INTERNET-DRAFT                                          K. Dally, Editor
Intended Category:  Standard Track                       The MITRE Corp.
Expires:  December 2003                                        June 2003
Updates:  RFC 2247, RFC 2798
Obsoletes:  RFC 2256


                   LDAP:  Schema for User Applications                  
                  <draft-ietf-ldapbis-user-schema-06>


Status of this Memo

   This document is an Internet-Draft and is in full conformance with 
   all provisions of Section 10 of RFC 2026.

   This document is intended to be, after appropriate review and
   revision, submitted to the RFC Editor as a Standard Track document.
   Distribution of this memo is unlimited.  Technical discussion of 
   this document will take place on the IETF LDAP Revision Working 
   Group (LDAPbis) mailing list <ietf-ldapbis@openldap.org>.  Please 
   send editorial comments directly to the author <kdally@mitre.org>.

   Internet-Drafts are working documents of the Internet Engineering 
   Task Force (IETF), its areas, and its working groups.  Note that 
   other groups may also distribute working documents as 
   Internet-Drafts.  Internet-Drafts are draft documents valid for a 
   maximum of six months and may be updated, replaced, or obsoleted by 
   other documents at any time.  It is inappropriate to use 
   Internet-Drafts as reference material or to cite them other than as 
   "work in progress."

   The list of current Internet-Drafts can be accessed at 
   http://www.ietf.org/ietf/1id-abstracts.txt.  

   The list of Internet-Draft Shadow Directories can be accessed at 
   http://www.ietf.org/shadow.html.


Copyright Notice

   Copyright 2003, The Internet Society.  All Rights Reserved.


Abstract

   This document is a integral part of the Lightweight Directory Access 
   Protocol (LDAP) technical specification [ROADMAP].  It provides a 
   technical specification of attribute types and object classes 
   intended for use by LDAP directory clients for many directory 
   services, such as, White Pages.  These objects are widely used as a 
   basis for the schema in many LDAP directories.  This document does 
   not cover attributes used for the administration of directory 
   servers, nor does it include directory objects defined for specific 
   uses in other documents.  


Dally                    Expires December 2003                  [Page 1]
INTERNET-DRAFT      draft-ietf-ldapbis-user-schema-06          June 2003


                            Table of Contents                           

Status of this Memo                                                    1

Copyright Notice                                                       1

Abstract                                                               1

Table of Contents                                                      2

1.  Introduction                                                       4
    1.1  Situation                                                     4
    1.2  Conventions                                                   4
    1.3  General Issues                                                4
    1.4  Source                                                        5

2.  Attribute Types                                                    5
    2.1  businessCategory                                              5
    2.2  c                                                             5
    2.3  cn                                                            6
    2.4  dc                                                            6
    2.5  description                                                   6
    2.6  destinationIndicator                                          7
    2.7  distinguishedName                                             7
    2.8  dnQualifier                                                   7
    2.9  enhancedSearchGuide                                           8
    2.10 facsimileTelephoneNumber                                      8
    2.11 generationQualifier                                           8
    2.12 givenName                                                     8
    2.13 houseIdentifier                                               9
    2.14 initials                                                      9
    2.15 internationalISDNNumber                                       9
    2.16 l                                                             9
    2.17 member                                                       10
    2.18 name                                                         10
    2.19 o                                                            10
    2.20 ou                                                           10
    2.21 owner                                                        11
    2.22 physicalDeliveryOfficeName                                   11
    2.23 postalAddress                                                11
    2.24 postalCode                                                   11
    2.25 postOfficeBox                                                12
    2.26 preferredDeliveryMethod                                      12
    2.27 registeredAddress                                            12
    2.28 roleOccupant                                                 13
    2.29 searchGuide                                                  13
    2.30 seeAlso                                                      13
    2.31 serialNumber                                                 13
    2.32 sn                                                           14
    2.33 st                                                           14
    2.34 street                                                       14
    2.35 telephoneNumber                                              14


Dally                    Expires December 2003                  [Page 2]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2003


    2.36 teletexTerminalIdentifier                                    14
    2.37 telexNumber                                                  15
    2.38 title                                                        15
    2.39 uid                                                          15
    2.40 uniqueMember                                                 15
    2.41 userPassword                                                 16
    2.42 x121Address                                                  16
    2.43 x500UniqueIdentifier                                         16

3.  Object Classes                                                    17
    3.1  applicationProcess                                           17
    3.2  country                                                      17
    3.3  device                                                       17
    3.4  groupOfNames                                                 18
    3.5  groupOfUniqueNames                                           18
    3.6  locality                                                     18
    3.7  organization                                                 19
    3.8  organizationalPerson                                         19
    3.9 organizationalRole                                            19
    3.10 organizationalUnit                                           20
    3.11 person                                                       20
    3.12 residentialPerson                                            20

4.  IANA Considerations                                               21

5.  Security Considerations                                           22

6.  Acknowledgements                                                  23

7.  References                                                        23
    7.1  Normative                                                    23
    7.2  Informative                                                  24

8.  Author's Address                                                  25

9.  Full Copyright Statement                                          25


















Dally                    Expires December 2003                  [Page 3]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2002


1.  Introduction

   This document provides an overview of attribute types and object 
   classes intended for use by Lightweight Directory Access Protocol 
   directory clients for many directory services, such as, White Pages.
   Originally specified in the X.500 [X.500] documents, these objects 
   are widely used as a basis for the schema in many LDAP 
   directories.  This document does not cover attributes used for the 
   administration of directory servers, nor does it include directory 
   objects defined for specific uses in other documents.

