- 浏览: 2265487 次
- 性别:
- 来自: 北京
文章分类
- 全部博客 (423)
- FileNet相关 (3)
- 应用服务器相关 (22)
- Java综合 (77)
- 持久层 (24)
- struts (11)
- webservice (8)
- 虚拟机 (2)
- 光盘刻录 (0)
- AD及AD集群 (1)
- JS (33)
- F5 (0)
- loadrunner8.1 (0)
- Java 反编译工具 (2)
- DataBase (62)
- ant (1)
- 操作系统 (29)
- 我的任务 (3)
- 平台架构 (16)
- 业务规则引擎 (2)
- 模板 (1)
- EJB (5)
- spring (24)
- CMMI (1)
- 项目管理 (20)
- LDAP (13)
- JMS (10)
- JSP (19)
- JBPM (2)
- web MVC框架设计思想 (2)
- 第三方支付平台 (2)
- BUG管理工具 (1)
- 垃圾站 (2)
- php (1)
- swing (1)
- 书籍 (1)
- QQ qq (2)
- 移动互联网 (26)
- 爱听的歌曲 (0)
- hadoop (4)
- 数据库 (9)
- 设计模式 (1)
- 面试经验只谈 (1)
- 大数据 (9)
- sp (1)
- 缓存数据库 (8)
- storm (2)
- taobao (2)
- 分布式,高并发,大型互联网,负载均衡 (6)
- Apache Ignite (0)
- Docker & K8S (0)
最新评论
-
wangyudong:
新版本 Wisdom RESTClienthttps://gi ...
spring rest mvc使用RestTemplate调用 -
wangyudong:
很多API doc生成工具生成API文档需要引入第三方依赖,重 ...
spring rest mvc使用RestTemplate调用 -
zhaoshijie:
cfying 写道大侠,还是加载了两次,怎么解决啊?求。QQ: ...
spring容器加载完毕做一件事情(利用ContextRefreshedEvent事件) -
xinglianxlxl:
对我有用,非常感谢
spring容器加载完毕做一件事情(利用ContextRefreshedEvent事件) -
k_caesar:
多谢,学习了
利用maven的resources、filter和profile实现不同环境使用不同配置文件
2. Abstract
This document provides an overview of the attribute types and object classes defined by the ISO and ITU-T committees in the X.500 documents, in particular those intended for use by directory clients. This is the most widely used schema for LDAP/X.500 directories, and many other schema definitions for white pages objects use it as a basis. This document does not cover attributes used for the administration of X.500 directory servers, nor does it include attributes defined by other ISO/ITU-T documents.
5. Attribute Types
An LDAP server implementation SHOULD recognize the attribute types described in this section.
(LDAP服务器的实现应该可以识别下面列出的属性类型)
5.1. objectClass
The values of the objectClass attribute describe the kind of object which an entry represents. The objectClass attribute is present in every entry, with at least two values. One of the values is either "top" or "alias".
objectClass属性描述了实体所表现的对象类型。objectClass存在于任意实体中,并且至少包含两个属性值,其中的一个值必须是top
或者alias。
5.2. aliasedObjectName
The aliasedObjectName attribute is used by the directory service if the entry containing this attribute is an alias.
如果包含这个属性的实体是alias的话,那么目录服务就使用aliasedObjectName。
5.3. knowledgeInformation
This attribute is no longer used.
这个属性已经不再使用。
5.4. cn
This is the X.500 commonName attribute, which contains a name of an object. If the object corresponds to a person, it is typically the
person's full name.
cn是X.500的commonName属性。包含一个对象的名字,如果对象是person的时候,cn经常代表用户的全名,如:黄晓明。
5.5. sn
This is the X.500 surname attribute, which contains the family name of a person.
sn是X.500的surname属性,保存了person的family name,如:赵。
5.6. serialNumber
This attribute contains the serial number of a device.
serialNumber保存了一个设备的序列号。
5.7. c
This attribute contains a two-letter ISO 3166 country code (countryName).
c保存了一个两位数字的ISO国家代码(countryName)
5.8. l
This attribute contains the name of a locality, such as a city, county or other geographic region (localityName).
l属性保存了地域名称,例如城市,乡镇或者其他的地理区域(localityName)
5.9. st
This attribute contains the full name of a state or province (stateOrProvinceName).
st属性保存了州或者省的全名(stateOrProvinceName)
5.10. street
This attribute contains the physical address of the object to which the entry corresponds, such as an address for package delivery (streetAddress).
