Object Classes

This appendix includes information on object class definitions. Most of the schema elements used in the Directory Server are part of the standard LDAP protocol, which is in turn based on the X.500 standard. However, some of the Directory Server's object classes are extensions for use with its implementation of LDAP. If an object class is an extension and is not part of the standard LDAP schema, a note is made in the description of that object class.


2.16.840.1.113730.3

All object classes schema extensions have the base OID:


2.16.840.1.113730.3.2

Groups

The following object classes describe entries representing an unordered set of names that represent individual objects or other groups of objects. Membership of a group is static: only administrative action can modify a group (such as adding a member), the membership is not determined dynamically each time a reference is made to the group. Each object class contains attributes that describe the group and its members. The object classes described here are groupOfNames, groupOfUniqueNames, and NTGroup.

groupOfNames

Defines entries for a group of names. This object class was inherited from X.500 Directory Services.

OID: 2.5.6.9

Attribute
Attribute Description

cn
(Required) The group's common name.

member
(Required) A group member in distinguished name format.

businessCategory
Type of business in which the group is engaged.

description
Text description of the group's purpose.

memberURL
URL to information relevant to a group member.

o
Organization to which the group belongs.

ou
Organizational unit to which the group belongs.

owner
The group's owner.

seeAlso
URL to information relevant to the group.

Attribute	Attribute Description
cn	(Required) The group's common name.
member	(Required) A group member in distinguished name format.
businessCategory	Type of business in which the group is engaged.
description	Text description of the group's purpose.
memberURL	URL to information relevant to a group member.
o	Organization to which the group belongs.
ou	Organizational unit to which the group belongs.
owner	The group's owner.
seeAlso	URL to information relevant to the group.

groupOfUniqueNames

Defines entries for a group of unique names. This object class was inherited from X.500 Directory Services.

OID: 2.5.6.17

Attribute
Attribute Description

cn
(Required) The group's common name.

uniqueMember
(Required) A unique group member in distinguished name format.

businessCategory
Type of business in which the group is engaged.

description
Text description of the group's purpose.

o
Organization to which the group belongs.

ou
Organizational unit to which the group belongs.

owner
The group's owner.

seeAlso
URL to information relevant to the group.

Attribute	Attribute Description
cn	(Required) The group's common name.
uniqueMember	(Required) A unique group member in distinguished name format.
businessCategory	Type of business in which the group is engaged.
description	Text description of the group's purpose.
o	Organization to which the group belongs.
ou	Organizational unit to which the group belongs.
owner	The group's owner.
seeAlso	URL to information relevant to the group.

NTGroup

Object class used by the NT synchronization service to map the attributes of an NT group to an entry in the directory. This object class is an extension to the standard LDAP schema.

OID: 2.16.840.1.113730.3.2.9

NOTE: ntGroupDomainId is deprecated. ntUserDomainId is used for both NT users and groups.

Attribute
Attribute Description

ntUserDomainId
(Required) Used by the NT synchronization service to store the NT Global Groupname.

description
Text description of the NT group.

ntGroupAttributes
Used by the NT synchronization service to store attributes for an NT group.

ntGroupCreateNewGroup
Reserved for use by the NT synchronization service.

ntGroupDeleteGroup
Reserved for use by the NT synchronization service.

ntGroupId
Used by the NT synchronization service to store the identifier for the group.

seeAlso
URL to information relevant to the group.

Attribute	Attribute Description
ntUserDomainId	(Required) Used by the NT synchronization service to store the NT Global Groupname.
description	Text description of the NT group.
ntGroupAttributes	Used by the NT synchronization service to store attributes for an NT group.
ntGroupCreateNewGroup	Reserved for use by the NT synchronization service.
ntGroupDeleteGroup	Reserved for use by the NT synchronization service.
ntGroupId	Used by the NT synchronization service to store the identifier for the group.
seeAlso	URL to information relevant to the group.

Replication

The following object classes define Directory Servers. The first object class identifies the master or supplier server. The second object class identifies consumer servers and the entries to be supplied to those consumers. The object classes are cirReplicaSource, LDAPServer, and LDAPReplica.

cirReplicaSource

Object class used by the Directory Server for consumer initiated replication that contains all the replication information for a particular subtree of the directory. This object class is an extension to the standard LDAP schema.

OID: 2.16.840.1.113730.3.2.11

Attribute	Attribute Description
cn	(Required) unique identifier of the supplier server.
cirBeginORC	Defines whether or not the consumer server should erase the contents of its directory before replication.
cirBindCredentials	Bind credentials used to connect to the supplier server.
cirBindDn	Distinguished name used to bind to the supplier server.
cirHost	Hostname of the supplier server.
cirLastUpdateApplied	Last date and time that synchronization occurred between the consumer and supplier servers.
cirPort	Port number of the supplier server.
cirReplicaRoot	Root of the subtree on the supplier server to be replicated on the consumer.
cirSyncInterval	Periodically, the consumer server queries the supplier to find out if any changes have been made to the replicated portion of the directory. This attribute defines, in seconds, the interval between consumer queries of the supplier server.
cirUpdateFailedat	Timestamp of the last failed update attempt.
cirUpdateSchedule	Hours between which replication can occur.
cirUsePersistentSearch	Reserved for future use.
cirUseSsl	Tells the consumer server to use an SSL connection when binding to the supplier server.
replicaEntryFilter	Specifies which attributes should be replicated or omitted during replication.
replicaNickName	Freeform name that describes a particular set of replication rules between a single supplier and a single consumer server.
replicatedAttributeList	Specifies which attributes should be replicated or omitted during replication.

glue

Extensible object class used by the Directory Server to facilitate replication. For more information about extensible object classes, see "Types of Object Classes" in the Directory Server Deployment Guide. Reserved. This object class is an extension to the standard LDAP schema.

OID: 2.16.840.1.113730.3.2.30

LDAPServer

Identifies the local server. This object class is an extension to the standard LDAP schema.

OID: 2.16.840.1.113730.3.2.35

Attribute
Attribute Description

cn
(Required) The server's common name.

changeLogMaximumAge
Maximum age permitted for the server's change log.

changeLogMaximumSize
Maximum size permitted for the server's change log.

description
Text description of the server.

generation
Unique byte vector that identifies the server for replication purposes.

l
Locality in which the server resides.

ou
Organizational unit to which the server belongs.

seeAlso
URL to information relevant to the server.

Attribute	Attribute Description
cn	(Required) The server's common name.
changeLogMaximumAge	Maximum age permitted for the server's change log.
changeLogMaximumSize	Maximum size permitted for the server's change log.
description	Text description of the server.
generation	Unique byte vector that identifies the server for replication purposes.
l	Locality in which the server resides.
ou	Organizational unit to which the server belongs.
seeAlso	URL to information relevant to the server.

LDAPReplica

Identifies entries in the local server that are replicated to a remote server, and identifies the remote server to which the entries are replicated. This object class is an extension to the standard LDAP schema.

OID: 2.16.840.1.113730.3.2.36

Attribute
Attribute Description

cn
(Required) The entry's common name.

description
Text description of the entry.

l
Locality in which the entry resides.

ou
Organizational unit in which the entry resides.

replicaBeginOrc
Defines whether or not the supplier server should erase the contents of the consumer server before replication.

replicaBindDn
DN used by the local server to bind to the consumer server.

replicaBindMethod
Method used by the local server to bind to the consumer. Currently this attribute must be set to simple.

replicaCredentials
Password used by the local server to bind to the consumer.

replicaEntryFilter
Specifies which attributes should be replicated or omitted in a filtered replication agreement.

replicaHost
Hostname of the consumer server.

replicaNickName
Contains a freeform name for the replication agreement.

replicaPort
Port used by the consumer server for LDAP communications.

replicaRoot
Distinguished name representing the subtree on the local server that is to be supplied to the consumer server.

replicatedAttributeList
Specifies which attributes should be replicated or omitted in a selected attribute replication agreement.

replicaUpdateFailedAt
Time stamp when an update to the consumer server failed.

replicaUpdateReplayed
Change number of the last change supplied to the consumer server.

replicaUpdateSchedule
Schedule when the local server begins an update to the consumer server.

replicaUseSSL
Indicates whether SSL is to be used for communications with the consumer server.

seeAlso
URL to information relevant to the server.

Attribute	Attribute Description
cn	(Required) The entry's common name.
description	Text description of the entry.
l	Locality in which the entry resides.
ou	Organizational unit in which the entry resides.
replicaBeginOrc	Defines whether or not the supplier server should erase the contents of the consumer server before replication.
replicaBindDn	DN used by the local server to bind to the consumer server.
replicaBindMethod	Method used by the local server to bind to the consumer. Currently this attribute must be set to `simple`.
replicaCredentials	Password used by the local server to bind to the consumer.
replicaEntryFilter	Specifies which attributes should be replicated or omitted in a filtered replication agreement.
replicaHost	Hostname of the consumer server.
replicaNickName	Contains a freeform name for the replication agreement.
replicaPort	Port used by the consumer server for LDAP communications.
replicaRoot	Distinguished name representing the subtree on the local server that is to be supplied to the consumer server.
replicatedAttributeList	Specifies which attributes should be replicated or omitted in a selected attribute replication agreement.
replicaUpdateFailedAt	Time stamp when an update to the consumer server failed.
replicaUpdateReplayed	Change number of the last change supplied to the consumer server.
replicaUpdateSchedule	Schedule when the local server begins an update to the consumer server.
replicaUseSSL	Indicates whether SSL is to be used for communications with the consumer server.
seeAlso	URL to information relevant to the server.

Locations

The following object classes describe locations in the directory tree. Each object class contains attributes that describe a location, such as the country name and description. The object classes described here are country and locality.

country

Defines entries that represent countries. This object class was inherited from X.500 Directory Services.

OID: 2.5.6.2

Attribute
Attribute Description

c
(Required) The entry's country name.

description
Text description of the country.

searchGuide
Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation.

Attribute	Attribute Description
c	(Required) The entry's country name.
description	Text description of the country.
searchGuide	Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation.

locality

Defines entries that represent localities or geographic areas. This object class was inherited from X.500 Directory Services.

