backstage.forgerock.com · Copyright © 2020 ForgeRock AS. Abstract Human-readable, hyperlinked view of the default directory schema. This work is licensed under the Creative Commons

LDAP Schema Reference/ Directory Services 7

Latest update: 7.0.1

ForgeRock AS.201 Mission St., Suite 2900

San Francisco, CA 94105, USA+1 415-599-1100 (US)

www.forgerock.com

Copyright © 2020 ForgeRock AS.

Abstract

Human-readable, hyperlinked view of the default directory schema.

This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.

To view a copy of this license, visit https://creativecommons.org/licenses/by-nc-nd/3.0/ or send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA.

ForgeRock® and ForgeRock Identity Platform™ are trademarks of ForgeRock Inc. or its subsidiaries in the U.S. and in other countries. Trademarks are the property of their respective owners.

UNLESS OTHERWISE MUTUALLY AGREED BY THE PARTIES IN WRITING, LICENSOR OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE WORK, EXPRESS,IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENTOR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO SUCHEXCLUSION MAY NOT APPLY TO YOU.

EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARYDAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

DejaVu Fonts

Bitstream Vera Fonts Copyright

Copyright (c) 2003 by Bitstream, Inc. All Rights Reserved. Bitstream Vera is a trademark of Bitstream, Inc.

Permission is hereby granted, free of charge, to any person obtaining a copy of the fonts accompanying this license ("Fonts") and associated documentation files (the "Font Software"), to reproduce and distribute the FontSoftware, including without limitation the rights to use, copy, merge, publish, distribute, and/or sell copies of the Font Software, and to permit persons to whom the Font Software is furnished to do so, subject to the followingconditions:

The above copyright and trademark notices and this permission notice shall be included in all copies of one or more of the Font Software typefaces.

The Font Software may be modified, altered, or added to, and in particular the designs of glyphs or characters in the Fonts may be modified and additional glyphs or characters may be added to the Fonts, only if the fonts arerenamed to names not containing either the words "Bitstream" or the word "Vera".

This License becomes null and void to the extent applicable to Fonts or Font Software that has been modified and is distributed under the "Bitstream Vera" names.

The Font Software may be sold as part of a larger software package but no copy of one or more of the Font Software typefaces may be sold by itself.

THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULARPURPOSE AND NONINFRINGEMENT OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL BITSTREAM OR THE GNOME FOUNDATION BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHERLIABILITY, INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF THE USE ORINABILITY TO USE THE FONT SOFTWARE OR FROM OTHER DEALINGS IN THE FONT SOFTWARE.

Except as contained in this notice, the names of Gnome, the Gnome Foundation, and Bitstream Inc., shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Font Software without priorwritten authorization from the Gnome Foundation or Bitstream Inc., respectively. For further information, contact: fonts at gnome dot org.

Arev Fonts Copyright

Copyright (c) 2006 by Tavmjong Bah. All Rights Reserved.

Permission is hereby granted, free of charge, to any person obtaining a copy of the fonts accompanying this license ("Fonts") and associated documentation files (the "Font Software"), to reproduce and distribute the modificationsto the Bitstream Vera Font Software, including without limitation the rights to use, copy, merge, publish, distribute, and/or sell copies of the Font Software, and to permit persons to whom the Font Software is furnished to do so,subject to the following conditions:

The above copyright and trademark notices and this permission notice shall be included in all copies of one or more of the Font Software typefaces.

The Font Software may be modified, altered, or added to, and in particular the designs of glyphs or characters in the Fonts may be modified and additional glyphs or characters may be added to the Fonts, only if the fonts arerenamed to names not containing either the words "Tavmjong Bah" or the word "Arev".

This License becomes null and void to the extent applicable to Fonts or Font Software that has been modified and is distributed under the "Tavmjong Bah Arev" names.

The Font Software may be sold as part of a larger software package but no copy of one or more of the Font Software typefaces may be sold by itself.

THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULARPURPOSE AND NONINFRINGEMENT OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL TAVMJONG BAH BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, INCLUDING ANYGENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF THE USE OR INABILITY TO USE THE FONTSOFTWARE OR FROM OTHER DEALINGS IN THE FONT SOFTWARE.

Except as contained in this notice, the name of Tavmjong Bah shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Font Software without prior written authorization from Tavmjong Bah.For further information, contact: tavmjong @ free . fr.

FontAwesome Copyright

Copyright (c) 2017 by Dave Gandy, https://fontawesome.com/.

This Font Software is licensed under the SIL Open Font License, Version 1.1. See https://opensource.org/licenses/OFL-1.1.

https://creativecommons.org/licenses/by-nc-nd/3.0/

https://creativecommons.org/licenses/by-nc-nd/3.0/

https://fontawesome.com/

https://opensource.org/licenses/OFL-1.1

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. iii

Table of ContentsAbout This Reference ................................................................................................ xxxi1. Attribute Types ......................................................................................................... 1

aci ....................................................................................................................... 35aclRights ............................................................................................................. 36aclRightsInfo ....................................................................................................... 36administratorsAddress ......................................................................................... 37aliasedObjectName .............................................................................................. 37alive ..................................................................................................................... 38altServer .............................................................................................................. 38aRecord ............................................................................................................... 39assignedDashboard .............................................................................................. 39associatedDomain ................................................................................................ 40associatedName ................................................................................................... 40attributeMap ....................................................................................................... 41attributeTypes ..................................................................................................... 41audio ................................................................................................................... 42authenticationMethod .......................................................................................... 42authorityRevocationList ....................................................................................... 43authPassword ...................................................................................................... 43automountInformation ......................................................................................... 44automountKey ...................................................................................................... 44automountMapName ........................................................................................... 45bindTimeLimit ..................................................................................................... 45blockInheritance .................................................................................................. 46bootFile ............................................................................................................... 46bootParameter ..................................................................................................... 47buildingName ...................................................................................................... 47businessCategory ................................................................................................. 48c-FacsimileTelephoneNumber .............................................................................. 48c-InternationalISDNNumber ................................................................................ 49c-l ........................................................................................................................ 49c-o ....................................................................................................................... 50c-ou ..................................................................................................................... 50c-PhysicalDeliveryOfficeName .............................................................................. 51c-PostalAddress ................................................................................................... 51c-PostalCode ........................................................................................................ 52c-PostOfficeBox .................................................................................................... 52c-st ...................................................................................................................... 53c-street ................................................................................................................ 53c-TelephoneNumber ............................................................................................. 54c-TelexNumber .................................................................................................... 54c .......................................................................................................................... 55cACertificate ........................................................................................................ 55calCalAdrURI ....................................................................................................... 56

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. iv

calCalURI ............................................................................................................ 57calCAPURI ........................................................................................................... 57calFBURL ............................................................................................................ 58calOtherCalAdrURIs ............................................................................................ 58calOtherCalURIs .................................................................................................. 59calOtherCAPURIs ................................................................................................ 59calOtherFBURLs .................................................................................................. 60carLicense ........................................................................................................... 60certificateRevocationList ...................................................................................... 61changeInitiatorsName .......................................................................................... 61changelog ............................................................................................................ 62changeLogCookie ................................................................................................ 62changeNumber .................................................................................................... 63changes ............................................................................................................... 64changeTime ......................................................................................................... 64changeType ......................................................................................................... 65cn ........................................................................................................................ 65cNAMERecord ..................................................................................................... 66co ........................................................................................................................ 67collectiveAttributeSubentries ............................................................................... 67collectiveConflictBehavior .................................................................................... 68collectiveExclusions ............................................................................................. 68corbaIor ............................................................................................................... 69corbaRepositoryId ................................................................................................ 69coreTokenDate01 ................................................................................................. 70coreTokenDate02 ................................................................................................. 71coreTokenDate03 ................................................................................................. 71coreTokenDate04 ................................................................................................. 72coreTokenDate05 ................................................................................................. 72coreTokenExpirationDate ..................................................................................... 73coreTokenId ......................................................................................................... 73coreTokenInteger01 ............................................................................................. 74coreTokenInteger02 ............................................................................................. 74coreTokenInteger03 ............................................................................................. 75coreTokenInteger04 ............................................................................................. 75coreTokenInteger05 ............................................................................................. 76coreTokenInteger06 ............................................................................................. 76coreTokenInteger07 ............................................................................................. 77coreTokenInteger08 ............................................................................................. 77coreTokenInteger09 ............................................................................................. 78coreTokenInteger10 ............................................................................................. 78coreTokenMultiString01 ...................................................................................... 79coreTokenMultiString02 ...................................................................................... 79coreTokenMultiString03 ...................................................................................... 80coreTokenObject .................................................................................................. 80coreTokenString01 .............................................................................................. 81coreTokenString02 .............................................................................................. 81

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. v

coreTokenString03 .............................................................................................. 82coreTokenString04 .............................................................................................. 82coreTokenString05 .............................................................................................. 83coreTokenString06 .............................................................................................. 84coreTokenString07 .............................................................................................. 84coreTokenString08 .............................................................................................. 85coreTokenString09 .............................................................................................. 85coreTokenString10 .............................................................................................. 86coreTokenString11 .............................................................................................. 86coreTokenString12 .............................................................................................. 87coreTokenString13 .............................................................................................. 87coreTokenString14 .............................................................................................. 88coreTokenString15 .............................................................................................. 88coreTokenTtlDate ................................................................................................ 89coreTokenType .................................................................................................... 89coreTokenUserId ................................................................................................. 90createTimestamp ................................................................................................. 90creatorsName ...................................................................................................... 91credentialLevel .................................................................................................... 91crossCertificatePair ............................................................................................. 92dc ........................................................................................................................ 92defaultSearchBase ............................................................................................... 93defaultSearchScope ............................................................................................. 93defaultServerList ................................................................................................. 94deleteOldRDN ...................................................................................................... 94deltaRevocationList ............................................................................................. 95departmentNumber ............................................................................................. 95dereferenceAliases ............................................................................................... 96description ........................................................................................................... 96destinationIndicator ............................................................................................. 97devicePrintProfiles ............................................................................................... 98deviceProfiles ...................................................................................................... 98displayName ........................................................................................................ 99distinguishedName .............................................................................................. 99dITContentRules ................................................................................................ 100dITRedirect ........................................................................................................ 100dITStructureRules .............................................................................................. 101dmdName .......................................................................................................... 101dnQualifier ......................................................................................................... 102documentAuthor ................................................................................................ 102documentIdentifier ............................................................................................ 103documentLocation .............................................................................................. 103documentPublisher ............................................................................................ 104documentTitle .................................................................................................... 104documentVersion ............................................................................................... 105drink .................................................................................................................. 105ds-certificate-fingerprint .................................................................................... 106

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. vi

ds-certificate-issuer-dn ....................................................................................... 106ds-certificate-subject-dn ..................................................................................... 107ds-mon-abandoned-requests ............................................................................... 107ds-mon-active-connections-count ........................................................................ 108ds-mon-active-persistent-searches ...................................................................... 108ds-mon-admin-hostport ...................................................................................... 109ds-mon-alias ....................................................................................................... 109ds-mon-alive-errors ............................................................................................ 110ds-mon-alive ....................................................................................................... 110ds-mon-backend-degraded-index-count ............................................................... 111ds-mon-backend-degraded-index ........................................................................ 111ds-mon-backend-entry-count .............................................................................. 112ds-mon-backend-filter-use-indexed ..................................................................... 112ds-mon-backend-filter-use-start-time .................................................................. 113ds-mon-backend-filter-use-unindexed ................................................................. 113ds-mon-backend-filter-use .................................................................................. 114ds-mon-backend-is-private .................................................................................. 114ds-mon-backend-proxy-base-dn .......................................................................... 115ds-mon-backend-proxy-shard .............................................................................. 115ds-mon-backend-ttl-entries-deleted ..................................................................... 116ds-mon-backend-ttl-is-running ............................................................................ 116ds-mon-backend-ttl-last-run-time ........................................................................ 116ds-mon-backend-ttl-queue-size ........................................................................... 117ds-mon-backend-ttl-thread-count ........................................................................ 117ds-mon-backend-writability-mode ....................................................................... 118ds-mon-base-dn-entry-count ............................................................................... 118ds-mon-base-dn .................................................................................................. 119ds-mon-build-number ......................................................................................... 119ds-mon-build-time .............................................................................................. 120ds-mon-bytes-read .............................................................................................. 120ds-mon-bytes-written .......................................................................................... 121ds-mon-cache-entry-count .................................................................................. 121ds-mon-cache-max-entry-count ........................................................................... 122ds-mon-cache-max-size-bytes .............................................................................. 122ds-mon-cache-misses .......................................................................................... 123ds-mon-cache-total-tries ..................................................................................... 123ds-mon-certificate-expires-at .............................................................................. 124ds-mon-certificate-issuer-dn ............................................................................... 124ds-mon-certificate-serial-number ........................................................................ 125ds-mon-certificate-subject-dn ............................................................................. 125ds-mon-changelog-hostport ................................................................................ 126ds-mon-changelog-id .......................................................................................... 126ds-mon-changelog-purge-delay ........................................................................... 127ds-mon-compact-version ..................................................................................... 127ds-mon-config-dn ............................................................................................... 128ds-mon-connected-to-server-hostport ................................................................. 128ds-mon-connected-to-server-id ........................................................................... 129

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. vii

ds-mon-connection ............................................................................................. 129ds-mon-connections ........................................................................................... 130ds-mon-current-connections ............................................................................... 130ds-mon-current-receive-window ......................................................................... 131ds-mon-current-time ........................................................................................... 131ds-mon-db-cache-evict-internal-nodes-count ....................................................... 132ds-mon-db-cache-evict-leaf-nodes-count .............................................................. 132ds-mon-db-cache-leaf-nodes ............................................................................... 133ds-mon-db-cache-misses-internal-nodes .............................................................. 133ds-mon-db-cache-misses-leaf-nodes .................................................................... 133ds-mon-db-cache-size-active ............................................................................... 134ds-mon-db-cache-size-total ................................................................................. 134ds-mon-db-cache-total-tries-internal-nodes ......................................................... 135ds-mon-db-cache-total-tries-leaf-nodes ................................................................ 135ds-mon-db-checkpoint-count ............................................................................... 136ds-mon-db-log-cleaner-file-deletion-count ........................................................... 136ds-mon-db-log-files-open .................................................................................... 137ds-mon-db-log-files-opened ................................................................................. 137ds-mon-db-log-size-active ................................................................................... 138ds-mon-db-log-size-total ..................................................................................... 138ds-mon-db-log-utilization-max ............................................................................. 139ds-mon-db-log-utilization-min ............................................................................. 139ds-mon-db-version .............................................................................................. 140ds-mon-disk-dir .................................................................................................. 140ds-mon-disk-free ................................................................................................ 141ds-mon-disk-full-threshold .................................................................................. 141ds-mon-disk-low-threshold .................................................................................. 142ds-mon-disk-root ................................................................................................ 142ds-mon-disk-state ............................................................................................... 143ds-mon-domain-generation-id ............................................................................. 143ds-mon-domain-name ......................................................................................... 144ds-mon-entries-awaiting-updates-count .............................................................. 144ds-mon-fix-ids ..................................................................................................... 145ds-mon-full-version ............................................................................................. 145ds-mon-group-id ................................................................................................. 146ds-mon-healthy-errors ........................................................................................ 146ds-mon-healthy .................................................................................................. 147ds-mon-install-path ............................................................................................. 147ds-mon-instance-path ......................................................................................... 148ds-mon-jvm-architecture .................................................................................... 148ds-mon-jvm-arguments ....................................................................................... 149ds-mon-jvm-available-cpus .................................................................................. 149ds-mon-jvm-class-path ........................................................................................ 150ds-mon-jvm-classes-loaded ................................................................................. 150ds-mon-jvm-classes-unloaded ............................................................................. 151ds-mon-jvm-java-home ........................................................................................ 151ds-mon-jvm-java-vendor ..................................................................................... 152

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. viii

ds-mon-jvm-java-version ..................................................................................... 152ds-mon-jvm-memory-heap-init ............................................................................ 153ds-mon-jvm-memory-heap-max ........................................................................... 153ds-mon-jvm-memory-heap-reserved .................................................................... 154ds-mon-jvm-memory-heap-used .......................................................................... 154ds-mon-jvm-memory-init ..................................................................................... 155ds-mon-jvm-memory-max .................................................................................... 155ds-mon-jvm-memory-non-heap-init ...................................................................... 156ds-mon-jvm-memory-non-heap-max .................................................................... 156ds-mon-jvm-memory-non-heap-reserved ............................................................. 157ds-mon-jvm-memory-non-heap-used .................................................................... 157ds-mon-jvm-memory-reserved ............................................................................ 158ds-mon-jvm-memory-used ................................................................................... 158ds-mon-jvm-supported-tls-ciphers ....................................................................... 159ds-mon-jvm-supported-tls-protocols .................................................................... 159ds-mon-jvm-threads-blocked-count ..................................................................... 160ds-mon-jvm-threads-count .................................................................................. 160ds-mon-jvm-threads-daemon-count ..................................................................... 161ds-mon-jvm-threads-deadlock-count ................................................................... 161ds-mon-jvm-threads-deadlocks ........................................................................... 162ds-mon-jvm-threads-new-count ........................................................................... 162ds-mon-jvm-threads-runnable-count ................................................................... 163ds-mon-jvm-threads-terminated-count ................................................................ 163ds-mon-jvm-threads-timed-waiting-count ............................................................ 164ds-mon-jvm-threads-waiting-count ...................................................................... 164ds-mon-jvm-vendor ............................................................................................. 165ds-mon-jvm-version ............................................................................................ 165ds-mon-last-seen ................................................................................................ 166ds-mon-ldap-hostport ......................................................................................... 166ds-mon-ldap-starttls-hostport ............................................................................. 167ds-mon-ldaps-hostport ........................................................................................ 167ds-mon-listen-address ........................................................................................ 168ds-mon-lost-connections ..................................................................................... 168ds-mon-major-version ......................................................................................... 169ds-mon-max-connections .................................................................................... 169ds-mon-minor-version ......................................................................................... 170ds-mon-newest-change-number .......................................................................... 170ds-mon-newest-csn-timestamp ............................................................................ 171ds-mon-newest-csn ............................................................................................. 171ds-mon-oldest-change-number ............................................................................ 172ds-mon-oldest-csn-timestamp ............................................................................. 172ds-mon-oldest-csn .............................................................................................. 173ds-mon-os-architecture ....................................................................................... 173ds-mon-os-name ................................................................................................. 174ds-mon-os-version .............................................................................................. 174ds-mon-point-version .......................................................................................... 175ds-mon-process-id .............................................................................................. 175

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. ix

ds-mon-product-name ........................................................................................ 176ds-mon-protocol ................................................................................................. 176ds-mon-receive-delay ......................................................................................... 177ds-mon-replay-delay ........................................................................................... 177ds-mon-replayed-updates-conflicts-resolved ........................................................ 178ds-mon-replayed-updates-conflicts-unresolved .................................................... 178ds-mon-replayed-updates ................................................................................... 179ds-mon-replication-domain ................................................................................. 179ds-mon-replication-protocol-version .................................................................... 180ds-mon-requests-abandon ................................................................................... 180ds-mon-requests-add .......................................................................................... 181ds-mon-requests-bind ......................................................................................... 181ds-mon-requests-compare .................................................................................. 182ds-mon-requests-delete ...................................................................................... 182ds-mon-requests-extended .................................................................................. 182ds-mon-requests-failure-client-invalid-request .................................................... 183ds-mon-requests-failure-client-redirect ............................................................... 183ds-mon-requests-failure-client-referral ............................................................... 184ds-mon-requests-failure-client-resource-limit ...................................................... 184ds-mon-requests-failure-client-security ............................................................... 185ds-mon-requests-failure-server ........................................................................... 185ds-mon-requests-failure-uncategorized ............................................................... 186ds-mon-requests-get ........................................................................................... 186ds-mon-requests-in-queue .................................................................................. 187ds-mon-requests-modify-dn ................................................................................ 187ds-mon-requests-modify ..................................................................................... 188ds-mon-requests-patch ....................................................................................... 188ds-mon-requests-post ......................................................................................... 189ds-mon-requests-put ........................................................................................... 189ds-mon-requests-rejected-queue-full ................................................................... 190ds-mon-requests-search-base ............................................................................. 190ds-mon-requests-search-one ............................................................................... 191ds-mon-requests-search-sub ............................................................................... 191ds-mon-requests-submitted ................................................................................ 192ds-mon-requests-unbind ..................................................................................... 192ds-mon-requests-uncategorized .......................................................................... 192ds-mon-revision .................................................................................................. 193ds-mon-sent-updates .......................................................................................... 193ds-mon-server-id ................................................................................................ 194ds-mon-server-is-local ........................................................................................ 194ds-mon-server-state ............................................................................................ 195ds-mon-short-name ............................................................................................ 195ds-mon-ssl-encryption ........................................................................................ 196ds-mon-start-time ............................................................................................... 196ds-mon-status-last-changed ................................................................................ 197ds-mon-status ..................................................................................................... 197ds-mon-system-name .......................................................................................... 198

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. x

ds-mon-total-connections .................................................................................... 198ds-mon-total-update-entry-count ......................................................................... 199ds-mon-total-update-entry-left ............................................................................ 199ds-mon-total-update ........................................................................................... 200ds-mon-updates-inbound-queue .......................................................................... 200ds-mon-updates-outbound-queue ........................................................................ 201ds-mon-updates-totals-per-replay-thread ............................................................ 201ds-mon-vendor-name .......................................................................................... 202ds-mon-version-qualifier ..................................................................................... 202ds-mon-working-directory .................................................................................. 203ds-private-naming-contexts ................................................................................ 203ds-privilege-name ............................................................................................... 204ds-pwp-account-disabled .................................................................................... 204ds-pwp-account-expiration-time .......................................................................... 205ds-pwp-account-status-notification-handler ......................................................... 205ds-pwp-allow-expired-password-changes ............................................................ 206ds-pwp-allow-multiple-password-values .............................................................. 206ds-pwp-allow-pre-encoded-passwords ................................................................. 206ds-pwp-allow-user-password-changes ................................................................. 207ds-pwp-attribute-value-check-substrings ............................................................. 207ds-pwp-attribute-value-match-attribute .............................................................. 208ds-pwp-attribute-value-min-substring-length ...................................................... 208ds-pwp-attribute-value-test-reversed-password ................................................... 209ds-pwp-character-set-allow-unclassified-characters ............................................ 209ds-pwp-character-set-character-set-ranges ......................................................... 209ds-pwp-character-set-character-set .................................................................... 210ds-pwp-character-set-min-character-sets ............................................................ 210ds-pwp-default-password-storage-scheme ........................................................... 211ds-pwp-deprecated-password-storage-scheme .................................................... 211ds-pwp-dictionary-case-sensitive-validation ........................................................ 212ds-pwp-dictionary-check-substrings .................................................................... 212ds-pwp-dictionary-data ....................................................................................... 212ds-pwp-dictionary-min-substring-length .............................................................. 213ds-pwp-dictionary-test-reversed-password .......................................................... 213ds-pwp-expire-passwords-without-warning ......................................................... 214ds-pwp-force-change-on-add ............................................................................... 214ds-pwp-force-change-on-reset ............................................................................. 215ds-pwp-grace-login-count ................................................................................... 215ds-pwp-idle-lockout-interval ............................................................................... 215ds-pwp-last-login-time-attribute .......................................................................... 216ds-pwp-last-login-time-format ............................................................................. 216ds-pwp-last-login-time ........................................................................................ 217ds-pwp-length-based-max-password-length ......................................................... 217ds-pwp-length-based-min-password-length ......................................................... 218ds-pwp-lockout-duration ..................................................................................... 218ds-pwp-lockout-failure-count .............................................................................. 219ds-pwp-lockout-failure-expiration-interval ........................................................... 219

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xi

ds-pwp-max-password-age .................................................................................. 220ds-pwp-max-password-reset-age ......................................................................... 220ds-pwp-min-password-age .................................................................................. 221ds-pwp-password-attribute ................................................................................. 221ds-pwp-password-change-requires-current-password .......................................... 221ds-pwp-password-changed-by-required-time ....................................................... 222ds-pwp-password-expiration-time ....................................................................... 222ds-pwp-password-expiration-warning-interval ..................................................... 223ds-pwp-password-history-count .......................................................................... 223ds-pwp-password-history-duration ...................................................................... 224ds-pwp-password-policy-dn ................................................................................ 224ds-pwp-previous-last-login-time-format ............................................................... 225ds-pwp-random-password-character-set ............................................................. 225ds-pwp-random-password-format ....................................................................... 226ds-pwp-repeated-characters-case-sensitive-validation ......................................... 226ds-pwp-repeated-characters-max-consecutive-length .......................................... 226ds-pwp-require-change-by-time .......................................................................... 227ds-pwp-require-secure-authentication ................................................................ 227ds-pwp-require-secure-password-changes .......................................................... 228ds-pwp-reset-time .............................................................................................. 228ds-pwp-similarity-based-min-password-difference ............................................... 229ds-pwp-skip-validation-for-administrators ........................................................... 229ds-pwp-state-update-failure-policy ...................................................................... 229ds-pwp-unique-characters-case-sensitive-validation ............................................ 230ds-pwp-unique-characters-min-unique-characters ............................................... 230ds-pwp-warned-time ........................................................................................... 231ds-rlim-cursor-entry-limit ................................................................................... 231ds-rlim-idle-time-limit ......................................................................................... 232ds-rlim-lookthrough-limit .................................................................................... 232ds-rlim-size-limit ................................................................................................ 233ds-rlim-time-limit ............................................................................................... 233ds-sync-conflict .................................................................................................. 234ds-sync-fractional-exclude .................................................................................. 234ds-sync-fractional-include ................................................................................... 234ds-sync-generation-id ......................................................................................... 235ds-sync-hist ........................................................................................................ 235ds-sync-state ...................................................................................................... 236ds-target-group-dn ............................................................................................. 236dSAQuality ......................................................................................................... 237emailAddress ..................................................................................................... 237employeeNumber ............................................................................................... 238employeeType .................................................................................................... 238enhancedSearchGuide ....................................................................................... 239entryDN ............................................................................................................. 239entryUUID ......................................................................................................... 240etag ................................................................................................................... 240facsimileTelephoneNumber ................................................................................ 241

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xii

firstChangeNumber ........................................................................................... 241followReferrals ................................................................................................... 242fr-idm-accountStatus .......................................................................................... 242fr-idm-cluster-json .............................................................................................. 243fr-idm-condition ................................................................................................. 243fr-idm-consentedMapping .................................................................................. 244fr-idm-custom-attrs ............................................................................................ 244fr-idm-effectiveAssignment ................................................................................. 245fr-idm-effectiveRole ............................................................................................ 245fr-idm-internal-role-authzmembers-internal-user ................................................ 246fr-idm-internal-role-authzmembers-managed-user .............................................. 246fr-idm-internal-user-authzroles-internal-role ....................................................... 247fr-idm-internal-user-authzroles-managed-role ..................................................... 247fr-idm-json ......................................................................................................... 248fr-idm-kbaInfo .................................................................................................... 248fr-idm-lastSync ................................................................................................... 248fr-idm-link-firstid-constraint ............................................................................... 249fr-idm-link-firstid ................................................................................................ 249fr-idm-link-qualifier ............................................................................................ 250fr-idm-link-secondid-constraint ........................................................................... 250fr-idm-link-secondid ........................................................................................... 251fr-idm-link-type .................................................................................................. 251fr-idm-lock-nodeid .............................................................................................. 252fr-idm-managed-assignment-json ........................................................................ 252fr-idm-managed-role-assignments ....................................................................... 253fr-idm-managed-role-json ................................................................................... 253fr-idm-managed-user-authzroles-internal-role ..................................................... 254fr-idm-managed-user-authzroles-managed-role ................................................... 254fr-idm-managed-user-custom-attrs ...................................................................... 255fr-idm-managed-user-json ................................................................................... 255fr-idm-managed-user-manager ........................................................................... 256fr-idm-managed-user-meta ................................................................................. 256fr-idm-managed-user-notifications ...................................................................... 257fr-idm-managed-user-roles ................................................................................. 257fr-idm-name ....................................................................................................... 258fr-idm-notification-json ....................................................................................... 258fr-idm-password ................................................................................................. 259fr-idm-preferences ............................................................................................. 259fr-idm-privilege .................................................................................................. 259fr-idm-recon-id ................................................................................................... 260fr-idm-recon-targetIds ........................................................................................ 260fr-idm-reconassoc-finishtime .............................................................................. 261fr-idm-reconassoc-isanalysis ............................................................................... 261fr-idm-reconassoc-mapping ................................................................................ 262fr-idm-reconassoc-reconid .................................................................................. 262fr-idm-reconassoc-sourceresourcecollection ....................................................... 263fr-idm-reconassoc-targetresourcecollection ........................................................ 263

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xiii

fr-idm-reconassocentry-action ............................................................................ 264fr-idm-reconassocentry-ambiguoustargetobjectids .............................................. 264fr-idm-reconassocentry-exception ....................................................................... 265fr-idm-reconassocentry-linkqualifier ................................................................... 265fr-idm-reconassocentry-message ........................................................................ 266fr-idm-reconassocentry-messagedetail ................................................................ 266fr-idm-reconassocentry-phase ............................................................................. 267fr-idm-reconassocentry-reconid .......................................................................... 267fr-idm-reconassocentry-situation ........................................................................ 268fr-idm-reconassocentry-sourceobjectid ............................................................... 268fr-idm-reconassocentry-status ............................................................................ 269fr-idm-reconassocentry-targetobjectid ................................................................ 269fr-idm-relationship-json ...................................................................................... 270fr-idm-role .......................................................................................................... 270fr-idm-syncqueue-context ................................................................................... 270fr-idm-syncqueue-createdate .............................................................................. 271fr-idm-syncqueue-mapping ................................................................................. 271fr-idm-syncqueue-newobject ............................................................................... 272fr-idm-syncqueue-nodeid .................................................................................... 272fr-idm-syncqueue-objectrev ................................................................................ 273fr-idm-syncqueue-oldobject ................................................................................ 273fr-idm-syncqueue-remainingretries ..................................................................... 274fr-idm-syncqueue-resourcecollection .................................................................. 274fr-idm-syncqueue-resourceid .............................................................................. 275fr-idm-syncqueue-state ....................................................................................... 275fr-idm-syncqueue-syncaction .............................................................................. 276fr-idm-temporal-constraints ................................................................................ 276fr-idm-uuid ......................................................................................................... 277fullVendorVersion .............................................................................................. 277gecos ................................................................................................................. 278generationQualifier ............................................................................................ 278gidNumber ........................................................................................................ 279givenName ........................................................................................................ 279governingStructureRule ..................................................................................... 280hasSubordinates ................................................................................................ 280healthy .............................................................................................................. 280homeDirectory ................................................................................................... 281homePhone ........................................................................................................ 281homePostalAddress ............................................................................................ 282host ................................................................................................................... 282houseIdentifier ................................................................................................... 283includedAttributes ............................................................................................. 283inetUserHttpURL ............................................................................................... 284inetUserStatus ................................................................................................... 284info .................................................................................................................... 285inheritable ......................................................................................................... 285inheritAttribute .................................................................................................. 286

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xiv

inheritFromBaseRDN ......................................................................................... 286inheritFromDNAttribute ..................................................................................... 287inheritFromDNParent ........................................................................................ 287inheritFromRDNAttribute .................................................................................. 288inheritFromRDNType ......................................................................................... 288initials ............................................................................................................... 289internationaliSDNNumber .................................................................................. 289ipHostNumber ................................................................................................... 290iplanet-am-auth-configuration ............................................................................ 290iplanet-am-auth-login-failure-url ......................................................................... 291iplanet-am-auth-login-success-url ....................................................................... 291iplanet-am-auth-post-login-process-class ............................................................ 292iplanet-am-session-destroy-sessions ................................................................... 292iplanet-am-session-get-valid-sessions .................................................................. 293iplanet-am-session-max-caching-time ................................................................. 293iplanet-am-session-max-idle-time ........................................................................ 294iplanet-am-session-max-session-time .................................................................. 294iplanet-am-session-quota-limit ............................................................................ 295iplanet-am-session-service-status ....................................................................... 295iplanet-am-user-account-life ............................................................................... 296iplanet-am-user-admin-start-dn .......................................................................... 297iplanet-am-user-alias-list .................................................................................... 297iplanet-am-user-auth-config ................................................................................ 298iplanet-am-user-auth-modules ............................................................................ 298iplanet-am-user-failure-url .................................................................................. 299iplanet-am-user-login-status ............................................................................... 299iplanet-am-user-password-reset-force-reset ........................................................ 300iplanet-am-user-password-reset-options ............................................................. 300iplanet-am-user-password-reset-question-answer ................................................ 301iplanet-am-user-service-status ............................................................................ 301iplanet-am-user-success-url ................................................................................ 302ipNetmaskNumber ............................................................................................. 302ipNetworkNumber ............................................................................................. 303ipProtocolNumber .............................................................................................. 303ipServicePort ..................................................................................................... 304ipServiceProtocol ............................................................................................... 304ipTnetNumber ................................................................................................... 305ipTnetTemplateName ......................................................................................... 305isMemberOf ....................................................................................................... 306janetMailbox ...................................................................................................... 306javaClassName .................................................................................................. 307javaClassNames ................................................................................................. 307javaCodebase ..................................................................................................... 308javaDoc .............................................................................................................. 308javaFactory ........................................................................................................ 309javaReferenceAddress ........................................................................................ 309javaSerializedData ............................................................................................. 310

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xv

jpegPhoto .......................................................................................................... 311kbaActiveIndex .................................................................................................. 311kbaInfo .............................................................................................................. 312kbaInfoAttempts ................................................................................................ 312knowledgeInformation ....................................................................................... 313l ......................................................................................................................... 313labeledURI ......................................................................................................... 314labeledURL ........................................................................................................ 315lastChangeNumber ............................................................................................ 315lastExternalChangelogCookie ............................................................................. 315lastModifiedBy ................................................................................................... 316lastModifiedTime ............................................................................................... 316ldapSyntaxes ...................................................................................................... 317loginShell ........................................................................................................... 317macAddress ....................................................................................................... 318mail ................................................................................................................... 318mailPreferenceOption ........................................................................................ 319manager ............................................................................................................ 320matchingRules ................................................................................................... 320matchingRuleUse ............................................................................................... 321mDRecord .......................................................................................................... 321member ............................................................................................................. 322memberGid ........................................................................................................ 322memberNisNetgroup ......................................................................................... 323memberof .......................................................................................................... 323memberUid ........................................................................................................ 324memberURL ...................................................................................................... 324mgrpRFC822MailMember .................................................................................. 325mobile ................................................................................................................ 325modifiersName .................................................................................................. 326modifyTimestamp ............................................................................................... 326mxRecord .......................................................................................................... 326name ................................................................................................................. 327nameForms ........................................................................................................ 327namingContexts ................................................................................................. 328newRDN ............................................................................................................ 328newSuperior ...................................................................................................... 329nisDomain .......................................................................................................... 329nisMapEntry ...................................................................................................... 330nisMapName ...................................................................................................... 330nisNetgroupTriple .............................................................................................. 331nisNetIdGroup ................................................................................................... 331nisNetIdHost ..................................................................................................... 332nisNetIdUser ..................................................................................................... 332nisplusTimeZone ................................................................................................ 333nisPublicKey ...................................................................................................... 333nisSecretKey ...................................................................................................... 334

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xvi

nsds50ruv .......................................................................................................... 334nSRecord ........................................................................................................... 334nsUniqueId ........................................................................................................ 335numSubordinates ............................................................................................... 335o ........................................................................................................................ 336oath2faEnabled .................................................................................................. 337oathDeviceProfiles ............................................................................................. 337objectClass ........................................................................................................ 338objectClasses ..................................................................................................... 339objectclassMap .................................................................................................. 340oncRpcNumber .................................................................................................. 340organizationalStatus .......................................................................................... 341otherMailbox ..................................................................................................... 341ou ...................................................................................................................... 342owner ................................................................................................................ 342pager ................................................................................................................. 343personalSignature .............................................................................................. 343personalTitle ...................................................................................................... 344photo ................................................................................................................. 344physicalDeliveryOfficeName ............................................................................... 345postalAddress .................................................................................................... 345postalCode ......................................................................................................... 346postOfficeBox ..................................................................................................... 347preferredDeliveryMethod ................................................................................... 347preferredLanguage ............................................................................................ 348preferredLocale ................................................................................................. 348preferredServerList ........................................................................................... 349preferredTimeZone ............................................................................................ 349presentationAddress .......................................................................................... 350printer-aliases .................................................................................................... 350printer-charset-configured ................................................................................. 351printer-charset-supported .................................................................................. 351printer-color-supported ...................................................................................... 352printer-compression-supported .......................................................................... 352printer-copies-supported .................................................................................... 353printer-current-operator ..................................................................................... 353printer-delivery-orientation-supported ................................................................ 354printer-document-format-supported ................................................................... 354printer-finishings-supported ............................................................................... 355printer-generated-natural-language-supported ................................................... 355printer-info ........................................................................................................ 356printer-ipp-versions-supported ........................................................................... 356printer-job-k-octets-supported ............................................................................ 357printer-job-priority-supported ............................................................................. 357printer-location .................................................................................................. 358printer-make-and-model ..................................................................................... 358printer-media-local-supported ............................................................................ 359

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xvii

printer-media-supported .................................................................................... 359printer-more-info ............................................................................................... 360printer-multiple-document-jobs-supported .......................................................... 360printer-name ...................................................................................................... 361printer-natural-language-configured ................................................................... 361printer-number-up-supported ............................................................................. 362printer-output-features-supported ...................................................................... 362printer-pages-per-minute-color ........................................................................... 363printer-pages-per-minute ................................................................................... 363printer-print-quality-supported ........................................................................... 364printer-resolution-supported .............................................................................. 364printer-service-person ........................................................................................ 365printer-sides-supported ...................................................................................... 365printer-stacking-order-supported ....................................................................... 366printer-uri .......................................................................................................... 366printer-xri-supported .......................................................................................... 367profileTTL .......................................................................................................... 367protocolInformation ........................................................................................... 368push2faEnabled ................................................................................................. 368pushDeviceProfiles ............................................................................................. 369pwdAccountLockedTime .................................................................................... 369pwdAllowUserChange ........................................................................................ 370pwdAttribute ...................................................................................................... 370pwdChangedTime .............................................................................................. 371pwdCheckQuality ............................................................................................... 371pwdExpireWarning ............................................................................................ 372pwdFailureCountInterval ................................................................................... 372pwdFailureTime ................................................................................................. 373pwdGraceAuthNLimit ........................................................................................ 373pwdGraceUseTime ............................................................................................. 374pwdHistory ........................................................................................................ 374pwdInHistory ..................................................................................................... 375pwdLockout ....................................................................................................... 375pwdLockoutDuration .......................................................................................... 376pwdMaxAge ....................................................................................................... 376pwdMaxFailure .................................................................................................. 377pwdMinAge ........................................................................................................ 377pwdMinLength ................................................................................................... 378pwdMustChange ................................................................................................ 378pwdPolicySubentry ............................................................................................ 379pwdReset ........................................................................................................... 379pwdSafeModify .................................................................................................. 380ref ..................................................................................................................... 380registeredAddress .............................................................................................. 381replicaIdentifier ................................................................................................. 381replicationCSN .................................................................................................. 382rfc822mailMember ............................................................................................ 382

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xviii

roleOccupant ..................................................................................................... 383roomNumber ..................................................................................................... 383sambaAcctFlags ................................................................................................. 384sambaAlgorithmicRidBase .................................................................................. 384sambaBadPasswordCount .................................................................................. 385sambaBadPasswordTime .................................................................................... 385sambaBoolOption ............................................................................................... 386sambaDomainName ........................................................................................... 386sambaForceLogoff ............................................................................................. 387sambaGroupType ............................................................................................... 387sambaHomeDrive ............................................................................................... 388sambaHomePath ................................................................................................ 388sambaIntegerOption .......................................................................................... 388sambaKickoffTime .............................................................................................. 389sambaLMPassword ............................................................................................ 389sambaLockoutDuration ...................................................................................... 390sambaLockoutObservationWindow ..................................................................... 390sambaLockoutThreshold .................................................................................... 391sambaLogoffTime ............................................................................................... 391sambaLogonHours ............................................................................................. 392sambaLogonScript ............................................................................................. 392sambaLogonTime ............................................................................................... 393sambaLogonToChgPwd ...................................................................................... 393sambaMaxPwdAge ............................................................................................. 393sambaMinPwdAge .............................................................................................. 394sambaMinPwdLength ......................................................................................... 394sambaMungedDial ............................................................................................. 395sambaNextGroupRid .......................................................................................... 395sambaNextRid ................................................................................................... 396sambaNextUserRid ............................................................................................ 396sambaNTPassword ............................................................................................. 397sambaOptionName ............................................................................................. 397sambaPasswordHistory ...................................................................................... 398sambaPrimaryGroupSID ..................................................................................... 398sambaPrivilegeList ............................................................................................. 399sambaProfilePath ............................................................................................... 399sambaPwdCanChange ........................................................................................ 399sambaPwdHistoryLength ................................................................................... 400sambaPwdLastSet .............................................................................................. 400sambaPwdMustChange ...................................................................................... 401sambaRefuseMachinePwdChange ...................................................................... 401sambaShareName .............................................................................................. 402sambaSID .......................................................................................................... 402sambaSIDList ..................................................................................................... 403sambaStringListOption ...................................................................................... 403sambaStringOption ............................................................................................ 404sambaTrustFlags ................................................................................................ 404