street属性保存了实体对应的对象的物理地址,例如包裹的邮寄地址。(streetAddress)
5.11. o
This attribute contains the name of an organization (organizationName).
o属性保存了组织的名字。(organizationName)。(可代表一个公司)
5.12. ou
This attribute contains the name of an organizational unit (organizationalUnitName).
ou属性保存了组织单元的名称(organizationalUnitName)。(可代表公司的一个部门)
5.13. title
This attribute contains the title, such as "Vice President", of person in their organizational context. The "personalTitle" attribute would be used for a person's title independent of their job function.
title属性保存了person在组织体系中的头衔,例如”Vice President”,personTitle属性用于person的头衔独立于他们的工作范畴。(可代表职位)
5.14. description
This attribute contains a human-readable description of the object.
description属性保存了对象的一个易于理解的描述。
5.15. searchGuide
This attribute is for use by X.500 clients in constructing search filters. It is obsoleted by enhancedSearchGuide, described below in 5.48.
searchGuide属性是由X.500客户端用来构造检索过滤器的。它由enhancedSearchGuide属性代替了。
5.16. businessCategory
This attribute describes the kind of business performed by anorganization.
businessCategory属性描述了一个组织的商业类型。
5.17. postalAddress
邮寄地址属性。
5.18. postalCode
邮政编码属性
5.19. postOfficeBox
邮箱属性
5.20. physicalDeliveryOfficeName
( 2.5.4.19 NAME 'physicalDeliveryOfficeName' EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
5.21. telephoneNumber
电话号码属性
5.22. telexNumber
电报号码属性
5.23. teletexTerminalIdentifier
电报终端标识符
5.24. facsimileTelephoneNumber
传真机号码。
5.25. x121Address
( 2.5.4.24 NAME 'x121Address' EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
5.26. internationaliSDNNumber
( 2.5.4.25 NAME 'internationaliSDNNumber' EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
5.27. registeredAddress
This attribute holds a postal address suitable for reception of telegrams or expedited documents, where it is necessary to have the recipient accept delivery.
registeredAddress属性保留一个适合接收电报或者加快文件的邮寄地址,这个地址必须有接受者接受投递。
5.28. destinationIndicator
This attribute is used for the telegram service.
destinationIndicator属性被使用于电报服务。
5.29. preferredDeliveryMethod
( 2.5.4.28 NAME 'preferredDeliveryMethod'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
SINGLE-VALUE )
5.30. presentationAddress
This attribute contains an OSI presentation address.
这个属性保存了一个OSI地址。
5.31. supportedApplicationContext
This attribute contains the identifiers of OSI application contexts.
supportedApplicationContext属性保存了OSI应用程序标识符。
5.32. member
( 2.5.4.31 NAME 'member' SUP distinguishedName )
5.33. owner
( 2.5.4.32 NAME 'owner' SUP distinguishedName )
5.34. roleOccupant
( 2.5.4.33 NAME 'roleOccupant' SUP distinguishedName )
5.35. seeAlso
( 2.5.4.34 NAME 'seeAlso' SUP distinguishedName )
5.36. userPassword
( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
Passwords are stored using an Octet String syntax and are not encrypted. Transfer of cleartext passwords are strongly discouraged where the underlying transport service cannot guarantee confidentiality and may result in disclosure of the password to unauthorized parties.
密码使用8位字节的字符串进行明文存储。
5.37. userCertificate
This attribute is to be stored and requested in the binary form, as 'userCertificate;binary'.
userCertificate属性通过二进制方式存储和请求,例如”userCertificate;binary”.
5.38. cACertificate
This attribute is to be stored and requested in the binary form, as 'cACertificate;binary'.
cACertificate属性通过二进制方式存储和请求,例如”cACertificate;binary”.
5.39. authorityRevocationList
This attribute is to be stored and requested in the binary form, as 'authorityRevocationList;binary'.
authorityRevocationList属性通过二进制方式存储和请求,例如" authorityRevocationList;binary”.
5.40. certificateRevocationList
This attribute is to be stored and requested in the binary form, as 'certificateRevocationList;binary'.
5.41. crossCertificatePair
This attribute is to be stored and requested in the binary form, as 'crossCertificatePair;binary'.