1.1  Situation

   This document is a integral part of the LDAP technical specification 
   [ROADMAP] which obsoletes the previously defined LDAP technical 
   specification [RFC3377] in its entirety.  In terms of RFC 2256, 
   Sections 6 and 8 of RFC 2256 are obsoleted by [Syntaxes].  Sections 
   5.1, 5.2, 7.1 and 7.2 of RFC 2256 are obsoleted by [Models].  The 
   remainder of RFC 2256 is obsoleted by this document.  Section 3.4 of 
   this document supercedes the technical specification for the 'dc' 
   attribute type found in RFC 2247.[editor's note:  Substitute 
   replacement RFC at time of publication.]   The remainder of RFC 2247 
   remains in force.

   This document updates RFC 2798 by replacing the informative 
   description of the 'uid' attribute type, with the definitive 
   description provided in Section 2.39 of this document.

   A number of schema elements which were included in the previous 
   revision of the LDAP Technical Specification are not included in this
   revision of LDAP.  PKI-related schema elements are now specified in 
   [LDAP-PKI].  Unless reintroduced in future technical specifications, 
   the remainder are to be considered Historic.

1.2  Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 
   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

1.3  General Issues

   This document references Syntaxes given in Section 3 of [Syntaxes] 
   and Matching Rules specified in Section 4 of [Syntaxes].

   The definitions of Attribute Types and Object Classes are written 
   using the ABNF form of AttributeTypeDescription and 
   ObjectClassDescription given in [Models].  Lines have been folded 
   for readability.





Dally                    Expires December 2003                  [Page 4]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2003


1.4  Source

   The schema definitions in this document are based on those found in 
   the X.500-series [X.520] and [X.521], RFC 2798 [RFC2798] and 
   RFC 2247 [RFC2247], specifically:
   
   Sections             Source
   ============         ==================
   2.1 - 2.3            X.520 [X.520]
   2.4                  RFC 2247 [RFC2247]
   2.5 - 2.38           X.520 [X.520]
   2.39                 RFC 2798 [2798]
   2.40 - 2.43          X.520 [X.520]
   3.1  - 3.12          X.521 [X.521]

   However, the descriptions in this document SHALL be considered 
   definitive for use in LDAP.


2.  Attribute Types

   The Attribute Types contained in this section hold user information.

   There is no requirement that servers implement the following 
   attribute types: 

      searchGuide
      teletexTerminalIdentifier

   In fact, their use is greatly discouraged.

   An LDAP server implementation SHOULD recognize the rest of the 
   attribute types described in this section.

2.1  businessCategory

   The businessCategory attribute type describes the kinds of business 
   performed by an organization (e.g., "banking", "transportation").  
   Each kind is one value of this multi-valued attribute.

   ( 2.5.4.15 NAME 'businessCategory' 
      EQUALITY caseIgnoreMatch
      SUBSTR caseIgnoreSubstringsMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 

   1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String 
   syntax [Syntaxes].

2.2  c

   The c (countryName) attribute type contains a two-letter ISO 3166 
   [ISO3166] country code (e.g., "DE").  (Source:  X.520)


Dally                    Expires December 2003                  [Page 5]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2003


   ( 2.5.4.6 NAME 'c' 
      SUP name 
      SINGLE-VALUE )

2.3  cn

   The cn (commonName) attribute type contains names of an object 
   (e.g., "Martin K Smith", "Marty Smith", "printer12").  Each name is 
   one value of this multi-valued attribute.  If the object corresponds 
   to a person, it is typically the person's full name.  
   (Source:  X.520)

   ( 2.5.4.3 NAME 'cn' 
      SUP name )

2.4  dc

   The dc (short for domainComponent) attribute type is a string 
   holding one component, a <label> [RFC1034}, of a DNS domain name 
   (e.g., "example" or "com", but not "example.com").  The encoding of 
   IA5String for use in LDAP is simply the characters of the string 
   itself.  The equality matching rule is case insensitive, as is 
   today's DNS.

   ( 0.9.2342.19200300.100.1.25 NAME 'dc' 
      EQUALITY caseIgnoreIA5Match
      SUBSTR caseIgnoreIA5SubstringsMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 
      SINGLE-VALUE )

   1.3.6.1.4.1.1466.115.121.1.26 refers to the IA5 String 
   syntax [Syntaxes].

   It is noted that the directory will not ensure that values of this 
   attribute conform to the label production [RFC1034].  It is the 
   application responsibility to ensure domains it stores in this 
   attribute are appropriately represented.

   It is also noted that applications supporting Internationalized 
   Domain Names SHALL use the ToASCII method [RFC3490] to produce 
   <label> components of the <domain> production.

2.5  description

   The description attribute type contains human-readable descriptive 
   phrases about the object (e.g., "a color printer", "Maintenance is 
   done every Monday, at 1pm.").  Each description is one value of this 
   multi-valued attribute.  

   ( 2.5.4.13 NAME 'description' 
      EQUALITY caseIgnoreMatch



Dally                    Expires December 2003                  [Page 6]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2003


      SUBSTR caseIgnoreSubstringsMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 

   1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String 
   syntax [Syntaxes].

2.6  destinationIndicator

   The destinationIndicator attribute type contains country and city 
   strings, associated with the object (the addressee), needed to 
   provide the Public Telegram Service.  Each string is one value of 
   this multi-valued attribute.  The strings are composed in accordance 
   with CCITT Recommendations F.1 [F.1] and F.31 [F.31].

   ( 2.5.4.27 NAME 'destinationIndicator' 
      EQUALITY caseIgnoreMatch
      SUBSTR caseIgnoreSubstringsMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) 

   1.3.6.1.4.1.1466.115.121.1.44 refers to the Printable String 
   syntax [Syntaxes].