OID: 2.5.6.3

Attribute
Attribute Description

description
Text description of the locality.

l
The entry's locality.

searchGuide
Specifies information for a suggested search criteria when using the entry as the base object in the directory tree for a search operation.

seeAlso
URL to information relevant to the locality.

st
State or province to which the locality belongs.

street
Street address associated with the locality.

Attribute	Attribute Description
description	Text description of the locality.
l	The entry's locality.
searchGuide	Specifies information for a suggested search criteria when using the entry as the base object in the directory tree for a search operation.
seeAlso	URL to information relevant to the locality.
st	State or province to which the locality belongs.
street	Street address associated with the locality.

Organizations

The following object classes describe entries representing organizations in the directory tree. Each object class contains attributes that describe an organization, such as its name and description. The object classes described here are organization and organizationalUnit.

organization

Defines entries that represent organizations. An organization is generally assumed to be a large, relatively static grouping within a larger corporation or enterprise. This object class was inherited from X.500 Directory Services.

OID: 2.5.6.4

Attribute
Attribute Description

o
(Required) The organization's name.

businessCategory
Business in which the organization is involved.

description
Text description of the organization.

facsimileTelephoneNumber
Fax number associated with the organization.

l
The organization's location.

physicalDeliveryOfficeName
A location where physical deliveries can be made to the organization.

postalAddress
The organization's mailing address.

postalCode
The organization's postal code (such as a United States zip code).

postOfficeBox
The organization's post office box.

preferredDeliveryMethod
The organization's preferred method of contact or delivery.

searchGuide
Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation.

seeAlso
URL to information relevant to the organization.

st
State or province in which the organization resides.

street
Street address at which the organization is located.

telephoneNumber
Telephone number associated with the organization.

teletexTerminalIdentifier
Identifier for the teletex terminal of the organization.

telexNumber
Telex number of the organization.

userPassword
Password with which the entry can bind to the directory.

x121Address
X.121 address of the organization.

Attribute	Attribute Description
o	(Required) The organization's name.
businessCategory	Business in which the organization is involved.
description	Text description of the organization.
facsimileTelephoneNumber	Fax number associated with the organization.
l	The organization's location.
physicalDeliveryOfficeName	A location where physical deliveries can be made to the organization.
postalAddress	The organization's mailing address.
postalCode	The organization's postal code (such as a United States zip code).
postOfficeBox	The organization's post office box.
preferredDeliveryMethod	The organization's preferred method of contact or delivery.
searchGuide	Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation.
seeAlso	URL to information relevant to the organization.
st	State or province in which the organization resides.
street	Street address at which the organization is located.
telephoneNumber	Telephone number associated with the organization.
teletexTerminalIdentifier	Identifier for the teletex terminal of the organization.
telexNumber	Telex number of the organization.
userPassword	Password with which the entry can bind to the directory.
x121Address	X.121 address of the organization.

organizationalUnit

Defines entries that represent organizational units. An organizational unit is generally assumed to be a relatively static grouping within a larger organization. This object class was inherited from X.500 Directory Services.

OID: 2.5.6.5

Attribute	Attribute Description
ou	(Required) The organizational unit's name.
businessCategory	Business in which the organizational unit is involved.
description	Text description of the organizational unit.
destinationIndicator	The country and city associated with the organizational unit needed to provide Public Telegram Service.
facsimileTelephoneNumber	Fax number associated with the organizational unit.
internationalIsdnNumber	Contains an ISDN number for the organizational unit.
l	The organizational unit's location.
physicalDeliveryOfficeName	Location where physical deliveries can be made to the organizational unit.
postalAddress	The organizational unit's mailing address.
postalCode	The organizational unit's postal code (such as a United States zip code).
postOfficeBox	The organizational unit's post office box.
preferredDeliveryMethod	The organizational unit's preferred method of contact or delivery.
registeredAddress	Postal address suitable for reception of expedited documents, where the recipient must verify delivery.
searchGuide	Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation.
seeAlso	URL to information relevant to the organizational unit.
st	State or province in which the organizational unit resides.
street	Street address at which the organizational unit is located.
telephoneNumber	Telephone number associated with the organizational unit.
teletexTerminalIdentifier	Identifier for the teletex terminal of the organization.
telexNumber	Telex number of the organization.
userPassword	Password with which the entry can bind to the directory.
x121Address	X.121 address of the organization.

People

The following object classes describe entries representing people in the directory. Each object class contains attributes that describe a person, such as name, telephone number, and address. The object classes described here are inetOrgPerson, newPilotPerson, nsLicenseUser, ntUser, organizationalPerson, organizationalRole, person, and residentialPerson.

inetOrgPerson

Defines entries representing people in an organization's intranet. This object class is an extension to the standard LDAP schema.

OID: 2.16.840.1.113730.3.2.2

Attribute
Attribute Description

audio
Contains a sound file in binary format.

businessCategory
Business in which the person is involved.

carLicense
The license plate number of the person's vehicle.

departmentNumber
Department for which the person works.

employeeNumber
The person's employee number.

employeeType
The person's type of employment (for example, full time).

givenName
The person's given, or first, name.

homePhone
The person's home phone number.

homePostalAddress
The person's home mailing address.

initials
The person's initials.

jpegPhoto
An image in JPEG format.

labeledUri
Universal resource locator that is relevant to the person.

mail
The person's electronic mailing address.

manager
Distinguished name representing the person's manager.

mobile
The person's mobile phone number.

pager
The person's pager number.

photo
Contains a photo, in binary form.

preferredLanguage
Defines a person's preffered written or spoken language.

roomNumber
The room number in which the person is located.

secretary
The person's secretary or administrator.

uid
Identifies the entry's userid (usually the logon ID).

userCertificate
Contains a user's certificate in cleartext (not used).

userCertificate;binary
Contains a user's certificate in binary form.

userSMIMECertificate;binary
Contains a user's certificate in binary form. Used by Browser for S/MIME.

x500UniqueIdentifier
Undefined.

Attribute	Attribute Description
audio	Contains a sound file in binary format.
businessCategory	Business in which the person is involved.
carLicense	The license plate number of the person's vehicle.
departmentNumber	Department for which the person works.
employeeNumber	The person's employee number.
employeeType	The person's type of employment (for example, full time).
givenName	The person's given, or first, name.
homePhone	The person's home phone number.
homePostalAddress	The person's home mailing address.
initials	The person's initials.
jpegPhoto	An image in JPEG format.
labeledUri	Universal resource locator that is relevant to the person.
mail	The person's electronic mailing address.
manager	Distinguished name representing the person's manager.
mobile	The person's mobile phone number.
pager	The person's pager number.
photo	Contains a photo, in binary form.
preferredLanguage	Defines a person's preffered written or spoken language.
roomNumber	The room number in which the person is located.
secretary	The person's secretary or administrator.
uid	Identifies the entry's userid (usually the logon ID).
userCertificate	Contains a user's certificate in cleartext (not used).
userCertificate;binary	Contains a user's certificate in binary form.
userSMIMECertificate;binary	Contains a user's certificate in binary form. Used by Browser for S/MIME.
x500UniqueIdentifier	Undefined.

newPilotPerson

Used as a subclass of person, to allow the use of a number of additional attributes to be assigned to entries of the person object class. Reserved.

OID: 0.9.2342.19200300.100.4.4

Attribute
Attribute Description

businessCategory
Type of business this person is engaged in.

drink
The person's favorite drink.

homePhone
The person's home phone number.

homePostalAddress
The person's home address.

janetMailbox
An email address for the person.

mail
An email address for the person.

mailPreferenceOption
Indicates a preference for inclusion of the person's name on mailing lists (electronic or physical).

mobile
The person's mobile phone number.

organizationalStatus
The person's type of employment (for example, full time).

otherMailbox
Values for electronic mailbox types other than X.400 and rfc822.

pager
The person's pager number.

personalSignature
The person's signature file.

personalTitle
The person's personal title.

preferredDeliveryMethod
The person's preferred contact or delivery method.

roomNumber
Room number of the person.

secretary
Distinguished name of the person's secretary or administrative assistant.

textEncodedORAddress
Text-encoded Originator/Recipient (X.400) address of the person.

uid
Logon ID of the person.

userClass
Category of user.

Attribute	Attribute Description
businessCategory	Type of business this person is engaged in.
drink	The person's favorite drink.
homePhone	The person's home phone number.
homePostalAddress	The person's home address.
janetMailbox	An email address for the person.
mail	An email address for the person.
mailPreferenceOption	Indicates a preference for inclusion of the person's name on mailing lists (electronic or physical).
mobile	The person's mobile phone number.
organizationalStatus	The person's type of employment (for example, full time).
otherMailbox	Values for electronic mailbox types other than X.400 and rfc822.
pager	The person's pager number.
personalSignature	The person's signature file.
personalTitle	The person's personal title.
preferredDeliveryMethod	The person's preferred contact or delivery method.
roomNumber	Room number of the person.
secretary	Distinguished name of the person's secretary or administrative assistant.
textEncodedORAddress	Text-encoded Originator/Recipient (X.400) address of the person.
uid	Logon ID of the person.
userClass	Category of user.

nsLicenseUser

Object class used to track licenses for servers that are licensed on a per-client basis. nsLicenseUser is intended to be used with the inetOrgPerson object class. You can manage the contents of this object class through the Users and Groups area of the Administration Server. This object class is an extension to the standard LDAP schema.

OID: 2.16.840.1.113730.3.2.7

Attribute
Attribute Description

nsLicensedFor
server that the user is licensed to use.

nsLicenseEndTime
Reserved for future use.

nsLicenseStartTime
Reserved for future use.

Attribute	Attribute Description
nsLicensedFor	server that the user is licensed to use.
nsLicenseEndTime	Reserved for future use.
nsLicenseStartTime	Reserved for future use.

ntUser

Defines entries that are to be synchronized between the Directory Server and a Windows NT network. The attributes defined by ntUser assist in NT Synchronization. This object class is an extension to the standard LDAP schema.

