LDAP Server Standards and Specifications

Directory Server Standards and Specifications#


DocumentDescriptionSee Also
RFC 1274The COSINE and Internet X.500 SchemaRFC 4524
RFC 1321The MD5 Message-Digest AlgorithmN/A
RFC 1777Lightweight Directory Access Protocol (LDAPv2)RFC 2251
RFC 4511
RFC 1778The String Representation of Standard Attribute SyntaxesRFC 2252
RFC 4517
RFC 1779A String Representation of Distinguished NamesRFC 2253
RFC 4514
RFC 2079Definition of an X.500 Attribute Type and an Object Class to Hold Uniform Resource Identifiers (URIs)N/A
RFC 2222Simple Authentication and Security Layer (SASL)RFC 4422
RFC 2246The TLS Protocol Version 1.0RFC 3546
RFC 4346
RFC 2247Using Domains in LDAP/X.500 Distinguished NamesN/A
RFC 2251Lightweight Directory Access Protocol (v3)RFC 4511
RFC 2252Lightweight Directory Access Protocol (v3): Attribute Syntax DefinitionsRFC 4517
RFC 2253Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished NamesRFC 4514
RFC 2254The String Representation of LDAP Search FiltersRFC 4515
RFC 2255The LDAP URL FormatRFC 4516
RFC 2256A Summary of the X.500(96) User Schema for use with LDAPv3RFC 4519
RFC 2307An Approach for Using LDAP as a Network Information Servicedraft-howard-rfc2307bis
RFC 2377Naming Plan for Internet Directory-Enabled ApplicationsN/A
RFC 2589Lightweight Directory Access Protocol (v3): Extensions for Dynamic Directory ServicesN/A
RFC 2605Directory Server Monitoring MIBN/A
RFC 2649An LDAP Control and Schema for Holding Operation SignaturesN/A
RFC 2696LDAP Control Extension for Simple Paged Results Manipulationdraft-ietf-ldapext-ldapv3-vlv
RFC 2713Schema for Representing Java(tm) Objects in an LDAP DirectoryN/A
RFC 2714Schema for Representing CORBA Object References in an LDAP DirectoryN/A
RFC 2739Calendar Attributes for vCard and LDAPN/A
RFC 2788Network Services Monitoring MIBN/A
RFC 2798Definition of the inetOrgPerson LDAP Object ClassRFC 4524
RFC 2820Access Control Requirements for LDAPN/A
RFC 2829Authentication Methods for LDAPRFC 4513
RFC 2830Lightweight Directory Access Protocol (v3): Extension for Transport Layer SecurityRFC 4513
RFC 2831Using Digest Authentication as a SASL Mechanismdraft-ietf-sasl-rfc2831bis
RFC 2849The LDAP Data Interchange Format (LDIF) - Technical SpecificationN/A
RFC 2891LDAP Control Extension for Server Side Sorting of Search ResultsN/A
RFC 2926Conversion of LDAP Schemas to and from SLP TemplatesN/A
RFC 3045Storing Vendor Information in the LDAP root DSEN/A
RFC 3062LDAP Password Modify Extended OperationN/A
RFC 3112LDAP Authentication Password SchemaN/A
RFC 3296Named Subordinate References in Lightweight Directory Access Protocol (LDAP) DirectoriesN/A
RFC 3377Lightweight Directory Access Protocol (v3): Technical SpecificationRFC 4510
RFC 3383Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)RFC 4520
RFC 3384Lightweight Directory Access Protocol (version 3) Replication RequirementsN/A
RFC 3454Preparation of Internationalized Strings ("stringprep")RFC 4518
RFC 3494Lightweight Directory Access Protocol version 2 (LDAPv2) to Historic StatusN/A
RFC 3546Transport Layer Security (TLS) ExtensionsRFC 2246
RFC 3641Generic String Encoding Rules (GSER) for ASN.1 Typesdraft-legg-ldap-gser-ei
RFC 3642Common Elements of Generic String Encoding Rules (GSER) Encodingsdraft-legg-ldap-gser-ei
RFC 3663Domain Administrative Data in Lightweight Directory Access Protocol (LDAP)N/A
RFC 3671Collective Attributes in the Lightweight Directory Access Protocol (LDAP)N/A
RFC 3672Subentries in the Lightweight Directory Access Protocol (LDAP)N/A
RFC 3673Lightweight Directory Access Protocol version 3 (LDAPv3): All Operational AttributesN/A
RFC 3674Feature Discovery in Lightweight Directory Access Protocol (LDAP)N/A
RFC 3687Lightweight Directory Access Protocol (LDAP) and X.500 Component Matching RulesRFC 3727
RFC 3698Lightweight Directory Access Protocol (LDAP): Additional Matching RulesRFC 4517
RFC 3703Policy Core Lightweight Directory Access Protocol (LDAP) SchemaRFC 4104
RFC 3712Lightweight Directory Access Protocol (LDAP): Schema for Printer ServicesN/A