2.7  distinguishedName

   The distinguishedName attribute type is the attribute supertype from 
   which attribute types with DN syntax inherit, instead of containing 
   values which name the object itself.  The attribute type is 
   multi-valued.

   It is unlikely that values of this type itself will occur in an 
   entry.  LDAP server implementations which do not support attribute 
   subtyping need not recognize this attribute in requests.  Client 
   implementations MUST NOT assume that LDAP servers are capable of 
   performing attribute subtyping.

   ( 2.5.4.49 NAME 'distinguishedName' 
      EQUALITY distinguishedNameMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )

   1.3.6.1.4.1.1466.115.121.1.12 refers to the DN syntax [Syntaxes].

2.8  dnQualifier

   The dnQualifier attribute type contains disambiguating information 
   strings to add to the relative distinguished name of an entry.  The 
   information is intended for use when merging data from multiple 
   sources in order to prevent conflicts between entries which would 
   otherwise have the same name.  Each string is one value of this 
   multi-valued attribute.  It is recommended that a value of the 
   dnQualifier attribute be the same for all entries from a 
   particular source.



Dally                    Expires December 2003                  [Page 7]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2003


   ( 2.5.4.46 NAME 'dnQualifier' 
      EQUALITY caseIgnoreMatch
      ORDERING caseIgnoreOrderingMatch 
      SUBSTR caseIgnoreSubstringsMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) 

   1.3.6.1.4.1.1466.115.121.1.44 refers to the Printable String 
   syntax [Syntaxes].

2.9  enhancedSearchGuide

   The enhancedSearchGuide attribute type contains sets of information 
   for use by directory clients in constructing search filters.  Each 
   set is one value of this multi-valued attribute.

   ( 2.5.4.47 NAME 'enhancedSearchGuide'
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) 

   1.3.6.1.4.1.1466.115.121.1.21 refers to the Enhanced Guide 
   syntax [Syntaxes].

2.10  facsimileTelephoneNumber

   The facsimileTelephoneNumber attribute type contains telephone 
   numbers (and, optionally, the parameters) for facsimile terrminals.  
   Each telephone number is one value of this multi-valued attribute.

   ( 2.5.4.23 NAME 'facsimileTelephoneNumber'
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ) 

   1.3.6.1.4.1.1466.115.121.1.22 refers to the Facsimile Telephone 
   Number syntax [Syntaxes].

2.11  generationQualifier

   The generationQualifier attribute type contains name strings that 
   are the part of a person's name which typically is the suffix, as in 
   "IIIrd" or "3rd".  Each string is one value of this multi-valued 
   attribute.

   ( 2.5.4.44 NAME 'generationQualifier' 
      SUP name )

2.12  givenName

   The givenName attribute type contains name strings that are the part 
   of a person's name which is not their surname.  Each string is one 
   value of this multi-valued attribute.

   ( 2.5.4.42 NAME 'givenName' 
      SUP name )



Dally                    Expires December 2003                  [Page 8]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2003


2.13  houseIdentifier

   The houseIdentifier attribute type contains identifiers for a 
   building within a location.  Each identifier is one value of this 
   multi-valued attribute.

   ( 2.5.4.51 NAME 'houseIdentifier' 
      EQUALITY caseIgnoreMatch 
      SUBSTR caseIgnoreSubstringsMatch 
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 

   1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String 
   syntax [Syntaxes].

2.14  initials

   The initials attribute type contains strings of initials of some or 
   all of an individual's names, except the surname(s) 
   (e.g., "K. A.", "K").  Each string is one value of this multi-valued 
   attribute.

   ( 2.5.4.43 NAME 'initials' 
      SUP name )

2.15  internationalISDNNumber

   The internationalISDNNumber attribute type contains ISDN addresses, 
   as defined in ITU Recommendation E.164 [E.164].  Each address is one 
   value of this multi-valued attribute.

   ( 2.5.4.25 NAME 'internationalISDNNumber' 
      EQUALITY numericStringMatch 
      SUBSTR numericStringSubstringsMatch 
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 ) 

   1.3.6.1.4.1.1466.115.121.1.36 refers to the Numeric String 
   syntax [Syntaxes].

2.16  l

   The l (localityName) attribute type contains names of a locality or 
   place, such as a city, county or other geographic region (e.g., 
   "Geneva").  Each name is one value of this multi-valued attribute.  
   (Source:  X.520)

   ( 2.5.4.7 NAME 'l' 
      SUP name )







Dally                    Expires December 2003                  [Page 9]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2003


2.17  member

   The member attribute type contains the Distinguished Names of 
   objects that are on a list or in a group.  Each name is one value of 
   this multi-valued attribute.

   ( 2.5.4.31 NAME 'member' 
      SUP distinguishedName )

2.18  name

   The name attribute type is the attribute supertype from which 
   attributes with the name syntax inherit.  Such attributes are 
   typically used for naming.  The attribute type is multi-valued.

   It is unlikely that values of this type itself will occur in an 
   entry.  LDAP server implementations which do not support attribute 
   subtyping need not recognize this attribute in requests.  Client 
   implementations MUST NOT assume that LDAP servers are capable of 
   performing attribute subtyping.

   ( 2.5.4.41 NAME 'name' 
      EQUALITY caseIgnoreMatch
      SUBSTR caseIgnoreSubstringsMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 

   1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String 
   syntax [Syntaxes].