OID: 2.16.840.1.113730.3.2.8

Note

All ntUser attributes are read-only, except for ntUserCreateNewAccount, ntUserDomainId, and ntUserDeleteAccount. Any modifications you make to read-only ntUser attributes will be deleted and the original values will be replaced when the next NT Synchronization occurs.

Several Directory Server attributes correspond directly to NT user account fields. When you create a new person entry in the Directory Server that is to be synchronized with NT, Directory Server attributes will be assigned to NT user account fields as follows:

Directory Server attribute
NT user account field

cn or commonName
full_name

description
comment

userid
name

userPassword
password

Directory Server attribute	NT user account field
cn or commonName	full_name
description	comment
userid	name
userPassword	password

Attribute
Attribute Description

description
Text description of the user.

l
The user's locality.

ou
The organizational unit to which the user belongs.

seeAlso
URL to information relevant to the user.

ntUserDomainId
(Required) Corresponding NT user name.

ntUserAcctExpires
Identifies when the user's NT account will expire.

ntUserAuthFlags
The user's privileges on the NT network.

ntUserBadPwCount
Number of times that a failed login attempt occurred in NT using the user's NT login ID.

ntUserCodePage
The user's code page.

ntUserComment
Description for the user's NT account.

ntUserCountryCode
The user's country code.

ntUserCreateNewAccount
Identifies whether an NT account should be created when this entry is created in the Directory Server.

ntUserDeleteAccount
Identifies whether the user's NT account should be deleted when this entry is deleted from the Directory Server.

ntUserFlags
Identifies various NT account flags.

ntUserHomeDir
Path to the user's home directory.

ntUserHomeDirDrive
Drive letter assigned to the user's home directory.

ntUserLastLogoff
Time of the user's last logoff from NT.

ntUserLastLogon
Time of the user's last logon to NT.

ntUserLogonHours
Times when the user is allowed to log on to NT.

ntUserLogonServer
Server to which the user's NT logon requests are sent.

ntUserMaxStorage
Maximum disk space available to the user under NT.

ntUserNumLogons
Number of successful logins to the user's NT account.

ntUserParms
Unicode string reserved for use by applications.

ntUserPasswordExpired
Identifies if the user's NT password has expired.

ntUserPrimaryGroupId
The user's primary global group.

ntUserPriv
User's level of privilege on the Windows NT Network.

ntUserProfile
Path to the user's NT profile.

ntUserScriptPath
Path to the user's NT login script.

ntUserUniqueId
Identifies the user's NT RID.

ntUserUnitsPerWeek
Value used to compute the user's NTUserLogonHours.

ntUserUsrComment
Comments regarding the user's NT entry.

ntUserWorkstations
NT workstations from which the user is allowed to log into the NT domain.

Attribute	Attribute Description
description	Text description of the user.
l	The user's locality.
ou	The organizational unit to which the user belongs.
seeAlso	URL to information relevant to the user.
ntUserDomainId	(Required) Corresponding NT user name.
ntUserAcctExpires	Identifies when the user's NT account will expire.
ntUserAuthFlags	The user's privileges on the NT network.
ntUserBadPwCount	Number of times that a failed login attempt occurred in NT using the user's NT login ID.
ntUserCodePage	The user's code page.
ntUserComment	Description for the user's NT account.
ntUserCountryCode	The user's country code.
ntUserCreateNewAccount	Identifies whether an NT account should be created when this entry is created in the Directory Server.
ntUserDeleteAccount	Identifies whether the user's NT account should be deleted when this entry is deleted from the Directory Server.
ntUserFlags	Identifies various NT account flags.
ntUserHomeDir	Path to the user's home directory.
ntUserHomeDirDrive	Drive letter assigned to the user's home directory.
ntUserLastLogoff	Time of the user's last logoff from NT.
ntUserLastLogon	Time of the user's last logon to NT.
ntUserLogonHours	Times when the user is allowed to log on to NT.
ntUserLogonServer	Server to which the user's NT logon requests are sent.
ntUserMaxStorage	Maximum disk space available to the user under NT.
ntUserNumLogons	Number of successful logins to the user's NT account.
ntUserParms	Unicode string reserved for use by applications.
ntUserPasswordExpired	Identifies if the user's NT password has expired.
ntUserPrimaryGroupId	The user's primary global group.
ntUserPriv	User's level of privilege on the Windows NT Network.
ntUserProfile	Path to the user's NT profile.
ntUserScriptPath	Path to the user's NT login script.
ntUserUniqueId	Identifies the user's NT RID.
ntUserUnitsPerWeek	Value used to compute the user's NTUserLogonHours.
ntUserUsrComment	Comments regarding the user's NT entry.
ntUserWorkstations	NT workstations from which the user is allowed to log into the NT domain.

organizationalPerson

Defines entries for people employed by or associated with an organization. The organizationalPerson object class is an extension of the person object class. This object class was inherited from X.500 Directory Services.

OID: 2.5.6.7

Attribute
Attribute Description

destinationIndicator
The country and city associated with the person needed to provide Public Telegram Service.

facsimileTelephoneNumber
The person's fax number.

internationalIsdnNumber
The person's ISDN number.

l
Location at which the person resides.

ou
Organizational unit to which the person belongs.

physicalDeliveryOfficeName
Location where physical deliveries can be made to this person.

postalAddress
The person's mailing address.

postalCode
The person's postal code (such as a United States zip code).

postOfficeBox
The person's post office box.

preferredDeliveryMethod
The person's preferred method of contact or delivery.

registeredAddress
Postal address suitable for reception of expedited documents, where the recipient must verify delivery.

st
State or province in which the person resides.

street
Street address at which the person is located.

teletexTerminalIdentifier
Identifier for the teletex terminal of the organization.

telexNumber
Telex number of the organization.

title
The person's job title.

x121Address
X.121 address of the organization.

Attribute	Attribute Description
destinationIndicator	The country and city associated with the person needed to provide Public Telegram Service.
facsimileTelephoneNumber	The person's fax number.
internationalIsdnNumber	The person's ISDN number.
l	Location at which the person resides.
ou	Organizational unit to which the person belongs.
physicalDeliveryOfficeName	Location where physical deliveries can be made to this person.
postalAddress	The person's mailing address.
postalCode	The person's postal code (such as a United States zip code).
postOfficeBox	The person's post office box.
preferredDeliveryMethod	The person's preferred method of contact or delivery.
registeredAddress	Postal address suitable for reception of expedited documents, where the recipient must verify delivery.
st	State or province in which the person resides.
street	Street address at which the person is located.
teletexTerminalIdentifier	Identifier for the teletex terminal of the organization.
telexNumber	Telex number of the organization.
title	The person's job title.
x121Address	X.121 address of the organization.

organizationalRole

Defines entries that represent roles held by people within an organization. This object class was inherited from X.500 Directory Services.

OID: 2.5.6.8

Attribute	Attribute Description
cn	(Required) The role's common name.
description	Text description of the role.
destinationIndicator	This attribute is used for telegram services to the person in this role.
facsimileTelephoneNumber	Fax number of the person in the role.
internationalIsdnNumber	ISDN number of the person in the role.
l	Location in which the person in the role resides.
ou	Organizational unit to which the person in the role belongs.
physicalDeliveryOfficeName	Location where physical deliveries can be made to the person in this role.
postalAddress	Business mailing address for the person in this role.
postalCode	Business postal code (such as a United States zip code) for the person in this role.
postOfficeBox	Business post office box for the person in this role.
preferredDeliveryMethod	Preferred method of contact or delivery of the person in this role.
registeredAddress	Postal address suitable for reception of expedited documents, where the recipient must verify delivery.
roleOccupant	Distinguished name of the person in this role.
seeAlso	URL to information relevant to the person in the role.
st	State or province in which the person in this role resides.
street	Street address at which the person in this role is located.
telephoneNumber	The person's telephone number.
teletexTerminalIdentifier	Identifier for the teletex terminal of the person in this role.
telexNumber	Telex number of the person in this role.
x121Address	X.121 address of the person in this role.

person

Defines entries that generically represent people. This object class is the base class for the organizationalPerson object class. This object class was inherited from X.500 Directory Services.

OID: 2.5.6.6

Attribute
Attribute Description

cn
(Required) The person's common name.

sn
(Required) The person's surname, or last name.

description
Text description of the person.

seeAlso
URL to information relevant to the person.

telephoneNumber
The person's telephone number.

userPassword
Password with which the person can bind to the directory.

Attribute	Attribute Description
cn	(Required) The person's common name.
sn	(Required) The person's surname, or last name.
description	Text description of the person.
seeAlso	URL to information relevant to the person.
telephoneNumber	The person's telephone number.
userPassword	Password with which the person can bind to the directory.

residentialPerson

Object class used by the Directory Server to contain a person's residential information. This object class was inherited from X.500 Directory Services.

OID: 2.5.6.10

Attribute
Attribute Description

l
(Required) Locality in which the person resides.

businessCategory
Business in which the person is involved.

destinationIndicator
This attribute is used for telegram services to this person.

facsimileTelephoneNumber
Fax number for the person.

internationalIsdnNumber
ISDN number of the person.

physicalDeliveryOfficeName
Location where physical deliveries can be made.

postalAddress
Business mailing address for the person.

postalCode
Business postal code (such as a United States zip code) for the person.

postOfficeBox
Business post office box for the person.

preferredDeliveryMethod
Preferred method of contact or delivery of the person.

registeredAddress
Postal address suitable for reception of expedited documents, where the recipient must verify delivery.

st
State or province in which the person resides.

street
Street address at which the person is located.

teletexTerminalIdentifier
Identifier for the teletex terminal of the person.

telexNumber
Telex number of the person.

x121Address
X.121 address of the person.

Attribute	Attribute Description
l	(Required) Locality in which the person resides.
businessCategory	Business in which the person is involved.
destinationIndicator	This attribute is used for telegram services to this person.
facsimileTelephoneNumber	Fax number for the person.
internationalIsdnNumber	ISDN number of the person.
physicalDeliveryOfficeName	Location where physical deliveries can be made.
postalAddress	Business mailing address for the person.
postalCode	Business postal code (such as a United States zip code) for the person.
postOfficeBox	Business post office box for the person.
preferredDeliveryMethod	Preferred method of contact or delivery of the person.
registeredAddress	Postal address suitable for reception of expedited documents, where the recipient must verify delivery.
st	State or province in which the person resides.
street	Street address at which the person is located.
teletexTerminalIdentifier	Identifier for the teletex terminal of the person.
telexNumber	Telex number of the person.
x121Address	X.121 address of the person.