RFC 3727ASN.1 Module Definition for the LDAP and X.500 Component Matching RulesRFC 3687
RFC 3771Lightweight Directory Access Protocol (LDAP) Intermediate Response MessageN/A
RFC 3829Lightweight Directory Access Protocol (LDAP) Authorization Identity Request and Response ControlsRFC 4532
RFC 3866Language Tags and Ranges in the Lightweight Directory Access Protocol (LDAP)N/A
RFC 3876Returning Matched Values with the Lightweight Directory Access Protocol version 3 (LDAPv3)N/A
RFC 3909Lightweight Directory Access Protocol (LDAP) Cancel OperationN/A
RFC 3928Lightweight Directory Access Protocol (LDAP) Client Update Protocol (LCUP)N/A
RFC 4104Policy Core Extension Lightweight Directory Access Protocol Schema (PCELS)RFC 3703
RFC 4237Voice Messaging Directory ServiceN/A
RFC 4346The Transport Layer Security (TLS) Protocol Version 1.1RFC 2246
RFC 4370Lightweight Directory Access Protocol (LDAP) Proxied Authorization ControlRFC 4370
RFC 4373Lightweight Directory Access Protocol (LDAP) Bulk Update/Replication Protocol (LBURP)N/A
RFC 4403Lightweight Directory Access Protocol (LDAP) Schema for Universal Description, Discovery, and Integration version 3 (UDDIv3)N/A
RFC 4422Simple Authentication and Security Layer (SASL)RFC 2222
RFC 4505Anonymous Simple Authentication and Security Layer (SASL) MechanismN/A
RFC 4510Lightweight Directory Access Protocol (LDAP): Technical Specification Road MapRFC 3377
RFC 4511Lightweight Directory Access Protocol (LDAP): The ProtocolRFC 2251
RFC 4512Lightweight Directory Access Protocol (LDAP): Directory Information ModelsN/A
RFC 4513Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security MechanismsRFC 2829
RFC 2830
RFC 4514Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished NamesRFC 2253
RFC 4515Lightweight Directory Access Protocol (LDAP): String Representation of Search FiltersRFC 2254
RFC 4516Lightweight Directory Access Protocol (LDAP): Uniform Resource LocatorRFC 2255
RFC 4517Lightweight Directory Access Protocol (LDAP): Syntaxes and Matching RulesRFC 2252
RFC 3698
RFC 4518Lightweight Directory Access Protocol (LDAP): Internationalized String PreparationRFC 3454
RFC 4519Lightweight Directory Access Protocol (LDAP): Schema for User ApplicationsRFC 2256
RFC 4520Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)RFC 3383
RFC 4521Considerations for Lightweight Directory Access Protocol (LDAP) ExtensionsN/A
RFC 4522Lightweight Directory Access Protocol (LDAP): The Binary Encoding OptionN/A
RFC 4523Lightweight Directory Access Protocol (LDAP) Schema Definitions for X.509 CertificatesN/A
RFC 4524COSINE LDAP/X.500 SchemaRFC 1274
RFC 4525Lightweight Directory Access Protocol (LDAP) Modify-Increment ExtensionN/A
RFC 4526Lightweight Directory Access Protocol (LDAP) Absolute True and False FiltersN/A
RFC 4527Lightweight Directory Access Protocol (LDAP) Read Entry ControlsN/A
RFC 4528Lightweight Directory Access Protocol (LDAP) Assertion ControlN/A
RFC 4529Requesting Attributes by Object Class in the Lightweight Directory Access Protocol (LDAP)N/A
RFC 4530Lightweight Directory Access Protocol (LDAP) entryUUID Operational AttributeN/A
RFC 4531Lightweight Directory Access Protocol (LDAP) Turn OperationN/A
RFC 4532Lightweight Directory Access Protocol (LDAP) "Who am I?" OperationRFC 3829
RFC 4533Lightweight Directory Access Protocol (LDAP) Content Synchronization OperationN/A
RFC 4616The PLAIN Simple Authentication and Security Layer (SASL) MechanismN/A
RFC 4634US Secure Hash Algorithms (SHA and HMAC-SHA)FIPS 180-1 (PDF)
FIPS 180-2 (PDF)
RFC 4752The Kerberos V5 ("GSSAPI") SASL MechanismN/A
RFC 4876A Configuration Profile Schema for LDAP-Based AgentsN/A

Explanation of "Legacy" notations:#

  • The Directory Server is designed as an LDAPv3 server, and LDAPv2 has been transitioned to "historic" status. Some support for LDAPv2-specific elements does exist (e.g., use of semicolons instead of commas in DNs, or escaping with quotation marks rather than backslashes), and the server will avoid sending LDAPv2 clients LDAPv3-specific elements like controls or referrals. However, strict compliance with the LDAPv2 specification may not be enforced in all areas.

