034       The control allows a client to specify that the  server  return,  for
1035       a given  LDAP search with associated sort keys, a contiguous subset of
1036       the search result set. This subset is specified in terms of offsets
1037       into the ordered list, or in terms of a greater than or equal
1038       comparison value.
1039

Where to find the latest information

1041       Latest information on the RFCs and drafts around LDAP can be found at
1042       IETF's datatracker <https://datatracker.ietf.org>.
1043
1044
1045
1046perl v5.30.1                      2020-01-30                 Net::LDAP::RFC(3)
Impressum