Calendar Server Extensions

The following object classes are used by the Calendar Server. The object classes described here include netscapeCalendarServer, nsCalAdmin, nsCalResource, and nsCalUser.

netscapeCalendarServer

Object class used to store information about the Calendar Server in the directory. This object class is an extension to the standard LDAP schema. Reserved for future use.

OID: 2.16.840.1.113730.3.2.17

Attribute
Attribute Description

objectClass
(Required) Reserved.

Attribute	Attribute Description
objectClass	(Required) Reserved.

nsCalAdmin

Object class used by the Calendar Server to store information about the calendar server administrator in the directory. This object class is an extension to the standard LDAP schema.

OID: 2.16.840.1.113730.3.2.15

Attribute
Attribute Description

objectClass
(Required) Reserved.

cn
The administrator's common name.

facsimileTelephoneNumber
The administrator's fax number.

generationQualifier
Same as generation Qualifier in the Lightweight Internet Person Schema (LIPS).

givenName
The administrator's given, or first name.

initials
The administrator's initials.

nsCalAccess
Defines whether the administrator should be allowed or denied access to the calendar server.

nsCalAccessDomain
Internet domain or IP address from which the calendar administrator is allowed to access calendar data. This attribute is reserved for future use.

nsCalAdmd
X.400 Administration Management Domain Name of the administrator.

nsCalFlags
Reserved for future use.

nsCalHost
Hostname, or IP address, of the computer hosting the calendar administrator's information.

nsCalLanguageId
Language in which the administrator prefers to receive email.

nsCalNodeAlias
Mnemonic name of the node on which the administrator's data is stored.

nsCalOrgUnit2
X.400 Organization Unit 2 (OU2).

nsCalOrgUnit3
X.400 Organization Unit 3 (OU3).

nsCalOrgUnit4
X.400 Organization Unit 4 (OU4).

nsCalPasswordRequired
Specifies whether a calendar administrator must supply a password to access calendar data.

nsCalPrmd
X.400 Private Management Domain Name of the administrator.

nsCalServerVersion
Version number of the calendar server hosting the calendar administrator's data.

nsCalSysopCanWritePassword
Specifies if the calendar server administrator can overwrite user passwords.

nsCalXItemId
Identification number of the node on which the calendar administrator's data is stored.

ou
Organizational unit to which the administrator belongs.

postalAddress
The administrator's postal address.

sn
The administrator's surname or last name.

telephoneNumber
The administrator's telephone number.

userPassword
The administrator's password.

Attribute	Attribute Description
objectClass	(Required) Reserved.
cn	The administrator's common name.
facsimileTelephoneNumber	The administrator's fax number.
generationQualifier	Same as generation Qualifier in the Lightweight Internet Person Schema (LIPS).
givenName	The administrator's given, or first name.
initials	The administrator's initials.
nsCalAccess	Defines whether the administrator should be allowed or denied access to the calendar server.
nsCalAccessDomain	Internet domain or IP address from which the calendar administrator is allowed to access calendar data. This attribute is reserved for future use.
nsCalAdmd	X.400 Administration Management Domain Name of the administrator.
nsCalFlags	Reserved for future use.
nsCalHost	Hostname, or IP address, of the computer hosting the calendar administrator's information.
nsCalLanguageId	Language in which the administrator prefers to receive email.
nsCalNodeAlias	Mnemonic name of the node on which the administrator's data is stored.
nsCalOrgUnit2	X.400 Organization Unit 2 (OU2).
nsCalOrgUnit3	X.400 Organization Unit 3 (OU3).
nsCalOrgUnit4	X.400 Organization Unit 4 (OU4).
nsCalPasswordRequired	Specifies whether a calendar administrator must supply a password to access calendar data.
nsCalPrmd	X.400 Private Management Domain Name of the administrator.
nsCalServerVersion	Version number of the calendar server hosting the calendar administrator's data.
nsCalSysopCanWritePassword	Specifies if the calendar server administrator can overwrite user passwords.
nsCalXItemId	Identification number of the node on which the calendar administrator's data is stored.
ou	Organizational unit to which the administrator belongs.
postalAddress	The administrator's postal address.
sn	The administrator's surname or last name.
telephoneNumber	The administrator's telephone number.
userPassword	The administrator's password.

nsCalResource

Object class used by the Calendar Server to store information about calendar resources, such as conference rooms, in the directory. This object class is an extension to the standard LDAP schema.

OID: 2.16.840.1.113730.3.2.16

Attribute
Attribute Description

objectClass
(Required) Reserved.

cn
The resource's common name.

facsimileTelephoneNumber
Fax number associated with the resource.

nsCalAccess
Defines whether the resource should be allowed or denied access to the calendar server.

nsCalAccessDomain
Internet domain or IP address from which the calendar resource is allowed to access calendar data. This attribute is reserved for future use.

nsCalDefaultNoteReminder
Type (if any) of note reminder.

nsCalDefaultReminder
Type (if any) of event reminder.

nsCalDefaultTaskReminder
Type (if any) of task reminder.

nsCalDisplayPrefs
Display preferences for the resource.

nsCalFlags
Reserved for future use.

nsCalHost
Hostname, or IP address, of the computer hosting the calendar resource's information.

nsCalLanguageId
Language in which the person responsible for the resource prefers to receive email notification.

nsCalNodeAlias
Mnemonic name of the node on which the resource's data is stored.

nsCalNotifMechanism
Mechanism used to notify event attendees (usually email).

nsCalOperatingPrefs
Operating preferences for the resource. Reserved for future use.

nsCalPasswordRequired
Specifies whether a calendar user must supply a password to access calendar data about this resource.

nsCalRefreshPrefs
Defines whether the resource's preferences should be refreshed and how often.

nsCalResourceCapacity
Capacity of the resource, such as maximum room occupancy.

nsCalResourceNumber
The resource's identification number.

nsCalServerVersion
Version number of the calendar server hosting the calendar resource's data.

nsCalSysopCanWritePassword
Specifies if the calendar server administrator can overwrite the resource's password.

nsCalTimezone
The current timezone in which the resource is located.

nsCalXItemId
Identification number of the node on which the calendar resource's data is stored.

postalAddress
Postal address of the resource.

telephoneNumber
The resource's telephone number.

userPassword
Reserved for future use.

Attribute	Attribute Description
objectClass	(Required) Reserved.
cn	The resource's common name.
facsimileTelephoneNumber	Fax number associated with the resource.
nsCalAccess	Defines whether the resource should be allowed or denied access to the calendar server.
nsCalAccessDomain	Internet domain or IP address from which the calendar resource is allowed to access calendar data. This attribute is reserved for future use.
nsCalDefaultNoteReminder	Type (if any) of note reminder.
nsCalDefaultReminder	Type (if any) of event reminder.
nsCalDefaultTaskReminder	Type (if any) of task reminder.
nsCalDisplayPrefs	Display preferences for the resource.
nsCalFlags	Reserved for future use.
nsCalHost	Hostname, or IP address, of the computer hosting the calendar resource's information.
nsCalLanguageId	Language in which the person responsible for the resource prefers to receive email notification.
nsCalNodeAlias	Mnemonic name of the node on which the resource's data is stored.
nsCalNotifMechanism	Mechanism used to notify event attendees (usually email).
nsCalOperatingPrefs	Operating preferences for the resource. Reserved for future use.
nsCalPasswordRequired	Specifies whether a calendar user must supply a password to access calendar data about this resource.
nsCalRefreshPrefs	Defines whether the resource's preferences should be refreshed and how often.
nsCalResourceCapacity	Capacity of the resource, such as maximum room occupancy.
nsCalResourceNumber	The resource's identification number.
nsCalServerVersion	Version number of the calendar server hosting the calendar resource's data.
nsCalSysopCanWritePassword	Specifies if the calendar server administrator can overwrite the resource's password.
nsCalTimezone	The current timezone in which the resource is located.
nsCalXItemId	Identification number of the node on which the calendar resource's data is stored.
postalAddress	Postal address of the resource.
telephoneNumber	The resource's telephone number.
userPassword	Reserved for future use.

nsCalUser

Object class used by the Calendar Server to store information about calendar users in the directory. This object class is an extension to the standard LDAP schema.

OID: 2.16.840.1.113730.3.2.14

Attribute
Attribute Description

objectClass
(Required) Reserved.

generationQualifier
Same as generation Qualifier in the Lightweight Internet Person Schema (LIPS).

nsCalAccess
Defines whether the user should be allowed or denied access to the calendar server.

nsCalAccessDomain
Internet domain or IP address from which the calendar user is allowed to access calendar data. This attribute is reserved for future use.

nsCalAdmd
X.400 Administration Management Domain Name of the user.

nsCalDefaultNoteReminder
Type (if any) of note reminder.

nsCalDefaultReminder
Type (if any) of event reminder.

nsCalDefaultTaskReminder
Type (if any) of task reminder.

nsCalDisplayPrefs
Display preferences for the user.

nsCalFlags
Reserved for future use.

nsCalHost
Hostname, or IP address, of the computer hosting the calendar user's information.

nsCalLanguageId
Language in which the user prefers to receive email.

nsCalNodeAlias
Mnemonic name of the node on which the user's data is stored.

nsCalNotifMechanism
Mechanism used to notify event attendees (usually email).

nsCalOperatingPrefs
Operating preferences for the user. Reserved for future use.

nsCalOrgUnit2
X.400 Organization Unit 2 (OU2).

nsCalOrgUnit3
X.400 Organization Unit 3 (OU3).

nsCalOrgUnit4
X.400 Organization Unit 4 (OU4).

nsCalPasswordRequired
Specifies whether the user must supply a password to access calendar data.

nsCalPrmd
X.400 Private Management Domain Name of the user.

nsCalRefreshPrefs
Defines whether the user's calendar information should be refreshed and how often.

nsCalServerVersion
Version number of the calendar server hosting the calendar user's data.

nsCalSysopCanWritePassword
Specifies if the calendar server administrator can overwrite the user's password.

nsCalTimezone
The user's current timezone.

nsCalXItemId
Identification number of the node on which the calendar user's data is stored.