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xix

sambaUserWorkstations ..................................................................................... 405searchGuide ....................................................................................................... 405searchTimeLimit ................................................................................................ 406secretary ........................................................................................................... 406seeAlso .............................................................................................................. 407serialNumber ..................................................................................................... 407service-advert-attribute-authenticator ................................................................ 408service-advert-scopes ......................................................................................... 408service-advert-service-type ................................................................................. 409service-advert-url-authenticator ......................................................................... 409serviceAuthenticationMethod ............................................................................. 410serviceCredentialLevel ....................................................................................... 410serviceSearchDescriptor .................................................................................... 411shadowExpire .................................................................................................... 411shadowFlag ....................................................................................................... 412shadowInactive .................................................................................................. 412shadowLastChange ............................................................................................ 413shadowMax ........................................................................................................ 413shadowMin ........................................................................................................ 414shadowWarning ................................................................................................. 414singleLevelQuality .............................................................................................. 414sn ...................................................................................................................... 415sOARecord ......................................................................................................... 415SolarisAttrKeyValue ........................................................................................... 416SolarisAttrLongDesc .......................................................................................... 416SolarisAttrReserved1 ......................................................................................... 417SolarisAttrReserved2 ......................................................................................... 417SolarisAttrShortDesc ......................................................................................... 418SolarisAuditAlways ............................................................................................ 418SolarisAuditNever .............................................................................................. 419SolarisAuthMethod ............................................................................................ 419SolarisBindDN ................................................................................................... 420SolarisBindPassword .......................................................................................... 420SolarisBindTimeLimit ......................................................................................... 421SolarisCacheTTL ................................................................................................ 421SolarisCertificatePassword ................................................................................ 422SolarisCertificatePath ........................................................................................ 422SolarisDataSearchDN ........................................................................................ 423SolarisKernelSecurityPolicy ............................................................................... 423SolarisLDAPServers ........................................................................................... 424SolarisPreferredServer ...................................................................................... 424SolarisPreferredServerOnly ............................................................................... 425SolarisProfileId .................................................................................................. 425SolarisProfileType .............................................................................................. 426SolarisProjectAttr .............................................................................................. 426SolarisProjectID ................................................................................................. 427SolarisProjectName ........................................................................................... 427

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xx

SolarisSearchBaseDN ........................................................................................ 428SolarisSearchReferral ........................................................................................ 428SolarisSearchScope ........................................................................................... 429SolarisSearchTimeLimit ..................................................................................... 429SolarisTransportSecurity ................................................................................... 430SolarisUserQualifier ........................................................................................... 430st ....................................................................................................................... 431street ................................................................................................................. 431structuralObjectClass ......................................................................................... 432subschemaSubentry ........................................................................................... 432subtreeMaximumQuality .................................................................................... 433subtreeMinimumQuality ..................................................................................... 433subtreeSpecification .......................................................................................... 434sun-fm-saml2-nameid-info .................................................................................. 435sun-fm-saml2-nameid-infokey ............................................................................. 435sun-printer-bsdaddr ........................................................................................... 436sun-printer-kvp .................................................................................................. 436sunAMAuthInvalidAttemptsData ........................................................................ 437sunIdentityMSISDNNumber ............................................................................... 437sunKeyValue ...................................................................................................... 438sunPluginSchema ............................................................................................... 438sunserviceID ...................................................................................................... 439sunServiceSchema ............................................................................................. 439sunsmspriority ................................................................................................... 440sunxmlKeyValue ................................................................................................. 441supportedAlgorithms .......................................................................................... 441supportedApplicationContext ............................................................................. 442supportedAuthPasswordSchemes ....................................................................... 442supportedControl ............................................................................................... 443supportedExtension ........................................................................................... 443supportedFeatures ............................................................................................. 443supportedLDAPVersion ...................................................................................... 444supportedSASLMechanisms ............................................................................... 444supportedTLSCiphers ........................................................................................ 445supportedTLSProtocols ...................................................................................... 445targetDN ........................................................................................................... 446targetEntryUUID ............................................................................................... 446telephoneNumber .............................................................................................. 447teletexTerminalIdentifier ................................................................................... 447telexNumber ...................................................................................................... 448template-major-version-number .......................................................................... 448template-minor-version-number ......................................................................... 449template-url-syntax ............................................................................................ 449textEncodedORAddress ...................................................................................... 450title .................................................................................................................... 450uddiAccessPoint ................................................................................................. 451uddiAddressLine ................................................................................................ 451

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xxi

uddiAuthorizedName ......................................................................................... 452uddiBindingKey .................................................................................................. 453uddiBusinessKey ................................................................................................ 453uddiCategoryBag ............................................................................................... 454uddiDescription ................................................................................................. 454uddiDiscoveryURLs ............................................................................................ 455uddiEMail .......................................................................................................... 455uddiFromKey ..................................................................................................... 456uddiHostingRedirector ....................................................................................... 457uddiIdentifierBag ............................................................................................... 457uddiInstanceDescription .................................................................................... 458uddiInstanceParms ............................................................................................ 458uddiIsHidden ..................................................................................................... 459uddiIsProjection ................................................................................................. 459uddiKeyedReference .......................................................................................... 460uddiLang ........................................................................................................... 460uddiName .......................................................................................................... 461uddiOperator ..................................................................................................... 462uddiOverviewDescription ................................................................................... 462uddiOverviewURL .............................................................................................. 463uddiPersonName ................................................................................................ 463uddiPhone .......................................................................................................... 464uddiServiceKey .................................................................................................. 464uddiSortCode ..................................................................................................... 465uddiTModelKey .................................................................................................. 466uddiToKey .......................................................................................................... 466uddiUseType ...................................................................................................... 467uddiUUID .......................................................................................................... 467uddiv3BindingKey .............................................................................................. 468uddiv3BriefResponse ......................................................................................... 468uddiv3BusinessKey ............................................................................................ 469uddiv3DigitalSignature ...................................................................................... 469uddiv3EntityCreationTime .................................................................................. 470uddiv3EntityDeletionTime .................................................................................. 471uddiv3EntityKey ................................................................................................. 471uddiv3EntityModificationTime ............................................................................ 472uddiv3ExpiresAfter ............................................................................................ 472uddiv3MaxEntities ............................................................................................. 473uddiv3NodeId .................................................................................................... 473uddiv3NotificationInterval ................................................................................. 474uddiv3ServiceKey .............................................................................................. 474uddiv3SubscriptionFilter .................................................................................... 475uddiv3SubscriptionKey ...................................................................................... 475uddiv3TModelKey .............................................................................................. 476uid ..................................................................................................................... 476uidNumber ........................................................................................................ 477uniqueIdentifier ................................................................................................. 478

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xxii

uniqueMember ................................................................................................... 478userCertificate ................................................................................................... 479userClass ........................................................................................................... 479userPassword .................................................................................................... 480userPKCS12 ....................................................................................................... 480userSMIMECertificate ....................................................................................... 481vendorName ...................................................................................................... 482vendorVersion .................................................................................................... 482webauthnDeviceProfiles ..................................................................................... 483winAccountName ............................................................................................... 483x121Address ...................................................................................................... 484x500UniqueIdentifier ......................................................................................... 484

2. DIT Content Rules ................................................................................................. 4853. DIT Structure Rules .............................................................................................. 486

uddiAddressStructureRule ................................................................................. 486uddiBindingTemplateStructureRule ................................................................... 486uddiBusinessEntityStructureRule ....................................................................... 487uddiBusinessServiceStructureRule ..................................................................... 487uddiContactStructureRule .................................................................................. 487uddiPublisherAssertionStructureRule ................................................................. 487uddiTModelInstanceInfoStructureRule ............................................................... 488uddiTModelStructureRule .................................................................................. 488uddiv3EntityObituaryStructureRule ................................................................... 488uddiv3SubscriptionStructureRule ....................................................................... 488

4. Matching Rule Uses .............................................................................................. 4905. Matching Rules ..................................................................................................... 491

1.3.6.1.4.1.26027.1.4.8.1.3.6.1.4.1.26027.1.3.6 .................................................. 493authPasswordExactMatch .................................................................................. 493authPasswordMatch ........................................................................................... 494bitStringMatch ................................................................................................... 494booleanMatch .................................................................................................... 494caseExactIA5Match ............................................................................................ 495caseExactIA5SubstringsMatch ........................................................................... 495caseExactJsonIdMatch ....................................................................................... 496caseExactJsonQueryMatch ................................................................................. 496caseExactMatch ................................................................................................. 496caseExactOrderingMatch ................................................................................... 497caseExactSubstringsMatch ................................................................................ 497caseIgnoreIA5Match .......................................................................................... 497caseIgnoreIA5SubstringsMatch .......................................................................... 498caseIgnoreJsonIdMatch ...................................................................................... 498caseIgnoreJsonQueryMatch ................................................................................ 499caseIgnoreJsonQueryMatchClusterObject .......................................................... 499caseIgnoreJsonQueryMatchManagedRole ........................................................... 499caseIgnoreJsonQueryMatchManagedUser .......................................................... 499caseIgnoreJsonQueryMatchRelationship ............................................................ 499caseIgnoreListMatch .......................................................................................... 500

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xxiii

caseIgnoreListSubstringsMatch ......................................................................... 500caseIgnoreMatch ............................................................................................... 500caseIgnoreOrderingMatch ................................................................................. 501caseIgnoreSubstringsMatch ............................................................................... 501certificateExactMatch ........................................................................................ 502ctsOAuth2GrantSetEqualityMatch ...................................................................... 502directoryStringFirstComponentMatch ................................................................ 502distinguishedNameMatch ................................................................................... 502ds-mr-double-metaphone-approx ........................................................................ 503ds-mr-user-password-equality ............................................................................. 503ds-mr-user-password-exact ................................................................................. 503generalizedTimeMatch ....................................................................................... 503generalizedTimeOrderingMatch ......................................................................... 504historicalCsnOrderingMatch .............................................................................. 504historicalCsnRangeMatch .................................................................................. 504integerFirstComponentMatch ............................................................................ 504integerMatch ..................................................................................................... 505integerOrderingMatch ....................................................................................... 505jsonFirstComponentCaseExactJsonQueryMatch ................................................. 505jsonFirstComponentCaseIgnoreJsonQueryMatch ................................................ 506keywordMatch ................................................................................................... 506nameAndOptionalCaseExactJsonIdEqualityMatch ............................................... 507nameAndOptionalCaseIgnoreJsonIdEqualityMatch ............................................. 507nameAndOptionalJsonEqualityMatchingRule ...................................................... 507numericStringMatch .......................................................................................... 508numericStringOrderingMatch ............................................................................ 508numericStringSubstringsMatch .......................................................................... 508objectIdentifierFirstComponentMatch ................................................................ 509objectIdentifierMatch ......................................................................................... 509octetStringMatch ............................................................................................... 510octetStringOrderingMatch ................................................................................. 510octetStringSubstringsMatch ............................................................................... 510partialDateAndTimeMatchingRule ...................................................................... 510presentationAddressMatch ................................................................................. 511protocolInformationMatch ................................................................................. 511relativeTimeGTOrderingMatch ........................................................................... 511relativeTimeLTOrderingMatch ........................................................................... 511telephoneNumberMatch ..................................................................................... 512telephoneNumberSubstringsMatch .................................................................... 512uniqueMemberMatch ......................................................................................... 513uuidMatch ......................................................................................................... 513uuidOrderingMatch ............................................................................................ 513wordMatch ........................................................................................................ 514

6. Name Forms .......................................................................................................... 515uddiAddressNameForm ...................................................................................... 515uddiBindingTemplateNameForm ........................................................................ 515uddiBusinessEntityNameForm ........................................................................... 516

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xxiv

uddiBusinessServiceNameForm ......................................................................... 516uddiContactNameForm ...................................................................................... 516uddiPublisherAssertionNameForm ..................................................................... 517uddiTModelInstanceInfoNameForm ................................................................... 517uddiTModelNameForm ...................................................................................... 517uddiv3EntityObituaryNameForm ........................................................................ 518uddiv3SubscriptionNameForm ........................................................................... 518

7. Object Classes ....................................................................................................... 519account .............................................................................................................. 527alias ................................................................................................................... 527applicationEntity ................................................................................................ 528applicationProcess ............................................................................................. 528authPasswordObject .......................................................................................... 529automount ......................................................................................................... 529automountMap ................................................................................................... 529bootableDevice .................................................................................................. 530calEntry ............................................................................................................. 530certificationAuthority-V2 .................................................................................... 530certificationAuthority ......................................................................................... 531changeLogEntry ................................................................................................. 531collectiveAttributeSubentry ................................................................................ 532container ........................................................................................................... 532corbaContainer .................................................................................................. 533corbaObject ....................................................................................................... 533corbaObjectReference ........................................................................................ 533country .............................................................................................................. 534cRLDistributionPoint .......................................................................................... 534dcObject ............................................................................................................ 535deltaCRL ............................................................................................................ 535device ................................................................................................................ 535devicePrintProfilesContainer .............................................................................. 536deviceProfilesContainer ..................................................................................... 536dmd ................................................................................................................... 537dNSDomain ....................................................................................................... 537document ........................................................................................................... 538documentSeries ................................................................................................. 538domain ............................................................................................................... 538domainRelatedObject ......................................................................................... 539ds-certificate-user .............................................................................................. 539ds-monitor-backend-db ....................................................................................... 540ds-monitor-backend-pluggable ........................................................................... 540ds-monitor-backend-proxy .................................................................................. 541ds-monitor-backend ........................................................................................... 541ds-monitor-base-dn ............................................................................................ 542ds-monitor-branch .............................................................................................. 542ds-monitor-certificate ......................................................................................... 542ds-monitor-changelog-domain ............................................................................ 543

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xxv

ds-monitor-changelog ......................................................................................... 543ds-monitor-connected-changelog ........................................................................ 543ds-monitor-connected-replica ............................................................................. 544ds-monitor-connection-handler ........................................................................... 544ds-monitor-disk-space ........................................................................................ 545ds-monitor-entry-cache ...................................................................................... 545ds-monitor-health-status ..................................................................................... 545ds-monitor-http-connection-handler .................................................................... 546ds-monitor-je-database ....................................................................................... 546ds-monitor-jvm ................................................................................................... 546ds-monitor-ldap-connection-handler ................................................................... 547ds-monitor-raw-je-database-statistics ................................................................. 548ds-monitor-remote-replica .................................................................................. 548ds-monitor-replica-db ......................................................................................... 548ds-monitor-replica .............................................................................................. 549ds-monitor-server ............................................................................................... 549ds-monitor-topology-server ................................................................................. 550ds-monitor-work-queue ...................................................................................... 550ds-monitor ......................................................................................................... 551ds-pwp-attribute-value-validator ......................................................................... 551ds-pwp-character-set-validator ........................................................................... 551ds-pwp-dictionary-validator ................................................................................ 552ds-pwp-length-based-validator ............................................................................ 552ds-pwp-password-policy ..................................................................................... 552ds-pwp-random-generator .................................................................................. 553ds-pwp-repeated-characters-validator ................................................................ 553ds-pwp-similarity-based-validator ....................................................................... 554ds-pwp-unique-characters-validator .................................................................... 554ds-pwp-validator ................................................................................................ 554ds-root-dse ......................................................................................................... 555ds-virtual-static-group ........................................................................................ 555dSA .................................................................................................................... 555DUAConfigProfile ............................................................................................... 556extensibleObject ................................................................................................ 556forgerock-am-dashboard-service ........................................................................ 557fr-idm-cluster-obj ............................................................................................... 557fr-idm-generic-obj .............................................................................................. 557fr-idm-hybrid-obj ................................................................................................ 558fr-idm-internal-role ............................................................................................. 558fr-idm-internal-user ............................................................................................ 558fr-idm-link .......................................................................................................... 559fr-idm-lock ......................................................................................................... 559fr-idm-managed-assignment ............................................................................... 560fr-idm-managed-role ........................................................................................... 560fr-idm-managed-user-explicit .............................................................................. 560fr-idm-managed-user-hybrid-obj ......................................................................... 561fr-idm-managed-user .......................................................................................... 561

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xxvi

fr-idm-notification .............................................................................................. 562fr-idm-recon-clusteredTargetIds ......................................................................... 562fr-idm-reconassoc ............................................................................................... 562fr-idm-reconassocentry ...................................................................................... 563fr-idm-relationship ............................................................................................. 563fr-idm-syncqueue ............................................................................................... 564frCoreToken ....................................................................................................... 564friendlyCountry .................................................................................................. 565glue ................................................................................................................... 565groupOfEntries .................................................................................................. 565groupOfNames ................................................................................................... 566groupOfUniqueNames ........................................................................................ 566groupOfURLs ..................................................................................................... 567ieee802Device ................................................................................................... 567inetOrgPerson .................................................................................................... 567inetuser ............................................................................................................. 568inheritableLDAPSubEntry .................................................................................. 569inheritedCollectiveAttributeSubentry ................................................................. 569inheritedFromDNCollectiveAttributeSubentry .................................................... 570inheritedFromRDNCollectiveAttributeSubentry .................................................. 570ipHost ................................................................................................................ 570iplanet-am-auth-configuration-service ................................................................ 571iplanet-am-managed-person ............................................................................... 571iplanet-am-session-service .................................................................................. 572iplanet-am-user-service ...................................................................................... 572iPlanetPreferences ............................................................................................. 573ipNetwork .......................................................................................................... 573ipProtocol .......................................................................................................... 573ipService ............................................................................................................ 574ipTnetHost ......................................................................................................... 574ipTnetTemplate .................................................................................................. 575javaContainer .................................................................................................... 575javaMarshalledObject ........................................................................................ 575javaNamingReference ........................................................................................ 576javaObject .......................................................................................................... 576javaSerializedObject .......................................................................................... 577kbaInfoContainer ............................................................................................... 577labeledURIObject ............................................................................................... 577ldapSubEntry ..................................................................................................... 578locality ............................................................................................................... 578mailGroup .......................................................................................................... 579namedObject ...................................................................................................... 579nisDomainObject ................................................................................................ 580nisKeyObject ...................................................................................................... 580nisMailAlias ....................................................................................................... 580nisMap ............................................................................................................... 581nisNetgroup ....................................................................................................... 581

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xxvii

nisNetId ............................................................................................................. 581nisObject ........................................................................................................... 582nisplusTimeZoneData ......................................................................................... 582oathDeviceProfilesContainer .............................................................................. 583oncRpc ............................................................................................................... 583organization ....................................................................................................... 583organizationalPerson ......................................................................................... 584organizationalRole ............................................................................................. 584organizationalUnit ............................................................................................. 585person ............................................................................................................... 585pilotDSA ............................................................................................................ 586pilotObject ......................................................................................................... 586pilotOrganization ............................................................................................... 586pilotPerson ........................................................................................................ 587pkiCA ................................................................................................................. 587pkiUser .............................................................................................................. 588posixAccount ..................................................................................................... 588posixGroup ........................................................................................................ 589printerAbstract .................................................................................................. 589printerIPP .......................................................................................................... 590printerLPR ......................................................................................................... 590printerService .................................................................................................... 590printerServiceAuxClass ...................................................................................... 591pushDeviceProfilesContainer ............................................................................. 591pwdPolicy .......................................................................................................... 592pwdValidatorPolicy ............................................................................................ 592qualityLabelledData ........................................................................................... 593referral .............................................................................................................. 593residentialPerson ............................................................................................... 594rFC822LocalPart ................................................................................................ 594room .................................................................................................................. 595sambaConfig ...................................................................................................... 595sambaConfigOption ............................................................................................ 595sambaDomain .................................................................................................... 596sambaGroupMapping ......................................................................................... 596sambaIdmapEntry .............................................................................................. 596sambaPrivilege .................................................................................................. 597sambaSamAccount ............................................................................................. 597sambaShare ....................................................................................................... 598sambaSidEntry ................................................................................................... 598sambaTrustPassword ......................................................................................... 598sambaUnixIdPool ............................................................................................... 599shadowAccount .................................................................................................. 599simpleSecurityObject ......................................................................................... 599slpService .......................................................................................................... 600slpServicePrinter ............................................................................................... 601SolarisAuditUser ................................................................................................ 601

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xxviii

SolarisAuthAttr .................................................................................................. 601SolarisExecAttr .................................................................................................. 602SolarisNamingProfile ......................................................................................... 602SolarisProfAttr ................................................................................................... 603SolarisProject .................................................................................................... 603SolarisUserAttr .................................................................................................. 603strongAuthenticationUser .................................................................................. 604subentry ............................................................................................................ 604subschema ......................................................................................................... 605sunAMAuthAccountLockout ............................................................................... 605sunFMSAML2NameIdentifier ............................................................................. 606sunPrinter .......................................................................................................... 606sunRealmService ............................................................................................... 606sunservice .......................................................................................................... 607sunservicecomponent ......................................................................................... 607top ..................................................................................................................... 608uddiAddress ....................................................................................................... 608uddiBindingTemplate ......................................................................................... 608uddiBusinessEntity ............................................................................................ 609uddiBusinessService .......................................................................................... 609uddiContact ....................................................................................................... 610uddiPublisherAssertion ...................................................................................... 610uddiTModel ........................................................................................................ 610uddiTModelInstanceInfo .................................................................................... 611uddiv3EntityObituary ......................................................................................... 611uddiv3Subscription ............................................................................................ 612uidObject ........................................................................................................... 612untypedObject ................................................................................................... 612userSecurityInformation .................................................................................... 613webauthnDeviceProfilesContainer ...................................................................... 613

8. Syntaxes ................................................................................................................ 615Attribute Type Description ................................................................................ 617Authentication Password Syntax ........................................................................ 618Binary ................................................................................................................ 618Bit String ........................................................................................................... 618Boolean .............................................................................................................. 619Certificate .......................................................................................................... 619Certificate List ................................................................................................... 619Certificate Pair .................................................................................................. 620Collective Conflict Behavior ............................................................................... 620Counter metric .................................................................................................. 620Country String ................................................................................................... 620CSN (Change Sequence Number) ...................................................................... 621Delivery Method ................................................................................................ 621Directory String ................................................................................................. 621DIT Content Rule Description ............................................................................ 622DIT Structure Rule Description ......................................................................... 622

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xxix

DN ..................................................................................................................... 622Duration in milli-seconds ................................................................................... 622Enhanced Guide ................................................................................................ 623Expression syntax for Boolean ........................................................................... 624Expression syntax for Certificate ....................................................................... 624Expression syntax for Directory String .............................................................. 624Expression syntax for DN .................................................................................. 624Expression syntax for Generalized Time ............................................................ 625Expression syntax for IA5 String ....................................................................... 625Expression syntax for Integer ............................................................................ 625Expression syntax for Numeric String ............................................................... 625Expression syntax for Octet String .................................................................... 626Expression syntax for OID ................................................................................. 626Expression syntax for Sun-defined Access Control Information .......................... 626Expression syntax for User Password ................................................................ 626Facsimile Telephone Number ............................................................................ 627Fax .................................................................................................................... 627Filesystem path ................................................................................................. 627Generalized Time ............................................................................................... 628Guide ................................................................................................................. 629Host port ........................................................................................................... 629IA5 String .......................................................................................................... 629Integer ............................................................................................................... 630JPEG .................................................................................................................. 630Json ................................................................................................................... 630Json Query ......................................................................................................... 631LDAP Syntax Description ................................................................................... 631Matching Rule Description ................................................................................ 631Matching Rule Use Description ......................................................................... 631Name and Optional JSON .................................................................................. 632Name and Optional UID .................................................................................... 632Name Form Description .................................................................................... 632Numeric String .................................................................................................. 633Object Class Description .................................................................................... 633Octet String ....................................................................................................... 633OID .................................................................................................................... 634Other Mailbox ................................................................................................... 634Postal Address ................................................................................................... 635Presentation Address ......................................................................................... 635Printable String ................................................................................................. 636Protocol Information .......................................................................................... 636Size in bytes ...................................................................................................... 637Substring Assertion ........................................................................................... 637Subtree Specification ......................................................................................... 638Summary metric ................................................................................................ 638Sun-defined Access Control Information ............................................................ 638Supported Algorithm ......................................................................................... 639

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xxx

Telephone Number ............................................................................................ 639Teletex Terminal Identifier ................................................................................ 639Telex Number .................................................................................................... 640Timer metric ...................................................................................................... 641User Password ................................................................................................... 642UTC Time .......................................................................................................... 642UUID ................................................................................................................. 643X.509 Certificate Exact Assertion ...................................................................... 644

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xxxi

About This ReferenceThis reference describes the default directory schema. Each schema definition has its own section,with links to related sections. Reference pages for the most commonly used elements may includeadditional descriptions and examples that are not present in the directory schema definitions.

This reference does not include directory configuration attributes and object classes, collationmatching rules.

LDAP directory schema defines how data can be stored in the directory. When a directory serverreceives a request to update directory data, it can check the data changes against the directoryschema, refusing any request that would result in a violation of the directory schema and directorydata corruption.

Schema checking prevents errors such as the following:

• Adding inappropriate attributes to an entry

• Removing required attributes from an entry

• Using an attribute value that has the wrong syntax

• Adding the wrong type of subordinate object

LDAP directory schema consists of definitions for the following:

Attribute types

Define attributes of directory entries, including their syntaxes and matching rules

Directory Information Tree (DIT) content rules

Define the content of entries with a given structural object class

DIT structure rules

Define the names entries may have, and how entries may be related to each other

Matching rules

Define how values of attributes are matched and compared

Matching rule uses

List attributes that can be used with an extensibleMatch search filter

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. xxxii

Name forms

Define naming relations for structural object classes

Object classes

Define the types of objects that an entry represents, and the required and optional attributes forentries of those types

Syntaxes

Define the encodings used in LDAP

For a technical description of LDAP directory schema, read Directory Schema in LightweightDirectory Access Protocol (LDAP): Directory Information Models (RFC 4512).

LDAP directory servers allow client applications to access directory schema while the server isrunning. This enables applications to validate their changes against the schema before sending anupdate request to the server. As a result, LDAP schema definitions are optimized for applications,not humans. The reader must resolve relationships between schema definitions, and must find mostdocumentation elsewhere.

https://tools.ietf.org/html/rfc4512#section-4

https://tools.ietf.org/html/rfc4512#section-4

Attribute Types

LDAP Schema Reference Directory Services 7 (2020-12-11)Copyright © 2020 ForgeRock AS. All rights reserved. 1

Chapter 1

Attribute TypesThis chapter covers schema definitions for attribute types:

• "aci"

• "aclRights"

• "aclRightsInfo"

• "administratorsAddress"

• "aliasedObjectName"

• "alive"

• "altServer"

• "aRecord"

• "assignedDashboard"

• "associatedDomain"

• "associatedName"

• "attributeMap"

• "attributeTypes"

• "audio"

• "authenticationMethod"

• "authorityRevocationList"

• "authPassword"

• "automountInformation"

• "automountKey"

• "automountMapName"

• "bindTimeLimit"

Attribute Types


• "blockInheritance"

• "bootFile"

• "bootParameter"

• "buildingName"

• "businessCategory"

• "c-FacsimileTelephoneNumber"

• "c-InternationalISDNNumber"

• "c-l"

• "c-o"

• "c-ou"

• "c-PhysicalDeliveryOfficeName"

• "c-PostalAddress"

• "c-PostalCode"

• "c-PostOfficeBox"

• "c-st"

• "c-street"

• "c-TelephoneNumber"

• "c-TelexNumber"

• "c"

• "cACertificate"

• "calCalAdrURI"

• "calCalURI"

• "calCAPURI"

• "calFBURL"

• "calOtherCalAdrURIs"

• "calOtherCalURIs"

Attribute Types


• "calOtherCAPURIs"

• "calOtherFBURLs"

• "carLicense"

• "certificateRevocationList"

• "changeInitiatorsName"

• "changelog"

• "changeLogCookie"

• "changeNumber"

• "changes"

• "changeTime"

• "changeType"

• "cn"

• "cNAMERecord"

• "co"

• "collectiveAttributeSubentries"

• "collectiveConflictBehavior"

• "collectiveExclusions"

• "corbaIor"

• "corbaRepositoryId"

• "coreTokenDate01"





• "coreTokenExpirationDate"

• "coreTokenId"

Attribute Types


• "coreTokenInteger01"










• "coreTokenMultiString01"



• "coreTokenObject"

• "coreTokenString01"












Attribute Types





• "coreTokenTtlDate"

• "coreTokenType"

• "coreTokenUserId"

• "createTimestamp"

• "creatorsName"

• "credentialLevel"

• "crossCertificatePair"

• "dc"

• "defaultSearchBase"

• "defaultSearchScope"

• "defaultServerList"

• "deleteOldRDN"

• "deltaRevocationList"

• "departmentNumber"

• "dereferenceAliases"

• "description"

• "destinationIndicator"

• "devicePrintProfiles"

• "deviceProfiles"

• "displayName"

• "distinguishedName"

• "dITContentRules"

• "dITRedirect"

Attribute Types


• "dITStructureRules"

• "dmdName"

• "dnQualifier"

• "documentAuthor"

• "documentIdentifier"

• "documentLocation"

• "documentPublisher"

• "documentTitle"

• "documentVersion"

• "drink"

• "ds-certificate-fingerprint"

• "ds-certificate-issuer-dn"

• "ds-certificate-subject-dn"

• "ds-mon-abandoned-requests"

• "ds-mon-active-connections-count"

• "ds-mon-active-persistent-searches"

• "ds-mon-admin-hostport"

• "ds-mon-alias"

• "ds-mon-alive-errors"

• "ds-mon-alive"

• "ds-mon-backend-degraded-index-count"

• "ds-mon-backend-degraded-index"

• "ds-mon-backend-entry-count"

• "ds-mon-backend-filter-use-indexed"

• "ds-mon-backend-filter-use-start-time"

• "ds-mon-backend-filter-use-unindexed"

Attribute Types


• "ds-mon-backend-filter-use"

• "ds-mon-backend-is-private"

• "ds-mon-backend-proxy-base-dn"

• "ds-mon-backend-proxy-shard"

• "ds-mon-backend-ttl-entries-deleted"

• "ds-mon-backend-ttl-is-running"

• "ds-mon-backend-ttl-last-run-time"

• "ds-mon-backend-ttl-queue-size"

• "ds-mon-backend-ttl-thread-count"

• "ds-mon-backend-writability-mode"

• "ds-mon-base-dn-entry-count"

• "ds-mon-base-dn"

• "ds-mon-build-number"

• "ds-mon-build-time"

• "ds-mon-bytes-read"

• "ds-mon-bytes-written"

• "ds-mon-cache-entry-count"

• "ds-mon-cache-max-entry-count"

• "ds-mon-cache-max-size-bytes"

• "ds-mon-cache-misses"

• "ds-mon-cache-total-tries"

• "ds-mon-certificate-expires-at"

• "ds-mon-certificate-issuer-dn"

• "ds-mon-certificate-serial-number"

• "ds-mon-certificate-subject-dn"

• "ds-mon-changelog-hostport"

Attribute Types


• "ds-mon-changelog-id"

• "ds-mon-changelog-purge-delay"

• "ds-mon-compact-version"

• "ds-mon-config-dn"

• "ds-mon-connected-to-server-hostport"

• "ds-mon-connected-to-server-id"

• "ds-mon-connection"

• "ds-mon-connections"

• "ds-mon-current-connections"

• "ds-mon-current-receive-window"

• "ds-mon-current-time"

• "ds-mon-db-cache-evict-internal-nodes-count"

• "ds-mon-db-cache-evict-leaf-nodes-count"

• "ds-mon-db-cache-leaf-nodes"

• "ds-mon-db-cache-misses-internal-nodes"

• "ds-mon-db-cache-misses-leaf-nodes"

• "ds-mon-db-cache-size-active"

• "ds-mon-db-cache-size-total"

• "ds-mon-db-cache-total-tries-internal-nodes"

• "ds-mon-db-cache-total-tries-leaf-nodes"

• "ds-mon-db-checkpoint-count"

• "ds-mon-db-log-cleaner-file-deletion-count"

• "ds-mon-db-log-files-open"

• "ds-mon-db-log-files-opened"

• "ds-mon-db-log-size-active"

• "ds-mon-db-log-size-total"

Attribute Types


• "ds-mon-db-log-utilization-max"

• "ds-mon-db-log-utilization-min"

• "ds-mon-db-version"

• "ds-mon-disk-dir"

• "ds-mon-disk-free"

• "ds-mon-disk-full-threshold"

• "ds-mon-disk-low-threshold"

• "ds-mon-disk-root"

• "ds-mon-disk-state"

• "ds-mon-domain-generation-id"

• "ds-mon-domain-name"

• "ds-mon-entries-awaiting-updates-count"

• "ds-mon-fix-ids"

• "ds-mon-full-version"

• "ds-mon-group-id"

• "ds-mon-healthy-errors"

• "ds-mon-healthy"

• "ds-mon-install-path"

• "ds-mon-instance-path"

• "ds-mon-jvm-architecture"

• "ds-mon-jvm-arguments"

• "ds-mon-jvm-available-cpus"

• "ds-mon-jvm-class-path"

• "ds-mon-jvm-classes-loaded"

• "ds-mon-jvm-classes-unloaded"

• "ds-mon-jvm-java-home"

Attribute Types


• "ds-mon-jvm-java-vendor"

• "ds-mon-jvm-java-version"

• "ds-mon-jvm-memory-heap-init"

• "ds-mon-jvm-memory-heap-max"

• "ds-mon-jvm-memory-heap-reserved"

• "ds-mon-jvm-memory-heap-used"

• "ds-mon-jvm-memory-init"

• "ds-mon-jvm-memory-max"

• "ds-mon-jvm-memory-non-heap-init"

• "ds-mon-jvm-memory-non-heap-max"

• "ds-mon-jvm-memory-non-heap-reserved"

• "ds-mon-jvm-memory-non-heap-used"

• "ds-mon-jvm-memory-reserved"

• "ds-mon-jvm-memory-used"

• "ds-mon-jvm-supported-tls-ciphers"

• "ds-mon-jvm-supported-tls-protocols"

• "ds-mon-jvm-threads-blocked-count"

• "ds-mon-jvm-threads-count"

• "ds-mon-jvm-threads-daemon-count"

• "ds-mon-jvm-threads-deadlock-count"

• "ds-mon-jvm-threads-deadlocks"

• "ds-mon-jvm-threads-new-count"

• "ds-mon-jvm-threads-runnable-count"

• "ds-mon-jvm-threads-terminated-count"

• "ds-mon-jvm-threads-timed-waiting-count"

• "ds-mon-jvm-threads-waiting-count"

• "ds-mon-jvm-vendor"

Attribute Types


• "ds-mon-jvm-version"

• "ds-mon-last-seen"

• "ds-mon-ldap-hostport"

• "ds-mon-ldap-starttls-hostport"

• "ds-mon-ldaps-hostport"

• "ds-mon-listen-address"

• "ds-mon-lost-connections"

• "ds-mon-major-version"

• "ds-mon-max-connections"

• "ds-mon-minor-version"

• "ds-mon-newest-change-number"

• "ds-mon-newest-csn-timestamp"

• "ds-mon-newest-csn"

• "ds-mon-oldest-change-number"

• "ds-mon-oldest-csn-timestamp"

• "ds-mon-oldest-csn"

• "ds-mon-os-architecture"

• "ds-mon-os-name"

• "ds-mon-os-version"

• "ds-mon-point-version"

• "ds-mon-process-id"

• "ds-mon-product-name"

• "ds-mon-protocol"

• "ds-mon-receive-delay"

• "ds-mon-replay-delay"

• "ds-mon-replayed-updates-conflicts-resolved"

Attribute Types


• "ds-mon-replayed-updates-conflicts-unresolved"

• "ds-mon-replayed-updates"

• "ds-mon-replication-domain"

• "ds-mon-replication-protocol-version"

• "ds-mon-requests-abandon"

• "ds-mon-requests-add"

• "ds-mon-requests-bind"

• "ds-mon-requests-compare"

• "ds-mon-requests-delete"

• "ds-mon-requests-extended"

• "ds-mon-requests-failure-client-invalid-request"

• "ds-mon-requests-failure-client-redirect"

• "ds-mon-requests-failure-client-referral"

• "ds-mon-requests-failure-client-resource-limit"

• "ds-mon-requests-failure-client-security"

• "ds-mon-requests-failure-server"

• "ds-mon-requests-failure-uncategorized"

• "ds-mon-requests-get"

• "ds-mon-requests-in-queue"

• "ds-mon-requests-modify-dn"

• "ds-mon-requests-modify"

• "ds-mon-requests-patch"

• "ds-mon-requests-post"

• "ds-mon-requests-put"

• "ds-mon-requests-rejected-queue-full"

• "ds-mon-requests-search-base"

Attribute Types


• "ds-mon-requests-search-one"

• "ds-mon-requests-search-sub"

• "ds-mon-requests-submitted"

• "ds-mon-requests-unbind"

• "ds-mon-requests-uncategorized"

• "ds-mon-revision"

• "ds-mon-sent-updates"

• "ds-mon-server-id"

• "ds-mon-server-is-local"

• "ds-mon-server-state"

• "ds-mon-short-name"

• "ds-mon-ssl-encryption"

• "ds-mon-start-time"

• "ds-mon-status-last-changed"

• "ds-mon-status"

• "ds-mon-system-name"

• "ds-mon-total-connections"

• "ds-mon-total-update-entry-count"

• "ds-mon-total-update-entry-left"

• "ds-mon-total-update"

• "ds-mon-updates-inbound-queue"

• "ds-mon-updates-outbound-queue"

• "ds-mon-updates-totals-per-replay-thread"

• "ds-mon-vendor-name"

• "ds-mon-version-qualifier"

• "ds-mon-working-directory"

Attribute Types


• "ds-private-naming-contexts"

• "ds-privilege-name"

• "ds-pwp-account-disabled"

• "ds-pwp-account-expiration-time"

• "ds-pwp-account-status-notification-handler"

• "ds-pwp-allow-expired-password-changes"

• "ds-pwp-allow-multiple-password-values"

• "ds-pwp-allow-pre-encoded-passwords"

• "ds-pwp-allow-user-password-changes"

• "ds-pwp-attribute-value-check-substrings"

• "ds-pwp-attribute-value-match-attribute"

• "ds-pwp-attribute-value-min-substring-length"

• "ds-pwp-attribute-value-test-reversed-password"

• "ds-pwp-character-set-allow-unclassified-characters"

• "ds-pwp-character-set-character-set-ranges"

• "ds-pwp-character-set-character-set"

• "ds-pwp-character-set-min-character-sets"

• "ds-pwp-default-password-storage-scheme"

• "ds-pwp-deprecated-password-storage-scheme"

• "ds-pwp-dictionary-case-sensitive-validation"

• "ds-pwp-dictionary-check-substrings"

• "ds-pwp-dictionary-data"

• "ds-pwp-dictionary-min-substring-length"

• "ds-pwp-dictionary-test-reversed-password"

• "ds-pwp-expire-passwords-without-warning"

• "ds-pwp-force-change-on-add"

Attribute Types


• "ds-pwp-force-change-on-reset"

• "ds-pwp-grace-login-count"

• "ds-pwp-idle-lockout-interval"

• "ds-pwp-last-login-time-attribute"

• "ds-pwp-last-login-time-format"

• "ds-pwp-last-login-time"

• "ds-pwp-length-based-max-password-length"

• "ds-pwp-length-based-min-password-length"

• "ds-pwp-lockout-duration"

• "ds-pwp-lockout-failure-count"

• "ds-pwp-lockout-failure-expiration-interval"

• "ds-pwp-max-password-age"

• "ds-pwp-max-password-reset-age"

• "ds-pwp-min-password-age"

• "ds-pwp-password-attribute"

• "ds-pwp-password-change-requires-current-password"

• "ds-pwp-password-changed-by-required-time"

• "ds-pwp-password-expiration-time"

• "ds-pwp-password-expiration-warning-interval"

• "ds-pwp-password-history-count"

• "ds-pwp-password-history-duration"

• "ds-pwp-password-policy-dn"

• "ds-pwp-previous-last-login-time-format"

• "ds-pwp-random-password-character-set"

• "ds-pwp-random-password-format"

• "ds-pwp-repeated-characters-case-sensitive-validation"

Attribute Types


• "ds-pwp-repeated-characters-max-consecutive-length"

• "ds-pwp-require-change-by-time"

• "ds-pwp-require-secure-authentication"

• "ds-pwp-require-secure-password-changes"

• "ds-pwp-reset-time"

• "ds-pwp-similarity-based-min-password-difference"

• "ds-pwp-skip-validation-for-administrators"

• "ds-pwp-state-update-failure-policy"

• "ds-pwp-unique-characters-case-sensitive-validation"

• "ds-pwp-unique-characters-min-unique-characters"

• "ds-pwp-warned-time"

• "ds-rlim-cursor-entry-limit"

• "ds-rlim-idle-time-limit"

• "ds-rlim-lookthrough-limit"

• "ds-rlim-size-limit"

• "ds-rlim-time-limit"

• "ds-sync-conflict"

• "ds-sync-fractional-exclude"

• "ds-sync-fractional-include"

• "ds-sync-generation-id"

• "ds-sync-hist"

• "ds-sync-state"

• "ds-target-group-dn"

• "dSAQuality"

• "emailAddress"

• "employeeNumber"

Attribute Types


• "employeeType"

• "enhancedSearchGuide"

• "entryDN"

• "entryUUID"

• "etag"

• "facsimileTelephoneNumber"

• "firstChangeNumber"

• "followReferrals"

• "fr-idm-accountStatus"

• "fr-idm-cluster-json"

• "fr-idm-condition"

• "fr-idm-consentedMapping"

• "fr-idm-custom-attrs"

• "fr-idm-effectiveAssignment"

• "fr-idm-effectiveRole"

• "fr-idm-internal-role-authzmembers-internal-user"

• "fr-idm-internal-role-authzmembers-managed-user"

• "fr-idm-internal-user-authzroles-internal-role"

• "fr-idm-internal-user-authzroles-managed-role"

• "fr-idm-json"

• "fr-idm-kbaInfo"

• "fr-idm-lastSync"

• "fr-idm-link-firstid-constraint"

• "fr-idm-link-firstid"

• "fr-idm-link-qualifier"

• "fr-idm-link-secondid-constraint"

Attribute Types


• "fr-idm-link-secondid"

• "fr-idm-link-type"