Explanation of "Partial" notations:#

  • RFC 2377 -- Only the uidObject class is defined in the Directory Server schema. The name forms are not defined in the schema, as that would interfere with legitimate uses of attributes other than "dc" in the RDNs of he associated objects.
  • RFC 2831 -- At the present time, only the "auth" quality of protection may be used. Neither the "auth-int" or "auth-conf" modes are currently supported.
  • RFC 2926 -- None of the SLP-specific attribute syntaxes referenced in this document have been implemented. References to those syntaxes have been replaced with references to the IA5 String syntax.
  • RFC 3296 -- The Directory Server schema does contain the ref attribute type and the referral objectclass, but referral support is not yet implemented in the Directory Server, nor is support for the ManageDsaIT control.
  • RFC 3383 -- Not all of the specifications referenced in this document have been implemented.
  • RFC 3454 -- Not all of the specifications referenced in this document have been implemented.
  • RFC 3698 -- Not all of the matching rules referenced in this document have been implemented. Only those specified in RFC 4517 are currently supported.
  • RFC 4518 -- The string parsing mechanism is not in strict compliance with this document.
  • RFC 4520 -- Not all of the specifications referenced in this document have been implemented.
  • RFC 4634 -- At least the SHA-1, SHA-256, SHA-384, and SHA-512 digests should be implemented as password storage schemes. The SHA-224 scheme may not be available, as it is currently not provided by JCE.

