View
2
Download
0
Category
Preview:
Citation preview
LDAP Schema Reference/ Directory Services 7
Latest update: 7.0.1
ForgeRock AS.201 Mission St., Suite 2900
San Francisco, CA 94105, USA+1 415-599-1100 (US)
www.forgerock.com
Copyright © 2020 ForgeRock AS.
Abstract
Human-readable, hyperlinked view of the default directory schema.
This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
To view a copy of this license, visit https://creativecommons.org/licenses/by-nc-nd/3.0/ or send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA.
ForgeRock® and ForgeRock Identity Platform™ are trademarks of ForgeRock Inc. or its subsidiaries in the U.S. and in other countries. Trademarks are the property of their respective owners.
UNLESS OTHERWISE MUTUALLY AGREED BY THE PARTIES IN WRITING, LICENSOR OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE WORK, EXPRESS,IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENTOR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO SUCHEXCLUSION MAY NOT APPLY TO YOU.
EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARYDAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
DejaVu Fonts
Bitstream Vera Fonts Copyright
Copyright (c) 2003 by Bitstream, Inc. All Rights Reserved. Bitstream Vera is a trademark of Bitstream, Inc.
Permission is hereby granted, free of charge, to any person obtaining a copy of the fonts accompanying this license ("Fonts") and associated documentation files (the "Font Software"), to reproduce and distribute the FontSoftware, including without limitation the rights to use, copy, merge, publish, distribute, and/or sell copies of the Font Software, and to permit persons to whom the Font Software is furnished to do so, subject to the followingconditions:
The above copyright and trademark notices and this permission notice shall be included in all copies of one or more of the Font Software typefaces.
The Font Software may be modified, altered, or added to, and in particular the designs of glyphs or characters in the Fonts may be modified and additional glyphs or characters may be added to the Fonts, only if the fonts arerenamed to names not containing either the words "Bitstream" or the word "Vera".
This License becomes null and void to the extent applicable to Fonts or Font Software that has been modified and is distributed under the "Bitstream Vera" names.
The Font Software may be sold as part of a larger software package but no copy of one or more of the Font Software typefaces may be sold by itself.
THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULARPURPOSE AND NONINFRINGEMENT OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL BITSTREAM OR THE GNOME FOUNDATION BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHERLIABILITY, INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF THE USE ORINABILITY TO USE THE FONT SOFTWARE OR FROM OTHER DEALINGS IN THE FONT SOFTWARE.
Except as contained in this notice, the names of Gnome, the Gnome Foundation, and Bitstream Inc., shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Font Software without priorwritten authorization from the Gnome Foundation or Bitstream Inc., respectively. For further information, contact: fonts at gnome dot org.
Arev Fonts Copyright
Copyright (c) 2006 by Tavmjong Bah. All Rights Reserved.
Permission is hereby granted, free of charge, to any person obtaining a copy of the fonts accompanying this license ("Fonts") and associated documentation files (the "Font Software"), to reproduce and distribute the modificationsto the Bitstream Vera Font Software, including without limitation the rights to use, copy, merge, publish, distribute, and/or sell copies of the Font Software, and to permit persons to whom the Font Software is furnished to do so,subject to the following conditions:
The above copyright and trademark notices and this permission notice shall be included in all copies of one or more of the Font Software typefaces.
The Font Software may be modified, altered, or added to, and in particular the designs of glyphs or characters in the Fonts may be modified and additional glyphs or characters may be added to the Fonts, only if the fonts arerenamed to names not containing either the words "Tavmjong Bah" or the word "Arev".
This License becomes null and void to the extent applicable to Fonts or Font Software that has been modified and is distributed under the "Tavmjong Bah Arev" names.
The Font Software may be sold as part of a larger software package but no copy of one or more of the Font Software typefaces may be sold by itself.
THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULARPURPOSE AND NONINFRINGEMENT OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL TAVMJONG BAH BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, INCLUDING ANYGENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF THE USE OR INABILITY TO USE THE FONTSOFTWARE OR FROM OTHER DEALINGS IN THE FONT SOFTWARE.
Except as contained in this notice, the name of Tavmjong Bah shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Font Software without prior written authorization from Tavmjong Bah.For further information, contact: tavmjong @ free . fr.
FontAwesome Copyright
Copyright (c) 2017 by Dave Gandy, https://fontawesome.com/.
This Font Software is licensed under the SIL Open Font License, Version 1.1. See https://opensource.org/licenses/OFL-1.1.
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. iii
Table of ContentsAbout This Reference ................................................................................................ xxxi1. Attribute Types ......................................................................................................... 1
aci ....................................................................................................................... 35aclRights ............................................................................................................. 36aclRightsInfo ....................................................................................................... 36administratorsAddress ......................................................................................... 37aliasedObjectName .............................................................................................. 37alive ..................................................................................................................... 38altServer .............................................................................................................. 38aRecord ............................................................................................................... 39assignedDashboard .............................................................................................. 39associatedDomain ................................................................................................ 40associatedName ................................................................................................... 40attributeMap ....................................................................................................... 41attributeTypes ..................................................................................................... 41audio ................................................................................................................... 42authenticationMethod .......................................................................................... 42authorityRevocationList ....................................................................................... 43authPassword ...................................................................................................... 43automountInformation ......................................................................................... 44automountKey ...................................................................................................... 44automountMapName ........................................................................................... 45bindTimeLimit ..................................................................................................... 45blockInheritance .................................................................................................. 46bootFile ............................................................................................................... 46bootParameter ..................................................................................................... 47buildingName ...................................................................................................... 47businessCategory ................................................................................................. 48c-FacsimileTelephoneNumber .............................................................................. 48c-InternationalISDNNumber ................................................................................ 49c-l ........................................................................................................................ 49c-o ....................................................................................................................... 50c-ou ..................................................................................................................... 50c-PhysicalDeliveryOfficeName .............................................................................. 51c-PostalAddress ................................................................................................... 51c-PostalCode ........................................................................................................ 52c-PostOfficeBox .................................................................................................... 52c-st ...................................................................................................................... 53c-street ................................................................................................................ 53c-TelephoneNumber ............................................................................................. 54c-TelexNumber .................................................................................................... 54c .......................................................................................................................... 55cACertificate ........................................................................................................ 55calCalAdrURI ....................................................................................................... 56
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. iv
calCalURI ............................................................................................................ 57calCAPURI ........................................................................................................... 57calFBURL ............................................................................................................ 58calOtherCalAdrURIs ............................................................................................ 58calOtherCalURIs .................................................................................................. 59calOtherCAPURIs ................................................................................................ 59calOtherFBURLs .................................................................................................. 60carLicense ........................................................................................................... 60certificateRevocationList ...................................................................................... 61changeInitiatorsName .......................................................................................... 61changelog ............................................................................................................ 62changeLogCookie ................................................................................................ 62changeNumber .................................................................................................... 63changes ............................................................................................................... 64changeTime ......................................................................................................... 64changeType ......................................................................................................... 65cn ........................................................................................................................ 65cNAMERecord ..................................................................................................... 66co ........................................................................................................................ 67collectiveAttributeSubentries ............................................................................... 67collectiveConflictBehavior .................................................................................... 68collectiveExclusions ............................................................................................. 68corbaIor ............................................................................................................... 69corbaRepositoryId ................................................................................................ 69coreTokenDate01 ................................................................................................. 70coreTokenDate02 ................................................................................................. 71coreTokenDate03 ................................................................................................. 71coreTokenDate04 ................................................................................................. 72coreTokenDate05 ................................................................................................. 72coreTokenExpirationDate ..................................................................................... 73coreTokenId ......................................................................................................... 73coreTokenInteger01 ............................................................................................. 74coreTokenInteger02 ............................................................................................. 74coreTokenInteger03 ............................................................................................. 75coreTokenInteger04 ............................................................................................. 75coreTokenInteger05 ............................................................................................. 76coreTokenInteger06 ............................................................................................. 76coreTokenInteger07 ............................................................................................. 77coreTokenInteger08 ............................................................................................. 77coreTokenInteger09 ............................................................................................. 78coreTokenInteger10 ............................................................................................. 78coreTokenMultiString01 ...................................................................................... 79coreTokenMultiString02 ...................................................................................... 79coreTokenMultiString03 ...................................................................................... 80coreTokenObject .................................................................................................. 80coreTokenString01 .............................................................................................. 81coreTokenString02 .............................................................................................. 81
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. v
coreTokenString03 .............................................................................................. 82coreTokenString04 .............................................................................................. 82coreTokenString05 .............................................................................................. 83coreTokenString06 .............................................................................................. 84coreTokenString07 .............................................................................................. 84coreTokenString08 .............................................................................................. 85coreTokenString09 .............................................................................................. 85coreTokenString10 .............................................................................................. 86coreTokenString11 .............................................................................................. 86coreTokenString12 .............................................................................................. 87coreTokenString13 .............................................................................................. 87coreTokenString14 .............................................................................................. 88coreTokenString15 .............................................................................................. 88coreTokenTtlDate ................................................................................................ 89coreTokenType .................................................................................................... 89coreTokenUserId ................................................................................................. 90createTimestamp ................................................................................................. 90creatorsName ...................................................................................................... 91credentialLevel .................................................................................................... 91crossCertificatePair ............................................................................................. 92dc ........................................................................................................................ 92defaultSearchBase ............................................................................................... 93defaultSearchScope ............................................................................................. 93defaultServerList ................................................................................................. 94deleteOldRDN ...................................................................................................... 94deltaRevocationList ............................................................................................. 95departmentNumber ............................................................................................. 95dereferenceAliases ............................................................................................... 96description ........................................................................................................... 96destinationIndicator ............................................................................................. 97devicePrintProfiles ............................................................................................... 98deviceProfiles ...................................................................................................... 98displayName ........................................................................................................ 99distinguishedName .............................................................................................. 99dITContentRules ................................................................................................ 100dITRedirect ........................................................................................................ 100dITStructureRules .............................................................................................. 101dmdName .......................................................................................................... 101dnQualifier ......................................................................................................... 102documentAuthor ................................................................................................ 102documentIdentifier ............................................................................................ 103documentLocation .............................................................................................. 103documentPublisher ............................................................................................ 104documentTitle .................................................................................................... 104documentVersion ............................................................................................... 105drink .................................................................................................................. 105ds-certificate-fingerprint .................................................................................... 106
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. vi
ds-certificate-issuer-dn ....................................................................................... 106ds-certificate-subject-dn ..................................................................................... 107ds-mon-abandoned-requests ............................................................................... 107ds-mon-active-connections-count ........................................................................ 108ds-mon-active-persistent-searches ...................................................................... 108ds-mon-admin-hostport ...................................................................................... 109ds-mon-alias ....................................................................................................... 109ds-mon-alive-errors ............................................................................................ 110ds-mon-alive ....................................................................................................... 110ds-mon-backend-degraded-index-count ............................................................... 111ds-mon-backend-degraded-index ........................................................................ 111ds-mon-backend-entry-count .............................................................................. 112ds-mon-backend-filter-use-indexed ..................................................................... 112ds-mon-backend-filter-use-start-time .................................................................. 113ds-mon-backend-filter-use-unindexed ................................................................. 113ds-mon-backend-filter-use .................................................................................. 114ds-mon-backend-is-private .................................................................................. 114ds-mon-backend-proxy-base-dn .......................................................................... 115ds-mon-backend-proxy-shard .............................................................................. 115ds-mon-backend-ttl-entries-deleted ..................................................................... 116ds-mon-backend-ttl-is-running ............................................................................ 116ds-mon-backend-ttl-last-run-time ........................................................................ 116ds-mon-backend-ttl-queue-size ........................................................................... 117ds-mon-backend-ttl-thread-count ........................................................................ 117ds-mon-backend-writability-mode ....................................................................... 118ds-mon-base-dn-entry-count ............................................................................... 118ds-mon-base-dn .................................................................................................. 119ds-mon-build-number ......................................................................................... 119ds-mon-build-time .............................................................................................. 120ds-mon-bytes-read .............................................................................................. 120ds-mon-bytes-written .......................................................................................... 121ds-mon-cache-entry-count .................................................................................. 121ds-mon-cache-max-entry-count ........................................................................... 122ds-mon-cache-max-size-bytes .............................................................................. 122ds-mon-cache-misses .......................................................................................... 123ds-mon-cache-total-tries ..................................................................................... 123ds-mon-certificate-expires-at .............................................................................. 124ds-mon-certificate-issuer-dn ............................................................................... 124ds-mon-certificate-serial-number ........................................................................ 125ds-mon-certificate-subject-dn ............................................................................. 125ds-mon-changelog-hostport ................................................................................ 126ds-mon-changelog-id .......................................................................................... 126ds-mon-changelog-purge-delay ........................................................................... 127ds-mon-compact-version ..................................................................................... 127ds-mon-config-dn ............................................................................................... 128ds-mon-connected-to-server-hostport ................................................................. 128ds-mon-connected-to-server-id ........................................................................... 129
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. vii
ds-mon-connection ............................................................................................. 129ds-mon-connections ........................................................................................... 130ds-mon-current-connections ............................................................................... 130ds-mon-current-receive-window ......................................................................... 131ds-mon-current-time ........................................................................................... 131ds-mon-db-cache-evict-internal-nodes-count ....................................................... 132ds-mon-db-cache-evict-leaf-nodes-count .............................................................. 132ds-mon-db-cache-leaf-nodes ............................................................................... 133ds-mon-db-cache-misses-internal-nodes .............................................................. 133ds-mon-db-cache-misses-leaf-nodes .................................................................... 133ds-mon-db-cache-size-active ............................................................................... 134ds-mon-db-cache-size-total ................................................................................. 134ds-mon-db-cache-total-tries-internal-nodes ......................................................... 135ds-mon-db-cache-total-tries-leaf-nodes ................................................................ 135ds-mon-db-checkpoint-count ............................................................................... 136ds-mon-db-log-cleaner-file-deletion-count ........................................................... 136ds-mon-db-log-files-open .................................................................................... 137ds-mon-db-log-files-opened ................................................................................. 137ds-mon-db-log-size-active ................................................................................... 138ds-mon-db-log-size-total ..................................................................................... 138ds-mon-db-log-utilization-max ............................................................................. 139ds-mon-db-log-utilization-min ............................................................................. 139ds-mon-db-version .............................................................................................. 140ds-mon-disk-dir .................................................................................................. 140ds-mon-disk-free ................................................................................................ 141ds-mon-disk-full-threshold .................................................................................. 141ds-mon-disk-low-threshold .................................................................................. 142ds-mon-disk-root ................................................................................................ 142ds-mon-disk-state ............................................................................................... 143ds-mon-domain-generation-id ............................................................................. 143ds-mon-domain-name ......................................................................................... 144ds-mon-entries-awaiting-updates-count .............................................................. 144ds-mon-fix-ids ..................................................................................................... 145ds-mon-full-version ............................................................................................. 145ds-mon-group-id ................................................................................................. 146ds-mon-healthy-errors ........................................................................................ 146ds-mon-healthy .................................................................................................. 147ds-mon-install-path ............................................................................................. 147ds-mon-instance-path ......................................................................................... 148ds-mon-jvm-architecture .................................................................................... 148ds-mon-jvm-arguments ....................................................................................... 149ds-mon-jvm-available-cpus .................................................................................. 149ds-mon-jvm-class-path ........................................................................................ 150ds-mon-jvm-classes-loaded ................................................................................. 150ds-mon-jvm-classes-unloaded ............................................................................. 151ds-mon-jvm-java-home ........................................................................................ 151ds-mon-jvm-java-vendor ..................................................................................... 152
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. viii
ds-mon-jvm-java-version ..................................................................................... 152ds-mon-jvm-memory-heap-init ............................................................................ 153ds-mon-jvm-memory-heap-max ........................................................................... 153ds-mon-jvm-memory-heap-reserved .................................................................... 154ds-mon-jvm-memory-heap-used .......................................................................... 154ds-mon-jvm-memory-init ..................................................................................... 155ds-mon-jvm-memory-max .................................................................................... 155ds-mon-jvm-memory-non-heap-init ...................................................................... 156ds-mon-jvm-memory-non-heap-max .................................................................... 156ds-mon-jvm-memory-non-heap-reserved ............................................................. 157ds-mon-jvm-memory-non-heap-used .................................................................... 157ds-mon-jvm-memory-reserved ............................................................................ 158ds-mon-jvm-memory-used ................................................................................... 158ds-mon-jvm-supported-tls-ciphers ....................................................................... 159ds-mon-jvm-supported-tls-protocols .................................................................... 159ds-mon-jvm-threads-blocked-count ..................................................................... 160ds-mon-jvm-threads-count .................................................................................. 160ds-mon-jvm-threads-daemon-count ..................................................................... 161ds-mon-jvm-threads-deadlock-count ................................................................... 161ds-mon-jvm-threads-deadlocks ........................................................................... 162ds-mon-jvm-threads-new-count ........................................................................... 162ds-mon-jvm-threads-runnable-count ................................................................... 163ds-mon-jvm-threads-terminated-count ................................................................ 163ds-mon-jvm-threads-timed-waiting-count ............................................................ 164ds-mon-jvm-threads-waiting-count ...................................................................... 164ds-mon-jvm-vendor ............................................................................................. 165ds-mon-jvm-version ............................................................................................ 165ds-mon-last-seen ................................................................................................ 166ds-mon-ldap-hostport ......................................................................................... 166ds-mon-ldap-starttls-hostport ............................................................................. 167ds-mon-ldaps-hostport ........................................................................................ 167ds-mon-listen-address ........................................................................................ 168ds-mon-lost-connections ..................................................................................... 168ds-mon-major-version ......................................................................................... 169ds-mon-max-connections .................................................................................... 169ds-mon-minor-version ......................................................................................... 170ds-mon-newest-change-number .......................................................................... 170ds-mon-newest-csn-timestamp ............................................................................ 171ds-mon-newest-csn ............................................................................................. 171ds-mon-oldest-change-number ............................................................................ 172ds-mon-oldest-csn-timestamp ............................................................................. 172ds-mon-oldest-csn .............................................................................................. 173ds-mon-os-architecture ....................................................................................... 173ds-mon-os-name ................................................................................................. 174ds-mon-os-version .............................................................................................. 174ds-mon-point-version .......................................................................................... 175ds-mon-process-id .............................................................................................. 175
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. ix
ds-mon-product-name ........................................................................................ 176ds-mon-protocol ................................................................................................. 176ds-mon-receive-delay ......................................................................................... 177ds-mon-replay-delay ........................................................................................... 177ds-mon-replayed-updates-conflicts-resolved ........................................................ 178ds-mon-replayed-updates-conflicts-unresolved .................................................... 178ds-mon-replayed-updates ................................................................................... 179ds-mon-replication-domain ................................................................................. 179ds-mon-replication-protocol-version .................................................................... 180ds-mon-requests-abandon ................................................................................... 180ds-mon-requests-add .......................................................................................... 181ds-mon-requests-bind ......................................................................................... 181ds-mon-requests-compare .................................................................................. 182ds-mon-requests-delete ...................................................................................... 182ds-mon-requests-extended .................................................................................. 182ds-mon-requests-failure-client-invalid-request .................................................... 183ds-mon-requests-failure-client-redirect ............................................................... 183ds-mon-requests-failure-client-referral ............................................................... 184ds-mon-requests-failure-client-resource-limit ...................................................... 184ds-mon-requests-failure-client-security ............................................................... 185ds-mon-requests-failure-server ........................................................................... 185ds-mon-requests-failure-uncategorized ............................................................... 186ds-mon-requests-get ........................................................................................... 186ds-mon-requests-in-queue .................................................................................. 187ds-mon-requests-modify-dn ................................................................................ 187ds-mon-requests-modify ..................................................................................... 188ds-mon-requests-patch ....................................................................................... 188ds-mon-requests-post ......................................................................................... 189ds-mon-requests-put ........................................................................................... 189ds-mon-requests-rejected-queue-full ................................................................... 190ds-mon-requests-search-base ............................................................................. 190ds-mon-requests-search-one ............................................................................... 191ds-mon-requests-search-sub ............................................................................... 191ds-mon-requests-submitted ................................................................................ 192ds-mon-requests-unbind ..................................................................................... 192ds-mon-requests-uncategorized .......................................................................... 192ds-mon-revision .................................................................................................. 193ds-mon-sent-updates .......................................................................................... 193ds-mon-server-id ................................................................................................ 194ds-mon-server-is-local ........................................................................................ 194ds-mon-server-state ............................................................................................ 195ds-mon-short-name ............................................................................................ 195ds-mon-ssl-encryption ........................................................................................ 196ds-mon-start-time ............................................................................................... 196ds-mon-status-last-changed ................................................................................ 197ds-mon-status ..................................................................................................... 197ds-mon-system-name .......................................................................................... 198
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. x
ds-mon-total-connections .................................................................................... 198ds-mon-total-update-entry-count ......................................................................... 199ds-mon-total-update-entry-left ............................................................................ 199ds-mon-total-update ........................................................................................... 200ds-mon-updates-inbound-queue .......................................................................... 200ds-mon-updates-outbound-queue ........................................................................ 201ds-mon-updates-totals-per-replay-thread ............................................................ 201ds-mon-vendor-name .......................................................................................... 202ds-mon-version-qualifier ..................................................................................... 202ds-mon-working-directory .................................................................................. 203ds-private-naming-contexts ................................................................................ 203ds-privilege-name ............................................................................................... 204ds-pwp-account-disabled .................................................................................... 204ds-pwp-account-expiration-time .......................................................................... 205ds-pwp-account-status-notification-handler ......................................................... 205ds-pwp-allow-expired-password-changes ............................................................ 206ds-pwp-allow-multiple-password-values .............................................................. 206ds-pwp-allow-pre-encoded-passwords ................................................................. 206ds-pwp-allow-user-password-changes ................................................................. 207ds-pwp-attribute-value-check-substrings ............................................................. 207ds-pwp-attribute-value-match-attribute .............................................................. 208ds-pwp-attribute-value-min-substring-length ...................................................... 208ds-pwp-attribute-value-test-reversed-password ................................................... 209ds-pwp-character-set-allow-unclassified-characters ............................................ 209ds-pwp-character-set-character-set-ranges ......................................................... 209ds-pwp-character-set-character-set .................................................................... 210ds-pwp-character-set-min-character-sets ............................................................ 210ds-pwp-default-password-storage-scheme ........................................................... 211ds-pwp-deprecated-password-storage-scheme .................................................... 211ds-pwp-dictionary-case-sensitive-validation ........................................................ 212ds-pwp-dictionary-check-substrings .................................................................... 212ds-pwp-dictionary-data ....................................................................................... 212ds-pwp-dictionary-min-substring-length .............................................................. 213ds-pwp-dictionary-test-reversed-password .......................................................... 213ds-pwp-expire-passwords-without-warning ......................................................... 214ds-pwp-force-change-on-add ............................................................................... 214ds-pwp-force-change-on-reset ............................................................................. 215ds-pwp-grace-login-count ................................................................................... 215ds-pwp-idle-lockout-interval ............................................................................... 215ds-pwp-last-login-time-attribute .......................................................................... 216ds-pwp-last-login-time-format ............................................................................. 216ds-pwp-last-login-time ........................................................................................ 217ds-pwp-length-based-max-password-length ......................................................... 217ds-pwp-length-based-min-password-length ......................................................... 218ds-pwp-lockout-duration ..................................................................................... 218ds-pwp-lockout-failure-count .............................................................................. 219ds-pwp-lockout-failure-expiration-interval ........................................................... 219
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xi
ds-pwp-max-password-age .................................................................................. 220ds-pwp-max-password-reset-age ......................................................................... 220ds-pwp-min-password-age .................................................................................. 221ds-pwp-password-attribute ................................................................................. 221ds-pwp-password-change-requires-current-password .......................................... 221ds-pwp-password-changed-by-required-time ....................................................... 222ds-pwp-password-expiration-time ....................................................................... 222ds-pwp-password-expiration-warning-interval ..................................................... 223ds-pwp-password-history-count .......................................................................... 223ds-pwp-password-history-duration ...................................................................... 224ds-pwp-password-policy-dn ................................................................................ 224ds-pwp-previous-last-login-time-format ............................................................... 225ds-pwp-random-password-character-set ............................................................. 225ds-pwp-random-password-format ....................................................................... 226ds-pwp-repeated-characters-case-sensitive-validation ......................................... 226ds-pwp-repeated-characters-max-consecutive-length .......................................... 226ds-pwp-require-change-by-time .......................................................................... 227ds-pwp-require-secure-authentication ................................................................ 227ds-pwp-require-secure-password-changes .......................................................... 228ds-pwp-reset-time .............................................................................................. 228ds-pwp-similarity-based-min-password-difference ............................................... 229ds-pwp-skip-validation-for-administrators ........................................................... 229ds-pwp-state-update-failure-policy ...................................................................... 229ds-pwp-unique-characters-case-sensitive-validation ............................................ 230ds-pwp-unique-characters-min-unique-characters ............................................... 230ds-pwp-warned-time ........................................................................................... 231ds-rlim-cursor-entry-limit ................................................................................... 231ds-rlim-idle-time-limit ......................................................................................... 232ds-rlim-lookthrough-limit .................................................................................... 232ds-rlim-size-limit ................................................................................................ 233ds-rlim-time-limit ............................................................................................... 233ds-sync-conflict .................................................................................................. 234ds-sync-fractional-exclude .................................................................................. 234ds-sync-fractional-include ................................................................................... 234ds-sync-generation-id ......................................................................................... 235ds-sync-hist ........................................................................................................ 235ds-sync-state ...................................................................................................... 236ds-target-group-dn ............................................................................................. 236dSAQuality ......................................................................................................... 237emailAddress ..................................................................................................... 237employeeNumber ............................................................................................... 238employeeType .................................................................................................... 238enhancedSearchGuide ....................................................................................... 239entryDN ............................................................................................................. 239entryUUID ......................................................................................................... 240etag ................................................................................................................... 240facsimileTelephoneNumber ................................................................................ 241
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xii
firstChangeNumber ........................................................................................... 241followReferrals ................................................................................................... 242fr-idm-accountStatus .......................................................................................... 242fr-idm-cluster-json .............................................................................................. 243fr-idm-condition ................................................................................................. 243fr-idm-consentedMapping .................................................................................. 244fr-idm-custom-attrs ............................................................................................ 244fr-idm-effectiveAssignment ................................................................................. 245fr-idm-effectiveRole ............................................................................................ 245fr-idm-internal-role-authzmembers-internal-user ................................................ 246fr-idm-internal-role-authzmembers-managed-user .............................................. 246fr-idm-internal-user-authzroles-internal-role ....................................................... 247fr-idm-internal-user-authzroles-managed-role ..................................................... 247fr-idm-json ......................................................................................................... 248fr-idm-kbaInfo .................................................................................................... 248fr-idm-lastSync ................................................................................................... 248fr-idm-link-firstid-constraint ............................................................................... 249fr-idm-link-firstid ................................................................................................ 249fr-idm-link-qualifier ............................................................................................ 250fr-idm-link-secondid-constraint ........................................................................... 250fr-idm-link-secondid ........................................................................................... 251fr-idm-link-type .................................................................................................. 251fr-idm-lock-nodeid .............................................................................................. 252fr-idm-managed-assignment-json ........................................................................ 252fr-idm-managed-role-assignments ....................................................................... 253fr-idm-managed-role-json ................................................................................... 253fr-idm-managed-user-authzroles-internal-role ..................................................... 254fr-idm-managed-user-authzroles-managed-role ................................................... 254fr-idm-managed-user-custom-attrs ...................................................................... 255fr-idm-managed-user-json ................................................................................... 255fr-idm-managed-user-manager ........................................................................... 256fr-idm-managed-user-meta ................................................................................. 256fr-idm-managed-user-notifications ...................................................................... 257fr-idm-managed-user-roles ................................................................................. 257fr-idm-name ....................................................................................................... 258fr-idm-notification-json ....................................................................................... 258fr-idm-password ................................................................................................. 259fr-idm-preferences ............................................................................................. 259fr-idm-privilege .................................................................................................. 259fr-idm-recon-id ................................................................................................... 260fr-idm-recon-targetIds ........................................................................................ 260fr-idm-reconassoc-finishtime .............................................................................. 261fr-idm-reconassoc-isanalysis ............................................................................... 261fr-idm-reconassoc-mapping ................................................................................ 262fr-idm-reconassoc-reconid .................................................................................. 262fr-idm-reconassoc-sourceresourcecollection ....................................................... 263fr-idm-reconassoc-targetresourcecollection ........................................................ 263
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xiii
fr-idm-reconassocentry-action ............................................................................ 264fr-idm-reconassocentry-ambiguoustargetobjectids .............................................. 264fr-idm-reconassocentry-exception ....................................................................... 265fr-idm-reconassocentry-linkqualifier ................................................................... 265fr-idm-reconassocentry-message ........................................................................ 266fr-idm-reconassocentry-messagedetail ................................................................ 266fr-idm-reconassocentry-phase ............................................................................. 267fr-idm-reconassocentry-reconid .......................................................................... 267fr-idm-reconassocentry-situation ........................................................................ 268fr-idm-reconassocentry-sourceobjectid ............................................................... 268fr-idm-reconassocentry-status ............................................................................ 269fr-idm-reconassocentry-targetobjectid ................................................................ 269fr-idm-relationship-json ...................................................................................... 270fr-idm-role .......................................................................................................... 270fr-idm-syncqueue-context ................................................................................... 270fr-idm-syncqueue-createdate .............................................................................. 271fr-idm-syncqueue-mapping ................................................................................. 271fr-idm-syncqueue-newobject ............................................................................... 272fr-idm-syncqueue-nodeid .................................................................................... 272fr-idm-syncqueue-objectrev ................................................................................ 273fr-idm-syncqueue-oldobject ................................................................................ 273fr-idm-syncqueue-remainingretries ..................................................................... 274fr-idm-syncqueue-resourcecollection .................................................................. 274fr-idm-syncqueue-resourceid .............................................................................. 275fr-idm-syncqueue-state ....................................................................................... 275fr-idm-syncqueue-syncaction .............................................................................. 276fr-idm-temporal-constraints ................................................................................ 276fr-idm-uuid ......................................................................................................... 277fullVendorVersion .............................................................................................. 277gecos ................................................................................................................. 278generationQualifier ............................................................................................ 278gidNumber ........................................................................................................ 279givenName ........................................................................................................ 279governingStructureRule ..................................................................................... 280hasSubordinates ................................................................................................ 280healthy .............................................................................................................. 280homeDirectory ................................................................................................... 281homePhone ........................................................................................................ 281homePostalAddress ............................................................................................ 282host ................................................................................................................... 282houseIdentifier ................................................................................................... 283includedAttributes ............................................................................................. 283inetUserHttpURL ............................................................................................... 284inetUserStatus ................................................................................................... 284info .................................................................................................................... 285inheritable ......................................................................................................... 285inheritAttribute .................................................................................................. 286
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xiv
inheritFromBaseRDN ......................................................................................... 286inheritFromDNAttribute ..................................................................................... 287inheritFromDNParent ........................................................................................ 287inheritFromRDNAttribute .................................................................................. 288inheritFromRDNType ......................................................................................... 288initials ............................................................................................................... 289internationaliSDNNumber .................................................................................. 289ipHostNumber ................................................................................................... 290iplanet-am-auth-configuration ............................................................................ 290iplanet-am-auth-login-failure-url ......................................................................... 291iplanet-am-auth-login-success-url ....................................................................... 291iplanet-am-auth-post-login-process-class ............................................................ 292iplanet-am-session-destroy-sessions ................................................................... 292iplanet-am-session-get-valid-sessions .................................................................. 293iplanet-am-session-max-caching-time ................................................................. 293iplanet-am-session-max-idle-time ........................................................................ 294iplanet-am-session-max-session-time .................................................................. 294iplanet-am-session-quota-limit ............................................................................ 295iplanet-am-session-service-status ....................................................................... 295iplanet-am-user-account-life ............................................................................... 296iplanet-am-user-admin-start-dn .......................................................................... 297iplanet-am-user-alias-list .................................................................................... 297iplanet-am-user-auth-config ................................................................................ 298iplanet-am-user-auth-modules ............................................................................ 298iplanet-am-user-failure-url .................................................................................. 299iplanet-am-user-login-status ............................................................................... 299iplanet-am-user-password-reset-force-reset ........................................................ 300iplanet-am-user-password-reset-options ............................................................. 300iplanet-am-user-password-reset-question-answer ................................................ 301iplanet-am-user-service-status ............................................................................ 301iplanet-am-user-success-url ................................................................................ 302ipNetmaskNumber ............................................................................................. 302ipNetworkNumber ............................................................................................. 303ipProtocolNumber .............................................................................................. 303ipServicePort ..................................................................................................... 304ipServiceProtocol ............................................................................................... 304ipTnetNumber ................................................................................................... 305ipTnetTemplateName ......................................................................................... 305isMemberOf ....................................................................................................... 306janetMailbox ...................................................................................................... 306javaClassName .................................................................................................. 307javaClassNames ................................................................................................. 307javaCodebase ..................................................................................................... 308javaDoc .............................................................................................................. 308javaFactory ........................................................................................................ 309javaReferenceAddress ........................................................................................ 309javaSerializedData ............................................................................................. 310
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xv
jpegPhoto .......................................................................................................... 311kbaActiveIndex .................................................................................................. 311kbaInfo .............................................................................................................. 312kbaInfoAttempts ................................................................................................ 312knowledgeInformation ....................................................................................... 313l ......................................................................................................................... 313labeledURI ......................................................................................................... 314labeledURL ........................................................................................................ 315lastChangeNumber ............................................................................................ 315lastExternalChangelogCookie ............................................................................. 315lastModifiedBy ................................................................................................... 316lastModifiedTime ............................................................................................... 316ldapSyntaxes ...................................................................................................... 317loginShell ........................................................................................................... 317macAddress ....................................................................................................... 318mail ................................................................................................................... 318mailPreferenceOption ........................................................................................ 319manager ............................................................................................................ 320matchingRules ................................................................................................... 320matchingRuleUse ............................................................................................... 321mDRecord .......................................................................................................... 321member ............................................................................................................. 322memberGid ........................................................................................................ 322memberNisNetgroup ......................................................................................... 323memberof .......................................................................................................... 323memberUid ........................................................................................................ 324memberURL ...................................................................................................... 324mgrpRFC822MailMember .................................................................................. 325mobile ................................................................................................................ 325modifiersName .................................................................................................. 326modifyTimestamp ............................................................................................... 326mxRecord .......................................................................................................... 326name ................................................................................................................. 327nameForms ........................................................................................................ 327namingContexts ................................................................................................. 328newRDN ............................................................................................................ 328newSuperior ...................................................................................................... 329nisDomain .......................................................................................................... 329nisMapEntry ...................................................................................................... 330nisMapName ...................................................................................................... 330nisNetgroupTriple .............................................................................................. 331nisNetIdGroup ................................................................................................... 331nisNetIdHost ..................................................................................................... 332nisNetIdUser ..................................................................................................... 332nisplusTimeZone ................................................................................................ 333nisPublicKey ...................................................................................................... 333nisSecretKey ...................................................................................................... 334
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xvi
nsds50ruv .......................................................................................................... 334nSRecord ........................................................................................................... 334nsUniqueId ........................................................................................................ 335numSubordinates ............................................................................................... 335o ........................................................................................................................ 336oath2faEnabled .................................................................................................. 337oathDeviceProfiles ............................................................................................. 337objectClass ........................................................................................................ 338objectClasses ..................................................................................................... 339objectclassMap .................................................................................................. 340oncRpcNumber .................................................................................................. 340organizationalStatus .......................................................................................... 341otherMailbox ..................................................................................................... 341ou ...................................................................................................................... 342owner ................................................................................................................ 342pager ................................................................................................................. 343personalSignature .............................................................................................. 343personalTitle ...................................................................................................... 344photo ................................................................................................................. 344physicalDeliveryOfficeName ............................................................................... 345postalAddress .................................................................................................... 345postalCode ......................................................................................................... 346postOfficeBox ..................................................................................................... 347preferredDeliveryMethod ................................................................................... 347preferredLanguage ............................................................................................ 348preferredLocale ................................................................................................. 348preferredServerList ........................................................................................... 349preferredTimeZone ............................................................................................ 349presentationAddress .......................................................................................... 350printer-aliases .................................................................................................... 350printer-charset-configured ................................................................................. 351printer-charset-supported .................................................................................. 351printer-color-supported ...................................................................................... 352printer-compression-supported .......................................................................... 352printer-copies-supported .................................................................................... 353printer-current-operator ..................................................................................... 353printer-delivery-orientation-supported ................................................................ 354printer-document-format-supported ................................................................... 354printer-finishings-supported ............................................................................... 355printer-generated-natural-language-supported ................................................... 355printer-info ........................................................................................................ 356printer-ipp-versions-supported ........................................................................... 356printer-job-k-octets-supported ............................................................................ 357printer-job-priority-supported ............................................................................. 357printer-location .................................................................................................. 358printer-make-and-model ..................................................................................... 358printer-media-local-supported ............................................................................ 359
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xvii
printer-media-supported .................................................................................... 359printer-more-info ............................................................................................... 360printer-multiple-document-jobs-supported .......................................................... 360printer-name ...................................................................................................... 361printer-natural-language-configured ................................................................... 361printer-number-up-supported ............................................................................. 362printer-output-features-supported ...................................................................... 362printer-pages-per-minute-color ........................................................................... 363printer-pages-per-minute ................................................................................... 363printer-print-quality-supported ........................................................................... 364printer-resolution-supported .............................................................................. 364printer-service-person ........................................................................................ 365printer-sides-supported ...................................................................................... 365printer-stacking-order-supported ....................................................................... 366printer-uri .......................................................................................................... 366printer-xri-supported .......................................................................................... 367profileTTL .......................................................................................................... 367protocolInformation ........................................................................................... 368push2faEnabled ................................................................................................. 368pushDeviceProfiles ............................................................................................. 369pwdAccountLockedTime .................................................................................... 369pwdAllowUserChange ........................................................................................ 370pwdAttribute ...................................................................................................... 370pwdChangedTime .............................................................................................. 371pwdCheckQuality ............................................................................................... 371pwdExpireWarning ............................................................................................ 372pwdFailureCountInterval ................................................................................... 372pwdFailureTime ................................................................................................. 373pwdGraceAuthNLimit ........................................................................................ 373pwdGraceUseTime ............................................................................................. 374pwdHistory ........................................................................................................ 374pwdInHistory ..................................................................................................... 375pwdLockout ....................................................................................................... 375pwdLockoutDuration .......................................................................................... 376pwdMaxAge ....................................................................................................... 376pwdMaxFailure .................................................................................................. 377pwdMinAge ........................................................................................................ 377pwdMinLength ................................................................................................... 378pwdMustChange ................................................................................................ 378pwdPolicySubentry ............................................................................................ 379pwdReset ........................................................................................................... 379pwdSafeModify .................................................................................................. 380ref ..................................................................................................................... 380registeredAddress .............................................................................................. 381replicaIdentifier ................................................................................................. 381replicationCSN .................................................................................................. 382rfc822mailMember ............................................................................................ 382
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xviii
roleOccupant ..................................................................................................... 383roomNumber ..................................................................................................... 383sambaAcctFlags ................................................................................................. 384sambaAlgorithmicRidBase .................................................................................. 384sambaBadPasswordCount .................................................................................. 385sambaBadPasswordTime .................................................................................... 385sambaBoolOption ............................................................................................... 386sambaDomainName ........................................................................................... 386sambaForceLogoff ............................................................................................. 387sambaGroupType ............................................................................................... 387sambaHomeDrive ............................................................................................... 388sambaHomePath ................................................................................................ 388sambaIntegerOption .......................................................................................... 388sambaKickoffTime .............................................................................................. 389sambaLMPassword ............................................................................................ 389sambaLockoutDuration ...................................................................................... 390sambaLockoutObservationWindow ..................................................................... 390sambaLockoutThreshold .................................................................................... 391sambaLogoffTime ............................................................................................... 391sambaLogonHours ............................................................................................. 392sambaLogonScript ............................................................................................. 392sambaLogonTime ............................................................................................... 393sambaLogonToChgPwd ...................................................................................... 393sambaMaxPwdAge ............................................................................................. 393sambaMinPwdAge .............................................................................................. 394sambaMinPwdLength ......................................................................................... 394sambaMungedDial ............................................................................................. 395sambaNextGroupRid .......................................................................................... 395sambaNextRid ................................................................................................... 396sambaNextUserRid ............................................................................................ 396sambaNTPassword ............................................................................................. 397sambaOptionName ............................................................................................. 397sambaPasswordHistory ...................................................................................... 398sambaPrimaryGroupSID ..................................................................................... 398sambaPrivilegeList ............................................................................................. 399sambaProfilePath ............................................................................................... 399sambaPwdCanChange ........................................................................................ 399sambaPwdHistoryLength ................................................................................... 400sambaPwdLastSet .............................................................................................. 400sambaPwdMustChange ...................................................................................... 401sambaRefuseMachinePwdChange ...................................................................... 401sambaShareName .............................................................................................. 402sambaSID .......................................................................................................... 402sambaSIDList ..................................................................................................... 403sambaStringListOption ...................................................................................... 403sambaStringOption ............................................................................................ 404sambaTrustFlags ................................................................................................ 404
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xix
sambaUserWorkstations ..................................................................................... 405searchGuide ....................................................................................................... 405searchTimeLimit ................................................................................................ 406secretary ........................................................................................................... 406seeAlso .............................................................................................................. 407serialNumber ..................................................................................................... 407service-advert-attribute-authenticator ................................................................ 408service-advert-scopes ......................................................................................... 408service-advert-service-type ................................................................................. 409service-advert-url-authenticator ......................................................................... 409serviceAuthenticationMethod ............................................................................. 410serviceCredentialLevel ....................................................................................... 410serviceSearchDescriptor .................................................................................... 411shadowExpire .................................................................................................... 411shadowFlag ....................................................................................................... 412shadowInactive .................................................................................................. 412shadowLastChange ............................................................................................ 413shadowMax ........................................................................................................ 413shadowMin ........................................................................................................ 414shadowWarning ................................................................................................. 414singleLevelQuality .............................................................................................. 414sn ...................................................................................................................... 415sOARecord ......................................................................................................... 415SolarisAttrKeyValue ........................................................................................... 416SolarisAttrLongDesc .......................................................................................... 416SolarisAttrReserved1 ......................................................................................... 417SolarisAttrReserved2 ......................................................................................... 417SolarisAttrShortDesc ......................................................................................... 418SolarisAuditAlways ............................................................................................ 418SolarisAuditNever .............................................................................................. 419SolarisAuthMethod ............................................................................................ 419SolarisBindDN ................................................................................................... 420SolarisBindPassword .......................................................................................... 420SolarisBindTimeLimit ......................................................................................... 421SolarisCacheTTL ................................................................................................ 421SolarisCertificatePassword ................................................................................ 422SolarisCertificatePath ........................................................................................ 422SolarisDataSearchDN ........................................................................................ 423SolarisKernelSecurityPolicy ............................................................................... 423SolarisLDAPServers ........................................................................................... 424SolarisPreferredServer ...................................................................................... 424SolarisPreferredServerOnly ............................................................................... 425SolarisProfileId .................................................................................................. 425SolarisProfileType .............................................................................................. 426SolarisProjectAttr .............................................................................................. 426SolarisProjectID ................................................................................................. 427SolarisProjectName ........................................................................................... 427
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xx
SolarisSearchBaseDN ........................................................................................ 428SolarisSearchReferral ........................................................................................ 428SolarisSearchScope ........................................................................................... 429SolarisSearchTimeLimit ..................................................................................... 429SolarisTransportSecurity ................................................................................... 430SolarisUserQualifier ........................................................................................... 430st ....................................................................................................................... 431street ................................................................................................................. 431structuralObjectClass ......................................................................................... 432subschemaSubentry ........................................................................................... 432subtreeMaximumQuality .................................................................................... 433subtreeMinimumQuality ..................................................................................... 433subtreeSpecification .......................................................................................... 434sun-fm-saml2-nameid-info .................................................................................. 435sun-fm-saml2-nameid-infokey ............................................................................. 435sun-printer-bsdaddr ........................................................................................... 436sun-printer-kvp .................................................................................................. 436sunAMAuthInvalidAttemptsData ........................................................................ 437sunIdentityMSISDNNumber ............................................................................... 437sunKeyValue ...................................................................................................... 438sunPluginSchema ............................................................................................... 438sunserviceID ...................................................................................................... 439sunServiceSchema ............................................................................................. 439sunsmspriority ................................................................................................... 440sunxmlKeyValue ................................................................................................. 441supportedAlgorithms .......................................................................................... 441supportedApplicationContext ............................................................................. 442supportedAuthPasswordSchemes ....................................................................... 442supportedControl ............................................................................................... 443supportedExtension ........................................................................................... 443supportedFeatures ............................................................................................. 443supportedLDAPVersion ...................................................................................... 444supportedSASLMechanisms ............................................................................... 444supportedTLSCiphers ........................................................................................ 445supportedTLSProtocols ...................................................................................... 445targetDN ........................................................................................................... 446targetEntryUUID ............................................................................................... 446telephoneNumber .............................................................................................. 447teletexTerminalIdentifier ................................................................................... 447telexNumber ...................................................................................................... 448template-major-version-number .......................................................................... 448template-minor-version-number ......................................................................... 449template-url-syntax ............................................................................................ 449textEncodedORAddress ...................................................................................... 450title .................................................................................................................... 450uddiAccessPoint ................................................................................................. 451uddiAddressLine ................................................................................................ 451
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xxi
uddiAuthorizedName ......................................................................................... 452uddiBindingKey .................................................................................................. 453uddiBusinessKey ................................................................................................ 453uddiCategoryBag ............................................................................................... 454uddiDescription ................................................................................................. 454uddiDiscoveryURLs ............................................................................................ 455uddiEMail .......................................................................................................... 455uddiFromKey ..................................................................................................... 456uddiHostingRedirector ....................................................................................... 457uddiIdentifierBag ............................................................................................... 457uddiInstanceDescription .................................................................................... 458uddiInstanceParms ............................................................................................ 458uddiIsHidden ..................................................................................................... 459uddiIsProjection ................................................................................................. 459uddiKeyedReference .......................................................................................... 460uddiLang ........................................................................................................... 460uddiName .......................................................................................................... 461uddiOperator ..................................................................................................... 462uddiOverviewDescription ................................................................................... 462uddiOverviewURL .............................................................................................. 463uddiPersonName ................................................................................................ 463uddiPhone .......................................................................................................... 464uddiServiceKey .................................................................................................. 464uddiSortCode ..................................................................................................... 465uddiTModelKey .................................................................................................. 466uddiToKey .......................................................................................................... 466uddiUseType ...................................................................................................... 467uddiUUID .......................................................................................................... 467uddiv3BindingKey .............................................................................................. 468uddiv3BriefResponse ......................................................................................... 468uddiv3BusinessKey ............................................................................................ 469uddiv3DigitalSignature ...................................................................................... 469uddiv3EntityCreationTime .................................................................................. 470uddiv3EntityDeletionTime .................................................................................. 471uddiv3EntityKey ................................................................................................. 471uddiv3EntityModificationTime ............................................................................ 472uddiv3ExpiresAfter ............................................................................................ 472uddiv3MaxEntities ............................................................................................. 473uddiv3NodeId .................................................................................................... 473uddiv3NotificationInterval ................................................................................. 474uddiv3ServiceKey .............................................................................................. 474uddiv3SubscriptionFilter .................................................................................... 475uddiv3SubscriptionKey ...................................................................................... 475uddiv3TModelKey .............................................................................................. 476uid ..................................................................................................................... 476uidNumber ........................................................................................................ 477uniqueIdentifier ................................................................................................. 478
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xxii
uniqueMember ................................................................................................... 478userCertificate ................................................................................................... 479userClass ........................................................................................................... 479userPassword .................................................................................................... 480userPKCS12 ....................................................................................................... 480userSMIMECertificate ....................................................................................... 481vendorName ...................................................................................................... 482vendorVersion .................................................................................................... 482webauthnDeviceProfiles ..................................................................................... 483winAccountName ............................................................................................... 483x121Address ...................................................................................................... 484x500UniqueIdentifier ......................................................................................... 484
2. DIT Content Rules ................................................................................................. 4853. DIT Structure Rules .............................................................................................. 486
uddiAddressStructureRule ................................................................................. 486uddiBindingTemplateStructureRule ................................................................... 486uddiBusinessEntityStructureRule ....................................................................... 487uddiBusinessServiceStructureRule ..................................................................... 487uddiContactStructureRule .................................................................................. 487uddiPublisherAssertionStructureRule ................................................................. 487uddiTModelInstanceInfoStructureRule ............................................................... 488uddiTModelStructureRule .................................................................................. 488uddiv3EntityObituaryStructureRule ................................................................... 488uddiv3SubscriptionStructureRule ....................................................................... 488
4. Matching Rule Uses .............................................................................................. 4905. Matching Rules ..................................................................................................... 491
1.3.6.1.4.1.26027.1.4.8.1.3.6.1.4.1.26027.1.3.6 .................................................. 493authPasswordExactMatch .................................................................................. 493authPasswordMatch ........................................................................................... 494bitStringMatch ................................................................................................... 494booleanMatch .................................................................................................... 494caseExactIA5Match ............................................................................................ 495caseExactIA5SubstringsMatch ........................................................................... 495caseExactJsonIdMatch ....................................................................................... 496caseExactJsonQueryMatch ................................................................................. 496caseExactMatch ................................................................................................. 496caseExactOrderingMatch ................................................................................... 497caseExactSubstringsMatch ................................................................................ 497caseIgnoreIA5Match .......................................................................................... 497caseIgnoreIA5SubstringsMatch .......................................................................... 498caseIgnoreJsonIdMatch ...................................................................................... 498caseIgnoreJsonQueryMatch ................................................................................ 499caseIgnoreJsonQueryMatchClusterObject .......................................................... 499caseIgnoreJsonQueryMatchManagedRole ........................................................... 499caseIgnoreJsonQueryMatchManagedUser .......................................................... 499caseIgnoreJsonQueryMatchRelationship ............................................................ 499caseIgnoreListMatch .......................................................................................... 500
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xxiii
caseIgnoreListSubstringsMatch ......................................................................... 500caseIgnoreMatch ............................................................................................... 500caseIgnoreOrderingMatch ................................................................................. 501caseIgnoreSubstringsMatch ............................................................................... 501certificateExactMatch ........................................................................................ 502ctsOAuth2GrantSetEqualityMatch ...................................................................... 502directoryStringFirstComponentMatch ................................................................ 502distinguishedNameMatch ................................................................................... 502ds-mr-double-metaphone-approx ........................................................................ 503ds-mr-user-password-equality ............................................................................. 503ds-mr-user-password-exact ................................................................................. 503generalizedTimeMatch ....................................................................................... 503generalizedTimeOrderingMatch ......................................................................... 504historicalCsnOrderingMatch .............................................................................. 504historicalCsnRangeMatch .................................................................................. 504integerFirstComponentMatch ............................................................................ 504integerMatch ..................................................................................................... 505integerOrderingMatch ....................................................................................... 505jsonFirstComponentCaseExactJsonQueryMatch ................................................. 505jsonFirstComponentCaseIgnoreJsonQueryMatch ................................................ 506keywordMatch ................................................................................................... 506nameAndOptionalCaseExactJsonIdEqualityMatch ............................................... 507nameAndOptionalCaseIgnoreJsonIdEqualityMatch ............................................. 507nameAndOptionalJsonEqualityMatchingRule ...................................................... 507numericStringMatch .......................................................................................... 508numericStringOrderingMatch ............................................................................ 508numericStringSubstringsMatch .......................................................................... 508objectIdentifierFirstComponentMatch ................................................................ 509objectIdentifierMatch ......................................................................................... 509octetStringMatch ............................................................................................... 510octetStringOrderingMatch ................................................................................. 510octetStringSubstringsMatch ............................................................................... 510partialDateAndTimeMatchingRule ...................................................................... 510presentationAddressMatch ................................................................................. 511protocolInformationMatch ................................................................................. 511relativeTimeGTOrderingMatch ........................................................................... 511relativeTimeLTOrderingMatch ........................................................................... 511telephoneNumberMatch ..................................................................................... 512telephoneNumberSubstringsMatch .................................................................... 512uniqueMemberMatch ......................................................................................... 513uuidMatch ......................................................................................................... 513uuidOrderingMatch ............................................................................................ 513wordMatch ........................................................................................................ 514
6. Name Forms .......................................................................................................... 515uddiAddressNameForm ...................................................................................... 515uddiBindingTemplateNameForm ........................................................................ 515uddiBusinessEntityNameForm ........................................................................... 516
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xxiv
uddiBusinessServiceNameForm ......................................................................... 516uddiContactNameForm ...................................................................................... 516uddiPublisherAssertionNameForm ..................................................................... 517uddiTModelInstanceInfoNameForm ................................................................... 517uddiTModelNameForm ...................................................................................... 517uddiv3EntityObituaryNameForm ........................................................................ 518uddiv3SubscriptionNameForm ........................................................................... 518
7. Object Classes ....................................................................................................... 519account .............................................................................................................. 527alias ................................................................................................................... 527applicationEntity ................................................................................................ 528applicationProcess ............................................................................................. 528authPasswordObject .......................................................................................... 529automount ......................................................................................................... 529automountMap ................................................................................................... 529bootableDevice .................................................................................................. 530calEntry ............................................................................................................. 530certificationAuthority-V2 .................................................................................... 530certificationAuthority ......................................................................................... 531changeLogEntry ................................................................................................. 531collectiveAttributeSubentry ................................................................................ 532container ........................................................................................................... 532corbaContainer .................................................................................................. 533corbaObject ....................................................................................................... 533corbaObjectReference ........................................................................................ 533country .............................................................................................................. 534cRLDistributionPoint .......................................................................................... 534dcObject ............................................................................................................ 535deltaCRL ............................................................................................................ 535device ................................................................................................................ 535devicePrintProfilesContainer .............................................................................. 536deviceProfilesContainer ..................................................................................... 536dmd ................................................................................................................... 537dNSDomain ....................................................................................................... 537document ........................................................................................................... 538documentSeries ................................................................................................. 538domain ............................................................................................................... 538domainRelatedObject ......................................................................................... 539ds-certificate-user .............................................................................................. 539ds-monitor-backend-db ....................................................................................... 540ds-monitor-backend-pluggable ........................................................................... 540ds-monitor-backend-proxy .................................................................................. 541ds-monitor-backend ........................................................................................... 541ds-monitor-base-dn ............................................................................................ 542ds-monitor-branch .............................................................................................. 542ds-monitor-certificate ......................................................................................... 542ds-monitor-changelog-domain ............................................................................ 543
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xxv
ds-monitor-changelog ......................................................................................... 543ds-monitor-connected-changelog ........................................................................ 543ds-monitor-connected-replica ............................................................................. 544ds-monitor-connection-handler ........................................................................... 544ds-monitor-disk-space ........................................................................................ 545ds-monitor-entry-cache ...................................................................................... 545ds-monitor-health-status ..................................................................................... 545ds-monitor-http-connection-handler .................................................................... 546ds-monitor-je-database ....................................................................................... 546ds-monitor-jvm ................................................................................................... 546ds-monitor-ldap-connection-handler ................................................................... 547ds-monitor-raw-je-database-statistics ................................................................. 548ds-monitor-remote-replica .................................................................................. 548ds-monitor-replica-db ......................................................................................... 548ds-monitor-replica .............................................................................................. 549ds-monitor-server ............................................................................................... 549ds-monitor-topology-server ................................................................................. 550ds-monitor-work-queue ...................................................................................... 550ds-monitor ......................................................................................................... 551ds-pwp-attribute-value-validator ......................................................................... 551ds-pwp-character-set-validator ........................................................................... 551ds-pwp-dictionary-validator ................................................................................ 552ds-pwp-length-based-validator ............................................................................ 552ds-pwp-password-policy ..................................................................................... 552ds-pwp-random-generator .................................................................................. 553ds-pwp-repeated-characters-validator ................................................................ 553ds-pwp-similarity-based-validator ....................................................................... 554ds-pwp-unique-characters-validator .................................................................... 554ds-pwp-validator ................................................................................................ 554ds-root-dse ......................................................................................................... 555ds-virtual-static-group ........................................................................................ 555dSA .................................................................................................................... 555DUAConfigProfile ............................................................................................... 556extensibleObject ................................................................................................ 556forgerock-am-dashboard-service ........................................................................ 557fr-idm-cluster-obj ............................................................................................... 557fr-idm-generic-obj .............................................................................................. 557fr-idm-hybrid-obj ................................................................................................ 558fr-idm-internal-role ............................................................................................. 558fr-idm-internal-user ............................................................................................ 558fr-idm-link .......................................................................................................... 559fr-idm-lock ......................................................................................................... 559fr-idm-managed-assignment ............................................................................... 560fr-idm-managed-role ........................................................................................... 560fr-idm-managed-user-explicit .............................................................................. 560fr-idm-managed-user-hybrid-obj ......................................................................... 561fr-idm-managed-user .......................................................................................... 561
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xxvi
fr-idm-notification .............................................................................................. 562fr-idm-recon-clusteredTargetIds ......................................................................... 562fr-idm-reconassoc ............................................................................................... 562fr-idm-reconassocentry ...................................................................................... 563fr-idm-relationship ............................................................................................. 563fr-idm-syncqueue ............................................................................................... 564frCoreToken ....................................................................................................... 564friendlyCountry .................................................................................................. 565glue ................................................................................................................... 565groupOfEntries .................................................................................................. 565groupOfNames ................................................................................................... 566groupOfUniqueNames ........................................................................................ 566groupOfURLs ..................................................................................................... 567ieee802Device ................................................................................................... 567inetOrgPerson .................................................................................................... 567inetuser ............................................................................................................. 568inheritableLDAPSubEntry .................................................................................. 569inheritedCollectiveAttributeSubentry ................................................................. 569inheritedFromDNCollectiveAttributeSubentry .................................................... 570inheritedFromRDNCollectiveAttributeSubentry .................................................. 570ipHost ................................................................................................................ 570iplanet-am-auth-configuration-service ................................................................ 571iplanet-am-managed-person ............................................................................... 571iplanet-am-session-service .................................................................................. 572iplanet-am-user-service ...................................................................................... 572iPlanetPreferences ............................................................................................. 573ipNetwork .......................................................................................................... 573ipProtocol .......................................................................................................... 573ipService ............................................................................................................ 574ipTnetHost ......................................................................................................... 574ipTnetTemplate .................................................................................................. 575javaContainer .................................................................................................... 575javaMarshalledObject ........................................................................................ 575javaNamingReference ........................................................................................ 576javaObject .......................................................................................................... 576javaSerializedObject .......................................................................................... 577kbaInfoContainer ............................................................................................... 577labeledURIObject ............................................................................................... 577ldapSubEntry ..................................................................................................... 578locality ............................................................................................................... 578mailGroup .......................................................................................................... 579namedObject ...................................................................................................... 579nisDomainObject ................................................................................................ 580nisKeyObject ...................................................................................................... 580nisMailAlias ....................................................................................................... 580nisMap ............................................................................................................... 581nisNetgroup ....................................................................................................... 581
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xxvii
nisNetId ............................................................................................................. 581nisObject ........................................................................................................... 582nisplusTimeZoneData ......................................................................................... 582oathDeviceProfilesContainer .............................................................................. 583oncRpc ............................................................................................................... 583organization ....................................................................................................... 583organizationalPerson ......................................................................................... 584organizationalRole ............................................................................................. 584organizationalUnit ............................................................................................. 585person ............................................................................................................... 585pilotDSA ............................................................................................................ 586pilotObject ......................................................................................................... 586pilotOrganization ............................................................................................... 586pilotPerson ........................................................................................................ 587pkiCA ................................................................................................................. 587pkiUser .............................................................................................................. 588posixAccount ..................................................................................................... 588posixGroup ........................................................................................................ 589printerAbstract .................................................................................................. 589printerIPP .......................................................................................................... 590printerLPR ......................................................................................................... 590printerService .................................................................................................... 590printerServiceAuxClass ...................................................................................... 591pushDeviceProfilesContainer ............................................................................. 591pwdPolicy .......................................................................................................... 592pwdValidatorPolicy ............................................................................................ 592qualityLabelledData ........................................................................................... 593referral .............................................................................................................. 593residentialPerson ............................................................................................... 594rFC822LocalPart ................................................................................................ 594room .................................................................................................................. 595sambaConfig ...................................................................................................... 595sambaConfigOption ............................................................................................ 595sambaDomain .................................................................................................... 596sambaGroupMapping ......................................................................................... 596sambaIdmapEntry .............................................................................................. 596sambaPrivilege .................................................................................................. 597sambaSamAccount ............................................................................................. 597sambaShare ....................................................................................................... 598sambaSidEntry ................................................................................................... 598sambaTrustPassword ......................................................................................... 598sambaUnixIdPool ............................................................................................... 599shadowAccount .................................................................................................. 599simpleSecurityObject ......................................................................................... 599slpService .......................................................................................................... 600slpServicePrinter ............................................................................................... 601SolarisAuditUser ................................................................................................ 601
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xxviii
SolarisAuthAttr .................................................................................................. 601SolarisExecAttr .................................................................................................. 602SolarisNamingProfile ......................................................................................... 602SolarisProfAttr ................................................................................................... 603SolarisProject .................................................................................................... 603SolarisUserAttr .................................................................................................. 603strongAuthenticationUser .................................................................................. 604subentry ............................................................................................................ 604subschema ......................................................................................................... 605sunAMAuthAccountLockout ............................................................................... 605sunFMSAML2NameIdentifier ............................................................................. 606sunPrinter .......................................................................................................... 606sunRealmService ............................................................................................... 606sunservice .......................................................................................................... 607sunservicecomponent ......................................................................................... 607top ..................................................................................................................... 608uddiAddress ....................................................................................................... 608uddiBindingTemplate ......................................................................................... 608uddiBusinessEntity ............................................................................................ 609uddiBusinessService .......................................................................................... 609uddiContact ....................................................................................................... 610uddiPublisherAssertion ...................................................................................... 610uddiTModel ........................................................................................................ 610uddiTModelInstanceInfo .................................................................................... 611uddiv3EntityObituary ......................................................................................... 611uddiv3Subscription ............................................................................................ 612uidObject ........................................................................................................... 612untypedObject ................................................................................................... 612userSecurityInformation .................................................................................... 613webauthnDeviceProfilesContainer ...................................................................... 613
8. Syntaxes ................................................................................................................ 615Attribute Type Description ................................................................................ 617Authentication Password Syntax ........................................................................ 618Binary ................................................................................................................ 618Bit String ........................................................................................................... 618Boolean .............................................................................................................. 619Certificate .......................................................................................................... 619Certificate List ................................................................................................... 619Certificate Pair .................................................................................................. 620Collective Conflict Behavior ............................................................................... 620Counter metric .................................................................................................. 620Country String ................................................................................................... 620CSN (Change Sequence Number) ...................................................................... 621Delivery Method ................................................................................................ 621Directory String ................................................................................................. 621DIT Content Rule Description ............................................................................ 622DIT Structure Rule Description ......................................................................... 622
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xxix
DN ..................................................................................................................... 622Duration in milli-seconds ................................................................................... 622Enhanced Guide ................................................................................................ 623Expression syntax for Boolean ........................................................................... 624Expression syntax for Certificate ....................................................................... 624Expression syntax for Directory String .............................................................. 624Expression syntax for DN .................................................................................. 624Expression syntax for Generalized Time ............................................................ 625Expression syntax for IA5 String ....................................................................... 625Expression syntax for Integer ............................................................................ 625Expression syntax for Numeric String ............................................................... 625Expression syntax for Octet String .................................................................... 626Expression syntax for OID ................................................................................. 626Expression syntax for Sun-defined Access Control Information .......................... 626Expression syntax for User Password ................................................................ 626Facsimile Telephone Number ............................................................................ 627Fax .................................................................................................................... 627Filesystem path ................................................................................................. 627Generalized Time ............................................................................................... 628Guide ................................................................................................................. 629Host port ........................................................................................................... 629IA5 String .......................................................................................................... 629Integer ............................................................................................................... 630JPEG .................................................................................................................. 630Json ................................................................................................................... 630Json Query ......................................................................................................... 631LDAP Syntax Description ................................................................................... 631Matching Rule Description ................................................................................ 631Matching Rule Use Description ......................................................................... 631Name and Optional JSON .................................................................................. 632Name and Optional UID .................................................................................... 632Name Form Description .................................................................................... 632Numeric String .................................................................................................. 633Object Class Description .................................................................................... 633Octet String ....................................................................................................... 633OID .................................................................................................................... 634Other Mailbox ................................................................................................... 634Postal Address ................................................................................................... 635Presentation Address ......................................................................................... 635Printable String ................................................................................................. 636Protocol Information .......................................................................................... 636Size in bytes ...................................................................................................... 637Substring Assertion ........................................................................................... 637Subtree Specification ......................................................................................... 638Summary metric ................................................................................................ 638Sun-defined Access Control Information ............................................................ 638Supported Algorithm ......................................................................................... 639
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xxx
Telephone Number ............................................................................................ 639Teletex Terminal Identifier ................................................................................ 639Telex Number .................................................................................................... 640Timer metric ...................................................................................................... 641User Password ................................................................................................... 642UTC Time .......................................................................................................... 642UUID ................................................................................................................. 643X.509 Certificate Exact Assertion ...................................................................... 644
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xxxi
About This ReferenceThis reference describes the default directory schema. Each schema definition has its own section,with links to related sections. Reference pages for the most commonly used elements may includeadditional descriptions and examples that are not present in the directory schema definitions.
This reference does not include directory configuration attributes and object classes, collationmatching rules.
LDAP directory schema defines how data can be stored in the directory. When a directory serverreceives a request to update directory data, it can check the data changes against the directoryschema, refusing any request that would result in a violation of the directory schema and directorydata corruption.
Schema checking prevents errors such as the following:
• Adding inappropriate attributes to an entry
• Removing required attributes from an entry
• Using an attribute value that has the wrong syntax
• Adding the wrong type of subordinate object
LDAP directory schema consists of definitions for the following:
Attribute types
Define attributes of directory entries, including their syntaxes and matching rules
Directory Information Tree (DIT) content rules
Define the content of entries with a given structural object class
DIT structure rules
Define the names entries may have, and how entries may be related to each other
Matching rules
Define how values of attributes are matched and compared
Matching rule uses
List attributes that can be used with an extensibleMatch search filter
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xxxii
Name forms
Define naming relations for structural object classes
Object classes
Define the types of objects that an entry represents, and the required and optional attributes forentries of those types
Syntaxes
Define the encodings used in LDAP
For a technical description of LDAP directory schema, read Directory Schema in LightweightDirectory Access Protocol (LDAP): Directory Information Models (RFC 4512).
LDAP directory servers allow client applications to access directory schema while the server isrunning. This enables applications to validate their changes against the schema before sending anupdate request to the server. As a result, LDAP schema definitions are optimized for applications,not humans. The reader must resolve relationships between schema definitions, and must find mostdocumentation elsewhere.