Attribute	Attribute Description
objectClass	(Required) Reserved.
generationQualifier	Same as generation Qualifier in the Lightweight Internet Person Schema (LIPS).
nsCalAccess	Defines whether the user should be allowed or denied access to the calendar server.
nsCalAccessDomain	Internet domain or IP address from which the calendar user is allowed to access calendar data. This attribute is reserved for future use.
nsCalAdmd	X.400 Administration Management Domain Name of the user.
nsCalDefaultNoteReminder	Type (if any) of note reminder.
nsCalDefaultReminder	Type (if any) of event reminder.
nsCalDefaultTaskReminder	Type (if any) of task reminder.
nsCalDisplayPrefs	Display preferences for the user.
nsCalFlags	Reserved for future use.
nsCalHost	Hostname, or IP address, of the computer hosting the calendar user's information.
nsCalLanguageId	Language in which the user prefers to receive email.
nsCalNodeAlias	Mnemonic name of the node on which the user's data is stored.
nsCalNotifMechanism	Mechanism used to notify event attendees (usually email).
nsCalOperatingPrefs	Operating preferences for the user. Reserved for future use.
nsCalOrgUnit2	X.400 Organization Unit 2 (OU2).
nsCalOrgUnit3	X.400 Organization Unit 3 (OU3).
nsCalOrgUnit4	X.400 Organization Unit 4 (OU4).
nsCalPasswordRequired	Specifies whether the user must supply a password to access calendar data.
nsCalPrmd	X.400 Private Management Domain Name of the user.
nsCalRefreshPrefs	Defines whether the user's calendar information should be refreshed and how often.
nsCalServerVersion	Version number of the calendar server hosting the calendar user's data.
nsCalSysopCanWritePassword	Specifies if the calendar server administrator can overwrite the user's password.
nsCalTimezone	The user's current timezone.
nsCalXItemId	Identification number of the node on which the calendar user's data is stored.

Certificate Server Extensions

This section describes the netscapeCertificateServer object class used by the Certificate Server.

netscapeCertificateServer

Object class used to store information about the Certificate Server in the directory. This object class is an extension to the standard LDAP schema. Reserved for future use.

OID: 2.16.840.1.113730.3.2.18

Attribute
Attribute Description

objectClass
(Required) Reserved.

Attribute	Attribute Description
objectClass	(Required) Reserved.

News Server Extensions

The object classes in this section are used by the News Server. The object classes described here include netscapeNewsServer and nginfo.

netscapeNewsServer

Object class used to store information about the News Server in the directory. This object class is an extension to the standard LDAP schema. Reserved for future use.

OID: 2.16.840.1.113730.3.2.27

Attribute
Attribute Description

objectClass
(Required) Reserved.

Attribute	Attribute Description
objectClass	(Required) Reserved.

nginfo

Object class used by the News Server to store discussion (news) group information. This object class is an extension to the standard LDAP schema.

OID: 2.16.840.1.113730.3.2.26

Object classes of this type are stored in a separate subtree under ou=Netscape Servers. The branch point is represented by the ngcomponent=. entry. Thus, if your directory's suffix is o=Example.com, then all discussion group information is stored in the subtree:


ngcomponent=., o=Example.com

This subtree and it's contents are written to the directory by the Collabra server. The structure of this tree, the format and usage of the nginfo object class, and the format and usage of the nginfo attributes are subject to change without notice.

Attribute
Attribute Description

ngcomponent
(Required) A single part of the discussion group's name.

objectClass
(Required) Reserved.

description
Text description of the discussion group.

nsaclrole
Access permissions set for the various Collabra roles.

nscreator
User ID of the discussion group's creator.

nsflags
Reserved for future use.

nsnewsACL
Access control set for the discussion group.

nsprettyname
The discussion group's name.

subtreeACI
Reserved.

Compass Server Extensions

The object classes in this section are used by the Compass Server. The object classes described here include netscapeCompassServer, personalInterestProfile, PIPUser, and PIPUserInfo.

Directory Server Extensions

The following object classes are used by the Directory Server. The object classes described here include changeLogEntry, cirReplicaSource, groupOfCertificates, residentialPerson, netscapeMachineData, netscapeServer, nsLicenseUser, NTGroup, passwordObject, passwordPolicy, referral, and subschema.

changeLogEntry

Object class used by the Directory Server to represent a change made to its directory. This object class is an extension to the standard LDAP schema.

OID: 2.16.840.1.113730.3.2.1

Attribute
Attribute Description

changeNumber
(Required) Arbitrarily assigned number to the changelog.

changeTime
(Required) The time a change took place.

changeType
(Required) Type of change performed on an entry.

targetDn
(Required) Distinguished name of an entry that was added, modified, or deleted on a supplier server.

changes
Changes made to a Directory Server.

deleteOldRdn
A flag that defines whether the old Relative Distinguished Name (RDN) of the entry should be retained as a distinguished attribute of the entry, or should be deleted.

filterInfo
Reserved for future use.

newRdn
New RDN of an entry that is the target of a modRDN or modDN operation.

newSuperior
Name of the entry that becomes the immediate superior of the existing entry, when processing a modDN operation.

groupOfCertificates

Object class used by the Directory Server to contain information about a group of X.509 certificates. Any certificate that matches the values in memberCertificateDescription is considered to be a member of the group. This object class is an extension to the standard LDAP schema.

OID: 2.16.840.1.113730.3.2.31

Attribute
Attribute Description

cn
(Required) The group's common name.

businessCategory
Business in which the group is involved.

description
Freeform description of the group.

memberCertificateDescription
Values used to determine if a particular certificate is a member of this group.

o
Organization that controls the group of certificates.

ou
Organizational unit to which the group belongs.

owner
The group's owner.

seeAlso
URL to information relevant to the group.

netscapeDirectoryServer

Object class used to store information about the Directory Server in the directory. This object class is an extension to the standard LDAP schema. Reserved for future use.

OID: 2.16.840.1.113730.3.2.23

Attribute
Attribute Description

objectClass
(Required) Reserved.

netscapeMachineData

Object class used by the Directory Server to distinguish between machine data and non-machine data. Machine data is filtered out during replication. This object class is an extension to the standard LDAP schema. Reserved.

OID: 2.16.840.1.113730.3.2.32

netscapeServer

Object class that identifies entries used by servers when they bind to the directory. This object class is an extension to the standard LDAP schema.

OID: 2.16.840.1.113730.3.2.10

Attribute
Attribute Description

cn
(Required) The server's common name.

administratorContactInfo
URL to information relevant to the person responsible for administering the server.

adminUrl
URL to the administration server under which the server is running.

description
Text description of the server.

installationTimeStamp
Time when the server was installed.

serverHostName
Hostname on which the server is installed.

serverProductName
Server's product name.

serverRoot
Path to the server's installation root.

serverVersionNumber
Server's version number.

userPassword
Contains a password for the server.

passwordObject

Object class that contains password information for a user in the directory. This object class is an extension to the standard LDAP schema.

OID: 2.16.840.1.113730.3.2.12

Attribute
Attribute Description

objectClass
(Required) Reserved.

accountUnlockTime
When the user account will be unlocked.

passwordExpirationTime
When the user's password expires.

passwordExpWarned
Used by the Directory Server to keep track of password expiration warnings sent to a user.

passwordHistory
Password history of the user.

passwordRetryCount
Password failure count for the user.

retryCountResetTime
Describes when the passwordRetryCount should be reset to zero (0).

passwordPolicy

Object class that contains the password policy for all users in the entire directory. This object class is an extension to the standard LDAP schema.

OID: 2.16.840.1.113730.3.2.13

Attribute
Attribute Description

objectClass
(Required) Reserved.

passwordChange
Defines whether users must, may, or cannot change passwords.

passwordCheckSyntax
Defines whether or not a syntax check is performed on user passwords.

passwordExp
Defines whether or not user passwords expire.

passwordInHistory
If password histories are being kept, this attribute defines how many passwords to keep in the history list.

passwordKeepHistory
Defines whether or not a history of user passwords should be saved.

passwordLockout
Defines whether or not users should be locked out after using an incorrect password a specified number of times.

passwordLockoutDuration
Defines how long users should be locked out after a specified number of retries.

passwordMaxAge
Defines how long passwords can be used before they expire.

passwordMaxFailure
Maximum number of retries allowed before a user is locked out.

passwordMinLength
Defines the minimum number of characters allowed in user passwords.

passwordResetDuration
Specifies how much time passes between the server locking a user out and resetting the retry count to zero.

passwordUnlock
Defines whether or not users should be locked out forever after a specified number of retries.

passwordWarning
Specifies how much time prior to password expiration to send a warning to the user.

referral

Object class that allows smart referrals to be placed in an entry. This object class is an extension to the standard LDAP schema.

OID: 2.16.840.1.113730.3.2.6

Attribute
Attribute Description

ref
LDAP URL in the format
ldap://servername:portnumber/dn.

subschema

Object class that contains all the attributes and object classes for a given Directory Server. This object class was inherited from X.500 Directory Services. Reserved for use by the Directory Server.

OID: 2.5.20.1

Attribute
Attribute Description

attributeTypes
Attribute types used within a subschema.

dITContentRules
Defines directory tree content rules used within a subschema.

dITStructureRules
Defines directory tree structure rules used in a subschema.

matchingRules
Defines matching rules used in a subschema.

matchingRuleUse
Identifies the attribute types to which a matching rule applies in a subschema.

nameForms
Defines the name forms used in a subschema.

objectClasses
Defines the object classes used in a subschema.

Media Server Extensions

This section describes the netscapeMediaServer object class used by the Media Server.

netscapeMediaServer

Object class used to store information about the Media Server in the directory. This object class is an extension to the standard LDAP schema. Reserved for future use.