• "fr-idm-lock-nodeid"

• "fr-idm-managed-assignment-json"

• "fr-idm-managed-role-assignments"

• "fr-idm-managed-role-json"

• "fr-idm-managed-user-authzroles-internal-role"

• "fr-idm-managed-user-authzroles-managed-role"

• "fr-idm-managed-user-custom-attrs"

• "fr-idm-managed-user-json"

• "fr-idm-managed-user-manager"

• "fr-idm-managed-user-meta"

• "fr-idm-managed-user-notifications"

• "fr-idm-managed-user-roles"

• "fr-idm-name"

• "fr-idm-notification-json"

• "fr-idm-password"

• "fr-idm-preferences"

• "fr-idm-privilege"

• "fr-idm-recon-id"

• "fr-idm-recon-targetIds"

• "fr-idm-reconassoc-finishtime"

• "fr-idm-reconassoc-isanalysis"

• "fr-idm-reconassoc-mapping"

• "fr-idm-reconassoc-reconid"

• "fr-idm-reconassoc-sourceresourcecollection"

Attribute Types


• "fr-idm-reconassoc-targetresourcecollection"

• "fr-idm-reconassocentry-action"

• "fr-idm-reconassocentry-ambiguoustargetobjectids"

• "fr-idm-reconassocentry-exception"

• "fr-idm-reconassocentry-linkqualifier"

• "fr-idm-reconassocentry-message"

• "fr-idm-reconassocentry-messagedetail"

• "fr-idm-reconassocentry-phase"

• "fr-idm-reconassocentry-reconid"

• "fr-idm-reconassocentry-situation"

• "fr-idm-reconassocentry-sourceobjectid"

• "fr-idm-reconassocentry-status"

• "fr-idm-reconassocentry-targetobjectid"

• "fr-idm-relationship-json"

• "fr-idm-role"

• "fr-idm-syncqueue-context"

• "fr-idm-syncqueue-createdate"

• "fr-idm-syncqueue-mapping"

• "fr-idm-syncqueue-newobject"

• "fr-idm-syncqueue-nodeid"

• "fr-idm-syncqueue-objectrev"

• "fr-idm-syncqueue-oldobject"

• "fr-idm-syncqueue-remainingretries"

• "fr-idm-syncqueue-resourcecollection"

• "fr-idm-syncqueue-resourceid"

• "fr-idm-syncqueue-state"

Attribute Types


• "fr-idm-syncqueue-syncaction"

• "fr-idm-temporal-constraints"

• "fr-idm-uuid"

• "fullVendorVersion"

• "gecos"

• "generationQualifier"

• "gidNumber"

• "givenName"

• "governingStructureRule"

• "hasSubordinates"

• "healthy"

• "homeDirectory"

• "homePhone"

• "homePostalAddress"

• "host"

• "houseIdentifier"

• "includedAttributes"

• "inetUserHttpURL"

• "inetUserStatus"

• "info"

• "inheritable"

• "inheritAttribute"

• "inheritFromBaseRDN"

• "inheritFromDNAttribute"

• "inheritFromDNParent"

• "inheritFromRDNAttribute"

Attribute Types


• "inheritFromRDNType"

• "initials"

• "internationaliSDNNumber"

• "ipHostNumber"

• "iplanet-am-auth-configuration"

• "iplanet-am-auth-login-failure-url"

• "iplanet-am-auth-login-success-url"

• "iplanet-am-auth-post-login-process-class"

• "iplanet-am-session-destroy-sessions"

• "iplanet-am-session-get-valid-sessions"

• "iplanet-am-session-max-caching-time"

• "iplanet-am-session-max-idle-time"

• "iplanet-am-session-max-session-time"

• "iplanet-am-session-quota-limit"

• "iplanet-am-session-service-status"

• "iplanet-am-user-account-life"

• "iplanet-am-user-admin-start-dn"

• "iplanet-am-user-alias-list"

• "iplanet-am-user-auth-config"

• "iplanet-am-user-auth-modules"

• "iplanet-am-user-failure-url"

• "iplanet-am-user-login-status"

• "iplanet-am-user-password-reset-force-reset"

• "iplanet-am-user-password-reset-options"

• "iplanet-am-user-password-reset-question-answer"

• "iplanet-am-user-service-status"

Attribute Types


• "iplanet-am-user-success-url"

• "ipNetmaskNumber"

• "ipNetworkNumber"

• "ipProtocolNumber"

• "ipServicePort"

• "ipServiceProtocol"

• "ipTnetNumber"

• "ipTnetTemplateName"

• "isMemberOf"

• "janetMailbox"

• "javaClassName"

• "javaClassNames"

• "javaCodebase"

• "javaDoc"

• "javaFactory"

• "javaReferenceAddress"

• "javaSerializedData"

• "jpegPhoto"

• "kbaActiveIndex"

• "kbaInfo"

• "kbaInfoAttempts"

• "knowledgeInformation"

• "l"

• "labeledURI"

• "labeledURL"

• "lastChangeNumber"

Attribute Types


• "lastExternalChangelogCookie"

• "lastModifiedBy"

• "lastModifiedTime"

• "ldapSyntaxes"

• "loginShell"

• "macAddress"

• "mail"

• "mailPreferenceOption"

• "manager"

• "matchingRules"

• "matchingRuleUse"

• "mDRecord"

• "member"

• "memberGid"

• "memberNisNetgroup"

• "memberof"

• "memberUid"

• "memberURL"

• "mgrpRFC822MailMember"

• "mobile"

• "modifiersName"

• "modifyTimestamp"

• "mxRecord"

• "name"

• "nameForms"

• "namingContexts"

Attribute Types


• "newRDN"

• "newSuperior"

• "nisDomain"

• "nisMapEntry"

• "nisMapName"

• "nisNetgroupTriple"

• "nisNetIdGroup"

• "nisNetIdHost"

• "nisNetIdUser"

• "nisplusTimeZone"

• "nisPublicKey"

• "nisSecretKey"

• "nsds50ruv"

• "nSRecord"

• "nsUniqueId"

• "numSubordinates"

• "o"

• "oath2faEnabled"

• "oathDeviceProfiles"

• "objectClass"

• "objectClasses"

• "objectclassMap"

• "oncRpcNumber"

• "organizationalStatus"

• "otherMailbox"

• "ou"

Attribute Types


• "owner"

• "pager"

• "personalSignature"

• "personalTitle"

• "photo"

• "physicalDeliveryOfficeName"

• "postalAddress"

• "postalCode"

• "postOfficeBox"

• "preferredDeliveryMethod"

• "preferredLanguage"

• "preferredLocale"

• "preferredServerList"

• "preferredTimeZone"

• "presentationAddress"

• "printer-aliases"

• "printer-charset-configured"

• "printer-charset-supported"

• "printer-color-supported"

• "printer-compression-supported"

• "printer-copies-supported"

• "printer-current-operator"

• "printer-delivery-orientation-supported"

• "printer-document-format-supported"

• "printer-finishings-supported"

• "printer-generated-natural-language-supported"

Attribute Types


• "printer-info"

• "printer-ipp-versions-supported"

• "printer-job-k-octets-supported"

• "printer-job-priority-supported"

• "printer-location"

• "printer-make-and-model"

• "printer-media-local-supported"

• "printer-media-supported"

• "printer-more-info"

• "printer-multiple-document-jobs-supported"

• "printer-name"

• "printer-natural-language-configured"

• "printer-number-up-supported"

• "printer-output-features-supported"

• "printer-pages-per-minute-color"

• "printer-pages-per-minute"

• "printer-print-quality-supported"

• "printer-resolution-supported"

• "printer-service-person"

• "printer-sides-supported"

• "printer-stacking-order-supported"

• "printer-uri"

• "printer-xri-supported"

• "profileTTL"

• "protocolInformation"

• "push2faEnabled"

Attribute Types


• "pushDeviceProfiles"

• "pwdAccountLockedTime"

• "pwdAllowUserChange"

• "pwdAttribute"

• "pwdChangedTime"

• "pwdCheckQuality"

• "pwdExpireWarning"

• "pwdFailureCountInterval"

• "pwdFailureTime"

• "pwdGraceAuthNLimit"

• "pwdGraceUseTime"

• "pwdHistory"

• "pwdInHistory"

• "pwdLockout"

• "pwdLockoutDuration"

• "pwdMaxAge"

• "pwdMaxFailure"

• "pwdMinAge"

• "pwdMinLength"

• "pwdMustChange"

• "pwdPolicySubentry"

• "pwdReset"

• "pwdSafeModify"

• "ref"

• "registeredAddress"

• "replicaIdentifier"

Attribute Types


• "replicationCSN"

• "rfc822mailMember"

• "roleOccupant"

• "roomNumber"

• "sambaAcctFlags"

• "sambaAlgorithmicRidBase"

• "sambaBadPasswordCount"

• "sambaBadPasswordTime"

• "sambaBoolOption"

• "sambaDomainName"

• "sambaForceLogoff"

• "sambaGroupType"

• "sambaHomeDrive"

• "sambaHomePath"

• "sambaIntegerOption"

• "sambaKickoffTime"

• "sambaLMPassword"

• "sambaLockoutDuration"

• "sambaLockoutObservationWindow"

• "sambaLockoutThreshold"

• "sambaLogoffTime"

• "sambaLogonHours"

• "sambaLogonScript"

• "sambaLogonTime"

• "sambaLogonToChgPwd"

• "sambaMaxPwdAge"

Attribute Types


• "sambaMinPwdAge"

• "sambaMinPwdLength"

• "sambaMungedDial"

• "sambaNextGroupRid"

• "sambaNextRid"

• "sambaNextUserRid"

• "sambaNTPassword"

• "sambaOptionName"

• "sambaPasswordHistory"

• "sambaPrimaryGroupSID"

• "sambaPrivilegeList"

• "sambaProfilePath"

• "sambaPwdCanChange"

• "sambaPwdHistoryLength"

• "sambaPwdLastSet"

• "sambaPwdMustChange"

• "sambaRefuseMachinePwdChange"

• "sambaShareName"

• "sambaSID"

• "sambaSIDList"

• "sambaStringListOption"

• "sambaStringOption"

• "sambaTrustFlags"

• "sambaUserWorkstations"

• "searchGuide"

• "searchTimeLimit"

Attribute Types


• "secretary"

• "seeAlso"

• "serialNumber"

• "service-advert-attribute-authenticator"

• "service-advert-scopes"

• "service-advert-service-type"

• "service-advert-url-authenticator"

• "serviceAuthenticationMethod"

• "serviceCredentialLevel"

• "serviceSearchDescriptor"

• "shadowExpire"

• "shadowFlag"

• "shadowInactive"

• "shadowLastChange"

• "shadowMax"

• "shadowMin"

• "shadowWarning"

• "singleLevelQuality"

• "sn"

• "sOARecord"

• "SolarisAttrKeyValue"

• "SolarisAttrLongDesc"

• "SolarisAttrReserved1"

• "SolarisAttrReserved2"

• "SolarisAttrShortDesc"

• "SolarisAuditAlways"

Attribute Types


• "SolarisAuditNever"

• "SolarisAuthMethod"

• "SolarisBindDN"

• "SolarisBindPassword"

• "SolarisBindTimeLimit"

• "SolarisCacheTTL"

• "SolarisCertificatePassword"

• "SolarisCertificatePath"

• "SolarisDataSearchDN"

• "SolarisKernelSecurityPolicy"

• "SolarisLDAPServers"

• "SolarisPreferredServer"

• "SolarisPreferredServerOnly"

• "SolarisProfileId"

• "SolarisProfileType"

• "SolarisProjectAttr"

• "SolarisProjectID"

• "SolarisProjectName"

• "SolarisSearchBaseDN"

• "SolarisSearchReferral"

• "SolarisSearchScope"

• "SolarisSearchTimeLimit"

• "SolarisTransportSecurity"

• "SolarisUserQualifier"

• "st"

• "street"

Attribute Types


• "structuralObjectClass"

• "subschemaSubentry"

• "subtreeMaximumQuality"

• "subtreeMinimumQuality"

• "subtreeSpecification"

• "sun-fm-saml2-nameid-info"

• "sun-fm-saml2-nameid-infokey"

• "sun-printer-bsdaddr"

• "sun-printer-kvp"

• "sunAMAuthInvalidAttemptsData"

• "sunIdentityMSISDNNumber"

• "sunKeyValue"

• "sunPluginSchema"

• "sunserviceID"

• "sunServiceSchema"

• "sunsmspriority"

• "sunxmlKeyValue"

• "supportedAlgorithms"

• "supportedApplicationContext"

• "supportedAuthPasswordSchemes"

• "supportedControl"

• "supportedExtension"

• "supportedFeatures"

• "supportedLDAPVersion"

• "supportedSASLMechanisms"

• "supportedTLSCiphers"

Attribute Types


• "supportedTLSProtocols"

• "targetDN"

• "targetEntryUUID"

• "telephoneNumber"

• "teletexTerminalIdentifier"

• "telexNumber"

• "template-major-version-number"

• "template-minor-version-number"

• "template-url-syntax"

• "textEncodedORAddress"

• "title"

• "uddiAccessPoint"

• "uddiAddressLine"

• "uddiAuthorizedName"

• "uddiBindingKey"

• "uddiBusinessKey"

• "uddiCategoryBag"

• "uddiDescription"

• "uddiDiscoveryURLs"

• "uddiEMail"

• "uddiFromKey"

• "uddiHostingRedirector"

• "uddiIdentifierBag"

• "uddiInstanceDescription"

• "uddiInstanceParms"

• "uddiIsHidden"

• "uddiIsProjection"

Attribute Types


• "uddiKeyedReference"

• "uddiLang"

• "uddiName"

• "uddiOperator"

• "uddiOverviewDescription"

• "uddiOverviewURL"

• "uddiPersonName"

• "uddiPhone"

• "uddiServiceKey"

• "uddiSortCode"

• "uddiTModelKey"

• "uddiToKey"

• "uddiUseType"

• "uddiUUID"

• "uddiv3BindingKey"

• "uddiv3BriefResponse"

• "uddiv3BusinessKey"

• "uddiv3DigitalSignature"

• "uddiv3EntityCreationTime"

• "uddiv3EntityDeletionTime"

• "uddiv3EntityKey"

• "uddiv3EntityModificationTime"

• "uddiv3ExpiresAfter"

• "uddiv3MaxEntities"

• "uddiv3NodeId"

• "uddiv3NotificationInterval"

• "uddiv3ServiceKey"

Attribute Typesaci


• "uddiv3SubscriptionFilter"

• "uddiv3SubscriptionKey"

• "uddiv3TModelKey"

• "uid"

• "uidNumber"

• "uniqueIdentifier"

• "uniqueMember"

• "userCertificate"

• "userClass"

• "userPassword"

• "userPKCS12"

• "userSMIMECertificate"

• "vendorName"

• "vendorVersion"

• "webauthnDeviceProfiles"

• "winAccountName"

• "x121Address"

• "x500UniqueIdentifier"

aciValues are Access Control Instructions (ACI). See the directory documentation for details.

Origin Sun Java System Directory ServerUsage directoryOperationDescription Sun-defined access control information attribute typeOID 2.16.840.1.113730.3.1.55Equality Matching Rule octetStringMatchSingle Value false: multiple values allowed

Attribute TypesaclRights


Names aciOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Schema File 00-core.ldifSyntax Sun-defined Access Control Information

aclRightsShows effective access rights. See the directory documentation for details.

Origin Sun Java System Directory ServerUsage directoryOperationDescription Sun-defined access control effective rights attribute typeOID 1.3.6.1.4.1.42.2.27.9.1.39Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames aclRightsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

false

Schema File 00-core.ldifSyntax Directory String

aclRightsInfoShows how the server calculates effective access rights. See the directory documentation for details.

Origin Sun Java System Directory ServerUsage directoryOperationDescription Sun-defined access control effective rights information attribute typeOID 1.3.6.1.4.1.42.2.27.9.1.40Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value true

Attribute TypesadministratorsAddress


Names aclRightsInfoOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

false


administratorsAddressAn address for contacting the administrator who manages the server. For example,mailto:[email protected].

Origin draft-wahl-ldap-adminaddrUsage directoryOperationOID 1.3.6.1.4.1.1466.101.120.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames administratorsAddressOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Schema File 00-core.ldifSyntax IA5 String

aliasedObjectNameHolds the name of the entry that an alias points to.

An alias name is an alternative name for an entry. Alias objects are leaf entries (no subordinates).

ForgeRock servers do not support alias dereferencing.

Origin RFC 4512Usage userApplicationsOID 2.5.4.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatch

https://tools.ietf.org/html/draft-wahl-ldap-adminaddr

https://tools.ietf.org/html/rfc4512

Attribute Typesalive


Single Value trueNames aliasedObjectNameUser ModificationAllowed

true

Used By aliasSchema File 00-core.ldifSyntax DN

aliveOrigin OpenDJ Directory ServerUsage dSAOperationDescription Indicates whether the server is aliveOID 1.3.6.1.4.1.36733.2.1.1.507Equality Matching Rule booleanMatchSingle Value trueNames aliveUser ModificationAllowed

false

Schema File 00-core.ldifSyntax Boolean

altServerThis operational attribute lists URIs of alternate servers to contact when this server is not available.

Origin RFC 4512Usage dSAOperationOID 1.3.6.1.4.1.1466.101.120.6Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames altServerOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


Attribute TypesaRecord



aRecordA type A (address) DNS resource record.

Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.26Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames aRecordOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By dNSDomainSchema File 00-core.ldifSyntax IA5 String

assignedDashboardOrigin OpenAMUsage userApplicationsDescription Dashboard App registryInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.3.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames assignedDashboardOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


Attribute TypesassociatedDomain


Used By forgerock-am-dashboard-serviceSchema File 60-identity-store-ds-dashboard.ldifSyntax Directory String

associatedDomainAn attribute for specifying DNS hostnames associated with an object. For example, the entry with DNdc=example,dc=com could have an associated domain of example.com.

Values of this attribute conform to the following ABNF:

domain = root / label *( DOT label )root = SPACElabel = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ]LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z"SPACE = %x20 ; space (" ")HYPHEN = %x2D ; hyphen ("-")DOT = %x2E ; period (".")

Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.37Substring Matching Rule caseIgnoreIA5SubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames associatedDomainOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By domainRelatedObjectSchema File 00-core.ldifSyntax IA5 String

associatedNameDNs of entries associated with a DNS domain.

Origin RFC 4524Usage userApplications



Attribute TypesattributeMap


OID 0.9.2342.19200300.100.1.38Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames associatedNameUser ModificationAllowed

true

Used By dNSDomain, domain, rFC822LocalPartSchema File 00-core.ldifSyntax DN

attributeMapOrigin RFC 4876Usage userApplicationsDescription Attribute mappings used, required, or supported by an agent or serviceOID 1.3.6.1.4.1.11.1.3.1.1.9Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames attributeMapOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By DUAConfigProfileSchema File 05-rfc4876.ldifSyntax IA5 String

attributeTypesThis operational attribute used in LDAP schema defines attribute types, which specify attributes ofdirectory entries, including their syntaxes and matching rules.

Origin RFC 4512Usage directoryOperationOID 2.5.21.5



Attribute Typesaudio


Equality Matching Rule objectIdentifierFirstComponentMatchSingle Value false: multiple values allowedNames attributeTypesUser ModificationAllowed

true

Used By subschemaSchema File 00-core.ldifSyntax Attribute Type Description

audioAttribute for storing sounds encoded according to the µ-law algorithm.

Origin RFC 2798Usage userApplicationsOID 0.9.2342.19200300.100.1.55Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames audioOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By inetOrgPerson, pilotObjectSchema File 00-core.ldifSyntax Octet String

authenticationMethodOrigin RFC 4876Usage userApplicationsDescription Identifies the types of authentication methods either used, required, or provided

by a service or peerOID 1.3.6.1.4.1.11.1.3.1.1.6Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value true

https://en.wikipedia.org/wiki/%CE%9C-law_algorithm



Attribute TypesauthorityRevocationList


Names authenticationMethodOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By DUAConfigProfileSchema File 05-rfc4876.ldifSyntax Directory String

authorityRevocationListX.509 certificate lists, as described in X.509 clause 11.2.5.

Request and transfer values using the binary option for the attribute description,authorityRevocationList;binary.

Origin RFC 4523Usage userApplicationsOID 2.5.4.38Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames authorityRevocationListOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By cRLDistributionPoint, certificationAuthority, certificationAuthority-V2, pkiCASchema File 00-core.ldifSyntax Certificate List

authPasswordEncoded or hashed passwords, prefixed with a scheme and authentication info.

Origin RFC 3112Usage userApplicationsDescription password authentication informationOID 1.3.6.1.4.1.4203.1.3.4Equality Matching Rule authPasswordExactMatch



Attribute TypesautomountInformation


Single Value false: multiple values allowedNames authPasswordUser ModificationAllowed

true

Used By authPasswordObject, ipHost, posixAccount, posixGroup, shadowAccountSchema File 03-rfc3112.ldifSyntax Authentication Password Syntax

automountInformationOrigin draft-howard-rfc2307bisUsage userApplicationsDescription Automount informationOID 1.3.6.1.1.1.1.33Substring Matching Rule caseExactIA5SubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames automountInformationOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By automountSchema File 04-rfc2307bis.ldifSyntax IA5 String

automountKeyOrigin draft-howard-rfc2307bisUsage userApplicationsDescription Automount Key valueOID 1.3.6.1.1.1.1.32Substring Matching Rule caseExactIA5SubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames automountKey

https://tools.ietf.org/html/draft-howard-rfc2307bis


Attribute TypesautomountMapName


Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By automountSchema File 04-rfc2307bis.ldifSyntax IA5 String

automountMapNameOrigin draft-howard-rfc2307bisUsage userApplicationsDescription automount Map NameOID 1.3.6.1.1.1.1.31Substring Matching Rule caseExactIA5SubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames automountMapNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By automountMapSchema File 04-rfc2307bis.ldifSyntax IA5 String

bindTimeLimitOrigin RFC 4876Usage userApplicationsDescription Maximum time an agent or service allows for a bind operation to completeOID 1.3.6.1.4.1.11.1.3.1.1.4Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames bindTimeLimitOrdering Matching Rule integerOrderingMatch



Attribute TypesblockInheritance


User ModificationAllowed

true

Used By DUAConfigProfileSchema File 05-rfc4876.ldifSyntax Integer

blockInheritanceOrigin draft-ietf-ldup-subentryUsage dSAOperationOID 1.3.6.1.4.1.7628.5.4.2Equality Matching Rule booleanMatchSingle Value trueNames blockInheritanceUser ModificationAllowed

false

Used By inheritableLDAPSubEntrySchema File 00-core.ldifSyntax Boolean

bootFileOrigin draft-howard-rfc2307bisUsage userApplicationsDescription Boot image nameOID 1.3.6.1.1.1.1.24Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value false: multiple values allowedNames bootFileOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By bootableDeviceSchema File 04-rfc2307bis.ldif

https://tools.ietf.org/html/draft-ietf-ldup-subentry


Attribute TypesbootParameter


Syntax IA5 String

bootParameterOrigin draft-howard-rfc2307bisUsage userApplicationsDescription rpc.bootparamd parameterOID 1.3.6.1.1.1.1.23Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value false: multiple values allowedNames bootParameterOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By bootableDeviceSchema File 04-rfc2307bis.ldifSyntax IA5 String

buildingNameNames of buildings where an organization or organizational unit is based.

Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.48Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames buildingNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By pilotOrganizationSchema File 00-core.ldifSyntax Directory String



Attribute TypesbusinessCategory


businessCategoryThe kind of business performed by an organization. Each kind corresponds to a different attributevalue.

Origin RFC 4519Usage userApplicationsOID 2.5.4.15Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames businessCategoryOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By dNSDomain, dmd, domain, groupOfEntries, groupOfNames, groupOfURLs,groupOfUniqueNames, inetOrgPerson, organization, organizationalUnit,pilotOrganization, pilotPerson, rFC822LocalPart, residentialPerson,sunservicecomponent


c-FacsimileTelephoneNumberFax phone number for a collection of entries.

Origin RFC 3671Usage userApplicationsSuperior Type facsimileTelephoneNumberCollective trueOID 2.5.4.23.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames c-FacsimileTelephoneNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true



Attribute Typesc-InternationalISDNNumber


Schema File 00-core.ldifSyntax Facsimile Telephone Number

c-InternationalISDNNumberISDN address for a collection of entries.

Origin RFC 3671Usage userApplicationsSuperior Type internationaliSDNNumberCollective trueOID 2.5.4.25.1Substring Matching Rule numericStringSubstringsMatchEquality Matching Rule numericStringMatchSingle Value false: multiple values allowedNames c-InternationalISDNNumberOrdering Matching Rule numericStringOrderingMatchUser ModificationAllowed

true

Schema File 00-core.ldifSyntax Numeric String

c-lName of a locality or place for a collection of entries.

Origin RFC 3671Usage userApplicationsSuperior Type lCollective trueOID 2.5.4.7.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames c-l



Attribute Typesc-o



true


c-oOrganization name for a collection of entries.

Origin RFC 3671Usage userApplicationsSuperior Type oCollective trueOID 2.5.4.10.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames c-oOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


c-ouOrganizational unit name for a collection of entries.

Origin RFC 3671Usage userApplicationsSuperior Type ouCollective trueOID 2.5.4.11.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatch



Attribute Typesc-PhysicalDeliveryOfficeName


Single Value false: multiple values allowedNames c-ouOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


c-PhysicalDeliveryOfficeNamePost office for a collection of entries.

Origin RFC 3671Usage userApplicationsSuperior Type physicalDeliveryOfficeNameCollective trueOID 2.5.4.19.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames c-PhysicalDeliveryOfficeNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


c-PostalAddressPostal address for a collection of entries.

Origin RFC 3671Usage userApplicationsSuperior Type postalAddressCollective trueOID 2.5.4.16.1



Attribute Typesc-PostalCode


Substring Matching Rule caseIgnoreListSubstringsMatchEquality Matching Rule caseIgnoreListMatchSingle Value false: multiple values allowedNames c-PostalAddressUser ModificationAllowed

true

Schema File 00-core.ldifSyntax Postal Address

c-PostalCodePostal code for a collection of entries.

Origin RFC 3671Usage userApplicationsSuperior Type postalCodeCollective trueOID 2.5.4.17.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames c-PostalCodeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


c-PostOfficeBoxPostal box identifier for a collection of entries.

Origin RFC 3671Usage userApplicationsSuperior Type postOfficeBoxCollective true



Attribute Typesc-st


OID 2.5.4.18.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames c-PostOfficeBoxOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


c-stFull name of a state or province for a collection of entries.

Origin RFC 3671Usage userApplicationsSuperior Type stCollective trueOID 2.5.4.8.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames c-stOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


c-streetStreet address for a collection of entries.




Attribute Typesc-TelephoneNumber


Superior Type streetCollective trueOID 2.5.4.9.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames c-streetOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


c-TelephoneNumberPhone number for a collection of entries.

Origin RFC 3671Usage userApplicationsSuperior Type telephoneNumberCollective trueOID 2.5.4.20.1Substring Matching Rule telephoneNumberSubstringsMatchEquality Matching Rule telephoneNumberMatchSingle Value false: multiple values allowedNames c-TelephoneNumberUser ModificationAllowed

true

Schema File 00-core.ldifSyntax Telephone Number

c-TelexNumberTelex terminal number for a collection of entries.

Origin RFC 3671



Attribute Typesc


Usage userApplicationsSuperior Type telexNumberCollective trueOID 2.5.4.21.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames c-TelexNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Schema File 00-core.ldifSyntax Telex Number

cTwo-letter ISO 3166 country code.

Origin RFC 4519Usage userApplicationsSuperior Type nameOID 2.5.4.6Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames c, countryNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By country, friendlyCountry, untypedObjectSchema File 00-core.ldifSyntax Country String

cACertificateX.509 certificate issued to the Certificate Authority (CA), as described in X.509 clause 11.2.2.


Attribute TypescalCalAdrURI


Request and transfer values using the binary option for the attribute description, cACertificate;binary.

Origin RFC 4523Usage userApplicationsOID 2.5.4.37Equality Matching Rule certificateExactMatchSingle Value false: multiple values allowedNames cACertificateOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By certificationAuthority, certificationAuthority-V2, pkiCASchema File 00-core.ldifSyntax Certificate

calCalAdrURIProtocol-independent location for a calendaring and scheduling client to send an event request to auser.

Origin RFC 2739Usage userApplicationsOID 1.2.840.113556.1.4.481Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames calCalAdrURIOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By calEntrySchema File 03-rfc2739.ldifSyntax IA5 String



Attribute TypescalCalURI


calCalURIProtocol-independent location for a calendaring and scheduling client to retrieve an entire snapshotcopy of a user's calendar as one or more iCalendar objects.

Origin RFC 2739Usage userApplicationsOID 1.2.840.113556.1.4.478Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames calCalURIOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


calCAPURIProtocol-independent location for a calendaring and scheduling client can communicate with a user'sentire calendar.

Origin RFC 2739Usage userApplicationsOID 1.2.840.113556.1.4.480Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames calCAPURIOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By calEntrySchema File 03-rfc2739.ldif



Attribute TypescalFBURL


Syntax IA5 String

calFBURLProtocol-independent location for a calendaring and scheduling client to retrieve information aboutwhen a user is busy as an iCalendar object with one or more "VFREEBUSY" calendar components.

Origin RFC 2739Usage userApplicationsOID 1.2.840.113556.1.4.479Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames calFBURLOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


calOtherCalAdrURIsProtocol-independent additional locations for a calendaring and scheduling client to send eventrequests to a user.

Origin RFC 2739Usage userApplicationsOID 1.2.840.113556.1.4.485Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames calOtherCalAdrURIsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true



Attribute TypescalOtherCalURIs



calOtherCalURIsProtocol-independent location for a calendaring and scheduling client to retrieve snapshots of othercalendars a user has as iCalendar objects.

Origin RFC 2739Usage userApplicationsOID 1.2.840.113556.1.4.482Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames calOtherCalURIsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


calOtherCAPURIsProtocol-independent location for a calendaring and scheduling client can communicate with a user'sother calendars.

Origin RFC 2739Usage userApplicationsOID 1.2.840.113556.1.4.484Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames calOtherCAPURIsOrdering Matching Rule caseIgnoreOrderingMatch



Attribute TypescalOtherFBURLs



true


calOtherFBURLsProtocol-independent location for a calendaring and scheduling client to retrieve other informationabout when a user is busy as iCalendar objects with one or more "VFREEBUSY" calendarcomponents.

Origin RFC 2739Usage userApplicationsOID 1.2.840.113556.1.4.483Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames calOtherFBURLsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


carLicenseCar license or registration plate number for a person's vehicle.

Origin RFC 2798Usage userApplicationsDescription vehicle license or registration plateOID 2.16.840.1.113730.3.1.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatch



Attribute TypescertificateRevocationList


Single Value false: multiple values allowedNames carLicenseOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By inetOrgPersonSchema File 00-core.ldifSyntax Directory String

certificateRevocationListX.509 certificate lists, as described in X.509 clause 11.2.4.

Request and transfer values using the binary option for the attribute description,certificateRevocationList;binary.

Origin RFC 4523Usage userApplicationsOID 2.5.4.39Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames certificateRevocationListOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By cRLDistributionPoint, certificationAuthority, certificationAuthority-V2, pkiCASchema File 00-core.ldifSyntax Certificate List

changeInitiatorsNamePoints to the entry that initiated the modification.

Origin OpenDS Directory ServerUsage directoryOperationDescription The initiator user of the change


Attribute Typeschangelog


OID 1.3.6.1.4.1.26027.1.1.604Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames changeInitiatorsNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Schema File 03-changelog.ldifSyntax Directory String

changelog

Origin draft-good-ldap-changelogUsage directoryOperationDescription the distinguished name of the entry which contains the set of entries comprising

this servers changelogOID 2.16.840.1.113730.3.1.35Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames changelogUser ModificationAllowed

false

Schema File 00-core.ldifSyntax DN

changeLogCookieOpaque unique identifier for a change in distributed replication changelog.

Origin OpenDS Directory ServerUsage directoryOperationDescription The OpenDS opaque cookie for the External ChangelogOID 1.3.6.1.4.1.26027.1.1.591

https://tools.ietf.org/html/draft-good-ldap-changelog

Attribute TypeschangeNumber


Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames changeLogCookieOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


changeNumberThe set of changes made to a directory server is given by the set of all entries in the changelog,ordered by changeNumber, which strictly increases for a given server.

Note The changeNumber is unique to a server, and not necessarily shared or synchronized acrossservers. The change numbers for ForgeRock servers can be synchronized using the dsrepl reset-change-number command. ForgeRock servers also provide an alternative changeLogCookie attribute, whichcan be used reliably across a replicated topology.

A client application may synchronize its local copy of directory data by reading the server's changelogfor entries where the changeNumber is greater than or equal to the last change that the client read fromthe server. A server can, however, trim its changelog. If the last change read from the changelog isnot returned in search results, the client application must fall back to rebuilding its entire copy ofdirectory data.

Origin draft-good-ldap-changelogUsage userApplicationsDescription a number which uniquely identifies a change made to a directory entryOID 2.16.840.1.113730.3.1.5Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames changeNumberOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By changeLogEntrySchema File 03-changelog.ldif


Attribute Typeschanges


Syntax Integer

changesOrigin draft-good-ldap-changelogUsage userApplicationsDescription a set of changes to apply to an entryOID 2.16.840.1.113730.3.1.8Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames changesOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By changeLogEntrySchema File 03-changelog.ldifSyntax Octet String

changeTimeIndicates when an entry was changed for replication.

Origin Sun Directory ServerUsage userApplicationsDescription the time when the change was processedOID 2.16.840.1.113730.3.1.77Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames changeTimeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By changeLogEntrySchema File 03-changelog.ldif


Attribute TypeschangeType


Syntax Directory String

changeTypeThe type of change made to the entry specified by the targetDN attribute of the changelog entry. Oneof:

• add

• delete

• modify

• modrdn

Origin draft-good-ldap-changelogUsage userApplicationsDescription the type of change made to an entryOID 2.16.840.1.113730.3.1.7Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames changeTypeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By changeLogEntrySchema File 03-changelog.ldifSyntax Directory String

cnX.500 commonName attribute that contains the name of an object.

When used for a person, this attribute contains the full name.

Origin RFC 4519Usage userApplicationsSuperior Type nameOID 2.5.4.3



Attribute TypescNAMERecord


Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames cn, commonNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By DUAConfigProfile, SolarisAuthAttr, SolarisNamingProfile, SolarisProfAttr,applicationEntity, applicationProcess, cRLDistributionPoint, container,corbaContainer, dSA, device, document, documentSeries, ds-monitor-branch, ds-monitor-changelog, ds-monitor-connection-handler, ds-monitor-entry-cache, ds-monitor-health-status, ds-monitor-http-connection-handler, ds-monitor-ldap-connection-handler, ds-monitor-work-queue, ds-pwp-password-policy, fr-idm-internal-role, groupOfEntries,groupOfNames, groupOfURLs, groupOfUniqueNames, inetOrgPerson,inheritableLDAPSubEntry, inheritedCollectiveAttributeSubentry,inheritedFromDNCollectiveAttributeSubentry,inheritedFromRDNCollectiveAttributeSubentry, ipHost, ipNetwork, ipProtocol,ipService, javaContainer, ldapSubEntry, mailGroup, namedObject, nisKeyObject,nisMailAlias, nisNetId, nisNetgroup, nisObject, nisplusTimeZoneData, oncRpc,organizationalPerson, organizationalRole, person, pilotDSA, pilotPerson,posixAccount, rFC822LocalPart, residentialPerson, room, sambaSamAccount,subentry, untypedObject


cNAMERecordA type CNAME (canonical name) DNS resource record.

Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.31Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames cNAMERecordOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By dNSDomain


Attribute Typesco



coFriendly country name in human readable format. This attribute is commonly used with c countryname, whose values are two-letter codes defined in the ISO 3166 standard.

Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.43Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames co, friendlyCountryNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By fr-idm-managed-user-explicit, friendlyCountrySchema File 00-core.ldifSyntax Directory String

collectiveAttributeSubentriesThis operational attribute identifies the collective attribute subentries that apply to the entry.

Origin RFC 3671Usage directoryOperationOID 2.5.18.12Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames collectiveAttributeSubentriesUser ModificationAllowed

false

Schema File 00-core.ldif



Attribute TypescollectiveConflictBehavior


Syntax DN

collectiveConflictBehaviorIndicates how to handle conflicts between real (stored) and virtual (computed) attribute values.

Origin OpenDS Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.26027.1.1.606Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames collectiveConflictBehaviorOrdering Matching Rule 1.3.6.1.4.1.26027.1.4.8.1.3.6.1.4.1.26027.1.3.6User ModificationAllowed

true

Used By inheritedCollectiveAttributeSubentry,inheritedFromDNCollectiveAttributeSubentry,inheritedFromRDNCollectiveAttributeSubentry

Schema File 00-core.ldifSyntax Collective Conflict Behavior

collectiveExclusionsThis operational attribute identifies the collective attributes to exclude from the entry. The valueexcludeAllCollectiveAttributes causes all collective attributes to be excluded.

Origin RFC 3671Usage directoryOperationOID 2.5.18.7Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value false: multiple values allowedNames collectiveExclusionsUser ModificationAllowed

true



Attribute TypescorbaIor


Syntax OID

corbaIorString representation of an interoperable object reference (IOR) for a CORBA object. The value holdsall the information necessary to locate the object even if it is in another ORB.

Origin RFC 2714Usage userApplicationsDescription Stringified interoperable object reference of a CORBA objectOID 1.3.6.1.4.1.42.2.27.4.1.14Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames corbaIorOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By corbaObjectReferenceSchema File 03-rfc2714.ldifSyntax IA5 String

corbaRepositoryIdUnique repository ID, also known as type ID, for a CORBA interface. Multiple values reflect multipleinterfaces, but the list is not necessarily complete.

Although the value string can be of any syntax, the following ID styles are specified:

IDL style: IDL:Prefix/ModuleName/InterfaceName:VersionNumber

Format used for standard interface definition language (IDL) IDs.

RMI style: RMI:ClassName:HashCode[:SUID]

Format used by RMI-IIOP remote objects.

• ClassName is the fully qualified name of the class.

• HashCode is the result of the object's hashCode() method.

• SUID is the 64-bit stream unique identifier for the serialization version of the class.


Attribute TypescoreTokenDate01


DCE style: DCE:UUID

Format used for DCE/CORBA interoperability, where the UUID represents a DCE UUID.

Local

The format is defined by the local Object Request Broker (ORB).

Origin RFC 2714Usage userApplicationsDescription Repository ids of interfaces implemented by a CORBA objectOID 1.3.6.1.4.1.42.2.27.4.1.15Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames corbaRepositoryIdOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By corbaObject, corbaObjectReferenceSchema File 03-rfc2714.ldifSyntax Directory String

coreTokenDate01Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped date fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.126Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames coreTokenDate01Ordering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

true

Used By frCoreToken




Schema File 60-cts-schema.ldifSyntax Generalized Time


true

Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Generalized Time


true





true


coreTokenDate05Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped date fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.130Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames coreTokenDate05Ordering Matching Rule generalizedTimeOrderingMatch

Attribute TypescoreTokenExpirationDate



true


coreTokenExpirationDateOrigin ForgeRock OpenAM CTSv2Usage userApplicationsDescription Token expiration dateInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.98Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames coreTokenExpirationDateOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

true


coreTokenIdOrigin ForgeRock OpenAM CTSv2Usage userApplicationsDescription Token unique IDInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.96Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenId

Attribute TypescoreTokenInteger01



true

Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Directory String

coreTokenInteger01Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped integer fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.116Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames coreTokenInteger01Ordering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Integer

coreTokenInteger02Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped integer fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.117Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value true



Names coreTokenInteger02Ordering Matching Rule integerOrderingMatchUser ModificationAllowed

true



true


coreTokenInteger04Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped integer fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.119Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatch



Single Value trueNames coreTokenInteger04Ordering Matching Rule integerOrderingMatchUser ModificationAllowed

true



true


coreTokenInteger06Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped integer fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.121Substring Matching Rule caseExactSubstringsMatch



Equality Matching Rule integerMatchSingle Value trueNames coreTokenInteger06Ordering Matching Rule integerOrderingMatchUser ModificationAllowed

true



true


coreTokenInteger08Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped integer fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.123



Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames coreTokenInteger08Ordering Matching Rule integerOrderingMatchUser ModificationAllowed

true



true


coreTokenInteger10Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped integer fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.

Attribute TypescoreTokenMultiString01


OID 1.3.6.1.4.1.36733.2.2.1.125Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames coreTokenInteger10Ordering Matching Rule integerOrderingMatchUser ModificationAllowed

true


coreTokenMultiString01Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped multi value string fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.136Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames coreTokenMultiString01Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


coreTokenMultiString02Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped multi value string field

Attribute TypescoreTokenMultiString03


Interface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.137Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames coreTokenMultiString02Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


coreTokenMultiString03Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription OAuth2 Grantset AuthorizationInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.138Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule ctsOAuth2GrantSetEqualityMatchSingle Value false: multiple values allowedNames coreTokenMultiString03Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


coreTokenObjectOrigin ForgeRock OpenAM CTSv2Usage userApplications

Attribute TypescoreTokenString01


Description Serialised JSON object for TokenInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.100Equality Matching Rule octetStringMatchSingle Value trueNames coreTokenObjectOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By frCoreTokenSchema File 60-cts-schema.ldifSyntax Binary

coreTokenString01Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped string fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.101Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenString01Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


coreTokenString02Origin ForgeRock OpenAM CTSv2Usage userApplications



Description General mapped string fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.102Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenString02Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true



true


coreTokenString04Origin ForgeRock OpenAM CTSv2



Usage userApplicationsDescription General mapped string fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.104Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenString04Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


coreTokenString05

Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription General mapped string fieldInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.105Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenString05Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true





true



true





true



true





true



true





true



true





true



true


Attribute TypescoreTokenTtlDate


coreTokenTtlDateOrigin ForgeRock OpenAM CTSv2Usage userApplicationsDescription TTL expiration dateInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.139Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value false: multiple values allowedNames coreTokenTtlDateOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

true


coreTokenTypeOrigin ForgeRock OpenAM CTSv2Usage userApplicationsDescription Token typeInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.97Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenTypeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


Attribute TypescoreTokenUserId


coreTokenUserId

Origin ForgeRock OpenAM CTSv2Usage userApplicationsDescription ID of the owning userInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.99Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames coreTokenUserIdOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


createTimestampFor entries added over protocol (by an LDAP add request), this operational attribute reflects the timethe entry was first added.