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 1
Chapter 1
Attribute TypesThis chapter covers schema definitions for attribute types:
• "aci"
• "aclRights"
• "aclRightsInfo"
• "administratorsAddress"
• "aliasedObjectName"
• "alive"
• "altServer"
• "aRecord"
• "assignedDashboard"
• "associatedDomain"
• "associatedName"
• "attributeMap"
• "attributeTypes"
• "audio"
• "authenticationMethod"
• "authorityRevocationList"
• "authPassword"
• "automountInformation"
• "automountKey"
• "automountMapName"
• "bindTimeLimit"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 2
• "blockInheritance"
• "bootFile"
• "bootParameter"
• "buildingName"
• "businessCategory"
• "c-FacsimileTelephoneNumber"
• "c-InternationalISDNNumber"
• "c-l"
• "c-o"
• "c-ou"
• "c-PhysicalDeliveryOfficeName"
• "c-PostalAddress"
• "c-PostalCode"
• "c-PostOfficeBox"
• "c-st"
• "c-street"
• "c-TelephoneNumber"
• "c-TelexNumber"
• "c"
• "cACertificate"
• "calCalAdrURI"
• "calCalURI"
• "calCAPURI"
• "calFBURL"
• "calOtherCalAdrURIs"
• "calOtherCalURIs"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 3
• "calOtherCAPURIs"
• "calOtherFBURLs"
• "carLicense"
• "certificateRevocationList"
• "changeInitiatorsName"
• "changelog"
• "changeLogCookie"
• "changeNumber"
• "changes"
• "changeTime"
• "changeType"
• "cn"
• "cNAMERecord"
• "co"
• "collectiveAttributeSubentries"
• "collectiveConflictBehavior"
• "collectiveExclusions"
• "corbaIor"
• "corbaRepositoryId"
• "coreTokenDate01"
• "coreTokenDate02"
• "coreTokenDate03"
• "coreTokenDate04"
• "coreTokenDate05"
• "coreTokenExpirationDate"
• "coreTokenId"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 4
• "coreTokenInteger01"
• "coreTokenInteger02"
• "coreTokenInteger03"
• "coreTokenInteger04"
• "coreTokenInteger05"
• "coreTokenInteger06"
• "coreTokenInteger07"
• "coreTokenInteger08"
• "coreTokenInteger09"
• "coreTokenInteger10"
• "coreTokenMultiString01"
• "coreTokenMultiString02"
• "coreTokenMultiString03"
• "coreTokenObject"
• "coreTokenString01"
• "coreTokenString02"
• "coreTokenString03"
• "coreTokenString04"
• "coreTokenString05"
• "coreTokenString06"
• "coreTokenString07"
• "coreTokenString08"
• "coreTokenString09"
• "coreTokenString10"
• "coreTokenString11"
• "coreTokenString12"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 5
• "coreTokenString13"
• "coreTokenString14"
• "coreTokenString15"
• "coreTokenTtlDate"
• "coreTokenType"
• "coreTokenUserId"
• "createTimestamp"
• "creatorsName"
• "credentialLevel"
• "crossCertificatePair"
• "dc"
• "defaultSearchBase"
• "defaultSearchScope"
• "defaultServerList"
• "deleteOldRDN"
• "deltaRevocationList"
• "departmentNumber"
• "dereferenceAliases"
• "description"
• "destinationIndicator"
• "devicePrintProfiles"
• "deviceProfiles"
• "displayName"
• "distinguishedName"
• "dITContentRules"
• "dITRedirect"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 6
• "dITStructureRules"
• "dmdName"
• "dnQualifier"
• "documentAuthor"
• "documentIdentifier"
• "documentLocation"
• "documentPublisher"
• "documentTitle"
• "documentVersion"
• "drink"
• "ds-certificate-fingerprint"
• "ds-certificate-issuer-dn"
• "ds-certificate-subject-dn"
• "ds-mon-abandoned-requests"
• "ds-mon-active-connections-count"
• "ds-mon-active-persistent-searches"
• "ds-mon-admin-hostport"
• "ds-mon-alias"
• "ds-mon-alive-errors"
• "ds-mon-alive"
• "ds-mon-backend-degraded-index-count"
• "ds-mon-backend-degraded-index"
• "ds-mon-backend-entry-count"
• "ds-mon-backend-filter-use-indexed"
• "ds-mon-backend-filter-use-start-time"
• "ds-mon-backend-filter-use-unindexed"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 7
• "ds-mon-backend-filter-use"
• "ds-mon-backend-is-private"
• "ds-mon-backend-proxy-base-dn"
• "ds-mon-backend-proxy-shard"
• "ds-mon-backend-ttl-entries-deleted"
• "ds-mon-backend-ttl-is-running"
• "ds-mon-backend-ttl-last-run-time"
• "ds-mon-backend-ttl-queue-size"
• "ds-mon-backend-ttl-thread-count"
• "ds-mon-backend-writability-mode"
• "ds-mon-base-dn-entry-count"
• "ds-mon-base-dn"
• "ds-mon-build-number"
• "ds-mon-build-time"
• "ds-mon-bytes-read"
• "ds-mon-bytes-written"
• "ds-mon-cache-entry-count"
• "ds-mon-cache-max-entry-count"
• "ds-mon-cache-max-size-bytes"
• "ds-mon-cache-misses"
• "ds-mon-cache-total-tries"
• "ds-mon-certificate-expires-at"
• "ds-mon-certificate-issuer-dn"
• "ds-mon-certificate-serial-number"
• "ds-mon-certificate-subject-dn"
• "ds-mon-changelog-hostport"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 8
• "ds-mon-changelog-id"
• "ds-mon-changelog-purge-delay"
• "ds-mon-compact-version"
• "ds-mon-config-dn"
• "ds-mon-connected-to-server-hostport"
• "ds-mon-connected-to-server-id"
• "ds-mon-connection"
• "ds-mon-connections"
• "ds-mon-current-connections"
• "ds-mon-current-receive-window"
• "ds-mon-current-time"
• "ds-mon-db-cache-evict-internal-nodes-count"
• "ds-mon-db-cache-evict-leaf-nodes-count"
• "ds-mon-db-cache-leaf-nodes"
• "ds-mon-db-cache-misses-internal-nodes"
• "ds-mon-db-cache-misses-leaf-nodes"
• "ds-mon-db-cache-size-active"
• "ds-mon-db-cache-size-total"
• "ds-mon-db-cache-total-tries-internal-nodes"
• "ds-mon-db-cache-total-tries-leaf-nodes"
• "ds-mon-db-checkpoint-count"
• "ds-mon-db-log-cleaner-file-deletion-count"
• "ds-mon-db-log-files-open"
• "ds-mon-db-log-files-opened"
• "ds-mon-db-log-size-active"
• "ds-mon-db-log-size-total"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 9
• "ds-mon-db-log-utilization-max"
• "ds-mon-db-log-utilization-min"
• "ds-mon-db-version"
• "ds-mon-disk-dir"
• "ds-mon-disk-free"
• "ds-mon-disk-full-threshold"
• "ds-mon-disk-low-threshold"
• "ds-mon-disk-root"
• "ds-mon-disk-state"
• "ds-mon-domain-generation-id"
• "ds-mon-domain-name"
• "ds-mon-entries-awaiting-updates-count"
• "ds-mon-fix-ids"
• "ds-mon-full-version"
• "ds-mon-group-id"
• "ds-mon-healthy-errors"
• "ds-mon-healthy"
• "ds-mon-install-path"
• "ds-mon-instance-path"
• "ds-mon-jvm-architecture"
• "ds-mon-jvm-arguments"
• "ds-mon-jvm-available-cpus"
• "ds-mon-jvm-class-path"
• "ds-mon-jvm-classes-loaded"
• "ds-mon-jvm-classes-unloaded"
• "ds-mon-jvm-java-home"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 10
• "ds-mon-jvm-java-vendor"
• "ds-mon-jvm-java-version"
• "ds-mon-jvm-memory-heap-init"
• "ds-mon-jvm-memory-heap-max"
• "ds-mon-jvm-memory-heap-reserved"
• "ds-mon-jvm-memory-heap-used"
• "ds-mon-jvm-memory-init"
• "ds-mon-jvm-memory-max"
• "ds-mon-jvm-memory-non-heap-init"
• "ds-mon-jvm-memory-non-heap-max"
• "ds-mon-jvm-memory-non-heap-reserved"
• "ds-mon-jvm-memory-non-heap-used"
• "ds-mon-jvm-memory-reserved"
• "ds-mon-jvm-memory-used"
• "ds-mon-jvm-supported-tls-ciphers"
• "ds-mon-jvm-supported-tls-protocols"
• "ds-mon-jvm-threads-blocked-count"
• "ds-mon-jvm-threads-count"
• "ds-mon-jvm-threads-daemon-count"
• "ds-mon-jvm-threads-deadlock-count"
• "ds-mon-jvm-threads-deadlocks"
• "ds-mon-jvm-threads-new-count"
• "ds-mon-jvm-threads-runnable-count"
• "ds-mon-jvm-threads-terminated-count"
• "ds-mon-jvm-threads-timed-waiting-count"
• "ds-mon-jvm-threads-waiting-count"
• "ds-mon-jvm-vendor"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 11
• "ds-mon-jvm-version"
• "ds-mon-last-seen"
• "ds-mon-ldap-hostport"
• "ds-mon-ldap-starttls-hostport"
• "ds-mon-ldaps-hostport"
• "ds-mon-listen-address"
• "ds-mon-lost-connections"
• "ds-mon-major-version"
• "ds-mon-max-connections"
• "ds-mon-minor-version"
• "ds-mon-newest-change-number"
• "ds-mon-newest-csn-timestamp"
• "ds-mon-newest-csn"
• "ds-mon-oldest-change-number"
• "ds-mon-oldest-csn-timestamp"
• "ds-mon-oldest-csn"
• "ds-mon-os-architecture"
• "ds-mon-os-name"
• "ds-mon-os-version"
• "ds-mon-point-version"
• "ds-mon-process-id"
• "ds-mon-product-name"
• "ds-mon-protocol"
• "ds-mon-receive-delay"
• "ds-mon-replay-delay"
• "ds-mon-replayed-updates-conflicts-resolved"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 12
• "ds-mon-replayed-updates-conflicts-unresolved"
• "ds-mon-replayed-updates"
• "ds-mon-replication-domain"
• "ds-mon-replication-protocol-version"
• "ds-mon-requests-abandon"
• "ds-mon-requests-add"
• "ds-mon-requests-bind"
• "ds-mon-requests-compare"
• "ds-mon-requests-delete"
• "ds-mon-requests-extended"
• "ds-mon-requests-failure-client-invalid-request"
• "ds-mon-requests-failure-client-redirect"
• "ds-mon-requests-failure-client-referral"
• "ds-mon-requests-failure-client-resource-limit"
• "ds-mon-requests-failure-client-security"
• "ds-mon-requests-failure-server"
• "ds-mon-requests-failure-uncategorized"
• "ds-mon-requests-get"
• "ds-mon-requests-in-queue"
• "ds-mon-requests-modify-dn"
• "ds-mon-requests-modify"
• "ds-mon-requests-patch"
• "ds-mon-requests-post"
• "ds-mon-requests-put"
• "ds-mon-requests-rejected-queue-full"
• "ds-mon-requests-search-base"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 13
• "ds-mon-requests-search-one"
• "ds-mon-requests-search-sub"
• "ds-mon-requests-submitted"
• "ds-mon-requests-unbind"
• "ds-mon-requests-uncategorized"
• "ds-mon-revision"
• "ds-mon-sent-updates"
• "ds-mon-server-id"
• "ds-mon-server-is-local"
• "ds-mon-server-state"
• "ds-mon-short-name"
• "ds-mon-ssl-encryption"
• "ds-mon-start-time"
• "ds-mon-status-last-changed"
• "ds-mon-status"
• "ds-mon-system-name"
• "ds-mon-total-connections"
• "ds-mon-total-update-entry-count"
• "ds-mon-total-update-entry-left"
• "ds-mon-total-update"
• "ds-mon-updates-inbound-queue"
• "ds-mon-updates-outbound-queue"
• "ds-mon-updates-totals-per-replay-thread"
• "ds-mon-vendor-name"
• "ds-mon-version-qualifier"
• "ds-mon-working-directory"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 14
• "ds-private-naming-contexts"
• "ds-privilege-name"
• "ds-pwp-account-disabled"
• "ds-pwp-account-expiration-time"
• "ds-pwp-account-status-notification-handler"
• "ds-pwp-allow-expired-password-changes"
• "ds-pwp-allow-multiple-password-values"
• "ds-pwp-allow-pre-encoded-passwords"
• "ds-pwp-allow-user-password-changes"
• "ds-pwp-attribute-value-check-substrings"
• "ds-pwp-attribute-value-match-attribute"
• "ds-pwp-attribute-value-min-substring-length"
• "ds-pwp-attribute-value-test-reversed-password"
• "ds-pwp-character-set-allow-unclassified-characters"
• "ds-pwp-character-set-character-set-ranges"
• "ds-pwp-character-set-character-set"
• "ds-pwp-character-set-min-character-sets"
• "ds-pwp-default-password-storage-scheme"
• "ds-pwp-deprecated-password-storage-scheme"
• "ds-pwp-dictionary-case-sensitive-validation"
• "ds-pwp-dictionary-check-substrings"
• "ds-pwp-dictionary-data"
• "ds-pwp-dictionary-min-substring-length"
• "ds-pwp-dictionary-test-reversed-password"
• "ds-pwp-expire-passwords-without-warning"
• "ds-pwp-force-change-on-add"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 15
• "ds-pwp-force-change-on-reset"
• "ds-pwp-grace-login-count"
• "ds-pwp-idle-lockout-interval"
• "ds-pwp-last-login-time-attribute"
• "ds-pwp-last-login-time-format"
• "ds-pwp-last-login-time"
• "ds-pwp-length-based-max-password-length"
• "ds-pwp-length-based-min-password-length"
• "ds-pwp-lockout-duration"
• "ds-pwp-lockout-failure-count"
• "ds-pwp-lockout-failure-expiration-interval"
• "ds-pwp-max-password-age"
• "ds-pwp-max-password-reset-age"
• "ds-pwp-min-password-age"
• "ds-pwp-password-attribute"
• "ds-pwp-password-change-requires-current-password"
• "ds-pwp-password-changed-by-required-time"
• "ds-pwp-password-expiration-time"
• "ds-pwp-password-expiration-warning-interval"
• "ds-pwp-password-history-count"
• "ds-pwp-password-history-duration"
• "ds-pwp-password-policy-dn"
• "ds-pwp-previous-last-login-time-format"
• "ds-pwp-random-password-character-set"
• "ds-pwp-random-password-format"
• "ds-pwp-repeated-characters-case-sensitive-validation"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 16
• "ds-pwp-repeated-characters-max-consecutive-length"
• "ds-pwp-require-change-by-time"
• "ds-pwp-require-secure-authentication"
• "ds-pwp-require-secure-password-changes"
• "ds-pwp-reset-time"
• "ds-pwp-similarity-based-min-password-difference"
• "ds-pwp-skip-validation-for-administrators"
• "ds-pwp-state-update-failure-policy"
• "ds-pwp-unique-characters-case-sensitive-validation"
• "ds-pwp-unique-characters-min-unique-characters"
• "ds-pwp-warned-time"
• "ds-rlim-cursor-entry-limit"
• "ds-rlim-idle-time-limit"
• "ds-rlim-lookthrough-limit"
• "ds-rlim-size-limit"
• "ds-rlim-time-limit"
• "ds-sync-conflict"
• "ds-sync-fractional-exclude"
• "ds-sync-fractional-include"
• "ds-sync-generation-id"
• "ds-sync-hist"
• "ds-sync-state"
• "ds-target-group-dn"
• "dSAQuality"
• "emailAddress"
• "employeeNumber"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 17
• "employeeType"
• "enhancedSearchGuide"
• "entryDN"
• "entryUUID"
• "etag"
• "facsimileTelephoneNumber"
• "firstChangeNumber"
• "followReferrals"
• "fr-idm-accountStatus"
• "fr-idm-cluster-json"
• "fr-idm-condition"
• "fr-idm-consentedMapping"
• "fr-idm-custom-attrs"
• "fr-idm-effectiveAssignment"
• "fr-idm-effectiveRole"
• "fr-idm-internal-role-authzmembers-internal-user"
• "fr-idm-internal-role-authzmembers-managed-user"
• "fr-idm-internal-user-authzroles-internal-role"
• "fr-idm-internal-user-authzroles-managed-role"
• "fr-idm-json"
• "fr-idm-kbaInfo"
• "fr-idm-lastSync"
• "fr-idm-link-firstid-constraint"
• "fr-idm-link-firstid"
• "fr-idm-link-qualifier"
• "fr-idm-link-secondid-constraint"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 18
• "fr-idm-link-secondid"
• "fr-idm-link-type"
• "fr-idm-lock-nodeid"
• "fr-idm-managed-assignment-json"
• "fr-idm-managed-role-assignments"
• "fr-idm-managed-role-json"
• "fr-idm-managed-user-authzroles-internal-role"
• "fr-idm-managed-user-authzroles-managed-role"
• "fr-idm-managed-user-custom-attrs"
• "fr-idm-managed-user-json"
• "fr-idm-managed-user-manager"
• "fr-idm-managed-user-meta"
• "fr-idm-managed-user-notifications"
• "fr-idm-managed-user-roles"
• "fr-idm-name"
• "fr-idm-notification-json"
• "fr-idm-password"
• "fr-idm-preferences"
• "fr-idm-privilege"
• "fr-idm-recon-id"
• "fr-idm-recon-targetIds"
• "fr-idm-reconassoc-finishtime"
• "fr-idm-reconassoc-isanalysis"
• "fr-idm-reconassoc-mapping"
• "fr-idm-reconassoc-reconid"
• "fr-idm-reconassoc-sourceresourcecollection"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 19
• "fr-idm-reconassoc-targetresourcecollection"
• "fr-idm-reconassocentry-action"
• "fr-idm-reconassocentry-ambiguoustargetobjectids"
• "fr-idm-reconassocentry-exception"
• "fr-idm-reconassocentry-linkqualifier"
• "fr-idm-reconassocentry-message"
• "fr-idm-reconassocentry-messagedetail"
• "fr-idm-reconassocentry-phase"
• "fr-idm-reconassocentry-reconid"
• "fr-idm-reconassocentry-situation"
• "fr-idm-reconassocentry-sourceobjectid"
• "fr-idm-reconassocentry-status"
• "fr-idm-reconassocentry-targetobjectid"
• "fr-idm-relationship-json"
• "fr-idm-role"
• "fr-idm-syncqueue-context"
• "fr-idm-syncqueue-createdate"
• "fr-idm-syncqueue-mapping"
• "fr-idm-syncqueue-newobject"
• "fr-idm-syncqueue-nodeid"
• "fr-idm-syncqueue-objectrev"
• "fr-idm-syncqueue-oldobject"
• "fr-idm-syncqueue-remainingretries"
• "fr-idm-syncqueue-resourcecollection"
• "fr-idm-syncqueue-resourceid"
• "fr-idm-syncqueue-state"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 20
• "fr-idm-syncqueue-syncaction"
• "fr-idm-temporal-constraints"
• "fr-idm-uuid"
• "fullVendorVersion"
• "gecos"
• "generationQualifier"
• "gidNumber"
• "givenName"
• "governingStructureRule"
• "hasSubordinates"
• "healthy"
• "homeDirectory"
• "homePhone"
• "homePostalAddress"
• "host"
• "houseIdentifier"
• "includedAttributes"
• "inetUserHttpURL"
• "inetUserStatus"
• "info"
• "inheritable"
• "inheritAttribute"
• "inheritFromBaseRDN"
• "inheritFromDNAttribute"
• "inheritFromDNParent"
• "inheritFromRDNAttribute"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 21
• "inheritFromRDNType"
• "initials"
• "internationaliSDNNumber"
• "ipHostNumber"
• "iplanet-am-auth-configuration"
• "iplanet-am-auth-login-failure-url"
• "iplanet-am-auth-login-success-url"
• "iplanet-am-auth-post-login-process-class"
• "iplanet-am-session-destroy-sessions"
• "iplanet-am-session-get-valid-sessions"
• "iplanet-am-session-max-caching-time"
• "iplanet-am-session-max-idle-time"
• "iplanet-am-session-max-session-time"
• "iplanet-am-session-quota-limit"
• "iplanet-am-session-service-status"
• "iplanet-am-user-account-life"
• "iplanet-am-user-admin-start-dn"
• "iplanet-am-user-alias-list"
• "iplanet-am-user-auth-config"
• "iplanet-am-user-auth-modules"
• "iplanet-am-user-failure-url"
• "iplanet-am-user-login-status"
• "iplanet-am-user-password-reset-force-reset"
• "iplanet-am-user-password-reset-options"
• "iplanet-am-user-password-reset-question-answer"
• "iplanet-am-user-service-status"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 22
• "iplanet-am-user-success-url"
• "ipNetmaskNumber"
• "ipNetworkNumber"
• "ipProtocolNumber"
• "ipServicePort"
• "ipServiceProtocol"
• "ipTnetNumber"
• "ipTnetTemplateName"
• "isMemberOf"
• "janetMailbox"
• "javaClassName"
• "javaClassNames"
• "javaCodebase"
• "javaDoc"
• "javaFactory"
• "javaReferenceAddress"
• "javaSerializedData"
• "jpegPhoto"
• "kbaActiveIndex"
• "kbaInfo"
• "kbaInfoAttempts"
• "knowledgeInformation"
• "l"
• "labeledURI"
• "labeledURL"
• "lastChangeNumber"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 23
• "lastExternalChangelogCookie"
• "lastModifiedBy"
• "lastModifiedTime"
• "ldapSyntaxes"
• "loginShell"
• "macAddress"
• "mail"
• "mailPreferenceOption"
• "manager"
• "matchingRules"
• "matchingRuleUse"
• "mDRecord"
• "member"
• "memberGid"
• "memberNisNetgroup"
• "memberof"
• "memberUid"
• "memberURL"
• "mgrpRFC822MailMember"
• "mobile"
• "modifiersName"
• "modifyTimestamp"
• "mxRecord"
• "name"
• "nameForms"
• "namingContexts"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 24
• "newRDN"
• "newSuperior"
• "nisDomain"
• "nisMapEntry"
• "nisMapName"
• "nisNetgroupTriple"
• "nisNetIdGroup"
• "nisNetIdHost"
• "nisNetIdUser"
• "nisplusTimeZone"
• "nisPublicKey"
• "nisSecretKey"
• "nsds50ruv"
• "nSRecord"
• "nsUniqueId"
• "numSubordinates"
• "o"
• "oath2faEnabled"
• "oathDeviceProfiles"
• "objectClass"
• "objectClasses"
• "objectclassMap"
• "oncRpcNumber"
• "organizationalStatus"
• "otherMailbox"
• "ou"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 25
• "owner"
• "pager"
• "personalSignature"
• "personalTitle"
• "photo"
• "physicalDeliveryOfficeName"
• "postalAddress"
• "postalCode"
• "postOfficeBox"
• "preferredDeliveryMethod"
• "preferredLanguage"
• "preferredLocale"
• "preferredServerList"
• "preferredTimeZone"
• "presentationAddress"
• "printer-aliases"
• "printer-charset-configured"
• "printer-charset-supported"
• "printer-color-supported"
• "printer-compression-supported"
• "printer-copies-supported"
• "printer-current-operator"
• "printer-delivery-orientation-supported"
• "printer-document-format-supported"
• "printer-finishings-supported"
• "printer-generated-natural-language-supported"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 26
• "printer-info"
• "printer-ipp-versions-supported"
• "printer-job-k-octets-supported"
• "printer-job-priority-supported"
• "printer-location"
• "printer-make-and-model"
• "printer-media-local-supported"
• "printer-media-supported"
• "printer-more-info"
• "printer-multiple-document-jobs-supported"
• "printer-name"
• "printer-natural-language-configured"
• "printer-number-up-supported"
• "printer-output-features-supported"
• "printer-pages-per-minute-color"
• "printer-pages-per-minute"
• "printer-print-quality-supported"
• "printer-resolution-supported"
• "printer-service-person"
• "printer-sides-supported"
• "printer-stacking-order-supported"
• "printer-uri"
• "printer-xri-supported"
• "profileTTL"
• "protocolInformation"
• "push2faEnabled"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 27
• "pushDeviceProfiles"
• "pwdAccountLockedTime"
• "pwdAllowUserChange"
• "pwdAttribute"
• "pwdChangedTime"
• "pwdCheckQuality"
• "pwdExpireWarning"
• "pwdFailureCountInterval"
• "pwdFailureTime"
• "pwdGraceAuthNLimit"
• "pwdGraceUseTime"
• "pwdHistory"
• "pwdInHistory"
• "pwdLockout"
• "pwdLockoutDuration"
• "pwdMaxAge"
• "pwdMaxFailure"
• "pwdMinAge"
• "pwdMinLength"
• "pwdMustChange"
• "pwdPolicySubentry"
• "pwdReset"
• "pwdSafeModify"
• "ref"
• "registeredAddress"
• "replicaIdentifier"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 28
• "replicationCSN"
• "rfc822mailMember"
• "roleOccupant"
• "roomNumber"
• "sambaAcctFlags"
• "sambaAlgorithmicRidBase"
• "sambaBadPasswordCount"
• "sambaBadPasswordTime"
• "sambaBoolOption"
• "sambaDomainName"
• "sambaForceLogoff"
• "sambaGroupType"
• "sambaHomeDrive"
• "sambaHomePath"
• "sambaIntegerOption"
• "sambaKickoffTime"
• "sambaLMPassword"
• "sambaLockoutDuration"
• "sambaLockoutObservationWindow"
• "sambaLockoutThreshold"
• "sambaLogoffTime"
• "sambaLogonHours"
• "sambaLogonScript"
• "sambaLogonTime"
• "sambaLogonToChgPwd"
• "sambaMaxPwdAge"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 29
• "sambaMinPwdAge"
• "sambaMinPwdLength"
• "sambaMungedDial"
• "sambaNextGroupRid"
• "sambaNextRid"
• "sambaNextUserRid"
• "sambaNTPassword"
• "sambaOptionName"
• "sambaPasswordHistory"
• "sambaPrimaryGroupSID"
• "sambaPrivilegeList"
• "sambaProfilePath"
• "sambaPwdCanChange"
• "sambaPwdHistoryLength"
• "sambaPwdLastSet"
• "sambaPwdMustChange"
• "sambaRefuseMachinePwdChange"
• "sambaShareName"
• "sambaSID"
• "sambaSIDList"
• "sambaStringListOption"
• "sambaStringOption"
• "sambaTrustFlags"
• "sambaUserWorkstations"
• "searchGuide"
• "searchTimeLimit"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 30
• "secretary"
• "seeAlso"
• "serialNumber"
• "service-advert-attribute-authenticator"
• "service-advert-scopes"
• "service-advert-service-type"
• "service-advert-url-authenticator"
• "serviceAuthenticationMethod"
• "serviceCredentialLevel"
• "serviceSearchDescriptor"
• "shadowExpire"
• "shadowFlag"
• "shadowInactive"
• "shadowLastChange"
• "shadowMax"
• "shadowMin"
• "shadowWarning"
• "singleLevelQuality"
• "sn"
• "sOARecord"
• "SolarisAttrKeyValue"
• "SolarisAttrLongDesc"
• "SolarisAttrReserved1"
• "SolarisAttrReserved2"
• "SolarisAttrShortDesc"
• "SolarisAuditAlways"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 31
• "SolarisAuditNever"
• "SolarisAuthMethod"
• "SolarisBindDN"
• "SolarisBindPassword"
• "SolarisBindTimeLimit"
• "SolarisCacheTTL"
• "SolarisCertificatePassword"
• "SolarisCertificatePath"
• "SolarisDataSearchDN"
• "SolarisKernelSecurityPolicy"
• "SolarisLDAPServers"
• "SolarisPreferredServer"
• "SolarisPreferredServerOnly"
• "SolarisProfileId"
• "SolarisProfileType"
• "SolarisProjectAttr"
• "SolarisProjectID"
• "SolarisProjectName"
• "SolarisSearchBaseDN"
• "SolarisSearchReferral"
• "SolarisSearchScope"
• "SolarisSearchTimeLimit"
• "SolarisTransportSecurity"
• "SolarisUserQualifier"
• "st"
• "street"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 32
• "structuralObjectClass"
• "subschemaSubentry"
• "subtreeMaximumQuality"
• "subtreeMinimumQuality"
• "subtreeSpecification"
• "sun-fm-saml2-nameid-info"
• "sun-fm-saml2-nameid-infokey"
• "sun-printer-bsdaddr"
• "sun-printer-kvp"
• "sunAMAuthInvalidAttemptsData"
• "sunIdentityMSISDNNumber"
• "sunKeyValue"
• "sunPluginSchema"
• "sunserviceID"
• "sunServiceSchema"
• "sunsmspriority"
• "sunxmlKeyValue"
• "supportedAlgorithms"
• "supportedApplicationContext"
• "supportedAuthPasswordSchemes"
• "supportedControl"
• "supportedExtension"
• "supportedFeatures"
• "supportedLDAPVersion"
• "supportedSASLMechanisms"
• "supportedTLSCiphers"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 33
• "supportedTLSProtocols"
• "targetDN"
• "targetEntryUUID"
• "telephoneNumber"
• "teletexTerminalIdentifier"
• "telexNumber"
• "template-major-version-number"
• "template-minor-version-number"
• "template-url-syntax"
• "textEncodedORAddress"
• "title"
• "uddiAccessPoint"
• "uddiAddressLine"
• "uddiAuthorizedName"
• "uddiBindingKey"
• "uddiBusinessKey"
• "uddiCategoryBag"
• "uddiDescription"
• "uddiDiscoveryURLs"
• "uddiEMail"
• "uddiFromKey"
• "uddiHostingRedirector"
• "uddiIdentifierBag"
• "uddiInstanceDescription"
• "uddiInstanceParms"
• "uddiIsHidden"
• "uddiIsProjection"
Attribute Types
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 34
• "uddiKeyedReference"
• "uddiLang"
• "uddiName"
• "uddiOperator"
• "uddiOverviewDescription"
• "uddiOverviewURL"
• "uddiPersonName"
• "uddiPhone"
• "uddiServiceKey"
• "uddiSortCode"
• "uddiTModelKey"
• "uddiToKey"
• "uddiUseType"
• "uddiUUID"
• "uddiv3BindingKey"
• "uddiv3BriefResponse"
• "uddiv3BusinessKey"
• "uddiv3DigitalSignature"
• "uddiv3EntityCreationTime"
• "uddiv3EntityDeletionTime"
• "uddiv3EntityKey"
• "uddiv3EntityModificationTime"
• "uddiv3ExpiresAfter"
• "uddiv3MaxEntities"
• "uddiv3NodeId"
• "uddiv3NotificationInterval"
• "uddiv3ServiceKey"
Attribute Typesaci
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 35
• "uddiv3SubscriptionFilter"
• "uddiv3SubscriptionKey"
• "uddiv3TModelKey"
• "uid"
• "uidNumber"
• "uniqueIdentifier"
• "uniqueMember"
• "userCertificate"
• "userClass"
• "userPassword"
• "userPKCS12"
• "userSMIMECertificate"
• "vendorName"
• "vendorVersion"
• "webauthnDeviceProfiles"
• "winAccountName"
• "x121Address"
• "x500UniqueIdentifier"
aciValues are Access Control Instructions (ACI). See the directory documentation for details.
Origin Sun Java System Directory ServerUsage directoryOperationDescription Sun-defined access control information attribute typeOID 2.16.840.1.113730.3.1.55Equality Matching Rule octetStringMatchSingle Value false: multiple values allowed
Attribute TypesaclRights
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 36
Names aciOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Sun-defined Access Control Information
aclRightsShows effective access rights. See the directory documentation for details.
Origin Sun Java System Directory ServerUsage directoryOperationDescription Sun-defined access control effective rights attribute typeOID 1.3.6.1.4.1.42.2.27.9.1.39Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames aclRightsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
false
Schema File 00-core.ldifSyntax Directory String
aclRightsInfoShows how the server calculates effective access rights. See the directory documentation for details.
Origin Sun Java System Directory ServerUsage directoryOperationDescription Sun-defined access control effective rights information attribute typeOID 1.3.6.1.4.1.42.2.27.9.1.40Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value true
Attribute TypesadministratorsAddress
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 37
Names aclRightsInfoOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
false
Schema File 00-core.ldifSyntax Directory String
administratorsAddressAn address for contacting the administrator who manages the server. For example,mailto:helpdesk@example.com.
Origin draft-wahl-ldap-adminaddrUsage directoryOperationOID 1.3.6.1.4.1.1466.101.120.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames administratorsAddressOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax IA5 String
aliasedObjectNameHolds the name of the entry that an alias points to.
An alias name is an alternative name for an entry. Alias objects are leaf entries (no subordinates).
ForgeRock servers do not support alias dereferencing.
Origin RFC 4512Usage userApplicationsOID 2.5.4.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatch
Attribute Typesalive
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 38
Single Value trueNames aliasedObjectNameUser ModificationAllowed
true
Used By aliasSchema File 00-core.ldifSyntax DN
aliveOrigin OpenDJ Directory ServerUsage dSAOperationDescription Indicates whether the server is aliveOID 1.3.6.1.4.1.36733.2.1.1.507Equality Matching Rule booleanMatchSingle Value trueNames aliveUser ModificationAllowed
false
Schema File 00-core.ldifSyntax Boolean
altServerThis operational attribute lists URIs of alternate servers to contact when this server is not available.
Origin RFC 4512Usage dSAOperationOID 1.3.6.1.4.1.1466.101.120.6Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames altServerOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Attribute TypesaRecord
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 39
Schema File 00-core.ldifSyntax IA5 String
aRecordA type A (address) DNS resource record.
Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.26Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames aRecordOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By dNSDomainSchema File 00-core.ldifSyntax IA5 String
assignedDashboardOrigin OpenAMUsage userApplicationsDescription Dashboard App registryInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.3.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames assignedDashboardOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Attribute TypesassociatedDomain
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 40
Used By forgerock-am-dashboard-serviceSchema File 60-identity-store-ds-dashboard.ldifSyntax Directory String
associatedDomainAn attribute for specifying DNS hostnames associated with an object. For example, the entry with DNdc=example,dc=com could have an associated domain of example.com.
Values of this attribute conform to the following ABNF:
domain = root / label *( DOT label )root = SPACElabel = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ]LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z"SPACE = %x20 ; space (" ")HYPHEN = %x2D ; hyphen ("-")DOT = %x2E ; period (".")
Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.37Substring Matching Rule caseIgnoreIA5SubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames associatedDomainOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By domainRelatedObjectSchema File 00-core.ldifSyntax IA5 String
associatedNameDNs of entries associated with a DNS domain.
Origin RFC 4524Usage userApplications
Attribute TypesattributeMap
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 41
OID 0.9.2342.19200300.100.1.38Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames associatedNameUser ModificationAllowed
true
Used By dNSDomain, domain, rFC822LocalPartSchema File 00-core.ldifSyntax DN
attributeMapOrigin RFC 4876Usage userApplicationsDescription Attribute mappings used, required, or supported by an agent or serviceOID 1.3.6.1.4.1.11.1.3.1.1.9Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames attributeMapOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By DUAConfigProfileSchema File 05-rfc4876.ldifSyntax IA5 String
attributeTypesThis operational attribute used in LDAP schema defines attribute types, which specify attributes ofdirectory entries, including their syntaxes and matching rules.
Origin RFC 4512Usage directoryOperationOID 2.5.21.5
Attribute Typesaudio
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 42
Equality Matching Rule objectIdentifierFirstComponentMatchSingle Value false: multiple values allowedNames attributeTypesUser ModificationAllowed
true
Used By subschemaSchema File 00-core.ldifSyntax Attribute Type Description
audioAttribute for storing sounds encoded according to the µ-law algorithm.
Origin RFC 2798Usage userApplicationsOID 0.9.2342.19200300.100.1.55Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames audioOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By inetOrgPerson, pilotObjectSchema File 00-core.ldifSyntax Octet String
authenticationMethodOrigin RFC 4876Usage userApplicationsDescription Identifies the types of authentication methods either used, required, or provided
by a service or peerOID 1.3.6.1.4.1.11.1.3.1.1.6Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value true
Attribute TypesauthorityRevocationList
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 43
Names authenticationMethodOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By DUAConfigProfileSchema File 05-rfc4876.ldifSyntax Directory String
authorityRevocationListX.509 certificate lists, as described in X.509 clause 11.2.5.
Request and transfer values using the binary option for the attribute description,authorityRevocationList;binary.
Origin RFC 4523Usage userApplicationsOID 2.5.4.38Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames authorityRevocationListOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By cRLDistributionPoint, certificationAuthority, certificationAuthority-V2, pkiCASchema File 00-core.ldifSyntax Certificate List
authPasswordEncoded or hashed passwords, prefixed with a scheme and authentication info.
Origin RFC 3112Usage userApplicationsDescription password authentication informationOID 1.3.6.1.4.1.4203.1.3.4Equality Matching Rule authPasswordExactMatch
Attribute TypesautomountInformation
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 44
Single Value false: multiple values allowedNames authPasswordUser ModificationAllowed
true
Used By authPasswordObject, ipHost, posixAccount, posixGroup, shadowAccountSchema File 03-rfc3112.ldifSyntax Authentication Password Syntax
automountInformationOrigin draft-howard-rfc2307bisUsage userApplicationsDescription Automount informationOID 1.3.6.1.1.1.1.33Substring Matching Rule caseExactIA5SubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames automountInformationOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By automountSchema File 04-rfc2307bis.ldifSyntax IA5 String
automountKeyOrigin draft-howard-rfc2307bisUsage userApplicationsDescription Automount Key valueOID 1.3.6.1.1.1.1.32Substring Matching Rule caseExactIA5SubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames automountKey
Attribute TypesautomountMapName
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 45
Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By automountSchema File 04-rfc2307bis.ldifSyntax IA5 String
automountMapNameOrigin draft-howard-rfc2307bisUsage userApplicationsDescription automount Map NameOID 1.3.6.1.1.1.1.31Substring Matching Rule caseExactIA5SubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames automountMapNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By automountMapSchema File 04-rfc2307bis.ldifSyntax IA5 String
bindTimeLimitOrigin RFC 4876Usage userApplicationsDescription Maximum time an agent or service allows for a bind operation to completeOID 1.3.6.1.4.1.11.1.3.1.1.4Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames bindTimeLimitOrdering Matching Rule integerOrderingMatch
Attribute TypesblockInheritance
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 46
User ModificationAllowed
true
Used By DUAConfigProfileSchema File 05-rfc4876.ldifSyntax Integer
blockInheritanceOrigin draft-ietf-ldup-subentryUsage dSAOperationOID 1.3.6.1.4.1.7628.5.4.2Equality Matching Rule booleanMatchSingle Value trueNames blockInheritanceUser ModificationAllowed
false
Used By inheritableLDAPSubEntrySchema File 00-core.ldifSyntax Boolean
bootFileOrigin draft-howard-rfc2307bisUsage userApplicationsDescription Boot image nameOID 1.3.6.1.1.1.1.24Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value false: multiple values allowedNames bootFileOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By bootableDeviceSchema File 04-rfc2307bis.ldif
Attribute TypesbootParameter
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 47
Syntax IA5 String
bootParameterOrigin draft-howard-rfc2307bisUsage userApplicationsDescription rpc.bootparamd parameterOID 1.3.6.1.1.1.1.23Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value false: multiple values allowedNames bootParameterOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By bootableDeviceSchema File 04-rfc2307bis.ldifSyntax IA5 String
buildingNameNames of buildings where an organization or organizational unit is based.
Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.48Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames buildingNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By pilotOrganizationSchema File 00-core.ldifSyntax Directory String
Attribute TypesbusinessCategory
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 48
businessCategoryThe kind of business performed by an organization. Each kind corresponds to a different attributevalue.
Origin RFC 4519Usage userApplicationsOID 2.5.4.15Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames businessCategoryOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By dNSDomain, dmd, domain, groupOfEntries, groupOfNames, groupOfURLs,groupOfUniqueNames, inetOrgPerson, organization, organizationalUnit,pilotOrganization, pilotPerson, rFC822LocalPart, residentialPerson,sunservicecomponent
Schema File 00-core.ldifSyntax Directory String
c-FacsimileTelephoneNumberFax phone number for a collection of entries.
Origin RFC 3671Usage userApplicationsSuperior Type facsimileTelephoneNumberCollective trueOID 2.5.4.23.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames c-FacsimileTelephoneNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Attribute Typesc-InternationalISDNNumber
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 49
Schema File 00-core.ldifSyntax Facsimile Telephone Number
c-InternationalISDNNumberISDN address for a collection of entries.
Origin RFC 3671Usage userApplicationsSuperior Type internationaliSDNNumberCollective trueOID 2.5.4.25.1Substring Matching Rule numericStringSubstringsMatchEquality Matching Rule numericStringMatchSingle Value false: multiple values allowedNames c-InternationalISDNNumberOrdering Matching Rule numericStringOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Numeric String
c-lName of a locality or place for a collection of entries.
Origin RFC 3671Usage userApplicationsSuperior Type lCollective trueOID 2.5.4.7.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames c-l
Attribute Typesc-o
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 50
Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Directory String
c-oOrganization name for a collection of entries.
Origin RFC 3671Usage userApplicationsSuperior Type oCollective trueOID 2.5.4.10.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames c-oOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Directory String
c-ouOrganizational unit name for a collection of entries.
Origin RFC 3671Usage userApplicationsSuperior Type ouCollective trueOID 2.5.4.11.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatch
Attribute Typesc-PhysicalDeliveryOfficeName
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 51
Single Value false: multiple values allowedNames c-ouOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Directory String
c-PhysicalDeliveryOfficeNamePost office for a collection of entries.
Origin RFC 3671Usage userApplicationsSuperior Type physicalDeliveryOfficeNameCollective trueOID 2.5.4.19.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames c-PhysicalDeliveryOfficeNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Directory String
c-PostalAddressPostal address for a collection of entries.
Origin RFC 3671Usage userApplicationsSuperior Type postalAddressCollective trueOID 2.5.4.16.1
Attribute Typesc-PostalCode
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 52
Substring Matching Rule caseIgnoreListSubstringsMatchEquality Matching Rule caseIgnoreListMatchSingle Value false: multiple values allowedNames c-PostalAddressUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Postal Address
c-PostalCodePostal code for a collection of entries.
Origin RFC 3671Usage userApplicationsSuperior Type postalCodeCollective trueOID 2.5.4.17.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames c-PostalCodeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Directory String
c-PostOfficeBoxPostal box identifier for a collection of entries.
Origin RFC 3671Usage userApplicationsSuperior Type postOfficeBoxCollective true
Attribute Typesc-st
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 53
OID 2.5.4.18.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames c-PostOfficeBoxOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Directory String
c-stFull name of a state or province for a collection of entries.
Origin RFC 3671Usage userApplicationsSuperior Type stCollective trueOID 2.5.4.8.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames c-stOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Directory String
c-streetStreet address for a collection of entries.
Origin RFC 3671Usage userApplications
Attribute Typesc-TelephoneNumber
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 54
Superior Type streetCollective trueOID 2.5.4.9.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames c-streetOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Directory String
c-TelephoneNumberPhone number for a collection of entries.
Origin RFC 3671Usage userApplicationsSuperior Type telephoneNumberCollective trueOID 2.5.4.20.1Substring Matching Rule telephoneNumberSubstringsMatchEquality Matching Rule telephoneNumberMatchSingle Value false: multiple values allowedNames c-TelephoneNumberUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Telephone Number
c-TelexNumberTelex terminal number for a collection of entries.
Origin RFC 3671
Attribute Typesc
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 55
Usage userApplicationsSuperior Type telexNumberCollective trueOID 2.5.4.21.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames c-TelexNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Telex Number
cTwo-letter ISO 3166 country code.
Origin RFC 4519Usage userApplicationsSuperior Type nameOID 2.5.4.6Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames c, countryNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By country, friendlyCountry, untypedObjectSchema File 00-core.ldifSyntax Country String
cACertificateX.509 certificate issued to the Certificate Authority (CA), as described in X.509 clause 11.2.2.
Attribute TypescalCalAdrURI
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 56
Request and transfer values using the binary option for the attribute description, cACertificate;binary.
Origin RFC 4523Usage userApplicationsOID 2.5.4.37Equality Matching Rule certificateExactMatchSingle Value false: multiple values allowedNames cACertificateOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By certificationAuthority, certificationAuthority-V2, pkiCASchema File 00-core.ldifSyntax Certificate
calCalAdrURIProtocol-independent location for a calendaring and scheduling client to send an event request to auser.
Origin RFC 2739Usage userApplicationsOID 1.2.840.113556.1.4.481Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames calCalAdrURIOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By calEntrySchema File 03-rfc2739.ldifSyntax IA5 String
Attribute TypescalCalURI
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 57
calCalURIProtocol-independent location for a calendaring and scheduling client to retrieve an entire snapshotcopy of a user's calendar as one or more iCalendar objects.
Origin RFC 2739Usage userApplicationsOID 1.2.840.113556.1.4.478Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames calCalURIOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By calEntrySchema File 03-rfc2739.ldifSyntax IA5 String
calCAPURIProtocol-independent location for a calendaring and scheduling client can communicate with a user'sentire calendar.
Origin RFC 2739Usage userApplicationsOID 1.2.840.113556.1.4.480Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames calCAPURIOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By calEntrySchema File 03-rfc2739.ldif
Attribute TypescalFBURL
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 58
Syntax IA5 String
calFBURLProtocol-independent location for a calendaring and scheduling client to retrieve information aboutwhen a user is busy as an iCalendar object with one or more "VFREEBUSY" calendar components.
Origin RFC 2739Usage userApplicationsOID 1.2.840.113556.1.4.479Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames calFBURLOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By calEntrySchema File 03-rfc2739.ldifSyntax IA5 String
calOtherCalAdrURIsProtocol-independent additional locations for a calendaring and scheduling client to send eventrequests to a user.
Origin RFC 2739Usage userApplicationsOID 1.2.840.113556.1.4.485Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames calOtherCalAdrURIsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Attribute TypescalOtherCalURIs
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 59
Used By calEntrySchema File 03-rfc2739.ldifSyntax IA5 String
calOtherCalURIsProtocol-independent location for a calendaring and scheduling client to retrieve snapshots of othercalendars a user has as iCalendar objects.
Origin RFC 2739Usage userApplicationsOID 1.2.840.113556.1.4.482Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames calOtherCalURIsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By calEntrySchema File 03-rfc2739.ldifSyntax IA5 String
calOtherCAPURIsProtocol-independent location for a calendaring and scheduling client can communicate with a user'sother calendars.
Origin RFC 2739Usage userApplicationsOID 1.2.840.113556.1.4.484Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames calOtherCAPURIsOrdering Matching Rule caseIgnoreOrderingMatch
Attribute TypescalOtherFBURLs
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 60
User ModificationAllowed
true
Used By calEntrySchema File 03-rfc2739.ldifSyntax IA5 String
calOtherFBURLsProtocol-independent location for a calendaring and scheduling client to retrieve other informationabout when a user is busy as iCalendar objects with one or more "VFREEBUSY" calendarcomponents.
Origin RFC 2739Usage userApplicationsOID 1.2.840.113556.1.4.483Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames calOtherFBURLsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By calEntrySchema File 03-rfc2739.ldifSyntax IA5 String
carLicenseCar license or registration plate number for a person's vehicle.
Origin RFC 2798Usage userApplicationsDescription vehicle license or registration plateOID 2.16.840.1.113730.3.1.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatch
Attribute TypescertificateRevocationList
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 61
Single Value false: multiple values allowedNames carLicenseOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By inetOrgPersonSchema File 00-core.ldifSyntax Directory String
certificateRevocationListX.509 certificate lists, as described in X.509 clause 11.2.4.
Request and transfer values using the binary option for the attribute description,certificateRevocationList;binary.
Origin RFC 4523Usage userApplicationsOID 2.5.4.39Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames certificateRevocationListOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By cRLDistributionPoint, certificationAuthority, certificationAuthority-V2, pkiCASchema File 00-core.ldifSyntax Certificate List
changeInitiatorsNamePoints to the entry that initiated the modification.
Origin OpenDS Directory ServerUsage directoryOperationDescription The initiator user of the change
Attribute Typeschangelog
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 62
OID 1.3.6.1.4.1.26027.1.1.604Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames changeInitiatorsNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 03-changelog.ldifSyntax Directory String
changelog
Origin draft-good-ldap-changelogUsage directoryOperationDescription the distinguished name of the entry which contains the set of entries comprising
this servers changelogOID 2.16.840.1.113730.3.1.35Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames changelogUser ModificationAllowed
false
Schema File 00-core.ldifSyntax DN
changeLogCookieOpaque unique identifier for a change in distributed replication changelog.
Origin OpenDS Directory ServerUsage directoryOperationDescription The OpenDS opaque cookie for the External ChangelogOID 1.3.6.1.4.1.26027.1.1.591
Attribute TypeschangeNumber
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 63
Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames changeLogCookieOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 03-changelog.ldifSyntax Directory String
changeNumberThe set of changes made to a directory server is given by the set of all entries in the changelog,ordered by changeNumber, which strictly increases for a given server.
Note The changeNumber is unique to a server, and not necessarily shared or synchronized acrossservers. The change numbers for ForgeRock servers can be synchronized using the dsrepl reset-change-number command. ForgeRock servers also provide an alternative changeLogCookie attribute, whichcan be used reliably across a replicated topology.
A client application may synchronize its local copy of directory data by reading the server's changelogfor entries where the changeNumber is greater than or equal to the last change that the client read fromthe server. A server can, however, trim its changelog. If the last change read from the changelog isnot returned in search results, the client application must fall back to rebuilding its entire copy ofdirectory data.
Origin draft-good-ldap-changelogUsage userApplicationsDescription a number which uniquely identifies a change made to a directory entryOID 2.16.840.1.113730.3.1.5Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames changeNumberOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By changeLogEntrySchema File 03-changelog.ldif
Attribute Typeschanges
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 64
Syntax Integer
changesOrigin draft-good-ldap-changelogUsage userApplicationsDescription a set of changes to apply to an entryOID 2.16.840.1.113730.3.1.8Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames changesOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By changeLogEntrySchema File 03-changelog.ldifSyntax Octet String
changeTimeIndicates when an entry was changed for replication.
Origin Sun Directory ServerUsage userApplicationsDescription the time when the change was processedOID 2.16.840.1.113730.3.1.77Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames changeTimeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By changeLogEntrySchema File 03-changelog.ldif
Attribute TypeschangeType
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 65
Syntax Directory String
changeTypeThe type of change made to the entry specified by the targetDN attribute of the changelog entry. Oneof:
• add
• delete
• modify
• modrdn
Origin draft-good-ldap-changelogUsage userApplicationsDescription the type of change made to an entryOID 2.16.840.1.113730.3.1.7Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames changeTypeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By changeLogEntrySchema File 03-changelog.ldifSyntax Directory String
cnX.500 commonName attribute that contains the name of an object.
When used for a person, this attribute contains the full name.
Origin RFC 4519Usage userApplicationsSuperior Type nameOID 2.5.4.3
Attribute TypescNAMERecord
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 66
Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames cn, commonNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By DUAConfigProfile, SolarisAuthAttr, SolarisNamingProfile, SolarisProfAttr,applicationEntity, applicationProcess, cRLDistributionPoint, container,corbaContainer, dSA, device, document, documentSeries, ds-monitor-branch, ds-monitor-changelog, ds-monitor-connection-handler, ds-monitor-entry-cache, ds-monitor-health-status, ds-monitor-http-connection-handler, ds-monitor-ldap-connection-handler, ds-monitor-work-queue, ds-pwp-password-policy, fr-idm-internal-role, groupOfEntries,groupOfNames, groupOfURLs, groupOfUniqueNames, inetOrgPerson,inheritableLDAPSubEntry, inheritedCollectiveAttributeSubentry,inheritedFromDNCollectiveAttributeSubentry,inheritedFromRDNCollectiveAttributeSubentry, ipHost, ipNetwork, ipProtocol,ipService, javaContainer, ldapSubEntry, mailGroup, namedObject, nisKeyObject,nisMailAlias, nisNetId, nisNetgroup, nisObject, nisplusTimeZoneData, oncRpc,organizationalPerson, organizationalRole, person, pilotDSA, pilotPerson,posixAccount, rFC822LocalPart, residentialPerson, room, sambaSamAccount,subentry, untypedObject
Schema File 00-core.ldifSyntax Directory String
cNAMERecordA type CNAME (canonical name) DNS resource record.
Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.31Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames cNAMERecordOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By dNSDomain
Attribute Typesco
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 67
Schema File 00-core.ldifSyntax IA5 String
coFriendly country name in human readable format. This attribute is commonly used with c countryname, whose values are two-letter codes defined in the ISO 3166 standard.
Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.43Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames co, friendlyCountryNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-managed-user-explicit, friendlyCountrySchema File 00-core.ldifSyntax Directory String
collectiveAttributeSubentriesThis operational attribute identifies the collective attribute subentries that apply to the entry.
Origin RFC 3671Usage directoryOperationOID 2.5.18.12Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames collectiveAttributeSubentriesUser ModificationAllowed
false
Schema File 00-core.ldif
Attribute TypescollectiveConflictBehavior
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 68
Syntax DN
collectiveConflictBehaviorIndicates how to handle conflicts between real (stored) and virtual (computed) attribute values.
Origin OpenDS Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.26027.1.1.606Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames collectiveConflictBehaviorOrdering Matching Rule 1.3.6.1.4.1.26027.1.4.8.1.3.6.1.4.1.26027.1.3.6User ModificationAllowed
true
Used By inheritedCollectiveAttributeSubentry,inheritedFromDNCollectiveAttributeSubentry,inheritedFromRDNCollectiveAttributeSubentry
Schema File 00-core.ldifSyntax Collective Conflict Behavior
collectiveExclusionsThis operational attribute identifies the collective attributes to exclude from the entry. The valueexcludeAllCollectiveAttributes causes all collective attributes to be excluded.
Origin RFC 3671Usage directoryOperationOID 2.5.18.7Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value false: multiple values allowedNames collectiveExclusionsUser ModificationAllowed
true
Schema File 00-core.ldif
Attribute TypescorbaIor
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 69
Syntax OID
corbaIorString representation of an interoperable object reference (IOR) for a CORBA object. The value holdsall the information necessary to locate the object even if it is in another ORB.
Origin RFC 2714Usage userApplicationsDescription Stringified interoperable object reference of a CORBA objectOID 1.3.6.1.4.1.42.2.27.4.1.14Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames corbaIorOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By corbaObjectReferenceSchema File 03-rfc2714.ldifSyntax IA5 String
corbaRepositoryIdUnique repository ID, also known as type ID, for a CORBA interface. Multiple values reflect multipleinterfaces, but the list is not necessarily complete.
Although the value string can be of any syntax, the following ID styles are specified:
IDL style: IDL:Prefix/ModuleName/InterfaceName:VersionNumber
Format used for standard interface definition language (IDL) IDs.
RMI style: RMI:ClassName:HashCode[:SUID]
Format used by RMI-IIOP remote objects.
• ClassName is the fully qualified name of the class.
• HashCode is the result of the object's hashCode() method.
• SUID is the 64-bit stream unique identifier for the serialization version of the class.
Attribute TypescoreTokenDate01
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 70
DCE style: DCE:UUID
Format used for DCE/CORBA interoperability, where the UUID represents a DCE UUID.
Local
The format is defined by the local Object Request Broker (ORB).
Origin RFC 2714Usage userApplicationsDescription Repository ids of interfaces implemented by a CORBA objectOID 1.3.6.1.4.1.42.2.27.4.1.15Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames corbaRepositoryIdOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By corbaObject, corbaObjectReferenceSchema File 03-rfc2714.ldifSyntax Directory String
coreTokenDate01Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped date fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.126Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames coreTokenDate01Ordering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
true
Used By frCoreToken
Attribute TypescoreTokenDate02
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 71
Schema File 60-cts-schema.ldifSyntax Generalized Time
coreTokenDate02Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped date fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.127Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames coreTokenDate02Ordering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Generalized Time
coreTokenDate03Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped date fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.128Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames coreTokenDate03Ordering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
true
Attribute TypescoreTokenDate04
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 72
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Generalized Time
coreTokenDate04Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped date fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.129Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames coreTokenDate04Ordering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Generalized Time
coreTokenDate05Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped date fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.130Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames coreTokenDate05Ordering Matching Rule generalizedTimeOrderingMatch
Attribute TypescoreTokenExpirationDate
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 73
User ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Generalized Time
coreTokenExpirationDateOrigin ForgeRock OpenAM CTSv2Usage userApplicationsDescription Token expiration dateInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.98Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames coreTokenExpirationDateOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Generalized Time
coreTokenIdOrigin ForgeRock OpenAM CTSv2Usage userApplicationsDescription Token unique IDInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.96Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenId
Attribute TypescoreTokenInteger01
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 74
Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Directory String
coreTokenInteger01Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped integer fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.116Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames coreTokenInteger01Ordering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Integer
coreTokenInteger02Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped integer fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.117Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value true
Attribute TypescoreTokenInteger03
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 75
Names coreTokenInteger02Ordering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Integer
coreTokenInteger03Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped integer fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.118Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames coreTokenInteger03Ordering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Integer
coreTokenInteger04Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped integer fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.119Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatch
Attribute TypescoreTokenInteger05
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 76
Single Value trueNames coreTokenInteger04Ordering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Integer
coreTokenInteger05Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped integer fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.120Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames coreTokenInteger05Ordering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Integer
coreTokenInteger06Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped integer fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.121Substring Matching Rule caseExactSubstringsMatch
Attribute TypescoreTokenInteger07
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 77
Equality Matching Rule integerMatchSingle Value trueNames coreTokenInteger06Ordering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Integer
coreTokenInteger07Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped integer fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.122Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames coreTokenInteger07Ordering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Integer
coreTokenInteger08Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped integer fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.123
Attribute TypescoreTokenInteger09
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 78
Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames coreTokenInteger08Ordering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Integer
coreTokenInteger09Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped integer fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.124Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames coreTokenInteger09Ordering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Integer
coreTokenInteger10Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped integer fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.
Attribute TypescoreTokenMultiString01
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 79
OID 1.3.6.1.4.1.36733.2.2.1.125Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames coreTokenInteger10Ordering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Integer
coreTokenMultiString01Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped multi value string fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.136Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames coreTokenMultiString01Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Directory String
coreTokenMultiString02Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped multi value string field
Attribute TypescoreTokenMultiString03
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 80
Interface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.137Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames coreTokenMultiString02Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Directory String
coreTokenMultiString03Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription OAuth2 Grantset AuthorizationInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.138Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule ctsOAuth2GrantSetEqualityMatchSingle Value false: multiple values allowedNames coreTokenMultiString03Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Directory String
coreTokenObjectOrigin ForgeRock OpenAM CTSv2Usage userApplications
Attribute TypescoreTokenString01
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 81
Description Serialised JSON object for TokenInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.100Equality Matching Rule octetStringMatchSingle Value trueNames coreTokenObjectOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Binary
coreTokenString01Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped string fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.101Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenString01Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Directory String
coreTokenString02Origin ForgeRock OpenAM CTSv2Usage userApplications
Attribute TypescoreTokenString03
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 82
Description General mapped string fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.102Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenString02Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Directory String
coreTokenString03Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped string fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.103Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenString03Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Directory String
coreTokenString04Origin ForgeRock OpenAM CTSv2
Attribute TypescoreTokenString05
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 83
Usage userApplicationsDescription General mapped string fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.104Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenString04Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Directory String
coreTokenString05
Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped string fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.105Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenString05Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Directory String
Attribute TypescoreTokenString06
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 84
coreTokenString06Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped string fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.106Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenString06Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Directory String
coreTokenString07Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped string fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.107Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenString07Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Directory String
Attribute TypescoreTokenString08
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 85
coreTokenString08Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped string fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.108Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenString08Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Directory String
coreTokenString09Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped string fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.109Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenString09Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Directory String
Attribute TypescoreTokenString10
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 86
coreTokenString10Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped string fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.110Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenString10Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Directory String
coreTokenString11Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped string fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.111Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenString11Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Directory String
Attribute TypescoreTokenString12
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 87
coreTokenString12Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped string fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.112Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenString12Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Directory String
coreTokenString13Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped string fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.113Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenString13Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Directory String
Attribute TypescoreTokenString14
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 88
coreTokenString14Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped string fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.114Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenString14Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Directory String
coreTokenString15Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped string fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.115Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenString15Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Directory String
Attribute TypescoreTokenTtlDate
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 89
coreTokenTtlDateOrigin ForgeRock OpenAM CTSv2Usage userApplicationsDescription TTL expiration dateInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.139Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value false: multiple values allowedNames coreTokenTtlDateOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Generalized Time
coreTokenTypeOrigin ForgeRock OpenAM CTSv2Usage userApplicationsDescription Token typeInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.97Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenTypeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Directory String
Attribute TypescoreTokenUserId
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 90
coreTokenUserId
Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription ID of the owning userInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.99Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenUserIdOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Directory String
createTimestampFor entries added over protocol (by an LDAP add request), this operational attribute reflects the timethe entry was first added.
Origin RFC 4512Usage directoryOperationOID 2.5.18.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames createTimestampOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
false
Schema File 00-core.ldifSyntax Generalized Time
Attribute TypescreatorsName
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 91
creatorsNameFor entries added over protocol (by an LDAP add request), this operational attribute indicates the DNof the creator's entry.
Origin RFC 4512Usage directoryOperationOID 2.5.18.3Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames creatorsNameUser ModificationAllowed
false
Schema File 00-core.ldifSyntax DN
credentialLevel
Origin RFC 4876Usage userApplicationsDescription Identifies type of credentials either used, required, or supported by an agent or
serviceOID 1.3.6.1.4.1.11.1.3.1.1.10Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames credentialLevelOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By DUAConfigProfileSchema File 05-rfc4876.ldifSyntax IA5 String
Attribute TypescrossCertificatePair
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 92
crossCertificatePairX.509 certificate pair, as described in X.509 clause 11.2.3.
Request and transfer values using the binary option for the attribute description,crossCertificatePair;binary.
Origin RFC 4523Usage userApplicationsOID 2.5.4.40Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames crossCertificatePairOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By certificationAuthority, certificationAuthority-V2, pkiCASchema File 00-core.ldifSyntax Certificate Pair
dcDomain component as described in RFC 1274, where each attribute value holds one component, orlabel, of a DNS domain name. A value of this attribute is a string of ASCII characters following thisABNF:
label = (ALPHA / DIGIT) [*61(ALPHA / DIGIT / HYPHEN) (ALPHA / DIGIT)]ALPHA = %x41-5A / %x61-7A ; "A"-"Z" / "a"-"z"DIGIT = %x30-39 ; "0"-"9"HYPHEN = %x2D ; hyphen ("-")
Examples: example, com (but not example.com)
Origin RFC 4519Usage userApplicationsOID 0.9.2342.19200300.100.1.25Substring Matching Rule caseIgnoreIA5SubstringsMatchEquality Matching Rule caseIgnoreIA5Match
Attribute TypesdefaultSearchBase
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 93
Single Value trueNames dc, domainComponentOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By dNSDomain, dcObject, domain, rFC822LocalPart, untypedObjectSchema File 00-core.ldifSyntax IA5 String
defaultSearchBase
Origin RFC 4876Usage userApplicationsDescription Default base for searchesOID 1.3.6.1.4.1.11.1.3.1.1.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames defaultSearchBaseUser ModificationAllowed
true
Used By DUAConfigProfileSchema File 05-rfc4876.ldifSyntax DN
defaultSearchScope
Origin RFC 4876Usage userApplicationsDescription Default scope used when performing a searchOID 1.3.6.1.4.1.11.1.3.1.1.12Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value true
Attribute TypesdefaultServerList
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 94
Names defaultSearchScopeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By DUAConfigProfileSchema File 05-rfc4876.ldifSyntax IA5 String
defaultServerListOrigin RFC 4876Usage userApplicationsDescription List of default serversOID 1.3.6.1.4.1.11.1.3.1.1.0Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames defaultServerListOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By DUAConfigProfileSchema File 05-rfc4876.ldifSyntax Directory String
deleteOldRDNOrigin draft-good-ldap-changelogUsage userApplicationsDescription a flag which indicates if the old RDN should be retained as an attribute of the
entryOID 2.16.840.1.113730.3.1.10Equality Matching Rule booleanMatchSingle Value trueNames deleteOldRDN
Attribute TypesdeltaRevocationList
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 95
User ModificationAllowed
true
Used By changeLogEntrySchema File 03-changelog.ldifSyntax Boolean
deltaRevocationListX.509 certificate lists, as described in X.509 clause 11.2.6.
Request and transfer values using the binary option for the attribute description,deltaRevocationList;binary.
Origin RFC 4523Usage userApplicationsOID 2.5.4.53Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames deltaRevocationListOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By cRLDistributionPoint, certificationAuthority-V2, deltaCRLSchema File 00-core.ldifSyntax Certificate List
departmentNumberCode for the department that a person belongs to.
Examples: 1234, ABC/123.
Origin RFC 2798Usage userApplicationsDescription identifies a department within an organizationOID 2.16.840.1.113730.3.1.2Substring Matching Rule caseIgnoreSubstringsMatch
Attribute TypesdereferenceAliases
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 96
Equality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames departmentNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By inetOrgPersonSchema File 00-core.ldifSyntax Directory String
dereferenceAliases
Origin RFC 4876Usage userApplicationsDescription Specifies if a service or agent either requires, supports, or uses dereferencing of
aliases.OID 1.3.6.1.4.1.11.1.3.1.1.16Equality Matching Rule booleanMatchSingle Value trueNames dereferenceAliasesUser ModificationAllowed
true
Used By DUAConfigProfileSchema File 05-rfc4876.ldifSyntax Boolean
descriptionHuman-readable descriptive phrase about the entry.
Origin RFC 4519Usage userApplicationsOID 2.5.4.13Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatch
Attribute TypesdestinationIndicator
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 97
Single Value false: multiple values allowedNames descriptionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisProject, account, applicationEntity, applicationProcess, automount,automountMap, corbaObject, corbaObjectReference, country, dNSDomain,dSA, device, dmd, document, documentSeries, domain, fr-idm-internal-role, friendlyCountry, groupOfEntries, groupOfNames, groupOfURLs,groupOfUniqueNames, inetOrgPerson, ipHost, ipNetwork, ipProtocol,ipService, javaMarshalledObject, javaNamingReference, javaObject,javaSerializedObject, locality, nisKeyObject, nisMap, nisNetgroup, nisObject,nisplusTimeZoneData, oncRpc, organization, organizationalPerson,organizationalRole, organizationalUnit, person, pilotDSA, pilotOrganization,pilotPerson, posixAccount, posixGroup, rFC822LocalPart, residentialPerson, room,sambaConfig, sambaConfigOption, sambaGroupMapping, sambaSamAccount,sambaShare, shadowAccount, slpService, slpServicePrinter, sunRealmService,sunservice, sunservicecomponent, untypedObject
Schema File 00-core.ldifSyntax Directory String
destinationIndicatorCountry and city strings used by the Public Telegram Service.
The strings depend on CCITT Recommendations F.1 and F.31.
Examples: AASD (Sydney, Australia), GBLD (London, United Kingdom)
Origin RFC 4519Usage userApplicationsOID 2.5.4.27Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames destinationIndicatorOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By dNSDomain, dmd, domain, inetOrgPerson, organization, organizationalPerson,organizationalRole, organizationalUnit, pilotOrganization, rFC822LocalPart,residentialPerson, sunservicecomponent
Attribute TypesdevicePrintProfiles
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 98
Schema File 00-core.ldifSyntax Printable String
devicePrintProfilesOrigin OpenAMUsage userApplicationsDescription Device print profiles information is stored in this attributeInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.4Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames devicePrintProfilesOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By devicePrintProfilesContainerSchema File 60-identity-store-ds-deviceprint.ldifSyntax Directory String
deviceProfilesOrigin OpenAMUsage userApplicationsDescription Device profiles stringInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.13Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames deviceProfilesOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Attribute TypesdisplayName
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 99
Used By deviceProfilesContainerSchema File 60-identity-store-ds-deviceprofiles.ldifSyntax Directory String
displayNameName to be used for displaying an entry, especially in a one-line summary list.
Origin RFC 2798Usage userApplicationsDescription preferred name of a person to be used when displaying entriesOID 2.16.840.1.113730.3.1.241Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames displayNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By inetOrgPerson, sambaGroupMapping, sambaSamAccountSchema File 00-core.ldifSyntax Directory String
distinguishedNameBase type for user attribute types with DN syntax.
Origin RFC 4519Usage userApplicationsOID 2.5.4.49Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames distinguishedNameUser ModificationAllowed
true
Attribute TypesdITContentRules
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 100
Schema File 00-core.ldifSyntax DN
dITContentRulesThis operational attribute used in LDAP schema defines DIT content rules, which specify the contentof entries with a given structural object class.
Origin RFC 4512Usage directoryOperationOID 2.5.21.2Equality Matching Rule objectIdentifierFirstComponentMatchSingle Value false: multiple values allowedNames dITContentRulesUser ModificationAllowed
true
Used By subschemaSchema File 00-core.ldifSyntax DIT Content Rule Description
dITRedirectDN indicating a newer entry for this entry. This entry should expire after a suitable grace period, forexample, after the person changes organizations.
Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.54Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames dITRedirectUser ModificationAllowed
true
Used By pilotObjectSchema File 00-core.ldif
Attribute TypesdITStructureRules
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 101
Syntax DN
dITStructureRulesThis operational attribute used in LDAP schema defines DIT structure rules, which specify the namesentries may have, and how entries may be related to each other.
Origin RFC 4512Usage directoryOperationOID 2.5.21.1Equality Matching Rule integerFirstComponentMatchSingle Value false: multiple values allowedNames dITStructureRulesUser ModificationAllowed
true
Used By subschemaSchema File 00-core.ldifSyntax DIT Structure Rule Description
dmdNameA Directory Management Domain (DMD) name. The DMD is the administrative authority for thisdirectory server.
Origin RFC 2256Usage userApplicationsSuperior Type nameOID 2.5.4.54Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames dmdNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By dmd
Attribute TypesdnQualifier
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 102
Schema File 00-core.ldifSyntax Directory String
dnQualifierDisambiguating information for the RDN of an entry. The information can be used to avoid conflictswhen merging data from multiple sources.
All values for this attribute from a particular source should be the same.
Origin RFC 4519Usage userApplicationsOID 2.5.4.46Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames dnQualifierOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Printable String
documentAuthorDNs of the entries for authors and editors of a document.
Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.14Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames documentAuthorUser ModificationAllowed
true
Attribute TypesdocumentIdentifier
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 103
Used By documentSchema File 00-core.ldifSyntax DN
documentIdentifierUnique identifier(s) of a document.
Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.11Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames documentIdentifierOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By documentSchema File 00-core.ldifSyntax Directory String
documentLocationLocation(s) of the document original.
Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.15Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames documentLocationOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Attribute TypesdocumentPublisher
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 104
Used By documentSchema File 00-core.ldifSyntax Directory String
documentPublisherDNs of the person or organization who published the document. Joint publications have one value perpublisher.
Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.56Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames documentPublisherOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By documentSchema File 00-core.ldifSyntax Directory String
documentTitleTitles of a document, where multiple values can specify different forms, such as long and shortversions.
Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.12Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames documentTitle
Attribute TypesdocumentVersion
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 105
Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By documentSchema File 00-core.ldifSyntax Directory String
documentVersionOrigin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.13Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames documentVersionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By documentSchema File 00-core.ldifSyntax Directory String
drinkOrigin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.5Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames drink, favouriteDrinkOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Attribute Typesds-certificate-fingerprint
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 106
Used By pilotPersonSchema File 00-core.ldifSyntax Directory String
ds-certificate-fingerprintHolds a digital certificate fingerprint value for mapping an incoming certificate to a user entry.