5.42. name
The name attribute type is the attribute supertype from which string attribute types typically used for naming may be formed. It is unlikely that values of this type itself will occur in an entry. LDAP server implementations which do not support attribute subtyping need not recognize this attribute in requests. Client implementations MUST NOT assume that LDAP servers are capable of performing attribute subtyping.
( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
5.43. givenName
The givenName attribute is used to hold the part of a person's name which is not their surname nor middle name.
givenName属性用来表示person的部分名字,既不是surname也不是middlename。
5.44. initials
The initials attribute contains the initials of some or all of an individuals names, but not the surname(s).
initials属性包含了一个人的名字中的一些或者全部首字母,但不是surname(s)。
5.45. generationQualifier
The generationQualifier attribute contains the part of the name which typically is the suffix, as in “IIIrd”.
5.46. x500UniqueIdentifier
The x500UniqueIdentifier attribute is used to distinguish between objects when a distinguished name has been reused. This is a different attribute type from both the “uid” and “uniqueIdentifier” types.
5.47. dnQualifier
The dnQualifier attribute type specifies disambiguating information to add to the relative distinguished name of an entry. It is intended for use when merging data from multiple sources in order to prevent conflicts between entries which would otherwise have the same name. It is recommended that the value of the dnQualifier attribute be the same for all entries from a particular source.
( 2.5.4.46 NAME 'dnQualifier' EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
5.48. enhancedSearchGuide
This attribute is for use by X.500 clients in constructing search filters.
enhancedSearchGuide属性由X.500客户端用来构造检索过滤器。
5.49. protocolInformation
This attribute is used in conjunction with the presentationAddress attribute, to provide additional information to the OSI network service.
protocolInformation属性用来和presentationAddress属性联合使用,提供OSI网络服务的其他信息。
5.50. distinguishedName
This attribute type is not used as the name of the object itself, but it is instead a base type from which attributes with DN syntax inherit.
It is unlikely that values of this type itself will occur in an entry. LDAP server implementations which do not support attribute subtyping need not recognize this attribute in requests. Client implementations MUST NOT assume that LDAP servers are capable of performing attribute subtyping.
( 2.5.4.49 NAME 'distinguishedName' EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
5.51. uniqueMember
唯一的成员。
5.52. houseIdentifier
This attribute is used to identify a building within a location.
( 2.5.4.51 NAME 'houseIdentifier' EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
5.53. supportedAlgorithms
This attribute is to be stored and requested in the binary form, as 'supportedAlgorithms;binary'.
supportedAlgorithms属性包含了支持的算法。
5.54. deltaRevocationList
This attribute is to be stored and requested in the binary form, as 'deltaRevocationList;binary'.
( 2.5.4.53 NAME 'deltaRevocationList'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
5.55. dmdName
The value of this attribute specifies a directory management domain (DMD), the administrative authority which operates the directory server.
( 2.5.4.54 NAME 'dmdName' SUP name )
7. Object Classes
LDAP servers MUST recognize the object classes “top” and “subschema”.
LDAP servers SHOULD recognize all the other object classes listed
here as values of the objectClass attribute.
LDAP服务器必须能够识别top和subschema这两个object class。LDAP服务器应该可以识别其他的object class。
7.1. top
( 2.5.6.0 NAME 'top' ABSTRACT MUST objectClass )
7.2. alias
( 2.5.6.1 NAME 'alias' SUP top STRUCTURAL MUST aliasedObjectName )
7.3. country
( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c
MAY ( searchGuide $ description ) )
7.4. locality
( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL
MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
7.5. organization
( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST o
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $
street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l $ description ) )
7.6. organizationalUnit
( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST ou
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $
street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l $ description ) )
7.7. person
( 2.5.6.6 NAME 'person' SUP top STRUCTURAL MUST ( sn $ cn )
MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
7.8. organizationalPerson
( 2.5.6.7 NAME 'organizationalPerson' SUP person STRUCTURAL
MAY ( title $ x121Address $ registeredAddress $
destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $
street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ ou $ st $ l ) )