Origin RFC 4512Usage directoryOperationOID 2.5.18.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames createTimestampOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

false

Schema File 00-core.ldifSyntax Generalized Time


Attribute TypescreatorsName


creatorsNameFor entries added over protocol (by an LDAP add request), this operational attribute indicates the DNof the creator's entry.

Origin RFC 4512Usage directoryOperationOID 2.5.18.3Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames creatorsNameUser ModificationAllowed

false


credentialLevel

Origin RFC 4876Usage userApplicationsDescription Identifies type of credentials either used, required, or supported by an agent or

serviceOID 1.3.6.1.4.1.11.1.3.1.1.10Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames credentialLevelOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true




Attribute TypescrossCertificatePair


crossCertificatePairX.509 certificate pair, as described in X.509 clause 11.2.3.

Request and transfer values using the binary option for the attribute description,crossCertificatePair;binary.

Origin RFC 4523Usage userApplicationsOID 2.5.4.40Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames crossCertificatePairOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By certificationAuthority, certificationAuthority-V2, pkiCASchema File 00-core.ldifSyntax Certificate Pair

dcDomain component as described in RFC 1274, where each attribute value holds one component, orlabel, of a DNS domain name. A value of this attribute is a string of ASCII characters following thisABNF:

label = (ALPHA / DIGIT) [*61(ALPHA / DIGIT / HYPHEN) (ALPHA / DIGIT)]ALPHA = %x41-5A / %x61-7A ; "A"-"Z" / "a"-"z"DIGIT = %x30-39 ; "0"-"9"HYPHEN = %x2D ; hyphen ("-")

Examples: example, com (but not example.com)

Origin RFC 4519Usage userApplicationsOID 0.9.2342.19200300.100.1.25Substring Matching Rule caseIgnoreIA5SubstringsMatchEquality Matching Rule caseIgnoreIA5Match



Attribute TypesdefaultSearchBase


Single Value trueNames dc, domainComponentOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By dNSDomain, dcObject, domain, rFC822LocalPart, untypedObjectSchema File 00-core.ldifSyntax IA5 String

defaultSearchBase

Origin RFC 4876Usage userApplicationsDescription Default base for searchesOID 1.3.6.1.4.1.11.1.3.1.1.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames defaultSearchBaseUser ModificationAllowed

true

Used By DUAConfigProfileSchema File 05-rfc4876.ldifSyntax DN

defaultSearchScope

Origin RFC 4876Usage userApplicationsDescription Default scope used when performing a searchOID 1.3.6.1.4.1.11.1.3.1.1.12Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value true



Attribute TypesdefaultServerList


Names defaultSearchScopeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


defaultServerListOrigin RFC 4876Usage userApplicationsDescription List of default serversOID 1.3.6.1.4.1.11.1.3.1.1.0Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames defaultServerListOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


deleteOldRDNOrigin draft-good-ldap-changelogUsage userApplicationsDescription a flag which indicates if the old RDN should be retained as an attribute of the

entryOID 2.16.840.1.113730.3.1.10Equality Matching Rule booleanMatchSingle Value trueNames deleteOldRDN



Attribute TypesdeltaRevocationList



true

Used By changeLogEntrySchema File 03-changelog.ldifSyntax Boolean

deltaRevocationListX.509 certificate lists, as described in X.509 clause 11.2.6.

Request and transfer values using the binary option for the attribute description,deltaRevocationList;binary.

Origin RFC 4523Usage userApplicationsOID 2.5.4.53Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames deltaRevocationListOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By cRLDistributionPoint, certificationAuthority-V2, deltaCRLSchema File 00-core.ldifSyntax Certificate List

departmentNumberCode for the department that a person belongs to.

Examples: 1234, ABC/123.

Origin RFC 2798Usage userApplicationsDescription identifies a department within an organizationOID 2.16.840.1.113730.3.1.2Substring Matching Rule caseIgnoreSubstringsMatch



Attribute TypesdereferenceAliases


Equality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames departmentNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


dereferenceAliases

Origin RFC 4876Usage userApplicationsDescription Specifies if a service or agent either requires, supports, or uses dereferencing of

aliases.OID 1.3.6.1.4.1.11.1.3.1.1.16Equality Matching Rule booleanMatchSingle Value trueNames dereferenceAliasesUser ModificationAllowed

true

Used By DUAConfigProfileSchema File 05-rfc4876.ldifSyntax Boolean

descriptionHuman-readable descriptive phrase about the entry.

Origin RFC 4519Usage userApplicationsOID 2.5.4.13Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatch



Attribute TypesdestinationIndicator


Single Value false: multiple values allowedNames descriptionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By SolarisProject, account, applicationEntity, applicationProcess, automount,automountMap, corbaObject, corbaObjectReference, country, dNSDomain,dSA, device, dmd, document, documentSeries, domain, fr-idm-internal-role, friendlyCountry, groupOfEntries, groupOfNames, groupOfURLs,groupOfUniqueNames, inetOrgPerson, ipHost, ipNetwork, ipProtocol,ipService, javaMarshalledObject, javaNamingReference, javaObject,javaSerializedObject, locality, nisKeyObject, nisMap, nisNetgroup, nisObject,nisplusTimeZoneData, oncRpc, organization, organizationalPerson,organizationalRole, organizationalUnit, person, pilotDSA, pilotOrganization,pilotPerson, posixAccount, posixGroup, rFC822LocalPart, residentialPerson, room,sambaConfig, sambaConfigOption, sambaGroupMapping, sambaSamAccount,sambaShare, shadowAccount, slpService, slpServicePrinter, sunRealmService,sunservice, sunservicecomponent, untypedObject


destinationIndicatorCountry and city strings used by the Public Telegram Service.

The strings depend on CCITT Recommendations F.1 and F.31.

Examples: AASD (Sydney, Australia), GBLD (London, United Kingdom)

Origin RFC 4519Usage userApplicationsOID 2.5.4.27Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames destinationIndicatorOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By dNSDomain, dmd, domain, inetOrgPerson, organization, organizationalPerson,organizationalRole, organizationalUnit, pilotOrganization, rFC822LocalPart,residentialPerson, sunservicecomponent


Attribute TypesdevicePrintProfiles


Schema File 00-core.ldifSyntax Printable String

devicePrintProfilesOrigin OpenAMUsage userApplicationsDescription Device print profiles information is stored in this attributeInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.4Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames devicePrintProfilesOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By devicePrintProfilesContainerSchema File 60-identity-store-ds-deviceprint.ldifSyntax Directory String

deviceProfilesOrigin OpenAMUsage userApplicationsDescription Device profiles stringInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.13Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames deviceProfilesOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Attribute TypesdisplayName


Used By deviceProfilesContainerSchema File 60-identity-store-ds-deviceprofiles.ldifSyntax Directory String

displayNameName to be used for displaying an entry, especially in a one-line summary list.

Origin RFC 2798Usage userApplicationsDescription preferred name of a person to be used when displaying entriesOID 2.16.840.1.113730.3.1.241Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames displayNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By inetOrgPerson, sambaGroupMapping, sambaSamAccountSchema File 00-core.ldifSyntax Directory String

distinguishedNameBase type for user attribute types with DN syntax.

Origin RFC 4519Usage userApplicationsOID 2.5.4.49Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames distinguishedNameUser ModificationAllowed

true



Attribute TypesdITContentRules



dITContentRulesThis operational attribute used in LDAP schema defines DIT content rules, which specify the contentof entries with a given structural object class.

Origin RFC 4512Usage directoryOperationOID 2.5.21.2Equality Matching Rule objectIdentifierFirstComponentMatchSingle Value false: multiple values allowedNames dITContentRulesUser ModificationAllowed

true

Used By subschemaSchema File 00-core.ldifSyntax DIT Content Rule Description

dITRedirectDN indicating a newer entry for this entry. This entry should expire after a suitable grace period, forexample, after the person changes organizations.

Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.54Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames dITRedirectUser ModificationAllowed

true

Used By pilotObjectSchema File 00-core.ldif



Attribute TypesdITStructureRules


Syntax DN

dITStructureRulesThis operational attribute used in LDAP schema defines DIT structure rules, which specify the namesentries may have, and how entries may be related to each other.

Origin RFC 4512Usage directoryOperationOID 2.5.21.1Equality Matching Rule integerFirstComponentMatchSingle Value false: multiple values allowedNames dITStructureRulesUser ModificationAllowed

true

Used By subschemaSchema File 00-core.ldifSyntax DIT Structure Rule Description

dmdNameA Directory Management Domain (DMD) name. The DMD is the administrative authority for thisdirectory server.

Origin RFC 2256Usage userApplicationsSuperior Type nameOID 2.5.4.54Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames dmdNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By dmd



Attribute TypesdnQualifier



dnQualifierDisambiguating information for the RDN of an entry. The information can be used to avoid conflictswhen merging data from multiple sources.

All values for this attribute from a particular source should be the same.

Origin RFC 4519Usage userApplicationsOID 2.5.4.46Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames dnQualifierOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


documentAuthorDNs of the entries for authors and editors of a document.

Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.14Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames documentAuthorUser ModificationAllowed

true



Attribute TypesdocumentIdentifier


Used By documentSchema File 00-core.ldifSyntax DN

documentIdentifierUnique identifier(s) of a document.

Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.11Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames documentIdentifierOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By documentSchema File 00-core.ldifSyntax Directory String

documentLocationLocation(s) of the document original.

Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.15Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames documentLocationOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true



Attribute TypesdocumentPublisher



documentPublisherDNs of the person or organization who published the document. Joint publications have one value perpublisher.

Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.56Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames documentPublisherOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


documentTitleTitles of a document, where multiple values can specify different forms, such as long and shortversions.

Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.12Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames documentTitle



Attribute TypesdocumentVersion



true


documentVersionOrigin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.13Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames documentVersionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


drinkOrigin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.5Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames drink, favouriteDrinkOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true



Attribute Typesds-certificate-fingerprint


Used By pilotPersonSchema File 00-core.ldifSyntax Directory String

ds-certificate-fingerprintHolds a digital certificate fingerprint value for mapping an incoming certificate to a user entry.

Origin OpenDS Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.26027.1.1.268Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-certificate-fingerprintOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-certificate-userSchema File 02-config.ldifSyntax Directory String

ds-certificate-issuer-dnHolds a digital certificate issuer DN value for validating the CA of an incoming certificate.

Origin OpenDJ Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.341Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames ds-certificate-issuer-dnUser ModificationAllowed

true

Attribute Typesds-certificate-subject-dn


Used By ds-certificate-userSchema File 02-config.ldifSyntax DN

ds-certificate-subject-dnHolds a digital certificate subject DN value for mapping an incoming certificate to a user entry.

Origin OpenDS Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.26027.1.1.266Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames ds-certificate-subject-dnUser ModificationAllowed

true

Used By ds-certificate-userSchema File 02-config.ldifSyntax DN

ds-mon-abandoned-requestsOrigin OpenDJ Directory ServerUsage userApplicationsDescription Total number of abandoned operations since startupOID 1.3.6.1.4.1.36733.2.1.1.255Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-abandoned-requestsOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-ldap-connection-handler

Attribute Typesds-mon-active-connections-count


Schema File 02-config.ldifSyntax Counter metric

ds-mon-active-connections-countOrigin OpenDS Directory ServerUsage userApplicationsDescription Number of active client connectionsOID 1.3.6.1.4.1.26027.1.1.253Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-active-connections-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-connection-handler, ds-monitor-http-connection-handler, ds-monitor-ldap-connection-handler

Schema File 02-config.ldifSyntax Integer

ds-mon-active-persistent-searchesOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of active persistent searchesOID 1.3.6.1.4.1.36733.2.1.1.254Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-active-persistent-searchesOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-ldap-connection-handler

Attribute Typesds-mon-admin-hostport



ds-mon-admin-hostport

Origin OpenDJ Directory ServerUsage userApplicationsDescription The administrative host and portOID 1.3.6.1.4.1.36733.2.1.1.546Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-admin-hostportOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-connected-replica, ds-monitor-topology-serverSchema File 02-config.ldifSyntax Host port

ds-mon-alias

Origin OpenDJ Directory ServerUsage userApplicationsDescription Certificate aliasOID 1.3.6.1.4.1.36733.2.1.1.464Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-aliasOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-certificate

Attribute Typesds-mon-alive-errors


Schema File 02-config.ldifSyntax Directory String

ds-mon-alive-errorsOrigin OpenDJ Directory ServerUsage userApplicationsDescription Lists server errors preventing the server from operating correctly that require

administrative actionOID 1.3.6.1.4.1.36733.2.1.1.517Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-mon-alive-errorsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-health-statusSchema File 02-config.ldifSyntax Directory String

ds-mon-aliveWhen the value of this attribute is true, the server's internal tests have not found any errors thatwould require administrative action. This is not, however, a guarantee that the server is alive. It ispossible that the server is subject to error conditions that its internal tests missed.

When the value of this attribute is false, however, administrative action is definitely required.

Origin OpenDJ Directory ServerUsage userApplicationsDescription Indicates whether the server is aliveOID 1.3.6.1.4.1.36733.2.1.1.515Equality Matching Rule booleanMatchSingle Value trueNames ds-mon-alive

Attribute Typesds-mon-backend-degraded-index-count



true

Used By ds-monitor-health-statusSchema File 02-config.ldifSyntax Boolean

ds-mon-backend-degraded-index-count

Origin OpenDJ Directory ServerUsage userApplicationsDescription Number of degraded indexes in the backendOID 1.3.6.1.4.1.36733.2.1.1.364Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-backend-degraded-index-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-backend-db, ds-monitor-backend-pluggableSchema File 02-config.ldifSyntax Integer

ds-mon-backend-degraded-index

Origin OpenDJ Directory ServerUsage userApplicationsDescription Backend degraded indexOID 1.3.6.1.4.1.36733.2.1.1.365Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames ds-mon-backend-degraded-indexOrdering Matching Rule caseIgnoreOrderingMatch

Attribute Typesds-mon-backend-entry-count



true

Used By ds-monitor-backend-db, ds-monitor-backend-pluggableSchema File 02-config.ldifSyntax Directory String

ds-mon-backend-entry-countOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of entries contained in the backendOID 1.3.6.1.4.1.36733.2.1.1.363Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-backend-entry-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-backend, ds-monitor-backend-db, ds-monitor-backend-pluggable, ds-monitor-backend-proxy, ds-monitor-base-dn


ds-mon-backend-filter-use-indexedOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of indexed searches performed against the backendOID 1.3.6.1.4.1.36733.2.1.1.369Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-backend-filter-use-indexedOrdering Matching Rule integerOrderingMatch

Attribute Typesds-mon-backend-filter-use-start-time



true


ds-mon-backend-filter-use-start-timeOrigin OpenDJ Directory ServerUsage userApplicationsDescription Time when recording started for statistical information about the simple search

filters processed against the backendOID 1.3.6.1.4.1.36733.2.1.1.368Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-mon-backend-filter-use-start-timeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-backend-db, ds-monitor-backend-pluggableSchema File 02-config.ldifSyntax Generalized Time

ds-mon-backend-filter-use-unindexedOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of unindexed searches performed against the backendOID 1.3.6.1.4.1.36733.2.1.1.370Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-backend-filter-use-unindexedOrdering Matching Rule integerOrderingMatch

Attribute Typesds-mon-backend-filter-use



true


ds-mon-backend-filter-useOrigin OpenDJ Directory ServerUsage userApplicationsDescription Information about the simple search filter processed against the backendOID 1.3.6.1.4.1.36733.2.1.1.371Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames ds-mon-backend-filter-useOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-backend-db, ds-monitor-backend-pluggableSchema File 02-config.ldifSyntax Json

ds-mon-backend-is-privateOrigin OpenDJ Directory ServerUsage userApplicationsDescription Whether the base DNs of this backend should be considered public or privateOID 1.3.6.1.4.1.36733.2.1.1.356Equality Matching Rule booleanMatchSingle Value trueNames ds-mon-backend-is-privateUser ModificationAllowed

true


Attribute Typesds-mon-backend-proxy-base-dn


Schema File 02-config.ldifSyntax Boolean

ds-mon-backend-proxy-base-dn

Origin OpenDJ Directory ServerUsage userApplicationsDescription Base DNs routed to remote LDAP servers by the proxy backendOID 1.3.6.1.4.1.36733.2.1.1.354Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames ds-mon-backend-proxy-base-dnUser ModificationAllowed

true

Used By ds-monitor-backend-proxySchema File 02-config.ldifSyntax DN

ds-mon-backend-proxy-shard

Origin OpenDJ Directory ServerUsage userApplicationsDescription Remote LDAP servers that the proxy backend forwards requests toOID 1.3.6.1.4.1.36733.2.1.1.357Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames ds-mon-backend-proxy-shardOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-backend-proxySchema File 02-config.ldifSyntax Summary metric

Attribute Typesds-mon-backend-ttl-entries-deleted


ds-mon-backend-ttl-entries-deleted

Origin OpenDJ Directory ServerUsage userApplicationsDescription Summary for entries purged by time-to-liveOID 1.3.6.1.4.1.36733.2.1.1.334Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-backend-ttl-entries-deletedOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-backend-db, ds-monitor-backend-pluggableSchema File 02-config.ldifSyntax Summary metric

ds-mon-backend-ttl-is-running

Origin OpenDJ Directory ServerUsage userApplicationsDescription Indicates whether time-to-live is in the process of purging expired entriesOID 1.3.6.1.4.1.36733.2.1.1.330Equality Matching Rule booleanMatchSingle Value trueNames ds-mon-backend-ttl-is-runningUser ModificationAllowed

true

Used By ds-monitor-backend-db, ds-monitor-backend-pluggableSchema File 02-config.ldifSyntax Boolean

ds-mon-backend-ttl-last-run-time

Origin OpenDJ Directory Server

Attribute Typesds-mon-backend-ttl-queue-size


Usage userApplicationsDescription Last date and time when time-to-live finished purging expired entriesOID 1.3.6.1.4.1.36733.2.1.1.331Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-mon-backend-ttl-last-run-timeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-backend-db, ds-monitor-backend-pluggableSchema File 02-config.ldifSyntax Generalized Time

ds-mon-backend-ttl-queue-sizeOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of entries queued for purging by the time-to-live serviceOID 1.3.6.1.4.1.36733.2.1.1.333Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-backend-ttl-queue-sizeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-backend-ttl-thread-countOrigin OpenDJ Directory ServerUsage userApplications

Attribute Typesds-mon-backend-writability-mode


Description Number of active time-to-live threadsOID 1.3.6.1.4.1.36733.2.1.1.332Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-backend-ttl-thread-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-backend-writability-modeOrigin OpenDJ Directory ServerUsage userApplicationsDescription Current backend behavior when processing write operations, can either be

"disabled", "enabled" or "internal-only"OID 1.3.6.1.4.1.36733.2.1.1.355Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-backend-writability-modeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true



ds-mon-base-dn-entry-countOrigin OpenDJ Directory Server

Attribute Typesds-mon-base-dn


Usage userApplicationsDescription Number of subordinate entries of the base DN, including the base DNOID 1.3.6.1.4.1.36733.2.1.1.367Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-base-dn-entry-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-base-dnSchema File 02-config.ldifSyntax Integer

ds-mon-base-dn

Origin OpenDJ Directory ServerUsage userApplicationsDescription Base DN handled by a backendOID 1.3.6.1.4.1.36733.2.1.1.366Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames ds-mon-base-dnUser ModificationAllowed

true

Used By ds-monitor-base-dnSchema File 02-config.ldifSyntax DN

ds-mon-build-number

Origin OpenDJ Directory ServerUsage userApplications

Attribute Typesds-mon-build-time


Description Build number of the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.321Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-build-numberOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-serverSchema File 02-config.ldifSyntax Integer

ds-mon-build-time

Origin OpenDJ Directory ServerUsage userApplicationsDescription Build date and time of the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.319Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-build-timeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-serverSchema File 02-config.ldifSyntax Directory String

ds-mon-bytes-read


Attribute Typesds-mon-bytes-written


Description Network bytes read summaryOID 1.3.6.1.4.1.36733.2.1.1.252Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-bytes-readOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


Schema File 02-config.ldifSyntax Summary metric

ds-mon-bytes-writtenOrigin OpenDJ Directory ServerUsage userApplicationsDescription Network bytes written summaryOID 1.3.6.1.4.1.36733.2.1.1.253Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-bytes-writtenOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


Schema File 02-config.ldifSyntax Summary metric

ds-mon-cache-entry-countOrigin OpenDJ Directory ServerUsage userApplicationsDescription Current number of entries held in this cache

Attribute Typesds-mon-cache-max-entry-count


OID 1.3.6.1.4.1.36733.2.1.1.360Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-cache-entry-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-entry-cacheSchema File 02-config.ldifSyntax Integer

ds-mon-cache-max-entry-count

Origin OpenDJ Directory ServerUsage userApplicationsDescription Maximum number of entries allowed in this cacheOID 1.3.6.1.4.1.36733.2.1.1.361Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-cache-max-entry-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-entry-cacheSchema File 02-config.ldifSyntax Integer

ds-mon-cache-max-size-bytes

Origin OpenDJ Directory ServerUsage userApplicationsDescription Memory limit for this cache

Attribute Typesds-mon-cache-misses


OID 1.3.6.1.4.1.36733.2.1.1.362Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-cache-max-size-bytesOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-entry-cacheSchema File 02-config.ldifSyntax Size in bytes

ds-mon-cache-misses

Origin OpenDJ Directory ServerUsage userApplicationsDescription Number of attempts to retrieve an entry that was not held in this cacheOID 1.3.6.1.4.1.36733.2.1.1.358Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-cache-missesOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-entry-cacheSchema File 02-config.ldifSyntax Summary metric

ds-mon-cache-total-tries

Origin OpenDJ Directory ServerUsage userApplicationsDescription Number of attempts to retrieve an entry from this cacheOID 1.3.6.1.4.1.36733.2.1.1.359

Attribute Typesds-mon-certificate-expires-at


Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-cache-total-triesOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-entry-cacheSchema File 02-config.ldifSyntax Summary metric

ds-mon-certificate-expires-at

Origin OpenDJ Directory ServerUsage userApplicationsDescription Certificate expiration date and timeOID 1.3.6.1.4.1.36733.2.1.1.277Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-mon-certificate-expires-atOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-certificateSchema File 02-config.ldifSyntax Generalized Time

ds-mon-certificate-issuer-dn

Origin OpenDJ Directory ServerUsage userApplicationsDescription Certificate issuer DNOID 1.3.6.1.4.1.36733.2.1.1.274Substring Matching Rule caseIgnoreSubstringsMatch

Attribute Typesds-mon-certificate-serial-number


Equality Matching Rule distinguishedNameMatchSingle Value trueNames ds-mon-certificate-issuer-dnUser ModificationAllowed

true

Used By ds-monitor-certificateSchema File 02-config.ldifSyntax DN

ds-mon-certificate-serial-number

Origin OpenDJ Directory ServerUsage userApplicationsDescription Certificate serial numberOID 1.3.6.1.4.1.36733.2.1.1.276Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-certificate-serial-numberOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-certificateSchema File 02-config.ldifSyntax Integer

ds-mon-certificate-subject-dn

Origin OpenDJ Directory ServerUsage userApplicationsDescription Certificate subject DNOID 1.3.6.1.4.1.36733.2.1.1.275Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatch

Attribute Typesds-mon-changelog-hostport


Single Value trueNames ds-mon-certificate-subject-dnUser ModificationAllowed

true

Used By ds-monitor-certificateSchema File 02-config.ldifSyntax DN

ds-mon-changelog-hostport

Origin OpenDJ Directory ServerUsage userApplicationsDescription The host and port of the changelog serverOID 1.3.6.1.4.1.36733.2.1.1.549Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-changelog-hostportOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-connected-changelog, ds-monitor-topology-serverSchema File 02-config.ldifSyntax Host port

ds-mon-changelog-id

Origin OpenDJ Directory ServerUsage userApplicationsDescription Changelog identifierOID 1.3.6.1.4.1.36733.2.1.1.559Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value true

Attribute Typesds-mon-changelog-purge-delay


Names ds-mon-changelog-idOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-connected-changelogSchema File 02-config.ldifSyntax Directory String

ds-mon-changelog-purge-delayOrigin OpenDJ Directory ServerUsage userApplicationsDescription The purge delay of the changelogOID 1.3.6.1.4.1.36733.2.1.1.550Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-changelog-purge-delayOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-topology-serverSchema File 02-config.ldifSyntax Duration in milli-seconds

ds-mon-compact-versionOrigin OpenDJ Directory ServerUsage userApplicationsDescription Compact version of the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.314Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-compact-version

Attribute Typesds-mon-config-dn



true


ds-mon-config-dnOrigin OpenDJ Directory ServerUsage userApplicationsDescription DN of the configuration entryOID 1.3.6.1.4.1.36733.2.1.1.273Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames ds-mon-config-dnUser ModificationAllowed

true


Schema File 02-config.ldifSyntax DN

ds-mon-connected-to-server-hostportOrigin OpenDJ Directory ServerUsage userApplicationsDescription Host and replication port of the server that this server is connected toOID 1.3.6.1.4.1.36733.2.1.1.465Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-connected-to-server-hostportOrdering Matching Rule caseIgnoreOrderingMatch

Attribute Typesds-mon-connected-to-server-id



true

Used By ds-monitor-connected-changelog, ds-monitor-connected-replica, ds-monitor-replicaSchema File 02-config.ldifSyntax Host port

ds-mon-connected-to-server-idOrigin OpenDJ Directory ServerUsage userApplicationsDescription Identifier of the server that this server is connected toOID 1.3.6.1.4.1.36733.2.1.1.462Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-connected-to-server-idOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-replicaSchema File 02-config.ldifSyntax Directory String

ds-mon-connectionOrigin OpenDS Directory ServerUsage userApplicationsDescription Client connection summary informationOID 1.3.6.1.4.1.26027.1.1.251Equality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-mon-connectionOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Attribute Typesds-mon-connections


Used By ds-monitor-ldap-connection-handlerSchema File 02-config.ldifSyntax Json

ds-mon-connectionsOrigin OpenDJ Directory ServerUsage userApplicationsDescription Connection summaryOID 1.3.6.1.4.1.36733.2.1.1.251Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-connectionsOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-ldap-connection-handlerSchema File 02-config.ldifSyntax Summary metric

ds-mon-current-connectionsOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of client connections currently established with the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.326Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-current-connectionsOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-serverSchema File 02-config.ldif

Attribute Typesds-mon-current-receive-window


Syntax Integer

ds-mon-current-receive-windowOrigin OpenDJ Directory ServerUsage userApplicationsDescription Current replication window size for receiving messages, indicating the

number of replication messages a remote server can send before waiting onacknowledgement from this server. This does not depend on the TCP window size

OID 1.3.6.1.4.1.36733.2.1.1.492Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-current-receive-windowOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-connected-changelog, ds-monitor-connected-replica, ds-monitor-replicaSchema File 02-config.ldifSyntax Integer

ds-mon-current-timeOrigin OpenDJ Directory ServerUsage userApplicationsDescription Current date and timeOID 1.3.6.1.4.1.36733.2.1.1.324Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-mon-current-timeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-serverSchema File 02-config.ldif

Attribute Typesds-mon-db-cache-evict-internal-nodes-count


Syntax Generalized Time

ds-mon-db-cache-evict-internal-nodes-countOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of internal nodes evicted from the database cacheOID 1.3.6.1.4.1.36733.2.1.1.373Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-cache-evict-internal-nodes-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-backend-dbSchema File 02-config.ldifSyntax Integer

ds-mon-db-cache-evict-leaf-nodes-countOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of leaf nodes (data records) evicted from the database cacheOID 1.3.6.1.4.1.36733.2.1.1.374Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-cache-evict-leaf-nodes-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


Attribute Typesds-mon-db-cache-leaf-nodes


ds-mon-db-cache-leaf-nodesOrigin OpenDJ Directory ServerUsage userApplicationsDescription Whether leaf nodes are cachedOID 1.3.6.1.4.1.36733.2.1.1.531Equality Matching Rule booleanMatchSingle Value trueNames ds-mon-db-cache-leaf-nodesUser ModificationAllowed

true

Used By ds-monitor-backend-dbSchema File 02-config.ldifSyntax Boolean

ds-mon-db-cache-misses-internal-nodesOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of internal nodes requested by btree operations that were not in the

database cacheOID 1.3.6.1.4.1.36733.2.1.1.377Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-cache-misses-internal-nodesOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-db-cache-misses-leaf-nodesOrigin OpenDJ Directory Server

Attribute Typesds-mon-db-cache-size-active


Usage userApplicationsDescription Number of leaf nodes (data records) requested by btree operations that were not

in the database cacheOID 1.3.6.1.4.1.36733.2.1.1.378Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-cache-misses-leaf-nodesOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-db-cache-size-activeOrigin OpenDJ Directory ServerUsage userApplicationsDescription Size of the database cacheOID 1.3.6.1.4.1.36733.2.1.1.379Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-cache-size-activeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-backend-dbSchema File 02-config.ldifSyntax Size in bytes

ds-mon-db-cache-size-totalOrigin ForgeRock Directory Server

Attribute Typesds-mon-db-cache-total-tries-internal-nodes


Usage userApplicationsDescription Maximum size of the database cacheOID 1.3.6.1.4.1.36733.2.1.1.624Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-cache-size-totalOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-db-cache-total-tries-internal-nodes

Origin OpenDJ Directory ServerUsage userApplicationsDescription Number of internal nodes requested by btree operationsOID 1.3.6.1.4.1.36733.2.1.1.375Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-cache-total-tries-internal-nodesOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-db-cache-total-tries-leaf-nodes


Attribute Typesds-mon-db-checkpoint-count


Usage userApplicationsDescription Number of leaf nodes (data records) requested by btree operationsOID 1.3.6.1.4.1.36733.2.1.1.376Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-cache-total-tries-leaf-nodesOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-db-checkpoint-count

Origin OpenDJ Directory ServerUsage userApplicationsDescription Number of checkpoints run so farOID 1.3.6.1.4.1.36733.2.1.1.387Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-checkpoint-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-db-log-cleaner-file-deletion-count


Attribute Typesds-mon-db-log-files-open


Usage userApplicationsDescription Number of cleaner file deletionsOID 1.3.6.1.4.1.36733.2.1.1.381Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-log-cleaner-file-deletion-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-db-log-files-open

Origin OpenDJ Directory ServerUsage userApplicationsDescription Number of files currently open in the database file cacheOID 1.3.6.1.4.1.36733.2.1.1.385Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-log-files-openOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-db-log-files-opened


Attribute Typesds-mon-db-log-size-active


Usage userApplicationsDescription Number of times a log file has been openedOID 1.3.6.1.4.1.36733.2.1.1.386Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-log-files-openedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-db-log-size-activeOrigin OpenDJ Directory ServerUsage userApplicationsDescription Estimate of the amount in bytes of live data in all data files (i.e., the size of the DB,

ignoring garbage)OID 1.3.6.1.4.1.36733.2.1.1.380Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-log-size-activeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-db-log-size-totalOrigin OpenDJ Directory Server

Attribute Typesds-mon-db-log-utilization-max


Usage userApplicationsDescription Size used by all data files on diskOID 1.3.6.1.4.1.36733.2.1.1.384Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-log-size-totalOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-db-log-utilization-max

Origin OpenDJ Directory ServerUsage userApplicationsDescription Current maximum (upper bound) log utilization as a percentageOID 1.3.6.1.4.1.36733.2.1.1.383Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-log-utilization-maxOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-db-log-utilization-min


Attribute Typesds-mon-db-version


Usage userApplicationsDescription Current minimum (lower bound) log utilization as a percentageOID 1.3.6.1.4.1.36733.2.1.1.382Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-db-log-utilization-minOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-db-version

Origin OpenDJ Directory ServerUsage userApplicationsDescription Database version used by the backendOID 1.3.6.1.4.1.36733.2.1.1.372Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-db-versionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-backend-dbSchema File 02-config.ldifSyntax Directory String

ds-mon-disk-dir


Attribute Typesds-mon-disk-free


Usage userApplicationsDescription A monitored directory containing data that may change over timeOID 1.3.6.1.4.1.36733.2.1.1.339Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames ds-mon-disk-dirOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-disk-spaceSchema File 02-config.ldifSyntax Filesystem path

ds-mon-disk-freeOrigin OpenDJ Directory ServerUsage userApplicationsDescription Amount of free disk spaceOID 1.3.6.1.4.1.36733.2.1.1.335Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames ds-mon-disk-freeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-disk-spaceSchema File 02-config.ldifSyntax Size in bytes

ds-mon-disk-full-thresholdOrigin OpenDJ Directory ServerUsage userApplications

Attribute Typesds-mon-disk-low-threshold


Description Effective full disk space thresholdOID 1.3.6.1.4.1.36733.2.1.1.338Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames ds-mon-disk-full-thresholdOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-disk-low-thresholdOrigin OpenDJ Directory ServerUsage userApplicationsDescription Effective low disk space thresholdOID 1.3.6.1.4.1.36733.2.1.1.337Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames ds-mon-disk-low-thresholdOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-disk-rootOrigin OpenDJ Directory ServerUsage userApplicationsDescription Monitored disk root

Attribute Typesds-mon-disk-state


OID 1.3.6.1.4.1.36733.2.1.1.353Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames ds-mon-disk-rootOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-disk-spaceSchema File 02-config.ldifSyntax Filesystem path

ds-mon-disk-stateOrigin OpenDJ Directory ServerUsage userApplicationsDescription Current disk state, can be either "normal", "low" or "full"OID 1.3.6.1.4.1.36733.2.1.1.336Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-disk-stateOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-disk-spaceSchema File 02-config.ldifSyntax Directory String

ds-mon-domain-generation-idOrigin OpenDJ Directory ServerUsage userApplicationsDescription Replication domain generation identifierOID 1.3.6.1.4.1.36733.2.1.1.467

Attribute Typesds-mon-domain-name


Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-domain-generation-idOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-changelog-domain, ds-monitor-connected-changelog, ds-monitor-connected-replica, ds-monitor-replica


ds-mon-domain-nameOrigin OpenDJ Directory ServerUsage userApplicationsDescription Replication domain nameOID 1.3.6.1.4.1.36733.2.1.1.466Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames ds-mon-domain-nameUser ModificationAllowed

true

Used By ds-monitor-changelog-domain, ds-monitor-remote-replica, ds-monitor-replicaSchema File 02-config.ldifSyntax DN

ds-mon-entries-awaiting-updates-countOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of entries for which an update operation has been received but not

replayed yet by this replicaInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.

Attribute Typesds-mon-fix-ids


OID 1.3.6.1.4.1.36733.2.1.1.500Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-entries-awaiting-updates-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-replicaSchema File 02-config.ldifSyntax Integer

ds-mon-fix-idsOrigin OpenDJ Directory ServerUsage userApplicationsDescription IDs of issues that have been fixed in this Directory Server buildOID 1.3.6.1.4.1.36733.2.1.1.322Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-fix-idsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-mon-full-versionOrigin OpenDJ Directory ServerUsage userApplicationsDescription Full version of the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.313

Attribute Typesds-mon-group-id


Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-full-versionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-mon-group-idOrigin OpenDJ Directory ServerUsage userApplicationsDescription Unique identifier of the group in which the directory server belongsOID 1.3.6.1.4.1.36733.2.1.1.543Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-group-idOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-topology-serverSchema File 02-config.ldifSyntax Directory String

ds-mon-healthy-errorsOrigin OpenDJ Directory ServerUsage userApplicationsDescription Lists transient server errors preventing the server from temporarily handling

requestsOID 1.3.6.1.4.1.36733.2.1.1.518

Attribute Typesds-mon-healthy


Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-mon-healthy-errorsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-health-statusSchema File 02-config.ldifSyntax Directory String

ds-mon-healthyWhen the value of this attribute is true, the server has not found any transient server errorspreventing it from handling requests. This is not, however, a guarantee that the server is ready tohandle all requests. It is possible that the server is subject to error conditions that its internal testsmissed.

When the value of this attribute is false, however, the server's internal tests have definitely foundtransient errors. Route traffic to another server until this attribute is true again.