2.19  o

   The o (organizationName) attribute type contains the names of an 
   organization (e.g., "IETF", "Internet Engineering Task Force").  
   Each name is one value of this multi-valued attribute.  
   (Source:  X.520)

   ( 2.5.4.10 NAME 'o' 
      SUP name )

2.20  ou

   The ou (organizationalUnitName) attribute type contains the names of 
   an organizational unit (e.g., "Application Area", "LDAPbis WG").  
   Each name is one value of this multi-valued attribute.  
   (Source:  X.520)

   ( 2.5.4.11 NAME 'ou' 
      SUP name )






Dally                   Expires December 2003                  [Page 10]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2003


2.21  owner

   The owner attribute type contains the Distinguished Names of objects 
   that have an ownership responsibility for the object that is owned.  
   (e.g., The list object, "cn=All Employees, ou=Mailing List, 
   o=Widget, Inc.", is owned by the role object, "cn=ou=Human Resources 
   Director, ou=employee, o=Widget, Inc.")  Each name is one value of 
   this multi-valued attribute.

   ( 2.5.4.32 NAME 'owner' 
      SUP distinguishedName )

2.22  physicalDeliveryOfficeName

   The physicalDeliveryOfficeName attribute type contains names that a 
   Postal Service uses to identify a post office (e.g., "Bremerhaven, 
   Main", "Bremerhaven, Bonnstrasse").

   ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' 
      EQUALITY caseIgnoreMatch
      SUBSTR caseIgnoreSubstringsMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 

   1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String 
   syntax [Syntaxes].

2.23  postalAddress

   The postalAddress attribute type contains addresses used by a Postal 
   Service to perform services for the object (e.g., "15 Main St., 
   Ottawa, Canada").  Each address is one value of this multi-valued 
   attribute.

   ( 2.5.4.16 NAME 'postalAddress' 
      EQUALITY caseIgnoreListMatch
      SUBSTR caseIgnoreListSubstringsMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) 

   1.3.6.1.4.1.1466.115.121.1.41 refers to the Postal Address 
   syntax [Syntaxes].

2.24  postalCode

   The postalCode attribute type contains codes used by a Postal 
   Service to identify a postal service zones, such as the southern 
   quadrant of a city (e.g., "22180").  Each code is one value of this 
   multi-valued attribute.

   ( 2.5.4.17 NAME 'postalCode' 
      EQUALITY caseIgnoreMatch
      SUBSTR caseIgnoreSubstringsMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 


Dally                   Expires December 2003                  [Page 11]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2003


   1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String 
   syntax [Syntaxes].

2.25  postOfficeBox

   The postOfficeBox attribute type contains numbers that a Postal 
   Service uses when a customer arranges to receive mail at a box on 
   premises of the Postal Service (e.g., "Box 45").  Each number is one 
   value of this multi-valued attribute.


   ( 2.5.4.18 NAME 'postOfficeBox' 
      EQUALITY caseIgnoreMatch
      SUBSTR caseIgnoreSubstringsMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 

   1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String 
   syntax [Syntaxes].

2.26  preferredDeliveryMethod

   The preferredDeliveryMethod attribute type contains an indication of 
   the preferred method of getting a message to the object.  For example,
   if mhs-delivery is preferred over telephone-delivery, which is 
   preferred over all other methods, the value of the value would 
   be {1, 9}.

   ( 2.5.4.28 NAME 'preferredDeliveryMethod'
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 
      SINGLE-VALUE )

   1.3.6.1.4.1.1466.115.121.1.14 refers to the Delivery Method
   syntax [Syntaxes].

2.27  registeredAddress

   The registeredAddress attribute type contains postal addresses 
   suitable for reception of telegrams or expedited documents, where it 
   is necessary to have the recipient accept delivery (e.g., 
   "Receptionist, Widget Inc., 15 Main St., Ottawa, Canada").  Each 
   address is one value of this multi-valued attribute.

   ( 2.5.4.26 NAME 'registeredAddress' 
      SUP postalAddress
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) 

   1.3.6.1.4.1.1466.115.121.1.41 refers to the Postal Address 
   syntax [Syntaxes].






Dally                   Expires December 2003                  [Page 12]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2003


2.28  roleOccupant

   The roleOccupant attribute type contains the Distinguished Names of 
   objects(normally people) that fulfill the responsibilities of a role 
   object.  For example, the role object, "cn=Human Resources Director, 
   ou=Position, o=Widget, Inc.", is fulfilled by two people whose 
   object names are "cn=Mary Smith, ou=employee, o=Widget, Inc." and 
   "cn=James Brown, ou=employee, o=Widget, Inc."  Each name is one 
   value of this multi-valued attribute.

   ( 2.5.4.33 NAME 'roleOccupant' 
      SUP distinguishedName )

2.29  searchGuide

   The searchGuide attribute type contains sets of information for use 
   by clients in constructing search filters.  It is superseded by 
   enhancedSearchGuide, described above in section 2.9.

   ( 2.5.4.14 NAME 'searchGuide'
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )  

   1.3.6.1.4.1.1466.115.121.1.25 refers to the Guide syntax [Syntaxes].

2.30  seeAlso

   The seeAlso attribute type contains Distinguished Names of objects 
   that are related to the subject object.  For example, the person 
   object, "cn=James Brown, ou=employee, o=Widget Inc." is related to 
   the role objects, "cn=Football Team Captain, ou=sponsored 
   activities, o=Widget Inc." and "cn=Chess Team, ou=sponsored 
   activities, o=Widget Inc.".  Each name is one value of this 
   multi-valued attribute.

   ( 2.5.4.34 NAME 'seeAlso' 
      SUP distinguishedName )

2.31  serialNumber

   The serialNumber attribute type contains the serial numbers of 
   devices (e.g., "WI-3005".  Each number is one value of this 
   multi-valued attribute.

   ( 2.5.4.5 NAME 'serialNumber' 
      EQUALITY caseIgnoreMatch
      SUBSTR caseIgnoreSubstringsMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) 

   1.3.6.1.4.1.1466.115.121.1.44 refers to the Printable String 
   syntax [Syntaxes].




Dally                   Expires December 2003                  [Page 13]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2003


2.32  sn

   The sn (surname)attribute type contains name strings for the family 
   names of a person (e.g., "Smith").  Each string is one value of this 
   multi-valued attribute.  (Source:  X.520)

   ( 2.5.4.4 NAME 'sn' 
      SUP name )

2.33  st

   The st (stateOrProvinceName) attribute type contains the full names 
   of states or provinces, (e.g. "California").  Each name is one value 
   of this multi-valued attribute.

   ( 2.5.4.8 NAME 'st' 
      SUP name )

2.34  street

   The street (streetAddress) attribute type contains physical 
   addresses of the object to which the entry corresponds, such as an 
   address for package delivery.  Each address is one value of this 
   multi-valued attribute.

   ( 2.5.4.9 NAME 'street' 
      EQUALITY caseIgnoreMatch
      SUBSTR caseIgnoreSubstringsMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 

   1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String 
   syntax [Syntaxes].

2.35  telephoneNumber

   The telephoneNumber attribute type contains telephone numbers 
   complying with ITU Recommendation E.123 [E.123] 
   (e.g., 1 234 567 8901)  Each number is one value of this 
   multi-valued attribute.

   ( 2.5.4.20 NAME 'telephoneNumber' 
      EQUALITY telephoneNumberMatch
      SUBSTR telephoneNumberSubstringsMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) 

   1.3.6.1.4.1.1466.115.121.1.50 refers to the Telephone Number 
   syntax [Syntaxes].

2.36  teletexTerminalIdentifier

   The withdrawal of Rec. F.200 has resulted in the withdrawal of this 
   attribute. 


Dally                   Expires December 2003                  [Page 14]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2003


   ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) 

2.37  telexNumber

   The telexNumber attribute type contains sets of strings which are a 
   telex number, country code, and answerback code of a telex 
   terminal.  Each set is one value of this multi-valued attribute.

   ( 2.5.4.21 NAME 'telexNumber'
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) 

   1.3.6.1.4.1.1466.115.121.1.52 refers to the Telex Number 
   syntax [Syntaxes].

2.38  title

   This attribute contains the title, such as "Vice President", of a 
   person in their organizational context.

   ( 2.5.4.12 NAME 'title' 
      SUP name )

2.39  uid

   The uid attribute type contains computer system login names 
   associated with the object.  (Source: RFC 1274, 
   RFC 2798).  Each name is one value of this multi-valued attribute.

   ( 0.9.2342.19200300.100.1.1
      NAME 'uid'
      EQUALITY caseIgnoreMatch
      SUBSTR caseIgnoreSubstringsMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

   1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String
   syntax [Syntaxes].

2.40  uniqueMember

   The uniqueMember attribute type contains the Distinguished Names of 
   an object that is on a list or in a group, where the Relative 
   Distinguished Names of the object include a value that distinguishs 
   between objects when a distinguished name has been reused.  For 
   example, if "ou=1st Battalion, o=Defense, c=US" is a battalion that 
   was disbanded, establishing a new battalion with the "same" name 
   would have a uid value added, resulting in 
   "ou=1st Battalion#'010101', o=Defense, c=US".  

   ( 2.5.4.50 NAME 'uniqueMember' 
      EQUALITY uniqueMemberMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) 


Dally                   Expires December 2003                  [Page 15]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2003


   1.3.6.1.4.1.1466.115.121.1.34 refers to the Name and Optional UID 
   syntax [Syntaxes].

2.41  userPassword

   The userPassword attribute type contains character strings that are 
   known only to the user and the system to which the user has access.  
   Each string is one value of this multi-valued attribute.

   The application SHOULD prepare textual strings used as passwords by 
   transcoding them to Unicode, applying SASLprep [SASLprep], and 
   encoding as UTF-8.

   ( 2.5.4.35 NAME 'userPassword' 
      EQUALITY octetStringMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) 

   1.3.6.1.4.1.1466.115.121.1.40 refers to the Octet String 
   syntax [Syntaxes].

   Passwords are stored using an Octet String syntax and are not 
   encrypted.  Transfer of cleartext passwords is strongly discouraged 
   where the underlying transport service cannot guarantee 
   confidentiality and may result in disclosure of the password to 
   unauthorized parties.

   An example of a need for multiple values in the userPassword 
   attribute is an environment where every month the user was expected 
   to use a different password generated by some automated system.  
   During transitional periods, like say the last and first day of the 
   periods, it may be necessary to allow two passwords for the two 
   consecutive periods to be valid in the system.

2.42  x121Address

   The x121Address attribute type contains data network addresses 
   (e.g., 36111222333444555) as defined by ITU Recommendation X.121 
   [X.121].  Each address is one value of this multi-valued attribute.

   ( 2.5.4.24 NAME 'x121Address' 
      EQUALITY numericStringMatch
      SUBSTR numericStringSubstringsMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 ) 

   1.3.6.1.4.1.1466.115.121.1.36 refers to the Numeric String 
   syntax [Syntaxes].

2.43  x500UniqueIdentifier

   The x500UniqueIdentifier attribute type contains binary strings that 
   are used to distinguish between objects when a distinguished name 
   has been reused.  Each string is one value of this multi-valued 


Dally                   Expires December 2003                  [Page 16]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2003


   attribute.  In X.520 [X.520], this attribute type is called 
   uniqueIdentifier.  This is a different attribute type from both the 
   "uid" and "uniqueIdentifier" attribute types.

   ( 2.5.4.45 NAME 'x500UniqueIdentifier' 
      EQUALITY bitStringMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) 

   1.3.6.1.4.1.1466.115.121.1.6 refers to the Bit String 
   syntax [Syntaxes].


3.  Object Classes

   LDAP servers SHOULD recognize all the Object Classes listed here as 
   values of the objectClass attribute (see [Models]).

3.1  applicationProcess

   The applicationProcess object class definition is the basis of an 
   entry which represents an application executing in a computer system.

   ( 2.5.6.11 NAME 'applicationProcess' 
      SUP top 
      STRUCTURAL 
      MUST cn
      MAY ( seeAlso $ 
            ou $ 
            l $ 
            description ) ) 

3.2  country

   The country object class definition is the basis of an entry which 
   represents a country.

   ( 2.5.6.2 NAME 'country' 
      SUP top 
      STRUCTURAL 
      MUST c
      MAY ( searchGuide $ 
            description ) )

3.3  device

   The device object class is the basis of an entry which represents an 
   appliance or computer or network element.

   ( 2.5.6.14 NAME 'device' 
      SUP top 
      STRUCTURAL 
      MUST cn


Dally                   Expires December 2003                  [Page 17]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2003


      MAY ( serialNumber $ 
            seeAlso $ 
            owner $ 
            ou $ 
            o $ 
            l $ 
            description ) )

3.4  groupOfNames

   The groupOfNames object class is the basis of an entry which 
   represents a set of named objects including information related to 
   the purpose or maintenance of the set.

   ( 2.5.6.9 NAME 'groupOfNames' 
      SUP top 
      STRUCTURAL 
      MUST ( member $ 
            cn )
      MAY ( businessCategory $ 
            seeAlso $ 
            owner $ 
            ou $ 
            o $ 
            description ) )

3.5  groupOfUniqueNames

   The groupOfUniqueNames object class is the same as the groupOfNames 
   object class except that the object names are not repeated or 
   reassigned within a set scope.

   ( 2.5.6.17 NAME 'groupOfUniqueNames' 
      SUP top 
      STRUCTURAL
      MUST ( uniqueMember $ 
            cn )
      MAY ( businessCategory $ 
            seeAlso $ 
            owner $ 
            ou $ 
            o $ 
            description ) ) 

3.6  locality

   The locality object class is the basis of an entry which represents 
   a place in the physical world.

   ( 2.5.6.3 NAME 'locality' 
      SUP top 
      STRUCTURAL


Dally                   Expires December 2003                  [Page 18]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2003


      MAY ( street $ 
            seeAlso $ 
            searchGuide $ 
            st $ 
            l $ 
            description ) )

3.7  organization

   The organization object class is the basis of an entry which 
   represents a structured group of people.

   ( 2.5.6.4 NAME 'organization' 
      SUP top 
      STRUCTURAL 
      MUST o
      MAY ( userPassword $ searchGuide $ seeAlso $ 
            businessCategory $ x121Address $ registeredAddress $ 
            destinationIndicator $ preferredDeliveryMethod $ 
            telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ 
            internationaliSDNNumber $ facsimileTelephoneNumber $ 
            street $ postOfficeBox $ postalCode $ 
            postalAddress $ physicalDeliveryOfficeName $ st $ 
            l $ description ) )

3.8  organizationalPerson

   The organizationalPerson object class is the basis of an entry which 
   represents a person in relation to an organization.  

   ( 2.5.6.7 NAME 'organizationalPerson' 
      SUP person 
      STRUCTURAL
      MAY ( title $ x121Address $ registeredAddress $ 
            destinationIndicator $ preferredDeliveryMethod $ 
            telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ 
            internationaliSDNNumber $ facsimileTelephoneNumber $ 
            street $ postOfficeBox $ postalCode $ postalAddress $ 
            physicalDeliveryOfficeName $ ou $ st $ l ) )

3.9  organizationalRole

   The organizationalRole object class is the basis of an entry which 
   represents a job or function or position in an organization.

   ( 2.5.6.8 NAME 'organizationalRole' 
      SUP top 
      STRUCTURAL 
      MUST cn
      MAY ( x121Address $ registeredAddress $ destinationIndicator $ 
            preferredDeliveryMethod $ telexNumber $ 
            teletexTerminalIdentifier $ telephoneNumber $ 


Dally                   Expires December 2003                  [Page 19]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2003


            internationaliSDNNumber $ facsimileTelephoneNumber $ 
            seeAlso $ roleOccupant $ preferredDeliveryMethod $ 
            street $ postOfficeBox $ postalCode $ postalAddress $ 
            physicalDeliveryOfficeName $ ou $ st $ l $ description ) )

3.10  organizationalUnit

   The organizationalUnit object class is the basis of an entry which 
   represents a piece of an organization.

   ( 2.5.6.5 NAME 'organizationalUnit' 
      SUP top 
      STRUCTURAL 
      MUST ou
      MAY ( businessCategory $ description $ destinationIndicator $ 
            facsimileTelephoneNumber $ internationaliSDNNumber $ l $ 
            physicalDeliveryOfficeName $ postalAddress $ postalCode $ 
            postOfficeBox $ preferredDeliveryMethod $ 
            registeredAddress $ searchGuide $ seeAlso $ st $ street $ 
            telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ 
            userPassword $ x121Address ) )

3.11  person

   The person object class is the basis of an entry which represents a 
   human being.

   ( 2.5.6.6 NAME 'person' 
      SUP top 
      STRUCTURAL 
      MUST ( sn $ 
            cn )
      MAY ( userPassword $ 
            telephoneNumber $ 
            seeAlso $ 
            description ) ) 

3.12  residentialPerson

   The residentialPerson object class is the basis of an entry which 
   includes a person's residence in the representation of the person. 

   ( 2.5.6.10 NAME 'residentialPerson' 
      SUP person 
      STRUCTURAL 
      MUST l
      MAY ( businessCategory $ x121Address $ registeredAddress $ 
            destinationIndicator $ preferredDeliveryMethod $ 
            telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ 
            internationaliSDNNumber $ facsimileTelephoneNumber $ 
            preferredDeliveryMethod $ street $ postOfficeBox $ 



Dally                   Expires December 2003                  [Page 20]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2003


            postalCode $ postalAddress $ physicalDeliveryOfficeName $ 
            st $ l ) )


4.  IANA Considerations

   It is requested that the Internet Assigned Numbers Authority (IANA) 
   update the LDAP descriptors registry as indicated in the following 
   template:

      Subject: Request for LDAP Descriptor Registration Update
      Descriptor (short name): see comment
      Object Identifier: see comment
      Person & email address to contact for further information:
            Kathy Dally <kdally@mitre.org>
      Usage: (A = attribute type, O = Object Class) see comment
      Specification: RFC XXXX [editor's note:  The RFC number will be 
            the one assigned to this document.
      Author/Change Controller: IESG

   Comments
   In the LDAP descriptors registry, the following descriptors (short 
   names) should be updated to refer to RFC XXXX [editor's note:  This 
   document].

      NAME                         Type OID
      ------------------------     ---- ----------------------------
      applicationProcess           O    2.5.6.11
      businessCategory             A    2.5.4.15
      c                            A    2.5.4.6
      cn                           A    2.5.4.3
      country                      O    2.5.6.2
      dc                           A    0.9.2342.19200300.100.1.25
      description                  A    2.5.4.13
      destinationIndicator         A    2.5.4.27
      device                       O    2.5.6.14
      distinguishedName            A    2.5.4.49
      dnQualifier                  A    2.5.4.46
      enhancedSearchGuide          A    2.5.4.47
      facsimileTelephoneNumber     A    2.5.4.23
      generationQualifier          A    2.5.4.44
      givenName                    A    2.5.4.42
      groupOfNames                 O    2.5.6.9
      groupOfUniqueNames           O    2.5.6.17
      houseIdentifier              A    2.5.4.51
      initials                     A    2.5.4.43
      internationalISDNNumber      A    2.5.4.25
      l                            A    2.5.4.7
      locality                     O    2.5.6.3
      member                       A    2.5.4.31
      name                         A    2.5.4.41
      o                            A    2.5.4.10


Dally                   Expires December 2003                  [Page 21]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2003


      organization                 O    2.5.6.4
      organizationalPerson         O    2.5.6.7
      organizationalRole           O    2.5.6.8
      organizationalUnit           O    2.5.6.5
      ou                           A    2.5.4.11
      owner                        A    2.5.4.32
      person                       O    2.5.6.6
      physicalDeliveryOfficeName   A    2.5.4.19
      postalAddress                A    2.5.4.16
      postalCode                   A    2.5.4.17
      postOfficeBox                A    2.5.4.18
      preferredDeliveryMethod      A    2.5.4.28
      registeredAddress            A    2.5.4.26
      residentialPerson            O    2.5.6.10
      roleOccupant                 A    2.5.4.33
      searchGuide                  A    2.5.4.14
      seeAlso                      A    2.5.4.34
      serialNumber                 A    2.5.4.5
      sn                           A    2.5.4.4
      st                           A    2.5.4.8
      street                       A    2.5.4.9
      telephoneNumber              A    2.5.4.20
      teletexTerminalIdentifier    A    2.5.4.22
      telexNumber                  A    2.5.4.21
      title                        A    2.5.4.12
      uid                          A    0.9.2342.19200300.100.1.1
      uniqueMember                 A    2.5.4.50
      userPassword                 A    2.5.4.35
      x121Address                  A    2.5.4.24
      x500UniqueIdentifier         A    2.5.4.45


5.  Security Considerations

   Attributes of directory entries are used to provide descriptive 
   information about the real-world objects they represent, which can be
   people, organizations or devices.  Most countries have privacy laws 
   regarding the publication of information about people.

   Transfer of cleartext passwords is strongly discouraged where the 
   underlying transport service cannot guarantee confidentiality and may
   result in disclosure of the password to unauthorized parties.

   Multiple attribute values for the userPassword needs to be used with 
   care. Especially reset/deletion of a password by an admin without 
   knowing the old user password gets tricky or impossible if multiple 
   values for different applications are present. 

   Certainly, applications which intend to replace the userPassword 
   value(s) with new value(s) should use modify/replaceValues (or 
   modify/deleteAttribute+addAttribute).  Additionally, server 



Dally                   Expires December 2003                  [Page 22]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2003


   implementations are encouraged to provide administrative controls 
   which, if enabled, restrict the userPassword attributer to one value.

   Note that when used for authentication purposes [AuthMeth], the user 
   need only prove knowledge of one of the values, not all of 
   the values.


6.  Acknowledgements

   The definitions, on which this document is based, have been developed
   by committees for telecommunications and international standards.  

   This document is an update of RFC 2256 by Mark Wahl.  RFC 2256 was a
   product of the IETF ASID Working Group.