7.9. organizationalRole
( 2.5.6.8 NAME 'organizationalRole' SUP top STRUCTURAL MUST cn
MAY ( x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $
seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
7.10. groupOfNames
( 2.5.6.9 NAME 'groupOfNames' SUP top STRUCTURAL MUST ( member $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
7.11. residentialPerson
( 2.5.6.10 NAME 'residentialPerson' SUP person STRUCTURAL MUST l
MAY ( businessCategory $ x121Address $ registeredAddress $
destinationIndicator $ preferredDeliveryMethod $ telexNumber $
teletexTerminalIdentifier $ telephoneNumber $
internationaliSDNNumber $
facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l ) )
7.12. applicationProcess
( 2.5.6.11 NAME 'applicationProcess' SUP top STRUCTURAL MUST cn
MAY ( seeAlso $ ou $ l $ description ) )
7.13. applicationEntity
( 2.5.6.12 NAME 'applicationEntity' SUP top STRUCTURAL
MUST ( presentationAddress $ cn )
MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
description ) )
7.14. dSA
( 2.5.6.13 NAME 'dSA' SUP applicationEntity STRUCTURAL
MAY knowledgeInformation )
7.15. device
( 2.5.6.14 NAME 'device' SUP top STRUCTURAL MUST cn
MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
7.16. strongAuthenticationUser
( 2.5.6.15 NAME 'strongAuthenticationUser' SUP top AUXILIARY
MUST userCertificate )
7.17. certificationAuthority
( 2.5.6.16 NAME 'certificationAuthority' SUP top AUXILIARY
MUST ( authorityRevocationList $ certificateRevocationList $
cACertificate ) MAY crossCertificatePair )
7.18. groupOfUniqueNames
( 2.5.6.17 NAME 'groupOfUniqueNames' SUP top STRUCTURAL
MUST ( uniqueMember $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
7.19. userSecurityInformation
( 2.5.6.18 NAME 'userSecurityInformation' SUP top AUXILIARY
MAY ( supportedAlgorithms ) )
7.20. certificationAuthority-V2
( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP
certificationAuthority
AUXILIARY MAY ( deltaRevocationList ) )
7.21. cRLDistributionPoint
( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL
MUST ( cn ) MAY ( certificateRevocationList $
authorityRevocationList $
deltaRevocationList ) )
7.22. dmd
( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdName )
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $
street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l $ description ) )
本文来自CSDN博客,转载请标明出处:http://blog.csdn.net/njchenyi/archive/2008/01/16/2046963.aspx
This document provides an overview of the attribute types and object classes defined by the ISO and ITU-T committees in the X.500 documents, in particular those intended for use by directory clients. This is the most widely used schema for LDAP/X.500 directories, and many other schema definitions for white pages objects use it as a basis. This document does not cover attributes used for the administration of X.500 directory servers, nor does it include attributes defined by other ISO/ITU-T documents.
5. Attribute Types
An LDAP server implementation SHOULD recognize the attribute types described in this section.
(LDAP服务器的实现应该可以识别下面列出的属性类型)
5.1. objectClass
The values of the objectClass attribute describe the kind of object which an entry represents. The objectClass attribute is present in every entry, with at least two values. One of the values is either "top" or "alias".
objectClass属性描述了实体所表现的对象类型。objectClass存在于任意实体中,并且至少包含两个属性值,其中的一个值必须是top
或者alias。
5.2. aliasedObjectName
The aliasedObjectName attribute is used by the directory service if the entry containing this attribute is an alias.
如果包含这个属性的实体是alias的话,那么目录服务就使用aliasedObjectName。
5.3. knowledgeInformation
This attribute is no longer used.
这个属性已经不再使用。
5.4. cn
This is the X.500 commonName attribute, which contains a name of an object. If the object corresponds to a person, it is typically the
person's full name.
cn是X.500的commonName属性。包含一个对象的名字,如果对象是person的时候,cn经常代表用户的全名,如:黄晓明。
5.5. sn
This is the X.500 surname attribute, which contains the family name of a person.
sn是X.500的surname属性,保存了person的family name,如:赵。
5.6. serialNumber
This attribute contains the serial number of a device.
serialNumber保存了一个设备的序列号。
5.7. c
This attribute contains a two-letter ISO 3166 country code (countryName).
c保存了一个两位数字的ISO国家代码(countryName)
5.8. l
This attribute contains the name of a locality, such as a city, county or other geographic region (localityName).
l属性保存了地域名称,例如城市,乡镇或者其他的地理区域(localityName)
5.9. st
This attribute contains the full name of a state or province (stateOrProvinceName).
st属性保存了州或者省的全名(stateOrProvinceName)
5.10. street
This attribute contains the physical address of the object to which the entry corresponds, such as an address for package delivery (streetAddress).
street属性保存了实体对应的对象的物理地址,例如包裹的邮寄地址。(streetAddress)
5.11. o
This attribute contains the name of an organization (organizationName).