Origin OpenDJ Directory ServerUsage userApplicationsDescription Indicates whether the server is able to handle requestsOID 1.3.6.1.4.1.36733.2.1.1.516Equality Matching Rule booleanMatchSingle Value trueNames ds-mon-healthyUser ModificationAllowed

true

Used By ds-monitor-health-statusSchema File 02-config.ldifSyntax Boolean

ds-mon-install-pathOrigin OpenDJ Directory Server

Attribute Typesds-mon-instance-path


Usage userApplicationsDescription Directory Server root installation pathOID 1.3.6.1.4.1.36733.2.1.1.305Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames ds-mon-install-pathOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-serverSchema File 02-config.ldifSyntax Filesystem path

ds-mon-instance-path

Origin OpenDJ Directory ServerUsage userApplicationsDescription Directory Server instance pathOID 1.3.6.1.4.1.36733.2.1.1.306Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames ds-mon-instance-pathOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-architecture


Attribute Typesds-mon-jvm-arguments


Usage userApplicationsDescription Java virtual machine architecture (e.g. 32-bit, 64-bit)OID 1.3.6.1.4.1.36733.2.1.1.299Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-jvm-architectureOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Directory String

ds-mon-jvm-arguments

Origin OpenDJ Directory ServerUsage userApplicationsDescription Input arguments passed to the Java virtual machineOID 1.3.6.1.4.1.36733.2.1.1.307Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames ds-mon-jvm-argumentsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-available-cpus


Attribute Typesds-mon-jvm-class-path


Usage userApplicationsDescription Number of processors available to the Java virtual machineOID 1.3.6.1.4.1.36733.2.1.1.301Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-available-cpusOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Integer

ds-mon-jvm-class-path

Origin OpenDJ Directory ServerUsage userApplicationsDescription Path used to find directories and JAR archives containing Java class filesOID 1.3.6.1.4.1.36733.2.1.1.294Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames ds-mon-jvm-class-pathOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Filesystem path

ds-mon-jvm-classes-loaded


Attribute Typesds-mon-jvm-classes-unloaded


Usage userApplicationsDescription Number of classes loaded since the Java virtual machine startedOID 1.3.6.1.4.1.36733.2.1.1.388Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-classes-loadedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-classes-unloaded

Origin OpenDJ Directory ServerUsage userApplicationsDescription Number of classes unloaded since the Java virtual machine startedOID 1.3.6.1.4.1.36733.2.1.1.389Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-classes-unloadedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-java-home


Attribute Typesds-mon-jvm-java-vendor


Usage userApplicationsDescription Installation directory for Java runtime environment (JRE)OID 1.3.6.1.4.1.36733.2.1.1.293Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames ds-mon-jvm-java-homeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Filesystem path

ds-mon-jvm-java-vendor

Origin OpenDJ Directory ServerUsage userApplicationsDescription Java runtime environment (JRE) vendorOID 1.3.6.1.4.1.36733.2.1.1.290Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-jvm-java-vendorOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-java-version


Attribute Typesds-mon-jvm-memory-heap-init


Usage userApplicationsDescription Java runtime environment (JRE) versionOID 1.3.6.1.4.1.36733.2.1.1.289Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-jvm-java-versionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-memory-heap-initOrigin OpenDJ Directory ServerUsage userApplicationsDescription Amount of heap memory that the Java virtual machine initially requested from the

operating systemOID 1.3.6.1.4.1.36733.2.1.1.391Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-memory-heap-initOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-jvmSchema File 02-config.ldifSyntax Size in bytes

ds-mon-jvm-memory-heap-maxOrigin OpenDJ Directory Server

Attribute Typesds-mon-jvm-memory-heap-reserved


Usage userApplicationsDescription Maximum amount of heap memory that the Java virtual machine will attempt to

useOID 1.3.6.1.4.1.36733.2.1.1.397Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-memory-heap-maxOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-memory-heap-reservedOrigin OpenDJ Directory ServerUsage userApplicationsDescription Amount of heap memory that is committed for the Java virtual machine to useOID 1.3.6.1.4.1.36733.2.1.1.395Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-memory-heap-reservedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-memory-heap-usedOrigin OpenDJ Directory Server

Attribute Typesds-mon-jvm-memory-init


Usage userApplicationsDescription Amount of heap memory used by the Java virtual machineOID 1.3.6.1.4.1.36733.2.1.1.393Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-memory-heap-usedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-memory-initOrigin OpenDJ Directory ServerUsage userApplicationsDescription Amount of memory that the Java virtual machine initially requested from the

operating systemOID 1.3.6.1.4.1.36733.2.1.1.390Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-memory-initOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-memory-maxOrigin OpenDJ Directory Server

Attribute Typesds-mon-jvm-memory-non-heap-init


Usage userApplicationsDescription Maximum amount of memory that the Java virtual machine will attempt to useOID 1.3.6.1.4.1.36733.2.1.1.302Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-memory-maxOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-memory-non-heap-initOrigin OpenDJ Directory ServerUsage userApplicationsDescription Amount of non-heap memory that the Java virtual machine initially requested from

the operating systemOID 1.3.6.1.4.1.36733.2.1.1.392Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-memory-non-heap-initOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-memory-non-heap-maxOrigin OpenDJ Directory Server

Attribute Typesds-mon-jvm-memory-non-heap-reserved


Usage userApplicationsDescription Maximum amount of non-heap memory that the Java virtual machine will attempt

to useOID 1.3.6.1.4.1.36733.2.1.1.398Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-memory-non-heap-maxOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-memory-non-heap-reservedOrigin OpenDJ Directory ServerUsage userApplicationsDescription Amount of non-heap memory that is committed for the Java virtual machine to useOID 1.3.6.1.4.1.36733.2.1.1.396Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-memory-non-heap-reservedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-memory-non-heap-usedOrigin OpenDJ Directory Server

Attribute Typesds-mon-jvm-memory-reserved


Usage userApplicationsDescription Amount of non-heap memory used by the Java virtual machineOID 1.3.6.1.4.1.36733.2.1.1.394Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-memory-non-heap-usedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-memory-reserved

Origin OpenDJ Directory ServerUsage userApplicationsDescription Amount of memory that is committed for the Java virtual machine to useOID 1.3.6.1.4.1.36733.2.1.1.303Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-memory-reservedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-memory-used


Attribute Typesds-mon-jvm-supported-tls-ciphers


Usage userApplicationsDescription Amount of memory used by the Java virtual machineOID 1.3.6.1.4.1.36733.2.1.1.304Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-memory-usedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-supported-tls-ciphers

Origin OpenDJ Directory ServerUsage userApplicationsDescription Transport Layer Security (TLS) cipher suites supported by this Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.309Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-mon-jvm-supported-tls-ciphersOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-supported-tls-protocols


Attribute Typesds-mon-jvm-threads-blocked-count


Usage userApplicationsDescription Transport Layer Security (TLS) protocols supported by this Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.308Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-mon-jvm-supported-tls-protocolsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-threads-blocked-count

Origin OpenDJ Directory ServerUsage userApplicationsDescription Number of threads in the BLOCKED stateOID 1.3.6.1.4.1.36733.2.1.1.403Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-threads-blocked-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-threads-count


Attribute Typesds-mon-jvm-threads-daemon-count


Usage userApplicationsDescription Number of live threads including both daemon and non-daemon threadsOID 1.3.6.1.4.1.36733.2.1.1.407Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-threads-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-threads-daemon-count

Origin OpenDJ Directory ServerUsage userApplicationsDescription Number of live daemon threadsOID 1.3.6.1.4.1.36733.2.1.1.408Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-threads-daemon-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-threads-deadlock-count


Attribute Typesds-mon-jvm-threads-deadlocks


Usage userApplicationsDescription Number of deadlocked threadsOID 1.3.6.1.4.1.36733.2.1.1.409Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-threads-deadlock-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-threads-deadlocks

Origin OpenDJ Directory ServerUsage userApplicationsDescription Diagnostic stack traces for deadlocked threadsOID 1.3.6.1.4.1.36733.2.1.1.410Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames ds-mon-jvm-threads-deadlocksOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-threads-new-count


Attribute Typesds-mon-jvm-threads-runnable-count


Usage userApplicationsDescription Number of threads in the NEW stateOID 1.3.6.1.4.1.36733.2.1.1.401Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-threads-new-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-threads-runnable-count

Origin OpenDJ Directory ServerUsage userApplicationsDescription Number of threads in the RUNNABLE stateOID 1.3.6.1.4.1.36733.2.1.1.402Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-threads-runnable-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-threads-terminated-count


Attribute Typesds-mon-jvm-threads-timed-waiting-count


Usage userApplicationsDescription Number of threads in the TERMINATED stateOID 1.3.6.1.4.1.36733.2.1.1.406Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-threads-terminated-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-threads-timed-waiting-count

Origin OpenDJ Directory ServerUsage userApplicationsDescription Number of threads in the TIMED_WAITING stateOID 1.3.6.1.4.1.36733.2.1.1.405Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-threads-timed-waiting-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-threads-waiting-count


Attribute Typesds-mon-jvm-vendor


Usage userApplicationsDescription Number of threads in the WAITING stateOID 1.3.6.1.4.1.36733.2.1.1.404Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-jvm-threads-waiting-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-vendor

Origin OpenDJ Directory ServerUsage userApplicationsDescription Java virtual machine vendorOID 1.3.6.1.4.1.36733.2.1.1.292Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-jvm-vendorOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-mon-jvm-version


Attribute Typesds-mon-last-seen


Usage userApplicationsDescription Java virtual machine versionOID 1.3.6.1.4.1.36733.2.1.1.291Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-jvm-versionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-mon-last-seen

Origin OpenDJ Directory ServerUsage userApplicationsDescription Time that this server was last seenOID 1.3.6.1.4.1.36733.2.1.1.545Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-mon-last-seenOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-topology-serverSchema File 02-config.ldifSyntax Generalized Time

ds-mon-ldap-hostport


Attribute Typesds-mon-ldap-starttls-hostport


Usage userApplicationsDescription The host and port to connect using LDAP (no support for start TLS)OID 1.3.6.1.4.1.36733.2.1.1.555Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-mon-ldap-hostportOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-topology-serverSchema File 02-config.ldifSyntax Host port

ds-mon-ldap-starttls-hostport

Origin OpenDJ Directory ServerUsage userApplicationsDescription The host and port to connect using LDAP (with support for start TLS)OID 1.3.6.1.4.1.36733.2.1.1.556Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-mon-ldap-starttls-hostportOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-mon-ldaps-hostport


Attribute Typesds-mon-listen-address


Usage userApplicationsDescription The host and port to connect using LDAPSOID 1.3.6.1.4.1.36733.2.1.1.557Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-mon-ldaps-hostportOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-mon-listen-addressOrigin OpenDS Directory ServerUsage userApplicationsDescription Host and portOID 1.3.6.1.4.1.26027.1.1.252Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-mon-listen-addressOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true



ds-mon-lost-connectionsOrigin OpenDJ Directory Server

Attribute Typesds-mon-major-version


Usage userApplicationsDescription Number of times the replica lost its connection to the replication serverOID 1.3.6.1.4.1.36733.2.1.1.488Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-lost-connectionsOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-major-version

Origin OpenDJ Directory ServerUsage userApplicationsDescription Major version number of the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.315Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-major-versionOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-max-connections


Attribute Typesds-mon-minor-version


Usage userApplicationsDescription Maximum number of simultaneous client connections that have been established

with the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.327Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-max-connectionsOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-minor-versionOrigin OpenDJ Directory ServerUsage userApplicationsDescription Minor version number of the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.316Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-minor-versionOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-newest-change-numberOrigin OpenDJ Directory Server

Attribute Typesds-mon-newest-csn-timestamp


Usage userApplicationsDescription Newest change number present in the change number index databaseOID 1.3.6.1.4.1.36733.2.1.1.343Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-newest-change-numberOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-changelogSchema File 02-config.ldifSyntax Integer

ds-mon-newest-csn-timestamp

Origin OpenDJ Directory ServerUsage userApplicationsDescription Timestamp of the newest CSN present in the replica databaseOID 1.3.6.1.4.1.36733.2.1.1.347Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-mon-newest-csn-timestampOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-replica-dbSchema File 02-config.ldifSyntax Generalized Time

ds-mon-newest-csn


Attribute Typesds-mon-oldest-change-number


Usage userApplicationsDescription Newest CSN present in the replica databaseOID 1.3.6.1.4.1.36733.2.1.1.345Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-newest-csnOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-replica-dbSchema File 02-config.ldifSyntax CSN (Change Sequence Number)

ds-mon-oldest-change-numberOrigin OpenDJ Directory ServerUsage userApplicationsDescription Oldest change number present in the change number index databaseOID 1.3.6.1.4.1.36733.2.1.1.342Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-oldest-change-numberOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-changelogSchema File 02-config.ldifSyntax Integer

ds-mon-oldest-csn-timestampOrigin OpenDJ Directory ServerUsage userApplications

Attribute Typesds-mon-oldest-csn


Description Timestamp of the oldest CSN present in the replica databaseOID 1.3.6.1.4.1.36733.2.1.1.346Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-mon-oldest-csn-timestampOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-replica-dbSchema File 02-config.ldifSyntax Generalized Time

ds-mon-oldest-csnOrigin OpenDJ Directory ServerUsage userApplicationsDescription Oldest CSN present in the replica databaseOID 1.3.6.1.4.1.36733.2.1.1.344Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-oldest-csnOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-replica-dbSchema File 02-config.ldifSyntax CSN (Change Sequence Number)

ds-mon-os-architectureOrigin OpenDJ Directory ServerUsage userApplicationsDescription Operating system architecture

Attribute Typesds-mon-os-name


OID 1.3.6.1.4.1.36733.2.1.1.298Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-os-architectureOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-mon-os-nameOrigin OpenDJ Directory ServerUsage userApplicationsDescription Operating system nameOID 1.3.6.1.4.1.36733.2.1.1.296Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-os-nameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-mon-os-versionOrigin OpenDJ Directory ServerUsage userApplicationsDescription Operating system versionOID 1.3.6.1.4.1.36733.2.1.1.297

Attribute Typesds-mon-point-version


Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-os-versionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-mon-point-versionOrigin OpenDJ Directory ServerUsage userApplicationsDescription Point version number of the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.317Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-point-versionOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-process-idOrigin OpenDJ Directory ServerUsage userApplicationsDescription Process ID of the running directory serverOID 1.3.6.1.4.1.36733.2.1.1.544Equality Matching Rule uuidMatch

Attribute Typesds-mon-product-name


Single Value trueNames ds-mon-process-idOrdering Matching Rule uuidOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-topology-serverSchema File 02-config.ldifSyntax UUID

ds-mon-product-nameOrigin OpenDJ Directory ServerUsage userApplicationsDescription Full name of the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.310Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-product-nameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-mon-protocolOrigin OpenDS Directory ServerUsage userApplicationsDescription Network protocolOID 1.3.6.1.4.1.26027.1.1.254Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value true

Attribute Typesds-mon-receive-delay


Names ds-mon-protocolOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true



ds-mon-receive-delayOrigin OpenDJ Directory ServerUsage userApplicationsDescription Current local delay in receiving replicated operationsOID 1.3.6.1.4.1.36733.2.1.1.287Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-current-delay, ds-mon-receive-delayOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-remote-replica, ds-monitor-replicaSchema File 02-config.ldifSyntax Duration in milli-seconds

ds-mon-replay-delayOrigin OpenDJ Directory ServerUsage userApplicationsDescription Current local delay in replaying replicated operationsOID 1.3.6.1.4.1.36733.2.1.1.596Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value true

Attribute Typesds-mon-replayed-updates-conflicts-resolved


Names ds-mon-replay-delayOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-remote-replica, ds-monitor-replicaSchema File 02-config.ldifSyntax Duration in milli-seconds

ds-mon-replayed-updates-conflicts-resolvedOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of updates replayed on this replica for which replication naming conflicts

have been resolvedOID 1.3.6.1.4.1.36733.2.1.1.496Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-replayed-updates-conflicts-resolvedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-replicaSchema File 02-config.ldifSyntax Counter metric

ds-mon-replayed-updates-conflicts-unresolvedOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of updates replayed on this replica for which replication naming conflicts

have not been resolvedOID 1.3.6.1.4.1.36733.2.1.1.497Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatch

Attribute Typesds-mon-replayed-updates


Single Value trueNames ds-mon-replayed-updates-conflicts-unresolvedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-replayed-updatesOrigin OpenDJ Directory ServerUsage userApplicationsDescription Timer for updates that have been replayed on this replicaOID 1.3.6.1.4.1.36733.2.1.1.288Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-replayed-updatesOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-remote-replica, ds-monitor-replicaSchema File 02-config.ldifSyntax Timer metric

ds-mon-replication-domainOrigin OpenDJ Directory ServerUsage userApplicationsDescription The replication domainOID 1.3.6.1.4.1.36733.2.1.1.548Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames ds-mon-replication-domain

Attribute Typesds-mon-replication-protocol-version



true

Used By ds-monitor-topology-serverSchema File 02-config.ldifSyntax DN

ds-mon-replication-protocol-versionOrigin OpenDJ Directory ServerUsage userApplicationsDescription The protocol version used for replicationOID 1.3.6.1.4.1.36733.2.1.1.547Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-replication-protocol-versionOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-topology-serverSchema File 02-config.ldifSyntax Integer

ds-mon-requests-abandonOrigin OpenDJ Directory ServerUsage userApplicationsDescription Abandon request timerOID 1.3.6.1.4.1.36733.2.1.1.256Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-abandonOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Attribute Typesds-mon-requests-add


Used By ds-monitor-ldap-connection-handlerSchema File 02-config.ldifSyntax Timer metric

ds-mon-requests-addOrigin OpenDJ Directory ServerUsage userApplicationsDescription Add request timerOID 1.3.6.1.4.1.36733.2.1.1.257Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-addOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


ds-mon-requests-bindOrigin OpenDJ Directory ServerUsage userApplicationsDescription Bind request timerOID 1.3.6.1.4.1.36733.2.1.1.258Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-bindOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


Attribute Typesds-mon-requests-compare


ds-mon-requests-compareOrigin OpenDJ Directory ServerUsage userApplicationsDescription Compare request timerOID 1.3.6.1.4.1.36733.2.1.1.259Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-compareOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


ds-mon-requests-deleteOrigin OpenDJ Directory ServerUsage userApplicationsDescription Delete request timerOID 1.3.6.1.4.1.36733.2.1.1.260Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-deleteOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-http-connection-handler, ds-monitor-ldap-connection-handlerSchema File 02-config.ldifSyntax Timer metric

ds-mon-requests-extendedOrigin OpenDJ Directory Server

Attribute Typesds-mon-requests-failure-client-invalid-request


Usage userApplicationsDescription Extended request timerOID 1.3.6.1.4.1.36733.2.1.1.261Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-extendedOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


ds-mon-requests-failure-client-invalid-requestOrigin OpenDJ Directory ServerUsage userApplicationsDescription Timer for requests that failed because there was a problem while attempting to

perform the associated operation (associated LDAP result codes: 1, 2, 12, 15, 16,17, 18, 19, 20, 21, 23, 34, 35, 36, 37, 38, 39; associated HTTP status codes: clienterror (4xx) except 401 and 403)

OID 1.3.6.1.4.1.36733.2.1.1.279Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-failure-client-invalid-requestOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


Schema File 02-config.ldifSyntax Timer metric

ds-mon-requests-failure-client-redirectOrigin OpenDJ Directory Server

Attribute Typesds-mon-requests-failure-client-referral


Usage userApplicationsDescription Timer for requests that could not complete because further action is required

(associated HTTP status codes: redirection (3xx))OID 1.3.6.1.4.1.36733.2.1.1.285Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-failure-client-redirectOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-http-connection-handlerSchema File 02-config.ldifSyntax Timer metric

ds-mon-requests-failure-client-referralOrigin OpenDJ Directory ServerUsage userApplicationsDescription Timer for requests that failed because the server did not hold the request targeted

entry (but was able to provide alternative servers that may) (associated LDAPresult code: 10)

OID 1.3.6.1.4.1.36733.2.1.1.282Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-failure-client-referralOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


ds-mon-requests-failure-client-resource-limitOrigin OpenDJ Directory ServerUsage userApplications

Attribute Typesds-mon-requests-failure-client-security


Description Timer for requests that failed because they were trying to exceed the resourcelimits allocated to the associated clients (associated LDAP result codes: time, sizeand admin limit exceeded (respectively 4, 5 and 11)

OID 1.3.6.1.4.1.36733.2.1.1.281Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-failure-client-resource-limitOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


ds-mon-requests-failure-client-securityOrigin OpenDJ Directory ServerUsage userApplicationsDescription Timer for requests that failed for security reasons (associated LDAP result codes:

8, 9, 13, 25, 26, 27; associated HTTP status codes: unauthorized (401) andforbidden (403))

OID 1.3.6.1.4.1.36733.2.1.1.280Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-failure-client-securityOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true



ds-mon-requests-failure-serverOrigin OpenDJ Directory Server

Attribute Typesds-mon-requests-failure-uncategorized


Usage userApplicationsDescription Timer for apparently valid requests that failed because the server was not able to

process them (associated LDAP result codes: busy (51), unavailable (52), unwillingto perform (53) and other (80); associated HTTP status codes: server error (5xx))

OID 1.3.6.1.4.1.36733.2.1.1.283Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-failure-serverOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true



ds-mon-requests-failure-uncategorizedOrigin OpenDJ Directory ServerUsage userApplicationsDescription Timer for requests that failed due to uncategorized reasonsOID 1.3.6.1.4.1.36733.2.1.1.284Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-failure-uncategorizedOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true



ds-mon-requests-getOrigin OpenDJ Directory Server

Attribute Typesds-mon-requests-in-queue


Usage userApplicationsDescription GET request timerOID 1.3.6.1.4.1.36733.2.1.1.271Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-getOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


ds-mon-requests-in-queueOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of requests in the work queue that have not yet been picked up for

processingOID 1.3.6.1.4.1.36733.2.1.1.350Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-requests-in-queueOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-work-queueSchema File 02-config.ldifSyntax Integer

ds-mon-requests-modify-dnOrigin OpenDJ Directory ServerUsage userApplications

Attribute Typesds-mon-requests-modify


Description Modify DN request timerOID 1.3.6.1.4.1.36733.2.1.1.263Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-modify-dnOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


ds-mon-requests-modifyOrigin OpenDJ Directory ServerUsage userApplicationsDescription Modify request timerOID 1.3.6.1.4.1.36733.2.1.1.262Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-modifyOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


ds-mon-requests-patchOrigin OpenDJ Directory ServerUsage userApplicationsDescription PATCH request timerOID 1.3.6.1.4.1.36733.2.1.1.269Equality Matching Rule caseIgnoreJsonQueryMatch

Attribute Typesds-mon-requests-post


Single Value trueNames ds-mon-requests-patchOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


ds-mon-requests-postOrigin OpenDJ Directory ServerUsage userApplicationsDescription POST request timerOID 1.3.6.1.4.1.36733.2.1.1.270Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-postOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


ds-mon-requests-putOrigin OpenDJ Directory ServerUsage userApplicationsDescription PUT request timerOID 1.3.6.1.4.1.36733.2.1.1.272Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-putOrdering Matching Rule octetStringOrderingMatch

Attribute Typesds-mon-requests-rejected-queue-full



true


ds-mon-requests-rejected-queue-fullOrigin OpenDJ Directory ServerUsage userApplicationsDescription Summary for operations that have been rejected because the work queue was

already at its maximum capacityOID 1.3.6.1.4.1.36733.2.1.1.352Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-rejected-queue-fullOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-work-queueSchema File 02-config.ldifSyntax Summary metric

ds-mon-requests-search-baseOrigin OpenDJ Directory ServerUsage userApplicationsDescription Base object search request timerOID 1.3.6.1.4.1.36733.2.1.1.265Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-search-baseOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Attribute Typesds-mon-requests-search-one



ds-mon-requests-search-oneOrigin OpenDJ Directory ServerUsage userApplicationsDescription One level search request timerOID 1.3.6.1.4.1.36733.2.1.1.266Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-search-oneOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


ds-mon-requests-search-subOrigin OpenDJ Directory ServerUsage userApplicationsDescription Subtree search request timerOID 1.3.6.1.4.1.36733.2.1.1.267Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-search-subOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


Attribute Typesds-mon-requests-submitted


ds-mon-requests-submittedOrigin OpenDJ Directory ServerUsage userApplicationsDescription Summary for operations that have been successfully submitted to the work queueOID 1.3.6.1.4.1.36733.2.1.1.351Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-submittedOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-work-queueSchema File 02-config.ldifSyntax Summary metric

ds-mon-requests-unbindOrigin OpenDJ Directory ServerUsage userApplicationsDescription Unbind request timerOID 1.3.6.1.4.1.36733.2.1.1.268Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-unbindOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


ds-mon-requests-uncategorizedOrigin OpenDJ Directory Server

Attribute Typesds-mon-revision


Usage userApplicationsDescription Uncategorized request timerOID 1.3.6.1.4.1.36733.2.1.1.250Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-requests-uncategorizedOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-http-connection-handler, ds-monitor-ldap-connection-handlerSchema File 02-config.ldifSyntax Timer metric

ds-mon-revision

Origin OpenDJ Directory ServerUsage userApplicationsDescription Revision ID in the source repository from which the Directory Server is buildOID 1.3.6.1.4.1.36733.2.1.1.318Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames ds-mon-revisionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-mon-sent-updates


Attribute Typesds-mon-server-id


Description Number of replication updates sent by this replicaOID 1.3.6.1.4.1.36733.2.1.1.498Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-sent-updatesOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-server-idOrigin OpenDJ Directory ServerUsage userApplicationsDescription Server identifierOID 1.3.6.1.4.1.36733.2.1.1.461Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-server-idOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-changelog, ds-monitor-connected-replica, ds-monitor-remote-replica,ds-monitor-replica, ds-monitor-replica-db, ds-monitor-topology-server


ds-mon-server-is-localOrigin ForgeRock Directory ServerUsage userApplications

Attribute Typesds-mon-server-state


Description Indicates whether this is the topology server that has handled the monitoringrequest

OID 1.3.6.1.4.1.36733.2.1.1.622Equality Matching Rule booleanMatchSingle Value trueNames ds-mon-server-is-localUser ModificationAllowed

true

Used By ds-monitor-topology-serverSchema File 02-config.ldifSyntax Boolean

ds-mon-server-stateOrigin OpenDJ Directory ServerUsage userApplicationsDescription Replication server stateOID 1.3.6.1.4.1.36733.2.1.1.469Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-mon-server-stateOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-connected-changelogSchema File 02-config.ldifSyntax CSN (Change Sequence Number)

ds-mon-short-nameOrigin OpenDJ Directory ServerUsage userApplicationsDescription Short name of the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.311

Attribute Typesds-mon-ssl-encryption


Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-short-nameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-mon-ssl-encryption

Origin OpenDJ Directory ServerUsage userApplicationsDescription Whether SSL encryption is used when exchanging messages with this serverOID 1.3.6.1.4.1.36733.2.1.1.493Equality Matching Rule booleanMatchSingle Value trueNames ds-mon-ssl-encryptionUser ModificationAllowed

true

Used By ds-monitor-connected-changelog, ds-monitor-connected-replica, ds-monitor-replicaSchema File 02-config.ldifSyntax Boolean

ds-mon-start-time

Origin OpenDJ Directory ServerUsage userApplicationsDescription Start date and time for the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.323Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatch

Attribute Typesds-mon-status-last-changed


Single Value trueNames ds-mon-start-timeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-serverSchema File 02-config.ldifSyntax Generalized Time

ds-mon-status-last-changedOrigin OpenDJ Directory ServerUsage userApplicationsDescription Last date and time the replication status of the local replica changedOID 1.3.6.1.4.1.36733.2.1.1.506Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-mon-status-last-changedOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-replicaSchema File 02-config.ldifSyntax Generalized Time

ds-mon-statusOrigin OpenDJ Directory ServerUsage userApplicationsDescription Replication status of the local replica, can either be "Invalid", "Not connected",

"Normal", "Degraded", "Full update", "Bad generation id"OID 1.3.6.1.4.1.36733.2.1.1.505Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatch

Attribute Typesds-mon-system-name


Single Value trueNames ds-mon-statusOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-mon-system-nameOrigin OpenDJ Directory ServerUsage userApplicationsDescription Fully qualified domain name of the system where the Directory Server is runningOID 1.3.6.1.4.1.36733.2.1.1.300Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-system-nameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-mon-total-connectionsOrigin OpenDJ Directory ServerUsage userApplicationsDescription Total number of client connections that have been established with the Directory

Server since it startedOID 1.3.6.1.4.1.36733.2.1.1.328Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatch

Attribute Typesds-mon-total-update-entry-count


Single Value trueNames ds-mon-total-connectionsOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-total-update-entry-count

Origin OpenDS Directory ServerUsage userApplicationsDescription The total number of entries to be processed when a total update is in progressOID 1.3.6.1.4.1.36733.2.1.1.540Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-total-update-entry-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-total-update-entry-left

Origin OpenDS Directory ServerUsage userApplicationsDescription The number of entries still to be processed when a total update is in progressOID 1.3.6.1.4.1.36733.2.1.1.541Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatch

Attribute Typesds-mon-total-update


Single Value trueNames ds-mon-total-update-entry-leftOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-total-updateOrigin OpenDJ Directory ServerUsage userApplicationsDescription The type of total update when it is in progress. Possible values: import or exportOID 1.3.6.1.4.1.36733.2.1.1.539Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-total-updateOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-mon-updates-inbound-queueOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of remote updates received from the replication server but not replayed

yet on this replicaInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.1.1.501Substring Matching Rule caseExactSubstringsMatch

Attribute Typesds-mon-updates-outbound-queue


Equality Matching Rule integerMatchSingle Value trueNames ds-mon-updates-inbound-queueOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-updates-outbound-queueOrigin OpenDJ Directory ServerUsage userApplicationsDescription Number of local updates that are waiting to be sent to the replication server once

they completeInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.1.1.499Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-mon-updates-outbound-queueOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-mon-updates-totals-per-replay-threadOrigin OpenDJ Directory ServerUsage userApplicationsDescription JSON array of the number of updates replayed per replay threadInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.

Attribute Typesds-mon-vendor-name


OID 1.3.6.1.4.1.36733.2.1.1.502Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames ds-mon-updates-totals-per-replay-threadOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By ds-monitor-replicaSchema File 02-config.ldifSyntax Json

ds-mon-vendor-nameOrigin OpenDJ Directory ServerUsage userApplicationsDescription Vendor name of the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.312Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-vendor-nameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-mon-version-qualifierOrigin OpenDJ Directory ServerUsage userApplicationsDescription Version qualifier of the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.320Substring Matching Rule caseIgnoreSubstringsMatch

Attribute Typesds-mon-working-directory


Equality Matching Rule caseIgnoreMatchSingle Value trueNames ds-mon-version-qualifierOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-mon-working-directory

Origin OpenDJ Directory ServerUsage userApplicationsDescription Current working directory of the user running the Directory ServerOID 1.3.6.1.4.1.36733.2.1.1.295Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames ds-mon-working-directoryOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-private-naming-contextsHolds the DNs that constitute the set of private naming contexts registered with the server, not forexternal use by applications.

Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.246

Attribute Typesds-privilege-name


Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames ds-private-naming-contextsUser ModificationAllowed

true


ds-privilege-nameHolds an administrative privilege. See the directory server documentation for details.

Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.260Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-privilege-nameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-pwp-account-disabledTRUE if the user's account has been disabled by an administrator.

Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.166Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-account-disabled

Attribute Typesds-pwp-account-expiration-time



true

Schema File 02-config.ldifSyntax Boolean

ds-pwp-account-expiration-timeIndicates when a temporary account expires, after which it can no longer be used to authenticate.

Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.237Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-pwp-account-expiration-timeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

true

Schema File 02-config.ldifSyntax Generalized Time

ds-pwp-account-status-notification-handler

Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.562Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-pwp-account-status-notification-handlerOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-pwp-password-policy

Attribute Typesds-pwp-allow-expired-password-changes


Schema File 03-pwpolicyextension.ldifSyntax Directory String

ds-pwp-allow-expired-password-changesOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.563Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-allow-expired-password-changesUser ModificationAllowed

true

Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Boolean

ds-pwp-allow-multiple-password-valuesOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.564Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-allow-multiple-password-valuesUser ModificationAllowed

true


ds-pwp-allow-pre-encoded-passwordsOrigin ForgeRock Directory Server

Attribute Typesds-pwp-allow-user-password-changes


Usage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.565Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-allow-pre-encoded-passwordsUser ModificationAllowed

true


ds-pwp-allow-user-password-changesOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.612Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-allow-user-password-changesUser ModificationAllowed

true


ds-pwp-attribute-value-check-substringsOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.600Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-attribute-value-check-substringsUser ModificationAllowed

true

Attribute Typesds-pwp-attribute-value-match-attribute


Used By ds-pwp-attribute-value-validatorSchema File 03-pwpolicyextension.ldifSyntax Boolean

ds-pwp-attribute-value-match-attribute

Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.592Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value false: multiple values allowedNames ds-pwp-attribute-value-match-attributeUser ModificationAllowed

true

Used By ds-pwp-attribute-value-validatorSchema File 03-pwpolicyextension.ldifSyntax OID

ds-pwp-attribute-value-min-substring-length

Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.601Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-pwp-attribute-value-min-substring-lengthOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-pwp-attribute-value-validatorSchema File 03-pwpolicyextension.ldifSyntax Integer

Attribute Typesds-pwp-attribute-value-test-reversed-password


ds-pwp-attribute-value-test-reversed-passwordOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.602Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-attribute-value-test-reversed-passwordUser ModificationAllowed

true

Used By ds-pwp-attribute-value-validatorSchema File 03-pwpolicyextension.ldifSyntax Boolean

ds-pwp-character-set-allow-unclassified-charactersOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.595Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-character-set-allow-unclassified-charactersUser ModificationAllowed

true

Used By ds-pwp-character-set-validatorSchema File 03-pwpolicyextension.ldifSyntax Boolean

ds-pwp-character-set-character-set-rangesOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.594Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatch

Attribute Typesds-pwp-character-set-character-set


Single Value false: multiple values allowedNames ds-pwp-character-set-character-set-rangesOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-pwp-character-set-validatorSchema File 03-pwpolicyextension.ldifSyntax Directory String

ds-pwp-character-set-character-setOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.598Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames ds-pwp-character-set-character-setOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-pwp-character-set-validatorSchema File 03-pwpolicyextension.ldifSyntax Directory String

ds-pwp-character-set-min-character-setsOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.593Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-pwp-character-set-min-character-setsOrdering Matching Rule integerOrderingMatch

Attribute Typesds-pwp-default-password-storage-scheme



true

Used By ds-pwp-character-set-validatorSchema File 03-pwpolicyextension.ldifSyntax Integer

ds-pwp-default-password-storage-schemeOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.561Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-pwp-default-password-storage-schemeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Directory String

ds-pwp-deprecated-password-storage-schemeOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.566Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-pwp-deprecated-password-storage-schemeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


Attribute Typesds-pwp-dictionary-case-sensitive-validation



ds-pwp-dictionary-case-sensitive-validationOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.597Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-dictionary-case-sensitive-validationUser ModificationAllowed

true

Used By ds-pwp-dictionary-validatorSchema File 03-pwpolicyextension.ldifSyntax Boolean

ds-pwp-dictionary-check-substringsOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.589Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-dictionary-check-substringsUser ModificationAllowed

true


ds-pwp-dictionary-dataOrigin ForgeRock Directory Server

Attribute Typesds-pwp-dictionary-min-substring-length


Usage userApplicationsDescription Gzip commpressed dictionary, one word per lineOID 1.3.6.1.4.1.36733.2.1.1.588Equality Matching Rule octetStringMatchSingle Value trueNames ds-pwp-dictionary-dataOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By ds-pwp-dictionary-validatorSchema File 03-pwpolicyextension.ldifSyntax Octet String

ds-pwp-dictionary-min-substring-length

Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.590Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-pwp-dictionary-min-substring-lengthOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-pwp-dictionary-validatorSchema File 03-pwpolicyextension.ldifSyntax Integer

ds-pwp-dictionary-test-reversed-password

Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.591

Attribute Typesds-pwp-expire-passwords-without-warning


Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-dictionary-test-reversed-passwordUser ModificationAllowed

true


ds-pwp-expire-passwords-without-warningOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.567Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-expire-passwords-without-warningUser ModificationAllowed

true


ds-pwp-force-change-on-addOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.568Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-force-change-on-addUser ModificationAllowed

true

Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldif

Attribute Typesds-pwp-force-change-on-reset


Syntax Boolean

ds-pwp-force-change-on-resetOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.611Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-force-change-on-resetUser ModificationAllowed

true


ds-pwp-grace-login-countOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.608Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-pwp-grace-login-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Integer

ds-pwp-idle-lockout-intervalOrigin ForgeRock Directory Server

Attribute Typesds-pwp-last-login-time-attribute


Usage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.569Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-pwp-idle-lockout-intervalOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-pwp-last-login-time-attribute

Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.570Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value trueNames ds-pwp-last-login-time-attributeUser ModificationAllowed

true

Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax OID

ds-pwp-last-login-time-format

Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.571Substring Matching Rule caseIgnoreSubstringsMatch

Attribute Typesds-pwp-last-login-time


Equality Matching Rule caseExactMatchSingle Value trueNames ds-pwp-last-login-time-formatOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax IA5 String

ds-pwp-last-login-timeHolds a timestamp of the last successful bind.

Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.162Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-pwp-last-login-timeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-pwp-length-based-max-password-lengthOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.580Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value true

Attribute Typesds-pwp-length-based-min-password-length


Names ds-pwp-length-based-max-password-lengthOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-pwp-length-based-validatorSchema File 03-pwpolicyextension.ldifSyntax Integer

ds-pwp-length-based-min-password-length

Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.581Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-pwp-length-based-min-password-lengthOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-pwp-length-based-validatorSchema File 03-pwpolicyextension.ldifSyntax Integer

ds-pwp-lockout-duration

Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.609Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-pwp-lockout-durationOrdering Matching Rule caseIgnoreOrderingMatch

Attribute Typesds-pwp-lockout-failure-count



true


ds-pwp-lockout-failure-countOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.610Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-pwp-lockout-failure-countOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-pwp-lockout-failure-expiration-intervalOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.614Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-pwp-lockout-failure-expiration-intervalOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


Attribute Typesds-pwp-max-password-age



ds-pwp-max-password-age

Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.605Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-pwp-max-password-ageOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-pwp-max-password-reset-age

Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.572Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-pwp-max-password-reset-ageOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


Attribute Typesds-pwp-min-password-age


ds-pwp-min-password-age

Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.604Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-pwp-min-password-ageOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-pwp-password-attribute

Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.603Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value trueNames ds-pwp-password-attributeUser ModificationAllowed

true

Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax OID

ds-pwp-password-change-requires-current-password

Origin ForgeRock Directory Server

Attribute Typesds-pwp-password-changed-by-required-time


Usage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.613Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-password-change-requires-current-passwordUser ModificationAllowed

true


ds-pwp-password-changed-by-required-timeIndicates whether the user's password was changed as required by the password policy.

Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.163Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-pwp-password-changed-by-required-timeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

true


ds-pwp-password-expiration-timeIndicates when the password for the current entry expires.

Origin OpenDJ Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.36733.2.1.1.60Substring Matching Rule caseIgnoreSubstringsMatch

Attribute Typesds-pwp-password-expiration-warning-interval


Equality Matching Rule generalizedTimeMatchSingle Value trueNames ds-pwp-password-expiration-time, pwdExpirationTimeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

false


ds-pwp-password-expiration-warning-intervalOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.607Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-pwp-password-expiration-warning-intervalOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-pwp-password-history-countOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.606Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-pwp-password-history-countOrdering Matching Rule integerOrderingMatch

Attribute Typesds-pwp-password-history-duration



true


ds-pwp-password-history-duration

Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.579Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-pwp-password-history-durationOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-pwp-password-policy-dnPointer to the entry holding the password policy for the current entry.

Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.244Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames ds-pwp-password-policy-dnUser ModificationAllowed

true

Attribute Typesds-pwp-previous-last-login-time-format



ds-pwp-previous-last-login-time-format

Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.573Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-pwp-previous-last-login-time-formatOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-pwp-random-password-character-set

Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.582Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames ds-pwp-random-password-character-setOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-pwp-random-generatorSchema File 03-pwpolicyextension.ldifSyntax Directory String

Attribute Typesds-pwp-random-password-format


ds-pwp-random-password-formatOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.583Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-pwp-random-password-formatOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ds-pwp-random-generatorSchema File 03-pwpolicyextension.ldifSyntax Directory String

ds-pwp-repeated-characters-case-sensitive-validationOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.587Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-repeated-characters-case-sensitive-validationUser ModificationAllowed

true

Used By ds-pwp-repeated-characters-validatorSchema File 03-pwpolicyextension.ldifSyntax Boolean

ds-pwp-repeated-characters-max-consecutive-lengthOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.586

Attribute Typesds-pwp-require-change-by-time


Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-pwp-repeated-characters-max-consecutive-lengthOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-pwp-repeated-characters-validatorSchema File 03-pwpolicyextension.ldifSyntax Integer

ds-pwp-require-change-by-timeOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.574Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-pwp-require-change-by-timeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

true

Used By ds-pwp-password-policySchema File 03-pwpolicyextension.ldifSyntax Generalized Time

ds-pwp-require-secure-authenticationOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.575Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-require-secure-authentication

Attribute Typesds-pwp-require-secure-password-changes



true


ds-pwp-require-secure-password-changesOrigin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.576Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-require-secure-password-changesUser ModificationAllowed

true


ds-pwp-reset-timeIndicates when the user's password was reset.

Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.164Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-pwp-reset-timeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

true


Attribute Typesds-pwp-similarity-based-min-password-difference


ds-pwp-similarity-based-min-password-difference

Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.584Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-pwp-similarity-based-min-password-differenceOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-pwp-similarity-based-validatorSchema File 03-pwpolicyextension.ldifSyntax Integer

ds-pwp-skip-validation-for-administrators

Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.577Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-skip-validation-for-administratorsUser ModificationAllowed

true


ds-pwp-state-update-failure-policy

Origin ForgeRock Directory ServerUsage userApplications

Attribute Typesds-pwp-unique-characters-case-sensitive-validation


OID 1.3.6.1.4.1.36733.2.1.1.578Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-pwp-state-update-failure-policyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-pwp-unique-characters-case-sensitive-validation

Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.599Equality Matching Rule booleanMatchSingle Value trueNames ds-pwp-unique-characters-case-sensitive-validationUser ModificationAllowed

true

Used By ds-pwp-unique-characters-validatorSchema File 03-pwpolicyextension.ldifSyntax Boolean

ds-pwp-unique-characters-min-unique-characters

Origin ForgeRock Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.36733.2.1.1.585Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value true

Attribute Typesds-pwp-warned-time


Names ds-pwp-unique-characters-min-unique-charactersOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ds-pwp-unique-characters-validatorSchema File 03-pwpolicyextension.ldifSyntax Integer

ds-pwp-warned-timeIndicates when the user was first warned about an expiring password.

Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.165Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames ds-pwp-warned-timeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

true


ds-rlim-cursor-entry-limitOrigin OpenDJ Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.36733.2.1.1.349Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-rlim-cursor-entry-limitOrdering Matching Rule integerOrderingMatch

Attribute Typesds-rlim-idle-time-limit



true


ds-rlim-idle-time-limitSets the maximum time the server allows the user to hold an idle connection open.

Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.394Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-rlim-idle-time-limitOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-rlim-lookthrough-limitSets the maximum number of entries the server considers when processing a search by the user.

Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.241Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-rlim-lookthrough-limitOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Attribute Typesds-rlim-size-limit



ds-rlim-size-limitSets the maximum number of entries returned for a search by the user.

Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.116Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-rlim-size-limitOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


ds-rlim-time-limitSets the maximum server processing time for a search by the user.

Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.117Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ds-rlim-time-limitOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


Attribute Typesds-sync-conflict


ds-sync-conflictFor an entry resulting from a replication conflict, holds the DN that the entry would have had withoutthe conflict.

Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.317Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames ds-sync-conflictUser ModificationAllowed

true


ds-sync-fractional-excludeIndicates which attributes to exclude in fractional replication.

Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.589Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-sync-fractional-excludeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-sync-fractional-includeIndicates which attributes to include in fractional replication.

Attribute Typesds-sync-generation-id


Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.588Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-sync-fractional-includeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-sync-generation-idHolds the replication generation ID for a backend.

Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.405Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ds-sync-generation-idOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-sync-histHolds historical information for replication.

Origin OpenDS Directory ServerUsage directoryOperation

Attribute Typesds-sync-state


OID 1.3.6.1.4.1.26027.1.1.119Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames ds-sync-histOrdering Matching Rule historicalCsnOrderingMatchUser ModificationAllowed

false

Schema File 02-config.ldifSyntax Octet String

ds-sync-stateHolds replication state information for a backend.

Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.185Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ds-sync-stateOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ds-target-group-dnPointer to a group to be shown as a virtual static group.

Origin OpenDS Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.26027.1.1.292Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatch

Attribute TypesdSAQuality


Single Value trueNames ds-target-group-dnUser ModificationAllowed

true

Used By ds-virtual-static-groupSchema File 02-config.ldifSyntax DN

dSAQualityDirectory administrators can use this attribute to indicate the quality (availability) of this DirectorySystem Agent (DSA).

Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.49Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames dSAQualityOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By pilotDSA, qualityLabelledDataSchema File 00-core.ldifSyntax Directory String

emailAddressOrigin RFC 2985Usage userApplicationsDescription represents the email address part of an X.509 certificateOID 1.2.840.113549.1.9.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowed



Attribute TypesemployeeNumber


Names emailAddressOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


employeeNumberIdentifier that depends on the organization. It often reflects the order of hire or association with theorganization.

Origin RFC 2798Usage userApplicationsDescription numerically identifies an employee within an organizationOID 2.16.840.1.113730.3.1.3Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames employeeNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


employeeTypeIdentifier for the employee to employer relationship, such as Employee, Contractor, or Temp. The valuesused depend on the classification of employees.

Origin RFC 2798Usage userApplicationsDescription type of employment for a personOID 2.16.840.1.113730.3.1.4



Attribute TypesenhancedSearchGuide


Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames employeeTypeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


enhancedSearchGuideSets of information used by directory clients when constructing search filters.

Examples: person#(sn$APPROX)#wholeSubtree, organizationalUnit#(ou$SUBSTR)#oneLevel

Origin RFC 4519Usage userApplicationsOID 2.5.4.47Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames enhancedSearchGuideOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Schema File 00-core.ldifSyntax Enhanced Guide

entryDNAn entry's distinguished name is not an attribute of the entry.

This operational attribute makes it possible to perform attribute value assertions against the DN ofthe entry, enabling operations such as LDAP compare and LDAP search.

Origin RFC 5020Usage directoryOperation



Attribute TypesentryUUID


Description DN of the entryOID 1.3.6.1.1.20Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames entryDNUser ModificationAllowed

false


entryUUIDHolds a Universally Unique Identifier (UUID) assigned to the entry.

The server generates the value of this operational attribute when adding the entry to the directory.

A UUID is a 16-octet (128-bit) string, constrained to the namespace specified in RFC 4122, andencoded using the ASCII representation.

Example: 597ae2f6-16a6-1027-98f4-d28b5365dc14.

Origin RFC 4530Usage directoryOperationDescription UUID of the entryOID 1.3.6.1.1.16.4Equality Matching Rule uuidMatchSingle Value trueNames entryUUIDOrdering Matching Rule uuidOrderingMatchUser ModificationAllowed

false

Schema File 00-core.ldifSyntax UUID

etagSpecifies an entity tag suitable for external use when comparing two versions of an entry.