OID: 2.16.840.1.113730.3.2.25

Attribute
Attribute Description

objectClass
(Required) Reserved.

Messaging Server Extensions

The following object classes are used by the Messaging Server. The object classes described here include groupOfMailEnhancedUniqueNames, mailRecipient, mailGroup,and netscapeMailServer.

groupOfMailEnhancedUniqueNames

This is an extension used by the Messaging Server to store information about a mail group. This object class is an extension to the standard LDAP schema. Reserved for future use.

OID: 2.16.840.1.113730.3.2.5

Attribute
Attribute Description

cn
(Required) The group's common name.

objectClass
(Required) Reserved.

businessCategory
Business in which the mail group is involved.

description
Text description of the group.

mailEnhancedUniqueMember
Reserved for future use.

o
Organization to which the group belongs.

ou
Organizational unit to which the group belongs.

owner
The group's owner.

seeAlso
URL to information relevant to the group.

mailRecipient

Object class used as an enhancement to inetOrgPerson to define a Messaging Server user. That is, mailRecipient represents a mail account. This object class is an extension to the standard LDAP schema.

OID: 2.16.840.1.113730.3.2.3

Attribute
Attribute Description

cn
(Required) The user's common name.

mail
The user's electronic mailing address.

mailAccessDomain
Domain from which the mail user can login to obtain mail.

mailAlternateAddress
Alternate mail address for the user. More than one alternate address is acceptable.

mailAutoReplyMode
Auto reply mode set for the mail user.

mailAutoReplyText
Text sent when autoreplying to mail sent to the user.

mailDeliveryOption
Mail delivery mechanism to be used for the mail user.

mailForwardingAddress
Mail address to which the user's mail should be forwarded.

mailHost
Host on which the user's mail account resides.

mailMessageStore
Path to the directory containing the user's mail box.

mailProgramDeliveryInfo
Commands used for programmed mail delivery.

mailQuota
Maximum disk space allowed for the user's mail box.

multiLineDescription
Descriptive text about the mail user.

uid
Mail user's user ID.

userPassword
Password with which the mail user can bind to the directory.

Object class used as an enhancement to groupOfUniqueNames to define a group of mail recipients. That is, mailGroup is used to store Messaging Server mailing lists. This object class is an extension to the standard LDAP schema.

OID: 2.16.840.1.113730.3.2.4

Attribute
Attribute Description

mail
(Required) The group's electronic mailing address.

objectClass
(Required) Reserved.

cn
The group's common name.

mailAlternateAddress
Alternate mail address for the group.

mailHost
Host on which the group's mail account resides.

mgrpAllowedBroadcaster
URL identifying a mail user that is allowed to send mail to the mail group.

mgrpAllowedDomain
Domain from which users can send mail to the mail group.

mgrpDeliverTo
Alternative method of identifying members of the mail group.

mgrpErrorsTo
Mailing address to which mail delivery error messages are sent.

mgrpModerator
Mailing address to which rejected mail messages are sent.

mgrpMsgMaxSize
Maximum message size that can be sent to the mail group.

mgrpMsgRejectAction
Specifies the action to the taken in the event that mail sent to the mail group is rejected.

mgrpMsgRejectText
Text to be sent in the event that mail sent to the mail group is rejected.

mgrpRFC822MailMember
Recipient of mail that is sent to the mail group, but who is not in actuality a member of the mail group.

owner
Distinguished name of the mail group's owner.

netscapeMailServer

Object class used to store information about the Messaging Server in the directory. This object class is an extension to the standard LDAP schema. Reserved for future use.

OID: 2.16.840.1.113730.3.2.24

Attribute
Attribute Description

objectClass
(Required) Reserved.

Proxy Server Extensions

This section describes the netscapeProxyServer object class used by the Proxy Server.

netscapeProxyServer

Object class used to store information about the Proxy Server in the directory. This object class is an extension to the standard LDAP schema. Reserved for future use.

OID: 2.16.840.1.113730.3.2.28

Attribute
Attribute Description

objectClass
(Required) Reserved.

Web Server Extensions

This section describes the netscapeWebServer object class used by Web servers.

netscapeWebServer

Object class used to store information about a web server in the directory. This object class is an extension to the standard LDAP schema. Reserved for future use.

OID: 2.16.840.1.113730.3.2.29

Attribute
Attribute Description

objectClass
(Required) Reserved.

Reserved Object Classes

This section describes object classes that are not defined for this release or are reserved for future use by the Directory Server.

account

Reserved.

OID: 0.9.2342.19200300.100.4.5

Attribute
Attribute Description

uid
(Required) The account's user ID.

description
Text description of the account.

host
Hostname of the computer on which the account resides.

l
Locality in which the account resides.

o
Organization to which the account belongs.

ou
Organizational unit to which the account belongs.

seeAlso
URL to information relevant to the account.

alias

Object class used to point to other entries in the directory tree. This object class was inherited from X.500 Directory Services. Reserved.

OID: 2.5.6.1

Attribute
Attribute Description

aliasedObjectName
(Required) Distinguished name of the entry for which this entry is an alias.

applicationEntity

Object class used to represent application entities in the directory. This object class was inherited from X.500 Directory Services. Reserved.

OID: 2.5.6.12

Attribute
Attribute Description

presentationAddress
(Required) OSI presentation address of the entity.

cn
(Required) Common name of the entity.

description
Text description of the entity.

l
Locality in which the entity resides.

o
Organization to which the entity belongs.

ou
Organizational unit to which the entity belongs.

seeAlso
URL to information relevant to the entity.

supportedApplicationContext
Identifiers of OSI application contexts.

applicationProcess

Object class used to define entries representing application processes in the directory. This object class was inherited from X.500 Directory Services. Reserved.

OID: 2.5.6.11

Attribute
Attribute Description

cn
(Required) Common name of the process.

description
Text description of the process.

l
Locality in which the process resides.

ou
Organizational unit to which the process belongs.

seeAlso
URL to information relevant to the process.

cacheObject

Object class that allows an entry to contain the timeToLive (ttl) attribute.

OID: 1.3.6.1.4.1.250.3.18

Attribute
Attribute Description

ttl
Time, in seconds, that cached information about an entry should be considered valid.

certificationAuthority

Object class used to store information about Certificate Authorities (CAs) in the directory. This object class was inherited from X.500 Directory Services. Reserved.

OID: 2.5.6.16

Attribute
Attribute Description

cACertificate;binary
(Required) Certificate, in binary form, from a certification authority.

authorityRevocationList;binary
List, in binary form, of CA certificates that have been revoked and are no longer considered valid or secure.

certificateRevocationList;binary
List, in binary form, of user certificates that have been revoked.

crossCertificatePair;binary
Reserved for future use.

dcObject

Object class that allows domain components to be defined for an entry. This object class is defined as auxiliary because it is commonly used in combination with another object class, such as organization, organizationalUnit, or locality. For example,


dn: dc=example,dc=com
objectClass: top
objectClass: organization
objectClass: dcObject
dc: example
o: Example Corp.

OID: 1.3.6.1.4.1.1466.344

Attribute
Attribute Description

dc
(Required) Domain component of the entry.

device

Object class used to store information about network devices, such as printers, in the directory. This object class was inherited from X.500 Directory Services. Reserved.

OID: 2.5.6.14

Attribute
Attribute Description

cn
(Required) Common name of the device.

description
Text description of the device.

l
Locality in which the device resides.

o
Organization to which the device belongs.

ou
Organizational unit to which the device belongs.

owner
Distinguished name of the person responsible for the device.

seeAlso
URL to information relevant to the device.

serialNumber
Serial number of the device.

DNSDomain

Object class used as a subclass of domain to store DNS resource records in the directory. Reserved.

OID: 0.9.2342.19200300.100.4.15

Attribute
Attribute Description

dNSRecord
DNS resource records.

document

Used to define entries which represent documents in the directory. Reserved.

OID: 0.9.2342.19200300.100.4.6

Attribute
Attribute Description

documentIdentifier
(Required) Unique identifier for a document.

abstract
Abstract of the document.

authorCn
Author's common, or given, name.

authorSn
The author's surname.

cn
Common name of the document.

description
Text description of the description.

documentAuthor
Distinguished name of the document author.

documentLocation
Location of the original document.

documentPublisher
Person or organization that published the document.

documentStore
Not defined.

documentTitle
The document's title.

documentVersion
The document's version number.

keyWords
Keywords that describe the document.

l
Locality in which the document resides.

o
Organization to which the document belongs.

obsoletedByDocument
Distinguished name of a document that obsoletes this document.

obsoletesDocument
Distinguished name of a document that is obsoleted by this document.

ou
Organizational unit to which the document belongs.

seeAlso
URL to information relevant to the document.

subject
Subject of the document.

updatedByDocument
Distinguished name of a document that is an updated version of this document.

updatesDocument
Distinguished name of a document for which this document is an updated version.

documentSeries

Used to define an entry that represents a series of documents. Reserved.

OID: 0.9.2342.19200300.100.4.9

Attribute
Attribute Description

cn
(Required) The common name of the series.

description
Text description of the series.

l
Locality in which the series resides.

o
Organization to which the series belongs.

ou
Organizational unit to which the series belongs.

seeAlso
URL to information relevant to the series.

telephoneNumber
Telephone number of the person responsible for the series.

domain

Object class used to define entries that represent DNS domains in the directory. The domainComponent attribute should be used for naming entries of this object class. Reserved.

OID: 0.9.2342.19200300.100.4.13

domainRelatedObject

Object class used to define entries that represent a DNS domain that is equivalent to an X.500 domain, usually an organization or organizational unit. Reserved.

OID: 0.9.2342.19200300.100.4.17

Attribute
Attribute Description

associatedDomain
DNS domain associated with an object in the directory tree.

dSA

Object class used to define entries representing DSAs in the directory. This object class was inherited from X.500 Directory Services. Reserved.

OID: 2.5.6.13

Attribute
Attribute Description

knowledgeInformation
This attribute is no longer used.

friendlyCountry

Object class used to define country entries in the directory tree. This object class is used to allow more user-friendly country names than those allowed by the country object class. Reserved.