Origin OpenDS Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.26027.1.1.268Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-certificate-fingerprintOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-certificate-userSchema File 02-config.ldifSyntax Directory String
ds-certificate-issuer-dnHolds a digital certificate issuer DN value for validating the CA of an incoming certificate.
Origin OpenDJ Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.341Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames ds-certificate-issuer-dnUser ModificationAllowed
true
Attribute Typesds-certificate-subject-dn
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 107
Used By ds-certificate-userSchema File 02-config.ldifSyntax DN
ds-certificate-subject-dnHolds a digital certificate subject DN value for mapping an incoming certificate to a user entry.
Origin OpenDS Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.26027.1.1.266Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames ds-certificate-subject-dnUser ModificationAllowed
true
Used By ds-certificate-userSchema File 02-config.ldifSyntax DN
ds-mon-abandoned-requestsOrigin OpenDJ Directory ServerUsage userApplicationsDescription Total number of abandoned operations since startupOID 1.3.6.1.4.1.36733.2.1.1.255Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-abandoned-requestsOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-ldap-connection-handler
Attribute Typesds-mon-active-connections-count
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 108
Schema File 02-config.ldifSyntax Counter metric
ds-mon-active-connections-countOrigin OpenDS Directory ServerUsage userApplicationsDescription Number of active client connectionsOID 1.3.6.1.4.1.26027.1.1.253Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-active-connections-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-connection-handler, ds-monitor-http-connection-handler, ds-monitor-ldap-connection-handler
Schema File 02-config.ldifSyntax Integer
ds-mon-active-persistent-searchesOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of active persistent searchesOID 1.3.6.1.4.1.36733.2.1.1.254Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-active-persistent-searchesOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-ldap-connection-handler
Attribute Typesds-mon-admin-hostport
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 109
Schema File 02-config.ldifSyntax Integer
ds-mon-admin-hostport
Origin OpenDJ Directory ServerUsage userApplicationsDescription The administrative host and portOID 1.3.6.1.4.1.36733.2.1.1.546Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-admin-hostportOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-connected-replica, ds-monitor-topology-serverSchema File 02-config.ldifSyntax Host port
ds-mon-alias
Origin OpenDJ Directory ServerUsage userApplicationsDescription Certificate aliasOID 1.3.6.1.4.1.36733.2.1.1.464Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-aliasOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-certificate
Attribute Typesds-mon-alive-errors
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 110
Schema File 02-config.ldifSyntax Directory String
ds-mon-alive-errorsOrigin OpenDJ Directory ServerUsage userApplicationsDescription Lists server errors preventing the server from operating correctly that require
administrative actionOID 1.3.6.1.4.1.36733.2.1.1.517Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-mon-alive-errorsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-health-statusSchema File 02-config.ldifSyntax Directory String
ds-mon-aliveWhen the value of this attribute is true, the server's internal tests have not found any errors thatwould require administrative action. This is not, however, a guarantee that the server is alive. It ispossible that the server is subject to error conditions that its internal tests missed.
When the value of this attribute is false, however, administrative action is definitely required.
Origin OpenDJ Directory ServerUsage userApplicationsDescription Indicates whether the server is aliveOID 1.3.6.1.4.1.36733.2.1.1.515Equality Matching Rule booleanMatchSingle Value trueNames ds-mon-alive
Attribute Typesds-mon-backend-degraded-index-count
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 111
User ModificationAllowed
true
Used By ds-monitor-health-statusSchema File 02-config.ldifSyntax Boolean
ds-mon-backend-degraded-index-count
Origin OpenDJ Directory ServerUsage userApplicationsDescription Number of degraded indexes in the backendOID 1.3.6.1.4.1.36733.2.1.1.364Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-backend-degraded-index-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-db, ds-monitor-backend-pluggableSchema File 02-config.ldifSyntax Integer
ds-mon-backend-degraded-index
Origin OpenDJ Directory ServerUsage userApplicationsDescription Backend degraded indexOID 1.3.6.1.4.1.36733.2.1.1.365Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames ds-mon-backend-degraded-indexOrdering Matching Rule caseIgnoreOrderingMatch
Attribute Typesds-mon-backend-entry-count
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 112
User ModificationAllowed
true
Used By ds-monitor-backend-db, ds-monitor-backend-pluggableSchema File 02-config.ldifSyntax Directory String
ds-mon-backend-entry-countOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of entries contained in the backendOID 1.3.6.1.4.1.36733.2.1.1.363Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-backend-entry-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend, ds-monitor-backend-db, ds-monitor-backend-pluggable, ds-monitor-backend-proxy, ds-monitor-base-dn
Schema File 02-config.ldifSyntax Integer
ds-mon-backend-filter-use-indexedOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of indexed searches performed against the backendOID 1.3.6.1.4.1.36733.2.1.1.369Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-backend-filter-use-indexedOrdering Matching Rule integerOrderingMatch
Attribute Typesds-mon-backend-filter-use-start-time
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 113
User ModificationAllowed
true
Used By ds-monitor-backend-db, ds-monitor-backend-pluggableSchema File 02-config.ldifSyntax Integer
ds-mon-backend-filter-use-start-timeOrigin OpenDJ Directory ServerUsage userApplicationsDescription Time when recording started for statistical information about the simple search
filters processed against the backendOID 1.3.6.1.4.1.36733.2.1.1.368Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-mon-backend-filter-use-start-timeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-db, ds-monitor-backend-pluggableSchema File 02-config.ldifSyntax Generalized Time
ds-mon-backend-filter-use-unindexedOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of unindexed searches performed against the backendOID 1.3.6.1.4.1.36733.2.1.1.370Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-backend-filter-use-unindexedOrdering Matching Rule integerOrderingMatch
Attribute Typesds-mon-backend-filter-use
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 114
User ModificationAllowed
true
Used By ds-monitor-backend-db, ds-monitor-backend-pluggableSchema File 02-config.ldifSyntax Integer
ds-mon-backend-filter-useOrigin OpenDJ Directory ServerUsage userApplicationsDescription Information about the simple search filter processed against the backendOID 1.3.6.1.4.1.36733.2.1.1.371Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames ds-mon-backend-filter-useOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-db, ds-monitor-backend-pluggableSchema File 02-config.ldifSyntax Json
ds-mon-backend-is-privateOrigin OpenDJ Directory ServerUsage userApplicationsDescription Whether the base DNs of this backend should be considered public or privateOID 1.3.6.1.4.1.36733.2.1.1.356Equality Matching Rule booleanMatchSingle Value trueNames ds-mon-backend-is-privateUser ModificationAllowed
true
Used By ds-monitor-backend, ds-monitor-backend-db, ds-monitor-backend-pluggable, ds-monitor-backend-proxy, ds-monitor-base-dn
Attribute Typesds-mon-backend-proxy-base-dn
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 115
Schema File 02-config.ldifSyntax Boolean
ds-mon-backend-proxy-base-dn
Origin OpenDJ Directory ServerUsage userApplicationsDescription Base DNs routed to remote LDAP servers by the proxy backendOID 1.3.6.1.4.1.36733.2.1.1.354Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames ds-mon-backend-proxy-base-dnUser ModificationAllowed
true
Used By ds-monitor-backend-proxySchema File 02-config.ldifSyntax DN
ds-mon-backend-proxy-shard
Origin OpenDJ Directory ServerUsage userApplicationsDescription Remote LDAP servers that the proxy backend forwards requests toOID 1.3.6.1.4.1.36733.2.1.1.357Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames ds-mon-backend-proxy-shardOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-proxySchema File 02-config.ldifSyntax Summary metric
Attribute Typesds-mon-backend-ttl-entries-deleted
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 116
ds-mon-backend-ttl-entries-deleted
Origin OpenDJ Directory ServerUsage userApplicationsDescription Summary for entries purged by time-to-liveOID 1.3.6.1.4.1.36733.2.1.1.334Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-backend-ttl-entries-deletedOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-db, ds-monitor-backend-pluggableSchema File 02-config.ldifSyntax Summary metric
ds-mon-backend-ttl-is-running
Origin OpenDJ Directory ServerUsage userApplicationsDescription Indicates whether time-to-live is in the process of purging expired entriesOID 1.3.6.1.4.1.36733.2.1.1.330Equality Matching Rule booleanMatchSingle Value trueNames ds-mon-backend-ttl-is-runningUser ModificationAllowed
true
Used By ds-monitor-backend-db, ds-monitor-backend-pluggableSchema File 02-config.ldifSyntax Boolean
ds-mon-backend-ttl-last-run-time
Origin OpenDJ Directory Server
Attribute Typesds-mon-backend-ttl-queue-size
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 117
Usage userApplicationsDescription Last date and time when time-to-live finished purging expired entriesOID 1.3.6.1.4.1.36733.2.1.1.331Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-mon-backend-ttl-last-run-timeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-db, ds-monitor-backend-pluggableSchema File 02-config.ldifSyntax Generalized Time
ds-mon-backend-ttl-queue-sizeOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of entries queued for purging by the time-to-live serviceOID 1.3.6.1.4.1.36733.2.1.1.333Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-backend-ttl-queue-sizeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-db, ds-monitor-backend-pluggableSchema File 02-config.ldifSyntax Integer
ds-mon-backend-ttl-thread-countOrigin OpenDJ Directory ServerUsage userApplications
Attribute Typesds-mon-backend-writability-mode
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 118
Description Number of active time-to-live threadsOID 1.3.6.1.4.1.36733.2.1.1.332Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-backend-ttl-thread-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-db, ds-monitor-backend-pluggableSchema File 02-config.ldifSyntax Integer
ds-mon-backend-writability-modeOrigin OpenDJ Directory ServerUsage userApplicationsDescription Current backend behavior when processing write operations, can either be
"disabled", "enabled" or "internal-only"OID 1.3.6.1.4.1.36733.2.1.1.355Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-backend-writability-modeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend, ds-monitor-backend-db, ds-monitor-backend-pluggable, ds-monitor-backend-proxy, ds-monitor-base-dn
Schema File 02-config.ldifSyntax Directory String
ds-mon-base-dn-entry-countOrigin OpenDJ Directory Server
Attribute Typesds-mon-base-dn
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 119
Usage userApplicationsDescription Number of subordinate entries of the base DN, including the base DNOID 1.3.6.1.4.1.36733.2.1.1.367Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-base-dn-entry-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-base-dnSchema File 02-config.ldifSyntax Integer
ds-mon-base-dn
Origin OpenDJ Directory ServerUsage userApplicationsDescription Base DN handled by a backendOID 1.3.6.1.4.1.36733.2.1.1.366Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames ds-mon-base-dnUser ModificationAllowed
true
Used By ds-monitor-base-dnSchema File 02-config.ldifSyntax DN
ds-mon-build-number
Origin OpenDJ Directory ServerUsage userApplications
Attribute Typesds-mon-build-time
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 120
Description Build number of the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.321Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-build-numberOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldifSyntax Integer
ds-mon-build-time
Origin OpenDJ Directory ServerUsage userApplicationsDescription Build date and time of the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.319Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-build-timeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldifSyntax Directory String
ds-mon-bytes-read
Origin OpenDJ Directory ServerUsage userApplications
Attribute Typesds-mon-bytes-written
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 121
Description Network bytes read summaryOID 1.3.6.1.4.1.36733.2.1.1.252Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-bytes-readOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-connection-handler, ds-monitor-http-connection-handler, ds-monitor-ldap-connection-handler
Schema File 02-config.ldifSyntax Summary metric
ds-mon-bytes-writtenOrigin OpenDJ Directory ServerUsage userApplicationsDescription Network bytes written summaryOID 1.3.6.1.4.1.36733.2.1.1.253Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-bytes-writtenOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-connection-handler, ds-monitor-http-connection-handler, ds-monitor-ldap-connection-handler
Schema File 02-config.ldifSyntax Summary metric
ds-mon-cache-entry-countOrigin OpenDJ Directory ServerUsage userApplicationsDescription Current number of entries held in this cache
Attribute Typesds-mon-cache-max-entry-count
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 122
OID 1.3.6.1.4.1.36733.2.1.1.360Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-cache-entry-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-entry-cacheSchema File 02-config.ldifSyntax Integer
ds-mon-cache-max-entry-count
Origin OpenDJ Directory ServerUsage userApplicationsDescription Maximum number of entries allowed in this cacheOID 1.3.6.1.4.1.36733.2.1.1.361Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-cache-max-entry-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-entry-cacheSchema File 02-config.ldifSyntax Integer
ds-mon-cache-max-size-bytes
Origin OpenDJ Directory ServerUsage userApplicationsDescription Memory limit for this cache
Attribute Typesds-mon-cache-misses
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 123
OID 1.3.6.1.4.1.36733.2.1.1.362Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-cache-max-size-bytesOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-entry-cacheSchema File 02-config.ldifSyntax Size in bytes
ds-mon-cache-misses
Origin OpenDJ Directory ServerUsage userApplicationsDescription Number of attempts to retrieve an entry that was not held in this cacheOID 1.3.6.1.4.1.36733.2.1.1.358Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-cache-missesOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-entry-cacheSchema File 02-config.ldifSyntax Summary metric
ds-mon-cache-total-tries
Origin OpenDJ Directory ServerUsage userApplicationsDescription Number of attempts to retrieve an entry from this cacheOID 1.3.6.1.4.1.36733.2.1.1.359
Attribute Typesds-mon-certificate-expires-at
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 124
Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-cache-total-triesOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-entry-cacheSchema File 02-config.ldifSyntax Summary metric
ds-mon-certificate-expires-at
Origin OpenDJ Directory ServerUsage userApplicationsDescription Certificate expiration date and timeOID 1.3.6.1.4.1.36733.2.1.1.277Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-mon-certificate-expires-atOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-certificateSchema File 02-config.ldifSyntax Generalized Time
ds-mon-certificate-issuer-dn
Origin OpenDJ Directory ServerUsage userApplicationsDescription Certificate issuer DNOID 1.3.6.1.4.1.36733.2.1.1.274Substring Matching Rule caseIgnoreSubstringsMatch
Attribute Typesds-mon-certificate-serial-number
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 125
Equality Matching Rule distinguishedNameMatchSingle Value trueNames ds-mon-certificate-issuer-dnUser ModificationAllowed
true
Used By ds-monitor-certificateSchema File 02-config.ldifSyntax DN
ds-mon-certificate-serial-number
Origin OpenDJ Directory ServerUsage userApplicationsDescription Certificate serial numberOID 1.3.6.1.4.1.36733.2.1.1.276Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-certificate-serial-numberOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-certificateSchema File 02-config.ldifSyntax Integer
ds-mon-certificate-subject-dn
Origin OpenDJ Directory ServerUsage userApplicationsDescription Certificate subject DNOID 1.3.6.1.4.1.36733.2.1.1.275Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatch
Attribute Typesds-mon-changelog-hostport
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 126
Single Value trueNames ds-mon-certificate-subject-dnUser ModificationAllowed
true
Used By ds-monitor-certificateSchema File 02-config.ldifSyntax DN
ds-mon-changelog-hostport
Origin OpenDJ Directory ServerUsage userApplicationsDescription The host and port of the changelog serverOID 1.3.6.1.4.1.36733.2.1.1.549Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-changelog-hostportOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-connected-changelog, ds-monitor-topology-serverSchema File 02-config.ldifSyntax Host port
ds-mon-changelog-id
Origin OpenDJ Directory ServerUsage userApplicationsDescription Changelog identifierOID 1.3.6.1.4.1.36733.2.1.1.559Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value true
Attribute Typesds-mon-changelog-purge-delay
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 127
Names ds-mon-changelog-idOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-connected-changelogSchema File 02-config.ldifSyntax Directory String
ds-mon-changelog-purge-delayOrigin OpenDJ Directory ServerUsage userApplicationsDescription The purge delay of the changelogOID 1.3.6.1.4.1.36733.2.1.1.550Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-changelog-purge-delayOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-topology-serverSchema File 02-config.ldifSyntax Duration in milli-seconds
ds-mon-compact-versionOrigin OpenDJ Directory ServerUsage userApplicationsDescription Compact version of the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.314Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-compact-version
Attribute Typesds-mon-config-dn
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 128
Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldifSyntax Directory String
ds-mon-config-dnOrigin OpenDJ Directory ServerUsage userApplicationsDescription DN of the configuration entryOID 1.3.6.1.4.1.36733.2.1.1.273Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames ds-mon-config-dnUser ModificationAllowed
true
Used By ds-monitor-connection-handler, ds-monitor-http-connection-handler, ds-monitor-ldap-connection-handler
Schema File 02-config.ldifSyntax DN
ds-mon-connected-to-server-hostportOrigin OpenDJ Directory ServerUsage userApplicationsDescription Host and replication port of the server that this server is connected toOID 1.3.6.1.4.1.36733.2.1.1.465Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-connected-to-server-hostportOrdering Matching Rule caseIgnoreOrderingMatch
Attribute Typesds-mon-connected-to-server-id
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 129
User ModificationAllowed
true
Used By ds-monitor-connected-changelog, ds-monitor-connected-replica, ds-monitor-replicaSchema File 02-config.ldifSyntax Host port
ds-mon-connected-to-server-idOrigin OpenDJ Directory ServerUsage userApplicationsDescription Identifier of the server that this server is connected toOID 1.3.6.1.4.1.36733.2.1.1.462Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-connected-to-server-idOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-replicaSchema File 02-config.ldifSyntax Directory String
ds-mon-connectionOrigin OpenDS Directory ServerUsage userApplicationsDescription Client connection summary informationOID 1.3.6.1.4.1.26027.1.1.251Equality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-mon-connectionOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Attribute Typesds-mon-connections
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 130
Used By ds-monitor-ldap-connection-handlerSchema File 02-config.ldifSyntax Json
ds-mon-connectionsOrigin OpenDJ Directory ServerUsage userApplicationsDescription Connection summaryOID 1.3.6.1.4.1.36733.2.1.1.251Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-connectionsOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-ldap-connection-handlerSchema File 02-config.ldifSyntax Summary metric
ds-mon-current-connectionsOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of client connections currently established with the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.326Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-current-connectionsOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldif
Attribute Typesds-mon-current-receive-window
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 131
Syntax Integer
ds-mon-current-receive-windowOrigin OpenDJ Directory ServerUsage userApplicationsDescription Current replication window size for receiving messages, indicating the
number of replication messages a remote server can send before waiting onacknowledgement from this server. This does not depend on the TCP window size
OID 1.3.6.1.4.1.36733.2.1.1.492Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-current-receive-windowOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-connected-changelog, ds-monitor-connected-replica, ds-monitor-replicaSchema File 02-config.ldifSyntax Integer
ds-mon-current-timeOrigin OpenDJ Directory ServerUsage userApplicationsDescription Current date and timeOID 1.3.6.1.4.1.36733.2.1.1.324Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-mon-current-timeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldif
Attribute Typesds-mon-db-cache-evict-internal-nodes-count
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 132
Syntax Generalized Time
ds-mon-db-cache-evict-internal-nodes-countOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of internal nodes evicted from the database cacheOID 1.3.6.1.4.1.36733.2.1.1.373Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-cache-evict-internal-nodes-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-dbSchema File 02-config.ldifSyntax Integer
ds-mon-db-cache-evict-leaf-nodes-countOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of leaf nodes (data records) evicted from the database cacheOID 1.3.6.1.4.1.36733.2.1.1.374Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-cache-evict-leaf-nodes-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-dbSchema File 02-config.ldifSyntax Integer
Attribute Typesds-mon-db-cache-leaf-nodes
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 133
ds-mon-db-cache-leaf-nodesOrigin OpenDJ Directory ServerUsage userApplicationsDescription Whether leaf nodes are cachedOID 1.3.6.1.4.1.36733.2.1.1.531Equality Matching Rule booleanMatchSingle Value trueNames ds-mon-db-cache-leaf-nodesUser ModificationAllowed
true
Used By ds-monitor-backend-dbSchema File 02-config.ldifSyntax Boolean
ds-mon-db-cache-misses-internal-nodesOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of internal nodes requested by btree operations that were not in the
database cacheOID 1.3.6.1.4.1.36733.2.1.1.377Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-cache-misses-internal-nodesOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-dbSchema File 02-config.ldifSyntax Integer
ds-mon-db-cache-misses-leaf-nodesOrigin OpenDJ Directory Server
Attribute Typesds-mon-db-cache-size-active
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 134
Usage userApplicationsDescription Number of leaf nodes (data records) requested by btree operations that were not
in the database cacheOID 1.3.6.1.4.1.36733.2.1.1.378Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-cache-misses-leaf-nodesOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-dbSchema File 02-config.ldifSyntax Integer
ds-mon-db-cache-size-activeOrigin OpenDJ Directory ServerUsage userApplicationsDescription Size of the database cacheOID 1.3.6.1.4.1.36733.2.1.1.379Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-cache-size-activeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-dbSchema File 02-config.ldifSyntax Size in bytes
ds-mon-db-cache-size-totalOrigin ForgeRock Directory Server
Attribute Typesds-mon-db-cache-total-tries-internal-nodes
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 135
Usage userApplicationsDescription Maximum size of the database cacheOID 1.3.6.1.4.1.36733.2.1.1.624Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-cache-size-totalOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-dbSchema File 02-config.ldifSyntax Size in bytes
ds-mon-db-cache-total-tries-internal-nodes
Origin OpenDJ Directory ServerUsage userApplicationsDescription Number of internal nodes requested by btree operationsOID 1.3.6.1.4.1.36733.2.1.1.375Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-cache-total-tries-internal-nodesOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-dbSchema File 02-config.ldifSyntax Integer
ds-mon-db-cache-total-tries-leaf-nodes
Origin OpenDJ Directory Server
Attribute Typesds-mon-db-checkpoint-count
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 136
Usage userApplicationsDescription Number of leaf nodes (data records) requested by btree operationsOID 1.3.6.1.4.1.36733.2.1.1.376Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-cache-total-tries-leaf-nodesOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-dbSchema File 02-config.ldifSyntax Integer
ds-mon-db-checkpoint-count
Origin OpenDJ Directory ServerUsage userApplicationsDescription Number of checkpoints run so farOID 1.3.6.1.4.1.36733.2.1.1.387Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-checkpoint-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-dbSchema File 02-config.ldifSyntax Integer
ds-mon-db-log-cleaner-file-deletion-count
Origin OpenDJ Directory Server
Attribute Typesds-mon-db-log-files-open
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 137
Usage userApplicationsDescription Number of cleaner file deletionsOID 1.3.6.1.4.1.36733.2.1.1.381Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-log-cleaner-file-deletion-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-dbSchema File 02-config.ldifSyntax Integer
ds-mon-db-log-files-open
Origin OpenDJ Directory ServerUsage userApplicationsDescription Number of files currently open in the database file cacheOID 1.3.6.1.4.1.36733.2.1.1.385Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-log-files-openOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-dbSchema File 02-config.ldifSyntax Integer
ds-mon-db-log-files-opened
Origin OpenDJ Directory Server
Attribute Typesds-mon-db-log-size-active
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 138
Usage userApplicationsDescription Number of times a log file has been openedOID 1.3.6.1.4.1.36733.2.1.1.386Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-log-files-openedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-dbSchema File 02-config.ldifSyntax Integer
ds-mon-db-log-size-activeOrigin OpenDJ Directory ServerUsage userApplicationsDescription Estimate of the amount in bytes of live data in all data files (i.e., the size of the DB,
ignoring garbage)OID 1.3.6.1.4.1.36733.2.1.1.380Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-log-size-activeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-dbSchema File 02-config.ldifSyntax Size in bytes
ds-mon-db-log-size-totalOrigin OpenDJ Directory Server
Attribute Typesds-mon-db-log-utilization-max
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 139
Usage userApplicationsDescription Size used by all data files on diskOID 1.3.6.1.4.1.36733.2.1.1.384Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-log-size-totalOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-dbSchema File 02-config.ldifSyntax Size in bytes
ds-mon-db-log-utilization-max
Origin OpenDJ Directory ServerUsage userApplicationsDescription Current maximum (upper bound) log utilization as a percentageOID 1.3.6.1.4.1.36733.2.1.1.383Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-log-utilization-maxOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-dbSchema File 02-config.ldifSyntax Integer
ds-mon-db-log-utilization-min
Origin OpenDJ Directory Server
Attribute Typesds-mon-db-version
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 140
Usage userApplicationsDescription Current minimum (lower bound) log utilization as a percentageOID 1.3.6.1.4.1.36733.2.1.1.382Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-log-utilization-minOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-dbSchema File 02-config.ldifSyntax Integer
ds-mon-db-version
Origin OpenDJ Directory ServerUsage userApplicationsDescription Database version used by the backendOID 1.3.6.1.4.1.36733.2.1.1.372Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-db-versionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-backend-dbSchema File 02-config.ldifSyntax Directory String
ds-mon-disk-dir
Origin OpenDJ Directory Server
Attribute Typesds-mon-disk-free
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 141
Usage userApplicationsDescription A monitored directory containing data that may change over timeOID 1.3.6.1.4.1.36733.2.1.1.339Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames ds-mon-disk-dirOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-disk-spaceSchema File 02-config.ldifSyntax Filesystem path
ds-mon-disk-freeOrigin OpenDJ Directory ServerUsage userApplicationsDescription Amount of free disk spaceOID 1.3.6.1.4.1.36733.2.1.1.335Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames ds-mon-disk-freeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-disk-spaceSchema File 02-config.ldifSyntax Size in bytes
ds-mon-disk-full-thresholdOrigin OpenDJ Directory ServerUsage userApplications
Attribute Typesds-mon-disk-low-threshold
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 142
Description Effective full disk space thresholdOID 1.3.6.1.4.1.36733.2.1.1.338Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames ds-mon-disk-full-thresholdOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-disk-spaceSchema File 02-config.ldifSyntax Size in bytes
ds-mon-disk-low-thresholdOrigin OpenDJ Directory ServerUsage userApplicationsDescription Effective low disk space thresholdOID 1.3.6.1.4.1.36733.2.1.1.337Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames ds-mon-disk-low-thresholdOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-disk-spaceSchema File 02-config.ldifSyntax Size in bytes
ds-mon-disk-rootOrigin OpenDJ Directory ServerUsage userApplicationsDescription Monitored disk root
Attribute Typesds-mon-disk-state
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 143
OID 1.3.6.1.4.1.36733.2.1.1.353Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames ds-mon-disk-rootOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-disk-spaceSchema File 02-config.ldifSyntax Filesystem path
ds-mon-disk-stateOrigin OpenDJ Directory ServerUsage userApplicationsDescription Current disk state, can be either "normal", "low" or "full"OID 1.3.6.1.4.1.36733.2.1.1.336Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-disk-stateOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-disk-spaceSchema File 02-config.ldifSyntax Directory String
ds-mon-domain-generation-idOrigin OpenDJ Directory ServerUsage userApplicationsDescription Replication domain generation identifierOID 1.3.6.1.4.1.36733.2.1.1.467
Attribute Typesds-mon-domain-name
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 144
Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-domain-generation-idOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-changelog-domain, ds-monitor-connected-changelog, ds-monitor-connected-replica, ds-monitor-replica
Schema File 02-config.ldifSyntax Integer
ds-mon-domain-nameOrigin OpenDJ Directory ServerUsage userApplicationsDescription Replication domain nameOID 1.3.6.1.4.1.36733.2.1.1.466Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames ds-mon-domain-nameUser ModificationAllowed
true
Used By ds-monitor-changelog-domain, ds-monitor-remote-replica, ds-monitor-replicaSchema File 02-config.ldifSyntax DN
ds-mon-entries-awaiting-updates-countOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of entries for which an update operation has been received but not
replayed yet by this replicaInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.
Attribute Typesds-mon-fix-ids
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 145
OID 1.3.6.1.4.1.36733.2.1.1.500Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-entries-awaiting-updates-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-replicaSchema File 02-config.ldifSyntax Integer
ds-mon-fix-idsOrigin OpenDJ Directory ServerUsage userApplicationsDescription IDs of issues that have been fixed in this Directory Server buildOID 1.3.6.1.4.1.36733.2.1.1.322Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-fix-idsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldifSyntax Directory String
ds-mon-full-versionOrigin OpenDJ Directory ServerUsage userApplicationsDescription Full version of the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.313
Attribute Typesds-mon-group-id
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 146
Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-full-versionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldifSyntax Directory String
ds-mon-group-idOrigin OpenDJ Directory ServerUsage userApplicationsDescription Unique identifier of the group in which the directory server belongsOID 1.3.6.1.4.1.36733.2.1.1.543Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-group-idOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-topology-serverSchema File 02-config.ldifSyntax Directory String
ds-mon-healthy-errorsOrigin OpenDJ Directory ServerUsage userApplicationsDescription Lists transient server errors preventing the server from temporarily handling
requestsOID 1.3.6.1.4.1.36733.2.1.1.518
Attribute Typesds-mon-healthy
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 147
Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-mon-healthy-errorsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-health-statusSchema File 02-config.ldifSyntax Directory String
ds-mon-healthyWhen the value of this attribute is true, the server has not found any transient server errorspreventing it from handling requests. This is not, however, a guarantee that the server is ready tohandle all requests. It is possible that the server is subject to error conditions that its internal testsmissed.
When the value of this attribute is false, however, the server's internal tests have definitely foundtransient errors. Route traffic to another server until this attribute is true again.
Origin OpenDJ Directory ServerUsage userApplicationsDescription Indicates whether the server is able to handle requestsOID 1.3.6.1.4.1.36733.2.1.1.516Equality Matching Rule booleanMatchSingle Value trueNames ds-mon-healthyUser ModificationAllowed
true
Used By ds-monitor-health-statusSchema File 02-config.ldifSyntax Boolean
ds-mon-install-pathOrigin OpenDJ Directory Server
Attribute Typesds-mon-instance-path
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 148
Usage userApplicationsDescription Directory Server root installation pathOID 1.3.6.1.4.1.36733.2.1.1.305Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames ds-mon-install-pathOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldifSyntax Filesystem path
ds-mon-instance-path
Origin OpenDJ Directory ServerUsage userApplicationsDescription Directory Server instance pathOID 1.3.6.1.4.1.36733.2.1.1.306Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames ds-mon-instance-pathOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldifSyntax Filesystem path
ds-mon-jvm-architecture
Origin OpenDJ Directory Server
Attribute Typesds-mon-jvm-arguments
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 149
Usage userApplicationsDescription Java virtual machine architecture (e.g. 32-bit, 64-bit)OID 1.3.6.1.4.1.36733.2.1.1.299Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-jvm-architectureOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Directory String
ds-mon-jvm-arguments
Origin OpenDJ Directory ServerUsage userApplicationsDescription Input arguments passed to the Java virtual machineOID 1.3.6.1.4.1.36733.2.1.1.307Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames ds-mon-jvm-argumentsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Directory String
ds-mon-jvm-available-cpus
Origin OpenDJ Directory Server
Attribute Typesds-mon-jvm-class-path
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 150
Usage userApplicationsDescription Number of processors available to the Java virtual machineOID 1.3.6.1.4.1.36733.2.1.1.301Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-available-cpusOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Integer
ds-mon-jvm-class-path
Origin OpenDJ Directory ServerUsage userApplicationsDescription Path used to find directories and JAR archives containing Java class filesOID 1.3.6.1.4.1.36733.2.1.1.294Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames ds-mon-jvm-class-pathOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Filesystem path
ds-mon-jvm-classes-loaded
Origin OpenDJ Directory Server
Attribute Typesds-mon-jvm-classes-unloaded
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 151
Usage userApplicationsDescription Number of classes loaded since the Java virtual machine startedOID 1.3.6.1.4.1.36733.2.1.1.388Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-classes-loadedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Integer
ds-mon-jvm-classes-unloaded
Origin OpenDJ Directory ServerUsage userApplicationsDescription Number of classes unloaded since the Java virtual machine startedOID 1.3.6.1.4.1.36733.2.1.1.389Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-classes-unloadedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Integer
ds-mon-jvm-java-home
Origin OpenDJ Directory Server
Attribute Typesds-mon-jvm-java-vendor
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 152
Usage userApplicationsDescription Installation directory for Java runtime environment (JRE)OID 1.3.6.1.4.1.36733.2.1.1.293Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames ds-mon-jvm-java-homeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Filesystem path
ds-mon-jvm-java-vendor
Origin OpenDJ Directory ServerUsage userApplicationsDescription Java runtime environment (JRE) vendorOID 1.3.6.1.4.1.36733.2.1.1.290Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-jvm-java-vendorOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Directory String
ds-mon-jvm-java-version
Origin OpenDJ Directory Server
Attribute Typesds-mon-jvm-memory-heap-init
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 153
Usage userApplicationsDescription Java runtime environment (JRE) versionOID 1.3.6.1.4.1.36733.2.1.1.289Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-jvm-java-versionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Directory String
ds-mon-jvm-memory-heap-initOrigin OpenDJ Directory ServerUsage userApplicationsDescription Amount of heap memory that the Java virtual machine initially requested from the
operating systemOID 1.3.6.1.4.1.36733.2.1.1.391Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-memory-heap-initOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Size in bytes
ds-mon-jvm-memory-heap-maxOrigin OpenDJ Directory Server
Attribute Typesds-mon-jvm-memory-heap-reserved
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 154
Usage userApplicationsDescription Maximum amount of heap memory that the Java virtual machine will attempt to
useOID 1.3.6.1.4.1.36733.2.1.1.397Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-memory-heap-maxOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Size in bytes
ds-mon-jvm-memory-heap-reservedOrigin OpenDJ Directory ServerUsage userApplicationsDescription Amount of heap memory that is committed for the Java virtual machine to useOID 1.3.6.1.4.1.36733.2.1.1.395Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-memory-heap-reservedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Size in bytes
ds-mon-jvm-memory-heap-usedOrigin OpenDJ Directory Server
Attribute Typesds-mon-jvm-memory-init
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 155
Usage userApplicationsDescription Amount of heap memory used by the Java virtual machineOID 1.3.6.1.4.1.36733.2.1.1.393Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-memory-heap-usedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Size in bytes
ds-mon-jvm-memory-initOrigin OpenDJ Directory ServerUsage userApplicationsDescription Amount of memory that the Java virtual machine initially requested from the
operating systemOID 1.3.6.1.4.1.36733.2.1.1.390Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-memory-initOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Size in bytes
ds-mon-jvm-memory-maxOrigin OpenDJ Directory Server
Attribute Typesds-mon-jvm-memory-non-heap-init
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 156
Usage userApplicationsDescription Maximum amount of memory that the Java virtual machine will attempt to useOID 1.3.6.1.4.1.36733.2.1.1.302Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-memory-maxOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Size in bytes
ds-mon-jvm-memory-non-heap-initOrigin OpenDJ Directory ServerUsage userApplicationsDescription Amount of non-heap memory that the Java virtual machine initially requested from
the operating systemOID 1.3.6.1.4.1.36733.2.1.1.392Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-memory-non-heap-initOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Size in bytes
ds-mon-jvm-memory-non-heap-maxOrigin OpenDJ Directory Server
Attribute Typesds-mon-jvm-memory-non-heap-reserved
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 157
Usage userApplicationsDescription Maximum amount of non-heap memory that the Java virtual machine will attempt
to useOID 1.3.6.1.4.1.36733.2.1.1.398Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-memory-non-heap-maxOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Size in bytes
ds-mon-jvm-memory-non-heap-reservedOrigin OpenDJ Directory ServerUsage userApplicationsDescription Amount of non-heap memory that is committed for the Java virtual machine to useOID 1.3.6.1.4.1.36733.2.1.1.396Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-memory-non-heap-reservedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Size in bytes
ds-mon-jvm-memory-non-heap-usedOrigin OpenDJ Directory Server
Attribute Typesds-mon-jvm-memory-reserved
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 158
Usage userApplicationsDescription Amount of non-heap memory used by the Java virtual machineOID 1.3.6.1.4.1.36733.2.1.1.394Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-memory-non-heap-usedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Size in bytes
ds-mon-jvm-memory-reserved
Origin OpenDJ Directory ServerUsage userApplicationsDescription Amount of memory that is committed for the Java virtual machine to useOID 1.3.6.1.4.1.36733.2.1.1.303Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-memory-reservedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Size in bytes
ds-mon-jvm-memory-used
Origin OpenDJ Directory Server
Attribute Typesds-mon-jvm-supported-tls-ciphers
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 159
Usage userApplicationsDescription Amount of memory used by the Java virtual machineOID 1.3.6.1.4.1.36733.2.1.1.304Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-memory-usedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Size in bytes
ds-mon-jvm-supported-tls-ciphers
Origin OpenDJ Directory ServerUsage userApplicationsDescription Transport Layer Security (TLS) cipher suites supported by this Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.309Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-mon-jvm-supported-tls-ciphersOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Directory String
ds-mon-jvm-supported-tls-protocols
Origin OpenDJ Directory Server
Attribute Typesds-mon-jvm-threads-blocked-count
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 160
Usage userApplicationsDescription Transport Layer Security (TLS) protocols supported by this Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.308Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-mon-jvm-supported-tls-protocolsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Directory String
ds-mon-jvm-threads-blocked-count
Origin OpenDJ Directory ServerUsage userApplicationsDescription Number of threads in the BLOCKED stateOID 1.3.6.1.4.1.36733.2.1.1.403Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-threads-blocked-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Integer
ds-mon-jvm-threads-count
Origin OpenDJ Directory Server
Attribute Typesds-mon-jvm-threads-daemon-count
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 161
Usage userApplicationsDescription Number of live threads including both daemon and non-daemon threadsOID 1.3.6.1.4.1.36733.2.1.1.407Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-threads-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Integer
ds-mon-jvm-threads-daemon-count
Origin OpenDJ Directory ServerUsage userApplicationsDescription Number of live daemon threadsOID 1.3.6.1.4.1.36733.2.1.1.408Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-threads-daemon-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Integer
ds-mon-jvm-threads-deadlock-count
Origin OpenDJ Directory Server
Attribute Typesds-mon-jvm-threads-deadlocks
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 162
Usage userApplicationsDescription Number of deadlocked threadsOID 1.3.6.1.4.1.36733.2.1.1.409Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-threads-deadlock-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Integer
ds-mon-jvm-threads-deadlocks
Origin OpenDJ Directory ServerUsage userApplicationsDescription Diagnostic stack traces for deadlocked threadsOID 1.3.6.1.4.1.36733.2.1.1.410Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames ds-mon-jvm-threads-deadlocksOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Directory String
ds-mon-jvm-threads-new-count
Origin OpenDJ Directory Server
Attribute Typesds-mon-jvm-threads-runnable-count
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 163
Usage userApplicationsDescription Number of threads in the NEW stateOID 1.3.6.1.4.1.36733.2.1.1.401Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-threads-new-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Integer
ds-mon-jvm-threads-runnable-count
Origin OpenDJ Directory ServerUsage userApplicationsDescription Number of threads in the RUNNABLE stateOID 1.3.6.1.4.1.36733.2.1.1.402Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-threads-runnable-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Integer
ds-mon-jvm-threads-terminated-count
Origin OpenDJ Directory Server
Attribute Typesds-mon-jvm-threads-timed-waiting-count
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 164
Usage userApplicationsDescription Number of threads in the TERMINATED stateOID 1.3.6.1.4.1.36733.2.1.1.406Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-threads-terminated-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Integer
ds-mon-jvm-threads-timed-waiting-count
Origin OpenDJ Directory ServerUsage userApplicationsDescription Number of threads in the TIMED_WAITING stateOID 1.3.6.1.4.1.36733.2.1.1.405Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-threads-timed-waiting-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Integer
ds-mon-jvm-threads-waiting-count
Origin OpenDJ Directory Server
Attribute Typesds-mon-jvm-vendor
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 165
Usage userApplicationsDescription Number of threads in the WAITING stateOID 1.3.6.1.4.1.36733.2.1.1.404Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-threads-waiting-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Integer
ds-mon-jvm-vendor
Origin OpenDJ Directory ServerUsage userApplicationsDescription Java virtual machine vendorOID 1.3.6.1.4.1.36733.2.1.1.292Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-jvm-vendorOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Directory String
ds-mon-jvm-version
Origin OpenDJ Directory Server
Attribute Typesds-mon-last-seen
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 166
Usage userApplicationsDescription Java virtual machine versionOID 1.3.6.1.4.1.36733.2.1.1.291Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-jvm-versionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Directory String
ds-mon-last-seen
Origin OpenDJ Directory ServerUsage userApplicationsDescription Time that this server was last seenOID 1.3.6.1.4.1.36733.2.1.1.545Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-mon-last-seenOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-topology-serverSchema File 02-config.ldifSyntax Generalized Time
ds-mon-ldap-hostport
Origin OpenDJ Directory Server
Attribute Typesds-mon-ldap-starttls-hostport
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 167
Usage userApplicationsDescription The host and port to connect using LDAP (no support for start TLS)OID 1.3.6.1.4.1.36733.2.1.1.555Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-mon-ldap-hostportOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-topology-serverSchema File 02-config.ldifSyntax Host port
ds-mon-ldap-starttls-hostport
Origin OpenDJ Directory ServerUsage userApplicationsDescription The host and port to connect using LDAP (with support for start TLS)OID 1.3.6.1.4.1.36733.2.1.1.556Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-mon-ldap-starttls-hostportOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-topology-serverSchema File 02-config.ldifSyntax Host port
ds-mon-ldaps-hostport
Origin OpenDJ Directory Server
Attribute Typesds-mon-listen-address
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 168
Usage userApplicationsDescription The host and port to connect using LDAPSOID 1.3.6.1.4.1.36733.2.1.1.557Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-mon-ldaps-hostportOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-topology-serverSchema File 02-config.ldifSyntax Host port
ds-mon-listen-addressOrigin OpenDS Directory ServerUsage userApplicationsDescription Host and portOID 1.3.6.1.4.1.26027.1.1.252Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-mon-listen-addressOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-connection-handler, ds-monitor-http-connection-handler, ds-monitor-ldap-connection-handler
Schema File 02-config.ldifSyntax Directory String
ds-mon-lost-connectionsOrigin OpenDJ Directory Server
Attribute Typesds-mon-major-version
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 169
Usage userApplicationsDescription Number of times the replica lost its connection to the replication serverOID 1.3.6.1.4.1.36733.2.1.1.488Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-lost-connectionsOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-replicaSchema File 02-config.ldifSyntax Integer
ds-mon-major-version
Origin OpenDJ Directory ServerUsage userApplicationsDescription Major version number of the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.315Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-major-versionOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldifSyntax Integer
ds-mon-max-connections
Origin OpenDJ Directory Server
Attribute Typesds-mon-minor-version
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 170
Usage userApplicationsDescription Maximum number of simultaneous client connections that have been established
with the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.327Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-max-connectionsOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldifSyntax Integer
ds-mon-minor-versionOrigin OpenDJ Directory ServerUsage userApplicationsDescription Minor version number of the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.316Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-minor-versionOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldifSyntax Integer
ds-mon-newest-change-numberOrigin OpenDJ Directory Server
Attribute Typesds-mon-newest-csn-timestamp
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 171
Usage userApplicationsDescription Newest change number present in the change number index databaseOID 1.3.6.1.4.1.36733.2.1.1.343Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-newest-change-numberOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-changelogSchema File 02-config.ldifSyntax Integer
ds-mon-newest-csn-timestamp
Origin OpenDJ Directory ServerUsage userApplicationsDescription Timestamp of the newest CSN present in the replica databaseOID 1.3.6.1.4.1.36733.2.1.1.347Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-mon-newest-csn-timestampOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-replica-dbSchema File 02-config.ldifSyntax Generalized Time
ds-mon-newest-csn
Origin OpenDJ Directory Server
Attribute Typesds-mon-oldest-change-number
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 172
Usage userApplicationsDescription Newest CSN present in the replica databaseOID 1.3.6.1.4.1.36733.2.1.1.345Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-newest-csnOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-replica-dbSchema File 02-config.ldifSyntax CSN (Change Sequence Number)
ds-mon-oldest-change-numberOrigin OpenDJ Directory ServerUsage userApplicationsDescription Oldest change number present in the change number index databaseOID 1.3.6.1.4.1.36733.2.1.1.342Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-oldest-change-numberOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-changelogSchema File 02-config.ldifSyntax Integer
ds-mon-oldest-csn-timestampOrigin OpenDJ Directory ServerUsage userApplications
Attribute Typesds-mon-oldest-csn
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 173
Description Timestamp of the oldest CSN present in the replica databaseOID 1.3.6.1.4.1.36733.2.1.1.346Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-mon-oldest-csn-timestampOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-replica-dbSchema File 02-config.ldifSyntax Generalized Time
ds-mon-oldest-csnOrigin OpenDJ Directory ServerUsage userApplicationsDescription Oldest CSN present in the replica databaseOID 1.3.6.1.4.1.36733.2.1.1.344Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-oldest-csnOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-replica-dbSchema File 02-config.ldifSyntax CSN (Change Sequence Number)
ds-mon-os-architectureOrigin OpenDJ Directory ServerUsage userApplicationsDescription Operating system architecture
Attribute Typesds-mon-os-name
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 174
OID 1.3.6.1.4.1.36733.2.1.1.298Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-os-architectureOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldifSyntax Directory String
ds-mon-os-nameOrigin OpenDJ Directory ServerUsage userApplicationsDescription Operating system nameOID 1.3.6.1.4.1.36733.2.1.1.296Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-os-nameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldifSyntax Directory String
ds-mon-os-versionOrigin OpenDJ Directory ServerUsage userApplicationsDescription Operating system versionOID 1.3.6.1.4.1.36733.2.1.1.297
Attribute Typesds-mon-point-version
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 175
Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-os-versionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldifSyntax Directory String
ds-mon-point-versionOrigin OpenDJ Directory ServerUsage userApplicationsDescription Point version number of the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.317Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-point-versionOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldifSyntax Integer
ds-mon-process-idOrigin OpenDJ Directory ServerUsage userApplicationsDescription Process ID of the running directory serverOID 1.3.6.1.4.1.36733.2.1.1.544Equality Matching Rule uuidMatch
Attribute Typesds-mon-product-name
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 176
Single Value trueNames ds-mon-process-idOrdering Matching Rule uuidOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-topology-serverSchema File 02-config.ldifSyntax UUID
ds-mon-product-nameOrigin OpenDJ Directory ServerUsage userApplicationsDescription Full name of the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.310Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-product-nameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldifSyntax Directory String
ds-mon-protocolOrigin OpenDS Directory ServerUsage userApplicationsDescription Network protocolOID 1.3.6.1.4.1.26027.1.1.254Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value true
Attribute Typesds-mon-receive-delay
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 177
Names ds-mon-protocolOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-connection-handler, ds-monitor-http-connection-handler, ds-monitor-ldap-connection-handler
Schema File 02-config.ldifSyntax Directory String
ds-mon-receive-delayOrigin OpenDJ Directory ServerUsage userApplicationsDescription Current local delay in receiving replicated operationsOID 1.3.6.1.4.1.36733.2.1.1.287Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-current-delay, ds-mon-receive-delayOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-remote-replica, ds-monitor-replicaSchema File 02-config.ldifSyntax Duration in milli-seconds
ds-mon-replay-delayOrigin OpenDJ Directory ServerUsage userApplicationsDescription Current local delay in replaying replicated operationsOID 1.3.6.1.4.1.36733.2.1.1.596Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value true
Attribute Typesds-mon-replayed-updates-conflicts-resolved
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 178
Names ds-mon-replay-delayOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-remote-replica, ds-monitor-replicaSchema File 02-config.ldifSyntax Duration in milli-seconds
ds-mon-replayed-updates-conflicts-resolvedOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of updates replayed on this replica for which replication naming conflicts
have been resolvedOID 1.3.6.1.4.1.36733.2.1.1.496Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-replayed-updates-conflicts-resolvedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-replicaSchema File 02-config.ldifSyntax Counter metric
ds-mon-replayed-updates-conflicts-unresolvedOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of updates replayed on this replica for which replication naming conflicts
have not been resolvedOID 1.3.6.1.4.1.36733.2.1.1.497Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatch
Attribute Typesds-mon-replayed-updates
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 179
Single Value trueNames ds-mon-replayed-updates-conflicts-unresolvedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-replicaSchema File 02-config.ldifSyntax Counter metric
ds-mon-replayed-updatesOrigin OpenDJ Directory ServerUsage userApplicationsDescription Timer for updates that have been replayed on this replicaOID 1.3.6.1.4.1.36733.2.1.1.288Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-replayed-updatesOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-remote-replica, ds-monitor-replicaSchema File 02-config.ldifSyntax Timer metric
ds-mon-replication-domainOrigin OpenDJ Directory ServerUsage userApplicationsDescription The replication domainOID 1.3.6.1.4.1.36733.2.1.1.548Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames ds-mon-replication-domain
Attribute Typesds-mon-replication-protocol-version
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 180
User ModificationAllowed
true
Used By ds-monitor-topology-serverSchema File 02-config.ldifSyntax DN
ds-mon-replication-protocol-versionOrigin OpenDJ Directory ServerUsage userApplicationsDescription The protocol version used for replicationOID 1.3.6.1.4.1.36733.2.1.1.547Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-replication-protocol-versionOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-topology-serverSchema File 02-config.ldifSyntax Integer
ds-mon-requests-abandonOrigin OpenDJ Directory ServerUsage userApplicationsDescription Abandon request timerOID 1.3.6.1.4.1.36733.2.1.1.256Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-abandonOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Attribute Typesds-mon-requests-add
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 181
Used By ds-monitor-ldap-connection-handlerSchema File 02-config.ldifSyntax Timer metric
ds-mon-requests-addOrigin OpenDJ Directory ServerUsage userApplicationsDescription Add request timerOID 1.3.6.1.4.1.36733.2.1.1.257Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-addOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-ldap-connection-handlerSchema File 02-config.ldifSyntax Timer metric
ds-mon-requests-bindOrigin OpenDJ Directory ServerUsage userApplicationsDescription Bind request timerOID 1.3.6.1.4.1.36733.2.1.1.258Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-bindOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-ldap-connection-handlerSchema File 02-config.ldifSyntax Timer metric
Attribute Typesds-mon-requests-compare
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 182
ds-mon-requests-compareOrigin OpenDJ Directory ServerUsage userApplicationsDescription Compare request timerOID 1.3.6.1.4.1.36733.2.1.1.259Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-compareOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-ldap-connection-handlerSchema File 02-config.ldifSyntax Timer metric
ds-mon-requests-deleteOrigin OpenDJ Directory ServerUsage userApplicationsDescription Delete request timerOID 1.3.6.1.4.1.36733.2.1.1.260Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-deleteOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-http-connection-handler, ds-monitor-ldap-connection-handlerSchema File 02-config.ldifSyntax Timer metric
ds-mon-requests-extendedOrigin OpenDJ Directory Server
Attribute Typesds-mon-requests-failure-client-invalid-request
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 183
Usage userApplicationsDescription Extended request timerOID 1.3.6.1.4.1.36733.2.1.1.261Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-extendedOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-ldap-connection-handlerSchema File 02-config.ldifSyntax Timer metric
ds-mon-requests-failure-client-invalid-requestOrigin OpenDJ Directory ServerUsage userApplicationsDescription Timer for requests that failed because there was a problem while attempting to
perform the associated operation (associated LDAP result codes: 1, 2, 12, 15, 16,17, 18, 19, 20, 21, 23, 34, 35, 36, 37, 38, 39; associated HTTP status codes: clienterror (4xx) except 401 and 403)
OID 1.3.6.1.4.1.36733.2.1.1.279Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-failure-client-invalid-requestOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-connection-handler, ds-monitor-http-connection-handler, ds-monitor-ldap-connection-handler
Schema File 02-config.ldifSyntax Timer metric
ds-mon-requests-failure-client-redirectOrigin OpenDJ Directory Server
Attribute Typesds-mon-requests-failure-client-referral
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 184
Usage userApplicationsDescription Timer for requests that could not complete because further action is required
(associated HTTP status codes: redirection (3xx))OID 1.3.6.1.4.1.36733.2.1.1.285Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-failure-client-redirectOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-http-connection-handlerSchema File 02-config.ldifSyntax Timer metric
ds-mon-requests-failure-client-referralOrigin OpenDJ Directory ServerUsage userApplicationsDescription Timer for requests that failed because the server did not hold the request targeted
entry (but was able to provide alternative servers that may) (associated LDAPresult code: 10)
OID 1.3.6.1.4.1.36733.2.1.1.282Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-failure-client-referralOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-ldap-connection-handlerSchema File 02-config.ldifSyntax Timer metric
ds-mon-requests-failure-client-resource-limitOrigin OpenDJ Directory ServerUsage userApplications
Attribute Typesds-mon-requests-failure-client-security
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 185
Description Timer for requests that failed because they were trying to exceed the resourcelimits allocated to the associated clients (associated LDAP result codes: time, sizeand admin limit exceeded (respectively 4, 5 and 11)
OID 1.3.6.1.4.1.36733.2.1.1.281Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-failure-client-resource-limitOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-ldap-connection-handlerSchema File 02-config.ldifSyntax Timer metric
ds-mon-requests-failure-client-securityOrigin OpenDJ Directory ServerUsage userApplicationsDescription Timer for requests that failed for security reasons (associated LDAP result codes:
8, 9, 13, 25, 26, 27; associated HTTP status codes: unauthorized (401) andforbidden (403))
OID 1.3.6.1.4.1.36733.2.1.1.280Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-failure-client-securityOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-connection-handler, ds-monitor-http-connection-handler, ds-monitor-ldap-connection-handler
Schema File 02-config.ldifSyntax Timer metric
ds-mon-requests-failure-serverOrigin OpenDJ Directory Server
Attribute Typesds-mon-requests-failure-uncategorized
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 186
Usage userApplicationsDescription Timer for apparently valid requests that failed because the server was not able to
process them (associated LDAP result codes: busy (51), unavailable (52), unwillingto perform (53) and other (80); associated HTTP status codes: server error (5xx))
OID 1.3.6.1.4.1.36733.2.1.1.283Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-failure-serverOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-connection-handler, ds-monitor-http-connection-handler, ds-monitor-ldap-connection-handler
Schema File 02-config.ldifSyntax Timer metric
ds-mon-requests-failure-uncategorizedOrigin OpenDJ Directory ServerUsage userApplicationsDescription Timer for requests that failed due to uncategorized reasonsOID 1.3.6.1.4.1.36733.2.1.1.284Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-failure-uncategorizedOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-connection-handler, ds-monitor-http-connection-handler, ds-monitor-ldap-connection-handler
Schema File 02-config.ldifSyntax Timer metric
ds-mon-requests-getOrigin OpenDJ Directory Server
Attribute Typesds-mon-requests-in-queue
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 187
Usage userApplicationsDescription GET request timerOID 1.3.6.1.4.1.36733.2.1.1.271Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-getOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-http-connection-handlerSchema File 02-config.ldifSyntax Timer metric
ds-mon-requests-in-queueOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of requests in the work queue that have not yet been picked up for
processingOID 1.3.6.1.4.1.36733.2.1.1.350Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-requests-in-queueOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-work-queueSchema File 02-config.ldifSyntax Integer
ds-mon-requests-modify-dnOrigin OpenDJ Directory ServerUsage userApplications
Attribute Typesds-mon-requests-modify
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 188
Description Modify DN request timerOID 1.3.6.1.4.1.36733.2.1.1.263Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-modify-dnOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-ldap-connection-handlerSchema File 02-config.ldifSyntax Timer metric
ds-mon-requests-modifyOrigin OpenDJ Directory ServerUsage userApplicationsDescription Modify request timerOID 1.3.6.1.4.1.36733.2.1.1.262Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-modifyOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-ldap-connection-handlerSchema File 02-config.ldifSyntax Timer metric
ds-mon-requests-patchOrigin OpenDJ Directory ServerUsage userApplicationsDescription PATCH request timerOID 1.3.6.1.4.1.36733.2.1.1.269Equality Matching Rule caseIgnoreJsonQueryMatch
Attribute Typesds-mon-requests-post
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 189
Single Value trueNames ds-mon-requests-patchOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-http-connection-handlerSchema File 02-config.ldifSyntax Timer metric
ds-mon-requests-postOrigin OpenDJ Directory ServerUsage userApplicationsDescription POST request timerOID 1.3.6.1.4.1.36733.2.1.1.270Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-postOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-http-connection-handlerSchema File 02-config.ldifSyntax Timer metric
ds-mon-requests-putOrigin OpenDJ Directory ServerUsage userApplicationsDescription PUT request timerOID 1.3.6.1.4.1.36733.2.1.1.272Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-putOrdering Matching Rule octetStringOrderingMatch
Attribute Typesds-mon-requests-rejected-queue-full
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 190
User ModificationAllowed
true
Used By ds-monitor-http-connection-handlerSchema File 02-config.ldifSyntax Timer metric
ds-mon-requests-rejected-queue-fullOrigin OpenDJ Directory ServerUsage userApplicationsDescription Summary for operations that have been rejected because the work queue was
already at its maximum capacityOID 1.3.6.1.4.1.36733.2.1.1.352Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-rejected-queue-fullOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-work-queueSchema File 02-config.ldifSyntax Summary metric
ds-mon-requests-search-baseOrigin OpenDJ Directory ServerUsage userApplicationsDescription Base object search request timerOID 1.3.6.1.4.1.36733.2.1.1.265Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-search-baseOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Attribute Typesds-mon-requests-search-one
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 191
Used By ds-monitor-ldap-connection-handlerSchema File 02-config.ldifSyntax Timer metric
ds-mon-requests-search-oneOrigin OpenDJ Directory ServerUsage userApplicationsDescription One level search request timerOID 1.3.6.1.4.1.36733.2.1.1.266Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-search-oneOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-ldap-connection-handlerSchema File 02-config.ldifSyntax Timer metric
ds-mon-requests-search-subOrigin OpenDJ Directory ServerUsage userApplicationsDescription Subtree search request timerOID 1.3.6.1.4.1.36733.2.1.1.267Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-search-subOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-ldap-connection-handlerSchema File 02-config.ldifSyntax Timer metric
Attribute Typesds-mon-requests-submitted
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 192
ds-mon-requests-submittedOrigin OpenDJ Directory ServerUsage userApplicationsDescription Summary for operations that have been successfully submitted to the work queueOID 1.3.6.1.4.1.36733.2.1.1.351Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-submittedOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-work-queueSchema File 02-config.ldifSyntax Summary metric
ds-mon-requests-unbindOrigin OpenDJ Directory ServerUsage userApplicationsDescription Unbind request timerOID 1.3.6.1.4.1.36733.2.1.1.268Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-unbindOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-ldap-connection-handlerSchema File 02-config.ldifSyntax Timer metric
ds-mon-requests-uncategorizedOrigin OpenDJ Directory Server
Attribute Typesds-mon-revision
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 193
Usage userApplicationsDescription Uncategorized request timerOID 1.3.6.1.4.1.36733.2.1.1.250Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-uncategorizedOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-http-connection-handler, ds-monitor-ldap-connection-handlerSchema File 02-config.ldifSyntax Timer metric
ds-mon-revision
Origin OpenDJ Directory ServerUsage userApplicationsDescription Revision ID in the source repository from which the Directory Server is buildOID 1.3.6.1.4.1.36733.2.1.1.318Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames ds-mon-revisionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldifSyntax Directory String
ds-mon-sent-updates
Origin OpenDJ Directory ServerUsage userApplications
Attribute Typesds-mon-server-id
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 194
Description Number of replication updates sent by this replicaOID 1.3.6.1.4.1.36733.2.1.1.498Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-sent-updatesOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-replicaSchema File 02-config.ldifSyntax Counter metric
ds-mon-server-idOrigin OpenDJ Directory ServerUsage userApplicationsDescription Server identifierOID 1.3.6.1.4.1.36733.2.1.1.461Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-server-idOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-changelog, ds-monitor-connected-replica, ds-monitor-remote-replica,ds-monitor-replica, ds-monitor-replica-db, ds-monitor-topology-server
Schema File 02-config.ldifSyntax Directory String
ds-mon-server-is-localOrigin ForgeRock Directory ServerUsage userApplications
Attribute Typesds-mon-server-state
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 195
Description Indicates whether this is the topology server that has handled the monitoringrequest
OID 1.3.6.1.4.1.36733.2.1.1.622Equality Matching Rule booleanMatchSingle Value trueNames ds-mon-server-is-localUser ModificationAllowed
true
Used By ds-monitor-topology-serverSchema File 02-config.ldifSyntax Boolean
ds-mon-server-stateOrigin OpenDJ Directory ServerUsage userApplicationsDescription Replication server stateOID 1.3.6.1.4.1.36733.2.1.1.469Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-mon-server-stateOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-connected-changelogSchema File 02-config.ldifSyntax CSN (Change Sequence Number)
ds-mon-short-nameOrigin OpenDJ Directory ServerUsage userApplicationsDescription Short name of the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.311
Attribute Typesds-mon-ssl-encryption
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 196
Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-short-nameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldifSyntax Directory String
ds-mon-ssl-encryption
Origin OpenDJ Directory ServerUsage userApplicationsDescription Whether SSL encryption is used when exchanging messages with this serverOID 1.3.6.1.4.1.36733.2.1.1.493Equality Matching Rule booleanMatchSingle Value trueNames ds-mon-ssl-encryptionUser ModificationAllowed
true
Used By ds-monitor-connected-changelog, ds-monitor-connected-replica, ds-monitor-replicaSchema File 02-config.ldifSyntax Boolean
ds-mon-start-time
Origin OpenDJ Directory ServerUsage userApplicationsDescription Start date and time for the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.323Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatch
Attribute Typesds-mon-status-last-changed
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 197
Single Value trueNames ds-mon-start-timeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldifSyntax Generalized Time
ds-mon-status-last-changedOrigin OpenDJ Directory ServerUsage userApplicationsDescription Last date and time the replication status of the local replica changedOID 1.3.6.1.4.1.36733.2.1.1.506Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-mon-status-last-changedOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-replicaSchema File 02-config.ldifSyntax Generalized Time
ds-mon-statusOrigin OpenDJ Directory ServerUsage userApplicationsDescription Replication status of the local replica, can either be "Invalid", "Not connected",
"Normal", "Degraded", "Full update", "Bad generation id"OID 1.3.6.1.4.1.36733.2.1.1.505Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatch
Attribute Typesds-mon-system-name
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 198
Single Value trueNames ds-mon-statusOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-replicaSchema File 02-config.ldifSyntax Directory String
ds-mon-system-nameOrigin OpenDJ Directory ServerUsage userApplicationsDescription Fully qualified domain name of the system where the Directory Server is runningOID 1.3.6.1.4.1.36733.2.1.1.300Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-system-nameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldifSyntax Directory String
ds-mon-total-connectionsOrigin OpenDJ Directory ServerUsage userApplicationsDescription Total number of client connections that have been established with the Directory
Server since it startedOID 1.3.6.1.4.1.36733.2.1.1.328Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatch
Attribute Typesds-mon-total-update-entry-count
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 199
Single Value trueNames ds-mon-total-connectionsOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldifSyntax Integer
ds-mon-total-update-entry-count
Origin OpenDS Directory ServerUsage userApplicationsDescription The total number of entries to be processed when a total update is in progressOID 1.3.6.1.4.1.36733.2.1.1.540Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-total-update-entry-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-replicaSchema File 02-config.ldifSyntax Integer
ds-mon-total-update-entry-left
Origin OpenDS Directory ServerUsage userApplicationsDescription The number of entries still to be processed when a total update is in progressOID 1.3.6.1.4.1.36733.2.1.1.541Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatch
Attribute Typesds-mon-total-update
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 200
Single Value trueNames ds-mon-total-update-entry-leftOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-replicaSchema File 02-config.ldifSyntax Integer
ds-mon-total-updateOrigin OpenDJ Directory ServerUsage userApplicationsDescription The type of total update when it is in progress. Possible values: import or exportOID 1.3.6.1.4.1.36733.2.1.1.539Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-total-updateOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-replicaSchema File 02-config.ldifSyntax Directory String
ds-mon-updates-inbound-queueOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of remote updates received from the replication server but not replayed
yet on this replicaInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.1.1.501Substring Matching Rule caseExactSubstringsMatch
Attribute Typesds-mon-updates-outbound-queue
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 201
Equality Matching Rule integerMatchSingle Value trueNames ds-mon-updates-inbound-queueOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-replicaSchema File 02-config.ldifSyntax Integer
ds-mon-updates-outbound-queueOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of local updates that are waiting to be sent to the replication server once
they completeInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.1.1.499Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-updates-outbound-queueOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-replicaSchema File 02-config.ldifSyntax Integer
ds-mon-updates-totals-per-replay-threadOrigin OpenDJ Directory ServerUsage userApplicationsDescription JSON array of the number of updates replayed per replay threadInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.
Attribute Typesds-mon-vendor-name
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 202
OID 1.3.6.1.4.1.36733.2.1.1.502Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-updates-totals-per-replay-threadOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-replicaSchema File 02-config.ldifSyntax Json
ds-mon-vendor-nameOrigin OpenDJ Directory ServerUsage userApplicationsDescription Vendor name of the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.312Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-vendor-nameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldifSyntax Directory String
ds-mon-version-qualifierOrigin OpenDJ Directory ServerUsage userApplicationsDescription Version qualifier of the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.320Substring Matching Rule caseIgnoreSubstringsMatch
Attribute Typesds-mon-working-directory
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 203
Equality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-version-qualifierOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldifSyntax Directory String
ds-mon-working-directory
Origin OpenDJ Directory ServerUsage userApplicationsDescription Current working directory of the user running the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.295Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames ds-mon-working-directoryOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-monitor-serverSchema File 02-config.ldifSyntax Filesystem path
ds-private-naming-contextsHolds the DNs that constitute the set of private naming contexts registered with the server, not forexternal use by applications.
Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.246
Attribute Typesds-privilege-name
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 204
Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames ds-private-naming-contextsUser ModificationAllowed
true
Schema File 02-config.ldifSyntax DN
ds-privilege-nameHolds an administrative privilege. See the directory server documentation for details.
Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.260Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-privilege-nameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 02-config.ldifSyntax Directory String
ds-pwp-account-disabledTRUE if the user's account has been disabled by an administrator.
Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.166Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-account-disabled
Attribute Typesds-pwp-account-expiration-time
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 205
User ModificationAllowed
true
Schema File 02-config.ldifSyntax Boolean
ds-pwp-account-expiration-timeIndicates when a temporary account expires, after which it can no longer be used to authenticate.
Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.237Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-pwp-account-expiration-timeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
true
Schema File 02-config.ldifSyntax Generalized Time
ds-pwp-account-status-notification-handler
Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.562Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-pwp-account-status-notification-handlerOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-password-policy
Attribute Typesds-pwp-allow-expired-password-changes
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 206
Schema File 03-pwpolicyextension.ldifSyntax Directory String
ds-pwp-allow-expired-password-changesOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.563Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-allow-expired-password-changesUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Boolean
ds-pwp-allow-multiple-password-valuesOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.564Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-allow-multiple-password-valuesUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Boolean
ds-pwp-allow-pre-encoded-passwordsOrigin ForgeRock Directory Server
Attribute Typesds-pwp-allow-user-password-changes
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 207
Usage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.565Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-allow-pre-encoded-passwordsUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Boolean
ds-pwp-allow-user-password-changesOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.612Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-allow-user-password-changesUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Boolean
ds-pwp-attribute-value-check-substringsOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.600Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-attribute-value-check-substringsUser ModificationAllowed
true
Attribute Typesds-pwp-attribute-value-match-attribute
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 208
Used By ds-pwp-attribute-value-validatorSchema File 03-pwpolicyextension.ldifSyntax Boolean
ds-pwp-attribute-value-match-attribute
Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.592Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value false: multiple values allowedNames ds-pwp-attribute-value-match-attributeUser ModificationAllowed
true
Used By ds-pwp-attribute-value-validatorSchema File 03-pwpolicyextension.ldifSyntax OID
ds-pwp-attribute-value-min-substring-length
Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.601Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-pwp-attribute-value-min-substring-lengthOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-attribute-value-validatorSchema File 03-pwpolicyextension.ldifSyntax Integer
Attribute Typesds-pwp-attribute-value-test-reversed-password
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 209
ds-pwp-attribute-value-test-reversed-passwordOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.602Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-attribute-value-test-reversed-passwordUser ModificationAllowed
true
Used By ds-pwp-attribute-value-validatorSchema File 03-pwpolicyextension.ldifSyntax Boolean
ds-pwp-character-set-allow-unclassified-charactersOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.595Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-character-set-allow-unclassified-charactersUser ModificationAllowed
true
Used By ds-pwp-character-set-validatorSchema File 03-pwpolicyextension.ldifSyntax Boolean
ds-pwp-character-set-character-set-rangesOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.594Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatch
Attribute Typesds-pwp-character-set-character-set
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 210
Single Value false: multiple values allowedNames ds-pwp-character-set-character-set-rangesOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-character-set-validatorSchema File 03-pwpolicyextension.ldifSyntax Directory String
ds-pwp-character-set-character-setOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.598Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames ds-pwp-character-set-character-setOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-character-set-validatorSchema File 03-pwpolicyextension.ldifSyntax Directory String
ds-pwp-character-set-min-character-setsOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.593Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-pwp-character-set-min-character-setsOrdering Matching Rule integerOrderingMatch
Attribute Typesds-pwp-default-password-storage-scheme
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 211
User ModificationAllowed
true
Used By ds-pwp-character-set-validatorSchema File 03-pwpolicyextension.ldifSyntax Integer
ds-pwp-default-password-storage-schemeOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.561Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-pwp-default-password-storage-schemeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Directory String
ds-pwp-deprecated-password-storage-schemeOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.566Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-pwp-deprecated-password-storage-schemeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-password-policy
Attribute Typesds-pwp-dictionary-case-sensitive-validation
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 212
Schema File 03-pwpolicyextension.ldifSyntax Directory String
ds-pwp-dictionary-case-sensitive-validationOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.597Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-dictionary-case-sensitive-validationUser ModificationAllowed
true
Used By ds-pwp-dictionary-validatorSchema File 03-pwpolicyextension.ldifSyntax Boolean
ds-pwp-dictionary-check-substringsOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.589Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-dictionary-check-substringsUser ModificationAllowed
true
Used By ds-pwp-dictionary-validatorSchema File 03-pwpolicyextension.ldifSyntax Boolean
ds-pwp-dictionary-dataOrigin ForgeRock Directory Server
Attribute Typesds-pwp-dictionary-min-substring-length
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 213
Usage userApplicationsDescription Gzip commpressed dictionary, one word per lineOID 1.3.6.1.4.1.36733.2.1.1.588Equality Matching Rule octetStringMatchSingle Value trueNames ds-pwp-dictionary-dataOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-dictionary-validatorSchema File 03-pwpolicyextension.ldifSyntax Octet String
ds-pwp-dictionary-min-substring-length
Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.590Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-pwp-dictionary-min-substring-lengthOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-dictionary-validatorSchema File 03-pwpolicyextension.ldifSyntax Integer
ds-pwp-dictionary-test-reversed-password
Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.591
Attribute Typesds-pwp-expire-passwords-without-warning
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 214
Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-dictionary-test-reversed-passwordUser ModificationAllowed
true
Used By ds-pwp-dictionary-validatorSchema File 03-pwpolicyextension.ldifSyntax Boolean
ds-pwp-expire-passwords-without-warningOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.567Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-expire-passwords-without-warningUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Boolean
ds-pwp-force-change-on-addOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.568Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-force-change-on-addUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldif
Attribute Typesds-pwp-force-change-on-reset
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 215
Syntax Boolean
ds-pwp-force-change-on-resetOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.611Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-force-change-on-resetUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Boolean
ds-pwp-grace-login-countOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.608Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-pwp-grace-login-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Integer
ds-pwp-idle-lockout-intervalOrigin ForgeRock Directory Server
Attribute Typesds-pwp-last-login-time-attribute
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 216
Usage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.569Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-pwp-idle-lockout-intervalOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Directory String
ds-pwp-last-login-time-attribute
Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.570Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value trueNames ds-pwp-last-login-time-attributeUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax OID
ds-pwp-last-login-time-format
Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.571Substring Matching Rule caseIgnoreSubstringsMatch
Attribute Typesds-pwp-last-login-time
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 217
Equality Matching Rule caseExactMatchSingle Value trueNames ds-pwp-last-login-time-formatOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax IA5 String
ds-pwp-last-login-timeHolds a timestamp of the last successful bind.
Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.162Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-pwp-last-login-timeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 02-config.ldifSyntax Directory String
ds-pwp-length-based-max-password-lengthOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.580Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value true
Attribute Typesds-pwp-length-based-min-password-length
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 218
Names ds-pwp-length-based-max-password-lengthOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-length-based-validatorSchema File 03-pwpolicyextension.ldifSyntax Integer
ds-pwp-length-based-min-password-length
Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.581Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-pwp-length-based-min-password-lengthOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-length-based-validatorSchema File 03-pwpolicyextension.ldifSyntax Integer
ds-pwp-lockout-duration
Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.609Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-pwp-lockout-durationOrdering Matching Rule caseIgnoreOrderingMatch
Attribute Typesds-pwp-lockout-failure-count
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 219
User ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Directory String
ds-pwp-lockout-failure-countOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.610Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-pwp-lockout-failure-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Integer
ds-pwp-lockout-failure-expiration-intervalOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.614Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-pwp-lockout-failure-expiration-intervalOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-password-policy
Attribute Typesds-pwp-max-password-age
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 220
Schema File 03-pwpolicyextension.ldifSyntax Directory String
ds-pwp-max-password-age
Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.605Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-pwp-max-password-ageOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Directory String
ds-pwp-max-password-reset-age
Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.572Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-pwp-max-password-reset-ageOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Directory String
Attribute Typesds-pwp-min-password-age
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 221
ds-pwp-min-password-age
Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.604Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-pwp-min-password-ageOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Directory String
ds-pwp-password-attribute
Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.603Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value trueNames ds-pwp-password-attributeUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax OID
ds-pwp-password-change-requires-current-password
Origin ForgeRock Directory Server
Attribute Typesds-pwp-password-changed-by-required-time
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 222
Usage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.613Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-password-change-requires-current-passwordUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Boolean
ds-pwp-password-changed-by-required-timeIndicates whether the user's password was changed as required by the password policy.
Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.163Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-pwp-password-changed-by-required-timeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
true
Schema File 02-config.ldifSyntax Generalized Time
ds-pwp-password-expiration-timeIndicates when the password for the current entry expires.
Origin OpenDJ Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.36733.2.1.1.60Substring Matching Rule caseIgnoreSubstringsMatch
Attribute Typesds-pwp-password-expiration-warning-interval
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 223
Equality Matching Rule generalizedTimeMatchSingle Value trueNames ds-pwp-password-expiration-time, pwdExpirationTimeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
false
Schema File 02-config.ldifSyntax Generalized Time
ds-pwp-password-expiration-warning-intervalOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.607Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-pwp-password-expiration-warning-intervalOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Directory String
ds-pwp-password-history-countOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.606Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-pwp-password-history-countOrdering Matching Rule integerOrderingMatch
Attribute Typesds-pwp-password-history-duration
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 224
User ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Integer
ds-pwp-password-history-duration
Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.579Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-pwp-password-history-durationOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Directory String
ds-pwp-password-policy-dnPointer to the entry holding the password policy for the current entry.
Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.244Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames ds-pwp-password-policy-dnUser ModificationAllowed
true
Attribute Typesds-pwp-previous-last-login-time-format
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 225
Schema File 02-config.ldifSyntax DN
ds-pwp-previous-last-login-time-format
Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.573Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-pwp-previous-last-login-time-formatOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Directory String
ds-pwp-random-password-character-set
Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.582Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames ds-pwp-random-password-character-setOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-random-generatorSchema File 03-pwpolicyextension.ldifSyntax Directory String
Attribute Typesds-pwp-random-password-format
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 226
ds-pwp-random-password-formatOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.583Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-pwp-random-password-formatOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-random-generatorSchema File 03-pwpolicyextension.ldifSyntax Directory String
ds-pwp-repeated-characters-case-sensitive-validationOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.587Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-repeated-characters-case-sensitive-validationUser ModificationAllowed
true
Used By ds-pwp-repeated-characters-validatorSchema File 03-pwpolicyextension.ldifSyntax Boolean
ds-pwp-repeated-characters-max-consecutive-lengthOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.586
Attribute Typesds-pwp-require-change-by-time
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 227
Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-pwp-repeated-characters-max-consecutive-lengthOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-repeated-characters-validatorSchema File 03-pwpolicyextension.ldifSyntax Integer
ds-pwp-require-change-by-timeOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.574Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-pwp-require-change-by-timeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Generalized Time
ds-pwp-require-secure-authenticationOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.575Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-require-secure-authentication
Attribute Typesds-pwp-require-secure-password-changes
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 228
User ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Boolean
ds-pwp-require-secure-password-changesOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.576Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-require-secure-password-changesUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Boolean
ds-pwp-reset-timeIndicates when the user's password was reset.
Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.164Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-pwp-reset-timeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
true
Schema File 02-config.ldifSyntax Generalized Time
Attribute Typesds-pwp-similarity-based-min-password-difference
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 229
ds-pwp-similarity-based-min-password-difference
Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.584Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-pwp-similarity-based-min-password-differenceOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-similarity-based-validatorSchema File 03-pwpolicyextension.ldifSyntax Integer
ds-pwp-skip-validation-for-administrators
Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.577Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-skip-validation-for-administratorsUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Boolean
ds-pwp-state-update-failure-policy
Origin ForgeRock Directory ServerUsage userApplications
Attribute Typesds-pwp-unique-characters-case-sensitive-validation
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 230
OID 1.3.6.1.4.1.36733.2.1.1.578Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-pwp-state-update-failure-policyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Directory String
ds-pwp-unique-characters-case-sensitive-validation
Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.599Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-unique-characters-case-sensitive-validationUser ModificationAllowed
true
Used By ds-pwp-unique-characters-validatorSchema File 03-pwpolicyextension.ldifSyntax Boolean
ds-pwp-unique-characters-min-unique-characters
Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.585Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value true
Attribute Typesds-pwp-warned-time
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 231
Names ds-pwp-unique-characters-min-unique-charactersOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ds-pwp-unique-characters-validatorSchema File 03-pwpolicyextension.ldifSyntax Integer
ds-pwp-warned-timeIndicates when the user was first warned about an expiring password.
Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.165Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-pwp-warned-timeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
true
Schema File 02-config.ldifSyntax Generalized Time
ds-rlim-cursor-entry-limitOrigin OpenDJ Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.36733.2.1.1.349Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-rlim-cursor-entry-limitOrdering Matching Rule integerOrderingMatch
Attribute Typesds-rlim-idle-time-limit
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 232
User ModificationAllowed
true
Schema File 02-config.ldifSyntax Integer
ds-rlim-idle-time-limitSets the maximum time the server allows the user to hold an idle connection open.
Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.394Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-rlim-idle-time-limitOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Schema File 02-config.ldifSyntax Integer
ds-rlim-lookthrough-limitSets the maximum number of entries the server considers when processing a search by the user.
Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.241Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-rlim-lookthrough-limitOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Attribute Typesds-rlim-size-limit
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 233
Schema File 02-config.ldifSyntax Integer
ds-rlim-size-limitSets the maximum number of entries returned for a search by the user.
Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.116Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-rlim-size-limitOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Schema File 02-config.ldifSyntax Integer
ds-rlim-time-limitSets the maximum server processing time for a search by the user.
Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.117Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-rlim-time-limitOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Schema File 02-config.ldifSyntax Integer
Attribute Typesds-sync-conflict
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 234
ds-sync-conflictFor an entry resulting from a replication conflict, holds the DN that the entry would have had withoutthe conflict.
Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.317Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames ds-sync-conflictUser ModificationAllowed
true
Schema File 02-config.ldifSyntax DN
ds-sync-fractional-excludeIndicates which attributes to exclude in fractional replication.
Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.589Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-sync-fractional-excludeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 02-config.ldifSyntax Directory String
ds-sync-fractional-includeIndicates which attributes to include in fractional replication.
Attribute Typesds-sync-generation-id
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 235
Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.588Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-sync-fractional-includeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 02-config.ldifSyntax Directory String
ds-sync-generation-idHolds the replication generation ID for a backend.
Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.405Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-sync-generation-idOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 02-config.ldifSyntax Directory String
ds-sync-histHolds historical information for replication.
Origin OpenDS Directory ServerUsage directoryOperation
Attribute Typesds-sync-state
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 236
OID 1.3.6.1.4.1.26027.1.1.119Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames ds-sync-histOrdering Matching Rule historicalCsnOrderingMatchUser ModificationAllowed
false
Schema File 02-config.ldifSyntax Octet String
ds-sync-stateHolds replication state information for a backend.
Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.185Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-sync-stateOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 02-config.ldifSyntax Directory String
ds-target-group-dnPointer to a group to be shown as a virtual static group.
Origin OpenDS Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.26027.1.1.292Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatch
Attribute TypesdSAQuality
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 237
Single Value trueNames ds-target-group-dnUser ModificationAllowed
true
Used By ds-virtual-static-groupSchema File 02-config.ldifSyntax DN
dSAQualityDirectory administrators can use this attribute to indicate the quality (availability) of this DirectorySystem Agent (DSA).
Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.49Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames dSAQualityOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By pilotDSA, qualityLabelledDataSchema File 00-core.ldifSyntax Directory String
emailAddressOrigin RFC 2985Usage userApplicationsDescription represents the email address part of an X.509 certificateOID 1.2.840.113549.1.9.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowed
Attribute TypesemployeeNumber
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 238
Names emailAddressOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax IA5 String
employeeNumberIdentifier that depends on the organization. It often reflects the order of hire or association with theorganization.
Origin RFC 2798Usage userApplicationsDescription numerically identifies an employee within an organizationOID 2.16.840.1.113730.3.1.3Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames employeeNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By inetOrgPersonSchema File 00-core.ldifSyntax Directory String
employeeTypeIdentifier for the employee to employer relationship, such as Employee, Contractor, or Temp. The valuesused depend on the classification of employees.
Origin RFC 2798Usage userApplicationsDescription type of employment for a personOID 2.16.840.1.113730.3.1.4
Attribute TypesenhancedSearchGuide
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 239
Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames employeeTypeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By inetOrgPersonSchema File 00-core.ldifSyntax Directory String
enhancedSearchGuideSets of information used by directory clients when constructing search filters.
Examples: person#(sn$APPROX)#wholeSubtree, organizationalUnit#(ou$SUBSTR)#oneLevel
Origin RFC 4519Usage userApplicationsOID 2.5.4.47Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames enhancedSearchGuideOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Enhanced Guide
entryDNAn entry's distinguished name is not an attribute of the entry.
This operational attribute makes it possible to perform attribute value assertions against the DN ofthe entry, enabling operations such as LDAP compare and LDAP search.
Origin RFC 5020Usage directoryOperation
Attribute TypesentryUUID
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 240
Description DN of the entryOID 1.3.6.1.1.20Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames entryDNUser ModificationAllowed
false
Schema File 00-core.ldifSyntax DN
entryUUIDHolds a Universally Unique Identifier (UUID) assigned to the entry.
The server generates the value of this operational attribute when adding the entry to the directory.
A UUID is a 16-octet (128-bit) string, constrained to the namespace specified in RFC 4122, andencoded using the ASCII representation.
Example: 597ae2f6-16a6-1027-98f4-d28b5365dc14.
Origin RFC 4530Usage directoryOperationDescription UUID of the entryOID 1.3.6.1.1.16.4Equality Matching Rule uuidMatchSingle Value trueNames entryUUIDOrdering Matching Rule uuidOrderingMatchUser ModificationAllowed
false
Schema File 00-core.ldifSyntax UUID
etagSpecifies an entity tag suitable for external use when comparing two versions of an entry.
Attribute TypesfacsimileTelephoneNumber
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 241
Origin OpenDJ Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.36733.2.1.1.59Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames etagOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
false
Schema File 00-core.ldifSyntax Printable String
facsimileTelephoneNumberFax phone number, such as +1 415 555 1212 or +1 415 555 1212$fineResolution.
Origin RFC 4519Usage userApplicationsOID 2.5.4.23Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames facsimileTelephoneNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By dNSDomain, dmd, domain, inetOrgPerson, organization, organizationalPerson,organizationalRole, organizationalUnit, pilotOrganization, rFC822LocalPart,residentialPerson, sunservicecomponent
Schema File 00-core.ldifSyntax Facsimile Telephone Number
firstChangeNumberHolds the oldest change number in the changelog.
Attribute TypesfollowReferrals
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 242
Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.593Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames firstChangeNumberOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Integer
followReferrals
Origin RFC 4876Usage userApplicationsDescription An agent or service does or should follow referralsOID 1.3.6.1.4.1.11.1.3.1.1.5Equality Matching Rule booleanMatchSingle Value trueNames followReferralsUser ModificationAllowed
true
Used By DUAConfigProfileSchema File 05-rfc4876.ldifSyntax Boolean
fr-idm-accountStatus
Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.14
Attribute Typesfr-idm-cluster-json
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 243
Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames fr-idm-accountStatusOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-managed-user-explicitSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-cluster-json
Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.24Equality Matching Rule caseIgnoreJsonQueryMatchClusterObjectSingle Value false: multiple values allowedNames fr-idm-cluster-jsonOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-cluster-objSchema File 60-repo-schema.ldifSyntax Json
fr-idm-condition
Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.35Substring Matching Rule caseIgnoreSubstringsMatch
Attribute Typesfr-idm-consentedMapping
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 244
Equality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames fr-idm-conditionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-internal-roleSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-consentedMapping
Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.23Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames fr-idm-consentedMappingOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-managed-user-explicitSchema File 60-repo-schema.ldifSyntax Json
fr-idm-custom-attrs
Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.66Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value true
Attribute Typesfr-idm-effectiveAssignment
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 245
Names fr-idm-custom-attrsOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-hybrid-objSchema File 60-repo-schema.ldifSyntax Json
fr-idm-effectiveAssignment
Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.16Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames fr-idm-effectiveAssignmentOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-managed-user-explicitSchema File 60-repo-schema.ldifSyntax Json
fr-idm-effectiveRole
Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.15Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames fr-idm-effectiveRoleOrdering Matching Rule octetStringOrderingMatch
Attribute Typesfr-idm-internal-role-authzmembers-internal-user
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 246
User ModificationAllowed
true
Used By fr-idm-managed-user-explicitSchema File 60-repo-schema.ldifSyntax Json
fr-idm-internal-role-authzmembers-internal-userUsage userApplicationsDescription Reference to an internal users internal user authzmembersInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.77Equality Matching Rule nameAndOptionalCaseIgnoreJsonIdEqualityMatchSingle Value false: multiple values allowedNames fr-idm-internal-role-authzmembers-internal-userOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-internal-roleSchema File 60-repo-schema.ldifSyntax Name and Optional JSON
fr-idm-internal-role-authzmembers-managed-userUsage userApplicationsDescription Reference to an internal roles managed user authzmembersInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.76Equality Matching Rule nameAndOptionalCaseIgnoreJsonIdEqualityMatchSingle Value false: multiple values allowedNames fr-idm-internal-role-authzmembers-managed-userOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-internal-role
Attribute Typesfr-idm-internal-user-authzroles-internal-role
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 247
Schema File 60-repo-schema.ldifSyntax Name and Optional JSON
fr-idm-internal-user-authzroles-internal-role
Usage userApplicationsDescription Reference to an internal users internal role authzrolesInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.75Equality Matching Rule nameAndOptionalCaseIgnoreJsonIdEqualityMatchSingle Value false: multiple values allowedNames fr-idm-internal-user-authzroles-internal-roleOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-internal-userSchema File 60-repo-schema.ldifSyntax Name and Optional JSON
fr-idm-internal-user-authzroles-managed-role
Usage userApplicationsDescription Reference to an internal users managed role authzrolesInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.74Equality Matching Rule nameAndOptionalCaseIgnoreJsonIdEqualityMatchSingle Value false: multiple values allowedNames fr-idm-internal-user-authzroles-managed-roleOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-internal-userSchema File 60-repo-schema.ldifSyntax Name and Optional JSON
Attribute Typesfr-idm-json
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 248
fr-idm-jsonOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.10Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames fr-idm-jsonOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-generic-objSchema File 60-repo-schema.ldifSyntax Json
fr-idm-kbaInfoOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.17Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames fr-idm-kbaInfoOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-managed-user-explicitSchema File 60-repo-schema.ldifSyntax Json
fr-idm-lastSyncOrigin OpenIDM DSRepoService
Attribute Typesfr-idm-link-firstid-constraint
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 249
Usage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.18Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames fr-idm-lastSyncOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-managed-user-explicitSchema File 60-repo-schema.ldifSyntax Json
fr-idm-link-firstid-constraintOrigin OpenIDM DSRepoServiceUsage userApplicationsDescription A attribute used to support a unique constraint on the set of fr-idm-link-type, fr-
idm-link-qualifier, fr-idm-link-firstidInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.81Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames fr-idm-link-firstid-constraintOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-linkSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-link-firstidOrigin OpenIDM DSRepoService
Attribute Typesfr-idm-link-qualifier
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 250
Usage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.6Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames fr-idm-link-firstidOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-linkSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-link-qualifierOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.5Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames fr-idm-link-qualifierOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-linkSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-link-secondid-constraintOrigin OpenIDM DSRepoServiceUsage userApplications
Attribute Typesfr-idm-link-secondid
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 251
Description A attribute used to support a unique constraint on the set of fr-idm-link-type, fr-idm-link-qualifier, fr-idm-link-secondid
Interface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.82Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames fr-idm-link-secondid-constraintOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-linkSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-link-secondidOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.7Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames fr-idm-link-secondidOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-linkSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-link-typeOrigin OpenIDM DSRepoService
Attribute Typesfr-idm-lock-nodeid
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 252
Usage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.4Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames fr-idm-link-typeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-linkSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-lock-nodeid
Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.32Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-lock-nodeidOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-lockSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-managed-assignment-json
Origin OpenIDM DSRepoService
Attribute Typesfr-idm-managed-role-assignments
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 253
Usage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.72Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames fr-idm-managed-assignment-jsonOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-managed-assignmentSchema File 60-repo-schema.ldifSyntax Json
fr-idm-managed-role-assignments
Usage userApplicationsDescription Reference to a roles assignmentsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.70Equality Matching Rule nameAndOptionalCaseIgnoreJsonIdEqualityMatchSingle Value false: multiple values allowedNames fr-idm-managed-role-assignmentsOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-managed-roleSchema File 60-repo-schema.ldifSyntax Name and Optional JSON
fr-idm-managed-role-json
Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.
Attribute Typesfr-idm-managed-user-authzroles-internal-role
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 254
OID 1.3.6.1.4.1.36733.2.3.1.25Equality Matching Rule caseIgnoreJsonQueryMatchManagedRoleSingle Value trueNames fr-idm-managed-role-jsonOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-managed-roleSchema File 60-repo-schema.ldifSyntax Json
fr-idm-managed-user-authzroles-internal-role
Usage userApplicationsDescription Reference to a users internal roles authzrolesInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.78Equality Matching Rule nameAndOptionalCaseIgnoreJsonIdEqualityMatchSingle Value false: multiple values allowedNames fr-idm-managed-user-authzroles-internal-roleOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-managed-user, fr-idm-managed-user-explicitSchema File 60-repo-schema.ldifSyntax Name and Optional JSON
fr-idm-managed-user-authzroles-managed-role
Usage userApplicationsDescription Reference to a users managed role authzrolesInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.79Equality Matching Rule nameAndOptionalCaseIgnoreJsonIdEqualityMatch
Attribute Typesfr-idm-managed-user-custom-attrs
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 255
Single Value false: multiple values allowedNames fr-idm-managed-user-authzroles-managed-roleOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-managed-user, fr-idm-managed-user-explicitSchema File 60-repo-schema.ldifSyntax Name and Optional JSON
fr-idm-managed-user-custom-attrs
Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.67Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames fr-idm-managed-user-custom-attrsOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-managed-user-hybrid-objSchema File 60-repo-schema.ldifSyntax Json
fr-idm-managed-user-json
Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.13Equality Matching Rule caseIgnoreJsonQueryMatchManagedUserSingle Value trueNames fr-idm-managed-user-json
Attribute Typesfr-idm-managed-user-manager
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 256
Ordering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-managed-userSchema File 60-repo-schema.ldifSyntax Json
fr-idm-managed-user-managerUsage userApplicationsDescription Reference to a users managerInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.69Equality Matching Rule nameAndOptionalCaseIgnoreJsonIdEqualityMatchSingle Value trueNames fr-idm-managed-user-managerOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-managed-user, fr-idm-managed-user-explicitSchema File 60-repo-schema.ldifSyntax Name and Optional JSON
fr-idm-managed-user-metaUsage userApplicationsDescription Reference to a users internal user metaInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.71Equality Matching Rule nameAndOptionalCaseIgnoreJsonIdEqualityMatchSingle Value false: multiple values allowedNames fr-idm-managed-user-metaOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Attribute Typesfr-idm-managed-user-notifications
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 257
Used By fr-idm-managed-user, fr-idm-managed-user-explicitSchema File 60-repo-schema.ldifSyntax Name and Optional JSON
fr-idm-managed-user-notifications
Usage userApplicationsDescription Reference to a users internal notificationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.73Equality Matching Rule nameAndOptionalCaseIgnoreJsonIdEqualityMatchSingle Value false: multiple values allowedNames fr-idm-managed-user-notificationsOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-managed-user, fr-idm-managed-user-explicitSchema File 60-repo-schema.ldifSyntax Name and Optional JSON
fr-idm-managed-user-roles
Usage userApplicationsDescription Reference to a users rolesInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.68Equality Matching Rule nameAndOptionalCaseIgnoreJsonIdEqualityMatchSingle Value false: multiple values allowedNames fr-idm-managed-user-rolesOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-managed-user, fr-idm-managed-user-explicitSchema File 60-repo-schema.ldif
Attribute Typesfr-idm-name
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 258
Syntax Name and Optional JSON
fr-idm-name
Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.34Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames fr-idm-nameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-internal-roleSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-notification-json
Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.80Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames fr-idm-notification-jsonOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-notificationSchema File 60-repo-schema.ldifSyntax Json
Attribute Typesfr-idm-password
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 259
fr-idm-passwordOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.8Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames fr-idm-passwordOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-internal-user, fr-idm-managed-user-explicitSchema File 60-repo-schema.ldifSyntax Json
fr-idm-preferencesOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.19Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames fr-idm-preferencesOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-managed-user-explicitSchema File 60-repo-schema.ldifSyntax Json
fr-idm-privilegeOrigin OpenIDM DSRepoService
Attribute Typesfr-idm-recon-id
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 260
Usage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.33Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames fr-idm-privilegeOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-internal-roleSchema File 60-repo-schema.ldifSyntax Json
fr-idm-recon-idOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.11Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames fr-idm-recon-idOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-recon-clusteredTargetIdsSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-recon-targetIdsOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.
Attribute Typesfr-idm-reconassoc-finishtime
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 261
OID 1.3.6.1.4.1.36733.2.3.1.12Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames fr-idm-recon-targetIdsOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-recon-clusteredTargetIdsSchema File 60-repo-schema.ldifSyntax Json
fr-idm-reconassoc-finishtimeOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.53Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassoc-finishtimeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-reconassocSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-reconassoc-isanalysisOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.52Substring Matching Rule caseIgnoreSubstringsMatch
Attribute Typesfr-idm-reconassoc-mapping
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 262
Equality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassoc-isanalysisOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-reconassocSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-reconassoc-mappingOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.48Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassoc-mappingOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-reconassocSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-reconassoc-reconidOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.49Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatch
Attribute Typesfr-idm-reconassoc-sourceresourcecollection
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 263
Single Value trueNames fr-idm-reconassoc-reconidOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-reconassocSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-reconassoc-sourceresourcecollectionOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.50Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassoc-sourceresourcecollectionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-reconassocSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-reconassoc-targetresourcecollectionOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.51Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value true
Attribute Typesfr-idm-reconassocentry-action
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 264
Names fr-idm-reconassoc-targetresourcecollectionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-reconassocSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-reconassocentry-actionOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.56Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassocentry-actionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-reconassocentrySchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-reconassocentry-ambiguoustargetobjectidsOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.65Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassocentry-ambiguoustargetobjectids
Attribute Typesfr-idm-reconassocentry-exception
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 265
Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-reconassocentrySchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-reconassocentry-exceptionOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.62Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassocentry-exceptionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-reconassocentrySchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-reconassocentry-linkqualifierOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.58Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassocentry-linkqualifierOrdering Matching Rule caseIgnoreOrderingMatch
Attribute Typesfr-idm-reconassocentry-message
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 266
User ModificationAllowed
true
Used By fr-idm-reconassocentrySchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-reconassocentry-messageOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.63Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassocentry-messageOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-reconassocentrySchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-reconassocentry-messagedetailOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.64Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames fr-idm-reconassocentry-messagedetailOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Attribute Typesfr-idm-reconassocentry-phase
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 267
Used By fr-idm-reconassocentrySchema File 60-repo-schema.ldifSyntax Json
fr-idm-reconassocentry-phaseOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.57Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassocentry-phaseOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-reconassocentrySchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-reconassocentry-reconidOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.54Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassocentry-reconidOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-reconassocentry
Attribute Typesfr-idm-reconassocentry-situation
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 268
Schema File 60-repo-schema.ldifSyntax Directory String
fr-idm-reconassocentry-situationOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.55Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassocentry-situationOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-reconassocentrySchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-reconassocentry-sourceobjectidOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.59Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassocentry-sourceobjectidOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-reconassocentrySchema File 60-repo-schema.ldif
Attribute Typesfr-idm-reconassocentry-status
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 269
Syntax Directory String
fr-idm-reconassocentry-statusOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.61Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassocentry-statusOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-reconassocentrySchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-reconassocentry-targetobjectidOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.60Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassocentry-targetobjectidOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-reconassocentrySchema File 60-repo-schema.ldifSyntax Directory String
Attribute Typesfr-idm-relationship-json
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 270
fr-idm-relationship-jsonOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.26Equality Matching Rule caseIgnoreJsonQueryMatchRelationshipSingle Value trueNames fr-idm-relationship-jsonOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-relationshipSchema File 60-repo-schema.ldifSyntax Json
fr-idm-roleOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.9Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames fr-idm-roleOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-managed-user-explicitSchema File 60-repo-schema.ldifSyntax Json
fr-idm-syncqueue-contextOrigin OpenIDM DSRepoService
Attribute Typesfr-idm-syncqueue-createdate
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 271
Usage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.43Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames fr-idm-syncqueue-contextOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-syncqueueSchema File 60-repo-schema.ldifSyntax Json
fr-idm-syncqueue-createdateOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.47Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-syncqueue-createdateOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-syncqueueSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-syncqueue-mappingOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.
Attribute Typesfr-idm-syncqueue-newobject
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 272
OID 1.3.6.1.4.1.36733.2.3.1.39Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-syncqueue-mappingOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-syncqueueSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-syncqueue-newobjectOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.42Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames fr-idm-syncqueue-newobjectOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-syncqueueSchema File 60-repo-schema.ldifSyntax Json
fr-idm-syncqueue-nodeidOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.45Substring Matching Rule caseIgnoreSubstringsMatch
Attribute Typesfr-idm-syncqueue-objectrev
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 273
Equality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-syncqueue-nodeidOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-syncqueueSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-syncqueue-objectrevOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.40Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-syncqueue-objectrevOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-syncqueueSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-syncqueue-oldobjectOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.41Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowed
Attribute Typesfr-idm-syncqueue-remainingretries
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 274
Names fr-idm-syncqueue-oldobjectOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By fr-idm-syncqueueSchema File 60-repo-schema.ldifSyntax Json
fr-idm-syncqueue-remainingretriesOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.46Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames fr-idm-syncqueue-remainingretriesOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By fr-idm-syncqueueSchema File 60-repo-schema.ldifSyntax Integer
fr-idm-syncqueue-resourcecollectionOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.37Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-syncqueue-resourcecollection
Attribute Typesfr-idm-syncqueue-resourceid
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 275
Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-syncqueueSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-syncqueue-resourceidOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.38Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-syncqueue-resourceidOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-syncqueueSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-syncqueue-stateOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.44Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-syncqueue-stateOrdering Matching Rule caseIgnoreOrderingMatch
Attribute Typesfr-idm-syncqueue-syncaction
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 276
User ModificationAllowed
true
Used By fr-idm-syncqueueSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-syncqueue-syncactionOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.36Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-syncqueue-syncactionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By fr-idm-syncqueueSchema File 60-repo-schema.ldifSyntax Directory String
fr-idm-temporal-constraintsOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.12Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames fr-idm-temporal-constraintsOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Attribute Typesfr-idm-uuid
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 277
Used By fr-idm-internal-roleSchema File 60-repo-schema.ldifSyntax Json
fr-idm-uuidOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.27Equality Matching Rule uuidMatchSingle Value false: multiple values allowedNames fr-idm-uuidOrdering Matching Rule uuidOrderingMatchUser ModificationAllowed
true
Used By fr-idm-managed-user-explicitSchema File 60-repo-schema.ldifSyntax UUID
fullVendorVersionHolds the vendor version including the build number.
Origin OpenDJ Directory ServerUsage dSAOperationOID 1.3.6.1.4.1.36733.2.1.1.141Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames fullVendorVersionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
false
Schema File 00-core.ldifSyntax Directory String
Attribute Typesgecos
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 278
gecosOrigin draft-howard-rfc2307bisUsage userApplicationsDescription The GECOS field; the common nameOID 1.3.6.1.1.1.1.2Substring Matching Rule caseIgnoreIA5SubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames gecosOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By posixAccountSchema File 04-rfc2307bis.ldifSyntax IA5 String
generationQualifierName strings typically forming the suffix part of a person's name.
Examples: Jr., 3rd
Origin RFC 4519Usage userApplicationsSuperior Type nameOID 2.5.4.44Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames generationQualifierOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Directory String
Attribute TypesgidNumber
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 279
gidNumberOrigin draft-howard-rfc2307bisUsage userApplicationsDescription An integer uniquely identifying a group in an administrative domainOID 1.3.6.1.1.1.1.1Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames gidNumberOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By posixAccount, posixGroup, sambaGroupMapping, sambaIdmapEntry,sambaUnixIdPool
Schema File 04-rfc2307bis.ldifSyntax Integer
givenNamePart of a person's name that is neither their surname nor their middle name.
Origin RFC 4519Usage userApplicationsSuperior Type nameOID 2.5.4.42Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames givenNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By inetOrgPersonSchema File 00-core.ldifSyntax Directory String
Attribute TypesgoverningStructureRule
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 280
governingStructureRuleIndicates the structure rule governing the entry. The structure rule defines the names entries mayhave, and how entries may be related to each other.
Origin RFC 4512Usage directoryOperationOID 2.5.21.10Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames governingStructureRuleOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
false
Schema File 00-core.ldifSyntax Integer
hasSubordinatesIndicates whether the entry has any subordinate entries.
Origin X.501Usage directoryOperationOID 2.5.18.9Equality Matching Rule booleanMatchSingle Value trueNames hasSubordinatesUser ModificationAllowed
false
Schema File 00-core.ldifSyntax Boolean
healthyOrigin OpenDJ Directory ServerUsage dSAOperation
Attribute TypeshomeDirectory
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 281
Description Indicates whether the server is able to handle requestsOID 1.3.6.1.4.1.36733.2.1.1.509Equality Matching Rule booleanMatchSingle Value trueNames healthyUser ModificationAllowed
false
Schema File 00-core.ldifSyntax Boolean
homeDirectoryOrigin draft-howard-rfc2307bisUsage userApplicationsDescription The absolute path to the home directoryOID 1.3.6.1.1.1.1.3Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames homeDirectoryOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By posixAccountSchema File 04-rfc2307bis.ldifSyntax IA5 String
homePhoneHome phone number, such as +1 415 555 1212.
Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.20Substring Matching Rule telephoneNumberSubstringsMatch
Attribute TypeshomePostalAddress
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 282
Equality Matching Rule telephoneNumberMatchSingle Value false: multiple values allowedNames homePhone, homeTelephoneNumberUser ModificationAllowed
true
Used By inetOrgPerson, pilotPersonSchema File 00-core.ldifSyntax Telephone Number
homePostalAddressHome postal address for an object, such as 1234 Main St.$Anytown, CA 12345$USA. Values are expectedto be no longer than 6 directory strings of 30 characters each, although servers are not expected toenforce these limits.
Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.39Substring Matching Rule caseIgnoreListSubstringsMatchEquality Matching Rule caseIgnoreListMatchSingle Value false: multiple values allowedNames homePostalAddressUser ModificationAllowed
true
Used By inetOrgPerson, pilotPersonSchema File 00-core.ldifSyntax Postal Address
hostHostname of a computer, generally as a fully qualified domain name such as server.example.com.
Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.9Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatch
Attribute TypeshouseIdentifier
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 283
Single Value false: multiple values allowedNames hostOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By accountSchema File 00-core.ldifSyntax Directory String
houseIdentifierOrigin RFC 4519Usage userApplicationsOID 2.5.4.51Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames houseIdentifierOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Directory String
includedAttributesIn a changelog entry, holds the attributes on the entry prior to the change.
Origin OpenDJ Directory ServerUsage directoryOperationDescription A set of attributes which were part of the entry before the changes were appliedOID 1.3.6.1.4.1.36733.2.1.1.6Equality Matching Rule octetStringMatchSingle Value trueNames includedAttributesOrdering Matching Rule octetStringOrderingMatch
Attribute TypesinetUserHttpURL
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 284
User ModificationAllowed
true
Schema File 03-changelog.ldifSyntax Octet String
inetUserHttpURLThis attribute type stores AM profile information.
Origin Nortel subscriber interoperabilityUsage userApplicationsDescription A users Web addressesOID 2.16.840.1.113730.3.1.693Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames inetUserHttpURLOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By inetuserSchema File 60-identity-store-ds-schema.ldifSyntax IA5 String
inetUserStatusThis attribute type stores AM profile information.
Origin Nortel subscriber interoperabilityUsage userApplicationsDescription "active", "inactive", or "deleted" status of a userOID 2.16.840.1.113730.3.1.692Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames inetUserStatus
Attribute Typesinfo
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 285
Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By inetuserSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
infoGeneral information associated with the object represented by the directory entry. Applicationsshould not ascribe specific semantics to the value of this attribute.
Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.4Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames infoOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By pilotObjectSchema File 00-core.ldifSyntax Directory String
inheritableOrigin draft-ietf-ldup-subentryUsage dSAOperationOID 1.3.6.1.4.1.7628.5.4.1Equality Matching Rule booleanMatchSingle Value trueNames inheritableUser ModificationAllowed
false
Attribute TypesinheritAttribute
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 286
Used By inheritableLDAPSubEntrySchema File 00-core.ldifSyntax Boolean
inheritAttributeHolds the name of a collective attribute to inherit.
Origin OpenDS Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.26027.1.1.625Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value false: multiple values allowedNames inheritAttributeUser ModificationAllowed
true
Used By inheritedCollectiveAttributeSubentry,inheritedFromDNCollectiveAttributeSubentry,inheritedFromRDNCollectiveAttributeSubentry
Schema File 00-core.ldifSyntax OID
inheritFromBaseRDNHolds the RDN of the base entry under which the entries are found from which to inherit collectiveattributes.
Origin OpenDS Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.26027.1.1.622Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames inheritFromBaseRDNUser ModificationAllowed
true
Attribute TypesinheritFromDNAttribute
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 287
Used By inheritedFromRDNCollectiveAttributeSubentrySchema File 00-core.ldifSyntax DN
inheritFromDNAttributeHolds the DN-syntax attribute specifying the entry from which to inherit collective attributes.
Origin OpenDS Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.26027.1.1.621Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value trueNames inheritFromDNAttributeUser ModificationAllowed
true
Used By inheritedFromDNCollectiveAttributeSubentrySchema File 00-core.ldifSyntax OID
inheritFromDNParentOrigin OpenDJ Directory ServerUsage userApplicationsDescription The number of parent levels to lookup in the DN for inherited collective attribute
subentryOID 1.3.6.1.4.1.36733.2.1.1.535Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames inheritFromDNParentOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By inheritedFromDNCollectiveAttributeSubentry
Attribute TypesinheritFromRDNAttribute
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 288
Schema File 00-core.ldifSyntax Integer
inheritFromRDNAttributeHolds the RDN attribute of the entry from which to inherit collective attributes.
Origin OpenDS Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.26027.1.1.624Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value trueNames inheritFromRDNAttributeUser ModificationAllowed
true
Used By inheritedFromRDNCollectiveAttributeSubentrySchema File 00-core.ldifSyntax OID
inheritFromRDNTypeHolds the RDN attribute type of the entry from which to inherit collective attributes.
Origin OpenDS Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.26027.1.1.623Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value trueNames inheritFromRDNTypeUser ModificationAllowed
true
Used By inheritedFromRDNCollectiveAttributeSubentrySchema File 00-core.ldifSyntax OID
Attribute Typesinitials
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 289
initialsStrings of initials of some or all of a person's names, excluding the surname(s). Each string is onevalue of the attribute.
Origin RFC 4519Usage userApplicationsSuperior Type nameOID 2.5.4.43Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames initialsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By inetOrgPersonSchema File 00-core.ldifSyntax Directory String
internationaliSDNNumberIntegrated Services Digital Network (ISDN) addresses, as specified by the InternationalTelecommunication Union (ITU) Recommendation E.164.
Origin RFC 4519Usage userApplicationsOID 2.5.4.25Substring Matching Rule numericStringSubstringsMatchEquality Matching Rule numericStringMatchSingle Value false: multiple values allowedNames internationaliSDNNumberOrdering Matching Rule numericStringOrderingMatchUser ModificationAllowed
true
Used By dNSDomain, dmd, domain, inetOrgPerson, organization, organizationalPerson,organizationalRole, organizationalUnit, pilotOrganization, rFC822LocalPart,residentialPerson, sunservicecomponent
Attribute TypesipHostNumber
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 290
Schema File 00-core.ldifSyntax Numeric String
ipHostNumberOrigin draft-howard-rfc2307bisUsage userApplicationsDescription IPv4 addresses as a dotted decimal omitting leading zeros or IPv6 addresses as
defined in RFC2373Superior Type nameOID 1.3.6.1.1.1.1.19Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ipHostNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ipHostSchema File 04-rfc2307bis.ldifSyntax Directory String
iplanet-am-auth-configurationThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription Authentication ConfigurationOID 1.3.6.1.4.1.42.2.27.9.1.62Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-auth-configurationOrdering Matching Rule caseIgnoreOrderingMatch
Attribute Typesiplanet-am-auth-login-failure-url
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 291
User ModificationAllowed
true
Used By iplanet-am-auth-configuration-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
iplanet-am-auth-login-failure-urlThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription Redirection URL for Failed User AuthenticationOID 1.3.6.1.4.1.42.2.27.9.1.64Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-auth-login-failure-urlOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iplanet-am-auth-configuration-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
iplanet-am-auth-login-success-urlThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription Redirection URL After Successful LoginOID 1.3.6.1.4.1.42.2.27.9.1.63Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowed
Attribute Typesiplanet-am-auth-post-login-process-class
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 292
Names iplanet-am-auth-login-success-urlOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iplanet-am-auth-configuration-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
iplanet-am-auth-post-login-process-classThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription Class Name for Post Authentication ProcessingOID 1.3.6.1.4.1.42.2.27.9.1.65Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-auth-post-login-process-classOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iplanet-am-auth-configuration-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
iplanet-am-session-destroy-sessionsThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription Destroy SessionOID 2.16.840.1.113730.3.1.1069Substring Matching Rule caseIgnoreSubstringsMatch
Attribute Typesiplanet-am-session-get-valid-sessions
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 293
Equality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-session-destroy-sessionsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iplanet-am-session-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
iplanet-am-session-get-valid-sessionsThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription Get Valid SessionsOID 2.16.840.1.113730.3.1.1068Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-session-get-valid-sessionsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iplanet-am-session-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
iplanet-am-session-max-caching-timeThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription Max Session Caching Time
Attribute Typesiplanet-am-session-max-idle-time
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 294
OID 2.16.840.1.113730.3.1.1067Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-session-max-caching-timeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iplanet-am-session-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
iplanet-am-session-max-idle-timeThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription Max Session Idle TimeOID 2.16.840.1.113730.3.1.1066Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-session-max-idle-timeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iplanet-am-session-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
iplanet-am-session-max-session-timeThis attribute type stores AM profile information.
Origin OpenSSO
Attribute Typesiplanet-am-session-quota-limit
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 295
Usage userApplicationsDescription Max Service TimeOID 2.16.840.1.113730.3.1.1065Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-session-max-session-timeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iplanet-am-session-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
iplanet-am-session-quota-limitThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription Session Quota ConstraintsOID 1.3.6.1.4.1.42.2.27.9.1.752Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-session-quota-limitOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iplanet-am-session-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
iplanet-am-session-service-statusThis attribute type stores AM profile information.
Attribute Typesiplanet-am-user-account-life
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 296
Origin OpenSSOUsage userApplicationsDescription Session Service StatusOID 2.16.840.1.113730.3.1.1053Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-session-service-statusOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iplanet-am-session-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
iplanet-am-user-account-lifeThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription User Account LifeOID 2.16.840.1.113730.3.1.976Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-user-account-lifeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iplanet-am-managed-personSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
Attribute Typesiplanet-am-user-admin-start-dn
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 297
iplanet-am-user-admin-start-dnThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription Starting DN for Admin UserOID 2.16.840.1.113730.3.1.1072Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-user-admin-start-dnOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iplanet-am-user-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
iplanet-am-user-alias-listThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription User Alias Names ListOID 1.3.6.1.4.1.42.2.27.9.1.59Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-user-alias-listOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iplanet-am-user-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
Attribute Typesiplanet-am-user-auth-config
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 298
iplanet-am-user-auth-configThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription User Authentication ConfigurationOID 1.3.6.1.4.1.42.2.27.9.1.58Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-user-auth-configOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iplanet-am-user-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
iplanet-am-user-auth-modulesThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription User Auth ModulesOID 2.16.840.1.113730.3.1.1071Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-user-auth-modulesOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iplanet-am-user-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
Attribute Typesiplanet-am-user-failure-url
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 299
iplanet-am-user-failure-urlThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription Redirection URL for Failed User AuthenticationOID 1.3.6.1.4.1.42.2.27.9.1.72Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-user-failure-urlOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iplanet-am-user-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
iplanet-am-user-login-statusThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription User Login StatusOID 2.16.840.1.113730.3.1.1074Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-user-login-statusOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iplanet-am-user-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
Attribute Typesiplanet-am-user-password-reset-force-reset
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 300
iplanet-am-user-password-reset-force-resetThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription Password Reset Force Reset passwordOID 1.3.6.1.4.1.42.2.27.9.1.591Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-user-password-reset-force-resetOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iplanet-am-user-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
iplanet-am-user-password-reset-optionsThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription Password Reset OptionsOID 1.3.6.1.4.1.42.2.27.9.1.589Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-user-password-reset-optionsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iplanet-am-user-serviceSchema File 60-identity-store-ds-schema.ldif
Attribute Typesiplanet-am-user-password-reset-question-answer
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 301
Syntax Directory String
iplanet-am-user-password-reset-question-answerThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription Password Reset User Question AnswerOID 1.3.6.1.4.1.42.2.27.9.1.590Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-user-password-reset-question-answerOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iplanet-am-user-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
iplanet-am-user-service-statusThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription User Service StatusOID 2.16.840.1.113730.3.1.1073Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-user-service-statusOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Attribute Typesiplanet-am-user-success-url
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 302
Schema File 60-identity-store-ds-schema.ldifSyntax Directory String
iplanet-am-user-success-urlThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription Redirection URL for Successful User AuthenticationOID 1.3.6.1.4.1.42.2.27.9.1.71Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-user-success-urlOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iplanet-am-user-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
ipNetmaskNumberOrigin draft-howard-rfc2307bisUsage userApplicationsDescription IP netmask as a dotted decimal, eg. 255.255.255.0, omitting leading zerosOID 1.3.6.1.1.1.1.21Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames ipNetmaskNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Attribute TypesipNetworkNumber
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 303
Used By ipNetworkSchema File 04-rfc2307bis.ldifSyntax IA5 String
ipNetworkNumberOrigin draft-howard-rfc2307bisUsage userApplicationsDescription IP network as a dotted decimal, eg. 192.168, omitting leading zerosSuperior Type nameOID 1.3.6.1.1.1.1.20Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ipNetworkNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ipNetworkSchema File 04-rfc2307bis.ldifSyntax Directory String
ipProtocolNumberOrigin draft-howard-rfc2307bisUsage userApplicationsDescription IP protocol numberOID 1.3.6.1.1.1.1.17Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ipProtocolNumberOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Attribute TypesipServicePort
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 304
Used By ipProtocolSchema File 04-rfc2307bis.ldifSyntax Integer
ipServicePortOrigin draft-howard-rfc2307bisUsage userApplicationsDescription Service port numberOID 1.3.6.1.1.1.1.15Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ipServicePortOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By ipServiceSchema File 04-rfc2307bis.ldifSyntax Integer
ipServiceProtocolOrigin draft-howard-rfc2307bisUsage userApplicationsDescription Service protocol nameSuperior Type nameOID 1.3.6.1.1.1.1.16Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ipServiceProtocolOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Attribute TypesipTnetNumber
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 305
Used By ipServiceSchema File 04-rfc2307bis.ldifSyntax Directory String
ipTnetNumberOrigin Solaris SpecificUsage userApplicationsDescription Trusted Solaris network template ip_addressOID 1.3.6.1.4.1.42.2.27.5.1.68Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ipTnetNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ipTnetHostSchema File 05-solaris.ldifSyntax IA5 String
ipTnetTemplateNameOrigin Solaris SpecificUsage userApplicationsDescription Trusted Solaris network template template_nameOID 1.3.6.1.4.1.42.2.27.5.1.67Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ipTnetTemplateNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ipTnetTemplate
Attribute TypesisMemberOf
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 306
Schema File 05-solaris.ldifSyntax IA5 String
isMemberOfShows group DNs of which this entry is a member.
Origin Sun Java System Directory ServerUsage directoryOperationDescription Sun-defined attribute typeOID 1.3.6.1.4.1.42.2.27.9.1.792Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames isMemberOfUser ModificationAllowed
false
Schema File 00-core.ldifSyntax DN
janetMailboxElectronic mailbox attribute using the syntax specified in the Grey Book of the Coloured Bookprotocols. See, for example, the Wikipedia article on Coloured Book protocols.
Example: janetMail: user@UK.CO.EXAMPLE.
Entries using this attribute must also include an rfc822Mailbox attribute, such as mail: user@example.co.uk.
Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.46Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames janetMailboxOrdering Matching Rule caseIgnoreOrderingMatch
Attribute TypesjavaClassName
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 307
User ModificationAllowed
true
Used By pilotPersonSchema File 00-core.ldifSyntax Directory String
javaClassNameCase-sensitive fully qualified name of a Java class or interface.
Origin RFC 2713Usage userApplicationsDescription Fully qualified name of distinguished Java class or interfaceOID 1.3.6.1.4.1.42.2.27.4.1.6Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames javaClassNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By javaMarshalledObject, javaNamingReference, javaObject, javaSerializedObjectSchema File 03-rfc2713.ldifSyntax Directory String
javaClassNamesCase-sensitive fully qualified names of a Java class or interface. Multiple values represent a class orinterface name of this object, or of an ancestor class or interface of this object.
Origin RFC 2713Usage userApplicationsDescription Fully qualified Java class or interface nameOID 1.3.6.1.4.1.42.2.27.4.1.13Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowed
Attribute TypesjavaCodebase
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 308
Names javaClassNamesOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By javaMarshalledObject, javaNamingReference, javaObject, javaSerializedObjectSchema File 03-rfc2713.ldifSyntax Directory String
javaCodebaseLocation from which to load the class specified by the javaClassName attribute.
If multiple values are present, each value is an independent code base, meaning each is analternative location from which to load the class definition.
Origin RFC 2713Usage userApplicationsDescription URL(s) specifying the location of class definitionOID 1.3.6.1.4.1.42.2.27.4.1.7Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value false: multiple values allowedNames javaCodebaseOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By javaMarshalledObject, javaNamingReference, javaObject, javaSerializedObjectSchema File 03-rfc2713.ldifSyntax IA5 String
javaDocURL to the Javadoc for the object.
Origin RFC 2713Usage userApplicationsDescription The Java documentation for the class
Attribute TypesjavaFactory
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 309
OID 1.3.6.1.4.1.42.2.27.4.1.12Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value false: multiple values allowedNames javaDocOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By javaMarshalledObject, javaNamingReference, javaObject, javaSerializedObjectSchema File 03-rfc2713.ldifSyntax IA5 String
javaFactoryCase-sensitive fully qualified name of a Java class that can be used to create an instance of the classspecified by the javaClassName attribute.
Origin RFC 2713Usage userApplicationsDescription Fully qualified Java class name of a JNDI object factoryOID 1.3.6.1.4.1.42.2.27.4.1.10Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames javaFactoryOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By javaNamingReferenceSchema File 03-rfc2713.ldifSyntax Directory String
javaReferenceAddressSequence of addresses of a JNDI reference. Each value represents and object of type javax.naming.RefAddr, and has the following form, where # is the delimiter:
Attribute TypesjavaSerializedData
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 310
#sequence-number#address-type#(address-value|#string-content)
sequence-number
The address's position in the JNDI reference starting at 0.
address-type
Type of JNDI address, which is a non-empty string.
address-value
Value of the address contents if the reference is of type javax.naming.StringRefAddr.
string-content
Base64-encoded string representation of the entire serialized address if the reference is not oftype javax.naming.StringRefAddr.
Origin RFC 2713Usage userApplicationsDescription Addresses associated with a JNDI ReferenceOID 1.3.6.1.4.1.42.2.27.4.1.11Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames javaReferenceAddressOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By javaNamingReferenceSchema File 03-rfc2713.ldifSyntax Directory String
javaSerializedDataA serialized Java object. For details, see the Java Object Serialization Specification.
Origin RFC 2713Usage userApplicationsDescription Serialized form of a Java objectOID 1.3.6.1.4.1.42.2.27.4.1.8
Attribute TypesjpegPhoto
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 311
Equality Matching Rule octetStringMatchSingle Value trueNames javaSerializedDataOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By javaMarshalledObject, javaSerializedObjectSchema File 03-rfc2713.ldifSyntax Octet String
jpegPhotoAn image of a person in the JPEG File Interchange Format (JFIF).
Origin RFC 2798Usage userApplicationsDescription a JPEG imageOID 0.9.2342.19200300.100.1.60Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames jpegPhotoOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By inetOrgPerson, pilotObjectSchema File 00-core.ldifSyntax JPEG
kbaActiveIndexOrigin OpenAMUsage userApplicationsDescription Knowledge Based Authentication Active IndexInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.6
Attribute TypeskbaInfo
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 312
Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames kbaActiveIndexOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By kbaInfoContainerSchema File 60-identity-store-ds-kba.ldifSyntax Directory String
kbaInfoOrigin OpenAMUsage userApplicationsDescription Knowledge Based Authentication information is stored in this attributeInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.5Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames kbaInfoOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By kbaInfoContainerSchema File 60-identity-store-ds-kba.ldifSyntax Directory String
kbaInfoAttemptsOrigin OpenAMUsage userApplicationsDescription Knowledge Based Authentication Attempts information is stored in this attributeInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.
Attribute TypesknowledgeInformation
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 313
OID 1.3.6.1.4.1.36733.2.2.1.7Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames kbaInfoAttemptsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By kbaInfoContainerSchema File 60-identity-store-ds-kba.ldifSyntax Directory String
knowledgeInformationAccording to the specification, "This attribute is no longer used."
Origin RFC 2256Usage userApplicationsOID 2.5.4.2Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames knowledgeInformationOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By dSA, pilotDSASchema File 00-core.ldifSyntax Directory String
lName of a locality or place, such as a city, country or geographic region.
Origin RFC 4519Usage userApplications
Attribute TypeslabeledURI
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 314
Superior Type nameOID 2.5.4.7Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames l, localityNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By account, applicationEntity, applicationProcess, dNSDomain, dSA, device, dmd,document, documentSeries, domain, inetOrgPerson, ipHost, ipNetwork, locality,organization, organizationalPerson, organizationalRole, organizationalUnit,pilotDSA, pilotOrganization, rFC822LocalPart, residentialPerson,sunservicecomponent, untypedObject
Schema File 00-core.ldifSyntax Directory String
labeledURIA URI with an optional label, as described in RFC 2079.
Example: https://forgerock.com ForgeRock Home Page
Origin RFC 2079Usage userApplicationsDescription Uniform Resource Identifier with optional labelOID 1.3.6.1.4.1.250.1.57Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames labeledURIOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By inetOrgPerson, labeledURIObject, sunRealmService, sunservice,sunservicecomponent
Schema File 00-core.ldifSyntax Directory String
Attribute TypeslabeledURL
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 315
labeledURLOrigin RFC 2079Usage userApplicationsDescription Uniform Resource Locator with optional labelOID 1.3.6.1.4.1.250.1.41Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames labeledURLOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Directory String
lastChangeNumberHolds the newest change number in the changelog.
Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.594Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames lastChangeNumberOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Integer
lastExternalChangelogCookieHolds the most recent cookie (cross domain state) available.
Attribute TypeslastModifiedBy
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 316
Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.585Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames lastExternalChangelogCookieOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Directory String
lastModifiedByDN of the last user to modify the entry.
Although not described in the RFC as an operational attribute, this attribute should be maintained bythe server.
Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.24Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames lastModifiedByUser ModificationAllowed
true
Used By pilotObjectSchema File 00-core.ldifSyntax DN
lastModifiedTimeUTC time when the entry was last modified.
Attribute TypesldapSyntaxes
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 317
Although not described in the RFC as an operational attribute, this attribute should be maintained bythe server.
Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.23Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames lastModifiedTimeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By pilotObjectSchema File 00-core.ldifSyntax Directory String
ldapSyntaxesThis operational attribute used in LDAP schema defines syntaxes, which specify encodings used inLDAP.
Origin RFC 4512Usage directoryOperationOID 1.3.6.1.4.1.1466.101.120.16Equality Matching Rule objectIdentifierFirstComponentMatchSingle Value false: multiple values allowedNames ldapSyntaxesUser ModificationAllowed
true
Schema File 00-core.ldifSyntax LDAP Syntax Description
loginShellOrigin draft-howard-rfc2307bisUsage userApplications
Attribute TypesmacAddress
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 318
Description The path to the login shellOID 1.3.6.1.1.1.1.4Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames loginShellOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By posixAccountSchema File 04-rfc2307bis.ldifSyntax IA5 String
macAddressOrigin draft-howard-rfc2307bisUsage userApplicationsDescription MAC address in maximal, colon separated hex notation, eg. 00:00:92:90:ee:e2OID 1.3.6.1.1.1.1.22Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames macAddressOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By ieee802DeviceSchema File 04-rfc2307bis.ldifSyntax IA5 String
mailInternet mail addresses in Mailbox form, as described in RFC 2821. The server does not ensure thatmail addresses conform to RFC 2821, however.
Be aware that matching is case-insensitive: (mail=bjensen@example.com) matches BJENSEN@example.com
Attribute TypesmailPreferenceOption
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 319
Applications supporting internationalized domain names must use the ToASCII method described inRFC 3490 to produce subdomain components of the Mailbox form.
Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.3Substring Matching Rule caseIgnoreIA5SubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames mail, rfc822MailboxOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By inetOrgPerson, mailGroup, pilotPersonSchema File 00-core.ldifSyntax IA5 String
mailPreferenceOptionIndication of user's preference for having their names included in mailing lists.
Values are from the following list:
no-list-inclusion (Default)
Do not add name in mailing lists.
any-list-inclusion
May add name in mailing lists.
professional-list-inclusion
May add name in mailing lists related to user's professional interests, optionally as evaluatedfrom the business organization or keywords in the entry.
Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.47Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value true
Attribute Typesmanager
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 320
Names mailPreferenceOptionOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By pilotPersonSchema File 00-core.ldifSyntax Integer
managerDNs of manager entries for the entry of a person or entity.
Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.10Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames managerUser ModificationAllowed
true
Used By inetOrgPerson, ipHost, ipNetwork, pilotObjectSchema File 00-core.ldifSyntax DN
matchingRulesThis operational attribute used in LDAP schema defines matching rules, which specify how values ofattributes are matched and compared.
Origin RFC 4512Usage directoryOperationOID 2.5.21.4Equality Matching Rule objectIdentifierFirstComponentMatchSingle Value false: multiple values allowedNames matchingRules
Attribute TypesmatchingRuleUse
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 321
User ModificationAllowed
true
Used By subschemaSchema File 00-core.ldifSyntax Matching Rule Description
matchingRuleUseThis operational attribute used in LDAP schema defines matching rule uses, which list attributes thatcan be used with an extensibleMatch search filter.
Origin RFC 4512Usage directoryOperationOID 2.5.21.8Equality Matching Rule objectIdentifierFirstComponentMatchSingle Value false: multiple values allowedNames matchingRuleUseUser ModificationAllowed
true
Used By subschemaSchema File 00-core.ldifSyntax Matching Rule Use Description
mDRecordA type MD (mail destination) DNS resource record.
Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.27Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames mDRecordOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Attribute Typesmember
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 322
Used By dNSDomainSchema File 00-core.ldifSyntax IA5 String
memberDistinguished names of objects that are part of a group.
Origin RFC 4519Usage userApplicationsSuperior Type distinguishedNameOID 2.5.4.31Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames memberUser ModificationAllowed
true
Used By groupOfEntries, groupOfNamesSchema File 00-core.ldifSyntax DN
memberGidOrigin Solaris SpecificUsage userApplicationsDescription Posix Group NameOID 1.3.6.1.4.1.42.2.27.5.1.30Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value false: multiple values allowedNames memberGidOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Attribute TypesmemberNisNetgroup
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 323
Used By SolarisProjectSchema File 05-solaris.ldifSyntax IA5 String
memberNisNetgroupOrigin draft-howard-rfc2307bisUsage userApplicationsOID 1.3.6.1.1.1.1.13Substring Matching Rule caseExactIA5SubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value false: multiple values allowedNames memberNisNetgroupOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By nisNetgroupSchema File 04-rfc2307bis.ldifSyntax IA5 String
memberofThis attribute type stores AM profile information.
Origin iPlanet Delegated AdministratorUsage userApplicationsDescription Group that the entry belongs toOID 1.2.840.113556.1.2.102Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames memberofUser ModificationAllowed
true
Used By inetuser
Attribute TypesmemberUid
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 324
Schema File 60-identity-store-ds-schema.ldifSyntax DN
memberUidOrigin draft-howard-rfc2307bisUsage userApplicationsOID 1.3.6.1.1.1.1.12Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value false: multiple values allowedNames memberUidOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisProject, posixGroupSchema File 04-rfc2307bis.ldifSyntax IA5 String
memberURLHolds LDAP URLs specifying dynamic group membership.
Origin Sun Java System Directory ServerUsage userApplicationsDescription Sun-defined attribute typeOID 2.16.840.1.113730.3.1.198Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames memberURLOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By groupOfURLs
Attribute TypesmgrpRFC822MailMember
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 325
Schema File 00-core.ldifSyntax IA5 String
mgrpRFC822MailMemberOrigin Solaris SpecificUsage userApplicationsOID 2.16.840.1.113730.3.1.30Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames mgrpRFC822MailMemberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By mailGroupSchema File 05-solaris.ldifSyntax Directory String
mobileMobile phone number, such as +1 415 555 1212.
Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.41Substring Matching Rule telephoneNumberSubstringsMatchEquality Matching Rule telephoneNumberMatchSingle Value false: multiple values allowedNames mobile, mobileTelephoneNumberUser ModificationAllowed
true
Used By inetOrgPerson, pilotPersonSchema File 00-core.ldifSyntax Telephone Number
Attribute TypesmodifiersName
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 326
modifiersNameFor entries updated over protocol (by an LDAP modify request, for example), this operationalattribute indicates the DN of the creator's entry.
Origin RFC 4512Usage directoryOperationOID 2.5.18.4Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames modifiersNameUser ModificationAllowed
false
Schema File 00-core.ldifSyntax DN
modifyTimestampFor entries updated over protocol (by an LDAP modify request, for example), this operationalattribute reflects the time the entry was last modified.
Origin RFC 4512Usage directoryOperationOID 2.5.18.2Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames modifyTimestampOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
false
Schema File 00-core.ldifSyntax Generalized Time
mxRecordA type MX (mail exchange) DNS resource record.
Attribute Typesname
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 327
Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.28Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames mxRecordOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By dNSDomainSchema File 00-core.ldifSyntax IA5 String
nameBase type for user attribute types with name syntax.
Origin RFC 4519Usage userApplicationsOID 2.5.4.41Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames nameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Directory String
nameFormsThis operational attribute used in LDAP schema defines name forms, which specify naming relationsfor structural object classes.
Origin RFC 4512
Attribute TypesnamingContexts
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 328
Usage directoryOperationOID 2.5.21.7Equality Matching Rule objectIdentifierFirstComponentMatchSingle Value false: multiple values allowedNames nameFormsUser ModificationAllowed
true
Used By subschemaSchema File 00-core.ldifSyntax Name Form Description
namingContextsThis operational attribute indicates the base DNs mastered or shadowed by this server.
Origin RFC 4512Usage dSAOperationOID 1.3.6.1.4.1.1466.101.120.5Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames namingContextsUser ModificationAllowed
true
Schema File 00-core.ldifSyntax DN
newRDNOrigin draft-good-ldap-changelogUsage userApplicationsDescription the new RDN of an entry which is the target of a modrdn operationOID 2.16.840.1.113730.3.1.9Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatch
Attribute TypesnewSuperior
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 329
Single Value trueNames newRDNUser ModificationAllowed
true
Used By changeLogEntrySchema File 03-changelog.ldifSyntax DN
newSuperior
Origin draft-good-ldap-changelogUsage userApplicationsDescription the new parent of an entry which is the target of a moddn operationOID 2.16.840.1.113730.3.1.11Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames newSuperiorUser ModificationAllowed
true
Used By changeLogEntrySchema File 03-changelog.ldifSyntax DN
nisDomain
Origin draft-howard-rfc2307bisUsage userApplicationsDescription NIS domainOID 1.3.6.1.1.1.1.30Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames nisDomain
Attribute TypesnisMapEntry
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 330
Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By nisDomainObjectSchema File 04-rfc2307bis.ldifSyntax IA5 String
nisMapEntry
Origin draft-howard-rfc2307bisUsage userApplicationsDescription A generic NIS entryOID 1.3.6.1.1.1.1.27Substring Matching Rule caseExactIA5SubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames nisMapEntryOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By nisObjectSchema File 04-rfc2307bis.ldifSyntax IA5 String
nisMapName
Origin draft-howard-rfc2307bisUsage userApplicationsDescription Name of a A generic NIS mapSuperior Type nameOID 1.3.6.1.1.1.1.26Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowed
Attribute TypesnisNetgroupTriple
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 331
Names nisMapNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By nisMap, nisObjectSchema File 04-rfc2307bis.ldifSyntax Directory String
nisNetgroupTripleOrigin draft-howard-rfc2307bisUsage userApplicationsDescription Netgroup tripleOID 1.3.6.1.1.1.1.14Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames nisNetgroupTripleOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By nisNetgroupSchema File 04-rfc2307bis.ldifSyntax IA5 String
nisNetIdGroupOrigin Solaris SpecificUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.1.1.13Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames nisNetIdGroupOrdering Matching Rule caseIgnoreOrderingMatch
Attribute TypesnisNetIdHost
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 332
User ModificationAllowed
true
Used By nisNetIdSchema File 05-solaris.ldifSyntax IA5 String
nisNetIdHostOrigin Solaris SpecificUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.1.1.14Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames nisNetIdHostOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By nisNetIdSchema File 05-solaris.ldifSyntax IA5 String
nisNetIdUserOrigin Solaris SpecificUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.1.1.12Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames nisNetIdUserOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By nisNetId
Attribute TypesnisplusTimeZone
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 333
Schema File 05-solaris.ldifSyntax IA5 String
nisplusTimeZoneOrigin Solaris SpecificUsage userApplicationsDescription tzone column from NIS+ timezone tableOID 1.3.6.1.4.1.42.2.27.5.1.57Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames nisplusTimeZoneOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By nisplusTimeZoneDataSchema File 05-solaris.ldifSyntax IA5 String
nisPublicKeyOrigin draft-howard-rfc2307bisUsage userApplicationsDescription NIS public keyOID 1.3.6.1.1.1.1.28Equality Matching Rule octetStringMatchSingle Value trueNames nisPublicKeyOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By nisKeyObjectSchema File 04-rfc2307bis.ldifSyntax Octet String
Attribute TypesnisSecretKey
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 334
nisSecretKeyOrigin draft-howard-rfc2307bisUsage userApplicationsDescription NIS secret keyOID 1.3.6.1.1.1.1.29Equality Matching Rule octetStringMatchSingle Value trueNames nisSecretKeyOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By nisKeyObjectSchema File 04-rfc2307bis.ldifSyntax Octet String
nsds50ruvDSEE attribute holding the internal state of the replica from the replication update vector.
Origin Sun Directory ServerUsage userApplicationsOID 2.16.840.1.113730.3.1.587Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames nsds50ruvOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 06-compat.ldifSyntax Directory String
nSRecordA type NS (name server) DNS resource record.
Attribute TypesnsUniqueId
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 335
Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.29Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames nSRecordOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By dNSDomainSchema File 00-core.ldifSyntax IA5 String
nsUniqueIdDSEE attribute holding an entry UUID.
Origin Sun Java System Directory ServerUsage directoryOperationDescription Sun-defined unique identifierOID 2.16.840.1.113730.3.1.542Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames nsUniqueIdOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
false
Schema File 00-core.ldifSyntax IA5 String
numSubordinatesThis operational attribute holds a count of immediate subordinates of the current entry. (The counttherefore does not include entries below immediate subordinates.)
Attribute Typeso
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 336
As numSubordinates is an operational attribute client applications must request it explicitly in searchresults.
Support for the numSubordinates attribute is per entry. If it is present then its value is correct. Itsabsence does not, however, imply that there are no subordinates.
Origin draft-ietf-boreham-numsubordinatesUsage directoryOperationDescription Count of immediate subordinatesOID 1.3.6.1.4.1.453.16.2.103Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames numSubordinatesOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
false
Schema File 00-core.ldifSyntax Integer
oX.500 organizationName attribute for the name of an organization.
Example: ForgeRock, Inc.
Origin RFC 4519Usage userApplicationsSuperior Type nameOID 2.5.4.10Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames o, organizationNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By account, applicationEntity, dNSDomain, dSA, device, document, documentSeries,domain, groupOfEntries, groupOfNames, groupOfURLs, groupOfUniqueNames,
Attribute Typesoath2faEnabled
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 337
inetOrgPerson, organization, pilotDSA, pilotOrganization, rFC822LocalPart,sunRealmService, untypedObject
Schema File 00-core.ldifSyntax Directory String
oath2faEnabledThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription Indicator for enabling of OATH 2FAOID 1.3.6.1.4.1.36733.2.2.1.131Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value false: multiple values allowedNames oath2faEnabledOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By iplanet-am-auth-configuration-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Integer
oathDeviceProfilesOrigin OpenAMUsage userApplicationsDescription OATH device profiles stringInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.10Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames oathDeviceProfilesOrdering Matching Rule caseIgnoreOrderingMatch
Attribute TypesobjectClass
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 338
User ModificationAllowed
true
Used By oathDeviceProfilesContainerSchema File 60-identity-store-ds-oathdevices.ldifSyntax Directory String
objectClassDescribes the type of object represented by the entry, controlling which attributes must and may bepresent on the entry.
