Directory Server Standards and Specifications#

RFCs#

Explanation of "Legacy" notations:#

• The Directory Server is designed as an LDAPv3 server, and LDAPv2 has been transitioned to "historic" status. Some support for LDAPv2-specific elements does exist (e.g., use of semicolons instead of commas in DNs, or escaping with quotation marks rather than backslashes), and the server will avoid sending LDAPv2 clients LDAPv3-specific elements like controls or referrals. However, strict compliance with the LDAPv2 specification may not be enforced in all areas.

Explanation of "Partial" notations:#

• RFC 2377 -- Only the uidObject class is defined in the Directory Server schema. The name forms are not defined in the schema, as that would interfere with legitimate uses of attributes other than "dc" in the RDNs of he associated objects.
• RFC 2831 -- At the present time, only the "auth" quality of protection may be used. Neither the "auth-int" or "auth-conf" modes are currently supported.
• RFC 2926 -- None of the SLP-specific attribute syntaxes referenced in this document have been implemented. References to those syntaxes have been replaced with references to the IA5 String syntax.
• RFC 3296 -- The Directory Server schema does contain the ref attribute type and the referral objectclass, but referral support is not yet implemented in the Directory Server, nor is support for the ManageDsaIT control.
• RFC 3383 -- Not all of the specifications referenced in this document have been implemented.
• RFC 3454 -- Not all of the specifications referenced in this document have been implemented.
• RFC 3698 -- Not all of the matching rules referenced in this document have been implemented. Only those specified in RFC 4517 are currently supported.
• RFC 4518 -- The string parsing mechanism is not in strict compliance with this document.
• RFC 4520 -- Not all of the specifications referenced in this document have been implemented.
• RFC 4634 -- At least the SHA-1, SHA-256, SHA-384, and SHA-512 digests should be implemented as password storage schemes. The SHA-224 scheme may not be available, as it is currently not provided by JCE.

Internet Drafts#

Explanation of "Partial" notations:#

• draft-behera-ldap-password-policy -- This draft will not be supported in its entirety. In particular, the operational attributes will be supported, but the configuration schema will not. The OpenDS password policy implementation includes features not in this draft, and the implementation of other features differs from that specified in the draft.
• draft-furuseth-ldap-untypedobject -- No official OID has yet been assigned for the untypedObject class. A temporary OID from the OpenDS experimental range has been allocated for use until the official OID is assigned by IANA.
• draft-good-ldap-changelog -- The schema elements defined in this document are available in the Directory Server, but the server does not currently publish a changelog in this form.
• draft-ietf-sasl-gssapi -- At the present time, only the "auth" quality of protection mode may be used. Neither the "auth-int" or "auth-conf" modes are currently supported.
• draft-ietf-sasl-rfc2831bis -- At the present time, only the "auth" quality of protection mode may be used. Neither the "auth-int" or "auth-conf" modes are currently supported.
• draft-zeilenga-ldap-noop -- Recent versions of this draft do not have an OID assigned for this control. However, earlier forms of the draft did provide an OID from the OpenLDAP private enterprise range. Until IANA assigns an official OID for this control, the server will use the OID originally assigned by the OpenLDAP Foundation.

Other Documents and Specifications#

Document	Description	See Also
DSMLv2.doc	OASIS DSMLv2 Documentation	N/A
DSMLv2.xsd	OASIS DSMLv2 Standard	N/A
FIPS 180-1Content unavailable! (broken link)https://ldapwiki.com/wiki/images/out.png	Secure Hash Standard (SHA-1)	RFC 3174Content unavailable! (broken link)https://ldapwiki.com/wiki/images/out.png
FIPS 180-2Content unavailable! (broken link)https://ldapwiki.com/wiki/images/out.png	Secure Hash Standard (SHA-2)	RFC 4634Content unavailable! (broken link)https://ldapwiki.com/wiki/images/out.png
ldap-parametersContent unavailable! (broken link)https://ldapwiki.com/wiki/images/out.png	Lightweight Directory Access Protocol (LDAP) Parameters per RFC-ietf-ldapbis-bcp64	RFC 3383Content unavailable! (broken link)https://ldapwiki.com/wiki/images/out.png RFC 4520Content unavailable! (broken link)https://ldapwiki.com/wiki/images/out.png Source DocumentContent unavailable! (broken link)https://ldapwiki.com/wiki/images/out.png

Explanation of "Partial" notations:

• ldap-parameters -- Not all of the specifications referenced in this document have been implemented.

More Information#

There might be more information for this subject on one of the following:

• Internet Draft
• LDAP Protocol Exchanges
• Request For Comment