OID: 0.9.2342.19200300.100.4.18

Attribute
Attribute Description

co
Contains the name of a country.

labeledURIObject

This object class can be added to existing directory objects to allow for inclusion of URI values. This approach does not preclude including the labeledURI attribute type directly in other object classes as appropriate. Reserved.

OID: 1.3.6.1.4.1.250.3.15

Attribute
Attribute Description

labeledUri
A Uniform Resource Identifier (URI) that is relevant to the entry.

pilotObject

Object class used as a subclass to allow additional attributes to be assigned to entries of all other object classes. Reserved.

OID: 0.9.2342.19200300.100.4.3

Attribute
Attribute Description

audio
Sound file.

ditRedirect
Distinguished name to use as a redirect for the entry.

info
Information about the object.

jpegPhoto
Photo in jpeg format.

lastModifiedBy
Distinguished name of the last user to modify the object.

lastModifiedTime
Last time the object was modified.

manager
Distinguished name of the object's manager.

photo
Photo of the object.

uniqueIdentifier
Specific item used to distinguish between two entries when a distinguished name has been reused.

pilotOrganization

Object class used as a subclass to allow additional attributes to be assigned to organization and organizationalUnit object class entries. Reserved.

OID: 0.9.2342.19200300.100.4.20

Attribute
Attribute Description

o
(Required) Organization to which the entry belongs.

ou
(Required) Organizational unit to which the entry belongs.

buildingName
Name of the building in which the entry resides.

businessCategory
Type of business this entry is engaged in.

description
Text description of the entry.

destinationIndicator
This attribute is used for telegram services to this entry.

facsimileTelephoneNumber
Fax number associated with the entry.

internationalIsdnNumber
ISDN number associated with the entry.

l
Locality in which the entry resides.

physicalDeliveryOfficeName
Location where physical deliveries can be made to this entry.

postalAddress
Business mailing address for the entry.

postalCode
Business postal code (such as a United States zip code) for the entry.

postOfficeBox
Business post office box for the entry.

preferredDeliveryMethod
Preferred method of contact or delivery of the entry.

registeredAddress
Postal address suitable for reception of expedited documents, where the recipient must verify delivery.

searchGuide
Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation.

seeAlso
URL to information relevant to the entry.

st
State or province in which the entry resides.

street
Street address at which the entry is located.

telephoneNumber
Telephone number associated with the entry.

teletexTerminalIdentifier
Identifier for the teletex terminal of the entry.

telexNumber
Telex number of the entry.

userPassword
The entry's password and encryption method.

x121Address
X.121 address of the entry.

RFC822LocalPart

Object class used to define entries that represent the local part of RFC822 mail addresses. The directory treats this part of an RFC822 address as a domain. Reserved.

OID: 0.9.2342.19200300.100.4.14

Attribute
Attribute Description

cn
Common, or given name of the entry.

sn
Surname of the entry.

room

Object class used to store information about a room in the directory. Reserved.

OID: 0.9.2342.19200300.100.4.7

Attribute
Attribute Description

cn
(Required) Common name of the room.

description
Text description of the room.

roomNumber
The room's number.

seeAlso
URL to information relevant to the room.

telephoneNumber
The room's telephone number.

simpleSecurityObject

Object class used to allow an entry to contain the userPassword attribute when an entry's principal object classes do not allow userPassword as an attribute type. Reserved.

OID: 0.9.2342.19200300.100.4.19

Attribute
Attribute Description

userPassword
(Required) The entry's password and encryption method.

strongAuthenticationUser

Object class used to store information about clients and certificates in the directory. This object class was inherited from X.500 Directory Services. Reserved.

OID: 2.5.6.15

Attribute
Attribute Description

userCertificate
Not used.

userCertificate;binary
(Required) User's certificate in binary form.

top

Object class used as a superclass for all other object classes in the directory. This object class was inherited from X.500 Directory Services. Reserved.

OID: 2.5.6.0

Attribute
Attribute Description

objectClass
(Required) Mandatory attribute for all object classes.

aci
Stores the Directory Server access control information for this entry.

Attribute	Attribute Description
ngcomponent	(Required) A single part of the discussion group's name.
objectClass	(Required) Reserved.
description	Text description of the discussion group.
nsaclrole	Access permissions set for the various Collabra roles.
nscreator	User ID of the discussion group's creator.
nsflags	Reserved for future use.
nsnewsACL	Access control set for the discussion group.
nsprettyname	The discussion group's name.
subtreeACI	Reserved.

Attribute	Attribute Description
objectClass	(Required) Reserved.
pipuid	(Required) User ID of the person to whom this profile belongs.
pipuniqueid	Unique ID of the user to whom this profile belongs.
pipstatus	Defines whether the profile is enabled or disabled.
pipusertype	Type of user to whom this profile belongs.
pipstfrequency	Describes how often the user receives "My Compass" newsletters with category updates.
pipmedium	Medium used to send information to the user about updates on free text search profiles.
pipformat	Format of the free text search profile update sent to the user.
pipfrequency	Attribute used by the compass server to describe how often a user receives "My Compass" newsletters with free text search updates.
piphour	Hours during the day that the user receives free text search profile updates.
pipmaxhits	Maximum number of documents returned for each free text search profile update.
pipresultset	List of attributes about which the user wants to receive updates.
pipsortorder	Sort order of the information in the summary report of the free text search profile update.
piptimestamp	Date the free text search profile was last updated for this user.
pipirlist	Domains and newsgroups the user wishes to monitor.
pipiroption	Defines whether or not all entries in pipirlist should be updated or excluded from updates.
pippwp	Address of the Personal Web Page (PWP) database.
piplastcount	Number of matches that occurred during the last update.
piptotalcount	Number of matches that occurred during all updates to date.
piptotalrun	Total number of updates to date.
pipnotify	Undefined.
pipprivilege	Undefined.
pipgroup	Undefined.
pipidstcount	Last unique ID used by the user.
pipstid	Unique ID of a search topic included in the profile.
pipstname	Arbitrary name created by the user to describe a search topic.
pipstquery	Undefined.
pipsttaxonomy	Taxonomy ID of a search topic.
pipstinterest	Describes the importance to the user of each individual search topic.
pipsttype	Defines whether a search is a category search or a free text search.
pipstprivacy	Defines whether queries of this entry should be allowed or disallowed.
pipststatus	Status of the personal interest profile.
pipstlastcount	Number of category matches during the last update.
pipsttotalcount	Number of category matches to date.
pipsttotalrun	Number of category search updates performed to date.
pipstcategory	Categories or search strings the user is interested in.
pipstfrequency	Frequency that the user receives category update alerts.
pipstmedium	Medium used to send information to the user about updates on category search profiles.
pipstformat	Format of the category search profile update sent to the user.
pipsthour	Hours during the day that the user receives free category profile updates.
pipstmaxhits	Maximum number of documents returned for each category search profile update.
pipstresultset	List of categories about which the user wants to receive updates.
pipstsortorder	Sort order of the information in the summary report of the category search profile update.
pipsttimestamp	Date the category search profile was last updated for this user.
pipstirlist	Domains and newsgroups the user wants to monitor.
pipstiroption	Defines whether or not all entries in pipstirlist will be updated or excluded from category updates.
pipreservedces1	Reserved for future use.
pipreservedces2	Reserved for future use.
pipreservedces3	Reserved for future use.
pipreservedcis1	Reserved for future use.
pipreservedcis2	Reserved for future use.
pipreservedcis3	Reserved for future use.
pipreservedcis4	Reserved for future use.
pipreservedcis5	Reserved for future use.
pipreservedcis6	Reserved for future use.

Attribute	Attribute Description
objectClass	(Required) Reserved.
pipcompassservers	Reserved for future use.
pipreservedces1	Reserved for future use.
pipreservedces2	Reserved for future use.
pipreservedces3	Reserved for future use.
pipreservedcis1	Reserved for future use.
pipreservedcis2	Reserved for future use.
pipreservedcis3	Reserved for future use.
pipreservedcis4	Reserved for future use.
pipreservedcis5	Reserved for future use.
pipreservedcis6	Reserved for future use.
pipuniqueid	Unique ID of the user.

Attribute	Attribute Description
cn	(Required) The user's common name.
objectClass	(Required) Reserved.
description	Freeform description of the user.
mail	Email address of the user.
pipcompassservers	Reserved for future use.
pipuniqueid	Unique ID of the user.
userPassword	The user's password.

Attribute	Attribute Description
changeNumber	(Required) Arbitrarily assigned number to the changelog.
changeTime	(Required) The time a change took place.
changeType	(Required) Type of change performed on an entry.
targetDn	(Required) Distinguished name of an entry that was added, modified, or deleted on a supplier server.
changes	Changes made to a Directory Server.
deleteOldRdn	A flag that defines whether the old Relative Distinguished Name (RDN) of the entry should be retained as a distinguished attribute of the entry, or should be deleted.
filterInfo	Reserved for future use.
newRdn	New RDN of an entry that is the target of a modRDN or modDN operation.
newSuperior	Name of the entry that becomes the immediate superior of the existing entry, when processing a modDN operation.

Attribute	Attribute Description
cn	(Required) The group's common name.
businessCategory	Business in which the group is involved.
description	Freeform description of the group.
memberCertificateDescription	Values used to determine if a particular certificate is a member of this group.
o	Organization that controls the group of certificates.
ou	Organizational unit to which the group belongs.
owner	The group's owner.
seeAlso	URL to information relevant to the group.

Attribute	Attribute Description
cn	(Required) The server's common name.
administratorContactInfo	URL to information relevant to the person responsible for administering the server.
adminUrl	URL to the administration server under which the server is running.
description	Text description of the server.
installationTimeStamp	Time when the server was installed.
serverHostName	Hostname on which the server is installed.
serverProductName	Server's product name.
serverRoot	Path to the server's installation root.
serverVersionNumber	Server's version number.
userPassword	Contains a password for the server.

Attribute	Attribute Description
objectClass	(Required) Reserved.
accountUnlockTime	When the user account will be unlocked.
passwordExpirationTime	When the user's password expires.
passwordExpWarned	Used by the Directory Server to keep track of password expiration warnings sent to a user.
passwordHistory	Password history of the user.
passwordRetryCount	Password failure count for the user.
retryCountResetTime	Describes when the passwordRetryCount should be reset to zero (0).