Each entry has at least two values, one of which is top or alias.
When an object class value is added to an entry, all superclasses of the object class are implicitlyadded. For example, if inetOrgPerson is added, person and organizationalPerson are also added.
Origin RFC 4512Usage userApplicationsOID 2.5.4.0Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value false: multiple values allowedNames objectClassUser ModificationAllowed
true
Used By DUAConfigProfile, SolarisAuditUser, SolarisAuthAttr, SolarisExecAttr,SolarisNamingProfile, SolarisProfAttr, SolarisProject, SolarisUserAttr, account,alias, applicationEntity, applicationProcess, automount, automountMap,bootableDevice, cRLDistributionPoint, calEntry, certificationAuthority,certificationAuthority-V2, changeLogEntry, container, corbaContainer,corbaObject, corbaObjectReference, country, dNSDomain, dSA, dcObject,deltaCRL, device, devicePrintProfilesContainer, deviceProfilesContainer, dmd,document, documentSeries, domain, domainRelatedObject, ds-certificate-user, ds-monitor, ds-monitor-backend, ds-monitor-backend-db, ds-monitor-backend-pluggable, ds-monitor-backend-proxy, ds-monitor-base-dn, ds-monitor-branch, ds-monitor-certificate, ds-monitor-changelog, ds-monitor-changelog-domain, ds-monitor-connected-changelog, ds-monitor-connected-replica, ds-monitor-connection-handler, ds-monitor-disk-space, ds-monitor-entry-cache,ds-monitor-health-status, ds-monitor-http-connection-handler, ds-monitor-je-database, ds-monitor-jvm, ds-monitor-ldap-connection-handler, ds-monitor-raw-je-database-statistics, ds-monitor-remote-replica, ds-monitor-replica,ds-monitor-replica-db, ds-monitor-server, ds-monitor-topology-server, ds-monitor-work-queue, ds-pwp-attribute-value-validator, ds-pwp-character-set-validator, ds-pwp-dictionary-validator, ds-pwp-length-based-validator, ds-pwp-
Attribute TypesobjectClasses
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 339
password-policy, ds-pwp-random-generator, ds-pwp-repeated-characters-validator, ds-pwp-similarity-based-validator, ds-pwp-unique-characters-validator, ds-pwp-validator, ds-root-dse, ds-virtual-static-group, fr-idm-cluster-obj, fr-idm-generic-obj, fr-idm-hybrid-obj, fr-idm-internal-role, fr-idm-internal-user, fr-idm-link, fr-idm-lock, fr-idm-managed-assignment, fr-idm-managed-role, fr-idm-managed-user, fr-idm-managed-user-explicit, fr-idm-managed-user-hybrid-obj, fr-idm-notification, fr-idm-recon-clusteredTargetIds, fr-idm-reconassoc, fr-idm-reconassocentry, fr-idm-relationship, fr-idm-syncqueue,frCoreToken, friendlyCountry, glue, groupOfEntries, groupOfNames,groupOfURLs, groupOfUniqueNames, ieee802Device, inetOrgPerson,inetuser, inheritableLDAPSubEntry, inheritedCollectiveAttributeSubentry,inheritedFromDNCollectiveAttributeSubentry,inheritedFromRDNCollectiveAttributeSubentry, ipHost, ipNetwork, ipProtocol,ipService, ipTnetHost, ipTnetTemplate, iplanet-am-auth-configuration-service, iplanet-am-managed-person, iplanet-am-session-service, iplanet-am-user-service, javaContainer, javaMarshalledObject, javaNamingReference,javaObject, javaSerializedObject, kbaInfoContainer, labeledURIObject,ldapSubEntry, locality, mailGroup, namedObject, nisDomainObject,nisKeyObject, nisMailAlias, nisMap, nisNetId, nisNetgroup, nisObject,nisplusTimeZoneData, oathDeviceProfilesContainer, oncRpc, organization,organizationalPerson, organizationalRole, organizationalUnit, person,pilotDSA, pilotObject, pilotOrganization, pilotPerson, pkiCA, pkiUser,posixAccount, posixGroup, printerAbstract, printerIPP, printerLPR,printerService, printerServiceAuxClass, pushDeviceProfilesContainer, pwdPolicy,pwdValidatorPolicy, qualityLabelledData, rFC822LocalPart, residentialPerson,room, sambaConfig, sambaConfigOption, sambaDomain, sambaGroupMapping,sambaIdmapEntry, sambaPrivilege, sambaSamAccount, sambaShare,sambaSidEntry, sambaTrustPassword, sambaUnixIdPool, shadowAccount,simpleSecurityObject, slpService, slpServicePrinter, strongAuthenticationUser,subentry, sunAMAuthAccountLockout, sunFMSAML2NameIdentifier,sunPrinter, sunRealmService, sunservice, sunservicecomponent, top,uddiAddress, uddiBindingTemplate, uddiBusinessEntity, uddiBusinessService,uddiContact, uddiPublisherAssertion, uddiTModel, uddiTModelInstanceInfo,uddiv3EntityObituary, uddiv3Subscription, uidObject, untypedObject,userSecurityInformation, webauthnDeviceProfilesContainer
Schema File 00-core.ldifSyntax OID
objectClassesThis operational attribute used in LDAP schema defines object classes, which specify the types ofobjects that an entry represents, and the required and optional attributes for entries of those types.
Origin RFC 4512Usage directoryOperationOID 2.5.21.6Equality Matching Rule objectIdentifierFirstComponentMatch
Attribute TypesobjectclassMap
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 340
Single Value false: multiple values allowedNames objectClassesUser ModificationAllowed
true
Used By subschemaSchema File 00-core.ldifSyntax Object Class Description
objectclassMapOrigin RFC 4876Usage userApplicationsDescription Object class mappings used, required, or supported by an agent or serviceOID 1.3.6.1.4.1.11.1.3.1.1.11Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames objectclassMapOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By DUAConfigProfileSchema File 05-rfc4876.ldifSyntax IA5 String
oncRpcNumberOrigin draft-howard-rfc2307bisUsage userApplicationsDescription ONC RPC numberOID 1.3.6.1.1.1.1.18Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames oncRpcNumber
Attribute TypesorganizationalStatus
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 341
Ordering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By oncRpcSchema File 04-rfc2307bis.ldifSyntax Integer
organizationalStatusCategories to refer to a person in an organization, such as professor or staff.
Similar attributes include title and userClass.
Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.45Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames organizationalStatusOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By pilotPersonSchema File 00-core.ldifSyntax Directory String
otherMailboxAn electronic mailbox address of a type other than X.400 or RFC 822.
Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.22Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowed
Attribute Typesou
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 342
Names otherMailboxOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By pilotPersonSchema File 00-core.ldifSyntax Directory String
ouX.500 organizationalUnitName attribute for the name of an organizational unit.
Example: Product Development
Origin RFC 4519Usage userApplicationsSuperior Type nameOID 2.5.4.11Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames organizationalUnitName, ouOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By account, applicationEntity, applicationProcess, dSA, device, document,documentSeries, groupOfEntries, groupOfNames, groupOfURLs,groupOfUniqueNames, inetOrgPerson, organizationalPerson, organizationalRole,organizationalUnit, pilotDSA, pilotOrganization, sunservice, sunservicecomponent,untypedObject
Schema File 00-core.ldifSyntax Directory String
ownerDistinguished names of objects with an ownership relationship to the current object.
Origin RFC 4519Usage userApplications
Attribute Typespager
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 343
Superior Type distinguishedNameOID 2.5.4.32Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames ownerUser ModificationAllowed
true
Used By device, groupOfEntries, groupOfNames, groupOfURLs, groupOfUniqueNames,untypedObject
Schema File 00-core.ldifSyntax DN
pagerPager phone number, such as +1 415 555 1212.
Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.42Substring Matching Rule telephoneNumberSubstringsMatchEquality Matching Rule telephoneNumberMatchSingle Value false: multiple values allowedNames pager, pagerTelephoneNumberUser ModificationAllowed
true
Used By inetOrgPerson, pilotPersonSchema File 00-core.ldifSyntax Telephone Number
personalSignatureRepresentation of a person's signature. According to RFC 1274, the value is,
Encoded in G3 fax as explained in recommendation T.4, with an ASN.1 wrapper tomake it compatible with an X.400 BodyPart as defined in X.420.
Origin RFC 1274
Attribute TypespersonalTitle
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 344
Usage userApplicationsOID 0.9.2342.19200300.100.1.53Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames personalSignatureOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By pilotPersonSchema File 00-core.ldifSyntax Binary
personalTitlePersonal title for a person, such as Dr. or Professor.
Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.40Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames personalTitleOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By pilotPersonSchema File 00-core.ldifSyntax Directory String
photoA photograph in G3 fax as described in recommendation T.4, with an ASN.1 wrapper to make itcompatible with an X.400 BodyPart, as defined in X.420.
Origin RFC 2798Usage userApplications
Attribute TypesphysicalDeliveryOfficeName
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 345
OID 0.9.2342.19200300.100.1.7Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames photoOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By inetOrgPerson, pilotObjectSchema File 00-core.ldifSyntax Octet String
physicalDeliveryOfficeNameA name used by the postal service to identify a post office.
Origin RFC 4519Usage userApplicationsOID 2.5.4.19Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames physicalDeliveryOfficeNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By dNSDomain, dmd, domain, inetOrgPerson, organization, organizationalPerson,organizationalRole, organizationalUnit, pilotOrganization, rFC822LocalPart,residentialPerson, sunservicecomponent
Schema File 00-core.ldifSyntax Directory String
postalAddressAn address used by the postal service to perform services for the entity.
Use dollar signs ($) to separate lines in the address, and see the PostalAddress syntax description fordetails.
Attribute TypespostalCode
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 346
Example: 1234 Main St.$Anytown, CA 12345$USA.
Origin RFC 4519Usage userApplicationsOID 2.5.4.16Substring Matching Rule caseIgnoreListSubstringsMatchEquality Matching Rule caseIgnoreListMatchSingle Value false: multiple values allowedNames postalAddressUser ModificationAllowed
true
Used By dNSDomain, dmd, domain, inetOrgPerson, organization, organizationalPerson,organizationalRole, organizationalUnit, pilotOrganization, rFC822LocalPart,residentialPerson, sunservicecomponent
Schema File 00-core.ldifSyntax Postal Address
postalCodeA code used by the postal service to identify postal service zones.
Origin RFC 4519Usage userApplicationsOID 2.5.4.17Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames postalCodeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By dNSDomain, dmd, domain, inetOrgPerson, organization, organizationalPerson,organizationalRole, organizationalUnit, pilotOrganization, rFC822LocalPart,residentialPerson, sunservicecomponent
Schema File 00-core.ldifSyntax Directory String
Attribute TypespostOfficeBox
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 347
postOfficeBoxA postal box identifier that the postal service uses when the customer receives mail at a box on thepremises of the postal service.
Origin RFC 4519Usage userApplicationsOID 2.5.4.18Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames postOfficeBoxOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By dNSDomain, dmd, domain, inetOrgPerson, organization, organizationalPerson,organizationalRole, organizationalUnit, pilotOrganization, rFC822LocalPart,residentialPerson, sunservicecomponent
Schema File 00-core.ldifSyntax Directory String
preferredDeliveryMethodIndicates the preferred method for getting a message to the entity, where the methods can bespecified in order of decreasing priority.
Example: mhs $ physical.
Origin RFC 4519Usage userApplicationsOID 2.5.4.28Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames preferredDeliveryMethodOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Attribute TypespreferredLanguage
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 348
Used By dNSDomain, dmd, domain, inetOrgPerson, organization, organizationalPerson,organizationalRole, organizationalUnit, pilotOrganization, pilotPerson,rFC822LocalPart, residentialPerson, sunservicecomponent
Schema File 00-core.ldifSyntax Delivery Method
preferredLanguageIndicates a person's preferred language or languages, which is useful for internationalcorrespondence and computer interaction. RFC 2068 describes an Accept-Language field. That field'scontent, without Accept-Language:, matches the content of this attribute.
Example: en, ko;q=0.8.
Origin RFC 2798Usage userApplicationsDescription preferred written or spoken language for a personOID 2.16.840.1.113730.3.1.39Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames preferredLanguageOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iPlanetPreferences, inetOrgPersonSchema File 00-core.ldifSyntax Directory String
preferredLocaleThis attribute type stores AM profile information.
Origin iPlanetUsage userApplicationsDescription preferred locale for a personOID 1.3.6.1.4.1.1466.101.120.42Substring Matching Rule caseIgnoreSubstringsMatch
Attribute TypespreferredServerList
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 349
Equality Matching Rule caseIgnoreMatchSingle Value trueNames preferredLocaleOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iPlanetPreferencesSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
preferredServerListOrigin RFC 4876Usage userApplicationsDescription List of preferred serversOID 1.3.6.1.4.1.11.1.3.1.1.2Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames preferredServerListOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By DUAConfigProfileSchema File 05-rfc4876.ldifSyntax Directory String
preferredTimeZoneThis attribute type stores AM profile information.
Origin iPlanetUsage userApplicationsDescription preferred time zone for a personOID 1.3.6.1.4.1.1466.101.120.43
Attribute TypespresentationAddress
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 350
Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames preferredTimeZoneOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iPlanetPreferencesSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
presentationAddressAn OSI presentation address.
Origin RFC 2256Usage userApplicationsOID 2.5.4.29Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule presentationAddressMatchSingle Value trueNames presentationAddressOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By applicationEntity, dSA, pilotDSASchema File 00-core.ldifSyntax Presentation Address
printer-aliasesOrigin RFC 3712Usage userApplicationsDescription List of site-specific administrative names of this printer in addition to the value
specified for printer-name.OID 1.3.18.0.2.4.1108
Attribute Typesprinter-charset-configured
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 351
Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-aliasesOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerLPRSchema File 03-rfc3712.ldifSyntax Directory String
printer-charset-configuredOrigin RFC 3712Usage userApplicationsDescription The configured charset in which error and status messages will be generated (by
default) by this printer.OID 1.3.18.0.2.4.1109Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames printer-charset-configuredOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String
printer-charset-supportedOrigin RFC 3712Usage userApplicationsDescription Set of charsets supported for the attribute values of syntax DirectoryString for this
directory entry.
Attribute Typesprinter-color-supported
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 352
OID 1.3.18.0.2.4.1131Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-charset-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String
printer-color-supportedOrigin RFC 3712Usage userApplicationsDescription Indicates whether this printer is capable of any type of color printing at all,
including highlight color.OID 1.3.18.0.2.4.1129Equality Matching Rule booleanMatchSingle Value trueNames printer-color-supportedUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Boolean
printer-compression-supportedOrigin RFC 3712Usage userApplicationsDescription Compression algorithms supported by this printer.OID 1.3.18.0.2.4.1128Substring Matching Rule caseIgnoreSubstringsMatch
Attribute Typesprinter-copies-supported
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 353
Equality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-compression-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String
printer-copies-supportedOrigin RFC 3712Usage userApplicationsDescription The maximum number of copies of a document that may be printed as a single job
on this printer.OID 1.3.18.0.2.4.1118Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames printer-copies-supportedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Integer
printer-current-operatorOrigin RFC 3712Usage userApplicationsDescription The identity of the current human operator responsible for operating this printer.OID 1.3.18.0.2.4.1112Substring Matching Rule caseIgnoreSubstringsMatch
Attribute Typesprinter-delivery-orientation-supported
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 354
Equality Matching Rule caseIgnoreMatchSingle Value trueNames printer-current-operatorOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String
printer-delivery-orientation-supportedOrigin RFC 3712Usage userApplicationsDescription The possible delivery orientations of pages as they are printed and ejected from
this printer.OID 1.3.18.0.2.4.1114Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-delivery-orientation-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String
printer-document-format-supportedOrigin RFC 3712Usage userApplicationsDescription The possible source document formats which may be interpreted and printed by
this printer.OID 1.3.18.0.2.4.1130
Attribute Typesprinter-finishings-supported
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 355
Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-document-format-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String
printer-finishings-supported
Origin RFC 3712Usage userApplicationsDescription The possible finishing operations supported by this printer.OID 1.3.18.0.2.4.1125Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-finishings-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String
printer-generated-natural-language-supported
Origin RFC 3712Usage userApplicationsDescription Natural language(s) supported for this directory entry.OID 1.3.18.0.2.4.1137
Attribute Typesprinter-info
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 356
Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-generated-natural-language-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String
printer-infoOrigin RFC 3712Usage userApplicationsDescription Descriptive information about this printer.OID 1.3.18.0.2.4.1139Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames printer-infoOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String
printer-ipp-versions-supportedOrigin RFC 3712Usage userApplicationsDescription IPP protocol version(s) that this printer supports.OID 1.3.18.0.2.4.1133Substring Matching Rule caseIgnoreSubstringsMatch
Attribute Typesprinter-job-k-octets-supported
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 357
Equality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-ipp-versions-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerIPPSchema File 03-rfc3712.ldifSyntax Directory String
printer-job-k-octets-supportedOrigin RFC 3712Usage userApplicationsDescription The maximum size in kilobytes (1,024 octets actually) incoming print job that this
printer will accept.OID 1.3.18.0.2.4.1111Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames printer-job-k-octets-supportedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Integer
printer-job-priority-supportedOrigin RFC 3712Usage userApplicationsDescription Indicates the number of job priority levels supported by this printer.OID 1.3.18.0.2.4.1110Substring Matching Rule caseExactSubstringsMatch
Attribute Typesprinter-location
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 358
Equality Matching Rule integerMatchSingle Value trueNames printer-job-priority-supportedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Integer
printer-location
Origin RFC 3712Usage userApplicationsDescription The physical location of this printer.OID 1.3.18.0.2.4.1136Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames printer-locationOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String
printer-make-and-model
Origin RFC 3712Usage userApplicationsDescription Make and model of this printer.OID 1.3.18.0.2.4.1138Substring Matching Rule caseIgnoreSubstringsMatch
Attribute Typesprinter-media-local-supported
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 359
Equality Matching Rule caseIgnoreMatchSingle Value trueNames printer-make-and-modelOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String
printer-media-local-supportedOrigin RFC 3712Usage userApplicationsDescription Site-specific names of media supported by this printer.OID 1.3.18.0.2.4.1117Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-media-local-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String
printer-media-supportedOrigin RFC 3712Usage userApplicationsDescription The standard names/types/sizes (and optional color suffixes) of the media
supported by this printer.OID 1.3.18.0.2.4.1122Substring Matching Rule caseIgnoreSubstringsMatch
Attribute Typesprinter-more-info
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 360
Equality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-media-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String
printer-more-info
Origin RFC 3712Usage userApplicationsDescription A URI for more information about this specific printer.OID 1.3.18.0.2.4.1134Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames printer-more-infoOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String
printer-multiple-document-jobs-supported
Origin RFC 3712Usage userApplicationsDescription Indicates whether this printer supports more than one document per job.OID 1.3.18.0.2.4.1132Equality Matching Rule booleanMatch
Attribute Typesprinter-name
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 361
Single Value trueNames printer-multiple-document-jobs-supportedUser ModificationAllowed
true
Used By printerAbstract, printerIPP, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Boolean
printer-nameOrigin RFC 3712Usage userApplicationsDescription The site-specific administrative name of this printer.OID 1.3.18.0.2.4.1135Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames printer-nameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerLPR, printerService, printerServiceAuxClass, sunPrinterSchema File 03-rfc3712.ldifSyntax Directory String
printer-natural-language-configuredOrigin RFC 3712Usage userApplicationsDescription The configured natural language in which error and status messages will be
generated (by default) by this printer.OID 1.3.18.0.2.4.1119Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value true
Attribute Typesprinter-number-up-supported
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 362
Names printer-natural-language-configuredOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String
printer-number-up-supportedOrigin RFC 3712Usage userApplicationsDescription The possible numbers of print-stream pages to impose upon a single side of an
instance of a selected medium.OID 1.3.18.0.2.4.1124Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value false: multiple values allowedNames printer-number-up-supportedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Integer
printer-output-features-supportedOrigin RFC 3712Usage userApplicationsDescription The possible output features supported by this printer.OID 1.3.18.0.2.4.1116Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowed
Attribute Typesprinter-pages-per-minute-color
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 363
Names printer-output-features-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String
printer-pages-per-minute-colorOrigin RFC 3712Usage userApplicationsDescription The nominal number of color pages per minute which may be output by this
printer.OID 1.3.18.0.2.4.1126Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames printer-pages-per-minute-colorOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Integer
printer-pages-per-minuteOrigin RFC 3712Usage userApplicationsDescription The nominal number of pages per minute which may be output by this printer.OID 1.3.18.0.2.4.1127Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value true
Attribute Typesprinter-print-quality-supported
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 364
Names printer-pages-per-minuteOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Integer
printer-print-quality-supported
Origin RFC 3712Usage userApplicationsDescription List of print qualities supported for printing documents on this printer.OID 1.3.18.0.2.4.1120Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-print-quality-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String
printer-resolution-supported
Origin RFC 3712Usage userApplicationsDescription List of resolutions supported for printing documents by this printer.OID 1.3.18.0.2.4.1121Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowed
Attribute Typesprinter-service-person
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 365
Names printer-resolution-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String
printer-service-personOrigin RFC 3712Usage userApplicationsDescription The identity of the current human service person responsible for servicing this
printer.OID 1.3.18.0.2.4.1113Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames printer-service-personOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String
printer-sides-supportedOrigin RFC 3712Usage userApplicationsDescription The number of impression sides (one or two) and the two-sided impression
rotations supported by this printer.OID 1.3.18.0.2.4.1123Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatch
Attribute Typesprinter-stacking-order-supported
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 366
Single Value false: multiple values allowedNames printer-sides-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String
printer-stacking-order-supportedOrigin RFC 3712Usage userApplicationsDescription The possible stacking order of pages as they are printed and ejected from this
printer.OID 1.3.18.0.2.4.1115Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-stacking-order-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String
printer-uriOrigin RFC 3712Usage userApplicationsDescription A URI supported by this printer.OID 1.3.18.0.2.4.1140Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatch
Attribute Typesprinter-xri-supported
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 367
Single Value trueNames printer-uriOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String
printer-xri-supportedOrigin RFC 3712Usage userApplicationsDescription The unordered list of XRI (extended resource identifiers) supported by this
printer.OID 1.3.18.0.2.4.1107Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-xri-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String
profileTTLOrigin RFC 4876Usage userApplicationsDescription Time to live, in seconds, before a profile is considered staleOID 1.3.6.1.4.1.11.1.3.1.1.7Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatch
Attribute TypesprotocolInformation
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 368
Single Value trueNames profileTTLOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By DUAConfigProfileSchema File 05-rfc4876.ldifSyntax Integer
protocolInformationUsed with a presentationAddress attribute to provide additional information to the OSI network service.
Origin RFC 2256Usage userApplicationsOID 2.5.4.48Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule protocolInformationMatchSingle Value false: multiple values allowedNames protocolInformationOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Protocol Information
push2faEnabledOrigin OpenAMUsage userApplicationsDescription Indicator for enabling of Push 2FAOID 1.3.6.1.4.1.36733.2.2.1.140Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value false: multiple values allowed
Attribute TypespushDeviceProfiles
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 369
Names push2faEnabledOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By iplanet-am-auth-configuration-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Integer
pushDeviceProfiles
Origin OpenAMUsage userApplicationsDescription Push device profiles stringInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.11Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames pushDeviceProfilesOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By pushDeviceProfilesContainerSchema File 60-identity-store-ds-pushdevices.ldifSyntax Directory String
pwdAccountLockedTimeTimestamp when the account was last locked, where 000001010000Z means the account has been lockedpermanently.
Origin draft-behera-ldap-password-policyUsage directoryOperationDescription The time an user account was lockedOID 1.3.6.1.4.1.42.2.27.8.1.17
Attribute TypespwdAllowUserChange
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 370
Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames pwdAccountLockedTimeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
false
Schema File 01-pwpolicy.ldifSyntax Generalized Time
pwdAllowUserChangeWhether users can change their own passwords.
Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.14Equality Matching Rule booleanMatchSingle Value trueNames pwdAllowUserChangeUser ModificationAllowed
true
Used By pwdPolicySchema File 01-pwpolicy.ldifSyntax Boolean
pwdAttributeName of the attribute to which the password policy applies.
Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value false: multiple values allowed
Attribute TypespwdChangedTime
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 371
Names pwdAttributeUser ModificationAllowed
true
Used By pwdPolicySchema File 01-pwpolicy.ldifSyntax OID
pwdChangedTimeTimestamp of last password change.
Origin draft-behera-ldap-password-policyUsage directoryOperationDescription The time the password was last changedOID 1.3.6.1.4.1.42.2.27.8.1.16Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames pwdChangedTimeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
false
Schema File 01-pwpolicy.ldifSyntax Generalized Time
pwdCheckQualityHow to verify quality when a password is added or modified. 0: do not check; 1: check, but accept ifvalidation passes or if unable to check; 2: check, and return an error if verification does not pass orcannot be completed.
Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.5Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatch
Attribute TypespwdExpireWarning
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 372
Single Value trueNames pwdCheckQualityOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By pwdPolicySchema File 01-pwpolicy.ldifSyntax Integer
pwdExpireWarningMaximum number of seconds before expiry to begin returning errors to the user binding to thedirectory.
Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.7Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames pwdExpireWarningOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By pwdPolicySchema File 01-pwpolicy.ldifSyntax Integer
pwdFailureCountIntervalNumber of seconds after which failures are purged from the failure counter.
Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.12Substring Matching Rule caseExactSubstringsMatch
Attribute TypespwdFailureTime
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 373
Equality Matching Rule integerMatchSingle Value trueNames pwdFailureCountIntervalOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By pwdPolicySchema File 01-pwpolicy.ldifSyntax Integer
pwdFailureTimeTimestamp of the last consecutive authentication failure.
Origin draft-behera-ldap-password-policyUsage directoryOperationDescription The timestamps of the last consecutive authentication failuresOID 1.3.6.1.4.1.42.2.27.8.1.19Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value false: multiple values allowedNames pwdFailureTimeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
false
Schema File 01-pwpolicy.ldifSyntax Generalized Time
pwdGraceAuthNLimitNumber of times an expired password can be used to authenticate.
Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.8Substring Matching Rule caseExactSubstringsMatch
Attribute TypespwdGraceUseTime
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 374
Equality Matching Rule integerMatchSingle Value trueNames pwdGraceAuthNLimitOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By pwdPolicySchema File 01-pwpolicy.ldifSyntax Integer
pwdGraceUseTimeTimestamps of grace authentications after a password expired.
Origin draft-behera-ldap-password-policyUsage directoryOperationDescription The timestamps of the grace authentication after the password has expiredOID 1.3.6.1.4.1.42.2.27.8.1.21Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value false: multiple values allowedNames pwdGraceUseTimeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
false
Schema File 01-pwpolicy.ldifSyntax Generalized Time
pwdHistoryHistory of previously used passwords.
Origin draft-behera-ldap-password-policyUsage directoryOperationDescription The history of user s passwordsOID 1.3.6.1.4.1.42.2.27.8.1.20
Attribute TypespwdInHistory
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 375
Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames pwdHistoryOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
false
Schema File 01-pwpolicy.ldifSyntax Octet String
pwdInHistoryMaximum number of passwords stored in the pwdHistory attribute.
Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.4Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames pwdInHistoryOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By pwdPolicySchema File 01-pwpolicy.ldifSyntax Integer
pwdLockoutWhether the password can no longer used to authenticate when pwdMaxFailure has been reached.
Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.9Equality Matching Rule booleanMatchSingle Value true
Attribute TypespwdLockoutDuration
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 376
Names pwdLockoutUser ModificationAllowed
true
Used By pwdPolicySchema File 01-pwpolicy.ldifSyntax Boolean
pwdLockoutDurationNumber of seconds when the password can not be used to authenticate after pwdMaxFailure has beenreached.
Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.10Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames pwdLockoutDurationOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By pwdPolicySchema File 01-pwpolicy.ldifSyntax Integer
pwdMaxAgeNumber of seconds after which a password expires.
Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.3Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value true
Attribute TypespwdMaxFailure
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 377
Names pwdMaxAgeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By pwdPolicySchema File 01-pwpolicy.ldifSyntax Integer
pwdMaxFailureMaximum number of consecutive failed bind attempts allowed before the account is locked.
Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.11Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames pwdMaxFailureOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By pwdPolicySchema File 01-pwpolicy.ldifSyntax Integer
pwdMinAgeMinimum number of seconds between modifications to the password.
Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.2Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value true
Attribute TypespwdMinLength
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 378
Names pwdMinAgeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By pwdPolicySchema File 01-pwpolicy.ldifSyntax Integer
pwdMinLengthMinimum number of characters in a password.
Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.6Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames pwdMinLengthOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By pwdPolicySchema File 01-pwpolicy.ldifSyntax Integer
pwdMustChangeWhether users much change their passwords when first binding or after a password reset.
Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.13Equality Matching Rule booleanMatchSingle Value trueNames pwdMustChange
Attribute TypespwdPolicySubentry
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 379
User ModificationAllowed
true
Used By pwdPolicySchema File 01-pwpolicy.ldifSyntax Boolean
pwdPolicySubentryPointer to the password policy subentry for the current entry.
Origin draft-behera-ldap-password-policyUsage directoryOperationDescription The pwdPolicy subentry in effect for this objectOID 1.3.6.1.4.1.42.2.27.8.1.23Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames pwdPolicySubentryUser ModificationAllowed
false
Schema File 01-pwpolicy.ldifSyntax DN
pwdResetWhether the password has been reset by an administrator, and must be changed by the user.
Origin draft-behera-ldap-password-policyUsage directoryOperationDescription The indication that the password has been resetOID 1.3.6.1.4.1.42.2.27.8.1.22Equality Matching Rule booleanMatchSingle Value trueNames pwdResetUser ModificationAllowed
true
Attribute TypespwdSafeModify
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 380
Schema File 01-pwpolicy.ldifSyntax Boolean
pwdSafeModifyWhether the existing password must be supplied when changing passwords.
Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.15Equality Matching Rule booleanMatchSingle Value trueNames pwdSafeModifyUser ModificationAllowed
true
Used By pwdPolicySchema File 01-pwpolicy.ldifSyntax Boolean
refThis attribute holds labeledURI values referring to another LDAP server. The URI should be an LDAPURL. The URI should not specify scope, filter, or an attribute description list, and it should contain anon-empty DN.
Example: ldap://referral.example.com:1389/ou=Subscribers,dc=example,dc=com
Origin RFC 3296Usage distributedOperationDescription named reference - a labeledURIOID 2.16.840.1.113730.3.1.34Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames refOrdering Matching Rule caseIgnoreOrderingMatch
Attribute TypesregisteredAddress
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 381
User ModificationAllowed
true
Used By referralSchema File 00-core.ldifSyntax Directory String
registeredAddressA postal address suitable for reception of telegrams and expedited documents, where the recipientmust accept delivery.
Example: Receptionist$Widget, Inc.$1234 Main St.$Anytown, CA 12345$USA.
Origin RFC 4519Usage userApplicationsSuperior Type postalAddressOID 2.5.4.26Substring Matching Rule caseIgnoreListSubstringsMatchEquality Matching Rule caseIgnoreListMatchSingle Value false: multiple values allowedNames registeredAddressUser ModificationAllowed
true
Used By dNSDomain, dmd, domain, inetOrgPerson, organization, organizationalPerson,organizationalRole, organizationalUnit, pilotOrganization, rFC822LocalPart,residentialPerson, sunservicecomponent
Schema File 00-core.ldifSyntax Postal Address
replicaIdentifierUniquely identifies a replica in a topology.
Origin OpenDS Directory ServerUsage directoryOperationDescription the OpenDS replication domain server identifier for the changeOID 1.3.6.1.4.1.42.2.27.9.1.724
Attribute TypesreplicationCSN
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 382
Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames replicaIdentifierOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 03-changelog.ldifSyntax Directory String
replicationCSNHolds a replication change sequence number.
Origin OpenDS Directory ServerUsage directoryOperationDescription The OpenDS replication change number for the changeOID 1.3.6.1.4.1.42.2.27.9.1.725Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames replicationCSNOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 03-changelog.ldifSyntax Directory String
rfc822mailMemberOrigin Solaris SpecificUsage userApplicationsDescription rfc822 mail addresss of group memberOID 1.3.6.1.4.1.42.2.27.2.1.15Substring Matching Rule caseIgnoreSubstringsMatch
Attribute TypesroleOccupant
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 383
Equality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames rfc822mailMemberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By nisMailAliasSchema File 05-solaris.ldifSyntax IA5 String
roleOccupantDistinguished names of objects that fulfill the responsibilities of the current role object.
For example, if the role object is for Director of Engineering, this role could be fulfilled by multipleusers.
Origin RFC 4519Usage userApplicationsSuperior Type distinguishedNameOID 2.5.4.33Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames roleOccupantUser ModificationAllowed
true
Used By organizationalRoleSchema File 00-core.ldifSyntax DN
roomNumberRoom number for an object, which might be multiple when rooms are being renumbered, forexample. Use the cn attribute when naming rooms, as room numbers can change.
Origin RFC 4524
Attribute TypessambaAcctFlags
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 384
Usage userApplicationsOID 0.9.2342.19200300.100.1.6Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames roomNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By inetOrgPerson, pilotPerson, roomSchema File 00-core.ldifSyntax Directory String
sambaAcctFlags
Usage userApplicationsDescription Account FlagsOID 1.3.6.1.4.1.7165.2.1.26Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames sambaAcctFlagsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sambaSamAccountSchema File 05-samba.ldifSyntax IA5 String
sambaAlgorithmicRidBase
Usage userApplicationsDescription Base at which the samba RID generation algorithm should operateOID 1.3.6.1.4.1.7165.2.1.40
Attribute TypessambaBadPasswordCount
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 385
Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaAlgorithmicRidBaseOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By sambaDomainSchema File 05-samba.ldifSyntax Integer
sambaBadPasswordCount
Usage userApplicationsDescription Bad password attempt countOID 1.3.6.1.4.1.7165.2.1.48Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaBadPasswordCountOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By sambaSamAccountSchema File 05-samba.ldifSyntax Integer
sambaBadPasswordTime
Usage userApplicationsDescription Time of the last bad password attemptOID 1.3.6.1.4.1.7165.2.1.49Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatch
Attribute TypessambaBoolOption
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 386
Single Value trueNames sambaBadPasswordTimeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By sambaSamAccountSchema File 05-samba.ldifSyntax Integer
sambaBoolOptionUsage userApplicationsDescription A boolean optionOID 1.3.6.1.4.1.7165.2.1.43Equality Matching Rule booleanMatchSingle Value trueNames sambaBoolOptionUser ModificationAllowed
true
Used By sambaConfigOptionSchema File 05-samba.ldifSyntax Boolean
sambaDomainNameUsage userApplicationsDescription Windows NT domain to which the user belongsOID 1.3.6.1.4.1.7165.2.1.38Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sambaDomainNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Attribute TypessambaForceLogoff
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 387
Used By sambaDomain, sambaSamAccount, sambaTrustPasswordSchema File 05-samba.ldifSyntax Directory String
sambaForceLogoffUsage userApplicationsDescription Disconnect Users outside logon hours (default: -1 => off, 0 => on)OID 1.3.6.1.4.1.7165.2.1.66Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaForceLogoffOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By sambaDomainSchema File 05-samba.ldifSyntax Integer
sambaGroupTypeUsage userApplicationsDescription NT Group TypeOID 1.3.6.1.4.1.7165.2.1.19Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaGroupTypeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By sambaGroupMappingSchema File 05-samba.ldifSyntax Integer
Attribute TypessambaHomeDrive
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 388
sambaHomeDriveUsage userApplicationsDescription Driver letter of home directory mappingOID 1.3.6.1.4.1.7165.2.1.33Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames sambaHomeDriveOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sambaSamAccountSchema File 05-samba.ldifSyntax IA5 String
sambaHomePathUsage userApplicationsDescription Home directory UNC pathOID 1.3.6.1.4.1.7165.2.1.37Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sambaHomePathOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sambaSamAccountSchema File 05-samba.ldifSyntax Directory String
sambaIntegerOptionUsage userApplications
Attribute TypessambaKickoffTime
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 389
Description An integer optionOID 1.3.6.1.4.1.7165.2.1.44Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaIntegerOptionOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By sambaConfigOptionSchema File 05-samba.ldifSyntax Integer
sambaKickoffTimeUsage userApplicationsDescription Timestamp of when the user will be logged off automaticallyOID 1.3.6.1.4.1.7165.2.1.32Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaKickoffTimeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By sambaSamAccountSchema File 05-samba.ldifSyntax Integer
sambaLMPasswordUsage userApplicationsDescription LanManager PasswordOID 1.3.6.1.4.1.7165.2.1.24Substring Matching Rule caseIgnoreSubstringsMatch
Attribute TypessambaLockoutDuration
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 390
Equality Matching Rule caseIgnoreIA5MatchSingle Value trueNames sambaLMPasswordOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sambaSamAccountSchema File 05-samba.ldifSyntax IA5 String
sambaLockoutDurationUsage userApplicationsDescription Lockout duration in minutes (default: 30, -1 => forever)OID 1.3.6.1.4.1.7165.2.1.63Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaLockoutDurationOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By sambaDomainSchema File 05-samba.ldifSyntax Integer
sambaLockoutObservationWindowUsage userApplicationsDescription Reset time after lockout in minutes (default: 30)OID 1.3.6.1.4.1.7165.2.1.64Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaLockoutObservationWindow
Attribute TypessambaLockoutThreshold
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 391
Ordering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By sambaDomainSchema File 05-samba.ldifSyntax Integer
sambaLockoutThresholdUsage userApplicationsDescription Lockout users after bad logon attempts (default: 0 => off)OID 1.3.6.1.4.1.7165.2.1.65Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaLockoutThresholdOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By sambaDomainSchema File 05-samba.ldifSyntax Integer
sambaLogoffTimeUsage userApplicationsDescription Timestamp of last logoffOID 1.3.6.1.4.1.7165.2.1.31Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaLogoffTimeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Attribute TypessambaLogonHours
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 392
Used By sambaSamAccountSchema File 05-samba.ldifSyntax Integer
sambaLogonHoursUsage userApplicationsDescription Logon HoursOID 1.3.6.1.4.1.7165.2.1.55Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames sambaLogonHoursOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sambaSamAccountSchema File 05-samba.ldifSyntax IA5 String
sambaLogonScriptUsage userApplicationsDescription Logon script pathOID 1.3.6.1.4.1.7165.2.1.34Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames sambaLogonScriptOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sambaSamAccountSchema File 05-samba.ldifSyntax Directory String
Attribute TypessambaLogonTime
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 393
sambaLogonTimeUsage userApplicationsDescription Timestamp of last logonOID 1.3.6.1.4.1.7165.2.1.30Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaLogonTimeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By sambaSamAccountSchema File 05-samba.ldifSyntax Integer
sambaLogonToChgPwdUsage userApplicationsDescription Force Users to logon for password change (default: 0 => off, 2 => on)OID 1.3.6.1.4.1.7165.2.1.60Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaLogonToChgPwdOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By sambaDomainSchema File 05-samba.ldifSyntax Integer
sambaMaxPwdAgeUsage userApplications
Attribute TypessambaMinPwdAge
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 394
Description Maximum password age, in seconds (default: -1 => never expire passwords)OID 1.3.6.1.4.1.7165.2.1.61Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaMaxPwdAgeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By sambaDomainSchema File 05-samba.ldifSyntax Integer
sambaMinPwdAgeUsage userApplicationsDescription Minimum password age, in seconds (default: 0 => allow immediate password
change)OID 1.3.6.1.4.1.7165.2.1.62Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaMinPwdAgeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By sambaDomainSchema File 05-samba.ldifSyntax Integer
sambaMinPwdLengthUsage userApplicationsDescription Minimal password length (default: 5)OID 1.3.6.1.4.1.7165.2.1.58
Attribute TypessambaMungedDial
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 395
Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaMinPwdLengthOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By sambaDomainSchema File 05-samba.ldifSyntax Integer
sambaMungedDial
Usage userApplicationsDescription Base64 encoded user parameter stringOID 1.3.6.1.4.1.7165.2.1.47Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames sambaMungedDialOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sambaSamAccountSchema File 05-samba.ldifSyntax Directory String
sambaNextGroupRid
Usage userApplicationsDescription Next NT rid to give out for groupsOID 1.3.6.1.4.1.7165.2.1.22Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatch
Attribute TypessambaNextRid
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 396
Single Value trueNames sambaNextGroupRidOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By sambaDomainSchema File 05-samba.ldifSyntax Integer
sambaNextRid
Usage userApplicationsDescription Next NT rid to give out for anythingOID 1.3.6.1.4.1.7165.2.1.39Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaNextRidOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By sambaDomainSchema File 05-samba.ldifSyntax Integer
sambaNextUserRid
Usage userApplicationsDescription Next NT rid to give our for usersOID 1.3.6.1.4.1.7165.2.1.21Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaNextUserRid
Attribute TypessambaNTPassword
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 397
Ordering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By sambaDomainSchema File 05-samba.ldifSyntax Integer
sambaNTPasswordUsage userApplicationsDescription MD4 hash of the unicode passwordOID 1.3.6.1.4.1.7165.2.1.25Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames sambaNTPasswordOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sambaSamAccount, sambaTrustPasswordSchema File 05-samba.ldifSyntax IA5 String
sambaOptionNameUsage userApplicationsDescription Option NameOID 1.3.6.1.4.1.7165.2.1.42Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sambaOptionNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Attribute TypessambaPasswordHistory
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 398
Used By sambaConfigOptionSchema File 05-samba.ldifSyntax Directory String
sambaPasswordHistoryUsage userApplicationsDescription Concatenated MD4 hashes of the unicode passwords used on this accountOID 1.3.6.1.4.1.7165.2.1.54Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames sambaPasswordHistoryOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sambaSamAccountSchema File 05-samba.ldifSyntax IA5 String
sambaPrimaryGroupSIDUsage userApplicationsDescription Primary Group Security IDOID 1.3.6.1.4.1.7165.2.1.23Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames sambaPrimaryGroupSIDOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sambaSamAccountSchema File 05-samba.ldifSyntax IA5 String
Attribute TypessambaPrivilegeList
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 399
sambaPrivilegeListUsage userApplicationsDescription Privileges ListOID 1.3.6.1.4.1.7165.2.1.52Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames sambaPrivilegeListOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sambaPrivilegeSchema File 05-samba.ldifSyntax IA5 String
sambaProfilePathUsage userApplicationsDescription Roaming profile pathOID 1.3.6.1.4.1.7165.2.1.35Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames sambaProfilePathOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sambaSamAccountSchema File 05-samba.ldifSyntax Directory String
sambaPwdCanChangeUsage userApplications
Attribute TypessambaPwdHistoryLength
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 400
Description Timestamp of when the user is allowed to update the passwordOID 1.3.6.1.4.1.7165.2.1.28Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaPwdCanChangeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By sambaSamAccountSchema File 05-samba.ldifSyntax Integer
sambaPwdHistoryLength
Usage userApplicationsDescription Length of Password History Entries (default: 0 => off)OID 1.3.6.1.4.1.7165.2.1.59Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaPwdHistoryLengthOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By sambaDomainSchema File 05-samba.ldifSyntax Integer
sambaPwdLastSet
Usage userApplicationsDescription Timestamp of the last password updateOID 1.3.6.1.4.1.7165.2.1.27
Attribute TypessambaPwdMustChange
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 401
Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaPwdLastSetOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By sambaSamAccount, sambaTrustPasswordSchema File 05-samba.ldifSyntax Integer
sambaPwdMustChange
Usage userApplicationsDescription Timestamp of when the password will expireOID 1.3.6.1.4.1.7165.2.1.29Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaPwdMustChangeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By sambaSamAccountSchema File 05-samba.ldifSyntax Integer
sambaRefuseMachinePwdChange
Usage userApplicationsDescription Allow Machine Password changes (default: 0 => off)OID 1.3.6.1.4.1.7165.2.1.67Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatch
Attribute TypessambaShareName
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 402
Single Value trueNames sambaRefuseMachinePwdChangeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By sambaDomainSchema File 05-samba.ldifSyntax Integer
sambaShareNameUsage userApplicationsDescription Share NameOID 1.3.6.1.4.1.7165.2.1.41Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames sambaShareNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sambaShareSchema File 05-samba.ldifSyntax Directory String
sambaSIDUsage userApplicationsDescription Security IDOID 1.3.6.1.4.1.7165.2.1.20Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames sambaSIDOrdering Matching Rule caseIgnoreOrderingMatch
Attribute TypessambaSIDList
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 403
User ModificationAllowed
true
Used By sambaDomain, sambaGroupMapping, sambaIdmapEntry, sambaPrivilege,sambaSamAccount, sambaSidEntry, sambaTrustPassword
Schema File 05-samba.ldifSyntax IA5 String
sambaSIDListUsage userApplicationsDescription Security ID ListOID 1.3.6.1.4.1.7165.2.1.51Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames sambaSIDListOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sambaGroupMappingSchema File 05-samba.ldifSyntax IA5 String
sambaStringListOptionUsage userApplicationsDescription A string list optionOID 1.3.6.1.4.1.7165.2.1.46Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sambaStringListOptionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Attribute TypessambaStringOption
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 404
Used By sambaConfigOptionSchema File 05-samba.ldifSyntax Directory String
sambaStringOption
Usage userApplicationsDescription A string optionOID 1.3.6.1.4.1.7165.2.1.45Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames sambaStringOptionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sambaConfigOptionSchema File 05-samba.ldifSyntax IA5 String
sambaTrustFlags
Usage userApplicationsDescription Trust Password FlagsOID 1.3.6.1.4.1.7165.2.1.53Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames sambaTrustFlagsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sambaTrustPasswordSchema File 05-samba.ldif
Attribute TypessambaUserWorkstations
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 405
Syntax IA5 String
sambaUserWorkstationsUsage userApplicationsDescription List of user workstations the user is allowed to logon toOID 1.3.6.1.4.1.7165.2.1.36Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames sambaUserWorkstationsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sambaSamAccountSchema File 05-samba.ldifSyntax Directory String
searchGuideSets of information used by directory clients when constructing search filters.
This attribute is superseded by enhancedSearchGuide.
Origin RFC 4519Usage userApplicationsOID 2.5.4.14Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames searchGuideOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By country, dNSDomain, dmd, domain, friendlyCountry, locality, organization,organizationalUnit, pilotOrganization, rFC822LocalPart, sunservicecomponent
Schema File 00-core.ldif
Attribute TypessearchTimeLimit
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 406
Syntax Guide
searchTimeLimitOrigin RFC 4876Usage userApplicationsDescription Maximum time an agent or service allows for a search to completeOID 1.3.6.1.4.1.11.1.3.1.1.3Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames searchTimeLimitOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By DUAConfigProfileSchema File 05-rfc4876.ldifSyntax Integer
secretaryDNs of secretary or administrative assistant entries for the entry of a person or entity.
Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.21Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames secretaryUser ModificationAllowed
true
Used By inetOrgPerson, pilotPersonSchema File 00-core.ldifSyntax DN
Attribute TypesseeAlso
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 407
seeAlsoDistinguished names of entries related to the current entry.
Origin RFC 4519Usage userApplicationsSuperior Type distinguishedNameOID 2.5.4.34Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames seeAlsoUser ModificationAllowed
true
Used By account, applicationEntity, applicationProcess, dNSDomain, dSA, device,dmd, document, documentSeries, domain, groupOfEntries, groupOfNames,groupOfURLs, groupOfUniqueNames, inetOrgPerson, locality, organization,organizationalPerson, organizationalRole, organizationalUnit, person, pilotDSA,pilotOrganization, pilotPerson, rFC822LocalPart, residentialPerson, room,sunservicecomponent, untypedObject
Schema File 00-core.ldifSyntax DN
serialNumberSerial numbers of a device.
Origin RFC 4519Usage userApplicationsOID 2.5.4.5Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames serialNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By deviceSchema File 00-core.ldif
Attribute Typesservice-advert-attribute-authenticator
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 408
Syntax Printable String
service-advert-attribute-authenticatorAn SLP attribute authenticator, as described in RFC 2608, Section 9.2: Authentication Blocks.
Origin RFC 2926Usage userApplicationsDescription The authenticator for the attribute list, null if none.OID 1.3.6.1.4.1.6252.2.27.6.1.7Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames service-advert-attribute-authenticatorOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By slpService, slpServicePrinterSchema File 03-rfc2926.ldifSyntax IA5 String
service-advert-scopesSLP scopes as described in RFC 2608, Section 6.4.1: Scope Lists in SLP.
Origin RFC 2926Usage userApplicationsDescription A list of scopes for a service advertisement.OID 1.3.6.1.4.1.6252.2.27.6.1.5Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value false: multiple values allowedNames service-advert-scopesOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Attribute Typesservice-advert-service-type
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 409
Used By slpService, slpServicePrinterSchema File 03-rfc2926.ldifSyntax IA5 String
service-advert-service-typeService-specific type of an SLP template-type as described in RFC 2609, Section 2.1: Service URLSyntax.
Origin RFC 2926Usage userApplicationsDescription The service type of the service advertisement, including the "service:" prefix.OID 1.3.6.1.4.1.6252.2.27.6.1.4Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames service-advert-service-typeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By slpService, slpServicePrinterSchema File 03-rfc2926.ldifSyntax IA5 String
service-advert-url-authenticatorAn SLP URL authenticator, as described in RFC 2608, Section 9.2: Authentication Blocks.
Origin RFC 2926Usage userApplicationsDescription The authenticator for the URL, null if none.OID 1.3.6.1.4.1.6252.2.27.6.1.6Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames service-advert-url-authenticator
Attribute TypesserviceAuthenticationMethod
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 410
Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By slpService, slpServicePrinterSchema File 03-rfc2926.ldifSyntax IA5 String
serviceAuthenticationMethodOrigin RFC 4876Usage userApplicationsDescription Specifies types authentication methods either used, required, or supported by a
particular serviceOID 1.3.6.1.4.1.11.1.3.1.1.15Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames serviceAuthenticationMethodOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By DUAConfigProfileSchema File 05-rfc4876.ldifSyntax Directory String
serviceCredentialLevelOrigin RFC 4876Usage userApplicationsDescription Specifies the type of credentials either used, required, or supported by a specific
serviceOID 1.3.6.1.4.1.11.1.3.1.1.13Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowed
Attribute TypesserviceSearchDescriptor
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 411
Names serviceCredentialLevelOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By DUAConfigProfileSchema File 05-rfc4876.ldifSyntax IA5 String
serviceSearchDescriptorOrigin RFC 4876Usage userApplicationsDescription Specifies search descriptors required, used, or supported by a particular service
or agentOID 1.3.6.1.4.1.11.1.3.1.1.14Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames serviceSearchDescriptorOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By DUAConfigProfileSchema File 05-rfc4876.ldifSyntax Directory String
shadowExpireOrigin draft-howard-rfc2307bisUsage userApplicationsOID 1.3.6.1.1.1.1.10Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames shadowExpire
Attribute TypesshadowFlag
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 412
Ordering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By shadowAccountSchema File 04-rfc2307bis.ldifSyntax Integer
shadowFlagOrigin draft-howard-rfc2307bisUsage userApplicationsOID 1.3.6.1.1.1.1.11Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames shadowFlagOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By shadowAccountSchema File 04-rfc2307bis.ldifSyntax Integer
shadowInactiveOrigin draft-howard-rfc2307bisUsage userApplicationsOID 1.3.6.1.1.1.1.9Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames shadowInactiveOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Attribute TypesshadowLastChange
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 413
Used By shadowAccountSchema File 04-rfc2307bis.ldifSyntax Integer
shadowLastChangeOrigin draft-howard-rfc2307bisUsage userApplicationsOID 1.3.6.1.1.1.1.5Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames shadowLastChangeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By shadowAccountSchema File 04-rfc2307bis.ldifSyntax Integer
shadowMaxOrigin draft-howard-rfc2307bisUsage userApplicationsOID 1.3.6.1.1.1.1.7Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames shadowMaxOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By shadowAccountSchema File 04-rfc2307bis.ldifSyntax Integer
Attribute TypesshadowMin
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 414
shadowMinOrigin draft-howard-rfc2307bisUsage userApplicationsOID 1.3.6.1.1.1.1.6Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames shadowMinOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By shadowAccountSchema File 04-rfc2307bis.ldifSyntax Integer
shadowWarningOrigin draft-howard-rfc2307bisUsage userApplicationsOID 1.3.6.1.1.1.1.8Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames shadowWarningOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By shadowAccountSchema File 04-rfc2307bis.ldifSyntax Integer
singleLevelQualityDirectory administrators can use this attribute to indicate the data quality at the level immediatelybelow in the DIT.
Attribute Typessn
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 415
Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.50Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames singleLevelQualityOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Directory String
snX.500 surname attribute that contains the family name of a person.
Origin RFC 4519Usage userApplicationsSuperior Type nameOID 2.5.4.4Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sn, surnameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By inetOrgPerson, organizationalPerson, person, pilotPerson, rFC822LocalPart,residentialPerson
Schema File 00-core.ldifSyntax Directory String
sOARecordA type SOA (start of authority) DNS resource record.
Attribute TypesSolarisAttrKeyValue
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 416
Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.30Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sOARecordOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By dNSDomainSchema File 00-core.ldifSyntax IA5 String
SolarisAttrKeyValue
Origin Solaris SpecificUsage userApplicationsDescription Semi-colon separated key=value pairs of attributesOID 1.3.6.1.4.1.42.2.27.5.1.4Substring Matching Rule caseIgnoreIA5SubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisAttrKeyValueOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisAuthAttr, SolarisExecAttr, SolarisProfAttr, SolarisUserAttr, ipTnetTemplateSchema File 05-solaris.ldifSyntax IA5 String
SolarisAttrLongDesc
Origin Solaris Specific
Attribute TypesSolarisAttrReserved1
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 417
Usage userApplicationsDescription Detail description about an entryOID 1.3.6.1.4.1.42.2.27.5.1.8Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisAttrLongDescOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisAuthAttr, SolarisProfAttrSchema File 05-solaris.ldifSyntax IA5 String
SolarisAttrReserved1Origin Solaris SpecificUsage userApplicationsDescription Reserved for future useOID 1.3.6.1.4.1.42.2.27.5.1.13Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisAttrReserved1Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisAuthAttr, SolarisExecAttr, SolarisProfAttr, SolarisUserAttrSchema File 05-solaris.ldifSyntax IA5 String
SolarisAttrReserved2Origin Solaris SpecificUsage userApplications
Attribute TypesSolarisAttrShortDesc
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 418
Description Reserved for future useOID 1.3.6.1.4.1.42.2.27.5.1.14Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisAttrReserved2Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisAuthAttr, SolarisExecAttr, SolarisProfAttr, SolarisUserAttrSchema File 05-solaris.ldifSyntax IA5 String
SolarisAttrShortDescOrigin Solaris SpecificUsage userApplicationsDescription Short description about an entry, used by GUIsOID 1.3.6.1.4.1.42.2.27.5.1.7Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisAttrShortDescOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisAuthAttrSchema File 05-solaris.ldifSyntax IA5 String
SolarisAuditAlwaysOrigin Solaris SpecificUsage userApplicationsDescription Always audited attributes per-user
Attribute TypesSolarisAuditNever
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 419
OID 1.3.6.1.4.1.42.2.27.5.1.5Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisAuditAlwaysOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisAuditUserSchema File 05-solaris.ldifSyntax IA5 String
SolarisAuditNeverOrigin Solaris SpecificUsage userApplicationsDescription Never audited attributes per-userOID 1.3.6.1.4.1.42.2.27.5.1.6Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisAuditNeverOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisAuditUserSchema File 05-solaris.ldifSyntax IA5 String
SolarisAuthMethodOrigin Solaris SpecificUsage userApplicationsDescription Authentication method to be used eg. "NS_LDAP_AUTH_NONE",
"NS_LDAP_AUTH_SIMPLE" or "NS_LDAP_AUTH_SASL_CRAM_MD5"
Attribute TypesSolarisBindDN
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 420
OID 1.3.6.1.4.1.42.2.27.5.1.20Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames SolarisAuthMethodOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisNamingProfileSchema File 05-solaris.ldifSyntax IA5 String
SolarisBindDN
Origin Solaris SpecificUsage userApplicationsDescription DN to be used to bind to the directory as proxyOID 1.3.6.1.4.1.42.2.27.5.1.18Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames SolarisBindDNOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisNamingProfileSchema File 05-solaris.ldifSyntax Directory String
SolarisBindPassword
Origin Solaris SpecificUsage userApplicationsDescription Password for bindDN to authenticate to the directory
Attribute TypesSolarisBindTimeLimit
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 421
OID 1.3.6.1.4.1.42.2.27.5.1.19Equality Matching Rule octetStringMatchSingle Value trueNames SolarisBindPasswordOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By SolarisNamingProfileSchema File 05-solaris.ldifSyntax Octet String
SolarisBindTimeLimitOrigin Solaris SpecificUsage userApplicationsDescription Time Limit in seconds for bind operationsOID 1.3.6.1.4.1.42.2.27.5.1.31Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames SolarisBindTimeLimitOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By SolarisNamingProfileSchema File 05-solaris.ldifSyntax Integer
SolarisCacheTTLOrigin Solaris SpecificUsage userApplicationsDescription TTL value for the Domain information eg. 1w, 2d, 3h, 10m, or 5sOID 1.3.6.1.4.1.42.2.27.5.1.17Substring Matching Rule caseIgnoreSubstringsMatch
Attribute TypesSolarisCertificatePassword
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 422
Equality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisCacheTTLOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisNamingProfileSchema File 05-solaris.ldifSyntax IA5 String
SolarisCertificatePasswordOrigin Solaris SpecificUsage userApplicationsDescription Password or PIN that grants access to certificate.OID 1.3.6.1.4.1.42.2.27.5.1.23Equality Matching Rule octetStringMatchSingle Value trueNames SolarisCertificatePasswordOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By SolarisNamingProfileSchema File 05-solaris.ldifSyntax Octet String
SolarisCertificatePathOrigin Solaris SpecificUsage userApplicationsDescription Path to certificate file/deviceOID 1.3.6.1.4.1.42.2.27.5.1.22Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value true
Attribute TypesSolarisDataSearchDN
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 423
Names SolarisCertificatePathOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisNamingProfileSchema File 05-solaris.ldifSyntax IA5 String
SolarisDataSearchDNOrigin Solaris SpecificUsage userApplicationsDescription Search DN for data lookup in ":(DN0),(DN1),..." formatOID 1.3.6.1.4.1.42.2.27.5.1.24Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames SolarisDataSearchDNOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisNamingProfileSchema File 05-solaris.ldifSyntax Directory String
SolarisKernelSecurityPolicyOrigin Solaris SpecificUsage userApplicationsDescription Solaris kernel security policyOID 1.3.6.1.4.1.42.2.27.5.1.9Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisKernelSecurityPolicy
Attribute TypesSolarisLDAPServers
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 424
Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisExecAttrSchema File 05-solaris.ldifSyntax IA5 String
SolarisLDAPServersOrigin Solaris SpecificUsage userApplicationsDescription LDAP Server address eg. 76.234.3.1:389OID 1.3.6.1.4.1.42.2.27.5.1.15Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames SolarisLDAPServersOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisNamingProfileSchema File 05-solaris.ldifSyntax IA5 String
SolarisPreferredServerOrigin Solaris SpecificUsage userApplicationsDescription Preferred LDAP Server address or network numberOID 1.3.6.1.4.1.42.2.27.5.1.27Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames SolarisPreferredServerOrdering Matching Rule caseIgnoreOrderingMatch
Attribute TypesSolarisPreferredServerOnly
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 425
User ModificationAllowed
true
Used By SolarisNamingProfileSchema File 05-solaris.ldifSyntax IA5 String
SolarisPreferredServerOnlyOrigin Solaris SpecificUsage userApplicationsDescription Boolean flag for use of preferredServer or notOID 1.3.6.1.4.1.42.2.27.5.1.28Equality Matching Rule booleanMatchSingle Value trueNames SolarisPreferredServerOnlyUser ModificationAllowed
true
Used By SolarisNamingProfileSchema File 05-solaris.ldifSyntax Boolean
SolarisProfileIdOrigin Solaris SpecificUsage userApplicationsDescription Identifier of object defined in profileOID 1.3.6.1.4.1.42.2.27.5.1.11Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisProfileIdOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisExecAttr
Attribute TypesSolarisProfileType
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 426
Schema File 05-solaris.ldifSyntax IA5 String
SolarisProfileType
Origin Solaris SpecificUsage userApplicationsDescription Type of object defined in profileOID 1.3.6.1.4.1.42.2.27.5.1.10Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisProfileTypeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisExecAttrSchema File 05-solaris.ldifSyntax IA5 String
SolarisProjectAttr
Origin Solaris SpecificUsage userApplicationsDescription Attributes of a Solaris Project entryOID 1.3.6.1.4.1.42.2.27.5.1.3Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames SolarisProjectAttrOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisProject
Attribute TypesSolarisProjectID
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 427
Schema File 05-solaris.ldifSyntax IA5 String
SolarisProjectID
Origin Solaris SpecificUsage userApplicationsDescription Unique ID for a Solaris Project entryOID 1.3.6.1.4.1.42.2.27.5.1.1Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames SolarisProjectIDOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By SolarisProjectSchema File 05-solaris.ldifSyntax Integer
SolarisProjectName
Origin Solaris SpecificUsage userApplicationsDescription Name of a Solaris Project EntryOID 1.3.6.1.4.1.42.2.27.5.1.2Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames SolarisProjectNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisProject
Attribute TypesSolarisSearchBaseDN
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 428
Schema File 05-solaris.ldifSyntax IA5 String
SolarisSearchBaseDNOrigin Solaris SpecificUsage userApplicationsDescription Search Base Distinguished NameOID 1.3.6.1.4.1.42.2.27.5.1.16Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames SolarisSearchBaseDNOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisNamingProfileSchema File 05-solaris.ldifSyntax Directory String
SolarisSearchReferralOrigin Solaris SpecificUsage userApplicationsDescription referral chasing option eg. "NS_LDAP_NOREF" or "NS_LDAP_FOLLOWREF"OID 1.3.6.1.4.1.42.2.27.5.1.29Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisSearchReferralOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisNamingProfileSchema File 05-solaris.ldif
Attribute TypesSolarisSearchScope
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 429
Syntax IA5 String
SolarisSearchScopeOrigin Solaris SpecificUsage userApplicationsDescription Scope to be used for search operations eg. "NS_LDAP_SCOPE_BASE",
"NS_LDAP_SCOPE_ONELEVEL" or "NS_LDAP_SCOPE_SUBTREE"OID 1.3.6.1.4.1.42.2.27.5.1.25Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisSearchScopeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisNamingProfileSchema File 05-solaris.ldifSyntax IA5 String
SolarisSearchTimeLimitOrigin Solaris SpecificUsage userApplicationsDescription Time Limit in seconds for search operationsOID 1.3.6.1.4.1.42.2.27.5.1.26Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames SolarisSearchTimeLimitOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By SolarisNamingProfileSchema File 05-solaris.ldif
Attribute TypesSolarisTransportSecurity
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 430
Syntax Integer
SolarisTransportSecurityOrigin Solaris SpecificUsage userApplicationsDescription Transport Level Security method to be used eg. "NS_LDAP_SEC_NONE" or
"NS_LDAP_SEC_SASL_TLS"OID 1.3.6.1.4.1.42.2.27.5.1.21Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisTransportSecurityOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisNamingProfileSchema File 05-solaris.ldifSyntax IA5 String
SolarisUserQualifierOrigin Solaris SpecificUsage userApplicationsDescription Per-user login attributesOID 1.3.6.1.4.1.42.2.27.5.1.12Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisUserQualifierOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By SolarisUserAttrSchema File 05-solaris.ldif
Attribute Typesst
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 431
Syntax IA5 String
stFull name of a state or province.
Origin RFC 4519Usage userApplicationsSuperior Type nameOID 2.5.4.8Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames st, stateOrProvinceNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By dNSDomain, dmd, domain, inetOrgPerson, locality, organization,organizationalPerson, organizationalRole, organizationalUnit, pilotOrganization,rFC822LocalPart, residentialPerson, sunservicecomponent, untypedObject
Schema File 00-core.ldifSyntax Directory String
streetSite information for a postal address, such as the street name, place, avenue, and house number.
Example: 1234 Main St.
Origin RFC 4519Usage userApplicationsOID 2.5.4.9Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames street, streetAddressOrdering Matching Rule caseIgnoreOrderingMatch
Attribute TypesstructuralObjectClass
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 432
User ModificationAllowed
true
Used By dNSDomain, dmd, domain, inetOrgPerson, locality, organization,organizationalPerson, organizationalRole, organizationalUnit, pilotOrganization,rFC822LocalPart, residentialPerson, sunservicecomponent, untypedObject
Schema File 00-core.ldifSyntax Directory String
structuralObjectClassIndicates the structural object class of the entry.
Origin RFC 4512Usage directoryOperationOID 2.5.21.9Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value trueNames structuralObjectClassUser ModificationAllowed
false
Schema File 00-core.ldifSyntax OID
subschemaSubentryThis operational attribute indicates the entry holding the LDAP schema definitions that apply to thecurrent entry.
Origin RFC 4512Usage directoryOperationOID 2.5.18.10Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames subschemaSubentryUser ModificationAllowed
false
Attribute TypessubtreeMaximumQuality
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 433
Schema File 00-core.ldifSyntax DN
subtreeMaximumQualityDirectory administrators can use this attribute to indicate the maximum data quality for a DITsubtree.
The default is the value of singleLevelQuality.
Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.52Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames subtreeMaximumQualityOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By qualityLabelledDataSchema File 00-core.ldifSyntax Directory String
subtreeMinimumQualityDirectory administrators can use this attribute to indicate the minimum data quality for a DITsubtree.
The default is the value of singleLevelQuality.
Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.51Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames subtreeMinimumQuality
Attribute TypessubtreeSpecification
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 434
Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By qualityLabelledDataSchema File 00-core.ldifSyntax Directory String
subtreeSpecificationA subtree specification provides a way to describe a subset of entries in a subtree of the DIT. Asubtree begins at a base entry and includes the subordinates of that entry to an optionally specifiedlower boundary, possibly including leaf entries.
The following example uses a subtree specification to apply privileges to Directory Administratorsgroup members under ou=people (relative to the parent of the subentry). In other words, this sampleapplies to entries under ou=people,dc=example,dc=com:
dn: cn=Administrator Privileges,dc=example,dc=comobjectClass: collectiveAttributeSubentryobjectClass: extensibleObjectobjectClass: subentryobjectClass: topcn: Administrator Privilegesds-privilege-name;collective: config-readds-privilege-name;collective: config-writeds-privilege-name;collective: ldif-exportds-privilege-name;collective: modify-aclds-privilege-name;collective: password-resetds-privilege-name;collective: proxied-authsubtreeSpecification: {base "ou=people", specificationFilter "(isMemberOf=cn=Directory Administrators,ou=Groups,dc=example,dc=com)" }
Notice that the subentry where this operational attribute occurs sets the context that implicitlydefines the bounds of the subtree.
Origin RFC 3672Usage directoryOperationOID 2.5.18.6Equality Matching Rule octetStringMatchSingle Value trueNames subtreeSpecificationOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Attribute Typessun-fm-saml2-nameid-info
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 435
Used By inheritedCollectiveAttributeSubentry,inheritedFromDNCollectiveAttributeSubentry,inheritedFromRDNCollectiveAttributeSubentry, subentry
Schema File 00-core.ldifSyntax Subtree Specification
sun-fm-saml2-nameid-infoThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription SAML 2.0 Name Identifier InformationOID 1.3.6.1.4.1.42.2.27.9.1.990Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sun-fm-saml2-nameid-infoOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sunFMSAML2NameIdentifierSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
sun-fm-saml2-nameid-infokeyThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription SAML 2.0 Name Identifier Information KeyOID 1.3.6.1.4.1.42.2.27.9.1.989Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowed
Attribute Typessun-printer-bsdaddr
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 436
Names sun-fm-saml2-nameid-infokeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sunFMSAML2NameIdentifierSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
sun-printer-bsdaddrOrigin Solaris SpecificUsage userApplicationsDescription Sets the server, print queue destination name and whether the client generates
protocol extensions. "Solaris" specifies a Solaris print server extension. The valueis represented by the following value: server "," destination ", Solaris".
OID 1.3.6.1.4.1.42.2.27.5.1.63Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames sun-printer-bsdaddrOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sunPrinterSchema File 05-solaris.ldifSyntax Directory String
sun-printer-kvpOrigin Solaris SpecificUsage userApplicationsDescription This attribute contains a set of key value pairs which may have meaning to
the print subsystem or may be user defined. Each value is represented by thefollowing: key "=" value.
OID 1.3.6.1.4.1.42.2.27.5.1.64Substring Matching Rule caseIgnoreSubstringsMatch
Attribute TypessunAMAuthInvalidAttemptsData
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 437
Equality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sun-printer-kvpOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sunPrinterSchema File 05-solaris.ldifSyntax Directory String
sunAMAuthInvalidAttemptsDataThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription XML data for Invalid Login AttemptsOID 1.3.6.1.4.1.42.2.27.9.1.793Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sunAMAuthInvalidAttemptsDataOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sunAMAuthAccountLockoutSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
sunIdentityMSISDNNumberThis attribute type stores AM profile information.