o属性保存了组织的名字。(organizationName)。(可代表一个公司)
5.12. ou
This attribute contains the name of an organizational unit (organizationalUnitName).
ou属性保存了组织单元的名称(organizationalUnitName)。(可代表公司的一个部门)
5.13. title
This attribute contains the title, such as "Vice President", of person in their organizational context. The "personalTitle" attribute would be used for a person's title independent of their job function.
title属性保存了person在组织体系中的头衔,例如”Vice President”,personTitle属性用于person的头衔独立于他们的工作范畴。(可代表职位)
5.14. description
This attribute contains a human-readable description of the object.
description属性保存了对象的一个易于理解的描述。
5.15. searchGuide
This attribute is for use by X.500 clients in constructing search filters. It is obsoleted by enhancedSearchGuide, described below in 5.48.
searchGuide属性是由X.500客户端用来构造检索过滤器的。它由enhancedSearchGuide属性代替了。
5.16. businessCategory
This attribute describes the kind of business performed by anorganization.
businessCategory属性描述了一个组织的商业类型。
5.17. postalAddress
邮寄地址属性。
5.18. postalCode
邮政编码属性
5.19. postOfficeBox
邮箱属性
5.20. physicalDeliveryOfficeName
( 2.5.4.19 NAME 'physicalDeliveryOfficeName' EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
5.21. telephoneNumber
电话号码属性
5.22. telexNumber
电报号码属性
5.23. teletexTerminalIdentifier
电报终端标识符
5.24. facsimileTelephoneNumber
传真机号码。
5.25. x121Address
( 2.5.4.24 NAME 'x121Address' EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
5.26. internationaliSDNNumber
( 2.5.4.25 NAME 'internationaliSDNNumber' EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
5.27. registeredAddress
This attribute holds a postal address suitable for reception of telegrams or expedited documents, where it is necessary to have the recipient accept delivery.
registeredAddress属性保留一个适合接收电报或者加快文件的邮寄地址,这个地址必须有接受者接受投递。
5.28. destinationIndicator
This attribute is used for the telegram service.
destinationIndicator属性被使用于电报服务。
5.29. preferredDeliveryMethod
( 2.5.4.28 NAME 'preferredDeliveryMethod'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
SINGLE-VALUE )
5.30. presentationAddress
This attribute contains an OSI presentation address.
这个属性保存了一个OSI地址。
5.31. supportedApplicationContext
This attribute contains the identifiers of OSI application contexts.
supportedApplicationContext属性保存了OSI应用程序标识符。
5.32. member
( 2.5.4.31 NAME 'member' SUP distinguishedName )
5.33. owner
( 2.5.4.32 NAME 'owner' SUP distinguishedName )
5.34. roleOccupant
( 2.5.4.33 NAME 'roleOccupant' SUP distinguishedName )
5.35. seeAlso
( 2.5.4.34 NAME 'seeAlso' SUP distinguishedName )
5.36. userPassword
( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
Passwords are stored using an Octet String syntax and are not encrypted. Transfer of cleartext passwords are strongly discouraged where the underlying transport service cannot guarantee confidentiality and may result in disclosure of the password to unauthorized parties.
密码使用8位字节的字符串进行明文存储。
5.37. userCertificate
This attribute is to be stored and requested in the binary form, as 'userCertificate;binary'.
userCertificate属性通过二进制方式存储和请求,例如”userCertificate;binary”.
5.38. cACertificate
This attribute is to be stored and requested in the binary form, as 'cACertificate;binary'.
cACertificate属性通过二进制方式存储和请求,例如”cACertificate;binary”.
5.39. authorityRevocationList
This attribute is to be stored and requested in the binary form, as 'authorityRevocationList;binary'.
authorityRevocationList属性通过二进制方式存储和请求,例如" authorityRevocationList;binary”.
5.40. certificateRevocationList
This attribute is to be stored and requested in the binary form, as 'certificateRevocationList;binary'.
5.41. crossCertificatePair
This attribute is to be stored and requested in the binary form, as 'crossCertificatePair;binary'.
5.42. name
The name attribute type is the attribute supertype from which string attribute types typically used for naming may be formed. It is unlikely that values of this type itself will occur in an entry. LDAP server implementations which do not support attribute subtyping need not recognize this attribute in requests. Client implementations MUST NOT assume that LDAP servers are capable of performing attribute subtyping.
( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
5.43. givenName
The givenName attribute is used to hold the part of a person's name which is not their surname nor middle name.
givenName属性用来表示person的部分名字,既不是surname也不是middlename。
5.44. initials
The initials attribute contains the initials of some or all of an individuals names, but not the surname(s).
initials属性包含了一个人的名字中的一些或者全部首字母,但不是surname(s)。
5.45. generationQualifier
The generationQualifier attribute contains the part of the name which typically is the suffix, as in “IIIrd”.
5.46. x500UniqueIdentifier
The x500UniqueIdentifier attribute is used to distinguish between objects when a distinguished name has been reused. This is a different attribute type from both the “uid” and “uniqueIdentifier” types.
5.47. dnQualifier
The dnQualifier attribute type specifies disambiguating information to add to the relative distinguished name of an entry. It is intended for use when merging data from multiple sources in order to prevent conflicts between entries which would otherwise have the same name. It is recommended that the value of the dnQualifier attribute be the same for all entries from a particular source.
( 2.5.4.46 NAME 'dnQualifier' EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
5.48. enhancedSearchGuide
This attribute is for use by X.500 clients in constructing search filters.
enhancedSearchGuide属性由X.500客户端用来构造检索过滤器。
5.49. protocolInformation
This attribute is used in conjunction with the presentationAddress attribute, to provide additional information to the OSI network service.
protocolInformation属性用来和presentationAddress属性联合使用,提供OSI网络服务的其他信息。
5.50. distinguishedName
This attribute type is not used as the name of the object itself, but it is instead a base type from which attributes with DN syntax inherit.
It is unlikely that values of this type itself will occur in an entry. LDAP server implementations which do not support attribute subtyping need not recognize this attribute in requests. Client implementations MUST NOT assume that LDAP servers are capable of performing attribute subtyping.
( 2.5.4.49 NAME 'distinguishedName' EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
5.51. uniqueMember
唯一的成员。
5.52. houseIdentifier
This attribute is used to identify a building within a location.
( 2.5.4.51 NAME 'houseIdentifier' EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
5.53. supportedAlgorithms
This attribute is to be stored and requested in the binary form, as 'supportedAlgorithms;binary'.
supportedAlgorithms属性包含了支持的算法。
5.54. deltaRevocationList
This attribute is to be stored and requested in the binary form, as 'deltaRevocationList;binary'.
( 2.5.4.53 NAME 'deltaRevocationList'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
5.55. dmdName
The value of this attribute specifies a directory management domain (DMD), the administrative authority which operates the directory server.
( 2.5.4.54 NAME 'dmdName' SUP name )
7. Object Classes
LDAP servers MUST recognize the object classes “top” and “subschema”.
LDAP servers SHOULD recognize all the other object classes listed
here as values of the objectClass attribute.
LDAP服务器必须能够识别top和subschema这两个object class。LDAP服务器应该可以识别其他的object class。
7.1. top
( 2.5.6.0 NAME 'top' ABSTRACT MUST objectClass )
7.2. alias
( 2.5.6.1 NAME 'alias' SUP top STRUCTURAL MUST aliasedObjectName )
7.3. country
( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c
MAY ( searchGuide $ description ) )
7.4. locality
( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL
MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
7.5. organization
( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST o
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $
street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l $ description ) )
7.6. organizationalUnit
( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST ou
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $
street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l $ description ) )
7.7. person
( 2.5.6.6 NAME 'person' SUP top STRUCTURAL MUST ( sn $ cn )
MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
7.8. organizationalPerson
( 2.5.6.7 NAME 'organizationalPerson' SUP person STRUCTURAL
MAY ( title $ x121Address $ registeredAddress $
destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $
street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ ou $ st $ l ) )
7.9. organizationalRole
( 2.5.6.8 NAME 'organizationalRole' SUP top STRUCTURAL MUST cn
MAY ( x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $
seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
7.10. groupOfNames
( 2.5.6.9 NAME 'groupOfNames' SUP top STRUCTURAL MUST ( member $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
7.11. residentialPerson
( 2.5.6.10 NAME 'residentialPerson' SUP person STRUCTURAL MUST l
MAY ( businessCategory $ x121Address $ registeredAddress $
destinationIndicator $ preferredDeliveryMethod $ telexNumber $
teletexTerminalIdentifier $ telephoneNumber $
internationaliSDNNumber $
facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l ) )
7.12. applicationProcess
( 2.5.6.11 NAME 'applicationProcess' SUP top STRUCTURAL MUST cn
MAY ( seeAlso $ ou $ l $ description ) )
7.13. applicationEntity
( 2.5.6.12 NAME 'applicationEntity' SUP top STRUCTURAL
MUST ( presentationAddress $ cn )
MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
description ) )
7.14. dSA
( 2.5.6.13 NAME 'dSA' SUP applicationEntity STRUCTURAL
MAY knowledgeInformation )
7.15. device
( 2.5.6.14 NAME 'device' SUP top STRUCTURAL MUST cn
MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
7.16. strongAuthenticationUser
( 2.5.6.15 NAME 'strongAuthenticationUser' SUP top AUXILIARY
MUST userCertificate )
7.17. certificationAuthority
( 2.5.6.16 NAME 'certificationAuthority' SUP top AUXILIARY
MUST ( authorityRevocationList $ certificateRevocationList $
cACertificate ) MAY crossCertificatePair )
7.18. groupOfUniqueNames
( 2.5.6.17 NAME 'groupOfUniqueNames' SUP top STRUCTURAL
MUST ( uniqueMember $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
7.19. userSecurityInformation
( 2.5.6.18 NAME 'userSecurityInformation' SUP top AUXILIARY
MAY ( supportedAlgorithms ) )
7.20. certificationAuthority-V2
( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP
certificationAuthority
AUXILIARY MAY ( deltaRevocationList ) )
7.21. cRLDistributionPoint
( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL
MUST ( cn ) MAY ( certificateRevocationList $
authorityRevocationList $
deltaRevocationList ) )
7.22. dmd
( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdName )
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $
street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l $ description ) )
本文来自CSDN博客,转载请标明出处:http://blog.csdn.net/njchenyi/archive/2008/01/16/2046963.aspx
发表评论
-
AD新增用户默认禁用的解决办法
2013-02-21 16:56 2596ajax文件上传 博客http://aokunsang.ite ... -
LDAP成功配置一个集团组织机构案例(继续更新及深层研究中...)
2010-12-11 21:07 2800...LDAP成功配置案例(继续更新及深层研究) 正在进行 ... -
OpenLDAP 综合技术相关网站
2010-12-10 19:49 1362OpenLDAP下载 ( openldap-2.2.29 fo ... -
Openldap安装配置详细记录(Linux )
2010-12-10 19:45 4387#安装zlib # tar xvfz zlib-1.2.3.t ... -
LDAP快速入门
2010-12-01 15:11 12101. LDAP简介 LDAP(轻 ... -
OpenLDAP讲解
2010-12-01 14:46 4473OpenLDAP是LDAP的一种开源实现 Table of ... -
LDAP之objectClass
2010-12-01 13:46 2449自定义schema的时候不仅要定义attributetype还 ... -
自定义OpenLDAP的schema
2010-12-01 13:44 2432自定义schema的时候要注意定义的名字不能和已有的名字重复, ... -
LDAP基本语法
2010-11-26 20:54 1794基本 LDAP 语法 • =(等 ... -
OpenLDAP+LdapBrowser配置
2010-11-22 09:44 14408相关软件下载: Berkeley-Db: http://dow ... -
LDAP
2010-11-07 12:52 964附件是LDAP相关jar包!!! -
Ldap安装配置
2010-10-22 21:49 2414linux下: 安装openldap ...
相关推荐
### LDAP Schema的概念与基本要素详解 #### 一、引言 在现代企业级应用中,LDAP(Lightweight Directory Access Protocol,轻量目录访问协议)作为一种高效、灵活且功能强大的目录服务标准,广泛应用于用户认证、...
该库实现以下规范: 用于基本操作进行密码修改操作解析专有名称特征: 连接到LDAP服务器(非TLS,TLS,STARTTLS) 绑定到LDAP服务器搜索条目过滤器编译/反编译分页搜索结果修改请求/响应添加请求/响应删除请求/响应...
### LDAP Schema Design详解 #### 一、概述 LDAP(Lightweight Directory Access Protocol)是一种用于访问目录服务的标准协议,被广泛应用于各种场景下的人、组织、角色和服务等实体的信息管理。由于其标准化特性...
你可以通过`go get`命令安装第三方的LDAP库,例如`github.com/go-ldap/ldap/v3`。 接下来,我们需要实现几个核心功能: 1. 连接 LDAP 服务器:使用`ldap.Dial`函数创建到LDAP服务器的连接,通常包括主机名和端口。 ...