Attribute	Attribute Description
objectClass	(Required) Reserved.
passwordChange	Defines whether users must, may, or cannot change passwords.
passwordCheckSyntax	Defines whether or not a syntax check is performed on user passwords.
passwordExp	Defines whether or not user passwords expire.
passwordInHistory	If password histories are being kept, this attribute defines how many passwords to keep in the history list.
passwordKeepHistory	Defines whether or not a history of user passwords should be saved.
passwordLockout	Defines whether or not users should be locked out after using an incorrect password a specified number of times.
passwordLockoutDuration	Defines how long users should be locked out after a specified number of retries.
passwordMaxAge	Defines how long passwords can be used before they expire.
passwordMaxFailure	Maximum number of retries allowed before a user is locked out.
passwordMinLength	Defines the minimum number of characters allowed in user passwords.
passwordResetDuration	Specifies how much time passes between the server locking a user out and resetting the retry count to zero.
passwordUnlock	Defines whether or not users should be locked out forever after a specified number of retries.
passwordWarning	Specifies how much time prior to password expiration to send a warning to the user.

Attribute	Attribute Description
attributeTypes	Attribute types used within a subschema.
dITContentRules	Defines directory tree content rules used within a subschema.
dITStructureRules	Defines directory tree structure rules used in a subschema.
matchingRules	Defines matching rules used in a subschema.
matchingRuleUse	Identifies the attribute types to which a matching rule applies in a subschema.
nameForms	Defines the name forms used in a subschema.
objectClasses	Defines the object classes used in a subschema.

Attribute	Attribute Description
cn	(Required) The user's common name.
mail	The user's electronic mailing address.
mailAccessDomain	Domain from which the mail user can login to obtain mail.
mailAlternateAddress	Alternate mail address for the user. More than one alternate address is acceptable.
mailAutoReplyMode	Auto reply mode set for the mail user.
mailAutoReplyText	Text sent when autoreplying to mail sent to the user.
mailDeliveryOption	Mail delivery mechanism to be used for the mail user.
mailForwardingAddress	Mail address to which the user's mail should be forwarded.
mailHost	Host on which the user's mail account resides.
mailMessageStore	Path to the directory containing the user's mail box.
mailProgramDeliveryInfo	Commands used for programmed mail delivery.
mailQuota	Maximum disk space allowed for the user's mail box.
multiLineDescription	Descriptive text about the mail user.
uid	Mail user's user ID.
userPassword	Password with which the mail user can bind to the directory.

Attribute	Attribute Description
mail	(Required) The group's electronic mailing address.
objectClass	(Required) Reserved.
cn	The group's common name.
mailAlternateAddress	Alternate mail address for the group.
mailHost	Host on which the group's mail account resides.
mgrpAllowedBroadcaster	URL identifying a mail user that is allowed to send mail to the mail group.
mgrpAllowedDomain	Domain from which users can send mail to the mail group.
mgrpDeliverTo	Alternative method of identifying members of the mail group.
mgrpErrorsTo	Mailing address to which mail delivery error messages are sent.
mgrpModerator	Mailing address to which rejected mail messages are sent.
mgrpMsgMaxSize	Maximum message size that can be sent to the mail group.
mgrpMsgRejectAction	Specifies the action to the taken in the event that mail sent to the mail group is rejected.
mgrpMsgRejectText	Text to be sent in the event that mail sent to the mail group is rejected.
mgrpRFC822MailMember	Recipient of mail that is sent to the mail group, but who is not in actuality a member of the mail group.
owner	Distinguished name of the mail group's owner.

Attribute	Attribute Description
uid	(Required) The account's user ID.
description	Text description of the account.
host	Hostname of the computer on which the account resides.
l	Locality in which the account resides.
o	Organization to which the account belongs.
ou	Organizational unit to which the account belongs.
seeAlso	URL to information relevant to the account.

Attribute	Attribute Description
presentationAddress	(Required) OSI presentation address of the entity.
cn	(Required) Common name of the entity.
description	Text description of the entity.
l	Locality in which the entity resides.
o	Organization to which the entity belongs.
ou	Organizational unit to which the entity belongs.
seeAlso	URL to information relevant to the entity.
supportedApplicationContext	Identifiers of OSI application contexts.

Attribute	Attribute Description
cn	(Required) Common name of the process.
description	Text description of the process.
l	Locality in which the process resides.
ou	Organizational unit to which the process belongs.
seeAlso	URL to information relevant to the process.

Attribute	Attribute Description
cACertificate;binary	(Required) Certificate, in binary form, from a certification authority.
authorityRevocationList;binary	List, in binary form, of CA certificates that have been revoked and are no longer considered valid or secure.
certificateRevocationList;binary	List, in binary form, of user certificates that have been revoked.
crossCertificatePair;binary	Reserved for future use.

Attribute	Attribute Description
cn	(Required) Common name of the device.
description	Text description of the device.
l	Locality in which the device resides.
o	Organization to which the device belongs.
ou	Organizational unit to which the device belongs.
owner	Distinguished name of the person responsible for the device.
seeAlso	URL to information relevant to the device.
serialNumber	Serial number of the device.

Attribute	Attribute Description
documentIdentifier	(Required) Unique identifier for a document.
abstract	Abstract of the document.
authorCn	Author's common, or given, name.
authorSn	The author's surname.
cn	Common name of the document.
description	Text description of the description.
documentAuthor	Distinguished name of the document author.
documentLocation	Location of the original document.
documentPublisher	Person or organization that published the document.
documentStore	Not defined.
documentTitle	The document's title.
documentVersion	The document's version number.
keyWords	Keywords that describe the document.
l	Locality in which the document resides.
o	Organization to which the document belongs.
obsoletedByDocument	Distinguished name of a document that obsoletes this document.
obsoletesDocument	Distinguished name of a document that is obsoleted by this document.
ou	Organizational unit to which the document belongs.
seeAlso	URL to information relevant to the document.
subject	Subject of the document.
updatedByDocument	Distinguished name of a document that is an updated version of this document.
updatesDocument	Distinguished name of a document for which this document is an updated version.

Attribute	Attribute Description
cn	(Required) The common name of the series.
description	Text description of the series.
l	Locality in which the series resides.
o	Organization to which the series belongs.
ou	Organizational unit to which the series belongs.
seeAlso	URL to information relevant to the series.
telephoneNumber	Telephone number of the person responsible for the series.

Attribute	Attribute Description
dc	(Required) One component of a domain name.
associatedName	Entry in the organizational directory tree associated with a DNS domain.
businessCategory	Type of business this domain is engaged in.
description	Text description of the domain.
destinationIndicator	This attribute is used for telegram services to this domain.
facsimileTelephoneNumber	Fax number associated with the domain.
internationalIsdnNumber	ISDN number associated with the domain.
l	Locality in which the domain resides.
manager	Distinguished name of a manager associated with the domain.
o	Organization to which the domain belongs.
physicalDeliveryOfficeName	Location where physical deliveries can be made.
postalAddress	Mailing address associated with the domain.
postalCode	Domain's postal code (such as a United States zip code).
postOfficeBox	Domain's post office box.
preferredDeliveryMethod	Domain's preferred method of contact or delivery.
registeredAddress	Postal address suitable for reception of expedited documents, where the recipient must verify delivery.
searchGuide	Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation.
seeAlso	URL to information relevant to the domain.
st	State or province in which the domain resides.
street	Street address associated with the domain.
telephoneNumber	Telephone number associated with the domain.
teletexTerminalIdentifier	Identifier for a teletex terminal associated with the domain.
telexNumber	Telex number associated with the domain.
userPassword	Reserved for future use.
x121Address	X.121 address associated with the domain.

Attribute	Attribute Description
audio	Sound file.
ditRedirect	Distinguished name to use as a redirect for the entry.
info	Information about the object.
jpegPhoto	Photo in jpeg format.
lastModifiedBy	Distinguished name of the last user to modify the object.
lastModifiedTime	Last time the object was modified.
manager	Distinguished name of the object's manager.
photo	Photo of the object.
uniqueIdentifier	Specific item used to distinguish between two entries when a distinguished name has been reused.

Attribute	Attribute Description
o	(Required) Organization to which the entry belongs.
ou	(Required) Organizational unit to which the entry belongs.
buildingName	Name of the building in which the entry resides.
businessCategory	Type of business this entry is engaged in.
description	Text description of the entry.
destinationIndicator	This attribute is used for telegram services to this entry.
facsimileTelephoneNumber	Fax number associated with the entry.
internationalIsdnNumber	ISDN number associated with the entry.
l	Locality in which the entry resides.
physicalDeliveryOfficeName	Location where physical deliveries can be made to this entry.
postalAddress	Business mailing address for the entry.
postalCode	Business postal code (such as a United States zip code) for the entry.
postOfficeBox	Business post office box for the entry.
preferredDeliveryMethod	Preferred method of contact or delivery of the entry.
registeredAddress	Postal address suitable for reception of expedited documents, where the recipient must verify delivery.
searchGuide	Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation.
seeAlso	URL to information relevant to the entry.
st	State or province in which the entry resides.
street	Street address at which the entry is located.
telephoneNumber	Telephone number associated with the entry.
teletexTerminalIdentifier	Identifier for the teletex terminal of the entry.
telexNumber	Telex number of the entry.
userPassword	The entry's password and encryption method.
x121Address	X.121 address of the entry.

Attribute	Attribute Description
cn	Common, or given name of the entry.
sn	Surname of the entry.

Attribute	Attribute Description
cn	(Required) Common name of the room.
description	Text description of the room.
roomNumber	The room's number.
seeAlso	URL to information relevant to the room.
telephoneNumber	The room's telephone number.

Attribute	Attribute Description
userCertificate	Not used.
userCertificate;binary	(Required) User's certificate in binary form.

Attribute	Attribute Description
objectClass	(Required) Mandatory attribute for all object classes.
aci	Stores the Directory Server access control information for this entry.