Origin OpenSSOUsage userApplicationsDescription User MSISDN Number
Attribute TypessunKeyValue
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 438
OID 1.3.6.1.4.1.42.2.27.9.1.823Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sunIdentityMSISDNNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By iplanet-am-user-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Directory String
sunKeyValueThis attribute type stores AM configuration data.
Origin Sun Java System Identity ManagementUsage userApplicationsDescription Encoded key values of the servicesOID 1.3.6.1.4.1.42.2.27.9.1.83Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sunKeyValueOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sunRealmService, sunservice, sunservicecomponentSchema File 60-config-schema.ldifSyntax Directory String
sunPluginSchemaThis attribute type stores AM configuration data.
Origin Sun Java System Identity Management
Attribute TypessunserviceID
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 439
Usage userApplicationsDescription Plugin schema informationOID 1.3.6.1.4.1.42.2.27.9.1.82Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sunPluginSchemaOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sunserviceSchema File 60-config-schema.ldifSyntax Directory String
sunserviceIDThis attribute type stores AM configuration data.
Origin Sun Java System Identity ManagementUsage userApplicationsDescription Reference to the inherited objectOID 1.3.6.1.4.1.42.2.27.9.1.79Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames sunserviceIDOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sunservicecomponentSchema File 60-config-schema.ldifSyntax Directory String
sunServiceSchemaThis attribute type stores AM configuration data.
Attribute Typessunsmspriority
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 440
Origin Sun Java System Identity ManagementUsage userApplicationsDescription XML schema of a particular serviceOID 1.3.6.1.4.1.42.2.27.9.1.78Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames sunServiceSchemaOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sunserviceSchema File 60-config-schema.ldifSyntax Directory String
sunsmspriorityThis attribute type stores AM configuration data.
Origin Sun Java System Identity ManagementUsage userApplicationsDescription Priority of the service with respect to its siblingsOID 1.3.6.1.4.1.42.2.27.9.1.81Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sunsmspriorityOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By sunservicecomponentSchema File 60-config-schema.ldifSyntax Integer
Attribute TypessunxmlKeyValue
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 441
sunxmlKeyValueThis attribute type stores AM configuration data.
Origin Sun Java System Identity ManagementUsage userApplicationsDescription Key values in XML formatOID 1.3.6.1.4.1.42.2.27.9.1.84Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sunxmlKeyValueOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By sunRealmService, sunservice, sunservicecomponentSchema File 60-config-schema.ldifSyntax Directory String
supportedAlgorithmsX.509 supported algorithms, as described in X.509 clause 11.2.7.
Request and transfer values using the binary option for the attribute description,supportedAlgorithms;binary.
Origin RFC 4523Usage userApplicationsOID 2.5.4.52Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames supportedAlgorithmsOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By userSecurityInformationSchema File 00-core.ldif
Attribute TypessupportedApplicationContext
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 442
Syntax Supported Algorithm
supportedApplicationContextIdentifiers of OSI application contexts.
Origin RFC 2256Usage userApplicationsOID 2.5.4.30Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value false: multiple values allowedNames supportedApplicationContextUser ModificationAllowed
true
Used By applicationEntity, dSA, pilotDSASchema File 00-core.ldifSyntax OID
supportedAuthPasswordSchemesPassword storage schemes that can be used for authPassword values. This attribute is intended only foruse on the root DSE.
Origin RFC 3112Usage dSAOperationDescription supported password storage schemesOID 1.3.6.1.4.1.4203.1.3.3Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value false: multiple values allowedNames supportedAuthPasswordSchemesOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 03-rfc3112.ldifSyntax IA5 String
Attribute TypessupportedControl
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 443
supportedControlThis operational attribute indicates LDAP controls supported by this server.
Origin RFC 4512Usage dSAOperationOID 1.3.6.1.4.1.1466.101.120.13Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value false: multiple values allowedNames supportedControlUser ModificationAllowed
true
Schema File 00-core.ldifSyntax OID
supportedExtensionThis operational attribute indicates LDAP extended operations supported by this server.
Origin RFC 4512Usage dSAOperationOID 1.3.6.1.4.1.1466.101.120.7Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value false: multiple values allowedNames supportedExtensionUser ModificationAllowed
true
Schema File 00-core.ldifSyntax OID
supportedFeaturesThis operational attribute indicates optional LDAP features supported by this server.
Origin RFC 4512Usage dSAOperation
Attribute TypessupportedLDAPVersion
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 444
OID 1.3.6.1.4.1.4203.1.3.5Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value false: multiple values allowedNames supportedFeaturesUser ModificationAllowed
true
Schema File 00-core.ldifSyntax OID
supportedLDAPVersionThis operational attribute indicates LDAP versions supported by this server.
Origin RFC 4512Usage dSAOperationOID 1.3.6.1.4.1.1466.101.120.15Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value false: multiple values allowedNames supportedLDAPVersionOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Integer
supportedSASLMechanismsThis operational attribute indicates SASL mechanisms supported by this server.
Origin RFC 4512Usage dSAOperationOID 1.3.6.1.4.1.1466.101.120.14Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatch
Attribute TypessupportedTLSCiphers
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 445
Single Value false: multiple values allowedNames supportedSASLMechanismsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 00-core.ldifSyntax Directory String
supportedTLSCiphersOrigin OpenDJ Directory ServerUsage dSAOperationOID 1.3.6.1.4.1.36733.2.1.1.64Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames supportedTLSCiphersOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 02-config.ldifSyntax Directory String
supportedTLSProtocolsOrigin OpenDJ Directory ServerUsage dSAOperationOID 1.3.6.1.4.1.36733.2.1.1.63Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames supportedTLSProtocolsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Attribute TypestargetDN
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 446
Schema File 02-config.ldifSyntax Directory String
targetDNOrigin draft-good-ldap-changelogUsage userApplicationsDescription the DN of the entry which was modifiedOID 2.16.840.1.113730.3.1.6Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames targetDNUser ModificationAllowed
true
Used By changeLogEntrySchema File 03-changelog.ldifSyntax DN
targetEntryUUIDUniquely identifies an entry that is targeted to be changed.
Origin OpenDS Directory ServerUsage directoryOperationDescription The OpenDS unique id of the entry targeted by the changeOID 1.3.6.1.4.1.26027.1.1.590Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames targetEntryUUID, targetUniqueIDOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 03-changelog.ldifSyntax Directory String
Attribute TypestelephoneNumber
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 447
telephoneNumberPhone number in a format complying with the ITU Recommendation E.123, such as +1 415 555 1212.
Origin RFC 4519Usage userApplicationsOID 2.5.4.20Substring Matching Rule telephoneNumberSubstringsMatchEquality Matching Rule telephoneNumberMatchSingle Value false: multiple values allowedNames telephoneNumberUser ModificationAllowed
true
Used By dNSDomain, dmd, documentSeries, domain, inetOrgPerson, organization,organizationalPerson, organizationalRole, organizationalUnit, person,pilotOrganization, pilotPerson, rFC822LocalPart, residentialPerson, room,sunservicecomponent
Schema File 00-core.ldifSyntax Telephone Number
teletexTerminalIdentifierThis attribute is obsolete since the ITU Recommendation F.200 was withdrawn.
Origin RFC 4519Usage userApplicationsOID 2.5.4.22Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames teletexTerminalIdentifierOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By dNSDomain, dmd, domain, inetOrgPerson, organization, organizationalPerson,organizationalRole, organizationalUnit, pilotOrganization, rFC822LocalPart,residentialPerson, sunservicecomponent
Schema File 00-core.ldif
Attribute TypestelexNumber
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 448
Syntax Teletex Terminal Identifier
telexNumberSet of strings specifying the telex number, country code, and answerback code of a telex terminal,such as 12345$023$ABCDE.
Origin RFC 4519Usage userApplicationsOID 2.5.4.21Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames telexNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By dNSDomain, dmd, domain, inetOrgPerson, organization, organizationalPerson,organizationalRole, organizationalUnit, pilotOrganization, rFC822LocalPart,residentialPerson, sunservicecomponent
Schema File 00-core.ldifSyntax Telex Number
template-major-version-numberMajor component of an SLP template-version number for a service type template.
Origin RFC 2926Usage userApplicationsDescription The major version number of the service type templateOID 1.3.6.1.4.1.6252.2.27.6.1.1Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames template-major-version-numberOrdering Matching Rule integerOrderingMatch
Attribute Typestemplate-minor-version-number
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 449
User ModificationAllowed
true
Used By slpService, slpServicePrinterSchema File 03-rfc2926.ldifSyntax Integer
template-minor-version-numberMinor component of an SLP template-version number for a service type template.
Origin RFC 2926Usage userApplicationsDescription The minor version number of the service type templateOID 1.3.6.1.4.1.6252.2.27.6.1.2Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames template-minor-version-numberOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By slpService, slpServicePrinterSchema File 03-rfc2926.ldifSyntax Integer
template-url-syntaxABNF grammar describing the service type specific part of the service URL for an SLP service typetemplate.
Origin RFC 2926Usage userApplicationsDescription An ABNF grammar describing the service type specific part of the service URLOID 1.3.6.1.4.1.6252.2.27.6.1.3Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value true
Attribute TypestextEncodedORAddress
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 450
Names template-url-syntaxOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By slpService, slpServicePrinterSchema File 03-rfc2926.ldifSyntax IA5 String
textEncodedORAddressText encoding of an X.400 O/R address, as specified in RFC 987.
This attribute was deprecated in 1991.
Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.2Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames textEncodedORAddressOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By pilotPersonSchema File 00-core.ldifSyntax Directory String
titleTitle of a person in their organizational context.
Examples: Vice President, Software Engineer.
Origin RFC 4519Usage userApplicationsSuperior Type nameOID 2.5.4.12
Attribute TypesuddiAccessPoint
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 451
Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames titleOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By inetOrgPerson, organizationalPersonSchema File 00-core.ldifSyntax Directory String
uddiAccessPointThe value of this attribute is a qualified pointer to a service entry point.
In UDDIv3, the convention is to precede pointer with the use type, as in use-type#address. For UDDIv2compatibility, the recommended format is v2-URL-type#v3-use-type#address.
Origin RFC 4403Usage userApplicationsDescription entry point address to call a web serviceOID 1.3.6.1.1.10.4.19Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiAccessPointOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiBindingTemplateSchema File 03-uddiv3.ldifSyntax Directory String
uddiAddressLineThe value of this attribute holds addresses in free-form text. The maximum size of the value is 80characters.
Attribute TypesuddiAuthorizedName
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 452
If the address contains a template model key, then the value is prefixed with a key name and keyvalue, as in #key-name#key-value#address-data.
Origin RFC 4403Usage userApplicationsDescription addressOID 1.3.6.1.1.10.4.13Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uddiAddressLineOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiAddressSchema File 03-uddiv3.ldifSyntax Directory String
uddiAuthorizedNameThe value of this attribute holds the name of the individual who registered the UDDI business entityor template model.
Origin RFC 4403Usage userApplicationsDescription businessEntity publisher nameOID 1.3.6.1.1.10.4.2Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames uddiAuthorizedNameUser ModificationAllowed
true
Used By uddiBusinessEntity, uddiTModel, uddiv3EntityObituary, uddiv3SubscriptionSchema File 03-uddiv3.ldifSyntax DN
Attribute TypesuddiBindingKey
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 453
uddiBindingKeyThe value of this attribute uniquely identifies a UDDI binding template.
This value should be empty when saving a new UDDI binding template.
Origin RFC 4403Usage userApplicationsDescription bindingTemplate unique identifierOID 1.3.6.1.1.10.4.18Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiBindingKeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiBindingTemplateSchema File 03-uddiv3.ldifSyntax Directory String
uddiBusinessKeyThe value of this attribute uniquely identifies a UDDI business entity.
This attribute is optional for a business service whose parent already has a business key.
Origin RFC 4403Usage userApplicationsDescription businessEntity unique identifierOID 1.3.6.1.1.10.4.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiBusinessKeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Attribute TypesuddiCategoryBag
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 454
Used By uddiBusinessEntity, uddiBusinessServiceSchema File 03-uddiv3.ldifSyntax Directory String
uddiCategoryBagThe value of this attribute holds information about categorizing UDDI business entities, businessservices, and template models.
The value can optionally be prefixed with a template model and key name, as in #t-model#key-name#key-value. Only key-value is mandatory.
Origin RFC 4403Usage userApplicationsDescription categorization informationOID 1.3.6.1.1.10.4.15Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uddiCategoryBagOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiBindingTemplate, uddiBusinessEntity, uddiBusinessService, uddiTModelSchema File 03-uddiv3.ldifSyntax Directory String
uddiDescriptionThe value of this attribute localized descriptions.
Each value has the form, xml:lang-value#description.
Origin RFC 4403Usage userApplicationsDescription short descriptionOID 1.3.6.1.1.10.4.5
Attribute TypesuddiDiscoveryURLs
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 455
Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uddiDescriptionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiBindingTemplate, uddiBusinessEntity, uddiBusinessService, uddiContact,uddiTModel, uddiTModelInstanceInfo
Schema File 03-uddiv3.ldifSyntax Directory String
uddiDiscoveryURLsThe value of this attribute holds a list of URL to alternate, file-based service discovery mechanisms.
In UDDIv3, the convention is to precede the URL with the use type, as in use-type#URL.
Origin RFC 4403Usage userApplicationsDescription URL to retrieve a businessEntity instanceOID 1.3.6.1.1.10.4.6Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uddiDiscoveryURLsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiBusinessEntitySchema File 03-uddiv3.ldifSyntax Directory String
uddiEMailThe value of this attribute holds email addresses for the contact.
Attribute TypesuddiFromKey
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 456
Prefix values with use type descriptions if more than one email address is provided, as in use-type#email-address.
Origin RFC 4403Usage userApplicationsDescription e-mail address for contactOID 1.3.6.1.1.10.4.10Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uddiEMailOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiContactSchema File 03-uddiv3.ldifSyntax Directory String
uddiFromKeyThe value of this attribute uniquely references the first business entity for which an assertion ismade.
Origin RFC 4403Usage userApplicationsDescription unique businessEntity key referenceOID 1.3.6.1.1.10.4.25Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiFromKeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiPublisherAssertionSchema File 03-uddiv3.ldifSyntax Directory String
Attribute TypesuddiHostingRedirector
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 457
uddiHostingRedirectorThe value of this attribute indicates that a binding template entry is a pointer to another bindingtemplate entry.
UDDIv3 deprecates this element. Use uddiAccessPoint instead.
Origin RFC 4403Usage userApplicationsDescription designates a pointer to another bindingTemplateOID 1.3.6.1.1.10.4.20Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiHostingRedirectorOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiBindingTemplateSchema File 03-uddiv3.ldifSyntax Directory String
uddiIdentifierBagThe value of this attribute holds information about common forms of identification, such as D-U-N-Snumbers, and tax identifiers.
The value can optionally be prefixed with a template model and key name, as in #t-model#key-name#key-value. Only key-value is mandatory.
Origin RFC 4403Usage userApplicationsDescription identification informationOID 1.3.6.1.1.10.4.14Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uddiIdentifierBag
Attribute TypesuddiInstanceDescription
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 458
Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiBusinessEntity, uddiTModelSchema File 03-uddiv3.ldifSyntax Directory String
uddiInstanceDescriptionThe value of this attribute holds one or more localized descriptions indicating the role a templatemodel reference plays in the service description.
Each value has the form, xml:lang-value#description.
Origin RFC 4403Usage userApplicationsDescription instance details descriptionOID 1.3.6.1.1.10.4.21Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uddiInstanceDescriptionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiTModelInstanceInfoSchema File 03-uddiv3.ldifSyntax Directory String
uddiInstanceParmsThe value of this attribute holds the settings, or a URL reference to a file containing the settings, thatare required to use a facet of a UDDI binding template description.
Origin RFC 4403Usage userApplicationsDescription URL reference to required settings
Attribute TypesuddiIsHidden
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 459
OID 1.3.6.1.1.10.4.22Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiInstanceParmsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiTModelInstanceInfoSchema File 03-uddiv3.ldifSyntax Directory String
uddiIsHiddenThe value of this attribute indicates a deleted template model that is not found in result sets whenfinding template models.
Origin RFC 4403Usage userApplicationsDescription isHidden attributeOID 1.3.6.1.1.10.4.28Equality Matching Rule booleanMatchSingle Value trueNames uddiIsHiddenUser ModificationAllowed
true
Used By uddiTModelSchema File 03-uddiv3.ldifSyntax Boolean
uddiIsProjectionThe value of this attribute indicates a business service that has a service projection.
Origin RFC 4403Usage userApplications
Attribute TypesuddiKeyedReference
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 460
Description isServiceProjection attributeOID 1.3.6.1.1.10.4.29Equality Matching Rule booleanMatchSingle Value trueNames uddiIsProjectionUser ModificationAllowed
true
Used By uddiBusinessServiceSchema File 03-uddiv3.ldifSyntax Boolean
uddiKeyedReferenceThe value of this attribute holds a name-value pair with an additional reference to a template model.
The value can optionally be prefixed with a template model and key name, as in #t-model#key-name#key-value.
Origin RFC 4403Usage userApplicationsDescription categorization informationOID 1.3.6.1.1.10.4.16Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uddiKeyedReferenceOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiPublisherAssertionSchema File 03-uddiv3.ldifSyntax Directory String
uddiLangThe value of this attribute models the xml:lang value for a UDDIv3 address structure.
Attribute TypesuddiName
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 461
Origin RFC 4403Usage userApplicationsDescription xml:lang value in v3 Address structureOID 1.3.6.1.1.10.4.30Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiLangOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiAddressSchema File 03-uddiv3.ldifSyntax Directory String
uddiNameThe value of this attribute holds a human-readable name for a UDDI business entity, business service,or template model.
Each value has the form, xml:lang-value#name, where at most one value can omit the xml:lang-value#prefix.
Origin RFC 4403Usage userApplicationsDescription human readable nameOID 1.3.6.1.1.10.4.4Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uddiNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiBusinessEntity, uddiBusinessService, uddiTModelSchema File 03-uddiv3.ldifSyntax Directory String
Attribute TypesuddiOperator
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 462
uddiOperatorThe value of this attribute holds the certified name of the UDDI registry site operator that managesthe master copy of the UDDI business entity or template model.
UDDIv3 uses uddiv3NodeId instead.
Origin RFC 4403Usage userApplicationsDescription registry site operator of businessEntitys master copyOID 1.3.6.1.1.10.4.3Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiOperatorOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiBusinessEntity, uddiTModelSchema File 03-uddiv3.ldifSyntax Directory String
uddiOverviewDescriptionThe value of this attribute holds one or more localized descriptions indicating how to use a UDDItemplate model.
Each value has the form, xml:lang-value#description.
Origin RFC 4403Usage userApplicationsDescription outlines tModel usageOID 1.3.6.1.1.10.4.23Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uddiOverviewDescriptionOrdering Matching Rule caseIgnoreOrderingMatch
Attribute TypesuddiOverviewURL
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 463
User ModificationAllowed
true
Used By uddiTModel, uddiTModelInstanceInfoSchema File 03-uddiv3.ldifSyntax Directory String
uddiOverviewURLThe value of this attribute holds a URL to longer overview document describing how a UDDI templatemodel reference is used as a component of an overall web service description.
Origin RFC 4403Usage userApplicationsDescription URL reference to overview documentOID 1.3.6.1.1.10.4.24Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiOverviewURLOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiTModel, uddiTModelInstanceInfoSchema File 03-uddiv3.ldifSyntax Directory String
uddiPersonNameThe value of this attribute lists names of people or names of job roles available behind the contact.
Examples: webmaster, administrator.
In UDDIv3, each value can have the form, xml:lang-value#name.
Origin RFC 4403Usage userApplicationsDescription name of person or job role available for contactOID 1.3.6.1.1.10.4.8
Attribute TypesuddiPhone
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 464
Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiPersonNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiContactSchema File 03-uddiv3.ldifSyntax Directory String
uddiPhoneThe value of this attribute holds telephone numbers for the contact.
Prefix values with use type descriptions if more than one phone number is provided, as in use-type#phone-number.
Origin RFC 4403Usage userApplicationsDescription telephone number for contactOID 1.3.6.1.1.10.4.9Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uddiPhoneOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiContactSchema File 03-uddiv3.ldifSyntax Directory String
uddiServiceKeyThe value of this attribute uniquely identifies a UDDI business service.
Attribute TypesuddiSortCode
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 465
This value should be empty when saving a new UDDI business service structure.
This attribute is optional for a business service whose parent already has a business key.
Origin RFC 4403Usage userApplicationsDescription businessService unique identifierOID 1.3.6.1.1.10.4.17Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiServiceKeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiBindingTemplate, uddiBusinessServiceSchema File 03-uddiv3.ldifSyntax Directory String
uddiSortCodeThe value of this attribute drives behavior of external display mechanisms that sort addresses.
This is deprecated in UDDIv3.
Origin RFC 4403Usage userApplicationsDescription specifies an external disply mechanismOID 1.3.6.1.1.10.4.11Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiSortCodeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiAddressSchema File 03-uddiv3.ldif
Attribute TypesuddiTModelKey
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 466
Syntax Directory String
uddiTModelKeyThe value of this attribute uniquely identifies a UDDI template model.
When used with a keyed reference, it serves as the key identifying a value set, and implies thatthe key name-key value pair in a UDDI identify or category bag should be interpreted by the valueset referenced by the template model key. When used with an address line element, it implies thekey name and key pair in subsequent address line elements should be interpreted by the addressstructure associated with the referenced template model.
Origin RFC 4403Usage userApplicationsDescription tModel unique identifierOID 1.3.6.1.1.10.4.12Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiTModelKeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiAddress, uddiTModel, uddiTModelInstanceInfoSchema File 03-uddiv3.ldifSyntax Directory String
uddiToKeyThe value of this attribute uniquely references the second business entity for which an assertion ismade.
Origin RFC 4403Usage userApplicationsDescription unique businessEntity key referenceOID 1.3.6.1.1.10.4.26Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatch
Attribute TypesuddiUseType
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 467
Single Value trueNames uddiToKeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiPublisherAssertionSchema File 03-uddiv3.ldifSyntax Directory String
uddiUseTypeThe value of this attribute holds text describing a type of contact or address.
Examples: technical contact, billing department.
Origin RFC 4403Usage userApplicationsDescription name of convention the referenced document followsOID 1.3.6.1.1.10.4.7Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiUseTypeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiAddress, uddiContactSchema File 03-uddiv3.ldifSyntax Directory String
uddiUUIDThe value of this attribute uniquely a UDDI contact, address, or publisher assertion.
Origin RFC 4403Usage userApplicationsDescription unique attribute
Attribute Typesuddiv3BindingKey
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 468
OID 1.3.6.1.1.10.4.27Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiUUIDOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiAddress, uddiContact, uddiPublisherAssertion, uddiv3EntityObituary,uddiv3Subscription
Schema File 03-uddiv3.ldifSyntax Directory String
uddiv3BindingKeyThe value of this attribute holds a unique, UDDIv3 identifier for a binding template.
Origin RFC 4403Usage userApplicationsDescription UDDIv3 BindingTemplate unique identifierOID 1.3.6.1.1.10.4.33Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiv3BindingKeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiBindingTemplate, uddiv3SubscriptionSchema File 03-uddiv3.ldifSyntax Directory String
uddiv3BriefResponseThe value of this attribute indicates whether a brief response is associated with a subscription entity.It controls the level of detail returned to a subscription listener.
Attribute Typesuddiv3BusinessKey
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 469
Origin RFC 4403Usage userApplicationsDescription UDDIv3 Subscription ExpiresAfter fieldOID 1.3.6.1.1.10.4.43Equality Matching Rule booleanMatchSingle Value trueNames uddiv3BriefResponseUser ModificationAllowed
true
Used By uddiv3SubscriptionSchema File 03-uddiv3.ldifSyntax Boolean
uddiv3BusinessKeyThe value of this attribute holds a unique, UDDIv3 identifier for a business entity.
Origin RFC 4403Usage userApplicationsDescription UDDIv3 businessEntity unique identifierOID 1.3.6.1.1.10.4.31Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiv3BusinessKeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiBusinessEntity, uddiBusinessServiceSchema File 03-uddiv3.ldifSyntax Directory String
uddiv3DigitalSignatureThe value of this attribute holds an XML digital signature for a UDDI entity.
Attribute Typesuddiv3EntityCreationTime
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 470
Origin RFC 4403Usage userApplicationsDescription UDDIv3 entity digital signatureOID 1.3.6.1.1.10.4.35Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames uddiv3DigitalSignatureOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiBindingTemplate, uddiBusinessEntity, uddiBusinessService,uddiPublisherAssertion, uddiTModel
Schema File 03-uddiv3.ldifSyntax Directory String
uddiv3EntityCreationTimeThe value of this attribute holds the original creation time for a UDDI entity that is deleted in anentity obituary.
It is also used to record the original creation time in the event of a move.
Origin RFC 4403Usage userApplicationsDescription UDDIv3 Entity Creation TimeOID 1.3.6.1.1.10.4.45Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames uddiv3EntityCreationTimeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
true
Used By uddiBindingTemplate, uddiBusinessService, uddiv3EntityObituarySchema File 03-uddiv3.ldifSyntax Generalized Time
Attribute Typesuddiv3EntityDeletionTime
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 471
uddiv3EntityDeletionTimeThe value of this attribute holds the deletion time for a UDDI entity that is deleted in an entityobituary.
Origin RFC 4403Usage userApplicationsDescription UDDIv3 Entity Deletion TimeOID 1.3.6.1.1.10.4.46Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames uddiv3EntityDeletionTimeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
true
Used By uddiv3EntityObituarySchema File 03-uddiv3.ldifSyntax Generalized Time
uddiv3EntityKeyThe value of this attribute holds a unique, UDDIv3 identifier for an instance of a UDDI data structureto be logged as an entity obituary.
Origin RFC 4403Usage userApplicationsDescription UDDIv3 Entity unique identifierOID 1.3.6.1.1.10.4.44Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiv3EntityKeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiv3EntityObituary
Attribute Typesuddiv3EntityModificationTime
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 472
Schema File 03-uddiv3.ldifSyntax Directory String
uddiv3EntityModificationTimeThe value of this attribute holds the last modification time for a UDDI entity.
When a child entity is updated, the parent entity timestamp is also updated.
Origin RFC 4403Usage userApplicationsDescription UDDIv3 Last Modified Time for EntityOID 1.3.6.1.1.10.4.37Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames uddiv3EntityModificationTimeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed
true
Used By uddiBusinessEntity, uddiBusinessServiceSchema File 03-uddiv3.ldifSyntax Generalized Time
uddiv3ExpiresAfterThe value of this attribute specifies the expiry time for a subscription. Its type is xsd:dateTime.
Origin RFC 4403Usage userApplicationsDescription UDDIv3 Subscription ExpiresAfter fieldOID 1.3.6.1.1.10.4.42Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames uddiv3ExpiresAfterOrdering Matching Rule generalizedTimeOrderingMatch
Attribute Typesuddiv3MaxEntities
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 473
User ModificationAllowed
true
Used By uddiv3SubscriptionSchema File 03-uddiv3.ldifSyntax Generalized Time
uddiv3MaxEntitiesThe value of this attribute specifies the maximum number of entities that are returned as part of asubscription notification.
Origin RFC 4403Usage userApplicationsDescription UDDIv3 Subscription maxEntities fieldOID 1.3.6.1.1.10.4.41Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames uddiv3MaxEntitiesOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By uddiv3SubscriptionSchema File 03-uddiv3.ldifSyntax Integer
uddiv3NodeIdThe value of this attribute holds a node identity for a UDDIv3 node.
Origin RFC 4403Usage userApplicationsDescription UDDIv3 Node IdentifierOID 1.3.6.1.1.10.4.36Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value true
Attribute Typesuddiv3NotificationInterval
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 474
Names uddiv3NodeIdOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiBindingTemplate, uddiBusinessEntity, uddiBusinessService,uddiPublisherAssertion, uddiTModel, uddiv3EntityObituary, uddiv3Subscription
Schema File 03-uddiv3.ldifSyntax Directory String
uddiv3NotificationIntervalThe value of this attribute holds a notification interval string. The string type is xsd:duration.
The interval specifies how often to send asynchronous change notifications to a subscriber.
Origin RFC 4403Usage userApplicationsDescription UDDIv3 Notification IntervalOID 1.3.6.1.1.10.4.40Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiv3NotificationIntervalOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiv3SubscriptionSchema File 03-uddiv3.ldifSyntax Directory String
uddiv3ServiceKeyThe value of this attribute holds a unique, UDDIv3 identifier for a business service.
Origin RFC 4403Usage userApplicationsDescription UDDIv3 businessService unique identifier
Attribute Typesuddiv3SubscriptionFilter
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 475
OID 1.3.6.1.1.10.4.32Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiv3ServiceKeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiBindingTemplate, uddiBusinessServiceSchema File 03-uddiv3.ldifSyntax Directory String
uddiv3SubscriptionFilterThe value of this attribute holds a UDDIv3 subscription filter. The filter criteria limit the scope of asubscription to a subset of registry records.
Origin RFC 4403Usage userApplicationsDescription UDDIv3 Subscription FilterOID 1.3.6.1.1.10.4.39Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiv3SubscriptionFilterOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiv3SubscriptionSchema File 03-uddiv3.ldifSyntax Directory String
uddiv3SubscriptionKeyThe value of this attribute holds a unique, UDDIv3 identifier for a subscription entity.
Origin RFC 4403
Attribute Typesuddiv3TModelKey
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 476
Usage userApplicationsDescription UDDIv3 Subscription unique identifierOID 1.3.6.1.1.10.4.38Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiv3SubscriptionKeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiv3SubscriptionSchema File 03-uddiv3.ldifSyntax Directory String
uddiv3TModelKeyThe value of this attribute holds a unique, UDDIv3 identifier for a template model.
Origin RFC 4403Usage userApplicationsDescription UDDIv3 TModel unique identifierOID 1.3.6.1.1.10.4.34Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiv3TModelKeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By uddiAddress, uddiTModel, uddiTModelInstanceInfoSchema File 03-uddiv3.ldifSyntax Directory String
uidComputer system login names associated with the entry.
Attribute TypesuidNumber
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 477
Example: bjensen, root.
Origin RFC 4519Usage userApplicationsOID 0.9.2342.19200300.100.1.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uid, useridOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By account, inetOrgPerson, inetuser, pilotPerson, posixAccount, sambaSamAccount,shadowAccount, uidObject, untypedObject
Schema File 00-core.ldifSyntax Directory String
uidNumber
Origin draft-howard-rfc2307bisUsage userApplicationsDescription An integer uniquely identifying a user in an administrative domainOID 1.3.6.1.1.1.1.0Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames uidNumberOrdering Matching Rule integerOrderingMatchUser ModificationAllowed
true
Used By nisKeyObject, posixAccount, sambaIdmapEntry, sambaUnixIdPoolSchema File 04-rfc2307bis.ldifSyntax Integer
Attribute TypesuniqueIdentifier
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 478
uniqueIdentifierUnique identifier for a directory object. The semantics of uniqueness are defined locally for thedirectory, so the values are not necessarily universally unique identifiers, but might be a payrollnumber for an individual or a department code for an organizational unit.
Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.44Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uniqueIdentifierOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By pilotObjectSchema File 00-core.ldifSyntax Directory String
uniqueMemberDistinguished names of objects that are part of a group, where the RDN of the object includes a valueto distinguish between names that have been reused.
Origin RFC 4519Usage userApplicationsOID 2.5.4.50Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule uniqueMemberMatchSingle Value false: multiple values allowedNames uniqueMemberUser ModificationAllowed
true
Used By groupOfUniqueNamesSchema File 00-core.ldifSyntax Name and Optional UID
Attribute TypesuserCertificate
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 479
userCertificateX.509 certificate issued to the user, as described in X.509 clause 11.2.1.
Request and transfer values using the binary option for the attribute description,userCertificate;binary.
Origin RFC 4523Usage userApplicationsOID 2.5.4.36Equality Matching Rule certificateExactMatchSingle Value false: multiple values allowedNames userCertificateOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By ds-certificate-user, inetOrgPerson, pkiUser, strongAuthenticationUserSchema File 00-core.ldifSyntax Certificate
userClassCategories to refer to a computer or application user, such as full-time employee or contractor.
Similar attributes include organizationalStatus and title.
Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.8Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames userClassOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By pilotPerson
Attribute TypesuserPassword
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 480
Schema File 00-core.ldifSyntax Directory String
userPasswordOctet string known only to the user and the system to which the user has access.
Applications should prepare textual strings used as passwords by transcoding them to Unicode,applying SASLprep as described in RFC 4013, and encoding as UTF-8. The client must determinewhether a password is a textual string.
Passwords are not encrypted during transport. If the underlying transport is not secure, transmissioncan result in disclosure of the password to unauthorized parties.
Origin RFC 4519Usage userApplicationsOID 2.5.4.35Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames userPasswordOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By dNSDomain, dmd, domain, inetOrgPerson, inetuser, ipHost, organization,organizationalPerson, organizationalUnit, person, pilotOrganization, pilotPerson,posixAccount, posixGroup, rFC822LocalPart, residentialPerson, shadowAccount,simpleSecurityObject, sunservicecomponent
Schema File 00-core.ldifSyntax Octet String
userPKCS12PKCS#12 format personal identity information.
Request and transfer values using the binary option for the attribute description, userPKCS12;binary.
Origin RFC 2798Usage userApplications
Attribute TypesuserSMIMECertificate
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 481
Description PKCS #12 PFX PDU for exchange of personal identity informationOID 2.16.840.1.113730.3.1.216Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames userPKCS12Ordering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By inetOrgPersonSchema File 00-core.ldifSyntax Binary
userSMIMECertificatePKCS#7 SignedData, where the content signed is ignored by consumers of userSMIMECertificate values.PKCS#7 is described in RFC 2315.
A value holds the entire certificate chain and a smimeCapabilities field as described in RFC 2633. Thisattribute is preferred over userCertificate for S/MIME applications.
Values should have a data contentType and omit the content field.
Request and transfer values using the binary option for the attribute description,userSMIMECertificate;binary.
Origin RFC 2798Usage userApplicationsDescription PKCS#7 SignedData used to support S/MIMEOID 2.16.840.1.113730.3.1.40Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames userSMIMECertificateOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed
true
Used By inetOrgPersonSchema File 00-core.ldifSyntax Binary
Attribute TypesvendorName
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 482
vendorNameName of the party who implemented this LDAP server.
Access to this attribute may be restricted, so client applications must not expect this attribute to beavailable.
Origin RFC 3045Usage dSAOperationOID 1.3.6.1.1.4Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames vendorNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
false
Schema File 00-core.ldifSyntax Directory String
vendorVersionVersion of this LDAP server implementation, which must be unique between two versions.
Access to this attribute may be restricted, so client applications must not expect this attribute to beavailable.
Origin RFC 3045Usage dSAOperationOID 1.3.6.1.1.5Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames vendorVersionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
false
Schema File 00-core.ldif
Attribute TypeswebauthnDeviceProfiles
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 483
Syntax Directory String
webauthnDeviceProfilesOrigin OpenAMUsage userApplicationsDescription WebAuthn device profiles stringInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.12Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames webauthnDeviceProfilesOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Used By webauthnDeviceProfilesContainerSchema File 60-identity-store-ds-webauthndevices.ldifSyntax Directory String
winAccountNameOrigin Solaris SpecificUsage userApplicationsDescription Windows user or group Name corresponding to a Unix user or groupOID 1.3.6.1.4.1.42.2.27.5.1.62Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames winAccountNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed
true
Schema File 05-solaris.ldifSyntax Directory String
Attribute Typesx121Address
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 484
x121AddressData network address as defined by ITU Recommendation X.121.
Origin RFC 4519Usage userApplicationsOID 2.5.4.24Substring Matching Rule numericStringSubstringsMatchEquality Matching Rule numericStringMatchSingle Value false: multiple values allowedNames x121AddressOrdering Matching Rule numericStringOrderingMatchUser ModificationAllowed
true
Used By dNSDomain, dmd, domain, inetOrgPerson, organization, organizationalPerson,organizationalRole, organizationalUnit, pilotOrganization, rFC822LocalPart,residentialPerson, sunservicecomponent
Schema File 00-core.ldifSyntax Numeric String
x500UniqueIdentifierBinary string used to distinguish between objects that reuse the same distinguished name.
Origin RFC 4519Usage userApplicationsOID 2.5.4.45Equality Matching Rule bitStringMatchSingle Value false: multiple values allowedNames x500UniqueIdentifierUser ModificationAllowed
true
Used By inetOrgPersonSchema File 00-core.ldifSyntax Bit String
DIT Content Rules
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 485
Chapter 2
DIT Content RulesNone defined in the default LDAP schema.
DIT Structure RulesuddiAddressStructureRule
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 486
Chapter 3
DIT Structure RulesThis chapter covers schema definitions for DIT structure rules:
• "uddiAddressStructureRule"
• "uddiBindingTemplateStructureRule"
• "uddiBusinessEntityStructureRule"
• "uddiBusinessServiceStructureRule"
• "uddiContactStructureRule"
• "uddiPublisherAssertionStructureRule"
• "uddiTModelInstanceInfoStructureRule"
• "uddiTModelStructureRule"
• "uddiv3EntityObituaryStructureRule"
• "uddiv3SubscriptionStructureRule"
uddiAddressStructureRuleNames uddiAddressStructureRuleOrigin RFC 4403Rule ID 3Name Form uddiAddressNameFormSuperior Rules uddiContactStructureRuleSchema File 03-uddiv3.ldif
uddiBindingTemplateStructureRuleNames uddiBindingTemplateStructureRuleOrigin RFC 4403
DIT Structure RulesuddiBusinessEntityStructureRule
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 487
Rule ID 5Name Form uddiBindingTemplateNameFormSuperior Rules uddiBusinessServiceStructureRuleSchema File 03-uddiv3.ldif
uddiBusinessEntityStructureRuleNames uddiBusinessEntityStructureRuleOrigin RFC 4403Rule ID 1Name Form uddiBusinessEntityNameFormSchema File 03-uddiv3.ldif
uddiBusinessServiceStructureRuleNames uddiBusinessServiceStructureRuleOrigin RFC 4403Rule ID 4Name Form uddiBusinessServiceNameFormSuperior Rules uddiBusinessEntityStructureRuleSchema File 03-uddiv3.ldif
uddiContactStructureRuleNames uddiContactStructureRuleOrigin RFC 4403Rule ID 2Name Form uddiContactNameFormSuperior Rules uddiBusinessEntityStructureRuleSchema File 03-uddiv3.ldif
uddiPublisherAssertionStructureRuleNames uddiPublisherAssertionStructureRule
DIT Structure RulesuddiTModelInstanceInfoStructureRule
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 488
Origin RFC 4403Rule ID 8Name Form uddiPublisherAssertionNameFormSchema File 03-uddiv3.ldif
uddiTModelInstanceInfoStructureRuleNames uddiTModelInstanceInfoStructureRuleOrigin RFC 4403Rule ID 6Name Form uddiTModelInstanceInfoNameFormSuperior Rules uddiBindingTemplateStructureRuleSchema File 03-uddiv3.ldif
uddiTModelStructureRuleNames uddiTModelStructureRuleOrigin RFC 4403Rule ID 7Name Form uddiTModelNameFormSchema File 03-uddiv3.ldif
uddiv3EntityObituaryStructureRuleNames uddiv3EntityObituaryStructureRuleOrigin RFC 4403Rule ID 10Name Form uddiv3EntityObituaryNameFormSchema File 03-uddiv3.ldif
uddiv3SubscriptionStructureRuleNames uddiv3SubscriptionStructureRule
DIT Structure Rulesuddiv3SubscriptionStructureRule
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 489
Origin RFC 4403Rule ID 9Name Form uddiv3SubscriptionNameFormSchema File 03-uddiv3.ldif
Matching Rule Uses
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 490
Chapter 4
Matching Rule UsesNone defined in the default LDAP schema.
Matching Rules
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 491
Chapter 5
Matching RulesThis chapter covers schema definitions for matching rules:
• "1.3.6.1.4.1.26027.1.4.8.1.3.6.1.4.1.26027.1.3.6"
• "authPasswordExactMatch"
• "authPasswordMatch"
• "bitStringMatch"
• "booleanMatch"
• "caseExactIA5Match"
• "caseExactIA5SubstringsMatch"
• "caseExactJsonIdMatch"
• "caseExactJsonQueryMatch"
• "caseExactMatch"
• "caseExactOrderingMatch"
• "caseExactSubstringsMatch"
• "caseIgnoreIA5Match"
• "caseIgnoreIA5SubstringsMatch"
• "caseIgnoreJsonIdMatch"
• "caseIgnoreJsonQueryMatch"
• "caseIgnoreJsonQueryMatchClusterObject"
• "caseIgnoreJsonQueryMatchManagedRole"
• "caseIgnoreJsonQueryMatchManagedUser"
• "caseIgnoreJsonQueryMatchRelationship"
• "caseIgnoreListMatch"
Matching Rules
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 492
• "caseIgnoreListSubstringsMatch"
• "caseIgnoreMatch"
• "caseIgnoreOrderingMatch"
• "caseIgnoreSubstringsMatch"
• "certificateExactMatch"
• "ctsOAuth2GrantSetEqualityMatch"
• "directoryStringFirstComponentMatch"
• "distinguishedNameMatch"
• "ds-mr-double-metaphone-approx"
• "ds-mr-user-password-equality"
• "ds-mr-user-password-exact"
• "generalizedTimeMatch"
• "generalizedTimeOrderingMatch"
• "historicalCsnOrderingMatch"
• "historicalCsnRangeMatch"
• "integerFirstComponentMatch"
• "integerMatch"
• "integerOrderingMatch"
• "jsonFirstComponentCaseExactJsonQueryMatch"
• "jsonFirstComponentCaseIgnoreJsonQueryMatch"
• "keywordMatch"
• "nameAndOptionalCaseExactJsonIdEqualityMatch"
• "nameAndOptionalCaseIgnoreJsonIdEqualityMatch"
• "nameAndOptionalJsonEqualityMatchingRule"
• "numericStringMatch"
• "numericStringOrderingMatch"
• "numericStringSubstringsMatch"
Matching Rules1.3.6.1.4.1.26027.1.4.8.1.3.6.1.4.1.26027.1.3.6
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 493
• "objectIdentifierFirstComponentMatch"
• "objectIdentifierMatch"
• "octetStringMatch"
• "octetStringOrderingMatch"
• "octetStringSubstringsMatch"
• "partialDateAndTimeMatchingRule"
• "presentationAddressMatch"
• "protocolInformationMatch"
• "relativeTimeGTOrderingMatch"
• "relativeTimeLTOrderingMatch"
• "telephoneNumberMatch"
• "telephoneNumberSubstringsMatch"
• "uniqueMemberMatch"
• "uuidMatch"
• "uuidOrderingMatch"
• "wordMatch"
1.3.6.1.4.1.26027.1.4.8.1.3.6.1.4.1.26027.1.3.6Origin OpenDJ X-ENUM SyntaxDescription Collective Conflict Behavior enumeration ordering matching ruleOID 1.3.6.1.4.1.26027.1.4.8.1.3.6.1.4.1.26027.1.3.6Syntax Collective Conflict Behavior
authPasswordExactMatchCompares an asserted authPasswordSyntax value with an authPasswordSyntax attribute's value.
The rule evaluates to TRUE if and only if there is an attribute value with the same scheme, authInfo,and authValue as the asserted value. The rule evaluates to FALSE if no attribute value has the samecomponents. Otherwise, the rule evaluates to Undefined.
Matching RulesauthPasswordMatch
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 494
Names authPasswordExactMatchOrigin RFC 3112Description authentication password exact matching ruleOID 1.3.6.1.4.1.4203.1.2.2Syntax Authentication Password Syntax
authPasswordMatchCompares an asserted authPasswordSyntax value with an authPasswordSyntax attribute's value when anextensibleMatch filter component is used. Each value is matched according to its scheme.
The rule evaluates to TRUE if and only if there is an attribute value that matches the assertedvalue. The rule evaluates to FALSE if no attribute value matches. Otherwise, the rule evaluates toUndefined.
Names authPasswordMatchDescription authentication password matching ruleOID 1.3.6.1.4.1.4203.1.2.3Syntax Authentication Password Syntax
bitStringMatchCompares an assertion of Bit String syntax to a value whose syntax is the ASN.1 BIT STRING type.
If the ASN.1 type does not have a named bit list, the rule evaluates to TRUE if and only if theassertion and value have the same number of bits, and each bit matches. Otherwise, the same rulesapply, but trailing zero bits are ignored.
Names bitStringMatchOrigin RFC 4517OID 2.5.13.16Syntax Bit String
booleanMatchCompares an assertion of Boolean syntax to a value whose syntax is the ASN.1 BOOLEAN type.
The rule evaluates to TRUE if and only if the assertion and value are either both TRUE, or bothFALSE.
Matching RulescaseExactIA5Match
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 495
Names booleanMatchOrigin RFC 4517OID 2.5.13.13Syntax Boolean
caseExactIA5MatchCompares an assertion of IA5 String syntax to a value whose syntax is the ASN.1 IA5String type.
The rule evaluates to TRUE if and only if the prepared attribute value string and prepared assertionvalue string have the same number of characters, and corresponding characters have the same codepoint. For the comparison, characters are not case folded, and only insignificant white space handlingis applied.
Names caseExactIA5MatchOrigin RFC 4517OID 1.3.6.1.4.1.1466.109.114.1Syntax IA5 String
caseExactIA5SubstringsMatchCompares an assertion of Substring Assertion syntax to a value whose syntax is the ASN.1 IA5Stringtype, or one of the alternative types.
The rule evaluates to TRUE if and only if:
1. The prepared substrings in the assertion value match disjoint portions of the prepared attributevalue string in the order they occur in the attribute value.
2. An initial substring in the assertion value, if present, matches the beginning of the attribute valuestring.
3. A final substring in the assertion value, if present, matches the end of the attribute value string.
Strings match when their characters correspond at each code point. For the comparison, charactersare not case folded, and only insignificant white space handling is applied.
Names caseExactIA5SubstringsMatchOrigin RFC 4517OID 1.3.6.1.4.1.26027.1.4.902
Matching RulescaseExactJsonIdMatch
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 496
Syntax Substring Assertion
caseExactJsonIdMatchThis matching rule is used for attributes whose values are JSON objects. With this rule, only the "_id"fields matter for matching. In other words, two JSON objects are considered equal if their "_id" valuesmatch, regardless of other values.
Respect case when finding matches. For example, BJensen and bjensen do not match.
Names caseExactJsonIdMatchOrigin OpenDJ Directory ServerOID 1.3.6.1.4.1.36733.2.1.4.5Syntax Json
caseExactJsonQueryMatchThis matching rule is used for attributes whose values are JSON objects.
Respect case when finding matches. For example, Babs and babs do not match.
Names caseExactJsonQueryMatchOrigin OpenDJ Directory ServerOID 1.3.6.1.4.1.36733.2.1.4.2Syntax Json Query
caseExactMatchCompares an assertion of Directory String syntax to a value whose syntax is the ASN.1DirectoryString type, or one of the alternative types.
The rule evaluates to TRUE if and only if the prepared attribute value string and prepared assertionvalue string have the same number of characters, and corresponding characters have the same codepoint. For the comparison, characters are not case folded, and only insignificant white space handlingis applied.
Names caseExactMatchOrigin RFC 4517OID 2.5.13.5Syntax Directory String
Matching RulescaseExactOrderingMatch
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 497
caseExactOrderingMatchCompares an assertion of Directory String syntax to a value whose syntax is the ASN.1DirectoryString type, or one of the alternative types.
The rule evaluates to TRUE if and only if the prepared attribute value string is less than preparedassertion value string according to the code point collation order. For the comparison, characters arenot case folded, and only insignificant white space handling is applied.
Names caseExactOrderingMatchOrigin RFC 4517OID 2.5.13.6Syntax Directory String
caseExactSubstringsMatchCompares an assertion of Substring Assertion syntax to a value whose syntax is the ASN.1DirectoryString type, or one of the alternative types.
The rule evaluates to TRUE if and only if:
1. The prepared substrings in the assertion value match disjoint portions of the prepared attributevalue string in the order they occur in the attribute value.
2. An initial substring in the assertion value, if present, matches the beginning of the attribute valuestring.
3. A final substring in the assertion value, if present, matches the end of the attribute value string.
Strings match when their characters correspond at each code point. For the comparison, charactersare not case folded, and only insignificant white space handling is applied.
Names caseExactSubstringsMatchOrigin RFC 4517OID 2.5.13.7Syntax Substring Assertion
caseIgnoreIA5MatchCompares an assertion of IA5 String syntax to a value whose syntax is the ASN.1 IA5String type.
The rule evaluates to TRUE if and only if the prepared attribute value string and prepared assertionvalue string have the same number of characters, and corresponding characters have the same code
Matching RulescaseIgnoreIA5SubstringsMatch
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 498
point. For the comparison, characters are case folded, and only insignificant white space handling isapplied.
Names caseIgnoreIA5MatchOrigin RFC 4517OID 1.3.6.1.4.1.1466.109.114.2Syntax IA5 String
caseIgnoreIA5SubstringsMatchCompares an assertion of Substring Assertion syntax to a value whose syntax is the ASN.1 IA5Stringtype, or one of the alternative types.
The rule evaluates to TRUE if and only if:
1. The prepared substrings in the assertion value match disjoint portions of the prepared attributevalue string in the order they occur in the attribute value.
2. An initial substring in the assertion value, if present, matches the beginning of the attribute valuestring.
3. A final substring in the assertion value, if present, matches the end of the attribute value string.
Strings match when their characters correspond at each code point. For the comparison, charactersare case folded, and only insignificant white space handling is applied.
Names caseIgnoreIA5SubstringsMatchOrigin RFC 4517OID 1.3.6.1.4.1.1466.109.114.3Syntax Substring Assertion
caseIgnoreJsonIdMatchThis matching rule is used for attributes whose values are JSON objects. With this rule, only the "_id"fields matter for matching. In other words, two JSON objects are considered equal if their "_id" valuesmatch, regardless of other values.
Ignore case when finding matches. For example, BJensen matches bjensen.
Names caseIgnoreJsonIdMatchOrigin OpenDJ Directory ServerOID 1.3.6.1.4.1.36733.2.1.4.4
Matching RulescaseIgnoreJsonQueryMatch
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 499
Syntax Json
caseIgnoreJsonQueryMatchThis matching rule is used for attributes whose values are JSON objects.
Ignore case when finding matches. For example, Babs matches babs.
Names caseIgnoreJsonQueryMatchOrigin OpenDJ Directory ServerOID 1.3.6.1.4.1.36733.2.1.4.1Syntax Json Query
caseIgnoreJsonQueryMatchClusterObjectNames caseIgnoreJsonQueryMatchClusterObjectOID 1.3.6.1.4.1.36733.2.3.4.4Syntax Json Query
caseIgnoreJsonQueryMatchManagedRoleNames caseIgnoreJsonQueryMatchManagedRoleOID 1.3.6.1.4.1.36733.2.3.4.2Syntax Json Query
caseIgnoreJsonQueryMatchManagedUserNames caseIgnoreJsonQueryMatchManagedUserOID 1.3.6.1.4.1.36733.2.3.4.1Syntax Json Query
caseIgnoreJsonQueryMatchRelationshipNames caseIgnoreJsonQueryMatchRelationship
Matching RulescaseIgnoreListMatch
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 500
OID 1.3.6.1.4.1.36733.2.3.4.3Syntax Json Query
caseIgnoreListMatchCompares an assertion that is a sequence of strings to a value whose syntax is an ASN.1 SEQUENCEOF the DirectoryString type.
The rule evaluates to TRUE if and only if the attribute value and the assertion value have the samenumber of strings, and corresponding strings match according to the caseIgnoreMatch matching rule.
Names caseIgnoreListMatchOrigin RFC 4517OID 2.5.13.11Syntax Postal Address
caseIgnoreListSubstringsMatchCompares an assertion value of the Substring Assertion syntax to a value whose syntax is an ASN.1SEQUENCE OF the DirectoryString type.
The rule evaluates to TRUE if and only if the assertion value matches the concatenated strings of theattribute value, where none of the initial, any, or final substrings match if they span more than one ofthe original attribute value strings. The match is evaluated according to the caseIgnoreSubstringsMatchrule.
Names caseIgnoreListSubstringsMatchOrigin RFC 4517OID 2.5.13.12Syntax Substring Assertion
caseIgnoreMatchCompares an assertion of Directory String syntax to a value whose syntax is the ASN.1DirectoryString type, or one of the alternative types.
The rule evaluates to TRUE if and only if the prepared attribute value string and prepared assertionvalue string have the same number of characters, and corresponding characters have the same codepoint. For the comparison, characters are case folded, and only insignificant white space handling isapplied.
Matching RulescaseIgnoreOrderingMatch
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 501
Names caseIgnoreMatchOrigin RFC 4517OID 2.5.13.2Syntax Directory String
caseIgnoreOrderingMatchCompares an assertion of Directory String syntax to a value whose syntax is the ASN.1DirectoryString type, or one of the alternative types.
The rule evaluates to TRUE if and only if the prepared attribute value string is less than preparedassertion value string according to the code point collation order. For the comparison, characters arecase folded, and only insignificant white space handling is applied.
Names caseIgnoreOrderingMatchOrigin RFC 4517OID 2.5.13.3Syntax Directory String
caseIgnoreSubstringsMatchCompares an assertion of Substring Assertion syntax to a value whose syntax is the ASN.1DirectoryString type, or one of the alternative types.
The rule evaluates to TRUE if and only if:
1. The prepared substrings in the assertion value match disjoint portions of the prepared attributevalue string in the order they occur in the attribute value.
2. An initial substring in the assertion value, if present, matches the beginning of the attribute valuestring.
3. A final substring in the assertion value, if present, matches the end of the attribute value string.
Strings match when their characters correspond at each code point. For the comparison, charactersare case folded, and only insignificant white space handling is applied.
Names caseIgnoreSubstringsMatchOrigin RFC 4517OID 2.5.13.4Syntax Substring Assertion
Matching RulescertificateExactMatch
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 502
certificateExactMatchCompares a certificate exact assertion value with an attribute value of certificate syntax.
Names certificateExactMatchOrigin RFC 4523OID 2.5.13.34Syntax X.509 Certificate Exact Assertion
ctsOAuth2GrantSetEqualityMatchNames ctsOAuth2GrantSetEqualityMatchOID 1.3.6.1.4.1.36733.2.2.4.1Syntax Json Query
directoryStringFirstComponentMatchCompares an assertion value of DirectoryString syntax to a value whose syntax is an ASN.1SEQUENCE with a mandatory first component of the ASN.1 DirectoryString type.
The rule evaluates to TRUE if and only if the assertion value matches the first component of theattribute value according to the caseIgnoreMatch matching rule.
Names directoryStringFirstComponentMatchOrigin RFC 4517OID 2.5.13.31Syntax Directory String
distinguishedNameMatchCompares an assertion value of DN syntax to a value whose syntax is an ASN.1 DistinguishedNametype.
The rule evaluates to TRUE if and only if the assertion value and the attribute value have the samenumber of RDNs, and the RDNs in the same position are the same. Two RDNs are the same if andonly if they have the same number of attribute value assertions (AVA), and each AVA of the first RDNis the same as the AVA of the second RDN with the same attribute type, according to the equalitymatching rule for the attribute type. Order of AVAs is not significant. If one or more AVAs evaluateto Undefined, and the remaining AVAs evaluate to TRUE, then the distinguishedNameMatch evaluates toUndefined.
Matching Rulesds-mr-double-metaphone-approx
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 503
Names distinguishedNameMatchOrigin RFC 4517OID 2.5.13.1Syntax DN
ds-mr-double-metaphone-approxNames ds-mr-double-metaphone-approxOrigin OpenDS Directory ServerDescription Double Metaphone Approximate MatchOID 1.3.6.1.4.1.26027.1.4.1Syntax Directory String
ds-mr-user-password-equalityNames ds-mr-user-password-equalityDescription user password matching ruleOID 1.3.6.1.4.1.26027.1.4.3Syntax Octet String
ds-mr-user-password-exactNames ds-mr-user-password-exactOrigin OpenDS Directory ServerDescription user password exact matching ruleOID 1.3.6.1.4.1.26027.1.4.2Syntax User Password
generalizedTimeMatchCompares an assertion value of Generalized Time syntax to a value whose syntax is an ASN.1GeneralizedTime type.
The rule evaluates to TRUE if and only if the attribute value represents a universal coordinated timethat is the same as the assertion value.
Matching RulesgeneralizedTimeOrderingMatch
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 504
Names generalizedTimeMatchOrigin RFC 4517OID 2.5.13.27Syntax Generalized Time
generalizedTimeOrderingMatchCompares an assertion value of Generalized Time syntax to a value whose syntax is an ASN.1GeneralizedTime type.
The rule evaluates to TRUE if and only if the attribute value represents a universal coordinated timethat is earlier than the assertion value.
Names generalizedTimeOrderingMatchOrigin RFC 4517OID 2.5.13.28Syntax Generalized Time
historicalCsnOrderingMatchNames historicalCsnOrderingMatchOID 1.3.6.1.4.1.26027.1.4.4Syntax Octet String
historicalCsnRangeMatchNames historicalCsnRangeMatchOrigin OpenDJ Directory ServerOID 1.3.6.1.4.1.36733.2.1.4.3Syntax Directory String
integerFirstComponentMatchCompares an assertion value of Integer syntax to a value whose syntax is an ASN.1 SEQUENCE witha mandatory first component of the ASN.1 INTEGER type.
Matching RulesintegerMatch
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 505
The rule evaluates to TRUE if and only if the assertion value and the first component of the attributevalue are the same integer value.
Names integerFirstComponentMatchOrigin RFC 4517OID 2.5.13.29Syntax Integer
integerMatchCompares an assertion value of Integer syntax to a value whose syntax is the ASN.1 INTEGER type.
The rule evaluates to TRUE if and only if the assertion value and the attribute value are the sameinteger value.
Names integerMatchOrigin RFC 4517OID 2.5.13.14Syntax Integer
integerOrderingMatchCompares an assertion value of Integer syntax to a value whose syntax is the ASN.1 INTEGER type.
The rule evaluates to TRUE if and only if the integer value of the assertion is less than the integervalue of the attribute.
Names integerOrderingMatchOrigin RFC 4517OID 2.5.13.15Syntax Integer
jsonFirstComponentCaseExactJsonQueryMatchThis matching rule compares JSON ignoring white space that is not significant. For the comparison,characters are not case-folded.
When used for JSON indexing, this rule indexes all JSON fields.
Names jsonFirstComponentCaseExactJsonQueryMatch
Matching RulesjsonFirstComponentCaseIgnoreJsonQueryMatch
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 506
Origin OpenDJ Directory ServerOID 1.3.6.1.4.1.36733.2.1.4.9Syntax Name and Optional JSON
jsonFirstComponentCaseIgnoreJsonQueryMatchThis matching rule compares JSON ignoring white space that is not significant. For the comparison,characters are case-folded.
When used for JSON indexing, this rule indexes all JSON fields.
Names jsonFirstComponentCaseIgnoreJsonQueryMatchOrigin OpenDJ Directory ServerOID 1.3.6.1.4.1.36733.2.1.4.8Syntax Name and Optional JSON
keywordMatchCompares an assertion value of Directory String syntax to a value whose syntax is the ASN.1DirectoryString type.
The rule evaluates to TRUE if and only if the assertion value character string matches a keyword inthe attribute value, where keyword matches are implementation defined.
In this implementation, a keyword match occurs if the assertion value is contained within theattribute value, and the assertion value is bounded by the start or the end of the attribute value orany of the following characters:
• A space
• A period
• A comma
• A slash
• A dollar sign
• A plus sign
• A dash
• An underscore
Matching RulesnameAndOptionalCaseExactJsonIdEqualityMatch
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 507
• An octothorpe (#)
• An equal sign
Names keywordMatchOrigin RFC 4517OID 2.5.13.33Syntax Directory String
nameAndOptionalCaseExactJsonIdEqualityMatchThis matching rule compares only the DN and the _id field of the optional JSON, ignoring other fieldsof the optional JSON.
For the comparison, characters are not case-folded.
Names nameAndOptionalCaseExactJsonIdEqualityMatchOrigin OpenDJ Directory ServerOID 1.3.6.1.4.1.36733.2.1.4.11Syntax Name and Optional JSON
nameAndOptionalCaseIgnoreJsonIdEqualityMatchThis matching rule compares only the DN and the _id field of the optional JSON, ignoring other fieldsof the optional JSON.
For the comparison, characters are case-folded.
Names nameAndOptionalCaseIgnoreJsonIdEqualityMatchOrigin OpenDJ Directory ServerOID 1.3.6.1.4.1.36733.2.1.4.10Syntax Name and Optional JSON
nameAndOptionalJsonEqualityMatchingRuleThis matching rule ignores optional JSON prepended to the DN value.
Names nameAndOptionalJsonEqualityMatchingRule
Matching RulesnumericStringMatch
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 508
Origin OpenDJ Directory ServerOID 1.3.6.1.4.1.36733.2.1.4.7Syntax Name and Optional JSON
numericStringMatchCompares an assertion of Numeric String syntax to a value whose syntax is the ASN.1 NumericStringtype.
The rule evaluates to TRUE if and only if the prepared attribute value string and prepared assertionvalue string have the same number of characters, and corresponding characters have the same codepoint. For the comparison, characters are not case folded, and only insignificant white space handlingis applied.
Names numericStringMatchOrigin RFC 4517OID 2.5.13.8Syntax Numeric String
numericStringOrderingMatchCompares an assertion of Numeric String syntax to a value whose syntax is the ASN.1 NumericStringtype.
The rule evaluates to TRUE if and only if the prepared attribute value string is less than preparedassertion value string according to the code point collation order. For the comparison, charactersare not case folded, and only insignificant white space handling is applied. All space characters areskipped during rule evaluation.
Names numericStringOrderingMatchOrigin RFC 4517OID 2.5.13.9Syntax Numeric String
numericStringSubstringsMatchCompares an assertion of Numeric String syntax to a value whose syntax is the ASN.1 NumericStringtype.
The rule evaluates to TRUE if and only if:
Matching RulesobjectIdentifierFirstComponentMatch
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 509
1. The prepared substrings in the assertion value match disjoint portions of the prepared attributevalue string in the order they occur in the attribute value.
2. An initial substring in the assertion value, if present, matches the beginning of the attribute valuestring.
3. A final substring in the assertion value, if present, matches the end of the attribute value string.
Strings match when their characters correspond at each code point. For the comparison, charactersare not case folded, and only insignificant white space handling is applied.
Names numericStringSubstringsMatchOrigin RFC 4517OID 2.5.13.10Syntax Substring Assertion
objectIdentifierFirstComponentMatchCompares an assertion value of OID syntax to a value whose syntax is an ASN.1 SEQUENCE with amandatory first component of the ASN.1 OBJECT IDENTIFIER type.
The rule evaluates to TRUE if and only if the assertion value matches the first component of theattribute value according to the objectIdentifierMatch matching rule.
Names objectIdentifierFirstComponentMatchOrigin RFC 4517OID 2.5.13.30Syntax OID
objectIdentifierMatchCompares an assertion value of OID syntax to a value whose syntax is the ASN.1 OBJECTIDENTIFIER type.
The rule evaluates to TRUE if and only if the assertion value and the attribute value represent thesame object identifier value, that is, the same sequence of integers.
Names objectIdentifierMatchOrigin RFC 4517OID 2.5.13.0Syntax OID
Matching RulesoctetStringMatch
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 510
octetStringMatchCompares an assertion value of Octet String syntax to a value whose syntax is the ASN.1 OCTETSTRING type.
The rule evaluates to TRUE if and only if the assertion value and the attribute value are of the samelength, and corresponding octets are the same.
Names octetStringMatchOrigin RFC 4517OID 2.5.13.17Syntax Octet String
octetStringOrderingMatchCompares an assertion value of Octet String syntax to a value whose syntax is the ASN.1 OCTETSTRING type.
The rule evaluates to TRUE if and only if the assertion value is less than the attribute value accordingto the collation order. Octets are compared from the first octet to the last octet, and within octetsfrom the most significant bit to the least significant bit.
Names octetStringOrderingMatchOrigin RFC 4517OID 2.5.13.18Syntax Octet String
octetStringSubstringsMatchNames octetStringSubstringsMatchOrigin X.500OID 2.5.13.19Syntax Octet String
partialDateAndTimeMatchingRuleNames partialDateAndTimeMatchingRule
Matching RulespresentationAddressMatch
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 511
Origin OpenDS Directory ServerDescription partial date and time matchingOID 1.3.6.1.4.1.26027.1.4.7Syntax Generalized Time
presentationAddressMatchThis rule behaves exactly like the caseIgnoreMatch rule.
Names presentationAddressMatchOrigin RFC 2252OID 2.5.13.22Syntax Presentation Address
protocolInformationMatchThis rule behaves exactly like the caseIgnoreMatch rule.
Names protocolInformationMatchOrigin RFC 2252OID 2.5.13.24Syntax Protocol Information
relativeTimeGTOrderingMatchNames relativeTimeGTOrderingMatch, relativeTimeOrderingMatch.gtOrigin OpenDS Directory ServerDescription greater-than relative time for time-based searchesOID 1.3.6.1.4.1.26027.1.4.5Syntax Generalized Time
relativeTimeLTOrderingMatchNames relativeTimeLTOrderingMatch, relativeTimeOrderingMatch.lt
Matching RulestelephoneNumberMatch
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 512
Origin OpenDS Directory ServerDescription less-than relative time for time-based searchesOID 1.3.6.1.4.1.26027.1.4.6Syntax Generalized Time
telephoneNumberMatchCompares an assertion value of Telephone Number syntax to a value whose syntax is an ASN.1PrintableString representing a telephone number.
The rule evaluates to TRUE if and only if the assertion value and the attribute value are of the samelength, and corresponding octets are the same. For the comparison, characters are case folded, andonly telephoneNumber insignificant white space handling is applied.
Names telephoneNumberMatchOrigin RFC 4517OID 2.5.13.20Syntax Telephone Number
telephoneNumberSubstringsMatchCompares an assertion of Substring Assertion syntax to a value whose syntax is an ASN.1PrintableString representing a telephone number.
The rule evaluates to TRUE if and only if:
1. The prepared substrings in the assertion value match disjoint portions of the prepared attributevalue string in the order they occur in the attribute value.
2. An initial substring in the assertion value, if present, matches the beginning of the attribute valuestring.
3. A final substring in the assertion value, if present, matches the end of the attribute value string.
Strings match when their characters correspond at each code point. For the comparison, charactersare case folded, and only telephoneNumber insignificant white space handling is applied.
Names telephoneNumberSubstringsMatchOrigin RFC 4517OID 2.5.13.21Syntax Substring Assertion
Matching RulesuniqueMemberMatch
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 513
uniqueMemberMatchCompares an assertion value of Name And Optional UID syntax to a value whose syntax is an ASN.1NameAndOptionalUID type.
The rule evaluates to TRUE if and only if The distinguished name components of the assertion valueand the attribute value match according to the distinguishedNameMatch rule, and either of the followingare true:
• The bit string component is absent from both values.
• The bit string components are present in both values, and they match according to thebitStringMatch rule.
Names uniqueMemberMatchOrigin RFC 4517OID 2.5.13.23Syntax Name and Optional UID
uuidMatchCompares an asserted UUID with a stored UUID for equality.
This rule uses the same semantics as octetStringMatch, except the assertion value is encoded using theUUID string representation, rather than the normal OCTET STRING string representation.
Names uuidMatchOrigin RFC 4530OID 1.3.6.1.1.16.2Syntax UUID
uuidOrderingMatchCompares an asserted UUID with a stored UUID for ordering.
This rule uses the same semantics as octetStringOrderingMatch, except the assertion value is encodedusing the UUID string representation, rather than the normal OCTET STRING string representation.
UUIDs do not necessarily have a natural ordering. Servers are not required to assign UUIDs in anyparticular order.
Names uuidOrderingMatch
Matching RuleswordMatch
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 514
Origin RFC 4530OID 1.3.6.1.1.16.3Syntax UUID
wordMatchCompares an assertion value of Directory String syntax to a value whose syntax is the ASN.1DirectoryString type.
The rule evaluates to TRUE if and only if the assertion value character string matches a word in theattribute value, according to the semantics of the caseIgnoreMatch rule.
In this implementation, a word match occurs if the assertion value is contained within the attributevalue, and the assertion value is bounded by the start or the end of the attribute value or any of thefollowing characters:
• A space
• A period
• A comma
• A slash
• A dollar sign
• A plus sign
• A dash
• An underscore
• An octothorpe (#)
• An equal sign
Names wordMatchOrigin RFC 4517OID 2.5.13.32Syntax Directory String
Name FormsuddiAddressNameForm
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 515
Chapter 6
Name FormsThis chapter covers schema definitions for name forms:
• "uddiAddressNameForm"
• "uddiBindingTemplateNameForm"
• "uddiBusinessEntityNameForm"
• "uddiBusinessServiceNameForm"
• "uddiContactNameForm"
• "uddiPublisherAssertionNameForm"
• "uddiTModelInstanceInfoNameForm"
• "uddiTModelNameForm"
• "uddiv3EntityObituaryNameForm"
• "uddiv3SubscriptionNameForm"
uddiAddressNameFormThis name form defines the naming attribute for an address.
Names uddiAddressNameFormOrigin RFC 4403Structural Object Class uddiAddressSchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.15.3Required Attributes uddiUUID
uddiBindingTemplateNameFormThis name form defines the naming attribute for a binding template.