   The dc attribute type definition in this document supercedes the 
   specification in RFC 2247 by S. Kille, M. Wahl, A. Grimstad, 
   R. Huber, and S. Sataluri.

   The uid attribute type definition in this document supercedes the 
   specification of the userid in RFC 1274 by P. Barker and S. Kille 
   and of the uid in RFC 2798 by M. Smith.

   This document is based upon input of the IETF LDAPBIS working group.
   The author wishes to thank S. Legg and K. Zeilenga for their 
   significant contribution to this update.


7.  References

7.1  Normative

   [E.123]  Notation for national and international telephone numbers, 
            ITU-T Recommendation E.123, 1988

   [E.164]  The international public telecommunication numbering plan, 
            ITU-T Recommendation E.164, 1997

   [ISO3166]  ISO 3166, "Codes for the representation of names of 
              countries".

   [Models]  K. Zeilenga, "LDAP: The Models", draft-ietf-ldapbis-
             models-xx (a work in progress) 

   [RFC1034]  P. Mockapetris, " DOMAIN NAMES - CONCEPTS AND 
              FACILITIES", RFC 1034, November 1987

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate 
              Requirement Levels", RFC 2119, March 1997




Dally                   Expires December 2003                  [Page 23]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2003


   [RFC3490]   Faltstrom P., Hoffman P., Costello A. "Internationalizing 
   Domain Names in Applications (IDNA)", RFC 3490, March 2003

...[ROADMAP]  Zeilenga, K., "LDAP:  Technical Specification Road Map", 
              draft-ietf-ldapbis-roadmap-xx (a work in progress)

   [Syntaxes]  S. Legg (editor), "LDAP: Syntaxes", draft-ietf-ldapbis-
               syntaxes-xx (a work in progress)

   [X.121]  International numbering plan for public data networks, 
            ITU-T Recommendation X.121, 1996

   [X.509]  The Directory:  Authentication Framework, ITU-T 
            Recommendation X.509, 1993

   [X.520]  The Directory: Selected Attribute Types, ITU-T 
            Recommendation X.520, 1993

   [X.521]  The Directory: Selected Object Classes.  ITU-T 
            Recommendation X.521, 1993

7.2  Informative

   [AUTHMETH]  Harrison R., "LDAP: Authentication Methods and 
               Connection Level Security Mechanisms", draft-ietf-
               ldapbis-authmeth-xx (a work in progress)

   [F.1]  Operational Provisions For The International Public Telegram 
   Service Transmission System, CCITT Recommmendation F.1, 1992

   [F.31]  Telegram Retransmission System, CCITT Recommendation 
           F.31, 1988

   [LDAP-PKI]  Chadwick, D. W., Legg S., "LDAP Schema and Syntaxes for 
               PKIs", draft-ietf-pkix-ldap-pki-schema-xx (a work in 
               progress)

   [RFC2247]  Kille, S., Wahl, M., Grimstad, A., Huber, R., and 
              Sataluri, S., "Using Domains in LDAP/X.500 Distinguished 
              Names", RFC 2247, January 1998

   [RFC3377]  Hodges, J., Morgan, R., "Lightweight Directory Access 
              Protocol (v3):  Technical Specification", RFC 3377, 
              September 2002

   [SASLprep]  Zeilenga K., "SASLprep: Stringprep profile for user 
               names and passwords", draft-ietf-sasl-saslprep-xx (a 
               work in progress)

   [X.500]  The Directory, ITU-T Recommendations X.501-X.525, 1993




Dally                   Expires December 2003                  [Page 24]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2003


8.  Author's Address

   Kathy Dally
   The MITRE Corp.
   7515 Colshire Dr., H300
   McLean VA 22102
   USA
   
   Phone:  +1 703 883 6058
   Email:  kdally@mitre.org


9.  Full Copyright Statement

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.















Dally                   Expires December 2003                  [Page 25]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2003


                          Appendix A  Changes RFC 2256

   This appendix lists the changes that have been made from RFC 2256 to 
   this I-D.  

      1.  Replaced the document title.

      2.  Removed the IESG Note.

      3.  Dependencies on RFC 1274 have been eliminated.

      4.  Added a Security Considerations section.

      5.  Deleted the conformance requirement for subschema object 
          classes in favor of a statement in [Syntaxes].

      6.  Added explanations to many attribute types and to each object 
          class.  

      7.  Removed Section 4, Syntaxes, and Section 6, Matching Rules, 
          (moved to [Syntaxes]).

      8.  Removed the certificate-related attribute types:  
             authorityRevocationList, 
             cACertificate, 
             certificateRevocationList, 
             crossCertificatePair, 
             deltaRevocationList, 
             supportedAlgorithms, and 
             userCertificate.

          Removed the certificate-related Object Classes:  
             certificationAuthority,
             certificationAuthority-V2,
             cRLDistributionPoint,
             strongAuthenticationUser, and
             userSecurityInformation

          LDAP PKI is now discussed in [LDAP-PKI].

      9.  Removed the dmdName, knowledgeInformation, 
          presentationAddress, protocolInformation, and 
          supportedApplicationContext attribute types and the dmd, 
          applicationEntity, and dSA object classes. 

      10. Deleted the aliasedObjectName and objectClass attribute 
          type definitions.   Deleted the alias and top object class 
          definitions.  They are included in [Models].

      11. Added the 'dc' attribute type from RFC 2247.




Dally                   Expires December 2003                  [Page 26]
INTERNET-DRAFT     draft-ietf-ldapbis-user-schema-06           June 2003


      12. Added an IANA Considerations section.

      13. Numerous edititorial changes.



















































Dally                   Expires December 2003                  [Page 27]