### 轻型目录访问协议(LDAP v3)——深入解析与理解 #### 一、简介与背景 《RFC 2251 Lightweight Directory Access Protocol v3》是关于轻型目录访问协议(LDAP v3)的技术规范文档。该文档详细阐述了LDAP v3的...
这里定义了LDAP v3中使用的属性类型和比较操作,包括如何定义和比较不同类型的属性值。 4. **RFC2849** - LDAP:绑定操作的语法和控制。这个文档描述了如何在LDAP会话中进行用户身份验证,以及如何使用控制来修改...
### LDAP Schema设计详解 在企业级应用环境中,利用单一的LDAP目录服务器为多个应用程序提供服务是一种常见的实践方式。这一策略显著降低了数据维护的工作量,但同时也对目录的设计提出了更高的要求,尤其是在实施...
schema2ldif能够将.schema文件解析并转换为LDIF格式。这使得用户可以轻松地将模式信息导入到OpenLDAP服务器,或者在不同环境间迁移模式。通过将模式转换为LDIF,可以更方便地进行版本控制和比较,确保模式的一致性...
#### 二、LDAP认证过程步骤解析 **1. 客户端发送绑定请求** 客户端首先向LDAP服务器发起绑定请求,这个请求可以是匿名绑定或者指定用户的绑定。在这个例子中,客户端使用了默认用户进行绑定,即管理员账户。 - **...
LDAP 详解 LDAP(Lightweight Directory Access Protocol),即轻量级目录访问协议,是一种用于访问目录服务的协议。它是 X.500 目录访问协议的移植,但是简化了实现方法。 LDAP 的特点: * 高效的目录查询操作 *...
include /etc/ldap/schema/inetorgperson.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 256 modulepath /usr/lib/ldap moduleload back_bdb sizelimit 500 tool-threads 1...
OwnCloud的LDAP架构参考: : ownCloud架构OwnCloud Inc.已注册 ,我们对其进行了扩展以定义所需的LDAP对象OID :1.3.6.1.4.1.39430.1.2.1 ObjectClass :ownCloud配额字段ownCloud可以读取LDAP属性并根据其值设置...
标题中的"openldap, ldapbrowser, mozillaOrgPerson.schema"提到了三个关键概念,分别是OpenLDAP、LdapBrowser和MozillaOrgPerson的Schema。这些是IT领域中与目录服务、LDAP(轻量级目录访问协议)以及特定的数据...
LDAP V3是最广泛使用的版本,其规范定义了如搜索、修改、添加、删除等基本操作,以及数据表示方式和数据一致性规则。RFC2251定义了V3的核心协议,RFC2252和RFC2253分别详细规定了数据模式和DN的表达。 总的来说,...
### 属性语法定义(中文版)LDAP v3 #### 概览 《RFC 2252 Attribute Syntax Definitions (中文版)LDAP v3》是一份关键的技术文档,它定义了在轻量级目录访问协议(Lightweight Directory Access Protocol, LDAP)...
标题中的"LdapBrowser282.rar_LdapBrows_LdapBrowser.282_ldap_ldapBrowser_op"指的是LdapBrowser的282版本的压缩文件,它包含了该软件的相关组件和可能的操作指南。LdapBrowser是一款专用于管理和查看OpenLDAP...
在 LDAP 中,objectClass 的定义可以来自多个来源,包括标准的 LDAP_schema、 vendor-specific schema 和自定义的 schema。每个 objectClass 都有其对应的属性和语义,这些属性可以是必须的、可选的或是禁止的。 ...
**LDAP浏览器:深入理解与应用** LDAP(轻量级目录访问协议)是一种用于查询和管理分布式目录服务的网络协议,广泛应用于企业环境中的用户身份验证、权限管理和数据共享。LdapBrowser是一款专为开放源代码的...
import "github.com/go-ldap/ldap/v3" // 创建连接 conn, err := ldap.Dial("tcp", "ldap.example.com:389") if err != nil { // 处理错误 } // 绑定 err = conn.Bind("cn=admin,dc=example,dc=com", "password")...
**LDAP简介** LDAP,全称为轻量级目录访问协议(Lightweight Directory Access Protocol),是一种用于访问和管理分布式目录服务的标准网络协议。它主要用于存储和检索用户、组织、资源等信息,广泛应用于身份验证...