Name FormsuddiBusinessEntityNameForm
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 516
Names uddiBindingTemplateNameFormOrigin RFC 4403Structural Object Class uddiBindingTemplateSchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.15.5Required Attributes uddiBindingKey
uddiBusinessEntityNameFormThis name form defines the naming attribute for a business entity.
Names uddiBusinessEntityNameFormOrigin RFC 4403Structural Object Class uddiBusinessEntitySchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.15.1Required Attributes uddiBusinessKey
uddiBusinessServiceNameFormThis name form defines the naming attribute for a business service.
Names uddiBusinessServiceNameFormOrigin RFC 4403Structural Object Class uddiBusinessServiceSchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.15.4Required Attributes uddiServiceKey
uddiContactNameFormThis name form defines the naming attribute for a contact.
Names uddiContactNameFormOrigin RFC 4403Structural Object Class uddiContact
Name FormsuddiPublisherAssertionNameForm
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 517
Schema File 03-uddiv3.ldifOID 1.3.6.1.1.10.15.2Required Attributes uddiUUID
uddiPublisherAssertionNameFormThis name form defines the naming attribute for a publisher assertion.
Names uddiPublisherAssertionNameFormOrigin RFC 4403Structural Object Class uddiPublisherAssertionSchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.15.8Required Attributes uddiUUID
uddiTModelInstanceInfoNameFormThis name form defines the naming attribute for a template model instance information object.
Names uddiTModelInstanceInfoNameFormOrigin RFC 4403Structural Object Class uddiTModelInstanceInfoSchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.15.6Required Attributes uddiTModelKey
uddiTModelNameFormThis name form defines the naming attribute for a name form.
Names uddiTModelNameFormOrigin RFC 4403Structural Object Class uddiTModelSchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.15.7Required Attributes uddiTModelKey
Name Formsuddiv3EntityObituaryNameForm
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 518
uddiv3EntityObituaryNameFormThis name form defines the naming attribute for an entry obituary.
Names uddiv3EntityObituaryNameFormOrigin RFC 4403Structural Object Class uddiv3EntityObituarySchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.15.10Required Attributes uddiUUID
uddiv3SubscriptionNameFormThis name form defines the naming attribute for a subscription.
Names uddiv3SubscriptionNameFormOrigin RFC 4403Structural Object Class uddiv3SubscriptionSchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.15.9Required Attributes uddiUUID
Object Classes
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 519
Chapter 7
Object ClassesThis chapter covers schema definitions for object classes:
• "account"
• "alias"
• "applicationEntity"
• "applicationProcess"
• "authPasswordObject"
• "automount"
• "automountMap"
• "bootableDevice"
• "calEntry"
• "certificationAuthority-V2"
• "certificationAuthority"
• "changeLogEntry"
• "collectiveAttributeSubentry"
• "container"
• "corbaContainer"
• "corbaObject"
• "corbaObjectReference"
• "country"
• "cRLDistributionPoint"
• "dcObject"
Object Classes
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 520
• "deltaCRL"
• "device"
• "devicePrintProfilesContainer"
• "deviceProfilesContainer"
• "dmd"
• "dNSDomain"
• "document"
• "documentSeries"
• "domain"
• "domainRelatedObject"
• "ds-certificate-user"
• "ds-monitor-backend-db"
• "ds-monitor-backend-pluggable"
• "ds-monitor-backend-proxy"
• "ds-monitor-backend"
• "ds-monitor-base-dn"
• "ds-monitor-branch"
• "ds-monitor-certificate"
• "ds-monitor-changelog-domain"
• "ds-monitor-changelog"
• "ds-monitor-connected-changelog"
• "ds-monitor-connected-replica"
• "ds-monitor-connection-handler"
• "ds-monitor-disk-space"
• "ds-monitor-entry-cache"
Object Classes
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 521
• "ds-monitor-health-status"
• "ds-monitor-http-connection-handler"
• "ds-monitor-je-database"
• "ds-monitor-jvm"
• "ds-monitor-ldap-connection-handler"
• "ds-monitor-raw-je-database-statistics"
• "ds-monitor-remote-replica"
• "ds-monitor-replica-db"
• "ds-monitor-replica"
• "ds-monitor-server"
• "ds-monitor-topology-server"
• "ds-monitor-work-queue"
• "ds-monitor"
• "ds-pwp-attribute-value-validator"
• "ds-pwp-character-set-validator"
• "ds-pwp-dictionary-validator"
• "ds-pwp-length-based-validator"
• "ds-pwp-password-policy"
• "ds-pwp-random-generator"
• "ds-pwp-repeated-characters-validator"
• "ds-pwp-similarity-based-validator"
• "ds-pwp-unique-characters-validator"
• "ds-pwp-validator"
• "ds-root-dse"
• "ds-virtual-static-group"
Object Classes
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 522
• "dSA"
• "DUAConfigProfile"
• "extensibleObject"
• "forgerock-am-dashboard-service"
• "fr-idm-cluster-obj"
• "fr-idm-generic-obj"
• "fr-idm-hybrid-obj"
• "fr-idm-internal-role"
• "fr-idm-internal-user"
• "fr-idm-link"
• "fr-idm-lock"
• "fr-idm-managed-assignment"
• "fr-idm-managed-role"
• "fr-idm-managed-user-explicit"
• "fr-idm-managed-user-hybrid-obj"
• "fr-idm-managed-user"
• "fr-idm-notification"
• "fr-idm-recon-clusteredTargetIds"
• "fr-idm-reconassoc"
• "fr-idm-reconassocentry"
• "fr-idm-relationship"
• "fr-idm-syncqueue"
• "frCoreToken"
• "friendlyCountry"
• "glue"
• "groupOfEntries"
Object Classes
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 523
• "groupOfNames"
• "groupOfUniqueNames"
• "groupOfURLs"
• "ieee802Device"
• "inetOrgPerson"
• "inetuser"
• "inheritableLDAPSubEntry"
• "inheritedCollectiveAttributeSubentry"
• "inheritedFromDNCollectiveAttributeSubentry"
• "inheritedFromRDNCollectiveAttributeSubentry"
• "ipHost"
• "iplanet-am-auth-configuration-service"
• "iplanet-am-managed-person"
• "iplanet-am-session-service"
• "iplanet-am-user-service"
• "iPlanetPreferences"
• "ipNetwork"
• "ipProtocol"
• "ipService"
• "ipTnetHost"
• "ipTnetTemplate"
• "javaContainer"
• "javaMarshalledObject"
• "javaNamingReference"
• "javaObject"
• "javaSerializedObject"
Object Classes
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 524
• "kbaInfoContainer"
• "labeledURIObject"
• "ldapSubEntry"
• "locality"
• "mailGroup"
• "namedObject"
• "nisDomainObject"
• "nisKeyObject"
• "nisMailAlias"
• "nisMap"
• "nisNetgroup"
• "nisNetId"
• "nisObject"
• "nisplusTimeZoneData"
• "oathDeviceProfilesContainer"
• "oncRpc"
• "organization"
• "organizationalPerson"
• "organizationalRole"
• "organizationalUnit"
• "person"
• "pilotDSA"
• "pilotObject"
• "pilotOrganization"
• "pilotPerson"
• "pkiCA"
Object Classes
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 525
• "pkiUser"
• "posixAccount"
• "posixGroup"
• "printerAbstract"
• "printerIPP"
• "printerLPR"
• "printerService"
• "printerServiceAuxClass"
• "pushDeviceProfilesContainer"
• "pwdPolicy"
• "pwdValidatorPolicy"
• "qualityLabelledData"
• "referral"
• "residentialPerson"
• "rFC822LocalPart"
• "room"
• "sambaConfig"
• "sambaConfigOption"
• "sambaDomain"
• "sambaGroupMapping"
• "sambaIdmapEntry"
• "sambaPrivilege"
• "sambaSamAccount"
• "sambaShare"
• "sambaSidEntry"
• "sambaTrustPassword"
Object Classes
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 526
• "sambaUnixIdPool"
• "shadowAccount"
• "simpleSecurityObject"
• "slpService"
• "slpServicePrinter"
• "SolarisAuditUser"
• "SolarisAuthAttr"
• "SolarisExecAttr"
• "SolarisNamingProfile"
• "SolarisProfAttr"
• "SolarisProject"
• "SolarisUserAttr"
• "strongAuthenticationUser"
• "subentry"
• "subschema"
• "sunAMAuthAccountLockout"
• "sunFMSAML2NameIdentifier"
• "sunPrinter"
• "sunRealmService"
• "sunservice"
• "sunservicecomponent"
• "top"
• "uddiAddress"
• "uddiBindingTemplate"
• "uddiBusinessEntity"
• "uddiBusinessService"
Object Classesaccount
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 527
• "uddiContact"
• "uddiPublisherAssertion"
• "uddiTModel"
• "uddiTModelInstanceInfo"
• "uddiv3EntityObituary"
• "uddiv3Subscription"
• "uidObject"
• "untypedObject"
• "userSecurityInformation"
• "webauthnDeviceProfilesContainer"
accountEntries of this object class represent computer accounts.
Use uid as the naming attribute.
Names accountOrigin RFC 4524Superior Classes topOptional Attributes description, host, l, o, ou, seeAlsoSchema File 00-core.ldifOID 0.9.2342.19200300.100.4.5Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass, uid
aliasEntry pointing to another entry, using an aliasedObjectName attribute value.
An alias name is an alternative name for an entry. Alias objects are leaf entries (no subordinates).
ForgeRock servers do not support alias dereferencing.
Object ClassesapplicationEntity
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 528
Names aliasOrigin RFC 4512Superior Classes topSchema File 00-core.ldifOID 2.5.6.1Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes aliasedObjectName, objectClass
applicationEntityRepresents an OSI application.
Names applicationEntityOrigin RFC 2256Superior Classes topOptional Attributes description, l, o, ou, seeAlso, supportedApplicationContextSchema File 00-core.ldifOID 2.5.6.12Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass, presentationAddress
applicationProcessRepresents an application executing in a computer system.
Names applicationProcessOrigin RFC 4519Superior Classes topOptional Attributes description, l, ou, seeAlsoSchema File 00-core.ldifOID 2.5.6.11Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass
Object ClassesauthPasswordObject
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 529
authPasswordObjectEntries of this class optionally contain authPassword attributes.
Names authPasswordObjectOrigin RFC 3112Description authentication password mix in classOptional Attributes authPasswordSchema File 03-rfc3112.ldifOID 1.3.6.1.4.1.4203.1.4.7Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.
automountNames automountOrigin draft-howard-rfc2307bisSuperior Classes topDescription Automount informationOptional Attributes descriptionSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.17Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes automountInformation, automountKey, objectClass
automountMapNames automountMapOrigin draft-howard-rfc2307bisSuperior Classes topOptional Attributes descriptionSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.16Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.
Object ClassesbootableDevice
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 530
Required Attributes automountMapName, objectClass
bootableDeviceNames bootableDeviceOrigin draft-howard-rfc2307bisSuperior Classes topDescription A device with boot parameters; device SHOULD be used as a structural classOptional Attributes bootFile, bootParameterSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.12Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
calEntryEntry specifying locations for a calendaring and scheduling client to access a user's calendar andsend event requests to the user.
Names calEntryOrigin RFC 2739Superior Classes topOptional Attributes calCAPURI, calCalAdrURI, calCalURI, calFBURL, calOtherCAPURIs,
calOtherCalAdrURIs, calOtherCalURIs, calOtherFBURLsSchema File 03-rfc2739.ldifOID 1.2.840.113556.1.5.87Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
certificationAuthority-V2Object class for augmenting entries that act as certificate authorities, as described in X.521 clause6.18.
This object class is deprecated. Use pkiCA instead.
Object ClassescertificationAuthority
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 531
Names certificationAuthority-V2Origin RFC 4523Superior Classes certificationAuthorityOptional Attributes crossCertificatePair, deltaRevocationListSchema File 00-core.ldifOID 2.5.6.16.2Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes authorityRevocationList, cACertificate, certificateRevocationList, objectClass
certificationAuthorityObject class for augmenting entries that act as certificate authorities, as described in X.521 clause6.17.
This object class is deprecated. Use pkiCA instead.
Names certificationAuthorityOrigin RFC 4523Superior Classes topOptional Attributes crossCertificatePairSchema File 00-core.ldifOID 2.5.6.16Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes authorityRevocationList, cACertificate, certificateRevocationList, objectClass
changeLogEntryEntries of this object class represent changes made to a directory server. The set of changes made toa directory server is given by the set of all entries in the changelog, ordered by changeNumber.
Note The changeNumber is unique to a server, and not necessarily shared or synchronized acrossservers. The change numbers for ForgeRock servers can be synchronized using the dsrepl reset-change-number command. ForgeRock servers also provide an alternative changeLogCookie attribute, whichcan be used reliably across a replicated topology.
A client application may synchronize its local copy of directory data by reading the server's changelogfor entries where the changeNumber is greater than or equal to the last change that the client read from
Object ClassescollectiveAttributeSubentry
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 532
the server. A server can, however, trim its changelog. If the last change read from the changelog isnot returned in search results, the client application must fall back to rebuilding its entire copy ofdirectory data.
Names changeLogEntryOrigin draft-good-ldap-changelogSuperior Classes topOptional Attributes changes, deleteOldRDN, newRDN, newSuperiorSchema File 03-changelog.ldifOID 2.16.840.1.113730.3.2.1Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes changeNumber, changeTime, changeType, objectClass, targetDN
collectiveAttributeSubentrySubentry for allocating collective attributes, which are attributes that apply to a group of entries.
Names collectiveAttributeSubentryOrigin RFC 3671Description LDAP Collective Attributes Subentry classSchema File 00-core.ldifOID 2.5.17.2Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.
containerMicrosoft Active Directory object class for an entry used to contain other classes.
Names containerOrigin Microsoft Active DirectorySuperior Classes topSchema File 03-changelog.ldifOID 1.2.840.113556.1.3.23Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.
Object ClassescorbaContainer
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 533
Required Attributes cn, objectClass
corbaContainerEntry that contains a CORBA object.
Names corbaContainerOrigin RFC 2714Superior Classes topDescription Container for a CORBA objectSchema File 03-rfc2714.ldifOID 1.3.6.1.4.1.42.2.27.4.2.10Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass
corbaObjectAbstract parent for entries that represent CORBA objects.
Names corbaObjectOrigin RFC 2714Superior Classes topDescription CORBA object representationOptional Attributes corbaRepositoryId, descriptionSchema File 03-rfc2714.ldifOID 1.3.6.1.4.1.42.2.27.4.2.9Class Type ABSTRACT: for use when defining other object classes.Required Attributes objectClass
corbaObjectReferenceEntry that represents a reference to a CORBA object.
Names corbaObjectReferenceOrigin RFC 2714
Object Classescountry
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 534
Superior Classes corbaObjectDescription CORBA interoperable object referenceOptional Attributes corbaRepositoryId, descriptionSchema File 03-rfc2714.ldifOID 1.3.6.1.4.1.42.2.27.4.2.11Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes corbaIor, objectClass
countryRepresents a country.
Names countryOrigin RFC 4519Superior Classes topOptional Attributes description, searchGuideSchema File 00-core.ldifOID 2.5.6.2Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes c, objectClass
cRLDistributionPointObject class for augmenting entries that act as certificate revocation list distribution points, asdescribed in X.509 clause 11.1.3.
Names cRLDistributionPointOrigin RFC 4523Superior Classes topOptional Attributes authorityRevocationList, certificateRevocationList, deltaRevocationListSchema File 00-core.ldifOID 2.5.6.19Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.
Object ClassesdcObject
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 535
Required Attributes cn, objectClass
dcObjectPermits an entry to hold domain component information.
Names dcObjectOrigin RFC 4519Superior Classes topSchema File 00-core.ldifOID 1.3.6.1.4.1.1466.344Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes dc, objectClass
deltaCRLObject class for augmenting entries that hold delta revocation lists, as described in X.509 clause11.1.4.
Names deltaCRLOrigin RFC 4523Superior Classes topDescription X.509 delta CRLOptional Attributes deltaRevocationListSchema File 00-core.ldifOID 2.5.6.23Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
deviceRepresents an appliance, computer, or network element.
Names device
Object ClassesdevicePrintProfilesContainer
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 536
Origin RFC 4519Superior Classes topOptional Attributes description, l, o, ou, owner, seeAlso, serialNumberSchema File 00-core.ldifOID 2.5.6.14Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass
devicePrintProfilesContainerNames devicePrintProfilesContainerOrigin OpenAMSuperior Classes topDescription Class containing device print profilesOptional Attributes devicePrintProfilesSchema File 60-identity-store-ds-deviceprint.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.2.4Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
deviceProfilesContainerNames deviceProfilesContainerOrigin OpenAMSuperior Classes topDescription Class containing device profilesOptional Attributes deviceProfilesSchema File 60-identity-store-ds-deviceprofiles.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.2.13Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.
Object Classesdmd
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 537
Required Attributes objectClass
dmdRepresents a Directory Management Domain, which is the administrative authority for this directoryserver.
Names dmdOrigin RFC 2256Superior Classes topOptional Attributes businessCategory, description, destinationIndicator, facsimileTelephoneNumber,
internationaliSDNNumber, l, physicalDeliveryOfficeName, postOfficeBox,postalAddress, postalCode, preferredDeliveryMethod, registeredAddress,searchGuide, seeAlso, st, street, telephoneNumber, teletexTerminalIdentifier,telexNumber, userPassword, x121Address
Schema File 00-core.ldifOID 2.5.6.20Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes dmdName, objectClass
dNSDomainEntries of this object class represent DNS domains.
Names dNSDomainOrigin RFC 1274Superior Classes domainOptional Attributes aRecord, associatedName, businessCategory, cNAMERecord, description,
destinationIndicator, facsimileTelephoneNumber, internationaliSDNNumber, l,mDRecord, mxRecord, nSRecord, o, physicalDeliveryOfficeName, postOfficeBox,postalAddress, postalCode, preferredDeliveryMethod, registeredAddress,sOARecord, searchGuide, seeAlso, st, street, telephoneNumber,teletexTerminalIdentifier, telexNumber, userPassword, x121Address
Schema File 00-core.ldifOID 0.9.2342.19200300.100.4.15Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes dc, objectClass
Object Classesdocument
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 538
documentEntries of this object class represent documents.
Names documentOrigin RFC 4524Superior Classes topOptional Attributes cn, description, documentAuthor, documentLocation, documentPublisher,
documentTitle, documentVersion, l, o, ou, seeAlsoSchema File 00-core.ldifOID 0.9.2342.19200300.100.4.6Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes documentIdentifier, objectClass
documentSeriesEntries of this object class represent a series of documents.
Names documentSeriesOrigin RFC 4524Superior Classes topOptional Attributes description, l, o, ou, seeAlso, telephoneNumberSchema File 00-core.ldifOID 0.9.2342.19200300.100.4.9Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass
domainEntries of this object class represent DNS domains for entries that do not represent organizations ororganizational units. For organizations or organizational units, see domainRelatedObject.
Use dc as the naming attribute.
Names domainOrigin RFC 4524
Object ClassesdomainRelatedObject
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 539
Superior Classes topOptional Attributes associatedName, businessCategory, description, destinationIndicator,
facsimileTelephoneNumber, internationaliSDNNumber, l, o,physicalDeliveryOfficeName, postOfficeBox, postalAddress, postalCode,preferredDeliveryMethod, registeredAddress, searchGuide, seeAlso, st, street,telephoneNumber, teletexTerminalIdentifier, telexNumber, userPassword,x121Address
Schema File 00-core.ldifOID 0.9.2342.19200300.100.4.13Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes dc, objectClass
domainRelatedObjectEntries of this object class represent DNS domains that are equivalent to an X.500 domain, in otherwords an organization or organizational unit.
Names domainRelatedObjectOrigin RFC 4524Superior Classes topSchema File 00-core.ldifOID 0.9.2342.19200300.100.4.17Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes associatedDomain, objectClass
ds-certificate-userObject class for a user or application entry with a digital certificate.
Names ds-certificate-userOrigin OpenDS Directory ServerSuperior Classes topOptional Attributes ds-certificate-fingerprint, ds-certificate-issuer-dn, ds-certificate-subject-dn,
userCertificateSchema File 02-config.ldifOID 1.3.6.1.4.1.26027.1.2.82
Object Classesds-monitor-backend-db
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 540
Class Type AUXILIARY: for use in augmenting attributes of entries that already have astructural object class.
Required Attributes objectClass
ds-monitor-backend-dbNames ds-monitor-backend-dbOrigin OpenDJ Directory ServerSuperior Classes ds-monitor-backend-pluggableDescription Database backend metricsOptional Attributes ds-mon-backend-degraded-index, ds-mon-backend-entry-count, ds-mon-backend-
filter-useSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.96Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes ds-mon-backend-degraded-index-count, ds-mon-backend-filter-use-indexed, ds-
mon-backend-filter-use-start-time, ds-mon-backend-filter-use-unindexed, ds-mon-backend-is-private, ds-mon-backend-ttl-entries-deleted, ds-mon-backend-ttl-is-running, ds-mon-backend-ttl-last-run-time, ds-mon-backend-ttl-queue-size, ds-mon-backend-ttl-thread-count, ds-mon-backend-writability-mode, ds-mon-db-cache-evict-internal-nodes-count, ds-mon-db-cache-evict-leaf-nodes-count, ds-mon-db-cache-leaf-nodes, ds-mon-db-cache-misses-internal-nodes, ds-mon-db-cache-misses-leaf-nodes, ds-mon-db-cache-size-active, ds-mon-db-cache-size-total, ds-mon-db-cache-total-tries-internal-nodes, ds-mon-db-cache-total-tries-leaf-nodes,ds-mon-db-checkpoint-count, ds-mon-db-log-cleaner-file-deletion-count, ds-mon-db-log-files-open, ds-mon-db-log-files-opened, ds-mon-db-log-size-active, ds-mon-db-log-size-total, ds-mon-db-log-utilization-max, ds-mon-db-log-utilization-min, ds-mon-db-version, objectClass, ds-cfg-backend-id
ds-monitor-backend-pluggableNames ds-monitor-backend-pluggableOrigin OpenDJ Directory ServerSuperior Classes ds-monitor-backendDescription Pluggable backend metricsOptional Attributes ds-mon-backend-degraded-index, ds-mon-backend-entry-count, ds-mon-backend-
filter-useSchema File 02-config.ldif
Object Classesds-monitor-backend-proxy
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 541
OID 1.3.6.1.4.1.36733.2.1.2.75Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes ds-mon-backend-degraded-index-count, ds-mon-backend-filter-use-indexed, ds-
mon-backend-filter-use-start-time, ds-mon-backend-filter-use-unindexed, ds-mon-backend-is-private, ds-mon-backend-ttl-entries-deleted, ds-mon-backend-ttl-is-running, ds-mon-backend-ttl-last-run-time, ds-mon-backend-ttl-queue-size, ds-mon-backend-ttl-thread-count, ds-mon-backend-writability-mode, objectClass, ds-cfg-backend-id
ds-monitor-backend-proxyNames ds-monitor-backend-proxyOrigin OpenDJ Directory ServerSuperior Classes ds-monitor-backendDescription Proxy backend metricsOptional Attributes ds-mon-backend-entry-countSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.93Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes ds-mon-backend-is-private, ds-mon-backend-proxy-base-dn, ds-mon-backend-
proxy-shard, ds-mon-backend-writability-mode, objectClass, ds-cfg-backend-id
ds-monitor-backendNames ds-monitor-backendOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Backend metricsOptional Attributes ds-mon-backend-entry-countSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.74Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes ds-mon-backend-is-private, ds-mon-backend-writability-mode, objectClass, ds-cfg-
backend-id
Object Classesds-monitor-base-dn
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 542
ds-monitor-base-dnNames ds-monitor-base-dnOrigin OpenDJ Directory ServerSuperior Classes ds-monitor-backendDescription Metrics for base DN handled in a backendOptional Attributes ds-mon-backend-entry-countSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.94Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes ds-mon-backend-is-private, ds-mon-backend-writability-mode, ds-mon-base-dn, ds-
mon-base-dn-entry-count, objectClass, ds-cfg-backend-id
ds-monitor-branchNames ds-monitor-branchOrigin OpenDJ Directory ServerSuperior Classes topDescription Glue entry with no metrics of its ownSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.69Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass
ds-monitor-certificateNames ds-monitor-certificateOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Key manager certificate metricsSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.73Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.
Object Classesds-monitor-changelog-domain
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 543
Required Attributes ds-mon-alias, ds-mon-certificate-expires-at, ds-mon-certificate-issuer-dn, ds-mon-certificate-serial-number, ds-mon-certificate-subject-dn, objectClass
ds-monitor-changelog-domain
Names ds-monitor-changelog-domainOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Replication server changelog domain metricsSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.89Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes ds-mon-domain-generation-id, ds-mon-domain-name, objectClass
ds-monitor-changelog
Names ds-monitor-changelogOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Replication server metricsSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.88Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, ds-mon-newest-change-number, ds-mon-oldest-change-number, ds-mon-server-
id, objectClass
ds-monitor-connected-changelog
Names ds-monitor-connected-changelogOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Metrics for a remote replication server connected to this replication server
Object Classesds-monitor-connected-replica
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 544
Optional Attributes ds-mon-server-stateSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.87Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes ds-mon-changelog-hostport, ds-mon-changelog-id, ds-mon-connected-to-server-
hostport, ds-mon-current-receive-window, ds-mon-domain-generation-id, ds-mon-ssl-encryption, objectClass
ds-monitor-connected-replicaNames ds-monitor-connected-replicaOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Metrics for a remote replica connected to this serverSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.84Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes ds-mon-admin-hostport, ds-mon-connected-to-server-hostport, ds-mon-current-
receive-window, ds-mon-domain-generation-id, ds-mon-server-id, ds-mon-ssl-encryption, objectClass
ds-monitor-connection-handlerNames ds-monitor-connection-handlerOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Connection handler metricsSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.70Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, ds-mon-active-connections-count, ds-mon-bytes-read, ds-mon-bytes-written, ds-
mon-config-dn, ds-mon-listen-address, ds-mon-protocol, ds-mon-requests-failure-client-invalid-request, ds-mon-requests-failure-client-security, ds-mon-requests-failure-server, ds-mon-requests-failure-uncategorized, objectClass
Object Classesds-monitor-disk-space
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 545
ds-monitor-disk-spaceNames ds-monitor-disk-spaceOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Monitored disks metricsSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.78Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes ds-mon-disk-dir, ds-mon-disk-free, ds-mon-disk-full-threshold, ds-mon-disk-low-
threshold, ds-mon-disk-root, ds-mon-disk-state, objectClass
ds-monitor-entry-cacheNames ds-monitor-entry-cacheOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Entry cache metricsOptional Attributes ds-mon-cache-max-entry-count, ds-mon-cache-max-size-bytesSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.79Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, ds-mon-cache-entry-count, ds-mon-cache-misses, ds-mon-cache-total-tries,
objectClass
ds-monitor-health-statusNames ds-monitor-health-statusOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription The server health statusOptional Attributes ds-mon-alive-errors, ds-mon-healthy-errorsSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.99
Object Classesds-monitor-http-connection-handler
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 546
Class Type STRUCTURAL: for structural specification of the DIT. Entries have only onestructural object class superclass chain.
Required Attributes cn, ds-mon-alive, ds-mon-healthy, objectClass
ds-monitor-http-connection-handlerNames ds-monitor-http-connection-handlerOrigin OpenDJ Directory ServerSuperior Classes ds-monitor-connection-handlerDescription HTTP connection handler metricsSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.72Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, ds-mon-active-connections-count, ds-mon-bytes-read, ds-mon-bytes-written,
ds-mon-config-dn, ds-mon-listen-address, ds-mon-protocol, ds-mon-requests-delete, ds-mon-requests-failure-client-invalid-request, ds-mon-requests-failure-client-redirect, ds-mon-requests-failure-client-security, ds-mon-requests-failure-server, ds-mon-requests-failure-uncategorized, ds-mon-requests-get, ds-mon-requests-patch, ds-mon-requests-post, ds-mon-requests-put, ds-mon-requests-uncategorized, objectClass
ds-monitor-je-databaseNames ds-monitor-je-databaseOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription JE database metricsSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.77Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass
ds-monitor-jvmNames ds-monitor-jvm
Object Classesds-monitor-ldap-connection-handler
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 547
Origin OpenDJ Directory ServerSuperior Classes ds-monitorDescription JVM metricsOptional Attributes ds-mon-jvm-threads-deadlocksSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.81Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes ds-mon-jvm-architecture, ds-mon-jvm-arguments, ds-mon-jvm-available-cpus, ds-
mon-jvm-class-path, ds-mon-jvm-classes-loaded, ds-mon-jvm-classes-unloaded, ds-mon-jvm-java-home, ds-mon-jvm-java-vendor, ds-mon-jvm-java-version, ds-mon-jvm-memory-heap-init, ds-mon-jvm-memory-heap-max, ds-mon-jvm-memory-heap-reserved, ds-mon-jvm-memory-heap-used, ds-mon-jvm-memory-init, ds-mon-jvm-memory-max, ds-mon-jvm-memory-non-heap-init, ds-mon-jvm-memory-non-heap-max, ds-mon-jvm-memory-non-heap-reserved, ds-mon-jvm-memory-non-heap-used,ds-mon-jvm-memory-reserved, ds-mon-jvm-memory-used, ds-mon-jvm-supported-tls-ciphers, ds-mon-jvm-supported-tls-protocols, ds-mon-jvm-threads-blocked-count, ds-mon-jvm-threads-count, ds-mon-jvm-threads-daemon-count, ds-mon-jvm-threads-deadlock-count, ds-mon-jvm-threads-new-count, ds-mon-jvm-threads-runnable-count, ds-mon-jvm-threads-terminated-count, ds-mon-jvm-threads-timed-waiting-count, ds-mon-jvm-threads-waiting-count, ds-mon-jvm-vendor, ds-mon-jvm-version, objectClass
ds-monitor-ldap-connection-handlerNames ds-monitor-ldap-connection-handlerOrigin OpenDJ Directory ServerSuperior Classes ds-monitor-connection-handlerDescription LDAP connection handler metricsOptional Attributes ds-mon-connectionSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.71Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, ds-mon-abandoned-requests, ds-mon-active-connections-count, ds-mon-active-
persistent-searches, ds-mon-bytes-read, ds-mon-bytes-written, ds-mon-config-dn,ds-mon-connections, ds-mon-listen-address, ds-mon-protocol, ds-mon-requests-abandon, ds-mon-requests-add, ds-mon-requests-bind, ds-mon-requests-compare,ds-mon-requests-delete, ds-mon-requests-extended, ds-mon-requests-failure-client-invalid-request, ds-mon-requests-failure-client-referral, ds-mon-requests-failure-client-resource-limit, ds-mon-requests-failure-client-security, ds-mon-requests-failure-server, ds-mon-requests-failure-uncategorized, ds-mon-requests-modify, ds-
Object Classesds-monitor-raw-je-database-statistics
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 548
mon-requests-modify-dn, ds-mon-requests-search-base, ds-mon-requests-search-one, ds-mon-requests-search-sub, ds-mon-requests-unbind, ds-mon-requests-uncategorized, objectClass
ds-monitor-raw-je-database-statisticsNames ds-monitor-raw-je-database-statisticsOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Raw metrics exposed by a JE databaseSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.95Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass
ds-monitor-remote-replicaNames ds-monitor-remote-replicaOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Remote replica metricsSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.90Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes ds-mon-domain-name, ds-mon-receive-delay, ds-mon-replay-delay, ds-mon-
replayed-updates, ds-mon-server-id, objectClass
ds-monitor-replica-dbNames ds-monitor-replica-dbOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Replica database metrics
Object Classesds-monitor-replica
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 549
Schema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.85Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes ds-mon-newest-csn, ds-mon-newest-csn-timestamp, ds-mon-oldest-csn, ds-mon-
oldest-csn-timestamp, ds-mon-server-id, objectClass
ds-monitor-replica
Names ds-monitor-replicaOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Local replica metricsOptional Attributes ds-mon-total-update, ds-mon-total-update-entry-count, ds-mon-total-update-entry-
leftSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.91Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes ds-mon-connected-to-server-hostport, ds-mon-connected-to-server-id, ds-mon-
current-receive-window, ds-mon-domain-generation-id, ds-mon-domain-name, ds-mon-entries-awaiting-updates-count, ds-mon-lost-connections, ds-mon-receive-delay, ds-mon-replay-delay, ds-mon-replayed-updates, ds-mon-replayed-updates-conflicts-resolved, ds-mon-replayed-updates-conflicts-unresolved, ds-mon-sent-updates, ds-mon-server-id, ds-mon-ssl-encryption, ds-mon-status, ds-mon-status-last-changed, ds-mon-updates-inbound-queue, ds-mon-updates-outbound-queue,ds-mon-updates-totals-per-replay-thread, objectClass
ds-monitor-server
Names ds-monitor-serverOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Directory Server version information and other global metricsOptional Attributes ds-mon-build-number, ds-mon-fix-ids, ds-mon-version-qualifierSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.76
Object Classesds-monitor-topology-server
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 550
Class Type STRUCTURAL: for structural specification of the DIT. Entries have only onestructural object class superclass chain.
Required Attributes ds-mon-build-time, ds-mon-compact-version, ds-mon-current-connections, ds-mon-current-time, ds-mon-full-version, ds-mon-install-path, ds-mon-instance-path, ds-mon-major-version, ds-mon-max-connections, ds-mon-minor-version, ds-mon-os-architecture, ds-mon-os-name, ds-mon-os-version, ds-mon-point-version, ds-mon-product-name, ds-mon-revision, ds-mon-short-name, ds-mon-start-time, ds-mon-system-name, ds-mon-total-connections, ds-mon-vendor-name, ds-mon-working-directory, objectClass
ds-monitor-topology-serverNames ds-monitor-topology-serverOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription A server in the topologyOptional Attributes ds-mon-admin-hostport, ds-mon-changelog-hostport, ds-mon-changelog-purge-
delay, ds-mon-ldap-hostport, ds-mon-ldap-starttls-hostport, ds-mon-ldaps-hostport,ds-mon-replication-domain
Schema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.103Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes ds-mon-group-id, ds-mon-last-seen, ds-mon-process-id, ds-mon-replication-
protocol-version, ds-mon-server-id, ds-mon-server-is-local, objectClass
ds-monitor-work-queueNames ds-monitor-work-queueOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Work queue metricsSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.83Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, ds-mon-requests-in-queue, ds-mon-requests-rejected-queue-full, ds-mon-
requests-submitted, objectClass
Object Classesds-monitor
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 551
ds-monitor
Names ds-monitorOrigin OpenDJ Directory ServerSuperior Classes topDescription Base object class for Directory Server metricsSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.68Class Type ABSTRACT: for use when defining other object classes.Required Attributes objectClass
ds-pwp-attribute-value-validator
Names ds-pwp-attribute-value-validatorOrigin ForgeRock Directory ServerSuperior Classes ds-pwp-validatorOptional Attributes ds-pwp-attribute-value-check-substrings, ds-pwp-attribute-value-match-attribute,
ds-pwp-attribute-value-min-substring-length, ds-pwp-attribute-value-test-reversed-password
Schema File 03-pwpolicyextension.ldifOID 1.3.6.1.4.1.36733.2.1.2.118Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
ds-pwp-character-set-validator
Names ds-pwp-character-set-validatorOrigin ForgeRock Directory ServerSuperior Classes ds-pwp-validatorOptional Attributes ds-pwp-character-set-allow-unclassified-characters, ds-pwp-character-set-
character-set, ds-pwp-character-set-character-set-ranges, ds-pwp-character-set-min-character-sets
Schema File 03-pwpolicyextension.ldifOID 1.3.6.1.4.1.36733.2.1.2.119
Object Classesds-pwp-dictionary-validator
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 552
Class Type AUXILIARY: for use in augmenting attributes of entries that already have astructural object class.
Required Attributes objectClass
ds-pwp-dictionary-validatorNames ds-pwp-dictionary-validatorOrigin ForgeRock Directory ServerSuperior Classes ds-pwp-validatorOptional Attributes ds-pwp-dictionary-case-sensitive-validation, ds-pwp-dictionary-check-substrings,
ds-pwp-dictionary-min-substring-length, ds-pwp-dictionary-test-reversed-passwordSchema File 03-pwpolicyextension.ldifOID 1.3.6.1.4.1.36733.2.1.2.117Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes ds-pwp-dictionary-data, objectClass
ds-pwp-length-based-validatorNames ds-pwp-length-based-validatorOrigin ForgeRock Directory ServerSuperior Classes ds-pwp-validatorOptional Attributes ds-pwp-length-based-max-password-length, ds-pwp-length-based-min-password-
lengthSchema File 03-pwpolicyextension.ldifOID 1.3.6.1.4.1.36733.2.1.2.112Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
ds-pwp-password-policyNames ds-pwp-password-policyOrigin ForgeRock Directory ServerSuperior Classes top
Object Classesds-pwp-random-generator
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 553
Optional Attributes cn, ds-pwp-account-status-notification-handler, ds-pwp-allow-expired-password-changes, ds-pwp-allow-multiple-password-values, ds-pwp-allow-pre-encoded-passwords, ds-pwp-allow-user-password-changes, ds-pwp-deprecated-password-storage-scheme, ds-pwp-expire-passwords-without-warning, ds-pwp-force-change-on-add, ds-pwp-force-change-on-reset, ds-pwp-grace-login-count, ds-pwp-idle-lockout-interval, ds-pwp-last-login-time-attribute, ds-pwp-last-login-time-format,ds-pwp-lockout-duration, ds-pwp-lockout-failure-count, ds-pwp-lockout-failure-expiration-interval, ds-pwp-max-password-age, ds-pwp-max-password-reset-age,ds-pwp-min-password-age, ds-pwp-password-change-requires-current-password,ds-pwp-password-expiration-warning-interval, ds-pwp-password-history-count, ds-pwp-password-history-duration, ds-pwp-previous-last-login-time-format, ds-pwp-require-change-by-time, ds-pwp-require-secure-authentication, ds-pwp-require-secure-password-changes, ds-pwp-skip-validation-for-administrators, ds-pwp-state-update-failure-policy
Schema File 03-pwpolicyextension.ldifOID 1.3.6.1.4.1.36733.2.1.2.110Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes ds-pwp-default-password-storage-scheme, ds-pwp-password-attribute, objectClass
ds-pwp-random-generatorNames ds-pwp-random-generatorOrigin ForgeRock Directory ServerSuperior Classes topSchema File 03-pwpolicyextension.ldifOID 1.3.6.1.4.1.36733.2.1.2.113Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes ds-pwp-random-password-character-set, ds-pwp-random-password-format,
objectClass
ds-pwp-repeated-characters-validatorNames ds-pwp-repeated-characters-validatorOrigin ForgeRock Directory ServerSuperior Classes ds-pwp-validatorOptional Attributes ds-pwp-repeated-characters-case-sensitive-validation, ds-pwp-repeated-characters-
max-consecutive-lengthSchema File 03-pwpolicyextension.ldif
Object Classesds-pwp-similarity-based-validator
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 554
OID 1.3.6.1.4.1.36733.2.1.2.116Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
ds-pwp-similarity-based-validatorNames ds-pwp-similarity-based-validatorOrigin ForgeRock Directory ServerSuperior Classes ds-pwp-validatorOptional Attributes ds-pwp-similarity-based-min-password-differenceSchema File 03-pwpolicyextension.ldifOID 1.3.6.1.4.1.36733.2.1.2.114Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
ds-pwp-unique-characters-validatorNames ds-pwp-unique-characters-validatorOrigin ForgeRock Directory ServerSuperior Classes ds-pwp-validatorOptional Attributes ds-pwp-unique-characters-case-sensitive-validation, ds-pwp-unique-characters-
min-unique-charactersSchema File 03-pwpolicyextension.ldifOID 1.3.6.1.4.1.36733.2.1.2.115Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
ds-pwp-validatorNames ds-pwp-validatorOrigin ForgeRock Directory ServerSuperior Classes top
Object Classesds-root-dse
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 555
Schema File 03-pwpolicyextension.ldifOID 1.3.6.1.4.1.36733.2.1.2.111Class Type ABSTRACT: for use when defining other object classes.Required Attributes objectClass
ds-root-dseObject class for the server root DSE entry.
Names ds-root-dseOrigin OpenDS Directory ServerSuperior Classes topSchema File 02-config.ldifOID 1.3.6.1.4.1.26027.1.2.53Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass
ds-virtual-static-groupObject class for an entry allowing a dynamic group to appear as a static group to applications.
Names ds-virtual-static-groupOrigin OpenDS Directory ServerSuperior Classes topSchema File 02-config.ldifOID 1.3.6.1.4.1.26027.1.2.98Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes ds-target-group-dn, objectClass
dSARepresents a Directory Specific Agent, the part of a directory service that provides user agentsaccess to directory data.
Names dSA
Object ClassesDUAConfigProfile
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 556
Origin RFC 2256Superior Classes applicationEntityOptional Attributes description, knowledgeInformation, l, o, ou, seeAlso, supportedApplicationContextSchema File 00-core.ldifOID 2.5.6.13Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass, presentationAddress
DUAConfigProfileNames DUAConfigProfileOrigin RFC 4876Superior Classes topDescription Abstraction of a base configuration for a DUAOptional Attributes attributeMap, authenticationMethod, bindTimeLimit, credentialLevel,
defaultSearchBase, defaultSearchScope, defaultServerList, dereferenceAliases,followReferrals, objectclassMap, preferredServerList, profileTTL,searchTimeLimit, serviceAuthenticationMethod, serviceCredentialLevel,serviceSearchDescriptor
Schema File 05-rfc4876.ldifOID 1.3.6.1.4.1.11.1.3.1.2.5Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass
extensibleObjectAuxiliary object class that allows the entry to hold any user attribute.
Attributes required or precluded by other object classes are still required or precluded when thisobject class is present.
Names extensibleObjectOrigin RFC 4512Superior Classes topOptional Attributes All attributesSchema File 00-core.ldif
Object Classesforgerock-am-dashboard-service
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 557
OID 1.3.6.1.4.1.1466.101.120.111Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
forgerock-am-dashboard-serviceNames forgerock-am-dashboard-serviceOrigin ForgerockOptional Attributes assignedDashboardSchema File 60-identity-store-ds-dashboard.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.2.3.1Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.
fr-idm-cluster-objNames fr-idm-cluster-objOrigin OpenIDM DSRepoServiceSuperior Classes topSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.8Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes fr-idm-cluster-json, objectClass
fr-idm-generic-objNames fr-idm-generic-objOrigin OpenIDM DSRepoServiceSuperior Classes topSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.
Object Classesfr-idm-hybrid-obj
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 558
OID 1.3.6.1.4.1.36733.2.3.2.3Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes fr-idm-json, objectClass
fr-idm-hybrid-objNames fr-idm-hybrid-objOrigin OpenIDM DSRepoServiceSuperior Classes topOptional Attributes fr-idm-custom-attrsSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.18Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
fr-idm-internal-roleNames fr-idm-internal-roleOrigin OpenIDM DSRepoServiceSuperior Classes topOptional Attributes description, fr-idm-condition, fr-idm-internal-role-authzmembers-internal-user, fr-
idm-internal-role-authzmembers-managed-user, fr-idm-name, fr-idm-privilege, fr-idm-temporal-constraints
Schema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.4Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass
fr-idm-internal-userNames fr-idm-internal-user
Object Classesfr-idm-link
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 559
Origin OpenIDM DSRepoServiceSuperior Classes topOptional Attributes fr-idm-internal-user-authzroles-internal-role, fr-idm-internal-user-authzroles-
managed-role, fr-idm-passwordSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.2Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass
fr-idm-linkNames fr-idm-linkOrigin OpenIDM DSRepoServiceSuperior Classes topSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.1Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes fr-idm-link-firstid, fr-idm-link-firstid-constraint, fr-idm-link-qualifier, fr-idm-link-
secondid, fr-idm-link-secondid-constraint, fr-idm-link-type, objectClass
fr-idm-lockNames fr-idm-lockOrigin OpenIDM DSRepoServiceSuperior Classes topOptional Attributes fr-idm-lock-nodeidSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.13Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass
Object Classesfr-idm-managed-assignment
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 560
fr-idm-managed-assignment
Names fr-idm-managed-assignmentOrigin OpenIDM DSRepoServiceSuperior Classes topSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.20Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes fr-idm-managed-assignment-json, objectClass
fr-idm-managed-role
Names fr-idm-managed-roleOrigin OpenIDM DSRepoServiceSuperior Classes topOptional Attributes fr-idm-managed-role-assignmentsSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.9Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes fr-idm-managed-role-json, objectClass
fr-idm-managed-user-explicit
Names fr-idm-managed-user-explicitOrigin OpenIDM DSRepoServiceSuperior Classes topDescription Maps an explicit managed user where all data is mapped to individual LDAP
attributesOptional Attributes co, fr-idm-accountStatus, fr-idm-consentedMapping, fr-idm-effectiveAssignment,
fr-idm-effectiveRole, fr-idm-kbaInfo, fr-idm-lastSync, fr-idm-managed-user-authzroles-internal-role, fr-idm-managed-user-authzroles-managed-role, fr-
Object Classesfr-idm-managed-user-hybrid-obj
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 561
idm-managed-user-manager, fr-idm-managed-user-meta, fr-idm-managed-user-notifications, fr-idm-managed-user-roles, fr-idm-password, fr-idm-preferences, fr-idm-role, fr-idm-uuid
Schema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.17Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
fr-idm-managed-user-hybrid-obj
Names fr-idm-managed-user-hybrid-objOrigin OpenIDM DSRepoServiceSuperior Classes topOptional Attributes fr-idm-managed-user-custom-attrsSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.19Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
fr-idm-managed-user
Names fr-idm-managed-userOrigin OpenIDM DSRepoServiceSuperior Classes topDescription Maps a generic managed user where all data is stored in the json LDAP attribute
as a json blob, reference attributes are explicitly mappedOptional Attributes fr-idm-managed-user-authzroles-internal-role, fr-idm-managed-user-authzroles-
managed-role, fr-idm-managed-user-manager, fr-idm-managed-user-meta, fr-idm-managed-user-notifications, fr-idm-managed-user-roles
Schema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.6
Object Classesfr-idm-notification
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 562
Class Type STRUCTURAL: for structural specification of the DIT. Entries have only onestructural object class superclass chain.
Required Attributes fr-idm-managed-user-json, objectClass
fr-idm-notificationNames fr-idm-notificationOrigin OpenIDM DSRepoServiceSuperior Classes topSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.21Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes fr-idm-notification-json, objectClass
fr-idm-recon-clusteredTargetIdsNames fr-idm-recon-clusteredTargetIdsOrigin OpenIDM DSRepoServiceSuperior Classes topSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.5Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes fr-idm-recon-id, fr-idm-recon-targetIds, objectClass
fr-idm-reconassocNames fr-idm-reconassocOrigin OpenIDM DSRepoServiceSuperior Classes topOptional Attributes fr-idm-reconassoc-finishtimeSchema File 60-repo-schema.ldif
Object Classesfr-idm-reconassocentry
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 563
Interface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.15Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes fr-idm-reconassoc-isanalysis, fr-idm-reconassoc-mapping, fr-idm-reconassoc-
reconid, fr-idm-reconassoc-sourceresourcecollection, fr-idm-reconassoc-targetresourcecollection, objectClass
fr-idm-reconassocentryNames fr-idm-reconassocentryOrigin OpenIDM DSRepoServiceSuperior Classes topOptional Attributes fr-idm-reconassocentry-action, fr-idm-reconassocentry-ambiguoustargetobjectids,
fr-idm-reconassocentry-exception, fr-idm-reconassocentry-message, fr-idm-reconassocentry-messagedetail, fr-idm-reconassocentry-phase, fr-idm-reconassocentry-situation, fr-idm-reconassocentry-sourceobjectid, fr-idm-reconassocentry-targetobjectid
Schema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.16Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes fr-idm-reconassocentry-linkqualifier, fr-idm-reconassocentry-reconid, fr-idm-
reconassocentry-status, objectClass
fr-idm-relationshipNames fr-idm-relationshipOrigin OpenIDM DsSRepoServiceSuperior Classes topSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.10Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes fr-idm-relationship-json, objectClass
Object Classesfr-idm-syncqueue
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 564
fr-idm-syncqueue
Names fr-idm-syncqueueOrigin OpenIDM DSRepoServiceSuperior Classes topOptional Attributes fr-idm-syncqueue-newobject, fr-idm-syncqueue-nodeid, fr-idm-syncqueue-
objectrev, fr-idm-syncqueue-oldobject, fr-idm-syncqueue-remainingretriesSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.14Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes fr-idm-syncqueue-context, fr-idm-syncqueue-createdate, fr-idm-syncqueue-
mapping, fr-idm-syncqueue-resourcecollection, fr-idm-syncqueue-resourceid, fr-idm-syncqueue-state, fr-idm-syncqueue-syncaction, objectClass
frCoreToken
Names frCoreTokenOrigin ForgeRock OpenAM CTSv2Superior Classes topDescription object containing ForgeRock Core TokenOptional Attributes coreTokenDate01, coreTokenDate02, coreTokenDate03, coreTokenDate04,
coreTokenDate05, coreTokenExpirationDate, coreTokenInteger01,coreTokenInteger02, coreTokenInteger03, coreTokenInteger04,coreTokenInteger05, coreTokenInteger06, coreTokenInteger07,coreTokenInteger08, coreTokenInteger09, coreTokenInteger10,coreTokenMultiString01, coreTokenMultiString02, coreTokenMultiString03,coreTokenObject, coreTokenString01, coreTokenString02, coreTokenString03,coreTokenString04, coreTokenString05, coreTokenString06, coreTokenString07,coreTokenString08, coreTokenString09, coreTokenString10, coreTokenString11,coreTokenString12, coreTokenString13, coreTokenString14, coreTokenString15,coreTokenTtlDate, coreTokenUserId
Schema File 60-cts-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.2.27Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes coreTokenId, coreTokenType, objectClass
Object ClassesfriendlyCountry
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 565
friendlyCountryEntries of this object class represent countries. This object class allows friendlier naming thanallowed by the country object class.
Names friendlyCountryOrigin RFC 4524Superior Classes countryOptional Attributes description, searchGuideSchema File 00-core.ldifOID 0.9.2342.19200300.100.4.18Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes c, co, objectClass
glueDSEE object class for an entry restored due to a replication conflict.
Names glueOrigin Sun Directory ServerSuperior Classes topSchema File 06-compat.ldifOID 2.16.840.1.113730.3.2.30Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass
groupOfEntriesThis object class is like the standard groupOfNames object class, except that the member attribute isoptional, making it possible to have an empty group.
Note The default schema defines groupOfNames as if it were groupOfEntries, making it possible to have anempty group. This is a deviation from the standard definition.
Names groupOfEntriesOrigin draft-findlay-ldap-groupofentries
Object ClassesgroupOfNames
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 566
Superior Classes topOptional Attributes businessCategory, description, member, o, ou, owner, seeAlsoSchema File 00-core.ldifOID 1.2.826.0.1.3458854.2.1.1Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass
groupOfNamesNote The default schema defines groupOfNames as if it were groupOfEntries, making it possible tohave an empty group. This is a deviation from the standard definition, as proposed in the LDAPgroupOfEntries Internet-Draft.
Names groupOfNamesOrigin RFC 4519Superior Classes topOptional Attributes businessCategory, description, member, o, ou, owner, seeAlsoSchema File 00-core.ldifOID 2.5.6.9Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass
groupOfUniqueNamesRepresents a set of named objects, like groupOfNames, including information relating to the purpose ormaintenance of the set. Object names are not repeated or reassigned within the set.
Names groupOfUniqueNamesOrigin RFC 4519Superior Classes topOptional Attributes businessCategory, description, o, ou, owner, seeAlso, uniqueMemberSchema File 00-core.ldifOID 2.5.6.17Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.
Object ClassesgroupOfURLs
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 567
Required Attributes cn, objectClass
groupOfURLsObject class for a dynamic group.
Names groupOfURLsOrigin Sun Java System Directory ServerSuperior Classes topDescription Sun-defined objectclassOptional Attributes businessCategory, description, memberURL, o, ou, owner, seeAlsoSchema File 00-core.ldifOID 2.16.840.1.113730.3.2.33Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass
ieee802DeviceNames ieee802DeviceOrigin draft-howard-rfc2307bisSuperior Classes topDescription A device with a MAC address; device SHOULD be used as a structural classOptional Attributes macAddressSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.11Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
inetOrgPersonA person object class for Internet and Intranet directory service deployments.
RFC 2798 specifies this object class in detail.
Example:
Object Classesinetuser
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 568
dn: uid=bjensen,ou=People,dc=example,dc=comobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersonuid: bjensenou: Product Developmentou: Peoplecn: Barbara Jensencn: Babs Jensengivenname: Barbarasn: Jensenmail: bjensen@example.comfacsimiletelephonenumber: +1 408 555 1992telephonenumber: +1 408 555 1862preferredLanguage: en, ko;q=0.8l: San Franciscomanager: uid=trigden, ou=People, dc=example,dc=comroomnumber: 0209userpassword: {PBKDF2-HMAC-SHA256}10000:<hash>description: Babs Jensen's entry
Names inetOrgPersonOrigin RFC 2798Superior Classes organizationalPersonOptional Attributes audio, businessCategory, carLicense, departmentNumber, description,
destinationIndicator, displayName, employeeNumber, employeeType,facsimileTelephoneNumber, givenName, homePhone, homePostalAddress,initials, internationaliSDNNumber, jpegPhoto, l, labeledURI, mail, manager,mobile, o, ou, pager, photo, physicalDeliveryOfficeName, postOfficeBox,postalAddress, postalCode, preferredDeliveryMethod, preferredLanguage,registeredAddress, roomNumber, secretary, seeAlso, st, street, telephoneNumber,teletexTerminalIdentifier, telexNumber, title, uid, userCertificate, userPKCS12,userPassword, userSMIMECertificate, x121Address, x500UniqueIdentifier
Schema File 00-core.ldifOID 2.16.840.1.113730.3.2.2Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass, sn
inetuserThis object class stores AM profile information.
Names inetuserOrigin Nortel subscriber interoperability
Object ClassesinheritableLDAPSubEntry
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 569
Superior Classes topDescription Auxiliary class which has to be present in an entry for delivery of subscriber
servicesOptional Attributes inetUserHttpURL, inetUserStatus, memberof, uid, userPasswordSchema File 60-identity-store-ds-schema.ldifOID 2.16.840.1.113730.3.2.130Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
inheritableLDAPSubEntryNames inheritableLDAPSubEntryOrigin draft-ietf-ldup-subentrySuperior Classes ldapSubEntryDescription Inheritable LDAP Subentry class, version 1Optional Attributes blockInheritance, cnSchema File 00-core.ldifOID 1.3.6.1.4.1.7628.5.6.1.1Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes inheritable, objectClass
inheritedCollectiveAttributeSubentryObject class for specifying how collective attributes are inherited.
Names inheritedCollectiveAttributeSubentryOrigin OpenDS Directory ServerSuperior Classes subentryDescription Inherited Collective Attributes Subentry classOptional Attributes collectiveConflictBehaviorSchema File 00-core.ldifOID 1.3.6.1.4.1.26027.1.2.238Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.
Object ClassesinheritedFromDNCollectiveAttributeSubentry
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 570
Required Attributes cn, inheritAttribute, objectClass, subtreeSpecification
inheritedFromDNCollectiveAttributeSubentryObject class for specifying an entry from which a collective attribute is inherited.
Names inheritedFromDNCollectiveAttributeSubentryOrigin OpenDS Directory ServerSuperior Classes inheritedCollectiveAttributeSubentryDescription Inherited from DN Collective Attributes Subentry classOptional Attributes collectiveConflictBehavior, inheritFromDNParentSchema File 00-core.ldifOID 1.3.6.1.4.1.26027.1.2.239Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, inheritAttribute, inheritFromDNAttribute, objectClass, subtreeSpecification
inheritedFromRDNCollectiveAttributeSubentryObject class for specifying a relative entry from which a collective attribute is inherited.
Names inheritedFromRDNCollectiveAttributeSubentryOrigin OpenDS Directory ServerSuperior Classes inheritedCollectiveAttributeSubentryDescription Inherited from RDN Collective Attributes Subentry classOptional Attributes collectiveConflictBehaviorSchema File 00-core.ldifOID 1.3.6.1.4.1.26027.1.2.240Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, inheritAttribute, inheritFromBaseRDN, inheritFromRDNAttribute,
inheritFromRDNType, objectClass, subtreeSpecification
ipHostNames ipHost
Object Classesiplanet-am-auth-configuration-service
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 571
Origin draft-howard-rfc2307bisSuperior Classes topDescription Abstraction of a host, an IP device. The distinguished value of the cn attribute
denotes the canonical name of the host. Device SHOULD be used as a structuralclass
Optional Attributes authPassword, description, l, manager, userPasswordSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.6Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes cn, ipHostNumber, objectClass
iplanet-am-auth-configuration-serviceThis object class stores AM profile information.
Names iplanet-am-auth-configuration-serviceOrigin OpenSSOSuperior Classes topDescription Authentication Configuration Service OCOptional Attributes iplanet-am-auth-configuration, iplanet-am-auth-login-failure-url, iplanet-am-auth-
login-success-url, iplanet-am-auth-post-login-process-class, oath2faEnabled,push2faEnabled
Schema File 60-identity-store-ds-schema.ldifOID 1.3.6.1.4.1.42.2.27.9.2.23Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
iplanet-am-managed-personThis object class stores AM profile information.
Names iplanet-am-managed-personOrigin OpenSSOSuperior Classes topDescription Managed Person OC
Object Classesiplanet-am-session-service
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 572
Optional Attributes iplanet-am-user-account-lifeSchema File 60-identity-store-ds-schema.ldifOID 2.16.840.1.113730.3.2.184Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
iplanet-am-session-serviceThis object class stores AM profile information.
Names iplanet-am-session-serviceOrigin OpenSSOSuperior Classes topDescription Session Service OCOptional Attributes iplanet-am-session-destroy-sessions, iplanet-am-session-get-valid-sessions, iplanet-
am-session-max-caching-time, iplanet-am-session-max-idle-time, iplanet-am-session-max-session-time, iplanet-am-session-quota-limit, iplanet-am-session-service-status
Schema File 60-identity-store-ds-schema.ldifOID 2.16.840.1.113730.3.2.175Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
iplanet-am-user-serviceThis object class stores AM profile information.
Names iplanet-am-user-serviceOrigin OpenSSOSuperior Classes topDescription User Service OCOptional Attributes iplanet-am-user-admin-start-dn, iplanet-am-user-alias-list, iplanet-am-user-auth-
config, iplanet-am-user-auth-modules, iplanet-am-user-failure-url, iplanet-am-user-login-status, iplanet-am-user-password-reset-force-reset, iplanet-am-user-password-reset-options, iplanet-am-user-password-reset-question-answer, iplanet-am-user-success-url, sunIdentityMSISDNNumber
Object ClassesiPlanetPreferences
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 573
Schema File 60-identity-store-ds-schema.ldifOID 2.16.840.1.113730.3.2.176Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
iPlanetPreferencesThis object class stores AM profile information.
Names iPlanetPreferencesOrigin iPlanetOptional Attributes preferredLanguage, preferredLocale, preferredTimeZoneSchema File 60-identity-store-ds-schema.ldifOID 1.3.6.1.4.1.1466.101.120.142Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.
ipNetworkNames ipNetworkOrigin draft-howard-rfc2307bisSuperior Classes topDescription Abstraction of a network. The distinguished value of the cn attribute denotes the
canonical name of the networkOptional Attributes cn, description, ipNetmaskNumber, l, managerSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.7Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes ipNetworkNumber, objectClass
ipProtocolNames ipProtocolOrigin draft-howard-rfc2307bis
Object ClassesipService
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 574
Superior Classes topDescription Abstraction of an IP protocol. Maps a protocol number to one or more names. The
distinguished value of the cn attribute denotes the canonical name of the protocolOptional Attributes descriptionSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.4Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, ipProtocolNumber, objectClass
ipServiceNames ipServiceOrigin draft-howard-rfc2307bisSuperior Classes topDescription Abstraction an Internet Protocol service. Maps an IP port and protocol (such as
tcp or udp) to one or more names; the distinguished value of the cn attributedenotes the canonical name of the service
Optional Attributes descriptionSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.3Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, ipServicePort, ipServiceProtocol, objectClass
ipTnetHostNames ipTnetHostOrigin Solaris SpecificSuperior Classes topDescription Associates an IP address or wildcard with a TSOL template_nameSchema File 05-solaris.ldifOID 1.3.6.1.4.1.42.2.27.5.2.9Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes ipTnetNumber, objectClass
Object ClassesipTnetTemplate
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 575
ipTnetTemplate
Names ipTnetTemplateOrigin Solaris SpecificSuperior Classes topDescription Object class for TSOL network templatesOptional Attributes SolarisAttrKeyValueSchema File 05-solaris.ldifOID 1.3.6.1.4.1.42.2.27.5.2.8Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes ipTnetTemplateName, objectClass
javaContainerEntry that contains a Java object. The entry's form is specified by an auxiliary object class.
Names javaContainerOrigin RFC 2713Superior Classes topDescription Container for a Java objectSchema File 03-rfc2713.ldifOID 1.3.6.1.4.1.42.2.27.4.2.1Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass
javaMarshalledObjectEntry that represents a marshalled Java object.
Names javaMarshalledObjectOrigin RFC 2713Superior Classes javaObjectDescription Java marshalled object
Object ClassesjavaNamingReference
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 576
Optional Attributes description, javaClassNames, javaCodebase, javaDocSchema File 03-rfc2713.ldifOID 1.3.6.1.4.1.42.2.27.4.2.8Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes javaClassName, javaSerializedData, objectClass
javaNamingReferenceEntry that represents a JNDI reference to a Java object.
Names javaNamingReferenceOrigin RFC 2713Superior Classes javaObjectDescription JNDI referenceOptional Attributes description, javaClassNames, javaCodebase, javaDoc, javaFactory,
javaReferenceAddressSchema File 03-rfc2713.ldifOID 1.3.6.1.4.1.42.2.27.4.2.7Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes javaClassName, objectClass
javaObjectAbstract parent for entries that represent Java objects.
Names javaObjectOrigin RFC 2713Superior Classes topDescription Java object representationOptional Attributes description, javaClassNames, javaCodebase, javaDocSchema File 03-rfc2713.ldifOID 1.3.6.1.4.1.42.2.27.4.2.4Class Type ABSTRACT: for use when defining other object classes.Required Attributes javaClassName, objectClass
Object ClassesjavaSerializedObject
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 577
javaSerializedObjectEntry that represents a serialized Java object.
Names javaSerializedObjectOrigin RFC 2713Superior Classes javaObjectDescription Java serialized objectOptional Attributes description, javaClassNames, javaCodebase, javaDocSchema File 03-rfc2713.ldifOID 1.3.6.1.4.1.42.2.27.4.2.5Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes javaClassName, javaSerializedData, objectClass
kbaInfoContainerNames kbaInfoContainerOrigin OpenAMSuperior Classes topDescription Class containing KBA informationOptional Attributes kbaActiveIndex, kbaInfo, kbaInfoAttemptsSchema File 60-identity-store-ds-kba.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.2.5Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
labeledURIObjectClass allowing a labeledURI attribute, which holds a URI with an optional label, as described in RFC2079.
Names labeledURIObjectOrigin RFC 2079Superior Classes top
Object ClassesldapSubEntry
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 578
Description object that contains the URI attribute typeOptional Attributes labeledURISchema File 00-core.ldifOID 1.3.6.1.4.1.250.3.15Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
ldapSubEntryLDAP subentries are analogous to operational attributes in that they are used by the server foradministrative purposes. Examples include password policies, entries for allocating collectiveattributes, and the entry exposing directory schema.
Unlike entries in the server-specific configuration backend, Subentries are present in and replicatedwith user data. Modifying subentries nevertheless requires the subentry-write administrative privilege.
For details, see the Internet-Draft, LDAP Subentry Schema .
Names ldapSubEntryOrigin draft-ietf-ldup-subentrySuperior Classes topDescription LDAP Subentry class, version 1Optional Attributes cnSchema File 00-core.ldifOID 2.16.840.1.113719.2.142.6.1.1Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass
localityThe entry with this object class represents a place in the physical world.
Names localityOrigin RFC 4519Superior Classes topOptional Attributes description, l, searchGuide, seeAlso, st, street
Object ClassesmailGroup
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 579
Schema File 00-core.ldifOID 2.5.6.3Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass
mailGroupNames mailGroupOrigin Solaris SpecificSuperior Classes topOptional Attributes cn, mgrpRFC822MailMemberSchema File 05-solaris.ldifOID 2.16.840.1.113730.3.2.4Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes mail, objectClass
namedObjectThe namedObject structural object class is a placeholder. It is intended for use in entries that haveauxiliary object classes, and for which there is no appropriate structural object class.
The Internet-Draft shows the example of a POSIX group entry:
dn: cn=wheel,ou=Groups,dc=padl,dc=comobjectClass: topobjectClass: namedObjectobjectClass: posixGroupcn: wheelgidNumber: 0memberUid: root
Names namedObjectOrigin draft-howard-namedobjectSuperior Classes topOptional Attributes cnSchema File 00-core.ldifOID 1.3.6.1.4.1.5322.13.1.1
Object ClassesnisDomainObject
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 580
Class Type STRUCTURAL: for structural specification of the DIT. Entries have only onestructural object class superclass chain.
Required Attributes objectClass
nisDomainObjectNames nisDomainObjectOrigin draft-howard-rfc2307bisSuperior Classes topDescription Associates a NIS domain with a naming contextSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.15Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes nisDomain, objectClass
nisKeyObjectNames nisKeyObjectOrigin draft-howard-rfc2307bisSuperior Classes topDescription An object with a public and secret keyOptional Attributes description, uidNumberSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.14Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes cn, nisPublicKey, nisSecretKey, objectClass
nisMailAliasNames nisMailAliasOrigin Solaris SpecificSuperior Classes topOptional Attributes rfc822mailMember
Object ClassesnisMap
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 581
Schema File 05-solaris.ldifOID 1.3.6.1.4.1.42.2.27.1.2.5Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass
nisMapNames nisMapOrigin draft-howard-rfc2307bisSuperior Classes topDescription A generic abstraction of a NIS mapOptional Attributes descriptionSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.9Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes nisMapName, objectClass
nisNetgroupNames nisNetgroupOrigin draft-howard-rfc2307bisSuperior Classes topDescription Abstraction of a netgroup. May refer to other netgroupsOptional Attributes description, memberNisNetgroup, nisNetgroupTripleSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.8Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass
nisNetIdNames nisNetId
Object ClassesnisObject
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 582
Origin Solaris SpecificSuperior Classes topOptional Attributes nisNetIdGroup, nisNetIdHost, nisNetIdUserSchema File 05-solaris.ldifOID 1.3.6.1.4.1.42.2.27.1.2.6Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass
nisObject
Names nisObjectOrigin draft-howard-rfc2307bisSuperior Classes topDescription An entry in a NIS mapOptional Attributes descriptionSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.10Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, nisMapEntry, nisMapName, objectClass
nisplusTimeZoneData
Names nisplusTimeZoneDataOrigin Solaris SpecificSuperior Classes topDescription NIS+ timezone table dataOptional Attributes description, nisplusTimeZoneSchema File 05-solaris.ldifOID 1.3.6.1.4.1.42.2.27.5.2.12Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass
Object ClassesoathDeviceProfilesContainer
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 583
oathDeviceProfilesContainerNames oathDeviceProfilesContainerOrigin OpenAMSuperior Classes topDescription Class containing OATH device profilesOptional Attributes oathDeviceProfilesSchema File 60-identity-store-ds-oathdevices.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.2.10Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
oncRpcNames oncRpcOrigin draft-howard-rfc2307bisSuperior Classes topDescription Abstraction of an Open Network Computing (ONC) [RFC1057] Remote Procedure
Call (RPC) binding. This class maps an ONC RPC number to a name. Thedistinguished value of the cn attribute denotes the canonical name of the RPCservice
Optional Attributes descriptionSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.5Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass, oncRpcNumber
organizationThe entry with this object class represents a structured group of people.
Names organizationOrigin RFC 4519
Object ClassesorganizationalPerson
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 584
Superior Classes topOptional Attributes businessCategory, description, destinationIndicator, facsimileTelephoneNumber,
internationaliSDNNumber, l, physicalDeliveryOfficeName, postOfficeBox,postalAddress, postalCode, preferredDeliveryMethod, registeredAddress,searchGuide, seeAlso, st, street, telephoneNumber, teletexTerminalIdentifier,telexNumber, userPassword, x121Address
Schema File 00-core.ldifOID 2.5.6.4Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes o, objectClass
organizationalPersonThe entry with this object class represents a person in relation to an organization.
Names organizationalPersonOrigin RFC 4519Superior Classes personOptional Attributes description, destinationIndicator, facsimileTelephoneNumber,
internationaliSDNNumber, l, ou, physicalDeliveryOfficeName, postOfficeBox,postalAddress, postalCode, preferredDeliveryMethod, registeredAddress, seeAlso,st, street, telephoneNumber, teletexTerminalIdentifier, telexNumber, title,userPassword, x121Address
Schema File 00-core.ldifOID 2.5.6.7Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass, sn
organizationalRoleThe entry with this object class represents a job, function, or position in an organization.
Names organizationalRoleOrigin RFC 4519Superior Classes topOptional Attributes description, destinationIndicator, facsimileTelephoneNumber,
internationaliSDNNumber, l, ou, physicalDeliveryOfficeName, postOfficeBox,postalAddress, postalCode, preferredDeliveryMethod, registeredAddress,
Object ClassesorganizationalUnit
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 585
roleOccupant, seeAlso, st, street, telephoneNumber, teletexTerminalIdentifier,telexNumber, x121Address
Schema File 00-core.ldifOID 2.5.6.8Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass
organizationalUnitThe entry with this object class represents a piece of an organization.