Internet Drafts#

DocumentDescriptionSee Also
draft-armijo-ldap-treedeleteTree Delete ControlN/A
Draft-behera-ldap-password-policyPassword Policy for LDAP DirectoriesN/A
draft-byrne-ldap-aliasUse of Aliases within LDAPN/A
draft-chu-ldap-ldapiUsing LDAP over IPC MechanismsN/A
draft-chu-ldap-logschemaA Schema for Logging the LDAP ProtocolN/A
draft-chu-ldap-xorderedOrdered Entries and Values in LDAPN/A
draft-cridland-sasl-hexaThe Hash Exchange Authentication SASL MechanismN/A
draft-furuseth-ldap-untypedobjectStructural object class 'untypedObject' for LDAP/X.500draft-howard-namedobject
draft-good-ldap-changelogDefinition of an Object Class to Hold LDAP Change RecordsN/A
draft-haripriya-dynamicgroupLDAP: Dynamic Groups for LDAPv3N/A
draft-howard-namedobjectA Structural Object Class for Arbitrary Auxiliary Object Classesdraft-furuseth-ldap-untypedobject
draft-howard-rfc2307bisAn Approach for Using LDAP as a Network Information ServiceN/A
draft-ietf-boreham-numsubordinatesnumSubordinates LDAP Operational AttributeN/A
draft-ietf-dhc-ldap-schemaLDAP Schema for DHCPN/A
draft-miller-dns-ldap-schema-00.txtLDAP Schema for DNSN/A
draft-ietf-ldapext-acl-modelAccess Control Model for LDAPv3N/A
draft-ietf-ldapext-ldap-java-apiThe Java LDAP Application Program InterfaceN/A
draft-ietf-ldapext-ldap-java-api-asynch-extThe Java LDAP Application Program Interface Asynchronous ExtensionN/A
draft-ietf-ldapext-ldapv3-dupentLDAP Control for a Duplicate Entry Representation of Search ResultsN/A
draft-ietf-ldapext-ldapv3-vlvLDAP Extensions for Scrolling View Browsing of Search ResultsRFC 2696
draft-ietf-ldapext-psearchPersistent Search: A Simple LDAP Change Notification MechanismN/A
draft-ietf-ldup-subentryLDAP Subentry SchemaN/A
draft-ietf-sasl-crammd5The CRAM-MD5 SASL MechanismN/A
draft-ietf-sasl-rfc2831bisUsing Digest Authentication as a SASL MechanismRFC 2831
draft-legg-ldap-gser-eiEncoding Instructions for the Generic String Encoding Rules (GSER)RFC 3641
draft-legg-ldap-transferLightweight Directory Access Protocol (LDAP): Transfer Encoding OptionsN/A
draft-melnikov-ldap-distr-authDistributed SASL authentication in LDAPN/A
draft-newman-auth-scramSalted Challenge Response Authentication Mechanism (SCRAM)N/A
draft-poitou-ldap-schema-updateLDAP Schema Update ProceduresN/A
draft-rajasekaran-kerberos-schemaKerberos version 5 schema for LDAP DirectoriesN/A
draft-schleiff-ldap-xriLDAP Schema for eXtensible Resource Identifier (XRI)N/A
draft-sermersheim-ldap-chainingLDAP Control to Specify Chaining BehaviorN/A
draft-sermersheim-ldap-csnThe LDAP Change Sequence NumberN/A
draft-sermersheim-ldap-distprocDistributed Procedures for LDAP OperationsN/A
draft-sermersheim-ldap-subordinate-scopeSubordinate Subtree Search Scope for LDAPN/A
draft-wahl-ldap-adminaddrLDAP Administrator Address AttributeN/A
draft-wahl-ldap-p3pP3P Policy Attributes for LDAPN/A
draft-wahl-ldap-sessionLDAP Session Tracking ControlN/A
draft-wahl-ldap-subtree-sourceLDAP Subtree Data Source URI AttributeN/A
draft-wahl-schema-eupp-attributeEnrolled User Policy Profiles AttributeN/A
draft-wahl-schema-rdf-attributeIdentity Associated RDF AttributeN/A
draft-weltman-ldapv3-proxyLDAP Proxied Authorization ControlRFC 4370
draft-zeilenga-auth-lvlAuthentication Mechanisms LevelsN/A
draft-zeilenga-ldap-dontusecopyThe LDAP Don't Use Copy ControlN/A
draft-zeilenga-ldap-entrydnThe LDAP entryDN Operational AttributeN/A
draft-zeilenga-ldap-groupingLDAP: Grouping of Related OperationsN/A
draft-zeilenga-ldap-manageditThe LDAP Manage Directory Information Tree ControlN/A
draft-zeilenga-ldap-noopThe LDAP No-Op ControlN/A
draft-zeilenga-ldap-proxy-grpLDAPv3 Proxy GroupN/A
draft-zeilenga-ldap-relaxThe LDAP Relax Rules ControlN/A
draft-zeilenga-ldap-txnLDAP TransactionsN/A
draft-zeilenga-sasl-yapSASL Yet Another Password MechanismN/A

Explanation of "Partial" notations:#

  • draft-behera-ldap-password-policy -- This draft will not be supported in its entirety. In particular, the operational attributes will be supported, but the configuration schema will not. The OpenDS password policy implementation includes features not in this draft, and the implementation of other features differs from that specified in the draft.
  • draft-furuseth-ldap-untypedobject -- No official OID has yet been assigned for the untypedObject class. A temporary OID from the OpenDS experimental range has been allocated for use until the official OID is assigned by IANA.
  • draft-good-ldap-changelog -- The schema elements defined in this document are available in the Directory Server, but the server does not currently publish a changelog in this form.
  • draft-ietf-sasl-gssapi -- At the present time, only the "auth" quality of protection mode may be used. Neither the "auth-int" or "auth-conf" modes are currently supported.
  • draft-ietf-sasl-rfc2831bis -- At the present time, only the "auth" quality of protection mode may be used. Neither the "auth-int" or "auth-conf" modes are currently supported.
  • draft-zeilenga-ldap-noop -- Recent versions of this draft do not have an OID assigned for this control. However, earlier forms of the draft did provide an OID from the OpenLDAP private enterprise range. Until IANA assigns an official OID for this control, the server will use the OID originally assigned by the OpenLDAP Foundation.

Other Documents and Specifications#

DocumentDescriptionSee Also
DSMLv2.docOASIS DSMLv2 DocumentationN/A
DSMLv2.xsdOASIS DSMLv2 StandardN/A
FIPS 180-1Secure Hash Standard (SHA-1)RFC 3174
FIPS 180-2Secure Hash Standard (SHA-2)RFC 4634
ldap-parametersLightweight Directory Access Protocol (LDAP) Parameters per RFC-ietf-ldapbis-bcp64RFC 3383
RFC 4520
Source Document

Explanation of "Partial" notations:

  • ldap-parameters -- Not all of the specifications referenced in this document have been implemented.

More Information#

There might be more information for this subject on one of the following: