Overview#

Extended Flags are what LDAPWiki uses to define LDAP Schema Element Extensions.

Various DSA support Extended Attribute Flags that may provide additional information about the AttributeTypes and ObjectClasses.

Extended Flags are described as Experimental in RFC 4512
"Implementors should note that future versions of this document may expand these definitions to include additional terms. Terms whose identifier begins with "X-" are reserved for private experiments and are followed by <SP> and <qdstrings> tokens."

LDAP does not define any standard schema extensions, but many LDAP Server Implementations accept any properly-formatted extension as a means of annotating the schema element. For example, one of the most commonly-used extension types is X-ORIGIN, which is typically used to indicate the source of the associated schema element, and the string X-ORIGIN RFC 4519 might be used to indicate that the associated schema element is defined in RFC 4519.

These Extended Attribute Flags are typically specific to each individual LDAP Server Implementations and are prefixed with a "X-". Some popular examples:

• X-ALLOWED-VALUE - Specifies the set of values that attributes of that type will be allowed to have.
• X-APPROX - Specifies the name or OID of the approximate matching rule that should be used in conjunction with the specified attribute Type.
• X-MAX-INT-VALUE - Specifies the maximum integer value that attributes of that type will be allowed to have.
• X-MAX-VALUE-COUNT - Specifies the maximum number of values that attributes of that type will be allowed to have.
• X-MAX-VALUE-LENGTH - Specifies the maximum number of UTF-8 characters that values of attributes of that attribute Type will be allowed to have.
• X-MIN-INT-VALUE - Specifies the minimum integer value that attributes of that type will be allowed to have.
• X-MIN-VALUE-COUNT - Specifies the minimum number of values that attributes of that type will be allowed to have.
• X-MIN-VALUE-LENGTH - Specifies the minimum number of UTF-8 characters that values of attributes of that type will be allowed to have.
• X-NDS_ACL_TEMPLATES
• X-NDS_BOTH_MANAGED
• X-NDS_CONTAINMENT
• X-NDS_ENCRYPTED_SYNC
• X-NDS_FILTERED_OPERATIONAL
• X-NDS_FILTERED_REQUIRED
• X-NDS_HIDDEN
• X-NDS_LOWER_BOUND
• X-NDS_NAME
• X-NDS_NAME_VALUE_ACCESS
• X-NDS_NAMING
• X-NDS_NEVER_SYNC
• X-NDS_NON_REMOVABLE
• X-NDS_NONREMOVABLE
• X-NDS_NOT_CONTAINER
• X-NDS_NOT_SCHED_SYNC_IMMEDIATE
• X-NDS_PUBLIC_READ
• X-NDS_READ_FILTERED
• X-NDS_SCHED_SYNC_NEVER
• X-NDS_SERVER_READ
• X-NDS_SYNTAX
• X-NDS_UPPER_BOUND
• X-NOT-HUMAN-READABLE
• X-ORIGIN - is typically used to indicate the source of the associated schema element and is often the LDAP RFC where the Schema element is defined.
• X-SCHEMA-FILE -
• X-SYSTEMFLAGS
• X-SCHEMAFLAGSEx
• X-SEARCH-FLAGS

More Information#

There might be more information for this subject on one of the following:

• 1.3.6.1.4.1.1466.115.121.1.26
• 1.3.6.1.4.1.1466.115.121.1.4
• 2.16.840.1.113719.1.1.4.1.96
• 2.5.6.13
• ACL (eDirectory Attribute)
• ARecord
• AbzillaPerson
• AccountExpires
• AccountNameHistory
• AdministrativeRole
• AdministratorsAddress
• AllowedAttributesEffective
• Assistant
• AssociatedDomain
• AssociatedInternetGateway
• AssociatedName
• AttributeSecurityGUID
• AttributeSyntax
• AttributeTypes
• Audio
• Automount
• AutomountMap
• AutomountMapName
• BirthName
• Birthdate
• BootableDevice
• BuildingName
• Children
• City
• ClassDisplayName
• Cn
• Co
• CollectiveAttributeSubentries
• Company
• Container
• Country
• Country-Code
• CountryName
• CountryOfCitizenship
• CountryOfResidence
• CreateTimestamp
• CreatorsName
• CrossRef
• DC
• DITContentRules
• DITStructureRules
• DSA ObjectClass
• DateOfBirth
• DateOfDeath
• DeathDate
• DefaultHidingValue
• DefaultObjectCategory
• DepartmentNumber
• Description
• Device
• DhcpDomainName
• DhcpRelayAgentInfo
• DicAppData
• DicAppInfo
• DirXML-ConfigValues
• DirXML-DriverStartOption
• DirXML-JavaDebugPort
• DirXML-NTAccountName
• DirXML-NamedPasswords
• DirXML-ShimAuthPassword
• DirXML-State
• DirectReports
• DisplayName
• Dmd
• Domain
• DomainComponent
• DomainControllerFunctionality
• DomainFunctionality
• DsRevision
• EDirCloneLock
• EDirectory Extended LDAP Flags
• EmailAddress
• EmployeeNumber
• EnhancedSearchGuide
• ExtendedCharsAllowed
• ExtensibleObject
• FacsimileTelephoneNumber
• FilteredReplicaUsage
• ForestFunctionality
• FullName
• Gecos
• Gender
• GidNumber
• GivenName
• GroupOfNames
• HomeCity
• HomeDirectory
• HomeInfo
• HomePhone
• HomeState
• HostResourceName
• HttpSessionTimeout
• IA5String
• IndexDefinition
• InetOrgPerson
• Initials
• IpProtocol
• IpProtocolNumber
• IpService
• IpServicePort
• IpServiceProtocol
• IsDefunct
• IsDeleted
• IsEphemeral
• IsRecycled
• LDAP Schema Element Extensions
• LDAPAdminLimits
• LabeledUri
• Language
• LanguageId
• LdapGroup
• LdapGroupDN
• LdapInterfaces
• LdapKeyMaterialName
• LdapServerIdleTimeout
• LdapStdCompliance
• Leaf
• LegacyExchangeDN
• LinkID
• LocalEntryID
• LocalReceivedUpTo
• Locality
• LoginDisabled
• LoginMaximumSimultaneous
• LoginShell
• MacAddress
• Mail
• MailboxRelatedObject
• ManagedBy
• Manager
• MapiID
• Member
• MemberOf
• MemberQueryURL
• MemberUid
• Memory
• Mobile
• ModifiersName
• ModifyTimestamp
• MsDS-AdditionalSamAccountName
• MsDS-GroupManagedServiceAccount
• MsDS-HasInstantiatedNCs
• MsDS-MaximumPasswordAge
• MsDS-PasswordSettings
• MsDS-PasswordSettingsContainer
• MsDS-PasswordSettingsPrecedence
• MsDS-PhoneticCompanyName
• MsDS-PhoneticDepartment
• MsDS-SupportedEncryptionTypes
• MsDS-TrustForestTrustInfo
• MsDS-User-Account-Control-Computed
• NDSPKIKeyMaterialDN
• NDSPKISDKeyAccessPartition
• NDSPKISDKeyList
• NDSRightsToMonitor
• NTDSDSA
• NTDSService
• NTDSSiteSettings
• NameForms
• NcpServer
• NdsLoginProperties
• NdsStatusLimber
• NdspkiIssueTime
• NetworkAddress
• NickName
• NisDomain
• NisDomainObject
• NisMap
• NisMapEntry
• NisNetgroup
• NisNetgroupTriple
• NisObject
• NspmAdminsDoNotExpirePassword
• NspmComplexityRules
• NspmConfigurationOptions
• NspmDoNotExpirePassword
• NspmMaximumLength
• NspmPassword
• NspmPasswordACL
• NspmPasswordAux
• NspmPasswordKey
• NspmPasswordPolicy
• NspmPasswordPolicyDN
• NspmPolicyAgentAIX
• NspmSpecialAsLastCharacter
• NumericString
• OMObjectClass
• OMSyntax
• Obituary
• Object Class Description
• ObjectClasses
• ObjectGUID
• OncRpc
• Organization
• OrganizationalUnit
• Ou
• Owner
• Partition
• PartitionStatus
• PasswordExpirationInterval
• PasswordExpirationTime
• PasswordMinimumLength
• PasswordsUsed
• Person
• Photo
• PhysicalDeliveryOfficeName
• PlaceOfBirth
• PosixAccount
• PosixGroup
• PostalCode
• PreferredServerList
• PresentationAddress
• PrimaryGroupID
• Profile
• ProxyAddresses
• PurgeVector
• PwdAccountLockedTime
• PwdInHistory
• QueryPolicy
• QueryPolicyObject
• Queue
• RdnAttId
• Reference
• Replica
• ReplicaUpTo
• Resolution_AttrubuteType
• Resource
• Revision
• SASLoginPolicy
• SASService
• SambaLMPassword
• SapAddOnUM
• SchemaFlagsEx
• SearchFlags
• SearchGuide
• SearchSizeLimit
• SearchTimeLimit
• SecurityPrincipal
• SeeAlso
• SerialNumber
• Server
• ServerHolds
• ServiceConnectionPoint
• ServiceDNSName
• ShadowAccount
• ShadowExpire
• ShadowFlag
• ShadowInactive
• ShadowMax
• ShadowMin
• ShadowWarning
• Site
• SslEnableMutualAuthentication
• Street
• Subschema
• SupportedGroupingTypes
• SupportedLDAPVersion
• SupportedSASLMechanisms
• SynchronizedUpTo
• System-Id-Guid
• Timezone
• TokenGroups
• TombstoneLifetime
• TransitiveVector
• TrustedDomain
• UidNumber
• UidObject
• UniqueIdentifier
• UniqueMember
• UnixHomeDirectory
• UnknownBaseClass
• User
• UsnChanged
• VPIMUser
• WhenChanged
• X-ALLOWED-VALUE
• X-APPROX
• X-HIDDEN
• X-MAX-INT-VALUE
• X-MAX-VALUE-COUNT
• X-MAX-VALUE-LENGTH
• X-MIN-INT-VALUE
• X-MIN-VALUE-COUNT
• X-MIN-VALUE-LENGTH
• X-NDS_ACL_TEMPLATES
• X-NDS_CONTAINMENT
• X-NDS_FILTERED_REQUIRED
• X-NDS_HIDDEN
• X-NDS_LOWER_BOUND
• X-NDS_NAME
• X-NDS_NAME_VALUE_ACCESS
• X-NDS_NAMING
• X-NDS_NEVER_SYNC
• X-NDS_NONREMOVABLE
• X-NDS_NOT_CONTAINER
• X-NDS_NOT_SCHED_SYNC_IMMEDIATE
• X-NDS_PUBLIC_READ
• X-NDS_SCHED_SYNC_NEVER
• X-NDS_SERVER_READ
• X-NDS_SYNTAX
• X-NOT-HUMAN-READABLE
• X-ORIGIN
• X-SCHEMA-FILE
• X-SCHEMAFLAGSEx
• X-SEARCH-FLAGS
• X-SYSTEMFLAGS
• X500UniqueIdentifier
• nrfInheritedRoles
• shadowLastChange

---

• [#1] - Schema Element Extensions - based on information obtained 2018-10-02-