Names organizationalUnitOrigin RFC 4519Superior Classes topOptional Attributes businessCategory, description, destinationIndicator, facsimileTelephoneNumber,
internationaliSDNNumber, l, physicalDeliveryOfficeName, postOfficeBox,postalAddress, postalCode, preferredDeliveryMethod, registeredAddress,searchGuide, seeAlso, st, street, telephoneNumber, teletexTerminalIdentifier,telexNumber, userPassword, x121Address
Schema File 00-core.ldifOID 2.5.6.5Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass, ou
personThe entry with this object class represents a human being.
Names personOrigin RFC 4519Superior Classes topOptional Attributes description, seeAlso, telephoneNumber, userPasswordSchema File 00-core.ldifOID 2.5.6.6Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.
Object ClassespilotDSA
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 586
Required Attributes cn, objectClass, sn
pilotDSAObject class assigning common attributes for COSINE and Internet X.500 pilot Directory SystemAgent (DSA) entries.
Names pilotDSAOrigin RFC 1274Superior Classes dSAOptional Attributes description, knowledgeInformation, l, o, ou, seeAlso, supportedApplicationContextSchema File 00-core.ldifOID 0.9.2342.19200300.100.4.21Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, dSAQuality, objectClass, presentationAddress
pilotObjectObject class assigning common attributes for COSINE and Internet X.500 pilot entries.
Names pilotObjectOrigin RFC 1274Superior Classes topOptional Attributes audio, dITRedirect, info, jpegPhoto, lastModifiedBy, lastModifiedTime, manager,
photo, uniqueIdentifierSchema File 00-core.ldifOID 0.9.2342.19200300.100.4.3Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass
pilotOrganizationOrganization object class for COSINE and Internet X.500 pilot entries.
Names pilotOrganization
Object ClassespilotPerson
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 587
Origin RFC 1274Superior Classes organization, organizationalUnitOptional Attributes buildingName, businessCategory, description, destinationIndicator,
facsimileTelephoneNumber, internationaliSDNNumber, l,physicalDeliveryOfficeName, postOfficeBox, postalAddress, postalCode,preferredDeliveryMethod, registeredAddress, searchGuide, seeAlso, st, street,telephoneNumber, teletexTerminalIdentifier, telexNumber, userPassword,x121Address
Schema File 00-core.ldifOID 0.9.2342.19200300.100.4.20Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes o, objectClass, ou
pilotPersonPerson object class for COSINE and Internet X.500 pilot entries.
Names pilotPersonOrigin RFC 1274Superior Classes personOptional Attributes businessCategory, description, drink, homePhone, homePostalAddress,
janetMailbox, mail, mailPreferenceOption, mobile, organizationalStatus,otherMailbox, pager, personalSignature, personalTitle, preferredDeliveryMethod,roomNumber, secretary, seeAlso, telephoneNumber, textEncodedORAddress, uid,userClass, userPassword
Schema File 00-core.ldifOID 0.9.2342.19200300.100.4.4Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass, sn
pkiCAObject class for augmenting entries that act as certificate authorities, as described in X.509 clause11.1.2.
Names pkiCAOrigin RFC 4523
Object ClassespkiUser
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 588
Superior Classes topDescription X.509 PKI Certificate AuthorityOptional Attributes authorityRevocationList, cACertificate, certificateRevocationList,
crossCertificatePairSchema File 00-core.ldifOID 2.5.6.22Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
pkiUserObject class for augmenting entries that may be subject to certificates, as described in X.509 clause11.1.1.
Names pkiUserOrigin RFC 4523Superior Classes topDescription X.509 PKI UserOptional Attributes userCertificateSchema File 00-core.ldifOID 2.5.6.21Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
posixAccount
Names posixAccountOrigin draft-howard-rfc2307bisSuperior Classes topDescription Abstraction of an account with POSIX attributesOptional Attributes authPassword, description, gecos, loginShell, userPasswordSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.0
Object ClassesposixGroup
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 589
Class Type AUXILIARY: for use in augmenting attributes of entries that already have astructural object class.
Required Attributes cn, gidNumber, homeDirectory, objectClass, uid, uidNumber
posixGroupNames posixGroupOrigin draft-howard-rfc2307bisSuperior Classes topDescription Abstraction of a group of accountsOptional Attributes authPassword, description, memberUid, userPasswordSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.2Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes gidNumber, objectClass
printerAbstractNames printerAbstractOrigin RFC 3712Superior Classes topDescription Printer related information.Optional Attributes printer-charset-configured, printer-charset-supported, printer-color-supported,
printer-compression-supported, printer-copies-supported, printer-current-operator, printer-delivery-orientation-supported, printer-document-format-supported, printer-finishings-supported, printer-generated-natural-language-supported, printer-info, printer-job-k-octets-supported, printer-job-priority-supported, printer-location, printer-make-and-model, printer-media-local-supported, printer-media-supported, printer-more-info, printer-multiple-document-jobs-supported, printer-name, printer-natural-language-configured, printer-number-up-supported, printer-output-features-supported, printer-pages-per-minute, printer-pages-per-minute-color, printer-print-quality-supported, printer-resolution-supported, printer-service-person, printer-sides-supported, printer-stacking-order-supported
Schema File 03-rfc3712.ldifOID 1.3.18.0.2.6.258Class Type ABSTRACT: for use when defining other object classes.Required Attributes objectClass
Object ClassesprinterIPP
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 590
printerIPPNames printerIPPOrigin RFC 3712Superior Classes topDescription Internet Printing Protocol (IPP) information.Optional Attributes printer-ipp-versions-supported, printer-multiple-document-jobs-supportedSchema File 03-rfc3712.ldifOID 1.3.18.0.2.6.256Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
printerLPRNames printerLPROrigin RFC 3712Superior Classes topDescription LPR information.Optional Attributes printer-aliasesSchema File 03-rfc3712.ldifOID 1.3.18.0.2.6.253Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass, printer-name
printerServiceNames printerServiceOrigin RFC 3712Superior Classes printerAbstractDescription Printer information.Optional Attributes printer-charset-configured, printer-charset-supported, printer-color-supported,
printer-compression-supported, printer-copies-supported, printer-current-operator, printer-delivery-orientation-supported, printer-document-format-supported, printer-finishings-supported, printer-generated-natural-language-
Object ClassesprinterServiceAuxClass
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 591
supported, printer-info, printer-job-k-octets-supported, printer-job-priority-supported, printer-location, printer-make-and-model, printer-media-local-supported, printer-media-supported, printer-more-info, printer-multiple-document-jobs-supported, printer-name, printer-natural-language-configured, printer-number-up-supported, printer-output-features-supported, printer-pages-per-minute, printer-pages-per-minute-color, printer-print-quality-supported, printer-resolution-supported, printer-service-person, printer-sides-supported, printer-stacking-order-supported, printer-uri, printer-xri-supported
Schema File 03-rfc3712.ldifOID 1.3.18.0.2.6.255Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass
printerServiceAuxClassNames printerServiceAuxClassOrigin RFC 3712Superior Classes printerAbstractDescription Printer information.Optional Attributes printer-charset-configured, printer-charset-supported, printer-color-supported,
printer-compression-supported, printer-copies-supported, printer-current-operator, printer-delivery-orientation-supported, printer-document-format-supported, printer-finishings-supported, printer-generated-natural-language-supported, printer-info, printer-job-k-octets-supported, printer-job-priority-supported, printer-location, printer-make-and-model, printer-media-local-supported, printer-media-supported, printer-more-info, printer-multiple-document-jobs-supported, printer-name, printer-natural-language-configured, printer-number-up-supported, printer-output-features-supported, printer-pages-per-minute, printer-pages-per-minute-color, printer-print-quality-supported, printer-resolution-supported, printer-service-person, printer-sides-supported, printer-stacking-order-supported, printer-uri, printer-xri-supported
Schema File 03-rfc3712.ldifOID 1.3.18.0.2.6.257Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
pushDeviceProfilesContainerNames pushDeviceProfilesContainer
Object ClassespwdPolicy
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 592
Origin OpenAMSuperior Classes topDescription Class containing Push device profilesOptional Attributes pushDeviceProfilesSchema File 60-identity-store-ds-pushdevices.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.2.11Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
pwdPolicyPassword policy that is part of the directory data and can be replicated.
Names pwdPolicyOrigin draft-behera-ldap-password-policySuperior Classes topOptional Attributes pwdAllowUserChange, pwdCheckQuality, pwdExpireWarning,
pwdFailureCountInterval, pwdGraceAuthNLimit, pwdInHistory, pwdLockout,pwdLockoutDuration, pwdMaxAge, pwdMaxFailure, pwdMinAge, pwdMinLength,pwdMustChange, pwdSafeModify
Schema File 01-pwpolicy.ldifOID 1.3.6.1.4.1.42.2.27.8.2.1Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass, pwdAttribute
pwdValidatorPolicyObject class for an entry that specifies a password validation policy.
Names pwdValidatorPolicyOrigin OpenDJ Directory ServerSuperior Classes topDescription This auxiliary objectClass represents a password validator by referencing one
from the configuration. It has been replaced with ds-pwp-validator and will beobsoleted in future versions
Object ClassesqualityLabelledData
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 593
Schema File 03-pwpolicyextension.ldifOID 1.3.6.1.4.1.36733.2.1.2.18Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass, ds-cfg-password-validatorDeprecated Since 7.0.0
qualityLabelledDataObject class assigning common data quality attributes to subtrees in the DIT.
Names qualityLabelledDataOrigin RFC 1274Superior Classes topOptional Attributes subtreeMaximumQuality, subtreeMinimumQualitySchema File 00-core.ldifOID 0.9.2342.19200300.100.4.22Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes dSAQuality, objectClass
referralRepresents a subordinate reference in the directory, in other words an entry that refers to anotherentry.
Use this object class with extensibleObject to allow the entry to support the naming attributes used inits DN.
Names referralOrigin RFC 3296Superior Classes topDescription named subordinate reference objectSchema File 00-core.ldifOID 2.16.840.1.113730.3.2.6Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.
Object ClassesresidentialPerson
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 594
Required Attributes ref
residentialPersonThe entry with this object class represents a person's residence in representation of the person.
Names residentialPersonOrigin RFC 4519Superior Classes personOptional Attributes businessCategory, description, destinationIndicator, facsimileTelephoneNumber,
internationaliSDNNumber, physicalDeliveryOfficeName, postOfficeBox,postalAddress, postalCode, preferredDeliveryMethod, registeredAddress,seeAlso, st, street, telephoneNumber, teletexTerminalIdentifier, telexNumber,userPassword, x121Address
Schema File 00-core.ldifOID 2.5.6.10Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, l, objectClass, sn
rFC822LocalPartEntries of this object class represent the local part of Internet mail addresses as described in RFC2822.
The local part of the address is handled like a domain entry.
Names rFC822LocalPartOrigin RFC 4524Superior Classes domainOptional Attributes associatedName, businessCategory, cn, description, destinationIndicator,
facsimileTelephoneNumber, internationaliSDNNumber, l, o,physicalDeliveryOfficeName, postOfficeBox, postalAddress, postalCode,preferredDeliveryMethod, registeredAddress, searchGuide, seeAlso, sn, st,street, telephoneNumber, teletexTerminalIdentifier, telexNumber, userPassword,x121Address
Schema File 00-core.ldifOID 0.9.2342.19200300.100.4.14Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.
Object Classesroom
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 595
Required Attributes dc, objectClass
roomEntries of this object class represent rooms with cn as the naming attribute.
Names roomOrigin RFC 4524Superior Classes topOptional Attributes description, roomNumber, seeAlso, telephoneNumberSchema File 00-core.ldifOID 0.9.2342.19200300.100.4.7Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass
sambaConfigNames sambaConfigSuperior Classes topDescription Samba Configuration SectionOptional Attributes descriptionSchema File 05-samba.ldifOID 1.3.6.1.4.1.7165.1.2.2.10Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
sambaConfigOptionNames sambaConfigOptionSuperior Classes topDescription Samba Configuration OptionOptional Attributes description, sambaBoolOption, sambaIntegerOption, sambaStringListOption,
sambaStringOptionSchema File 05-samba.ldif
Object ClassessambaDomain
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 596
OID 1.3.6.1.4.1.7165.2.2.12Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass, sambaOptionName
sambaDomainNames sambaDomainSuperior Classes topDescription Samba Domain InformationOptional Attributes sambaAlgorithmicRidBase, sambaForceLogoff, sambaLockoutDuration,
sambaLockoutObservationWindow, sambaLockoutThreshold,sambaLogonToChgPwd, sambaMaxPwdAge, sambaMinPwdAge,sambaMinPwdLength, sambaNextGroupRid, sambaNextRid, sambaNextUserRid,sambaPwdHistoryLength, sambaRefuseMachinePwdChange
Schema File 05-samba.ldifOID 1.3.6.1.4.1.7165.2.2.5Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass, sambaDomainName, sambaSID
sambaGroupMappingNames sambaGroupMappingSuperior Classes topDescription Samba Group MappingOptional Attributes description, displayName, sambaSIDListSchema File 05-samba.ldifOID 1.3.6.1.4.1.7165.2.2.4Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes gidNumber, objectClass, sambaGroupType, sambaSID
sambaIdmapEntryNames sambaIdmapEntry
Object ClassessambaPrivilege
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 597
Superior Classes topDescription Mapping from a SID to an IDOptional Attributes gidNumber, uidNumberSchema File 05-samba.ldifOID 1.3.6.1.4.1.7165.1.2.2.8Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass, sambaSID
sambaPrivilegeNames sambaPrivilegeSuperior Classes topDescription Samba PrivilegeOptional Attributes sambaPrivilegeListSchema File 05-samba.ldifOID 1.3.6.1.4.1.7165.2.2.13Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass, sambaSID
sambaSamAccountNames sambaSamAccountSuperior Classes topDescription Samba 3.0 Auxilary SAM AccountOptional Attributes cn, description, displayName, sambaAcctFlags, sambaBadPasswordCount,
sambaBadPasswordTime, sambaDomainName, sambaHomeDrive,sambaHomePath, sambaKickoffTime, sambaLMPassword, sambaLogoffTime,sambaLogonHours, sambaLogonScript, sambaLogonTime, sambaMungedDial,sambaNTPassword, sambaPasswordHistory, sambaPrimaryGroupSID,sambaProfilePath, sambaPwdCanChange, sambaPwdLastSet,sambaPwdMustChange, sambaUserWorkstations
Schema File 05-samba.ldifOID 1.3.6.1.4.1.7165.2.2.6Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.
Object ClassessambaShare
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 598
Required Attributes objectClass, sambaSID, uid
sambaShareNames sambaShareSuperior Classes topDescription Samba Share SectionOptional Attributes descriptionSchema File 05-samba.ldifOID 1.3.6.1.4.1.7165.2.2.11Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass, sambaShareName
sambaSidEntryNames sambaSidEntrySuperior Classes topDescription Structural Class for a SIDSchema File 05-samba.ldifOID 1.3.6.1.4.1.7165.1.2.2.9Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass, sambaSID
sambaTrustPasswordNames sambaTrustPasswordSuperior Classes topDescription Samba Trust PasswordOptional Attributes sambaPwdLastSet, sambaSIDSchema File 05-samba.ldifOID 1.3.6.1.4.1.7165.2.2.14Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.
Object ClassessambaUnixIdPool
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 599
Required Attributes objectClass, sambaDomainName, sambaNTPassword, sambaTrustFlags
sambaUnixIdPoolNames sambaUnixIdPoolSuperior Classes topDescription Pool for allocating UNIX uids/gidsSchema File 05-samba.ldifOID 1.3.6.1.4.1.7165.1.2.2.7Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes gidNumber, objectClass, uidNumber
shadowAccountNames shadowAccountOrigin draft-howard-rfc2307bisSuperior Classes topDescription Additional attributes for shadow passwordsOptional Attributes authPassword, description, shadowExpire, shadowFlag, shadowInactive,
shadowLastChange, shadowMax, shadowMin, shadowWarning, userPasswordSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.1Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass, uid
simpleSecurityObjectEntries of this object class require that the entry have a userPassword attribute when the userPasswordattribute is not required or allowed by the structural object class chain.
Names simpleSecurityObjectOrigin RFC 4524Superior Classes topSchema File 00-core.ldif
Object ClassesslpService
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 600
OID 0.9.2342.19200300.100.4.19Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass, userPassword
slpServiceParent class for Service Location Protocol (SLP) objects. Specific service types inherit from this classand define their own attributes. They are structural object classes.
SLP service type templates have the following properties:
template-type
Defines the service type of the template. The service type can reflect:
• A simple service, for example service:ftp
• An abstract service type, for example service:printer
• An concrete service type, for example service:printer:lpr
• A service with a naming authority, for example service:printer.sun:local
This definition is used as the name of the LDAP object class for the template. To translate theservice type name, : and . are replaced with -. For example, service:printer.sun:local becomes theobject class name service-printer-sun-local.
template-version
String containing a major and minor version number, separated by .
template-description
Block of human-readable text describing what the service does.
template-url-syntax
ABNF grammar describing the service type specific part of the service URL.
Names slpServiceOrigin RFC 2926Superior Classes topDescription parent superclass for SLP servicesOptional Attributes service-advert-attribute-authenticator, service-advert-url-authenticatorSchema File 03-rfc2926.ldif
Object ClassesslpServicePrinter
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 601
OID 1.3.6.1.4.1.6252.2.27.6.2.1Class Type ABSTRACT: for use when defining other object classes.Required Attributes description, objectClass, service-advert-scopes, service-advert-service-type,
template-major-version-number, template-minor-version-number, template-url-syntax
slpServicePrinterNames slpServicePrinterOrigin RFC 3712Superior Classes slpServiceDescription Service Location Protocol (SLP) information.Optional Attributes service-advert-attribute-authenticator, service-advert-url-authenticatorSchema File 03-rfc3712.ldifOID 1.3.18.0.2.6.254Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes description, objectClass, service-advert-scopes, service-advert-service-type,
template-major-version-number, template-minor-version-number, template-url-syntax
SolarisAuditUserNames SolarisAuditUserOrigin Solaris SpecificSuperior Classes topOptional Attributes SolarisAuditAlways, SolarisAuditNeverSchema File 05-solaris.ldifOID 1.3.6.1.4.1.42.2.27.5.2.2Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
SolarisAuthAttrNames SolarisAuthAttr
Object ClassesSolarisExecAttr
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 602
Origin Solaris SpecificSuperior Classes topDescription Authorizations dataOptional Attributes SolarisAttrKeyValue, SolarisAttrLongDesc, SolarisAttrReserved1,
SolarisAttrReserved2, SolarisAttrShortDescSchema File 05-solaris.ldifOID 1.3.6.1.4.1.42.2.27.5.2.4Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass
SolarisExecAttrNames SolarisExecAttrOrigin Solaris SpecificSuperior Classes topDescription Profiles execution attributesOptional Attributes SolarisAttrKeyValue, SolarisAttrReserved1, SolarisAttrReserved2,
SolarisKernelSecurityPolicy, SolarisProfileId, SolarisProfileTypeSchema File 05-solaris.ldifOID 1.3.6.1.4.1.42.2.27.5.2.6Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
SolarisNamingProfileNames SolarisNamingProfileOrigin Solaris SpecificSuperior Classes topDescription Solaris LDAP Naming client profile objectClassOptional Attributes SolarisAuthMethod, SolarisBindDN, SolarisBindPassword, SolarisBindTimeLimit,
SolarisCacheTTL, SolarisCertificatePassword, SolarisCertificatePath,SolarisDataSearchDN, SolarisPreferredServer, SolarisPreferredServerOnly,SolarisSearchReferral, SolarisSearchScope, SolarisSearchTimeLimit,SolarisTransportSecurity
Schema File 05-solaris.ldif
Object ClassesSolarisProfAttr
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 603
OID 1.3.6.1.4.1.42.2.27.5.2.7Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes SolarisLDAPServers, SolarisSearchBaseDN, cn, objectClass
SolarisProfAttr
Names SolarisProfAttrOrigin Solaris SpecificSuperior Classes topDescription Profiles dataOptional Attributes SolarisAttrKeyValue, SolarisAttrLongDesc, SolarisAttrReserved1,
SolarisAttrReserved2Schema File 05-solaris.ldifOID 1.3.6.1.4.1.42.2.27.5.2.5Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass
SolarisProject
Names SolarisProjectOrigin Solaris SpecificSuperior Classes topOptional Attributes SolarisProjectAttr, description, memberGid, memberUidSchema File 05-solaris.ldifOID 1.3.6.1.4.1.42.2.27.5.2.1Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes SolarisProjectID, SolarisProjectName, objectClass
SolarisUserAttr
Names SolarisUserAttr
Object ClassesstrongAuthenticationUser
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 604
Origin Solaris SpecificSuperior Classes topDescription User attributesOptional Attributes SolarisAttrKeyValue, SolarisAttrReserved1, SolarisAttrReserved2,
SolarisUserQualifierSchema File 05-solaris.ldifOID 1.3.6.1.4.1.42.2.27.5.2.3Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
strongAuthenticationUserObject class for augmenting entries that use certificate-based authentication, as described in X.521clause 6.15.
This object class is deprecated. Use pkiUser instead.
Names strongAuthenticationUserOrigin RFC 4523Superior Classes topSchema File 00-core.ldifOID 2.5.6.15Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass, userCertificate
subentrySubentries are analogous to operational attributes in that they are used by the server foradministrative purposes. Examples include password policies, entries for allocating collectiveattributes, and the entry exposing directory schema.
Unlike entries in the server-specific configuration backend, Subentries are present in and replicatedwith user data. Modifying subentries nevertheless requires the subentry-write administrative privilege.
For details, see RFC 3672, Subentries in the Lightweight Directory Access Protocol .
Names subentry
Object Classessubschema
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 605
Origin RFC 3672Superior Classes topDescription LDAP Subentry classSchema File 00-core.ldifOID 2.5.17.0Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes cn, objectClass, subtreeSpecification
subschemaAuxiliary object class for entries holding LDAP schema definitions.
Names subschemaOrigin RFC 4512Optional Attributes attributeTypes, dITContentRules, dITStructureRules, matchingRuleUse,
matchingRules, nameForms, objectClassesSchema File 00-core.ldifOID 2.5.20.1Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.
sunAMAuthAccountLockoutThis object class stores AM profile information.
Names sunAMAuthAccountLockoutOrigin OpenSSOSuperior Classes topDescription Invalid Login Attempts Object ClassOptional Attributes sunAMAuthInvalidAttemptsDataSchema File 60-identity-store-ds-schema.ldifOID 1.3.6.1.4.1.42.2.27.9.2.118Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
Object ClassessunFMSAML2NameIdentifier
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 606
sunFMSAML2NameIdentifierThis object class stores AM profile information.
Names sunFMSAML2NameIdentifierOrigin OpenSSOSuperior Classes topDescription SAML 2.0 name identifier objectclassOptional Attributes sun-fm-saml2-nameid-info, sun-fm-saml2-nameid-infokeySchema File 60-identity-store-ds-schema.ldifOID 1.3.6.1.4.1.42.2.27.9.2.148Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
sunPrinterNames sunPrinterOrigin Solaris SpecificSuperior Classes topDescription Sun printer informationOptional Attributes sun-printer-bsdaddr, sun-printer-kvpSchema File 05-solaris.ldifOID 1.3.6.1.4.1.42.2.27.5.2.14Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass, printer-name
sunRealmServiceThis object class stores AM configuration data.
Names sunRealmServiceOrigin Sun Java System Identity ManagementSuperior Classes topDescription object containing service information for realms
Object Classessunservice
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 607
Optional Attributes description, labeledURI, o, sunKeyValue, sunxmlKeyValueSchema File 60-config-schema.ldifOID 1.3.6.1.4.1.42.2.27.9.2.104Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass
sunserviceThis object class stores AM configuration data.
Names sunserviceOrigin Sun Java System Identity ManagementSuperior Classes topDescription object containing service informationOptional Attributes description, labeledURI, sunKeyValue, sunPluginSchema, sunServiceSchema,
sunxmlKeyValueSchema File 60-config-schema.ldifOID 1.3.6.1.4.1.42.2.27.9.2.25Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass, ou
sunservicecomponentThis object class stores AM configuration data.
Names sunservicecomponentOrigin Sun Java System Identity ManagementSuperior Classes organizationalUnitDescription Sub-components of the serviceOptional Attributes businessCategory, description, destinationIndicator, facsimileTelephoneNumber,
internationaliSDNNumber, l, labeledURI, physicalDeliveryOfficeName,postOfficeBox, postalAddress, postalCode, preferredDeliveryMethod,registeredAddress, searchGuide, seeAlso, st, street, sunKeyValue, sunserviceID,sunsmspriority, sunxmlKeyValue, telephoneNumber, teletexTerminalIdentifier,telexNumber, userPassword, x121Address
Schema File 60-config-schema.ldif
Object Classestop
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 608
OID 1.3.6.1.4.1.42.2.27.9.2.27Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass, ou
topThe top-level object class, which is the abstract parent of all structural object class hierarchies.
Names topOrigin RFC 4512Schema File 00-core.ldifOID 2.5.6.0Class Type ABSTRACT: for use when defining other object classes.Required Attributes objectClass
uddiAddressThis entry represents an address contained by a UDDI contact.
Names uddiAddressOrigin RFC 4403Superior Classes topOptional Attributes uddiAddressLine, uddiLang, uddiSortCode, uddiTModelKey, uddiUseType,
uddiv3TModelKeySchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.6.3Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass, uddiUUID
uddiBindingTemplateThis entry represents a UDDI binding template.
Names uddiBindingTemplateOrigin RFC 4403
Object ClassesuddiBusinessEntity
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 609
Superior Classes topOptional Attributes uddiAccessPoint, uddiCategoryBag, uddiDescription, uddiHostingRedirector,
uddiServiceKey, uddiv3BindingKey, uddiv3DigitalSignature,uddiv3EntityCreationTime, uddiv3NodeId, uddiv3ServiceKey
Schema File 03-uddiv3.ldifOID 1.3.6.1.1.10.6.5Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass, uddiBindingKey
uddiBusinessEntityThis entry represents a UDDI business entity.
Names uddiBusinessEntityOrigin RFC 4403Superior Classes topOptional Attributes uddiAuthorizedName, uddiCategoryBag, uddiDescription, uddiDiscoveryURLs,
uddiIdentifierBag, uddiOperator, uddiv3BusinessKey, uddiv3DigitalSignature,uddiv3EntityModificationTime, uddiv3NodeId
Schema File 03-uddiv3.ldifOID 1.3.6.1.1.10.6.1Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass, uddiBusinessKey, uddiName
uddiBusinessServiceThis entry represents a UDDI business service.
Names uddiBusinessServiceOrigin RFC 4403Superior Classes topOptional Attributes uddiBusinessKey, uddiCategoryBag, uddiDescription, uddiIsProjection, uddiName,
uddiv3BusinessKey, uddiv3DigitalSignature, uddiv3EntityCreationTime,uddiv3EntityModificationTime, uddiv3NodeId, uddiv3ServiceKey
Schema File 03-uddiv3.ldifOID 1.3.6.1.1.10.6.4
Object ClassesuddiContact
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 610
Class Type STRUCTURAL: for structural specification of the DIT. Entries have only onestructural object class superclass chain.
Required Attributes objectClass, uddiServiceKey
uddiContactThis entry represents a contact contained by a UDDI business entity.
Names uddiContactOrigin RFC 4403Superior Classes topOptional Attributes uddiDescription, uddiEMail, uddiPhone, uddiUseTypeSchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.6.2Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass, uddiPersonName, uddiUUID
uddiPublisherAssertionThis entry represents a UDDI publisher assertion.
Names uddiPublisherAssertionOrigin RFC 4403Superior Classes topOptional Attributes uddiv3DigitalSignature, uddiv3NodeIdSchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.6.8Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass, uddiFromKey, uddiKeyedReference, uddiToKey, uddiUUID
uddiTModelThis entry represents a UDDI template model.
Names uddiTModel
Object ClassesuddiTModelInstanceInfo
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 611
Origin RFC 4403Superior Classes topOptional Attributes uddiAuthorizedName, uddiCategoryBag, uddiDescription, uddiIdentifierBag,
uddiIsHidden, uddiOperator, uddiOverviewDescription, uddiOverviewURL,uddiv3DigitalSignature, uddiv3NodeId, uddiv3TModelKey
Schema File 03-uddiv3.ldifOID 1.3.6.1.1.10.6.7Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass, uddiName, uddiTModelKey
uddiTModelInstanceInfoThis entry represents a UDDI template model instance info object.
Names uddiTModelInstanceInfoOrigin RFC 4403Superior Classes topOptional Attributes uddiDescription, uddiInstanceDescription, uddiInstanceParms,
uddiOverviewDescription, uddiOverviewURL, uddiv3TModelKeySchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.6.6Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass, uddiTModelKey
uddiv3EntityObituaryThis entry represents a UDDI entity obituary that contains information for a deleted UDDIv3 entity.
Names uddiv3EntityObituaryOrigin RFC 4403Superior Classes topOptional Attributes uddiAuthorizedName, uddiv3EntityCreationTime, uddiv3EntityDeletionTime,
uddiv3NodeIdSchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.6.10
Object Classesuddiv3Subscription
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 612
Class Type STRUCTURAL: for structural specification of the DIT. Entries have only onestructural object class superclass chain.
Required Attributes objectClass, uddiUUID, uddiv3EntityKey
uddiv3SubscriptionThis entry represents a UDDI subscription entity.
Names uddiv3SubscriptionOrigin RFC 4403Superior Classes topOptional Attributes uddiAuthorizedName, uddiv3BindingKey, uddiv3BriefResponse,
uddiv3ExpiresAfter, uddiv3MaxEntities, uddiv3NodeId, uddiv3NotificationInterval,uddiv3SubscriptionKey
Schema File 03-uddiv3.ldifOID 1.3.6.1.1.10.6.9Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass, uddiUUID, uddiv3SubscriptionFilter
uidObjectThis object class permits the entry to contain user identification information.
Names uidObjectOrigin RFC 4519Superior Classes topSchema File 00-core.ldifOID 1.3.6.1.1.3.1Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass, uid
untypedObjectNames untypedObjectOrigin draft-furuseth-ldap-untypedobject
Object ClassesuserSecurityInformation
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 613
Superior Classes topDescription Entry of no particular typeOptional Attributes c, cn, dc, description, l, o, ou, owner, seeAlso, st, street, uidSchema File 00-core.ldifOID 1.3.6.1.4.1.26027.1.2.900Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one
structural object class superclass chain.Required Attributes objectClass
userSecurityInformationObject class for augmenting entries with additional security information, as described in X.521 clause6.16.
Names userSecurityInformationOrigin RFC 4523Superior Classes topOptional Attributes supportedAlgorithmsSchema File 00-core.ldifOID 2.5.6.18Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.Required Attributes objectClass
webauthnDeviceProfilesContainerNames webauthnDeviceProfilesContainerOrigin OpenAMSuperior Classes topDescription Class containing WebAuthn device profilesOptional Attributes webauthnDeviceProfilesSchema File 60-identity-store-ds-webauthndevices.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.2.12Class Type AUXILIARY: for use in augmenting attributes of entries that already have a
structural object class.
Object ClasseswebauthnDeviceProfilesContainer
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 614
Required Attributes objectClass
Syntaxes
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 615
Chapter 8
SyntaxesThis chapter covers schema definitions for syntaxes:
• "Attribute Type Description"
• "Authentication Password Syntax"
• "Binary"
• "Bit String"
• "Boolean"
• "Certificate"
• "Certificate List"
• "Certificate Pair"
• "Collective Conflict Behavior"
• "Counter metric"
• "Country String"
• "CSN (Change Sequence Number)"
• "Delivery Method"
• "Directory String"
• "DIT Content Rule Description"
• "DIT Structure Rule Description"
• "DN"
• "Duration in milli-seconds"
• "Enhanced Guide"
• "Expression syntax for Boolean"
• "Expression syntax for Certificate"
• "Expression syntax for Directory String"
Syntaxes
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 616
• "Expression syntax for DN"
• "Expression syntax for Generalized Time"
• "Expression syntax for IA5 String"
• "Expression syntax for Integer"
• "Expression syntax for Numeric String"
• "Expression syntax for Octet String"
• "Expression syntax for OID"
• "Expression syntax for Sun-defined Access Control Information"
• "Expression syntax for User Password"
• "Facsimile Telephone Number"
• "Fax"
• "Filesystem path"
• "Generalized Time"
• "Guide"
• "Host port"
• "IA5 String"
• "Integer"
• "JPEG"
• "Json"
• "Json Query"
• "LDAP Syntax Description"
• "Matching Rule Description"
• "Matching Rule Use Description"
• "Name and Optional JSON"
• "Name and Optional UID"
• "Name Form Description"
• "Numeric String"
• "Object Class Description"
SyntaxesAttribute Type Description
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 617
• "Octet String"
• "OID"
• "Other Mailbox"
• "Postal Address"
• "Presentation Address"
• "Printable String"
• "Protocol Information"
• "Size in bytes"
• "Substring Assertion"
• "Subtree Specification"
• "Summary metric"
• "Sun-defined Access Control Information"
• "Supported Algorithm"
• "Telephone Number"
• "Teletex Terminal Identifier"
• "Telex Number"
• "Timer metric"
• "User Password"
• "UTC Time"
• "UUID"
• "X.509 Certificate Exact Assertion"
Attribute Type DescriptionValues of this syntax define attribute types.
The syntax corresponds to the AttributeTypeDescription ASN.1 type defined by X.501.
Origin RFC 4517Description Attribute Type DescriptionOID 1.3.6.1.4.1.1466.115.121.1.3
SyntaxesAuthentication Password Syntax
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 618
Authentication Password SyntaxValues of this syntax hold encoded or hashed passwords.
The syntax follows this ABNF:
authPasswordValue = w scheme s authInfo s authValue wscheme = %x30-39 / %x41-5A / %x2D-2F / %x5F ; 0-9, A-Z, "-", ".", "/", or "_"authInfo = schemeSpecificValueauthValue = schemeSpecificValue schemeSpecificValue = *( %x21-23 / %x25-7E ) ; printable ASCII less "$" and " "s = w SEP ww = *SPSEP = %x24 ; "$"SP = %x20 ; " " (space)
The scheme describes the mechanism.
The authInfo is often base64-encoded salt.
The authValue is often a base64-encoded value derived from the password(s).
Origin RFC 3112Description Authentication Password SyntaxOID 1.3.6.1.4.1.4203.1.1.2
BinaryValues of this syntax hold binary values.
The values are BER-encoded instances of an attribute value ASN.1 data type for X.500, where thefirst byte inside the OCTET STRING wrapper is a tag octet, and the OCTET STRING is encoded inprimitive form.
Origin RFC 4517Description BinaryOID 1.3.6.1.4.1.1466.115.121.1.5
Bit StringValues of this syntax hold a sequence of binary digits.
The syntax follows this ABNF, corresponding to the BIT STRING ASN.1 type:
SyntaxesBoolean
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 619
BitString = SQUOTE *binary-digit SQUOTE "B"binary-digit = "0" / "1"
Origin RFC 4517Description Bit StringOID 1.3.6.1.4.1.1466.115.121.1.6
BooleanValues of this syntax hold a Boolean value, either TRUE or FALSE.
The syntax follows the BOOLEAN ASN.1 type.
Origin RFC 4517Description BooleanOID 1.3.6.1.4.1.1466.115.121.1.7
CertificateValues of this syntax hold an X.509 certificate.
Request values using the binary option for the attribute description, such as userCertificate;binary.
Values of this syntax and the form of each value must be preserved as presented to avoid corruptingthe digital signature.
Origin RFC 4523Description CertificateOID 1.3.6.1.4.1.1466.115.121.1.8
Certificate ListValues of this syntax hold an X.509 CertificateList as described in X.509, clause 7.3.
Request values using the binary option for the attribute description, such ascertificateRevocationList;binary.
Values of this syntax and the form of each value must be preserved as presented to avoid corruptingthe digital signature.
Origin RFC 4523
SyntaxesCertificate Pair
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 620
Description Certificate ListOID 1.3.6.1.4.1.1466.115.121.1.9
Certificate PairValues of this syntax hold an X.509 CertificatePair as described in X.509, clause 11.2.3.
Request values using the binary option for the attribute description, such ascrossCertificatePair;binary.
Values of this syntax and the form of each value must be preserved as presented to avoid corruptingthe digital signature.
Origin RFC 4523Description Certificate PairOID 1.3.6.1.4.1.1466.115.121.1.10
Collective Conflict BehaviorValues of this syntax indicate how to handle conflicts between real (stored) and virtual (computed)attribute values.
Schema File 00-core.ldifDescription Collective Conflict BehaviorAcceptable Values real-overrides-virtual, virtual-overrides-real, merge-real-and-virtualOID 1.3.6.1.4.1.26027.1.3.6
Counter metricOrigin OpenDJ Directory ServerSchema File 02-config.ldifDescription Counter metricSubstitute Syntax IntegerOID 1.3.6.1.4.1.36733.2.1.3.10
Country StringValues of this syntax hold two-character country codes as defined in the ISO 3166 standard.
SyntaxesCSN (Change Sequence Number)
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 621
Origin RFC 4517Description Country StringOID 1.3.6.1.4.1.1466.115.121.1.11
CSN (Change Sequence Number)Origin OpenDJ Directory ServerSchema File 02-config.ldifDescription CSN (Change Sequence Number)Substitute Syntax Directory StringOID 1.3.6.1.4.1.36733.2.1.3.9
Delivery MethodValues of this syntax have values that are sequences of items that indicate the service(s) by which anentity can receive messages, in order of preference.
The syntax follows this ABNF:
DeliveryMethod = pdm *( WSP DOLLAR WSP pdm )pdm = "any" / "mhs" / "physical" / "telex" / "teletex" / "g3fax" / "g4fax" / "ia5" / "videotex" / "telephone"WSP = 0*SPACE ; zero or more " "DOLLAR = %x24 ; dollar sign ("$")SPACE = %x20 ; space (" ")
Origin RFC 4517Description Delivery MethodOID 1.3.6.1.4.1.1466.115.121.1.14
Directory StringValues of this syntax hold strings of one or more arbitrary characters from the Universal CharacterSet (UCS). A zero-length character string is not permitted for this syntax.
LDAP encodes these values in UTF-8, as specified in RFC 3629.
Client applications must accept arbitrary UCS code points, including code points outside theprintable range, and code points not presently assigned to any character.
SyntaxesDIT Content Rule Description
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 622
Origin RFC 4517Description Directory StringOID 1.3.6.1.4.1.1466.115.121.1.15
DIT Content Rule DescriptionValues of this syntax define DIT content rules.
The syntax corresponds to the DITContentRuleDescription ASN.1 type defined by X.501.
Origin RFC 4517Description DIT Content Rule DescriptionOID 1.3.6.1.4.1.1466.115.121.1.16
DIT Structure Rule DescriptionValues of this syntax define DIT structure rules.
The syntax corresponds to the DITStructureRuleDescription ASN.1 type defined by X.501.
Origin RFC 4517Description DIT Structure Rule DescriptionOID 1.3.6.1.4.1.1466.115.121.1.17
DNValues of this syntax hold the distinguished name (DN) of an entry.
The syntax corresponds to the DistinguishedName ASN.1 type defined by X.501.
Origin RFC 4517Description DNOID 1.3.6.1.4.1.1466.115.121.1.12
Duration in milli-secondsOrigin OpenDJ Directory ServerSchema File 02-config.ldif
SyntaxesEnhanced Guide
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 623
Description Duration in milli-secondsSubstitute Syntax IntegerOID 1.3.6.1.4.1.36733.2.1.3.4
Enhanced GuideValues of this syntax suggest criteria to be used in constructing filters to search for entries of aparticular object class. The criteria are combinations of attribute types and filter operators.
For example, the value person#(sn$EQ)#oneLevel suggests searching for person entries with an equalityfilter to match surname (SN) attribute values with a scope of one level below the base DN.
The syntax follows this ABNF:
EnhancedGuide = object-class SHARP WSP criteria WSP SHARP WSP subsetobject-class = WSP oid WSPsubset = "baseobject" / "oneLevel" / "wholeSubtree"
criteria = and-term *( BAR and-term )and-term = term *( AMPERSAND term )term = EXCLAIM term / attributetype DOLLAR match-type / LPAREN criteria RPAREN / true / falsematch-type = "EQ" / "SUBSTR" / "GE" / "LE" / "APPROX"true = "?true"false = "?false"BAR = %x7C ; vertical bar ("|")AMPERSAND = %x26 ; ampersand ("&")EXCLAIM = %x21 ; exclamation mark ("!")
WSP = 0*SPACE ; zero or more " "DOLLAR = %x24 ; dollar sign ("$")SPACE = %x20 ; space (" ")SHARP = %x23 ; octothorpe (or sharp sign) ("#")LPAREN = %x28 ; left paren ("(")RPAREN = %x29 ; right paren (")")
attributetype = oidoid = descr / numericoiddescr = keystringnumericoid = number 1*( DOT number )keystring = leadkeychar *keycharleadkeychar = ALPHAkeychar = ALPHA / DIGIT / HYPHENnumber = DIGIT / ( LDIGIT 1*DIGIT )ALPHA = %x41-5A / %x61-7A ; "A"-"Z" / "a"-"z"DIGIT = %x30 / LDIGIT ; "0"-"9"LDIGIT = %x31-39 ; "1"-"9"HEX = DIGIT / %x41-46 / %x61-66 ; "0"-"9" / "A"-"F" / "a"-"f"
SyntaxesExpression syntax for Boolean
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 624
The syntax corresponds to the EnhancedGuide ASN.1 type defined by X.520.
Origin RFC 4517Description Enhanced GuideOID 1.3.6.1.4.1.1466.115.121.1.21
Expression syntax for BooleanValues of this syntax hold either a Boolean value, or a configuration expression that evaluates to aBoolean value.
Origin OpenDJ Directory ServerDescription Expression syntax for BooleanOID 1.3.6.1.4.1.36733.2.1.3.3.7
Expression syntax for CertificateValues of this syntax hold either an X.509 certificate value, or a configuration expression thatevaluates to an X.509 certificate value.
Origin OpenDJ Directory ServerDescription Expression syntax for CertificateOID 1.3.6.1.4.1.36733.2.1.3.3.8
Expression syntax for Directory StringValues of this syntax hold either an LDAP directory string value, or a configuration expression thatevaluates to an LDAP directory string value.
Origin OpenDJ Directory ServerDescription Expression syntax for Directory StringOID 1.3.6.1.4.1.36733.2.1.3.3.15
Expression syntax for DNValues of this syntax hold either a DN value, or a configuration expression that evaluates to a DNvalue.
SyntaxesExpression syntax for Generalized Time
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 625
Origin OpenDJ Directory ServerDescription Expression syntax for DNOID 1.3.6.1.4.1.36733.2.1.3.3.12
Expression syntax for Generalized TimeValues of this syntax hold either a generalized time value, or a configuration expression thatevaluates to a generalized time value.
Origin OpenDJ Directory ServerDescription Expression syntax for Generalized TimeOID 1.3.6.1.4.1.36733.2.1.3.3.24
Expression syntax for IA5 StringValues of this syntax hold either an IA5 string value, or a configuration expression that evaluates toan IA5 string value.
Origin OpenDJ Directory ServerDescription Expression syntax for IA5 StringOID 1.3.6.1.4.1.36733.2.1.3.3.26
Expression syntax for IntegerValues of this syntax hold either an integer value, or a configuration expression that evaluates to aninteger value.
Origin OpenDJ Directory ServerDescription Expression syntax for IntegerOID 1.3.6.1.4.1.36733.2.1.3.3.27
Expression syntax for Numeric StringValues of this syntax hold either a numeric string value, or a configuration expression that evaluatesto a numeric string value.
Origin OpenDJ Directory Server
SyntaxesExpression syntax for Octet String
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 626
Description Expression syntax for Numeric StringOID 1.3.6.1.4.1.36733.2.1.3.3.36
Expression syntax for Octet StringValues of this syntax hold either an octet string value, or a configuration expression that evaluates toan octet string value.
Origin OpenDJ Directory ServerDescription Expression syntax for Octet StringOID 1.3.6.1.4.1.36733.2.1.3.3.40
Expression syntax for OIDValues of this syntax hold either an OID value, or a configuration expression that evaluates to an OIDvalue.
Origin OpenDJ Directory ServerDescription Expression syntax for OIDOID 1.3.6.1.4.1.36733.2.1.3.3.38
Expression syntax for Sun-defined Access Control InformationValues of this syntax hold either an access control instruction, or a configuration expression thatevaluates to an access control instruction.
Origin OpenDJ Directory ServerDescription Expression syntax for Sun-defined Access Control InformationOID 1.3.6.1.4.1.36733.2.1.3.3.14
Expression syntax for User PasswordValues of this syntax hold either an encoded password value, or a configuration expression thatevaluates to an encoded password value.
Origin OpenDJ Directory ServerDescription Expression syntax for User PasswordOID 1.3.6.1.4.1.36733.2.1.3.3.11
SyntaxesFacsimile Telephone Number
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 627
Facsimile Telephone NumberValues of this syntax hold fax telephone numbers with optional additional fax parameters.
The syntax follows this ABNF:
fax-number = telephone-number *( DOLLAR fax-parameter )telephone-number = PrintableStringfax-parameter = "twoDimensional" / "fineResolution" / "unlimitedLength" / "b4Length" / "a3Width" / "b4Width" / "uncompressed"
Origin RFC 4517Description Facsimile Telephone NumberOID 1.3.6.1.4.1.1466.115.121.1.22
FaxValues of this syntax hold fax images produced by the Group 3 facsimile process, as described inTerminal Equipment and Protocols for Telematic Services, ITU-T Recommendation T.4.
The ASN.1 type corresponds to this Fax syntax, assuming EXPLICIT TAGS:
Fax ::= CHOICE { g3-facsimile [3] G3FacsimileBodyPart}
The G3FacsimileBodyPart ASN.1 type is defined by X.420.
Origin RFC 4517Description FaxOID 1.3.6.1.4.1.1466.115.121.1.23
Filesystem path
Origin OpenDJ Directory Server
SyntaxesGeneralized Time
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 628
Schema File 02-config.ldifDescription Filesystem pathSubstitute Syntax Directory StringOID 1.3.6.1.4.1.36733.2.1.3.8
Generalized TimeValues of this syntax hold generalized times, character strings representing a date and time.
The syntax follows this ABNF:
GeneralizedTime = century year month day hour [ minute [ second / leap-second ] ] [ fraction ] g-time-zone
century = 2(%x30-39) ; "00" to "99"year = 2(%x30-39) ; "00" to "99"month = ( %x30 %x31-39 ) ; "01" (January) to "09" / ( %x31 %x30-32 ) ; "10" to "12"day = ( %x30 %x31-39 ) ; "01" to "09" / ( %x31-32 %x30-39 ) ; "10" to "29" / ( %x33 %x30-31 ) ; "30" to "31"hour = ( %x30-31 %x30-39 ) / ( %x32 %x30-33 ) ; "00" to "23"minute = %x30-35 %x30-39 ; "00" to "59"
second = ( %x30-35 %x30-39 ) ; "00" to "59"leap-second = ( %x36 %x30 ) ; "60"
fraction = ( DOT / COMMA ) 1*(%x30-39)g-time-zone = %x5A ; "Z" / g-differentialg-differential = ( MINUS / PLUS ) hour [ minute ]MINUS = %x2D ; minus sign ("-")PLUS = %x2B ; plus sign ("+")
Where the ABNF allows invalid times, such as Feb. 31, 2017, the values are considered invalid.
When the "Z" form of the time zone is used, the time value represents universal coordinated time.Otherwise, it represents a local time in the time zone indicated by the g-differential.
Example: 201702151036Z meaning 10:36 AM, February 15, 2017 universal coordinated time.
The syntax corresponds to the GeneralizedTime ASN.1 type, with the exception that local times withouta differential are not permitted.
Origin RFC 4517Description Generalized Time
SyntaxesGuide
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 629
OID 1.3.6.1.4.1.1466.115.121.1.24
GuideValues of this syntax suggest criteria to be used in constructing filters to search for entries of aparticular object class. The criteria are combinations of attribute types and filter operators.
This syntax is considered obsolete, and should not be used when defining new attribute types. Thealternative is EnhancedGuide.
Origin RFC 4517Description GuideOID 1.3.6.1.4.1.1466.115.121.1.25
Host portOrigin OpenDJ Directory ServerSchema File 02-config.ldifDescription Host portSubstitute Syntax Directory StringOID 1.3.6.1.4.1.36733.2.1.3.11
IA5 StringValues of this syntax hold strings of zero or more characters from International Alphabet 5 (IA5),the international version of the ASCII character set. The set is defined in International ReferenceAlphabet (IRA) (Formerly International Alphabet No. 5 or IA5) Information Technology - 7-Bit CodedCharacter Set for Information Interchange, ITU-T Recommendation T.50.
The syntax follows this ABNF:
IA5String = *(%x00-7F)
The syntax corresponds to the IA5String ASN.1 type.
Origin RFC 4517Description IA5 StringOID 1.3.6.1.4.1.1466.115.121.1.26
SyntaxesInteger
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 630
IntegerValues of this syntax hold whole numbers of unlimited magnitude.
The syntax follows this ABNF:
Integer = ( HYPHEN LDIGIT *DIGIT ) / numbernumber = DIGIT / ( LDIGIT 1*DIGIT )HYPHEN = %x2D ; hyphen ("-")DIGIT = %x30 / LDIGIT ; "0"-"9"LDIGIT = %x31-39 ; "1"-"9"
The syntax corresponds to the INTEGER ASN.1 type.
Origin RFC 4517Description IntegerOID 1.3.6.1.4.1.1466.115.121.1.27
JPEGValues of this syntax hold images in the JPEG File Interchange Format (JFIF), as described in JPEGFile Interchange Format (Version 1.02). The values are the sequence of octets of the JFIF encoding.
The syntax corresponds to the following ASN.1 type:
JPEG ::= OCTET STRING (CONSTRAINED BY { -- contents octets are an image in the -- -- JPEG File Interchange Format -- })
Origin RFC 4517Description JPEGOID 1.3.6.1.4.1.1466.115.121.1.28
JsonValues of this syntax hold JavaScript Object Notation (JSON) documents.
The syntax is specified in RFC 7159.
Origin OpenDJ Directory ServerDescription JsonOID 1.3.6.1.4.1.36733.2.1.3.1
SyntaxesJson Query
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 631
Json QueryValues of this syntax hold ForgeRock® Common REST JSON Query filter strings. See the directorydocumentation for details.
Origin OpenDJ Directory ServerDescription Json QueryOID 1.3.6.1.4.1.36733.2.1.3.2
LDAP Syntax DescriptionValues of this syntax define LDAP syntaxes.
The syntax corresponds to the following ASN.1 type:
LDAPSyntaxDescription ::= SEQUENCE { identifier OBJECT IDENTIFIER, description DirectoryString { ub-schema } OPTIONAL }
DirectoryString is defined in X.520. The integer value of ub-schema depends on the implementation.
Origin RFC 4517Description LDAP Syntax DescriptionOID 1.3.6.1.4.1.1466.115.121.1.54
Matching Rule DescriptionValues of this syntax define matching rules.
The syntax corresponds to the MatchingRuleDescription ASN.1 type defined by X.501.
Origin RFC 4517Description Matching Rule DescriptionOID 1.3.6.1.4.1.1466.115.121.1.30
Matching Rule Use DescriptionValues of this syntax define matching rule uses.
SyntaxesName and Optional JSON
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 632
The syntax corresponds to the MatchingRuleUseDescription ASN.1 type defined by X.501.
Origin RFC 4517Description Matching Rule Use DescriptionOID 1.3.6.1.4.1.1466.115.121.1.31
Name and Optional JSONValues of this syntax hold a DN optionally prepended with a JSON object. Examples:attribute: uid=bjensen,ou=people,dc=example,dc=comattribute: {"json": "value"}uid=bjensen,ou=people,dc=example,dc=com
Origin OpenDJ Directory ServerDescription Name and Optional JSONOID 1.3.6.1.4.1.36733.2.1.3.12
Name and Optional UIDValues of this syntax hold a DN followed by an optional unique identifier to distinguish the name fromothers with the same DN.
The syntax follows this ABNF:
NameAndOptionalUID = distinguishedName [ SHARP BitString ]
Example: uid=bjensen,ou=people,dc=example,dc=com#'0101'B.
The syntax corresponds to the NameAndOptionalUID ASN.1 type defined by X.501.
Origin RFC 4517Description Name and Optional UIDOID 1.3.6.1.4.1.1466.115.121.1.34
Name Form DescriptionValues of this syntax define name forms.
The syntax corresponds to the NameFormDescription ASN.1 type defined by X.501.
SyntaxesNumeric String
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 633
Origin RFC 4517Description Name Form DescriptionOID 1.3.6.1.4.1.1466.115.121.1.35
Numeric StringValues of this syntax hold sequences of one or more numerals and spaces.
The syntax follows this ABNF:
NumericString = 1*(DIGIT / SPACE)
Example: 123 456 789 0.
The syntax corresponds to the NumericString ASN.1 type.
Origin RFC 4517Description Numeric StringOID 1.3.6.1.4.1.1466.115.121.1.36
Object Class DescriptionValues of this syntax define object classes.
The syntax corresponds to the ObjectClassDescription ASN.1 type defined by X.501.
Origin RFC 4517Description Object Class DescriptionOID 1.3.6.1.4.1.1466.115.121.1.37
Octet StringValues of this syntax hold sequences of zero or more arbitrary octets.
The syntax follows this ABNF:
OctetString = *OCTETOCTET = %x00-FF ; Any octet (8-bit data unit)
SyntaxesOID
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 634
The syntax corresponds to the OCTET STRING ASN.1 type.
Origin RFC 4517Description Octet StringOID 1.3.6.1.4.1.1466.115.121.1.40
OIDValues of this syntax hold Object Identifiers (OID), sequences of two or more non-negative integersthat uniquely identify some object or item of specification.
Examples: 1.2.3.4, cn.
The syntax corresponds to the OBJECT IDENTIFIER ASN.1 type.
Origin RFC 4517Description OIDOID 1.3.6.1.4.1.1466.115.121.1.38
Other MailboxValues of this syntax hold electronic mail addresses for a particular mail system.
The syntax follows this ABNF:
OtherMailbox = mailbox-type DOLLAR mailboxmailbox-type = PrintableStringmailbox = IA5String
The mailbox-type identifies the mail system. The mailbox identifies the mail box within the system.
The syntax corresponds to this ASN.1 type, assuming EXPLICIT TAGS:
OtherMailbox ::= SEQUENCE { mailboxType PrintableString, mailbox IA5String}
Origin RFC 4517Description Other MailboxOID 1.3.6.1.4.1.1466.115.121.1.39
SyntaxesPostal Address
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 635
Postal AddressValues of this syntax hold sequences of strings of one or more arbitrary UCS characters, which forman address in a physical mail system.
The syntax follows this ABNF:
PostalAddress = line *( DOLLAR line )line = 1*line-charline-char = %x00-23 / (%x5C "24") ; escaped "$" / %x25-5B / (%x5C "5C") ; escaped "\" / %x5D-7F / UTFMB
DOLLAR = %x24 ; dollar sign ("$")UTFMB = UTF2 / UTF3 / UTF4UTF1 = %x00-7FUTF2 = %xC2-DF UTF0UTF3 = %xE0 %xA0-BF UTF0 / %xE1-EC 2(UTF0) / %xED %x80-9F UTF0 / %xEE-EF 2(UTF0)UTF4 = %xF0 %x90-BF 2(UTF0) / %xF1-F3 3(UTF0) / %xF4 %x80-8F 2(UTF0)
Example: 1234 Main St.$Anytown, CA 12345$USA.
The syntax corresponds to the PostalAddress ASN.1 type:
PostalAddress ::= SEQUENCE SIZE(1..ub-postal-line) OF DirectoryString { ub-postal-string }
The integers ub-postal-line and ub-postal-string depend on the implementation. The syntax is definedin X.520.
Origin RFC 4517Description Postal AddressOID 1.3.6.1.4.1.1466.115.121.1.41
Presentation AddressValues of this syntax hold presentation addresses used when addressing other OSI applicationentities.
The syntax is described in RFC 1278, A string encoding of Presentation Address. However, thisimplementation treats the syntax exactly like DirectoryString syntax.
SyntaxesPrintable String
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 636
Origin RFC 2252Description Presentation AddressOID 1.3.6.1.4.1.1466.115.121.1.43
Printable StringValues of this syntax hold strings of one or more latin alphabetic, numeric, and selected punctuationcharacters as described by the following ABNF:
PrintableString = 1*PrintableCharacterPrintableCharacter = ALPHA / DIGIT / SQUOTE / LPAREN / RPAREN / PLUS / COMMA / HYPHEN / DOT / EQUALS / SLASH / COLON / QUESTION / SPACEALPHA = %x41-5A / %x61-7A ; "A"-"Z" / "a"-"z"DIGIT = %x30 / LDIGIT ; "0"-"9"LDIGIT = %x31-39 ; "1"-"9"SPACE = %x20 ; space (" ")SQUOTE = %x27 ; single quote ("'")LPAREN = %x28 ; left paren ("(")RPAREN = %x29 ; right paren (")")PLUS = %x2B ; plus sign ("+")COMMA = %x2C ; comma (",")HYPHEN = %x2D ; hyphen ("-")DOT = %x2E ; period (".")EQUALS = %x3D ; equals sign ("=")SLASH = %x2F ; forward slash ("/")COLON = %x3A ; colon (":")QUESTION = %x3F ; question mark ("?")
The syntax corresponds to the PrintableString ASN.1 type.
Origin RFC 4517Description Printable StringOID 1.3.6.1.4.1.1466.115.121.1.44
Protocol InformationAccording to X.520, Values of this syntax hold protocol information for network addresses in apresentation address.
This was referenced but not defined in the LDAP specifications. As a result, this syntax is treated likethat of Directory String.
Origin RFC 2252Description Protocol Information
SyntaxesSize in bytes
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 637
OID 1.3.6.1.4.1.1466.115.121.1.42
Size in bytesOrigin OpenDJ Directory ServerSchema File 02-config.ldifDescription Size in bytesSubstitute Syntax IntegerOID 1.3.6.1.4.1.36733.2.1.3.5
Substring AssertionValues of this syntax hold sequences of zero or more character substrings used as an argument forsubstring extensible matching of character string attribute values.
Such are the match values of matching rule assertions. They are not used in attribute values or in asubstring filter.
Each substring is a string of one or more characters from the Universal Character Set (UCS). Zero-length substrings are not permitted.
Values follow this ABNF:
SubstringAssertion = [ initial ] any [ final ]
initial = substringany = ASTERISK *(substring ASTERISK)final = substringASTERISK = %x2A ; asterisk ("*")
substring = 1*substring-charactersubstring-character = %x00-29 / (%x5C "2A") ; escaped "*" / %x2B-5B / (%x5C "5C") ; escaped "\" / %x5D-7F / UTFMB
UTFMB = UTF2 / UTF3 / UTF4UTF1 = %x00-7FUTF2 = %xC2-DF UTF0UTF3 = %xE0 %xA0-BF UTF0 / %xE1-EC 2(UTF0) / %xED %x80-9F UTF0 / %xEE-EF 2(UTF0)UTF4 = %xF0 %x90-BF 2(UTF0) / %xF1-F3 3(UTF0) / %xF4 %x80-8F 2(UTF0)
SyntaxesSubtree Specification
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 638
The syntax corresponds to the SubstringAssertion ASN.1 type defined in X.520.
Origin RFC 4517Description Substring AssertionOID 1.3.6.1.4.1.1466.115.121.1.58
Subtree Specification
Description Subtree SpecificationOID 1.3.6.1.4.1.1466.115.121.1.45
Summary metricJSON object metric that samples observations, providing a count of observations, sum total ofobserved amounts, average rate of events, and moving average rates across sliding time windows.
Summary values have the following fields:
{ "count": (number) events recorded for this metric, "total": (number) sum of the amounts of events recorded for this metric, "mean_rate": (number) average rate, "m1_rate": (number) one-minute average rate, "m5_rate": (number) five-minute average rate, "m15_rate": (number) fifteen-minute average rate}
Origin OpenDJ Directory ServerSchema File 02-config.ldifDescription Summary metricSubstitute Syntax JsonOID 1.3.6.1.4.1.36733.2.1.3.7
Sun-defined Access Control InformationValues of this syntax hold Access Control Instructions (ACI). See the directory documentation fordetails.
SyntaxesSupported Algorithm
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 639
Description Sun-defined Access Control InformationOID 1.3.6.1.4.1.26027.1.3.4
Supported AlgorithmValues of this syntax hold X.509 SupportedAlgorithms, as described in X.509, clause 11.2.7.
Request values using the binary option for the attribute description, such as supportedAlgorithms;binary.
Values of this syntax and the form of each value must be preserved as presented to avoid corruptingthe digital signature.
Origin RFC 4523Description Supported AlgorithmOID 1.3.6.1.4.1.1466.115.121.1.49
Telephone NumberValues of this syntax hold telephone numbers, strings of printable characters, as in PrintableString,that comply with the internationally agreed format for representing international telephone numbers.
Examples: +1 415 555 1212, +1-415-555-1212.
The syntax corresponds to the following ASN.1 type from X.520:
PrintableString (SIZE(1..ub-telephone-number))
The integer value of ub-telephone-number depends on the implementation.
Origin RFC 4517Description Telephone NumberOID 1.3.6.1.4.1.1466.115.121.1.50
Teletex Terminal IdentifierValues of this syntax hold identifiers and, optionally, parameters of teletex terminals.
Values follow this ABNF:
SyntaxesTelex Number
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 640
teletex-id = ttx-term *(DOLLAR ttx-param)ttx-term = PrintableString ; terminal identifierttx-param = ttx-key COLON ttx-value ; parameterttx-key = "graphic" / "control" / "misc" / "page" / "private"ttx-value = *ttx-value-octetttx-value-octet = %x00-23 / (%x5C "24") ; escaped "$" / %x25-5B / (%x5C "5C") ; escaped "\" / %x5D-FF
DOLLAR = %x24 ; dollar sign ("$")PrintableString = 1*PrintableCharacterPrintableCharacter = ALPHA / DIGIT / SQUOTE / LPAREN / RPAREN / PLUS / COMMA / HYPHEN / DOT / EQUALS / SLASH / COLON / QUESTION / SPACEALPHA = %x41-5A / %x61-7A ; "A"-"Z" / "a"-"z"DIGIT = %x30 / LDIGIT ; "0"-"9"LDIGIT = %x31-39 ; "1"-"9"SPACE = %x20 ; space (" ")SQUOTE = %x27 ; single quote ("'")LPAREN = %x28 ; left paren ("(")RPAREN = %x29 ; right paren (")")PLUS = %x2B ; plus sign ("+")COMMA = %x2C ; comma (",")HYPHEN = %x2D ; hyphen ("-")DOT = %x2E ; period (".")EQUALS = %x3D ; equals sign ("=")SLASH = %x2F ; forward slash ("/")COLON = %x3A ; colon (":")QUESTION = %x3F ; question mark ("?")
The syntax corresponds to the TeletexTerminalIdentifier ASN.1 type defined in X.520.
Origin RFC 4517Description Teletex Terminal IdentifierOID 1.3.6.1.4.1.1466.115.121.1.51
Telex NumberValues of this syntax hold the telex number, country code, and answerback code of a telex terminal.
The syntax follows this ABNF:
SyntaxesTimer metric
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 641
telex-number = actual-number DOLLAR country-code DOLLAR answerbackactual-number = PrintableStringcountry-code = PrintableStringanswerback = PrintableString
DOLLAR = %x24 ; dollar sign ("$")PrintableString = 1*PrintableCharacterPrintableCharacter = ALPHA / DIGIT / SQUOTE / LPAREN / RPAREN / PLUS / COMMA / HYPHEN / DOT / EQUALS / SLASH / COLON / QUESTION / SPACEALPHA = %x41-5A / %x61-7A ; "A"-"Z" / "a"-"z"DIGIT = %x30 / LDIGIT ; "0"-"9"LDIGIT = %x31-39 ; "1"-"9"SPACE = %x20 ; space (" ")SQUOTE = %x27 ; single quote ("'")LPAREN = %x28 ; left paren ("(")RPAREN = %x29 ; right paren (")")PLUS = %x2B ; plus sign ("+")COMMA = %x2C ; comma (",")HYPHEN = %x2D ; hyphen ("-")DOT = %x2E ; period (".")EQUALS = %x3D ; equals sign ("=")SLASH = %x2F ; forward slash ("/")COLON = %x3A ; colon (":")QUESTION = %x3F ; question mark ("?")
The syntax corresponds to the TelexNumber ASN.1 type, defined in X.520.
Origin RFC 4517Description Telex NumberOID 1.3.6.1.4.1.1466.115.121.1.52
Timer metricJSON object metric combining a summary with other statistics.
Timer values have the following fields:
SyntaxesUser Password
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 642
{ "count": (number) events recorded for this metric, "total": (number) sum of the durations of events recorded for this metric, "mean_rate": (number) average rate, "m1_rate": (number) one-minute average rate, "m5_rate": (number) five-minute average rate, "m15_rate": (number) fifteen-minute average rate, "mean": (number) total/count, or 0 if count is 0, "min": (number) minimum duration recorded, "max": (number) maximum duration recorded, "stddev": (number) standard deviation of recorded durations, "p50": (number) 50% at or below this value, "p75": (number) 75% at or below this value, "p95": (number) 95% at or below this value, "p98": (number) 98% at or below this value, "p99": (number) 99% at or below this value, "p999": (number) 99.9% at or below this value, "p9999": (number) 99.99% at or below this value, "p99999": (number) 99.999% at or below this value}
Origin OpenDJ Directory ServerSchema File 02-config.ldifDescription Timer metricSubstitute Syntax JsonOID 1.3.6.1.4.1.36733.2.1.3.6
User PasswordValues of this syntax hold user passwords in encoded form.
A value is formatted as {scheme}encoded-value, where the scheme is the password storage scheme, andencoded-value is the value encoded or hashed according to the storage scheme.
Cleartext passwords are octet strings.
Origin OpenDS Directory ServerDescription User PasswordOID 1.3.6.1.4.1.26027.1.3.1
UTC TimeValues of this syntax hold character strings representing a date and time to a precision of one minuteor one second.
SyntaxesUUID
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 643
This syntax is deprecated. For new attributes, use GeneralizedTime instead.
The syntax follows this ABNF:
UTCTime = year month day hour minute [ second ] [ u-time-zone ]u-time-zone = %x5A ; "Z" / u-differentialu-differential = ( MINUS / PLUS ) hour minute
century = 2(%x30-39) ; "00" to "99"year = 2(%x30-39) ; "00" to "99"month = ( %x30 %x31-39 ) ; "01" (January) to "09" / ( %x31 %x30-32 ) ; "10" to "12"day = ( %x30 %x31-39 ) ; "01" to "09" / ( %x31-32 %x30-39 ) ; "10" to "29" / ( %x33 %x30-31 ) ; "30" to "31"hour = ( %x30-31 %x30-39 ) / ( %x32 %x30-33 ) ; "00" to "23"minute = %x30-35 %x30-39 ; "00" to "59"
second = ( %x30-35 %x30-39 ) ; "00" to "59"leap-second = ( %x36 %x30 ) ; "60"
fraction = ( DOT / COMMA ) 1*(%x30-39)MINUS = %x2D ; minus sign ("-")PLUS = %x2B ; plus sign ("+")
Where the ABNF allows invalid times, such as Feb. 31, 2017, the values are considered invalid.
When the "Z" form of the time zone is used, the time value represents universal coordinated time.Otherwise, it represents a local time in the time zone indicated by the u-differential.
The syntax corresponds to the UTCTime ASN.1 type.
Origin RFC 4517Description UTC TimeOID 1.3.6.1.4.1.1466.115.121.1.53
UUIDValues of this syntax hold 16-octet (128-bit) strings, constrained to the namespace specified in RFC4122, that identify an object. Values are encoded using the ASCII representation.
Example: 597ae2f6-16a6-1027-98f4-d28b5365dc14.
Origin RFC 4530Description UUIDOID 1.3.6.1.1.16.1
SyntaxesX.509 Certificate Exact Assertion
LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 644
X.509 Certificate Exact AssertionValues of this syntax hold an X.509 CertificateExactAssertion as described in X.509, clause 11.3.1.
Values are encoded using Generic String Encoding Rules, specified in RFC 3641. The syntax followsthis ABNF:
CertificateExactAssertion = "{" sp cea-serialNumber "," sp cea-issuer sp "}"
cea-serialNumber = id-serialNumber msp CertificateSerialNumbercea-issuer = id-issuer msp Name
id-serialNumber = %x73.65.72.69.61.6C.4E.75.6D.62.65.72 ; 'serialNumber'id-issuer = %x69.73.73.75.65.72 ; 'issuer'
Name = id-rdnSequence ":" RDNSequenceid-rdnSequence = %x72.64.6E.53.65.71.75.65.6E.63.65 ; 'rdnSequence'
CertificateSerialNumber = INTEGER
Origin RFC 4523Description X.509 Certificate Exact AssertionOID 1.3.6.1.1.15.1
Recommended