Attribute TypesfacsimileTelephoneNumber


Origin OpenDJ Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.36733.2.1.1.59Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames etagOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

false


facsimileTelephoneNumberFax phone number, such as +1 415 555 1212 or +1 415 555 1212$fineResolution.

Origin RFC 4519Usage userApplicationsOID 2.5.4.23Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames facsimileTelephoneNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


Schema File 00-core.ldifSyntax Facsimile Telephone Number

firstChangeNumberHolds the oldest change number in the changelog.


Attribute TypesfollowReferrals


Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.593Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames firstChangeNumberOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Schema File 00-core.ldifSyntax Integer

followReferrals

Origin RFC 4876Usage userApplicationsDescription An agent or service does or should follow referralsOID 1.3.6.1.4.1.11.1.3.1.1.5Equality Matching Rule booleanMatchSingle Value trueNames followReferralsUser ModificationAllowed

true

Used By DUAConfigProfileSchema File 05-rfc4876.ldifSyntax Boolean

fr-idm-accountStatus

Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.14


Attribute Typesfr-idm-cluster-json


Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames fr-idm-accountStatusOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By fr-idm-managed-user-explicitSchema File 60-repo-schema.ldifSyntax Directory String

fr-idm-cluster-json

Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.24Equality Matching Rule caseIgnoreJsonQueryMatchClusterObjectSingle Value false: multiple values allowedNames fr-idm-cluster-jsonOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By fr-idm-cluster-objSchema File 60-repo-schema.ldifSyntax Json

fr-idm-condition

Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.35Substring Matching Rule caseIgnoreSubstringsMatch

Attribute Typesfr-idm-consentedMapping


Equality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames fr-idm-conditionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By fr-idm-internal-roleSchema File 60-repo-schema.ldifSyntax Directory String

fr-idm-consentedMapping

Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.23Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames fr-idm-consentedMappingOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By fr-idm-managed-user-explicitSchema File 60-repo-schema.ldifSyntax Json

fr-idm-custom-attrs

Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.66Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value true

Attribute Typesfr-idm-effectiveAssignment


Names fr-idm-custom-attrsOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By fr-idm-hybrid-objSchema File 60-repo-schema.ldifSyntax Json

fr-idm-effectiveAssignment

Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.16Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames fr-idm-effectiveAssignmentOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


fr-idm-effectiveRole

Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.15Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames fr-idm-effectiveRoleOrdering Matching Rule octetStringOrderingMatch

Attribute Typesfr-idm-internal-role-authzmembers-internal-user



true


fr-idm-internal-role-authzmembers-internal-userUsage userApplicationsDescription Reference to an internal users internal user authzmembersInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.77Equality Matching Rule nameAndOptionalCaseIgnoreJsonIdEqualityMatchSingle Value false: multiple values allowedNames fr-idm-internal-role-authzmembers-internal-userOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By fr-idm-internal-roleSchema File 60-repo-schema.ldifSyntax Name and Optional JSON

fr-idm-internal-role-authzmembers-managed-userUsage userApplicationsDescription Reference to an internal roles managed user authzmembersInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.76Equality Matching Rule nameAndOptionalCaseIgnoreJsonIdEqualityMatchSingle Value false: multiple values allowedNames fr-idm-internal-role-authzmembers-managed-userOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By fr-idm-internal-role

Attribute Typesfr-idm-internal-user-authzroles-internal-role


Schema File 60-repo-schema.ldifSyntax Name and Optional JSON

fr-idm-internal-user-authzroles-internal-role

Usage userApplicationsDescription Reference to an internal users internal role authzrolesInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.75Equality Matching Rule nameAndOptionalCaseIgnoreJsonIdEqualityMatchSingle Value false: multiple values allowedNames fr-idm-internal-user-authzroles-internal-roleOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By fr-idm-internal-userSchema File 60-repo-schema.ldifSyntax Name and Optional JSON

fr-idm-internal-user-authzroles-managed-role

Usage userApplicationsDescription Reference to an internal users managed role authzrolesInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.74Equality Matching Rule nameAndOptionalCaseIgnoreJsonIdEqualityMatchSingle Value false: multiple values allowedNames fr-idm-internal-user-authzroles-managed-roleOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By fr-idm-internal-userSchema File 60-repo-schema.ldifSyntax Name and Optional JSON

Attribute Typesfr-idm-json


fr-idm-jsonOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.10Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames fr-idm-jsonOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By fr-idm-generic-objSchema File 60-repo-schema.ldifSyntax Json

fr-idm-kbaInfoOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.17Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames fr-idm-kbaInfoOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


fr-idm-lastSyncOrigin OpenIDM DSRepoService

Attribute Typesfr-idm-link-firstid-constraint


Usage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.18Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames fr-idm-lastSyncOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


fr-idm-link-firstid-constraintOrigin OpenIDM DSRepoServiceUsage userApplicationsDescription A attribute used to support a unique constraint on the set of fr-idm-link-type, fr-

idm-link-qualifier, fr-idm-link-firstidInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.81Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames fr-idm-link-firstid-constraintOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By fr-idm-linkSchema File 60-repo-schema.ldifSyntax Directory String

fr-idm-link-firstidOrigin OpenIDM DSRepoService

Attribute Typesfr-idm-link-qualifier


Usage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.6Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames fr-idm-link-firstidOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


fr-idm-link-qualifierOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.5Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames fr-idm-link-qualifierOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


fr-idm-link-secondid-constraintOrigin OpenIDM DSRepoServiceUsage userApplications

Attribute Typesfr-idm-link-secondid


Description A attribute used to support a unique constraint on the set of fr-idm-link-type, fr-idm-link-qualifier, fr-idm-link-secondid

Interface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.82Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames fr-idm-link-secondid-constraintOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


fr-idm-link-secondidOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.7Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames fr-idm-link-secondidOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


fr-idm-link-typeOrigin OpenIDM DSRepoService

Attribute Typesfr-idm-lock-nodeid


Usage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.4Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames fr-idm-link-typeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


fr-idm-lock-nodeid

Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.32Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-lock-nodeidOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By fr-idm-lockSchema File 60-repo-schema.ldifSyntax Directory String

fr-idm-managed-assignment-json

Origin OpenIDM DSRepoService

Attribute Typesfr-idm-managed-role-assignments


Usage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.72Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames fr-idm-managed-assignment-jsonOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By fr-idm-managed-assignmentSchema File 60-repo-schema.ldifSyntax Json

fr-idm-managed-role-assignments

Usage userApplicationsDescription Reference to a roles assignmentsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.70Equality Matching Rule nameAndOptionalCaseIgnoreJsonIdEqualityMatchSingle Value false: multiple values allowedNames fr-idm-managed-role-assignmentsOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By fr-idm-managed-roleSchema File 60-repo-schema.ldifSyntax Name and Optional JSON

fr-idm-managed-role-json

Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.

Attribute Typesfr-idm-managed-user-authzroles-internal-role


OID 1.3.6.1.4.1.36733.2.3.1.25Equality Matching Rule caseIgnoreJsonQueryMatchManagedRoleSingle Value trueNames fr-idm-managed-role-jsonOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By fr-idm-managed-roleSchema File 60-repo-schema.ldifSyntax Json

fr-idm-managed-user-authzroles-internal-role

Usage userApplicationsDescription Reference to a users internal roles authzrolesInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.78Equality Matching Rule nameAndOptionalCaseIgnoreJsonIdEqualityMatchSingle Value false: multiple values allowedNames fr-idm-managed-user-authzroles-internal-roleOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By fr-idm-managed-user, fr-idm-managed-user-explicitSchema File 60-repo-schema.ldifSyntax Name and Optional JSON

fr-idm-managed-user-authzroles-managed-role

Usage userApplicationsDescription Reference to a users managed role authzrolesInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.79Equality Matching Rule nameAndOptionalCaseIgnoreJsonIdEqualityMatch

Attribute Typesfr-idm-managed-user-custom-attrs


Single Value false: multiple values allowedNames fr-idm-managed-user-authzroles-managed-roleOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


fr-idm-managed-user-custom-attrs

Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.67Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames fr-idm-managed-user-custom-attrsOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By fr-idm-managed-user-hybrid-objSchema File 60-repo-schema.ldifSyntax Json

fr-idm-managed-user-json

Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.13Equality Matching Rule caseIgnoreJsonQueryMatchManagedUserSingle Value trueNames fr-idm-managed-user-json

Attribute Typesfr-idm-managed-user-manager


Ordering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By fr-idm-managed-userSchema File 60-repo-schema.ldifSyntax Json

fr-idm-managed-user-managerUsage userApplicationsDescription Reference to a users managerInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.69Equality Matching Rule nameAndOptionalCaseIgnoreJsonIdEqualityMatchSingle Value trueNames fr-idm-managed-user-managerOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


fr-idm-managed-user-metaUsage userApplicationsDescription Reference to a users internal user metaInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.71Equality Matching Rule nameAndOptionalCaseIgnoreJsonIdEqualityMatchSingle Value false: multiple values allowedNames fr-idm-managed-user-metaOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Attribute Typesfr-idm-managed-user-notifications



fr-idm-managed-user-notifications

Usage userApplicationsDescription Reference to a users internal notificationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.73Equality Matching Rule nameAndOptionalCaseIgnoreJsonIdEqualityMatchSingle Value false: multiple values allowedNames fr-idm-managed-user-notificationsOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


fr-idm-managed-user-roles

Usage userApplicationsDescription Reference to a users rolesInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.68Equality Matching Rule nameAndOptionalCaseIgnoreJsonIdEqualityMatchSingle Value false: multiple values allowedNames fr-idm-managed-user-rolesOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By fr-idm-managed-user, fr-idm-managed-user-explicitSchema File 60-repo-schema.ldif

Attribute Typesfr-idm-name


Syntax Name and Optional JSON

fr-idm-name

Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.34Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames fr-idm-nameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By fr-idm-internal-roleSchema File 60-repo-schema.ldifSyntax Directory String

fr-idm-notification-json

Origin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.80Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames fr-idm-notification-jsonOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By fr-idm-notificationSchema File 60-repo-schema.ldifSyntax Json

Attribute Typesfr-idm-password


fr-idm-passwordOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.8Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames fr-idm-passwordOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By fr-idm-internal-user, fr-idm-managed-user-explicitSchema File 60-repo-schema.ldifSyntax Json

fr-idm-preferencesOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.19Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames fr-idm-preferencesOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


fr-idm-privilegeOrigin OpenIDM DSRepoService

Attribute Typesfr-idm-recon-id


Usage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.33Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames fr-idm-privilegeOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By fr-idm-internal-roleSchema File 60-repo-schema.ldifSyntax Json

fr-idm-recon-idOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.11Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames fr-idm-recon-idOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By fr-idm-recon-clusteredTargetIdsSchema File 60-repo-schema.ldifSyntax Directory String

fr-idm-recon-targetIdsOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.

Attribute Typesfr-idm-reconassoc-finishtime


OID 1.3.6.1.4.1.36733.2.3.1.12Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames fr-idm-recon-targetIdsOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By fr-idm-recon-clusteredTargetIdsSchema File 60-repo-schema.ldifSyntax Json

fr-idm-reconassoc-finishtimeOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.53Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassoc-finishtimeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By fr-idm-reconassocSchema File 60-repo-schema.ldifSyntax Directory String

fr-idm-reconassoc-isanalysisOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.52Substring Matching Rule caseIgnoreSubstringsMatch

Attribute Typesfr-idm-reconassoc-mapping


Equality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassoc-isanalysisOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


fr-idm-reconassoc-mappingOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.48Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassoc-mappingOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


fr-idm-reconassoc-reconidOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.49Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatch

Attribute Typesfr-idm-reconassoc-sourceresourcecollection


Single Value trueNames fr-idm-reconassoc-reconidOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


fr-idm-reconassoc-sourceresourcecollectionOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.50Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassoc-sourceresourcecollectionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


fr-idm-reconassoc-targetresourcecollectionOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.51Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value true

Attribute Typesfr-idm-reconassocentry-action


Names fr-idm-reconassoc-targetresourcecollectionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


fr-idm-reconassocentry-actionOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.56Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassocentry-actionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By fr-idm-reconassocentrySchema File 60-repo-schema.ldifSyntax Directory String

fr-idm-reconassocentry-ambiguoustargetobjectidsOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.65Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassocentry-ambiguoustargetobjectids

Attribute Typesfr-idm-reconassocentry-exception



true


fr-idm-reconassocentry-exceptionOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.62Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassocentry-exceptionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


fr-idm-reconassocentry-linkqualifierOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.58Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassocentry-linkqualifierOrdering Matching Rule caseIgnoreOrderingMatch

Attribute Typesfr-idm-reconassocentry-message



true


fr-idm-reconassocentry-messageOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.63Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassocentry-messageOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


fr-idm-reconassocentry-messagedetailOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.64Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value trueNames fr-idm-reconassocentry-messagedetailOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Attribute Typesfr-idm-reconassocentry-phase


Used By fr-idm-reconassocentrySchema File 60-repo-schema.ldifSyntax Json

fr-idm-reconassocentry-phaseOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.57Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassocentry-phaseOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


fr-idm-reconassocentry-reconidOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.54Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassocentry-reconidOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By fr-idm-reconassocentry

Attribute Typesfr-idm-reconassocentry-situation


Schema File 60-repo-schema.ldifSyntax Directory String

fr-idm-reconassocentry-situationOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.55Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassocentry-situationOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


fr-idm-reconassocentry-sourceobjectidOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.59Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassocentry-sourceobjectidOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By fr-idm-reconassocentrySchema File 60-repo-schema.ldif

Attribute Typesfr-idm-reconassocentry-status



fr-idm-reconassocentry-statusOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.61Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassocentry-statusOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


fr-idm-reconassocentry-targetobjectidOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.60Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-reconassocentry-targetobjectidOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


Attribute Typesfr-idm-relationship-json


fr-idm-relationship-jsonOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.26Equality Matching Rule caseIgnoreJsonQueryMatchRelationshipSingle Value trueNames fr-idm-relationship-jsonOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By fr-idm-relationshipSchema File 60-repo-schema.ldifSyntax Json

fr-idm-roleOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.9Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames fr-idm-roleOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


fr-idm-syncqueue-contextOrigin OpenIDM DSRepoService

Attribute Typesfr-idm-syncqueue-createdate


Usage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.43Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames fr-idm-syncqueue-contextOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By fr-idm-syncqueueSchema File 60-repo-schema.ldifSyntax Json

fr-idm-syncqueue-createdateOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.47Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-syncqueue-createdateOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By fr-idm-syncqueueSchema File 60-repo-schema.ldifSyntax Directory String

fr-idm-syncqueue-mappingOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.

Attribute Typesfr-idm-syncqueue-newobject


OID 1.3.6.1.4.1.36733.2.3.1.39Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-syncqueue-mappingOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


fr-idm-syncqueue-newobjectOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.42Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames fr-idm-syncqueue-newobjectOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


fr-idm-syncqueue-nodeidOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.45Substring Matching Rule caseIgnoreSubstringsMatch

Attribute Typesfr-idm-syncqueue-objectrev


Equality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-syncqueue-nodeidOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


fr-idm-syncqueue-objectrevOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.40Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-syncqueue-objectrevOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


fr-idm-syncqueue-oldobjectOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.41Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowed

Attribute Typesfr-idm-syncqueue-remainingretries


Names fr-idm-syncqueue-oldobjectOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


fr-idm-syncqueue-remainingretriesOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.46Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames fr-idm-syncqueue-remainingretriesOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By fr-idm-syncqueueSchema File 60-repo-schema.ldifSyntax Integer

fr-idm-syncqueue-resourcecollectionOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.37Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-syncqueue-resourcecollection

Attribute Typesfr-idm-syncqueue-resourceid



true


fr-idm-syncqueue-resourceidOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.38Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-syncqueue-resourceidOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


fr-idm-syncqueue-stateOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.44Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-syncqueue-stateOrdering Matching Rule caseIgnoreOrderingMatch

Attribute Typesfr-idm-syncqueue-syncaction



true


fr-idm-syncqueue-syncactionOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.36Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames fr-idm-syncqueue-syncactionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


fr-idm-temporal-constraintsOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.12Equality Matching Rule caseIgnoreJsonQueryMatchSingle Value false: multiple values allowedNames fr-idm-temporal-constraintsOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Attribute Typesfr-idm-uuid


Used By fr-idm-internal-roleSchema File 60-repo-schema.ldifSyntax Json

fr-idm-uuidOrigin OpenIDM DSRepoServiceUsage userApplicationsInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.1.27Equality Matching Rule uuidMatchSingle Value false: multiple values allowedNames fr-idm-uuidOrdering Matching Rule uuidOrderingMatchUser ModificationAllowed

true

Used By fr-idm-managed-user-explicitSchema File 60-repo-schema.ldifSyntax UUID

fullVendorVersionHolds the vendor version including the build number.

Origin OpenDJ Directory ServerUsage dSAOperationOID 1.3.6.1.4.1.36733.2.1.1.141Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames fullVendorVersionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

false


Attribute Typesgecos


gecosOrigin draft-howard-rfc2307bisUsage userApplicationsDescription The GECOS field; the common nameOID 1.3.6.1.1.1.1.2Substring Matching Rule caseIgnoreIA5SubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames gecosOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By posixAccountSchema File 04-rfc2307bis.ldifSyntax IA5 String

generationQualifierName strings typically forming the suffix part of a person's name.

Examples: Jr., 3rd

Origin RFC 4519Usage userApplicationsSuperior Type nameOID 2.5.4.44Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames generationQualifierOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true




Attribute TypesgidNumber


gidNumberOrigin draft-howard-rfc2307bisUsage userApplicationsDescription An integer uniquely identifying a group in an administrative domainOID 1.3.6.1.1.1.1.1Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames gidNumberOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By posixAccount, posixGroup, sambaGroupMapping, sambaIdmapEntry,sambaUnixIdPool

Schema File 04-rfc2307bis.ldifSyntax Integer

givenNamePart of a person's name that is neither their surname nor their middle name.

Origin RFC 4519Usage userApplicationsSuperior Type nameOID 2.5.4.42Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames givenNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true




Attribute TypesgoverningStructureRule


governingStructureRuleIndicates the structure rule governing the entry. The structure rule defines the names entries mayhave, and how entries may be related to each other.

Origin RFC 4512Usage directoryOperationOID 2.5.21.10Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames governingStructureRuleOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

false


hasSubordinatesIndicates whether the entry has any subordinate entries.

Origin X.501Usage directoryOperationOID 2.5.18.9Equality Matching Rule booleanMatchSingle Value trueNames hasSubordinatesUser ModificationAllowed

false


healthyOrigin OpenDJ Directory ServerUsage dSAOperation


Attribute TypeshomeDirectory


Description Indicates whether the server is able to handle requestsOID 1.3.6.1.4.1.36733.2.1.1.509Equality Matching Rule booleanMatchSingle Value trueNames healthyUser ModificationAllowed

false


homeDirectoryOrigin draft-howard-rfc2307bisUsage userApplicationsDescription The absolute path to the home directoryOID 1.3.6.1.1.1.1.3Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames homeDirectoryOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


homePhoneHome phone number, such as +1 415 555 1212.

Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.20Substring Matching Rule telephoneNumberSubstringsMatch



Attribute TypeshomePostalAddress


Equality Matching Rule telephoneNumberMatchSingle Value false: multiple values allowedNames homePhone, homeTelephoneNumberUser ModificationAllowed

true

Used By inetOrgPerson, pilotPersonSchema File 00-core.ldifSyntax Telephone Number

homePostalAddressHome postal address for an object, such as 1234 Main St.$Anytown, CA 12345$USA. Values are expectedto be no longer than 6 directory strings of 30 characters each, although servers are not expected toenforce these limits.

Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.39Substring Matching Rule caseIgnoreListSubstringsMatchEquality Matching Rule caseIgnoreListMatchSingle Value false: multiple values allowedNames homePostalAddressUser ModificationAllowed

true

Used By inetOrgPerson, pilotPersonSchema File 00-core.ldifSyntax Postal Address

hostHostname of a computer, generally as a fully qualified domain name such as server.example.com.

Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.9Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatch



Attribute TypeshouseIdentifier


Single Value false: multiple values allowedNames hostOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By accountSchema File 00-core.ldifSyntax Directory String

houseIdentifierOrigin RFC 4519Usage userApplicationsOID 2.5.4.51Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames houseIdentifierOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


includedAttributesIn a changelog entry, holds the attributes on the entry prior to the change.

Origin OpenDJ Directory ServerUsage directoryOperationDescription A set of attributes which were part of the entry before the changes were appliedOID 1.3.6.1.4.1.36733.2.1.1.6Equality Matching Rule octetStringMatchSingle Value trueNames includedAttributesOrdering Matching Rule octetStringOrderingMatch


Attribute TypesinetUserHttpURL



true

Schema File 03-changelog.ldifSyntax Octet String

inetUserHttpURLThis attribute type stores AM profile information.

Origin Nortel subscriber interoperabilityUsage userApplicationsDescription A users Web addressesOID 2.16.840.1.113730.3.1.693Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames inetUserHttpURLOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By inetuserSchema File 60-identity-store-ds-schema.ldifSyntax IA5 String

inetUserStatusThis attribute type stores AM profile information.

Origin Nortel subscriber interoperabilityUsage userApplicationsDescription "active", "inactive", or "deleted" status of a userOID 2.16.840.1.113730.3.1.692Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames inetUserStatus

Attribute Typesinfo



true

Used By inetuserSchema File 60-identity-store-ds-schema.ldifSyntax Directory String

infoGeneral information associated with the object represented by the directory entry. Applicationsshould not ascribe specific semantics to the value of this attribute.

Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.4Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames infoOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By pilotObjectSchema File 00-core.ldifSyntax Directory String

inheritableOrigin draft-ietf-ldup-subentryUsage dSAOperationOID 1.3.6.1.4.1.7628.5.4.1Equality Matching Rule booleanMatchSingle Value trueNames inheritableUser ModificationAllowed

false



Attribute TypesinheritAttribute


Used By inheritableLDAPSubEntrySchema File 00-core.ldifSyntax Boolean

inheritAttributeHolds the name of a collective attribute to inherit.

Origin OpenDS Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.26027.1.1.625Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value false: multiple values allowedNames inheritAttributeUser ModificationAllowed

true

Used By inheritedCollectiveAttributeSubentry,inheritedFromDNCollectiveAttributeSubentry,inheritedFromRDNCollectiveAttributeSubentry

Schema File 00-core.ldifSyntax OID

inheritFromBaseRDNHolds the RDN of the base entry under which the entries are found from which to inherit collectiveattributes.

Origin OpenDS Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.26027.1.1.622Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames inheritFromBaseRDNUser ModificationAllowed

true

Attribute TypesinheritFromDNAttribute


Used By inheritedFromRDNCollectiveAttributeSubentrySchema File 00-core.ldifSyntax DN

inheritFromDNAttributeHolds the DN-syntax attribute specifying the entry from which to inherit collective attributes.

Origin OpenDS Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.26027.1.1.621Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value trueNames inheritFromDNAttributeUser ModificationAllowed

true

Used By inheritedFromDNCollectiveAttributeSubentrySchema File 00-core.ldifSyntax OID

inheritFromDNParentOrigin OpenDJ Directory ServerUsage userApplicationsDescription The number of parent levels to lookup in the DN for inherited collective attribute

subentryOID 1.3.6.1.4.1.36733.2.1.1.535Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames inheritFromDNParentOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By inheritedFromDNCollectiveAttributeSubentry

Attribute TypesinheritFromRDNAttribute



inheritFromRDNAttributeHolds the RDN attribute of the entry from which to inherit collective attributes.

Origin OpenDS Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.26027.1.1.624Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value trueNames inheritFromRDNAttributeUser ModificationAllowed

true

Used By inheritedFromRDNCollectiveAttributeSubentrySchema File 00-core.ldifSyntax OID

inheritFromRDNTypeHolds the RDN attribute type of the entry from which to inherit collective attributes.

Origin OpenDS Directory ServerUsage userApplicationsOID 1.3.6.1.4.1.26027.1.1.623Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value trueNames inheritFromRDNTypeUser ModificationAllowed

true

Used By inheritedFromRDNCollectiveAttributeSubentrySchema File 00-core.ldifSyntax OID

Attribute Typesinitials


initialsStrings of initials of some or all of a person's names, excluding the surname(s). Each string is onevalue of the attribute.

Origin RFC 4519Usage userApplicationsSuperior Type nameOID 2.5.4.43Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames initialsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


internationaliSDNNumberIntegrated Services Digital Network (ISDN) addresses, as specified by the InternationalTelecommunication Union (ITU) Recommendation E.164.

Origin RFC 4519Usage userApplicationsOID 2.5.4.25Substring Matching Rule numericStringSubstringsMatchEquality Matching Rule numericStringMatchSingle Value false: multiple values allowedNames internationaliSDNNumberOrdering Matching Rule numericStringOrderingMatchUser ModificationAllowed

true




Attribute TypesipHostNumber



ipHostNumberOrigin draft-howard-rfc2307bisUsage userApplicationsDescription IPv4 addresses as a dotted decimal omitting leading zeros or IPv6 addresses as

defined in RFC2373Superior Type nameOID 1.3.6.1.1.1.1.19Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ipHostNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ipHostSchema File 04-rfc2307bis.ldifSyntax Directory String

iplanet-am-auth-configurationThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription Authentication ConfigurationOID 1.3.6.1.4.1.42.2.27.9.1.62Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-auth-configurationOrdering Matching Rule caseIgnoreOrderingMatch


Attribute Typesiplanet-am-auth-login-failure-url



true

Used By iplanet-am-auth-configuration-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Directory String

iplanet-am-auth-login-failure-urlThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription Redirection URL for Failed User AuthenticationOID 1.3.6.1.4.1.42.2.27.9.1.64Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-auth-login-failure-urlOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


iplanet-am-auth-login-success-urlThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription Redirection URL After Successful LoginOID 1.3.6.1.4.1.42.2.27.9.1.63Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowed

Attribute Typesiplanet-am-auth-post-login-process-class


Names iplanet-am-auth-login-success-urlOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


iplanet-am-auth-post-login-process-classThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription Class Name for Post Authentication ProcessingOID 1.3.6.1.4.1.42.2.27.9.1.65Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-auth-post-login-process-classOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


iplanet-am-session-destroy-sessionsThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription Destroy SessionOID 2.16.840.1.113730.3.1.1069Substring Matching Rule caseIgnoreSubstringsMatch

Attribute Typesiplanet-am-session-get-valid-sessions


Equality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-session-destroy-sessionsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By iplanet-am-session-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Directory String

iplanet-am-session-get-valid-sessionsThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription Get Valid SessionsOID 2.16.840.1.113730.3.1.1068Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-session-get-valid-sessionsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


iplanet-am-session-max-caching-timeThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription Max Session Caching Time

Attribute Typesiplanet-am-session-max-idle-time


OID 2.16.840.1.113730.3.1.1067Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-session-max-caching-timeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


iplanet-am-session-max-idle-timeThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription Max Session Idle TimeOID 2.16.840.1.113730.3.1.1066Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-session-max-idle-timeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


iplanet-am-session-max-session-timeThis attribute type stores AM profile information.

Origin OpenSSO

Attribute Typesiplanet-am-session-quota-limit


Usage userApplicationsDescription Max Service TimeOID 2.16.840.1.113730.3.1.1065Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-session-max-session-timeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


iplanet-am-session-quota-limitThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription Session Quota ConstraintsOID 1.3.6.1.4.1.42.2.27.9.1.752Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-session-quota-limitOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


iplanet-am-session-service-statusThis attribute type stores AM profile information.

Attribute Typesiplanet-am-user-account-life


Origin OpenSSOUsage userApplicationsDescription Session Service StatusOID 2.16.840.1.113730.3.1.1053Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-session-service-statusOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


iplanet-am-user-account-lifeThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription User Account LifeOID 2.16.840.1.113730.3.1.976Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-user-account-lifeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By iplanet-am-managed-personSchema File 60-identity-store-ds-schema.ldifSyntax Directory String

Attribute Typesiplanet-am-user-admin-start-dn


iplanet-am-user-admin-start-dnThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription Starting DN for Admin UserOID 2.16.840.1.113730.3.1.1072Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-user-admin-start-dnOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By iplanet-am-user-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Directory String

iplanet-am-user-alias-listThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription User Alias Names ListOID 1.3.6.1.4.1.42.2.27.9.1.59Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-user-alias-listOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


Attribute Typesiplanet-am-user-auth-config


iplanet-am-user-auth-configThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription User Authentication ConfigurationOID 1.3.6.1.4.1.42.2.27.9.1.58Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-user-auth-configOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


iplanet-am-user-auth-modulesThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription User Auth ModulesOID 2.16.840.1.113730.3.1.1071Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-user-auth-modulesOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


Attribute Typesiplanet-am-user-failure-url


iplanet-am-user-failure-urlThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription Redirection URL for Failed User AuthenticationOID 1.3.6.1.4.1.42.2.27.9.1.72Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-user-failure-urlOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


iplanet-am-user-login-statusThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription User Login StatusOID 2.16.840.1.113730.3.1.1074Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-user-login-statusOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


Attribute Typesiplanet-am-user-password-reset-force-reset


iplanet-am-user-password-reset-force-resetThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription Password Reset Force Reset passwordOID 1.3.6.1.4.1.42.2.27.9.1.591Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-user-password-reset-force-resetOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


iplanet-am-user-password-reset-optionsThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription Password Reset OptionsOID 1.3.6.1.4.1.42.2.27.9.1.589Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-user-password-reset-optionsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By iplanet-am-user-serviceSchema File 60-identity-store-ds-schema.ldif

Attribute Typesiplanet-am-user-password-reset-question-answer



iplanet-am-user-password-reset-question-answerThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription Password Reset User Question AnswerOID 1.3.6.1.4.1.42.2.27.9.1.590Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-user-password-reset-question-answerOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


iplanet-am-user-service-statusThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription User Service StatusOID 2.16.840.1.113730.3.1.1073Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-user-service-statusOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Attribute Typesiplanet-am-user-success-url


Schema File 60-identity-store-ds-schema.ldifSyntax Directory String

iplanet-am-user-success-urlThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription Redirection URL for Successful User AuthenticationOID 1.3.6.1.4.1.42.2.27.9.1.71Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames iplanet-am-user-success-urlOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ipNetmaskNumberOrigin draft-howard-rfc2307bisUsage userApplicationsDescription IP netmask as a dotted decimal, eg. 255.255.255.0, omitting leading zerosOID 1.3.6.1.1.1.1.21Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames ipNetmaskNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


Attribute TypesipNetworkNumber


Used By ipNetworkSchema File 04-rfc2307bis.ldifSyntax IA5 String

ipNetworkNumberOrigin draft-howard-rfc2307bisUsage userApplicationsDescription IP network as a dotted decimal, eg. 192.168, omitting leading zerosSuperior Type nameOID 1.3.6.1.1.1.1.20Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ipNetworkNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ipNetworkSchema File 04-rfc2307bis.ldifSyntax Directory String

ipProtocolNumberOrigin draft-howard-rfc2307bisUsage userApplicationsDescription IP protocol numberOID 1.3.6.1.1.1.1.17Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ipProtocolNumberOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true



Attribute TypesipServicePort


Used By ipProtocolSchema File 04-rfc2307bis.ldifSyntax Integer

ipServicePortOrigin draft-howard-rfc2307bisUsage userApplicationsDescription Service port numberOID 1.3.6.1.1.1.1.15Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames ipServicePortOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By ipServiceSchema File 04-rfc2307bis.ldifSyntax Integer

ipServiceProtocolOrigin draft-howard-rfc2307bisUsage userApplicationsDescription Service protocol nameSuperior Type nameOID 1.3.6.1.1.1.1.16Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames ipServiceProtocolOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true



Attribute TypesipTnetNumber


Used By ipServiceSchema File 04-rfc2307bis.ldifSyntax Directory String

ipTnetNumberOrigin Solaris SpecificUsage userApplicationsDescription Trusted Solaris network template ip_addressOID 1.3.6.1.4.1.42.2.27.5.1.68Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ipTnetNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ipTnetHostSchema File 05-solaris.ldifSyntax IA5 String

ipTnetTemplateNameOrigin Solaris SpecificUsage userApplicationsDescription Trusted Solaris network template template_nameOID 1.3.6.1.4.1.42.2.27.5.1.67Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames ipTnetTemplateNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ipTnetTemplate

Attribute TypesisMemberOf


Schema File 05-solaris.ldifSyntax IA5 String

isMemberOfShows group DNs of which this entry is a member.

Origin Sun Java System Directory ServerUsage directoryOperationDescription Sun-defined attribute typeOID 1.3.6.1.4.1.42.2.27.9.1.792Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames isMemberOfUser ModificationAllowed

false


janetMailboxElectronic mailbox attribute using the syntax specified in the Grey Book of the Coloured Bookprotocols. See, for example, the Wikipedia article on Coloured Book protocols.

Example: janetMail: [email protected].

Entries using this attribute must also include an rfc822Mailbox attribute, such as mail: [email protected].

Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.46Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames janetMailboxOrdering Matching Rule caseIgnoreOrderingMatch

https://en.wikipedia.org/wiki/Coloured_Book_protocols


Attribute TypesjavaClassName



true


javaClassNameCase-sensitive fully qualified name of a Java class or interface.

Origin RFC 2713Usage userApplicationsDescription Fully qualified name of distinguished Java class or interfaceOID 1.3.6.1.4.1.42.2.27.4.1.6Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames javaClassNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By javaMarshalledObject, javaNamingReference, javaObject, javaSerializedObjectSchema File 03-rfc2713.ldifSyntax Directory String

javaClassNamesCase-sensitive fully qualified names of a Java class or interface. Multiple values represent a class orinterface name of this object, or of an ancestor class or interface of this object.

Origin RFC 2713Usage userApplicationsDescription Fully qualified Java class or interface nameOID 1.3.6.1.4.1.42.2.27.4.1.13Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowed



Attribute TypesjavaCodebase


Names javaClassNamesOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By javaMarshalledObject, javaNamingReference, javaObject, javaSerializedObjectSchema File 03-rfc2713.ldifSyntax Directory String

javaCodebaseLocation from which to load the class specified by the javaClassName attribute.

If multiple values are present, each value is an independent code base, meaning each is analternative location from which to load the class definition.

Origin RFC 2713Usage userApplicationsDescription URL(s) specifying the location of class definitionOID 1.3.6.1.4.1.42.2.27.4.1.7Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value false: multiple values allowedNames javaCodebaseOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By javaMarshalledObject, javaNamingReference, javaObject, javaSerializedObjectSchema File 03-rfc2713.ldifSyntax IA5 String

javaDocURL to the Javadoc for the object.

Origin RFC 2713Usage userApplicationsDescription The Java documentation for the class



Attribute TypesjavaFactory


OID 1.3.6.1.4.1.42.2.27.4.1.12Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value false: multiple values allowedNames javaDocOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By javaMarshalledObject, javaNamingReference, javaObject, javaSerializedObjectSchema File 03-rfc2713.ldifSyntax IA5 String

javaFactoryCase-sensitive fully qualified name of a Java class that can be used to create an instance of the classspecified by the javaClassName attribute.

Origin RFC 2713Usage userApplicationsDescription Fully qualified Java class name of a JNDI object factoryOID 1.3.6.1.4.1.42.2.27.4.1.10Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value trueNames javaFactoryOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By javaNamingReferenceSchema File 03-rfc2713.ldifSyntax Directory String

javaReferenceAddressSequence of addresses of a JNDI reference. Each value represents and object of type javax.naming.RefAddr, and has the following form, where # is the delimiter:


Attribute TypesjavaSerializedData


#sequence-number#address-type#(address-value|#string-content)

sequence-number

The address's position in the JNDI reference starting at 0.

address-type

Type of JNDI address, which is a non-empty string.

address-value

Value of the address contents if the reference is of type javax.naming.StringRefAddr.

string-content

Base64-encoded string representation of the entire serialized address if the reference is not oftype javax.naming.StringRefAddr.

Origin RFC 2713Usage userApplicationsDescription Addresses associated with a JNDI ReferenceOID 1.3.6.1.4.1.42.2.27.4.1.11Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames javaReferenceAddressOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By javaNamingReferenceSchema File 03-rfc2713.ldifSyntax Directory String

javaSerializedDataA serialized Java object. For details, see the Java Object Serialization Specification.

Origin RFC 2713Usage userApplicationsDescription Serialized form of a Java objectOID 1.3.6.1.4.1.42.2.27.4.1.8


https://docs.oracle.com/en/java/javase/11/docs/specs/serialization/


Attribute TypesjpegPhoto


Equality Matching Rule octetStringMatchSingle Value trueNames javaSerializedDataOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By javaMarshalledObject, javaSerializedObjectSchema File 03-rfc2713.ldifSyntax Octet String

jpegPhotoAn image of a person in the JPEG File Interchange Format (JFIF).

Origin RFC 2798Usage userApplicationsDescription a JPEG imageOID 0.9.2342.19200300.100.1.60Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames jpegPhotoOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By inetOrgPerson, pilotObjectSchema File 00-core.ldifSyntax JPEG

kbaActiveIndexOrigin OpenAMUsage userApplicationsDescription Knowledge Based Authentication Active IndexInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.6


Attribute TypeskbaInfo


Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames kbaActiveIndexOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By kbaInfoContainerSchema File 60-identity-store-ds-kba.ldifSyntax Directory String

kbaInfoOrigin OpenAMUsage userApplicationsDescription Knowledge Based Authentication information is stored in this attributeInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.5Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames kbaInfoOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


kbaInfoAttemptsOrigin OpenAMUsage userApplicationsDescription Knowledge Based Authentication Attempts information is stored in this attributeInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.

Attribute TypesknowledgeInformation


OID 1.3.6.1.4.1.36733.2.2.1.7Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames kbaInfoAttemptsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


knowledgeInformationAccording to the specification, "This attribute is no longer used."

Origin RFC 2256Usage userApplicationsOID 2.5.4.2Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames knowledgeInformationOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By dSA, pilotDSASchema File 00-core.ldifSyntax Directory String

lName of a locality or place, such as a city, country or geographic region.




Attribute TypeslabeledURI


Superior Type nameOID 2.5.4.7Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames l, localityNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By account, applicationEntity, applicationProcess, dNSDomain, dSA, device, dmd,document, documentSeries, domain, inetOrgPerson, ipHost, ipNetwork, locality,organization, organizationalPerson, organizationalRole, organizationalUnit,pilotDSA, pilotOrganization, rFC822LocalPart, residentialPerson,sunservicecomponent, untypedObject


labeledURIA URI with an optional label, as described in RFC 2079.

Example: https://forgerock.com ForgeRock Home Page

Origin RFC 2079Usage userApplicationsDescription Uniform Resource Identifier with optional labelOID 1.3.6.1.4.1.250.1.57Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames labeledURIOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By inetOrgPerson, labeledURIObject, sunRealmService, sunservice,sunservicecomponent




Attribute TypeslabeledURL


labeledURLOrigin RFC 2079Usage userApplicationsDescription Uniform Resource Locator with optional labelOID 1.3.6.1.4.1.250.1.41Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames labeledURLOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


lastChangeNumberHolds the newest change number in the changelog.

Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.594Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames lastChangeNumberOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


lastExternalChangelogCookieHolds the most recent cookie (cross domain state) available.


Attribute TypeslastModifiedBy


Origin OpenDS Directory ServerUsage directoryOperationOID 1.3.6.1.4.1.26027.1.1.585Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames lastExternalChangelogCookieOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


lastModifiedByDN of the last user to modify the entry.

Although not described in the RFC as an operational attribute, this attribute should be maintained bythe server.

Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.24Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames lastModifiedByUser ModificationAllowed

true

Used By pilotObjectSchema File 00-core.ldifSyntax DN

lastModifiedTimeUTC time when the entry was last modified.


Attribute TypesldapSyntaxes


Although not described in the RFC as an operational attribute, this attribute should be maintained bythe server.

Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.23Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames lastModifiedTimeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ldapSyntaxesThis operational attribute used in LDAP schema defines syntaxes, which specify encodings used inLDAP.

Origin RFC 4512Usage directoryOperationOID 1.3.6.1.4.1.1466.101.120.16Equality Matching Rule objectIdentifierFirstComponentMatchSingle Value false: multiple values allowedNames ldapSyntaxesUser ModificationAllowed

true

Schema File 00-core.ldifSyntax LDAP Syntax Description

loginShellOrigin draft-howard-rfc2307bisUsage userApplications




Attribute TypesmacAddress


Description The path to the login shellOID 1.3.6.1.1.1.1.4Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames loginShellOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


macAddressOrigin draft-howard-rfc2307bisUsage userApplicationsDescription MAC address in maximal, colon separated hex notation, eg. 00:00:92:90:ee:e2OID 1.3.6.1.1.1.1.22Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames macAddressOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By ieee802DeviceSchema File 04-rfc2307bis.ldifSyntax IA5 String

mailInternet mail addresses in Mailbox form, as described in RFC 2821. The server does not ensure thatmail addresses conform to RFC 2821, however.

Be aware that matching is case-insensitive: ([email protected]) matches [email protected]



Attribute TypesmailPreferenceOption


Applications supporting internationalized domain names must use the ToASCII method described inRFC 3490 to produce subdomain components of the Mailbox form.

Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.3Substring Matching Rule caseIgnoreIA5SubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames mail, rfc822MailboxOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By inetOrgPerson, mailGroup, pilotPersonSchema File 00-core.ldifSyntax IA5 String

mailPreferenceOptionIndication of user's preference for having their names included in mailing lists.

Values are from the following list:

no-list-inclusion (Default)

Do not add name in mailing lists.

any-list-inclusion

May add name in mailing lists.

professional-list-inclusion

May add name in mailing lists related to user's professional interests, optionally as evaluatedfrom the business organization or keywords in the entry.

Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.47Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value true




Attribute Typesmanager


Names mailPreferenceOptionOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By pilotPersonSchema File 00-core.ldifSyntax Integer

managerDNs of manager entries for the entry of a person or entity.

Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.10Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames managerUser ModificationAllowed

true

Used By inetOrgPerson, ipHost, ipNetwork, pilotObjectSchema File 00-core.ldifSyntax DN

matchingRulesThis operational attribute used in LDAP schema defines matching rules, which specify how values ofattributes are matched and compared.

Origin RFC 4512Usage directoryOperationOID 2.5.21.4Equality Matching Rule objectIdentifierFirstComponentMatchSingle Value false: multiple values allowedNames matchingRules



Attribute TypesmatchingRuleUse



true

Used By subschemaSchema File 00-core.ldifSyntax Matching Rule Description

matchingRuleUseThis operational attribute used in LDAP schema defines matching rule uses, which list attributes thatcan be used with an extensibleMatch search filter.

Origin RFC 4512Usage directoryOperationOID 2.5.21.8Equality Matching Rule objectIdentifierFirstComponentMatchSingle Value false: multiple values allowedNames matchingRuleUseUser ModificationAllowed

true

Used By subschemaSchema File 00-core.ldifSyntax Matching Rule Use Description

mDRecordA type MD (mail destination) DNS resource record.

Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.27Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames mDRecordOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true



Attribute Typesmember



memberDistinguished names of objects that are part of a group.

Origin RFC 4519Usage userApplicationsSuperior Type distinguishedNameOID 2.5.4.31Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames memberUser ModificationAllowed

true

Used By groupOfEntries, groupOfNamesSchema File 00-core.ldifSyntax DN

memberGidOrigin Solaris SpecificUsage userApplicationsDescription Posix Group NameOID 1.3.6.1.4.1.42.2.27.5.1.30Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value false: multiple values allowedNames memberGidOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


Attribute TypesmemberNisNetgroup


Used By SolarisProjectSchema File 05-solaris.ldifSyntax IA5 String

memberNisNetgroupOrigin draft-howard-rfc2307bisUsage userApplicationsOID 1.3.6.1.1.1.1.13Substring Matching Rule caseExactIA5SubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value false: multiple values allowedNames memberNisNetgroupOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By nisNetgroupSchema File 04-rfc2307bis.ldifSyntax IA5 String

memberofThis attribute type stores AM profile information.

Origin iPlanet Delegated AdministratorUsage userApplicationsDescription Group that the entry belongs toOID 1.2.840.113556.1.2.102Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames memberofUser ModificationAllowed

true

Used By inetuser


Attribute TypesmemberUid


Schema File 60-identity-store-ds-schema.ldifSyntax DN

memberUidOrigin draft-howard-rfc2307bisUsage userApplicationsOID 1.3.6.1.1.1.1.12Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value false: multiple values allowedNames memberUidOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By SolarisProject, posixGroupSchema File 04-rfc2307bis.ldifSyntax IA5 String

memberURLHolds LDAP URLs specifying dynamic group membership.

Origin Sun Java System Directory ServerUsage userApplicationsDescription Sun-defined attribute typeOID 2.16.840.1.113730.3.1.198Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames memberURLOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By groupOfURLs


Attribute TypesmgrpRFC822MailMember



mgrpRFC822MailMemberOrigin Solaris SpecificUsage userApplicationsOID 2.16.840.1.113730.3.1.30Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames mgrpRFC822MailMemberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By mailGroupSchema File 05-solaris.ldifSyntax Directory String

mobileMobile phone number, such as +1 415 555 1212.

Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.41Substring Matching Rule telephoneNumberSubstringsMatchEquality Matching Rule telephoneNumberMatchSingle Value false: multiple values allowedNames mobile, mobileTelephoneNumberUser ModificationAllowed

true



Attribute TypesmodifiersName


modifiersNameFor entries updated over protocol (by an LDAP modify request, for example), this operationalattribute indicates the DN of the creator's entry.

Origin RFC 4512Usage directoryOperationOID 2.5.18.4Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames modifiersNameUser ModificationAllowed

false


modifyTimestampFor entries updated over protocol (by an LDAP modify request, for example), this operationalattribute reflects the time the entry was last modified.

Origin RFC 4512Usage directoryOperationOID 2.5.18.2Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames modifyTimestampOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

false

Schema File 00-core.ldifSyntax Generalized Time

mxRecordA type MX (mail exchange) DNS resource record.



Attribute Typesname


Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.28Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames mxRecordOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


nameBase type for user attribute types with name syntax.

Origin RFC 4519Usage userApplicationsOID 2.5.4.41Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames nameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


nameFormsThis operational attribute used in LDAP schema defines name forms, which specify naming relationsfor structural object classes.

Origin RFC 4512




Attribute TypesnamingContexts


Usage directoryOperationOID 2.5.21.7Equality Matching Rule objectIdentifierFirstComponentMatchSingle Value false: multiple values allowedNames nameFormsUser ModificationAllowed

true

Used By subschemaSchema File 00-core.ldifSyntax Name Form Description

namingContextsThis operational attribute indicates the base DNs mastered or shadowed by this server.

Origin RFC 4512Usage dSAOperationOID 1.3.6.1.4.1.1466.101.120.5Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames namingContextsUser ModificationAllowed

true


newRDNOrigin draft-good-ldap-changelogUsage userApplicationsDescription the new RDN of an entry which is the target of a modrdn operationOID 2.16.840.1.113730.3.1.9Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatch



Attribute TypesnewSuperior


Single Value trueNames newRDNUser ModificationAllowed

true

Used By changeLogEntrySchema File 03-changelog.ldifSyntax DN

newSuperior

Origin draft-good-ldap-changelogUsage userApplicationsDescription the new parent of an entry which is the target of a moddn operationOID 2.16.840.1.113730.3.1.11Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames newSuperiorUser ModificationAllowed

true


nisDomain

Origin draft-howard-rfc2307bisUsage userApplicationsDescription NIS domainOID 1.3.6.1.1.1.1.30Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames nisDomain



Attribute TypesnisMapEntry



true

Used By nisDomainObjectSchema File 04-rfc2307bis.ldifSyntax IA5 String

nisMapEntry

Origin draft-howard-rfc2307bisUsage userApplicationsDescription A generic NIS entryOID 1.3.6.1.1.1.1.27Substring Matching Rule caseExactIA5SubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames nisMapEntryOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By nisObjectSchema File 04-rfc2307bis.ldifSyntax IA5 String

nisMapName

Origin draft-howard-rfc2307bisUsage userApplicationsDescription Name of a A generic NIS mapSuperior Type nameOID 1.3.6.1.1.1.1.26Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowed



Attribute TypesnisNetgroupTriple


Names nisMapNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By nisMap, nisObjectSchema File 04-rfc2307bis.ldifSyntax Directory String

nisNetgroupTripleOrigin draft-howard-rfc2307bisUsage userApplicationsDescription Netgroup tripleOID 1.3.6.1.1.1.1.14Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames nisNetgroupTripleOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By nisNetgroupSchema File 04-rfc2307bis.ldifSyntax IA5 String

nisNetIdGroupOrigin Solaris SpecificUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.1.1.13Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames nisNetIdGroupOrdering Matching Rule caseIgnoreOrderingMatch


Attribute TypesnisNetIdHost



true

Used By nisNetIdSchema File 05-solaris.ldifSyntax IA5 String

nisNetIdHostOrigin Solaris SpecificUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.1.1.14Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames nisNetIdHostOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By nisNetIdSchema File 05-solaris.ldifSyntax IA5 String

nisNetIdUserOrigin Solaris SpecificUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.1.1.12Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames nisNetIdUserOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By nisNetId

Attribute TypesnisplusTimeZone



nisplusTimeZoneOrigin Solaris SpecificUsage userApplicationsDescription tzone column from NIS+ timezone tableOID 1.3.6.1.4.1.42.2.27.5.1.57Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames nisplusTimeZoneOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By nisplusTimeZoneDataSchema File 05-solaris.ldifSyntax IA5 String

nisPublicKeyOrigin draft-howard-rfc2307bisUsage userApplicationsDescription NIS public keyOID 1.3.6.1.1.1.1.28Equality Matching Rule octetStringMatchSingle Value trueNames nisPublicKeyOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By nisKeyObjectSchema File 04-rfc2307bis.ldifSyntax Octet String


Attribute TypesnisSecretKey


nisSecretKeyOrigin draft-howard-rfc2307bisUsage userApplicationsDescription NIS secret keyOID 1.3.6.1.1.1.1.29Equality Matching Rule octetStringMatchSingle Value trueNames nisSecretKeyOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By nisKeyObjectSchema File 04-rfc2307bis.ldifSyntax Octet String

nsds50ruvDSEE attribute holding the internal state of the replica from the replication update vector.

Origin Sun Directory ServerUsage userApplicationsOID 2.16.840.1.113730.3.1.587Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames nsds50ruvOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Schema File 06-compat.ldifSyntax Directory String

nSRecordA type NS (name server) DNS resource record.


Attribute TypesnsUniqueId


Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.29Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames nSRecordOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


nsUniqueIdDSEE attribute holding an entry UUID.

Origin Sun Java System Directory ServerUsage directoryOperationDescription Sun-defined unique identifierOID 2.16.840.1.113730.3.1.542Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames nsUniqueIdOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

false


numSubordinatesThis operational attribute holds a count of immediate subordinates of the current entry. (The counttherefore does not include entries below immediate subordinates.)


Attribute Typeso


As numSubordinates is an operational attribute client applications must request it explicitly in searchresults.

Support for the numSubordinates attribute is per entry. If it is present then its value is correct. Itsabsence does not, however, imply that there are no subordinates.

Origin draft-ietf-boreham-numsubordinatesUsage directoryOperationDescription Count of immediate subordinatesOID 1.3.6.1.4.1.453.16.2.103Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames numSubordinatesOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

false


oX.500 organizationName attribute for the name of an organization.

Example: ForgeRock, Inc.

Origin RFC 4519Usage userApplicationsSuperior Type nameOID 2.5.4.10Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames o, organizationNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By account, applicationEntity, dNSDomain, dSA, device, document, documentSeries,domain, groupOfEntries, groupOfNames, groupOfURLs, groupOfUniqueNames,

https://tools.ietf.org/html/draft-ietf-boreham-numsubordinates-01


Attribute Typesoath2faEnabled


inetOrgPerson, organization, pilotDSA, pilotOrganization, rFC822LocalPart,sunRealmService, untypedObject


oath2faEnabledThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription Indicator for enabling of OATH 2FAOID 1.3.6.1.4.1.36733.2.2.1.131Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value false: multiple values allowedNames oath2faEnabledOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By iplanet-am-auth-configuration-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Integer

oathDeviceProfilesOrigin OpenAMUsage userApplicationsDescription OATH device profiles stringInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.10Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames oathDeviceProfilesOrdering Matching Rule caseIgnoreOrderingMatch

Attribute TypesobjectClass



true

Used By oathDeviceProfilesContainerSchema File 60-identity-store-ds-oathdevices.ldifSyntax Directory String

objectClassDescribes the type of object represented by the entry, controlling which attributes must and may bepresent on the entry.

Each entry has at least two values, one of which is top or alias.

When an object class value is added to an entry, all superclasses of the object class are implicitlyadded. For example, if inetOrgPerson is added, person and organizationalPerson are also added.

Origin RFC 4512Usage userApplicationsOID 2.5.4.0Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value false: multiple values allowedNames objectClassUser ModificationAllowed

true

Used By DUAConfigProfile, SolarisAuditUser, SolarisAuthAttr, SolarisExecAttr,SolarisNamingProfile, SolarisProfAttr, SolarisProject, SolarisUserAttr, account,alias, applicationEntity, applicationProcess, automount, automountMap,bootableDevice, cRLDistributionPoint, calEntry, certificationAuthority,certificationAuthority-V2, changeLogEntry, container, corbaContainer,corbaObject, corbaObjectReference, country, dNSDomain, dSA, dcObject,deltaCRL, device, devicePrintProfilesContainer, deviceProfilesContainer, dmd,document, documentSeries, domain, domainRelatedObject, ds-certificate-user, ds-monitor, ds-monitor-backend, ds-monitor-backend-db, ds-monitor-backend-pluggable, ds-monitor-backend-proxy, ds-monitor-base-dn, ds-monitor-branch, ds-monitor-certificate, ds-monitor-changelog, ds-monitor-changelog-domain, ds-monitor-connected-changelog, ds-monitor-connected-replica, ds-monitor-connection-handler, ds-monitor-disk-space, ds-monitor-entry-cache,ds-monitor-health-status, ds-monitor-http-connection-handler, ds-monitor-je-database, ds-monitor-jvm, ds-monitor-ldap-connection-handler, ds-monitor-raw-je-database-statistics, ds-monitor-remote-replica, ds-monitor-replica,ds-monitor-replica-db, ds-monitor-server, ds-monitor-topology-server, ds-monitor-work-queue, ds-pwp-attribute-value-validator, ds-pwp-character-set-validator, ds-pwp-dictionary-validator, ds-pwp-length-based-validator, ds-pwp-


Attribute TypesobjectClasses


password-policy, ds-pwp-random-generator, ds-pwp-repeated-characters-validator, ds-pwp-similarity-based-validator, ds-pwp-unique-characters-validator, ds-pwp-validator, ds-root-dse, ds-virtual-static-group, fr-idm-cluster-obj, fr-idm-generic-obj, fr-idm-hybrid-obj, fr-idm-internal-role, fr-idm-internal-user, fr-idm-link, fr-idm-lock, fr-idm-managed-assignment, fr-idm-managed-role, fr-idm-managed-user, fr-idm-managed-user-explicit, fr-idm-managed-user-hybrid-obj, fr-idm-notification, fr-idm-recon-clusteredTargetIds, fr-idm-reconassoc, fr-idm-reconassocentry, fr-idm-relationship, fr-idm-syncqueue,frCoreToken, friendlyCountry, glue, groupOfEntries, groupOfNames,groupOfURLs, groupOfUniqueNames, ieee802Device, inetOrgPerson,inetuser, inheritableLDAPSubEntry, inheritedCollectiveAttributeSubentry,inheritedFromDNCollectiveAttributeSubentry,inheritedFromRDNCollectiveAttributeSubentry, ipHost, ipNetwork, ipProtocol,ipService, ipTnetHost, ipTnetTemplate, iplanet-am-auth-configuration-service, iplanet-am-managed-person, iplanet-am-session-service, iplanet-am-user-service, javaContainer, javaMarshalledObject, javaNamingReference,javaObject, javaSerializedObject, kbaInfoContainer, labeledURIObject,ldapSubEntry, locality, mailGroup, namedObject, nisDomainObject,nisKeyObject, nisMailAlias, nisMap, nisNetId, nisNetgroup, nisObject,nisplusTimeZoneData, oathDeviceProfilesContainer, oncRpc, organization,organizationalPerson, organizationalRole, organizationalUnit, person,pilotDSA, pilotObject, pilotOrganization, pilotPerson, pkiCA, pkiUser,posixAccount, posixGroup, printerAbstract, printerIPP, printerLPR,printerService, printerServiceAuxClass, pushDeviceProfilesContainer, pwdPolicy,pwdValidatorPolicy, qualityLabelledData, rFC822LocalPart, residentialPerson,room, sambaConfig, sambaConfigOption, sambaDomain, sambaGroupMapping,sambaIdmapEntry, sambaPrivilege, sambaSamAccount, sambaShare,sambaSidEntry, sambaTrustPassword, sambaUnixIdPool, shadowAccount,simpleSecurityObject, slpService, slpServicePrinter, strongAuthenticationUser,subentry, sunAMAuthAccountLockout, sunFMSAML2NameIdentifier,sunPrinter, sunRealmService, sunservice, sunservicecomponent, top,uddiAddress, uddiBindingTemplate, uddiBusinessEntity, uddiBusinessService,uddiContact, uddiPublisherAssertion, uddiTModel, uddiTModelInstanceInfo,uddiv3EntityObituary, uddiv3Subscription, uidObject, untypedObject,userSecurityInformation, webauthnDeviceProfilesContainer


objectClassesThis operational attribute used in LDAP schema defines object classes, which specify the types ofobjects that an entry represents, and the required and optional attributes for entries of those types.

Origin RFC 4512Usage directoryOperationOID 2.5.21.6Equality Matching Rule objectIdentifierFirstComponentMatch


Attribute TypesobjectclassMap


Single Value false: multiple values allowedNames objectClassesUser ModificationAllowed

true

Used By subschemaSchema File 00-core.ldifSyntax Object Class Description

objectclassMapOrigin RFC 4876Usage userApplicationsDescription Object class mappings used, required, or supported by an agent or serviceOID 1.3.6.1.4.1.11.1.3.1.1.11Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames objectclassMapOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


oncRpcNumberOrigin draft-howard-rfc2307bisUsage userApplicationsDescription ONC RPC numberOID 1.3.6.1.1.1.1.18Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames oncRpcNumber



Attribute TypesorganizationalStatus


Ordering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By oncRpcSchema File 04-rfc2307bis.ldifSyntax Integer

organizationalStatusCategories to refer to a person in an organization, such as professor or staff.

Similar attributes include title and userClass.

Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.45Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames organizationalStatusOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


otherMailboxAn electronic mailbox address of a type other than X.400 or RFC 822.

Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.22Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowed



Attribute Typesou


Names otherMailboxOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


ouX.500 organizationalUnitName attribute for the name of an organizational unit.

Example: Product Development

Origin RFC 4519Usage userApplicationsSuperior Type nameOID 2.5.4.11Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames organizationalUnitName, ouOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By account, applicationEntity, applicationProcess, dSA, device, document,documentSeries, groupOfEntries, groupOfNames, groupOfURLs,groupOfUniqueNames, inetOrgPerson, organizationalPerson, organizationalRole,organizationalUnit, pilotDSA, pilotOrganization, sunservice, sunservicecomponent,untypedObject


ownerDistinguished names of objects with an ownership relationship to the current object.




Attribute Typespager


Superior Type distinguishedNameOID 2.5.4.32Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames ownerUser ModificationAllowed

true

Used By device, groupOfEntries, groupOfNames, groupOfURLs, groupOfUniqueNames,untypedObject


pagerPager phone number, such as +1 415 555 1212.

Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.42Substring Matching Rule telephoneNumberSubstringsMatchEquality Matching Rule telephoneNumberMatchSingle Value false: multiple values allowedNames pager, pagerTelephoneNumberUser ModificationAllowed

true


personalSignatureRepresentation of a person's signature. According to RFC 1274, the value is,

Encoded in G3 fax as explained in recommendation T.4, with an ASN.1 wrapper tomake it compatible with an X.400 BodyPart as defined in X.420.

Origin RFC 1274



Attribute TypespersonalTitle


Usage userApplicationsOID 0.9.2342.19200300.100.1.53Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames personalSignatureOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By pilotPersonSchema File 00-core.ldifSyntax Binary

personalTitlePersonal title for a person, such as Dr. or Professor.

Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.40Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames personalTitleOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


photoA photograph in G3 fax as described in recommendation T.4, with an ASN.1 wrapper to make itcompatible with an X.400 BodyPart, as defined in X.420.




Attribute TypesphysicalDeliveryOfficeName


OID 0.9.2342.19200300.100.1.7Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames photoOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By inetOrgPerson, pilotObjectSchema File 00-core.ldifSyntax Octet String

physicalDeliveryOfficeNameA name used by the postal service to identify a post office.

Origin RFC 4519Usage userApplicationsOID 2.5.4.19Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames physicalDeliveryOfficeNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true



postalAddressAn address used by the postal service to perform services for the entity.

Use dollar signs ($) to separate lines in the address, and see the PostalAddress syntax description fordetails.


Attribute TypespostalCode


Example: 1234 Main St.$Anytown, CA 12345$USA.

Origin RFC 4519Usage userApplicationsOID 2.5.4.16Substring Matching Rule caseIgnoreListSubstringsMatchEquality Matching Rule caseIgnoreListMatchSingle Value false: multiple values allowedNames postalAddressUser ModificationAllowed

true



postalCodeA code used by the postal service to identify postal service zones.

Origin RFC 4519Usage userApplicationsOID 2.5.4.17Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames postalCodeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true





Attribute TypespostOfficeBox


postOfficeBoxA postal box identifier that the postal service uses when the customer receives mail at a box on thepremises of the postal service.

Origin RFC 4519Usage userApplicationsOID 2.5.4.18Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames postOfficeBoxOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true



preferredDeliveryMethodIndicates the preferred method for getting a message to the entity, where the methods can bespecified in order of decreasing priority.

Example: mhs $ physical.

Origin RFC 4519Usage userApplicationsOID 2.5.4.28Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames preferredDeliveryMethodOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true



Attribute TypespreferredLanguage


Used By dNSDomain, dmd, domain, inetOrgPerson, organization, organizationalPerson,organizationalRole, organizationalUnit, pilotOrganization, pilotPerson,rFC822LocalPart, residentialPerson, sunservicecomponent

Schema File 00-core.ldifSyntax Delivery Method

preferredLanguageIndicates a person's preferred language or languages, which is useful for internationalcorrespondence and computer interaction. RFC 2068 describes an Accept-Language field. That field'scontent, without Accept-Language:, matches the content of this attribute.

Example: en, ko;q=0.8.

Origin RFC 2798Usage userApplicationsDescription preferred written or spoken language for a personOID 2.16.840.1.113730.3.1.39Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames preferredLanguageOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By iPlanetPreferences, inetOrgPersonSchema File 00-core.ldifSyntax Directory String

preferredLocaleThis attribute type stores AM profile information.

Origin iPlanetUsage userApplicationsDescription preferred locale for a personOID 1.3.6.1.4.1.1466.101.120.42Substring Matching Rule caseIgnoreSubstringsMatch



Attribute TypespreferredServerList


Equality Matching Rule caseIgnoreMatchSingle Value trueNames preferredLocaleOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By iPlanetPreferencesSchema File 60-identity-store-ds-schema.ldifSyntax Directory String

preferredServerListOrigin RFC 4876Usage userApplicationsDescription List of preferred serversOID 1.3.6.1.4.1.11.1.3.1.1.2Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames preferredServerListOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


preferredTimeZoneThis attribute type stores AM profile information.

Origin iPlanetUsage userApplicationsDescription preferred time zone for a personOID 1.3.6.1.4.1.1466.101.120.43


Attribute TypespresentationAddress


Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames preferredTimeZoneOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By iPlanetPreferencesSchema File 60-identity-store-ds-schema.ldifSyntax Directory String

presentationAddressAn OSI presentation address.

Origin RFC 2256Usage userApplicationsOID 2.5.4.29Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule presentationAddressMatchSingle Value trueNames presentationAddressOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By applicationEntity, dSA, pilotDSASchema File 00-core.ldifSyntax Presentation Address

printer-aliasesOrigin RFC 3712Usage userApplicationsDescription List of site-specific administrative names of this printer in addition to the value

specified for printer-name.OID 1.3.18.0.2.4.1108



Attribute Typesprinter-charset-configured


Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-aliasesOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By printerLPRSchema File 03-rfc3712.ldifSyntax Directory String

printer-charset-configuredOrigin RFC 3712Usage userApplicationsDescription The configured charset in which error and status messages will be generated (by

default) by this printer.OID 1.3.18.0.2.4.1109Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames printer-charset-configuredOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String

printer-charset-supportedOrigin RFC 3712Usage userApplicationsDescription Set of charsets supported for the attribute values of syntax DirectoryString for this

directory entry.



Attribute Typesprinter-color-supported


OID 1.3.18.0.2.4.1131Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-charset-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


printer-color-supportedOrigin RFC 3712Usage userApplicationsDescription Indicates whether this printer is capable of any type of color printing at all,

including highlight color.OID 1.3.18.0.2.4.1129Equality Matching Rule booleanMatchSingle Value trueNames printer-color-supportedUser ModificationAllowed

true

Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Boolean

printer-compression-supportedOrigin RFC 3712Usage userApplicationsDescription Compression algorithms supported by this printer.OID 1.3.18.0.2.4.1128Substring Matching Rule caseIgnoreSubstringsMatch



Attribute Typesprinter-copies-supported


Equality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-compression-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


printer-copies-supportedOrigin RFC 3712Usage userApplicationsDescription The maximum number of copies of a document that may be printed as a single job

on this printer.OID 1.3.18.0.2.4.1118Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames printer-copies-supportedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By printerAbstract, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Integer

printer-current-operatorOrigin RFC 3712Usage userApplicationsDescription The identity of the current human operator responsible for operating this printer.OID 1.3.18.0.2.4.1112Substring Matching Rule caseIgnoreSubstringsMatch



Attribute Typesprinter-delivery-orientation-supported


Equality Matching Rule caseIgnoreMatchSingle Value trueNames printer-current-operatorOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


printer-delivery-orientation-supportedOrigin RFC 3712Usage userApplicationsDescription The possible delivery orientations of pages as they are printed and ejected from

this printer.OID 1.3.18.0.2.4.1114Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-delivery-orientation-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


printer-document-format-supportedOrigin RFC 3712Usage userApplicationsDescription The possible source document formats which may be interpreted and printed by

this printer.OID 1.3.18.0.2.4.1130



Attribute Typesprinter-finishings-supported


Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-document-format-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


printer-finishings-supported

Origin RFC 3712Usage userApplicationsDescription The possible finishing operations supported by this printer.OID 1.3.18.0.2.4.1125Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-finishings-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


printer-generated-natural-language-supported

Origin RFC 3712Usage userApplicationsDescription Natural language(s) supported for this directory entry.OID 1.3.18.0.2.4.1137



Attribute Typesprinter-info


Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-generated-natural-language-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


printer-infoOrigin RFC 3712Usage userApplicationsDescription Descriptive information about this printer.OID 1.3.18.0.2.4.1139Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames printer-infoOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


printer-ipp-versions-supportedOrigin RFC 3712Usage userApplicationsDescription IPP protocol version(s) that this printer supports.OID 1.3.18.0.2.4.1133Substring Matching Rule caseIgnoreSubstringsMatch



Attribute Typesprinter-job-k-octets-supported


Equality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-ipp-versions-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By printerIPPSchema File 03-rfc3712.ldifSyntax Directory String

printer-job-k-octets-supportedOrigin RFC 3712Usage userApplicationsDescription The maximum size in kilobytes (1,024 octets actually) incoming print job that this

printer will accept.OID 1.3.18.0.2.4.1111Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames printer-job-k-octets-supportedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


printer-job-priority-supportedOrigin RFC 3712Usage userApplicationsDescription Indicates the number of job priority levels supported by this printer.OID 1.3.18.0.2.4.1110Substring Matching Rule caseExactSubstringsMatch



Attribute Typesprinter-location


Equality Matching Rule integerMatchSingle Value trueNames printer-job-priority-supportedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


printer-location

Origin RFC 3712Usage userApplicationsDescription The physical location of this printer.OID 1.3.18.0.2.4.1136Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames printer-locationOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


printer-make-and-model

Origin RFC 3712Usage userApplicationsDescription Make and model of this printer.OID 1.3.18.0.2.4.1138Substring Matching Rule caseIgnoreSubstringsMatch



Attribute Typesprinter-media-local-supported


Equality Matching Rule caseIgnoreMatchSingle Value trueNames printer-make-and-modelOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


printer-media-local-supportedOrigin RFC 3712Usage userApplicationsDescription Site-specific names of media supported by this printer.OID 1.3.18.0.2.4.1117Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-media-local-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


printer-media-supportedOrigin RFC 3712Usage userApplicationsDescription The standard names/types/sizes (and optional color suffixes) of the media

supported by this printer.OID 1.3.18.0.2.4.1122Substring Matching Rule caseIgnoreSubstringsMatch



Attribute Typesprinter-more-info


Equality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-media-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


printer-more-info

Origin RFC 3712Usage userApplicationsDescription A URI for more information about this specific printer.OID 1.3.18.0.2.4.1134Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames printer-more-infoOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


printer-multiple-document-jobs-supported

Origin RFC 3712Usage userApplicationsDescription Indicates whether this printer supports more than one document per job.OID 1.3.18.0.2.4.1132Equality Matching Rule booleanMatch



Attribute Typesprinter-name


Single Value trueNames printer-multiple-document-jobs-supportedUser ModificationAllowed

true

Used By printerAbstract, printerIPP, printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Boolean

printer-nameOrigin RFC 3712Usage userApplicationsDescription The site-specific administrative name of this printer.OID 1.3.18.0.2.4.1135Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames printer-nameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By printerAbstract, printerLPR, printerService, printerServiceAuxClass, sunPrinterSchema File 03-rfc3712.ldifSyntax Directory String

printer-natural-language-configuredOrigin RFC 3712Usage userApplicationsDescription The configured natural language in which error and status messages will be

generated (by default) by this printer.OID 1.3.18.0.2.4.1119Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value true



Attribute Typesprinter-number-up-supported


Names printer-natural-language-configuredOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


printer-number-up-supportedOrigin RFC 3712Usage userApplicationsDescription The possible numbers of print-stream pages to impose upon a single side of an

instance of a selected medium.OID 1.3.18.0.2.4.1124Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value false: multiple values allowedNames printer-number-up-supportedOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


printer-output-features-supportedOrigin RFC 3712Usage userApplicationsDescription The possible output features supported by this printer.OID 1.3.18.0.2.4.1116Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowed



Attribute Typesprinter-pages-per-minute-color


Names printer-output-features-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


printer-pages-per-minute-colorOrigin RFC 3712Usage userApplicationsDescription The nominal number of color pages per minute which may be output by this

printer.OID 1.3.18.0.2.4.1126Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames printer-pages-per-minute-colorOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


printer-pages-per-minuteOrigin RFC 3712Usage userApplicationsDescription The nominal number of pages per minute which may be output by this printer.OID 1.3.18.0.2.4.1127Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value true



Attribute Typesprinter-print-quality-supported


Names printer-pages-per-minuteOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


printer-print-quality-supported

Origin RFC 3712Usage userApplicationsDescription List of print qualities supported for printing documents on this printer.OID 1.3.18.0.2.4.1120Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-print-quality-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


printer-resolution-supported

Origin RFC 3712Usage userApplicationsDescription List of resolutions supported for printing documents by this printer.OID 1.3.18.0.2.4.1121Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowed



Attribute Typesprinter-service-person


Names printer-resolution-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


printer-service-personOrigin RFC 3712Usage userApplicationsDescription The identity of the current human service person responsible for servicing this

printer.OID 1.3.18.0.2.4.1113Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames printer-service-personOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


printer-sides-supportedOrigin RFC 3712Usage userApplicationsDescription The number of impression sides (one or two) and the two-sided impression

rotations supported by this printer.OID 1.3.18.0.2.4.1123Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatch



Attribute Typesprinter-stacking-order-supported


Single Value false: multiple values allowedNames printer-sides-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


printer-stacking-order-supportedOrigin RFC 3712Usage userApplicationsDescription The possible stacking order of pages as they are printed and ejected from this

printer.OID 1.3.18.0.2.4.1115Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-stacking-order-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


printer-uriOrigin RFC 3712Usage userApplicationsDescription A URI supported by this printer.OID 1.3.18.0.2.4.1140Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatch



Attribute Typesprinter-xri-supported


Single Value trueNames printer-uriOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String

printer-xri-supportedOrigin RFC 3712Usage userApplicationsDescription The unordered list of XRI (extended resource identifiers) supported by this

printer.OID 1.3.18.0.2.4.1107Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames printer-xri-supportedOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By printerService, printerServiceAuxClassSchema File 03-rfc3712.ldifSyntax Directory String

profileTTLOrigin RFC 4876Usage userApplicationsDescription Time to live, in seconds, before a profile is considered staleOID 1.3.6.1.4.1.11.1.3.1.1.7Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatch



Attribute TypesprotocolInformation


Single Value trueNames profileTTLOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


protocolInformationUsed with a presentationAddress attribute to provide additional information to the OSI network service.

Origin RFC 2256Usage userApplicationsOID 2.5.4.48Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule protocolInformationMatchSingle Value false: multiple values allowedNames protocolInformationOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Schema File 00-core.ldifSyntax Protocol Information

push2faEnabledOrigin OpenAMUsage userApplicationsDescription Indicator for enabling of Push 2FAOID 1.3.6.1.4.1.36733.2.2.1.140Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value false: multiple values allowed


Attribute TypespushDeviceProfiles


Names push2faEnabledOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By iplanet-am-auth-configuration-serviceSchema File 60-identity-store-ds-schema.ldifSyntax Integer

pushDeviceProfiles

Origin OpenAMUsage userApplicationsDescription Push device profiles stringInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.11Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames pushDeviceProfilesOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By pushDeviceProfilesContainerSchema File 60-identity-store-ds-pushdevices.ldifSyntax Directory String

pwdAccountLockedTimeTimestamp when the account was last locked, where 000001010000Z means the account has been lockedpermanently.

Origin draft-behera-ldap-password-policyUsage directoryOperationDescription The time an user account was lockedOID 1.3.6.1.4.1.42.2.27.8.1.17

https://tools.ietf.org/html/draft-behera-ldap-password-policy

Attribute TypespwdAllowUserChange


Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames pwdAccountLockedTimeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

false

Schema File 01-pwpolicy.ldifSyntax Generalized Time

pwdAllowUserChangeWhether users can change their own passwords.

Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.14Equality Matching Rule booleanMatchSingle Value trueNames pwdAllowUserChangeUser ModificationAllowed

true

Used By pwdPolicySchema File 01-pwpolicy.ldifSyntax Boolean

pwdAttributeName of the attribute to which the password policy applies.

Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value false: multiple values allowed



Attribute TypespwdChangedTime


Names pwdAttributeUser ModificationAllowed

true

Used By pwdPolicySchema File 01-pwpolicy.ldifSyntax OID

pwdChangedTimeTimestamp of last password change.

Origin draft-behera-ldap-password-policyUsage directoryOperationDescription The time the password was last changedOID 1.3.6.1.4.1.42.2.27.8.1.16Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames pwdChangedTimeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

false


pwdCheckQualityHow to verify quality when a password is added or modified. 0: do not check; 1: check, but accept ifvalidation passes or if unable to check; 2: check, and return an error if verification does not pass orcannot be completed.

Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.5Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatch



Attribute TypespwdExpireWarning


Single Value trueNames pwdCheckQualityOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By pwdPolicySchema File 01-pwpolicy.ldifSyntax Integer

pwdExpireWarningMaximum number of seconds before expiry to begin returning errors to the user binding to thedirectory.

Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.7Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames pwdExpireWarningOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


pwdFailureCountIntervalNumber of seconds after which failures are purged from the failure counter.

Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.12Substring Matching Rule caseExactSubstringsMatch



Attribute TypespwdFailureTime


Equality Matching Rule integerMatchSingle Value trueNames pwdFailureCountIntervalOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


pwdFailureTimeTimestamp of the last consecutive authentication failure.

Origin draft-behera-ldap-password-policyUsage directoryOperationDescription The timestamps of the last consecutive authentication failuresOID 1.3.6.1.4.1.42.2.27.8.1.19Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value false: multiple values allowedNames pwdFailureTimeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

false


pwdGraceAuthNLimitNumber of times an expired password can be used to authenticate.

Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.8Substring Matching Rule caseExactSubstringsMatch



Attribute TypespwdGraceUseTime


Equality Matching Rule integerMatchSingle Value trueNames pwdGraceAuthNLimitOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


pwdGraceUseTimeTimestamps of grace authentications after a password expired.

Origin draft-behera-ldap-password-policyUsage directoryOperationDescription The timestamps of the grace authentication after the password has expiredOID 1.3.6.1.4.1.42.2.27.8.1.21Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value false: multiple values allowedNames pwdGraceUseTimeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

false


pwdHistoryHistory of previously used passwords.

Origin draft-behera-ldap-password-policyUsage directoryOperationDescription The history of user s passwordsOID 1.3.6.1.4.1.42.2.27.8.1.20



Attribute TypespwdInHistory


Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames pwdHistoryOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

false

Schema File 01-pwpolicy.ldifSyntax Octet String

pwdInHistoryMaximum number of passwords stored in the pwdHistory attribute.

Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.4Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames pwdInHistoryOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


pwdLockoutWhether the password can no longer used to authenticate when pwdMaxFailure has been reached.

Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.9Equality Matching Rule booleanMatchSingle Value true



Attribute TypespwdLockoutDuration


Names pwdLockoutUser ModificationAllowed

true


pwdLockoutDurationNumber of seconds when the password can not be used to authenticate after pwdMaxFailure has beenreached.

Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.10Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames pwdLockoutDurationOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


pwdMaxAgeNumber of seconds after which a password expires.

Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.3Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value true



Attribute TypespwdMaxFailure


Names pwdMaxAgeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


pwdMaxFailureMaximum number of consecutive failed bind attempts allowed before the account is locked.

Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.11Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames pwdMaxFailureOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


pwdMinAgeMinimum number of seconds between modifications to the password.

Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.2Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value true



Attribute TypespwdMinLength


Names pwdMinAgeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


pwdMinLengthMinimum number of characters in a password.

Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.6Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames pwdMinLengthOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


pwdMustChangeWhether users much change their passwords when first binding or after a password reset.

Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.13Equality Matching Rule booleanMatchSingle Value trueNames pwdMustChange



Attribute TypespwdPolicySubentry



true


pwdPolicySubentryPointer to the password policy subentry for the current entry.

Origin draft-behera-ldap-password-policyUsage directoryOperationDescription The pwdPolicy subentry in effect for this objectOID 1.3.6.1.4.1.42.2.27.8.1.23Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames pwdPolicySubentryUser ModificationAllowed

false

Schema File 01-pwpolicy.ldifSyntax DN

pwdResetWhether the password has been reset by an administrator, and must be changed by the user.

Origin draft-behera-ldap-password-policyUsage directoryOperationDescription The indication that the password has been resetOID 1.3.6.1.4.1.42.2.27.8.1.22Equality Matching Rule booleanMatchSingle Value trueNames pwdResetUser ModificationAllowed

true



Attribute TypespwdSafeModify


Schema File 01-pwpolicy.ldifSyntax Boolean

pwdSafeModifyWhether the existing password must be supplied when changing passwords.

Origin draft-behera-ldap-password-policyUsage userApplicationsOID 1.3.6.1.4.1.42.2.27.8.1.15Equality Matching Rule booleanMatchSingle Value trueNames pwdSafeModifyUser ModificationAllowed

true


refThis attribute holds labeledURI values referring to another LDAP server. The URI should be an LDAPURL. The URI should not specify scope, filter, or an attribute description list, and it should contain anon-empty DN.

Example: ldap://referral.example.com:1389/ou=Subscribers,dc=example,dc=com

Origin RFC 3296Usage distributedOperationDescription named reference - a labeledURIOID 2.16.840.1.113730.3.1.34Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames refOrdering Matching Rule caseIgnoreOrderingMatch



Attribute TypesregisteredAddress



true

Used By referralSchema File 00-core.ldifSyntax Directory String

registeredAddressA postal address suitable for reception of telegrams and expedited documents, where the recipientmust accept delivery.

Example: Receptionist$Widget, Inc.$1234 Main St.$Anytown, CA 12345$USA.

Origin RFC 4519Usage userApplicationsSuperior Type postalAddressOID 2.5.4.26Substring Matching Rule caseIgnoreListSubstringsMatchEquality Matching Rule caseIgnoreListMatchSingle Value false: multiple values allowedNames registeredAddressUser ModificationAllowed

true



replicaIdentifierUniquely identifies a replica in a topology.

Origin OpenDS Directory ServerUsage directoryOperationDescription the OpenDS replication domain server identifier for the changeOID 1.3.6.1.4.1.42.2.27.9.1.724


Attribute TypesreplicationCSN


Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames replicaIdentifierOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


replicationCSNHolds a replication change sequence number.

Origin OpenDS Directory ServerUsage directoryOperationDescription The OpenDS replication change number for the changeOID 1.3.6.1.4.1.42.2.27.9.1.725Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames replicationCSNOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


rfc822mailMemberOrigin Solaris SpecificUsage userApplicationsDescription rfc822 mail addresss of group memberOID 1.3.6.1.4.1.42.2.27.2.1.15Substring Matching Rule caseIgnoreSubstringsMatch

Attribute TypesroleOccupant


Equality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames rfc822mailMemberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By nisMailAliasSchema File 05-solaris.ldifSyntax IA5 String

roleOccupantDistinguished names of objects that fulfill the responsibilities of the current role object.

For example, if the role object is for Director of Engineering, this role could be fulfilled by multipleusers.

Origin RFC 4519Usage userApplicationsSuperior Type distinguishedNameOID 2.5.4.33Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames roleOccupantUser ModificationAllowed

true

Used By organizationalRoleSchema File 00-core.ldifSyntax DN

roomNumberRoom number for an object, which might be multiple when rooms are being renumbered, forexample. Use the cn attribute when naming rooms, as room numbers can change.

Origin RFC 4524



Attribute TypessambaAcctFlags


Usage userApplicationsOID 0.9.2342.19200300.100.1.6Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames roomNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By inetOrgPerson, pilotPerson, roomSchema File 00-core.ldifSyntax Directory String

sambaAcctFlags

Usage userApplicationsDescription Account FlagsOID 1.3.6.1.4.1.7165.2.1.26Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames sambaAcctFlagsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By sambaSamAccountSchema File 05-samba.ldifSyntax IA5 String

sambaAlgorithmicRidBase

Usage userApplicationsDescription Base at which the samba RID generation algorithm should operateOID 1.3.6.1.4.1.7165.2.1.40

Attribute TypessambaBadPasswordCount


Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaAlgorithmicRidBaseOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By sambaDomainSchema File 05-samba.ldifSyntax Integer

sambaBadPasswordCount

Usage userApplicationsDescription Bad password attempt countOID 1.3.6.1.4.1.7165.2.1.48Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaBadPasswordCountOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By sambaSamAccountSchema File 05-samba.ldifSyntax Integer

sambaBadPasswordTime

Usage userApplicationsDescription Time of the last bad password attemptOID 1.3.6.1.4.1.7165.2.1.49Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatch

Attribute TypessambaBoolOption


Single Value trueNames sambaBadPasswordTimeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


sambaBoolOptionUsage userApplicationsDescription A boolean optionOID 1.3.6.1.4.1.7165.2.1.43Equality Matching Rule booleanMatchSingle Value trueNames sambaBoolOptionUser ModificationAllowed

true

Used By sambaConfigOptionSchema File 05-samba.ldifSyntax Boolean

sambaDomainNameUsage userApplicationsDescription Windows NT domain to which the user belongsOID 1.3.6.1.4.1.7165.2.1.38Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sambaDomainNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Attribute TypessambaForceLogoff


Used By sambaDomain, sambaSamAccount, sambaTrustPasswordSchema File 05-samba.ldifSyntax Directory String

sambaForceLogoffUsage userApplicationsDescription Disconnect Users outside logon hours (default: -1 => off, 0 => on)OID 1.3.6.1.4.1.7165.2.1.66Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaForceLogoffOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


sambaGroupTypeUsage userApplicationsDescription NT Group TypeOID 1.3.6.1.4.1.7165.2.1.19Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaGroupTypeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By sambaGroupMappingSchema File 05-samba.ldifSyntax Integer

Attribute TypessambaHomeDrive


sambaHomeDriveUsage userApplicationsDescription Driver letter of home directory mappingOID 1.3.6.1.4.1.7165.2.1.33Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames sambaHomeDriveOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


sambaHomePathUsage userApplicationsDescription Home directory UNC pathOID 1.3.6.1.4.1.7165.2.1.37Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sambaHomePathOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By sambaSamAccountSchema File 05-samba.ldifSyntax Directory String

sambaIntegerOptionUsage userApplications

Attribute TypessambaKickoffTime


Description An integer optionOID 1.3.6.1.4.1.7165.2.1.44Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaIntegerOptionOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By sambaConfigOptionSchema File 05-samba.ldifSyntax Integer

sambaKickoffTimeUsage userApplicationsDescription Timestamp of when the user will be logged off automaticallyOID 1.3.6.1.4.1.7165.2.1.32Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaKickoffTimeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


sambaLMPasswordUsage userApplicationsDescription LanManager PasswordOID 1.3.6.1.4.1.7165.2.1.24Substring Matching Rule caseIgnoreSubstringsMatch

Attribute TypessambaLockoutDuration


Equality Matching Rule caseIgnoreIA5MatchSingle Value trueNames sambaLMPasswordOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


sambaLockoutDurationUsage userApplicationsDescription Lockout duration in minutes (default: 30, -1 => forever)OID 1.3.6.1.4.1.7165.2.1.63Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaLockoutDurationOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


sambaLockoutObservationWindowUsage userApplicationsDescription Reset time after lockout in minutes (default: 30)OID 1.3.6.1.4.1.7165.2.1.64Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaLockoutObservationWindow

Attribute TypessambaLockoutThreshold



true


sambaLockoutThresholdUsage userApplicationsDescription Lockout users after bad logon attempts (default: 0 => off)OID 1.3.6.1.4.1.7165.2.1.65Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaLockoutThresholdOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


sambaLogoffTimeUsage userApplicationsDescription Timestamp of last logoffOID 1.3.6.1.4.1.7165.2.1.31Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaLogoffTimeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Attribute TypessambaLogonHours



sambaLogonHoursUsage userApplicationsDescription Logon HoursOID 1.3.6.1.4.1.7165.2.1.55Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames sambaLogonHoursOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


sambaLogonScriptUsage userApplicationsDescription Logon script pathOID 1.3.6.1.4.1.7165.2.1.34Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames sambaLogonScriptOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


Attribute TypessambaLogonTime


sambaLogonTimeUsage userApplicationsDescription Timestamp of last logonOID 1.3.6.1.4.1.7165.2.1.30Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaLogonTimeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


sambaLogonToChgPwdUsage userApplicationsDescription Force Users to logon for password change (default: 0 => off, 2 => on)OID 1.3.6.1.4.1.7165.2.1.60Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaLogonToChgPwdOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


sambaMaxPwdAgeUsage userApplications

Attribute TypessambaMinPwdAge


Description Maximum password age, in seconds (default: -1 => never expire passwords)OID 1.3.6.1.4.1.7165.2.1.61Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaMaxPwdAgeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


sambaMinPwdAgeUsage userApplicationsDescription Minimum password age, in seconds (default: 0 => allow immediate password

change)OID 1.3.6.1.4.1.7165.2.1.62Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaMinPwdAgeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


sambaMinPwdLengthUsage userApplicationsDescription Minimal password length (default: 5)OID 1.3.6.1.4.1.7165.2.1.58

Attribute TypessambaMungedDial


Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaMinPwdLengthOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


sambaMungedDial

Usage userApplicationsDescription Base64 encoded user parameter stringOID 1.3.6.1.4.1.7165.2.1.47Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames sambaMungedDialOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


sambaNextGroupRid

Usage userApplicationsDescription Next NT rid to give out for groupsOID 1.3.6.1.4.1.7165.2.1.22Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatch

Attribute TypessambaNextRid


Single Value trueNames sambaNextGroupRidOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


sambaNextRid

Usage userApplicationsDescription Next NT rid to give out for anythingOID 1.3.6.1.4.1.7165.2.1.39Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaNextRidOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


sambaNextUserRid

Usage userApplicationsDescription Next NT rid to give our for usersOID 1.3.6.1.4.1.7165.2.1.21Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaNextUserRid

Attribute TypessambaNTPassword



true


sambaNTPasswordUsage userApplicationsDescription MD4 hash of the unicode passwordOID 1.3.6.1.4.1.7165.2.1.25Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames sambaNTPasswordOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By sambaSamAccount, sambaTrustPasswordSchema File 05-samba.ldifSyntax IA5 String

sambaOptionNameUsage userApplicationsDescription Option NameOID 1.3.6.1.4.1.7165.2.1.42Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sambaOptionNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Attribute TypessambaPasswordHistory


Used By sambaConfigOptionSchema File 05-samba.ldifSyntax Directory String

sambaPasswordHistoryUsage userApplicationsDescription Concatenated MD4 hashes of the unicode passwords used on this accountOID 1.3.6.1.4.1.7165.2.1.54Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames sambaPasswordHistoryOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


sambaPrimaryGroupSIDUsage userApplicationsDescription Primary Group Security IDOID 1.3.6.1.4.1.7165.2.1.23Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames sambaPrimaryGroupSIDOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


Attribute TypessambaPrivilegeList


sambaPrivilegeListUsage userApplicationsDescription Privileges ListOID 1.3.6.1.4.1.7165.2.1.52Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames sambaPrivilegeListOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By sambaPrivilegeSchema File 05-samba.ldifSyntax IA5 String

sambaProfilePathUsage userApplicationsDescription Roaming profile pathOID 1.3.6.1.4.1.7165.2.1.35Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames sambaProfilePathOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


sambaPwdCanChangeUsage userApplications

Attribute TypessambaPwdHistoryLength


Description Timestamp of when the user is allowed to update the passwordOID 1.3.6.1.4.1.7165.2.1.28Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaPwdCanChangeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


sambaPwdHistoryLength

Usage userApplicationsDescription Length of Password History Entries (default: 0 => off)OID 1.3.6.1.4.1.7165.2.1.59Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaPwdHistoryLengthOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


sambaPwdLastSet

Usage userApplicationsDescription Timestamp of the last password updateOID 1.3.6.1.4.1.7165.2.1.27

Attribute TypessambaPwdMustChange


Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaPwdLastSetOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By sambaSamAccount, sambaTrustPasswordSchema File 05-samba.ldifSyntax Integer

sambaPwdMustChange

Usage userApplicationsDescription Timestamp of when the password will expireOID 1.3.6.1.4.1.7165.2.1.29Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sambaPwdMustChangeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


sambaRefuseMachinePwdChange

Usage userApplicationsDescription Allow Machine Password changes (default: 0 => off)OID 1.3.6.1.4.1.7165.2.1.67Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatch

Attribute TypessambaShareName


Single Value trueNames sambaRefuseMachinePwdChangeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


sambaShareNameUsage userApplicationsDescription Share NameOID 1.3.6.1.4.1.7165.2.1.41Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames sambaShareNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By sambaShareSchema File 05-samba.ldifSyntax Directory String

sambaSIDUsage userApplicationsDescription Security IDOID 1.3.6.1.4.1.7165.2.1.20Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames sambaSIDOrdering Matching Rule caseIgnoreOrderingMatch

Attribute TypessambaSIDList



true

Used By sambaDomain, sambaGroupMapping, sambaIdmapEntry, sambaPrivilege,sambaSamAccount, sambaSidEntry, sambaTrustPassword

Schema File 05-samba.ldifSyntax IA5 String

sambaSIDListUsage userApplicationsDescription Security ID ListOID 1.3.6.1.4.1.7165.2.1.51Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames sambaSIDListOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By sambaGroupMappingSchema File 05-samba.ldifSyntax IA5 String

sambaStringListOptionUsage userApplicationsDescription A string list optionOID 1.3.6.1.4.1.7165.2.1.46Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sambaStringListOptionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Attribute TypessambaStringOption


Used By sambaConfigOptionSchema File 05-samba.ldifSyntax Directory String

sambaStringOption

Usage userApplicationsDescription A string optionOID 1.3.6.1.4.1.7165.2.1.45Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames sambaStringOptionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By sambaConfigOptionSchema File 05-samba.ldifSyntax IA5 String

sambaTrustFlags

Usage userApplicationsDescription Trust Password FlagsOID 1.3.6.1.4.1.7165.2.1.53Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames sambaTrustFlagsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By sambaTrustPasswordSchema File 05-samba.ldif

Attribute TypessambaUserWorkstations


Syntax IA5 String

sambaUserWorkstationsUsage userApplicationsDescription List of user workstations the user is allowed to logon toOID 1.3.6.1.4.1.7165.2.1.36Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames sambaUserWorkstationsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


searchGuideSets of information used by directory clients when constructing search filters.

This attribute is superseded by enhancedSearchGuide.

Origin RFC 4519Usage userApplicationsOID 2.5.4.14Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames searchGuideOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By country, dNSDomain, dmd, domain, friendlyCountry, locality, organization,organizationalUnit, pilotOrganization, rFC822LocalPart, sunservicecomponent



Attribute TypessearchTimeLimit


Syntax Guide

searchTimeLimitOrigin RFC 4876Usage userApplicationsDescription Maximum time an agent or service allows for a search to completeOID 1.3.6.1.4.1.11.1.3.1.1.3Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames searchTimeLimitOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


secretaryDNs of secretary or administrative assistant entries for the entry of a person or entity.

Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.21Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames secretaryUser ModificationAllowed

true

Used By inetOrgPerson, pilotPersonSchema File 00-core.ldifSyntax DN



Attribute TypesseeAlso


seeAlsoDistinguished names of entries related to the current entry.

Origin RFC 4519Usage userApplicationsSuperior Type distinguishedNameOID 2.5.4.34Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value false: multiple values allowedNames seeAlsoUser ModificationAllowed

true

Used By account, applicationEntity, applicationProcess, dNSDomain, dSA, device,dmd, document, documentSeries, domain, groupOfEntries, groupOfNames,groupOfURLs, groupOfUniqueNames, inetOrgPerson, locality, organization,organizationalPerson, organizationalRole, organizationalUnit, person, pilotDSA,pilotOrganization, pilotPerson, rFC822LocalPart, residentialPerson, room,sunservicecomponent, untypedObject


serialNumberSerial numbers of a device.

Origin RFC 4519Usage userApplicationsOID 2.5.4.5Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames serialNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By deviceSchema File 00-core.ldif



Attribute Typesservice-advert-attribute-authenticator


Syntax Printable String

service-advert-attribute-authenticatorAn SLP attribute authenticator, as described in RFC 2608, Section 9.2: Authentication Blocks.

Origin RFC 2926Usage userApplicationsDescription The authenticator for the attribute list, null if none.OID 1.3.6.1.4.1.6252.2.27.6.1.7Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames service-advert-attribute-authenticatorOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By slpService, slpServicePrinterSchema File 03-rfc2926.ldifSyntax IA5 String

service-advert-scopesSLP scopes as described in RFC 2608, Section 6.4.1: Scope Lists in SLP.

Origin RFC 2926Usage userApplicationsDescription A list of scopes for a service advertisement.OID 1.3.6.1.4.1.6252.2.27.6.1.5Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value false: multiple values allowedNames service-advert-scopesOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

https://tools.ietf.org/html/rfc2608#section-9.2


https://tools.ietf.org/html/rfc2608#section-6.4.1


Attribute Typesservice-advert-service-type



service-advert-service-typeService-specific type of an SLP template-type as described in RFC 2609, Section 2.1: Service URLSyntax.

Origin RFC 2926Usage userApplicationsDescription The service type of the service advertisement, including the "service:" prefix.OID 1.3.6.1.4.1.6252.2.27.6.1.4Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames service-advert-service-typeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


service-advert-url-authenticatorAn SLP URL authenticator, as described in RFC 2608, Section 9.2: Authentication Blocks.

Origin RFC 2926Usage userApplicationsDescription The authenticator for the URL, null if none.OID 1.3.6.1.4.1.6252.2.27.6.1.6Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames service-advert-url-authenticator






Attribute TypesserviceAuthenticationMethod



true


serviceAuthenticationMethodOrigin RFC 4876Usage userApplicationsDescription Specifies types authentication methods either used, required, or supported by a

particular serviceOID 1.3.6.1.4.1.11.1.3.1.1.15Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames serviceAuthenticationMethodOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


serviceCredentialLevelOrigin RFC 4876Usage userApplicationsDescription Specifies the type of credentials either used, required, or supported by a specific

serviceOID 1.3.6.1.4.1.11.1.3.1.1.13Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowed



Attribute TypesserviceSearchDescriptor


Names serviceCredentialLevelOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


serviceSearchDescriptorOrigin RFC 4876Usage userApplicationsDescription Specifies search descriptors required, used, or supported by a particular service

or agentOID 1.3.6.1.4.1.11.1.3.1.1.14Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames serviceSearchDescriptorOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


shadowExpireOrigin draft-howard-rfc2307bisUsage userApplicationsOID 1.3.6.1.1.1.1.10Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames shadowExpire



Attribute TypesshadowFlag



true

Used By shadowAccountSchema File 04-rfc2307bis.ldifSyntax Integer

shadowFlagOrigin draft-howard-rfc2307bisUsage userApplicationsOID 1.3.6.1.1.1.1.11Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames shadowFlagOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


shadowInactiveOrigin draft-howard-rfc2307bisUsage userApplicationsOID 1.3.6.1.1.1.1.9Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames shadowInactiveOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true



Attribute TypesshadowLastChange



shadowLastChangeOrigin draft-howard-rfc2307bisUsage userApplicationsOID 1.3.6.1.1.1.1.5Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames shadowLastChangeOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


shadowMaxOrigin draft-howard-rfc2307bisUsage userApplicationsOID 1.3.6.1.1.1.1.7Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames shadowMaxOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true




Attribute TypesshadowMin


shadowMinOrigin draft-howard-rfc2307bisUsage userApplicationsOID 1.3.6.1.1.1.1.6Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames shadowMinOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


shadowWarningOrigin draft-howard-rfc2307bisUsage userApplicationsOID 1.3.6.1.1.1.1.8Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames shadowWarningOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


singleLevelQualityDirectory administrators can use this attribute to indicate the data quality at the level immediatelybelow in the DIT.



Attribute Typessn


Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.50Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames singleLevelQualityOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


snX.500 surname attribute that contains the family name of a person.

Origin RFC 4519Usage userApplicationsSuperior Type nameOID 2.5.4.4Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sn, surnameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By inetOrgPerson, organizationalPerson, person, pilotPerson, rFC822LocalPart,residentialPerson


sOARecordA type SOA (start of authority) DNS resource record.



Attribute TypesSolarisAttrKeyValue


Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.30Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sOARecordOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


SolarisAttrKeyValue

Origin Solaris SpecificUsage userApplicationsDescription Semi-colon separated key=value pairs of attributesOID 1.3.6.1.4.1.42.2.27.5.1.4Substring Matching Rule caseIgnoreIA5SubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisAttrKeyValueOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By SolarisAuthAttr, SolarisExecAttr, SolarisProfAttr, SolarisUserAttr, ipTnetTemplateSchema File 05-solaris.ldifSyntax IA5 String

SolarisAttrLongDesc

Origin Solaris Specific


Attribute TypesSolarisAttrReserved1


Usage userApplicationsDescription Detail description about an entryOID 1.3.6.1.4.1.42.2.27.5.1.8Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisAttrLongDescOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By SolarisAuthAttr, SolarisProfAttrSchema File 05-solaris.ldifSyntax IA5 String

SolarisAttrReserved1Origin Solaris SpecificUsage userApplicationsDescription Reserved for future useOID 1.3.6.1.4.1.42.2.27.5.1.13Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisAttrReserved1Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By SolarisAuthAttr, SolarisExecAttr, SolarisProfAttr, SolarisUserAttrSchema File 05-solaris.ldifSyntax IA5 String

SolarisAttrReserved2Origin Solaris SpecificUsage userApplications

Attribute TypesSolarisAttrShortDesc


Description Reserved for future useOID 1.3.6.1.4.1.42.2.27.5.1.14Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisAttrReserved2Ordering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By SolarisAuthAttr, SolarisExecAttr, SolarisProfAttr, SolarisUserAttrSchema File 05-solaris.ldifSyntax IA5 String

SolarisAttrShortDescOrigin Solaris SpecificUsage userApplicationsDescription Short description about an entry, used by GUIsOID 1.3.6.1.4.1.42.2.27.5.1.7Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisAttrShortDescOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By SolarisAuthAttrSchema File 05-solaris.ldifSyntax IA5 String

SolarisAuditAlwaysOrigin Solaris SpecificUsage userApplicationsDescription Always audited attributes per-user

Attribute TypesSolarisAuditNever


OID 1.3.6.1.4.1.42.2.27.5.1.5Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisAuditAlwaysOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By SolarisAuditUserSchema File 05-solaris.ldifSyntax IA5 String

SolarisAuditNeverOrigin Solaris SpecificUsage userApplicationsDescription Never audited attributes per-userOID 1.3.6.1.4.1.42.2.27.5.1.6Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisAuditNeverOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By SolarisAuditUserSchema File 05-solaris.ldifSyntax IA5 String

SolarisAuthMethodOrigin Solaris SpecificUsage userApplicationsDescription Authentication method to be used eg. "NS_LDAP_AUTH_NONE",

"NS_LDAP_AUTH_SIMPLE" or "NS_LDAP_AUTH_SASL_CRAM_MD5"

Attribute TypesSolarisBindDN


OID 1.3.6.1.4.1.42.2.27.5.1.20Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames SolarisAuthMethodOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By SolarisNamingProfileSchema File 05-solaris.ldifSyntax IA5 String

SolarisBindDN

Origin Solaris SpecificUsage userApplicationsDescription DN to be used to bind to the directory as proxyOID 1.3.6.1.4.1.42.2.27.5.1.18Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames SolarisBindDNOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By SolarisNamingProfileSchema File 05-solaris.ldifSyntax Directory String

SolarisBindPassword

Origin Solaris SpecificUsage userApplicationsDescription Password for bindDN to authenticate to the directory

Attribute TypesSolarisBindTimeLimit


OID 1.3.6.1.4.1.42.2.27.5.1.19Equality Matching Rule octetStringMatchSingle Value trueNames SolarisBindPasswordOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By SolarisNamingProfileSchema File 05-solaris.ldifSyntax Octet String

SolarisBindTimeLimitOrigin Solaris SpecificUsage userApplicationsDescription Time Limit in seconds for bind operationsOID 1.3.6.1.4.1.42.2.27.5.1.31Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames SolarisBindTimeLimitOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By SolarisNamingProfileSchema File 05-solaris.ldifSyntax Integer

SolarisCacheTTLOrigin Solaris SpecificUsage userApplicationsDescription TTL value for the Domain information eg. 1w, 2d, 3h, 10m, or 5sOID 1.3.6.1.4.1.42.2.27.5.1.17Substring Matching Rule caseIgnoreSubstringsMatch

Attribute TypesSolarisCertificatePassword


Equality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisCacheTTLOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


SolarisCertificatePasswordOrigin Solaris SpecificUsage userApplicationsDescription Password or PIN that grants access to certificate.OID 1.3.6.1.4.1.42.2.27.5.1.23Equality Matching Rule octetStringMatchSingle Value trueNames SolarisCertificatePasswordOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By SolarisNamingProfileSchema File 05-solaris.ldifSyntax Octet String

SolarisCertificatePathOrigin Solaris SpecificUsage userApplicationsDescription Path to certificate file/deviceOID 1.3.6.1.4.1.42.2.27.5.1.22Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value true

Attribute TypesSolarisDataSearchDN


Names SolarisCertificatePathOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


SolarisDataSearchDNOrigin Solaris SpecificUsage userApplicationsDescription Search DN for data lookup in ":(DN0),(DN1),..." formatOID 1.3.6.1.4.1.42.2.27.5.1.24Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames SolarisDataSearchDNOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


SolarisKernelSecurityPolicyOrigin Solaris SpecificUsage userApplicationsDescription Solaris kernel security policyOID 1.3.6.1.4.1.42.2.27.5.1.9Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisKernelSecurityPolicy

Attribute TypesSolarisLDAPServers



true

Used By SolarisExecAttrSchema File 05-solaris.ldifSyntax IA5 String

SolarisLDAPServersOrigin Solaris SpecificUsage userApplicationsDescription LDAP Server address eg. 76.234.3.1:389OID 1.3.6.1.4.1.42.2.27.5.1.15Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames SolarisLDAPServersOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


SolarisPreferredServerOrigin Solaris SpecificUsage userApplicationsDescription Preferred LDAP Server address or network numberOID 1.3.6.1.4.1.42.2.27.5.1.27Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value false: multiple values allowedNames SolarisPreferredServerOrdering Matching Rule caseIgnoreOrderingMatch

Attribute TypesSolarisPreferredServerOnly



true


SolarisPreferredServerOnlyOrigin Solaris SpecificUsage userApplicationsDescription Boolean flag for use of preferredServer or notOID 1.3.6.1.4.1.42.2.27.5.1.28Equality Matching Rule booleanMatchSingle Value trueNames SolarisPreferredServerOnlyUser ModificationAllowed

true

Used By SolarisNamingProfileSchema File 05-solaris.ldifSyntax Boolean

SolarisProfileIdOrigin Solaris SpecificUsage userApplicationsDescription Identifier of object defined in profileOID 1.3.6.1.4.1.42.2.27.5.1.11Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisProfileIdOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By SolarisExecAttr

Attribute TypesSolarisProfileType



SolarisProfileType

Origin Solaris SpecificUsage userApplicationsDescription Type of object defined in profileOID 1.3.6.1.4.1.42.2.27.5.1.10Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisProfileTypeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By SolarisExecAttrSchema File 05-solaris.ldifSyntax IA5 String

SolarisProjectAttr

Origin Solaris SpecificUsage userApplicationsDescription Attributes of a Solaris Project entryOID 1.3.6.1.4.1.42.2.27.5.1.3Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames SolarisProjectAttrOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By SolarisProject

Attribute TypesSolarisProjectID



SolarisProjectID

Origin Solaris SpecificUsage userApplicationsDescription Unique ID for a Solaris Project entryOID 1.3.6.1.4.1.42.2.27.5.1.1Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames SolarisProjectIDOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By SolarisProjectSchema File 05-solaris.ldifSyntax Integer

SolarisProjectName

Origin Solaris SpecificUsage userApplicationsDescription Name of a Solaris Project EntryOID 1.3.6.1.4.1.42.2.27.5.1.2Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames SolarisProjectNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By SolarisProject

Attribute TypesSolarisSearchBaseDN



SolarisSearchBaseDNOrigin Solaris SpecificUsage userApplicationsDescription Search Base Distinguished NameOID 1.3.6.1.4.1.42.2.27.5.1.16Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames SolarisSearchBaseDNOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


SolarisSearchReferralOrigin Solaris SpecificUsage userApplicationsDescription referral chasing option eg. "NS_LDAP_NOREF" or "NS_LDAP_FOLLOWREF"OID 1.3.6.1.4.1.42.2.27.5.1.29Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisSearchReferralOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By SolarisNamingProfileSchema File 05-solaris.ldif

Attribute TypesSolarisSearchScope


Syntax IA5 String

SolarisSearchScopeOrigin Solaris SpecificUsage userApplicationsDescription Scope to be used for search operations eg. "NS_LDAP_SCOPE_BASE",

"NS_LDAP_SCOPE_ONELEVEL" or "NS_LDAP_SCOPE_SUBTREE"OID 1.3.6.1.4.1.42.2.27.5.1.25Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisSearchScopeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


SolarisSearchTimeLimitOrigin Solaris SpecificUsage userApplicationsDescription Time Limit in seconds for search operationsOID 1.3.6.1.4.1.42.2.27.5.1.26Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames SolarisSearchTimeLimitOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By SolarisNamingProfileSchema File 05-solaris.ldif

Attribute TypesSolarisTransportSecurity


Syntax Integer

SolarisTransportSecurityOrigin Solaris SpecificUsage userApplicationsDescription Transport Level Security method to be used eg. "NS_LDAP_SEC_NONE" or

"NS_LDAP_SEC_SASL_TLS"OID 1.3.6.1.4.1.42.2.27.5.1.21Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisTransportSecurityOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


SolarisUserQualifierOrigin Solaris SpecificUsage userApplicationsDescription Per-user login attributesOID 1.3.6.1.4.1.42.2.27.5.1.12Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreIA5MatchSingle Value trueNames SolarisUserQualifierOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By SolarisUserAttrSchema File 05-solaris.ldif

Attribute Typesst


Syntax IA5 String

stFull name of a state or province.

Origin RFC 4519Usage userApplicationsSuperior Type nameOID 2.5.4.8Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames st, stateOrProvinceNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By dNSDomain, dmd, domain, inetOrgPerson, locality, organization,organizationalPerson, organizationalRole, organizationalUnit, pilotOrganization,rFC822LocalPart, residentialPerson, sunservicecomponent, untypedObject


streetSite information for a postal address, such as the street name, place, avenue, and house number.

Example: 1234 Main St.

Origin RFC 4519Usage userApplicationsOID 2.5.4.9Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames street, streetAddressOrdering Matching Rule caseIgnoreOrderingMatch



Attribute TypesstructuralObjectClass



true

Used By dNSDomain, dmd, domain, inetOrgPerson, locality, organization,organizationalPerson, organizationalRole, organizationalUnit, pilotOrganization,rFC822LocalPart, residentialPerson, sunservicecomponent, untypedObject


structuralObjectClassIndicates the structural object class of the entry.

Origin RFC 4512Usage directoryOperationOID 2.5.21.9Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value trueNames structuralObjectClassUser ModificationAllowed

false


subschemaSubentryThis operational attribute indicates the entry holding the LDAP schema definitions that apply to thecurrent entry.

Origin RFC 4512Usage directoryOperationOID 2.5.18.10Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames subschemaSubentryUser ModificationAllowed

false



Attribute TypessubtreeMaximumQuality



subtreeMaximumQualityDirectory administrators can use this attribute to indicate the maximum data quality for a DITsubtree.

The default is the value of singleLevelQuality.

Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.52Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames subtreeMaximumQualityOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By qualityLabelledDataSchema File 00-core.ldifSyntax Directory String

subtreeMinimumQualityDirectory administrators can use this attribute to indicate the minimum data quality for a DITsubtree.

The default is the value of singleLevelQuality.

Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.51Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames subtreeMinimumQuality



Attribute TypessubtreeSpecification



true

Used By qualityLabelledDataSchema File 00-core.ldifSyntax Directory String

subtreeSpecificationA subtree specification provides a way to describe a subset of entries in a subtree of the DIT. Asubtree begins at a base entry and includes the subordinates of that entry to an optionally specifiedlower boundary, possibly including leaf entries.

The following example uses a subtree specification to apply privileges to Directory Administratorsgroup members under ou=people (relative to the parent of the subentry). In other words, this sampleapplies to entries under ou=people,dc=example,dc=com:

dn: cn=Administrator Privileges,dc=example,dc=comobjectClass: collectiveAttributeSubentryobjectClass: extensibleObjectobjectClass: subentryobjectClass: topcn: Administrator Privilegesds-privilege-name;collective: config-readds-privilege-name;collective: config-writeds-privilege-name;collective: ldif-exportds-privilege-name;collective: modify-aclds-privilege-name;collective: password-resetds-privilege-name;collective: proxied-authsubtreeSpecification: {base "ou=people", specificationFilter "(isMemberOf=cn=Directory Administrators,ou=Groups,dc=example,dc=com)" }

Notice that the subentry where this operational attribute occurs sets the context that implicitlydefines the bounds of the subtree.

Origin RFC 3672Usage directoryOperationOID 2.5.18.6Equality Matching Rule octetStringMatchSingle Value trueNames subtreeSpecificationOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true


Attribute Typessun-fm-saml2-nameid-info


Used By inheritedCollectiveAttributeSubentry,inheritedFromDNCollectiveAttributeSubentry,inheritedFromRDNCollectiveAttributeSubentry, subentry

Schema File 00-core.ldifSyntax Subtree Specification

sun-fm-saml2-nameid-infoThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription SAML 2.0 Name Identifier InformationOID 1.3.6.1.4.1.42.2.27.9.1.990Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sun-fm-saml2-nameid-infoOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By sunFMSAML2NameIdentifierSchema File 60-identity-store-ds-schema.ldifSyntax Directory String

sun-fm-saml2-nameid-infokeyThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription SAML 2.0 Name Identifier Information KeyOID 1.3.6.1.4.1.42.2.27.9.1.989Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowed

Attribute Typessun-printer-bsdaddr


Names sun-fm-saml2-nameid-infokeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By sunFMSAML2NameIdentifierSchema File 60-identity-store-ds-schema.ldifSyntax Directory String

sun-printer-bsdaddrOrigin Solaris SpecificUsage userApplicationsDescription Sets the server, print queue destination name and whether the client generates

protocol extensions. "Solaris" specifies a Solaris print server extension. The valueis represented by the following value: server "," destination ", Solaris".

OID 1.3.6.1.4.1.42.2.27.5.1.63Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames sun-printer-bsdaddrOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By sunPrinterSchema File 05-solaris.ldifSyntax Directory String

sun-printer-kvpOrigin Solaris SpecificUsage userApplicationsDescription This attribute contains a set of key value pairs which may have meaning to

the print subsystem or may be user defined. Each value is represented by thefollowing: key "=" value.

OID 1.3.6.1.4.1.42.2.27.5.1.64Substring Matching Rule caseIgnoreSubstringsMatch

Attribute TypessunAMAuthInvalidAttemptsData


Equality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sun-printer-kvpOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By sunPrinterSchema File 05-solaris.ldifSyntax Directory String

sunAMAuthInvalidAttemptsDataThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription XML data for Invalid Login AttemptsOID 1.3.6.1.4.1.42.2.27.9.1.793Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sunAMAuthInvalidAttemptsDataOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By sunAMAuthAccountLockoutSchema File 60-identity-store-ds-schema.ldifSyntax Directory String

sunIdentityMSISDNNumberThis attribute type stores AM profile information.

Origin OpenSSOUsage userApplicationsDescription User MSISDN Number

Attribute TypessunKeyValue


OID 1.3.6.1.4.1.42.2.27.9.1.823Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sunIdentityMSISDNNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


sunKeyValueThis attribute type stores AM configuration data.

Origin Sun Java System Identity ManagementUsage userApplicationsDescription Encoded key values of the servicesOID 1.3.6.1.4.1.42.2.27.9.1.83Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sunKeyValueOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By sunRealmService, sunservice, sunservicecomponentSchema File 60-config-schema.ldifSyntax Directory String

sunPluginSchemaThis attribute type stores AM configuration data.

Origin Sun Java System Identity Management

Attribute TypessunserviceID


Usage userApplicationsDescription Plugin schema informationOID 1.3.6.1.4.1.42.2.27.9.1.82Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sunPluginSchemaOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By sunserviceSchema File 60-config-schema.ldifSyntax Directory String

sunserviceIDThis attribute type stores AM configuration data.

Origin Sun Java System Identity ManagementUsage userApplicationsDescription Reference to the inherited objectOID 1.3.6.1.4.1.42.2.27.9.1.79Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames sunserviceIDOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By sunservicecomponentSchema File 60-config-schema.ldifSyntax Directory String

sunServiceSchemaThis attribute type stores AM configuration data.

Attribute Typessunsmspriority


Origin Sun Java System Identity ManagementUsage userApplicationsDescription XML schema of a particular serviceOID 1.3.6.1.4.1.42.2.27.9.1.78Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames sunServiceSchemaOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By sunserviceSchema File 60-config-schema.ldifSyntax Directory String

sunsmspriorityThis attribute type stores AM configuration data.

Origin Sun Java System Identity ManagementUsage userApplicationsDescription Priority of the service with respect to its siblingsOID 1.3.6.1.4.1.42.2.27.9.1.81Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames sunsmspriorityOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By sunservicecomponentSchema File 60-config-schema.ldifSyntax Integer

Attribute TypessunxmlKeyValue


sunxmlKeyValueThis attribute type stores AM configuration data.

Origin Sun Java System Identity ManagementUsage userApplicationsDescription Key values in XML formatOID 1.3.6.1.4.1.42.2.27.9.1.84Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames sunxmlKeyValueOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By sunRealmService, sunservice, sunservicecomponentSchema File 60-config-schema.ldifSyntax Directory String

supportedAlgorithmsX.509 supported algorithms, as described in X.509 clause 11.2.7.

Request and transfer values using the binary option for the attribute description,supportedAlgorithms;binary.

Origin RFC 4523Usage userApplicationsOID 2.5.4.52Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames supportedAlgorithmsOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By userSecurityInformationSchema File 00-core.ldif


Attribute TypessupportedApplicationContext


Syntax Supported Algorithm

supportedApplicationContextIdentifiers of OSI application contexts.

Origin RFC 2256Usage userApplicationsOID 2.5.4.30Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value false: multiple values allowedNames supportedApplicationContextUser ModificationAllowed

true

Used By applicationEntity, dSA, pilotDSASchema File 00-core.ldifSyntax OID

supportedAuthPasswordSchemesPassword storage schemes that can be used for authPassword values. This attribute is intended only foruse on the root DSE.

Origin RFC 3112Usage dSAOperationDescription supported password storage schemesOID 1.3.6.1.4.1.4203.1.3.3Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value false: multiple values allowedNames supportedAuthPasswordSchemesOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Schema File 03-rfc3112.ldifSyntax IA5 String



Attribute TypessupportedControl


supportedControlThis operational attribute indicates LDAP controls supported by this server.

Origin RFC 4512Usage dSAOperationOID 1.3.6.1.4.1.1466.101.120.13Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value false: multiple values allowedNames supportedControlUser ModificationAllowed

true


supportedExtensionThis operational attribute indicates LDAP extended operations supported by this server.

Origin RFC 4512Usage dSAOperationOID 1.3.6.1.4.1.1466.101.120.7Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value false: multiple values allowedNames supportedExtensionUser ModificationAllowed

true


supportedFeaturesThis operational attribute indicates optional LDAP features supported by this server.

Origin RFC 4512Usage dSAOperation




Attribute TypessupportedLDAPVersion


OID 1.3.6.1.4.1.4203.1.3.5Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule objectIdentifierMatchSingle Value false: multiple values allowedNames supportedFeaturesUser ModificationAllowed

true


supportedLDAPVersionThis operational attribute indicates LDAP versions supported by this server.

Origin RFC 4512Usage dSAOperationOID 1.3.6.1.4.1.1466.101.120.15Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value false: multiple values allowedNames supportedLDAPVersionOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true


supportedSASLMechanismsThis operational attribute indicates SASL mechanisms supported by this server.

Origin RFC 4512Usage dSAOperationOID 1.3.6.1.4.1.1466.101.120.14Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatch



Attribute TypessupportedTLSCiphers


Single Value false: multiple values allowedNames supportedSASLMechanismsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


supportedTLSCiphersOrigin OpenDJ Directory ServerUsage dSAOperationOID 1.3.6.1.4.1.36733.2.1.1.64Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames supportedTLSCiphersOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


supportedTLSProtocolsOrigin OpenDJ Directory ServerUsage dSAOperationOID 1.3.6.1.4.1.36733.2.1.1.63Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames supportedTLSProtocolsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Attribute TypestargetDN



targetDNOrigin draft-good-ldap-changelogUsage userApplicationsDescription the DN of the entry which was modifiedOID 2.16.840.1.113730.3.1.6Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames targetDNUser ModificationAllowed

true


targetEntryUUIDUniquely identifies an entry that is targeted to be changed.

Origin OpenDS Directory ServerUsage directoryOperationDescription The OpenDS unique id of the entry targeted by the changeOID 1.3.6.1.4.1.26027.1.1.590Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames targetEntryUUID, targetUniqueIDOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true



Attribute TypestelephoneNumber


telephoneNumberPhone number in a format complying with the ITU Recommendation E.123, such as +1 415 555 1212.

Origin RFC 4519Usage userApplicationsOID 2.5.4.20Substring Matching Rule telephoneNumberSubstringsMatchEquality Matching Rule telephoneNumberMatchSingle Value false: multiple values allowedNames telephoneNumberUser ModificationAllowed

true

Used By dNSDomain, dmd, documentSeries, domain, inetOrgPerson, organization,organizationalPerson, organizationalRole, organizationalUnit, person,pilotOrganization, pilotPerson, rFC822LocalPart, residentialPerson, room,sunservicecomponent

Schema File 00-core.ldifSyntax Telephone Number

teletexTerminalIdentifierThis attribute is obsolete since the ITU Recommendation F.200 was withdrawn.

Origin RFC 4519Usage userApplicationsOID 2.5.4.22Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames teletexTerminalIdentifierOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true





Attribute TypestelexNumber


Syntax Teletex Terminal Identifier

telexNumberSet of strings specifying the telex number, country code, and answerback code of a telex terminal,such as 12345$023$ABCDE.

Origin RFC 4519Usage userApplicationsOID 2.5.4.21Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames telexNumberOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


Schema File 00-core.ldifSyntax Telex Number

template-major-version-numberMajor component of an SLP template-version number for a service type template.

Origin RFC 2926Usage userApplicationsDescription The major version number of the service type templateOID 1.3.6.1.4.1.6252.2.27.6.1.1Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames template-major-version-numberOrdering Matching Rule integerOrderingMatch



Attribute Typestemplate-minor-version-number



true

Used By slpService, slpServicePrinterSchema File 03-rfc2926.ldifSyntax Integer

template-minor-version-numberMinor component of an SLP template-version number for a service type template.

Origin RFC 2926Usage userApplicationsDescription The minor version number of the service type templateOID 1.3.6.1.4.1.6252.2.27.6.1.2Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames template-minor-version-numberOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By slpService, slpServicePrinterSchema File 03-rfc2926.ldifSyntax Integer

template-url-syntaxABNF grammar describing the service type specific part of the service URL for an SLP service typetemplate.

Origin RFC 2926Usage userApplicationsDescription An ABNF grammar describing the service type specific part of the service URLOID 1.3.6.1.4.1.6252.2.27.6.1.3Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value true



Attribute TypestextEncodedORAddress


Names template-url-syntaxOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


textEncodedORAddressText encoding of an X.400 O/R address, as specified in RFC 987.

This attribute was deprecated in 1991.

Origin RFC 1274Usage userApplicationsOID 0.9.2342.19200300.100.1.2Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames textEncodedORAddressOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


titleTitle of a person in their organizational context.

Examples: Vice President, Software Engineer.

Origin RFC 4519Usage userApplicationsSuperior Type nameOID 2.5.4.12




Attribute TypesuddiAccessPoint


Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames titleOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By inetOrgPerson, organizationalPersonSchema File 00-core.ldifSyntax Directory String

uddiAccessPointThe value of this attribute is a qualified pointer to a service entry point.

In UDDIv3, the convention is to precede pointer with the use type, as in use-type#address. For UDDIv2compatibility, the recommended format is v2-URL-type#v3-use-type#address.

Origin RFC 4403Usage userApplicationsDescription entry point address to call a web serviceOID 1.3.6.1.1.10.4.19Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiAccessPointOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiBindingTemplateSchema File 03-uddiv3.ldifSyntax Directory String

uddiAddressLineThe value of this attribute holds addresses in free-form text. The maximum size of the value is 80characters.


Attribute TypesuddiAuthorizedName


If the address contains a template model key, then the value is prefixed with a key name and keyvalue, as in #key-name#key-value#address-data.

Origin RFC 4403Usage userApplicationsDescription addressOID 1.3.6.1.1.10.4.13Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uddiAddressLineOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiAddressSchema File 03-uddiv3.ldifSyntax Directory String

uddiAuthorizedNameThe value of this attribute holds the name of the individual who registered the UDDI business entityor template model.

Origin RFC 4403Usage userApplicationsDescription businessEntity publisher nameOID 1.3.6.1.1.10.4.2Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule distinguishedNameMatchSingle Value trueNames uddiAuthorizedNameUser ModificationAllowed

true

Used By uddiBusinessEntity, uddiTModel, uddiv3EntityObituary, uddiv3SubscriptionSchema File 03-uddiv3.ldifSyntax DN



Attribute TypesuddiBindingKey


uddiBindingKeyThe value of this attribute uniquely identifies a UDDI binding template.

This value should be empty when saving a new UDDI binding template.

Origin RFC 4403Usage userApplicationsDescription bindingTemplate unique identifierOID 1.3.6.1.1.10.4.18Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiBindingKeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


uddiBusinessKeyThe value of this attribute uniquely identifies a UDDI business entity.

This attribute is optional for a business service whose parent already has a business key.

Origin RFC 4403Usage userApplicationsDescription businessEntity unique identifierOID 1.3.6.1.1.10.4.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiBusinessKeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true



Attribute TypesuddiCategoryBag


Used By uddiBusinessEntity, uddiBusinessServiceSchema File 03-uddiv3.ldifSyntax Directory String

uddiCategoryBagThe value of this attribute holds information about categorizing UDDI business entities, businessservices, and template models.

The value can optionally be prefixed with a template model and key name, as in #t-model#key-name#key-value. Only key-value is mandatory.

Origin RFC 4403Usage userApplicationsDescription categorization informationOID 1.3.6.1.1.10.4.15Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uddiCategoryBagOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiBindingTemplate, uddiBusinessEntity, uddiBusinessService, uddiTModelSchema File 03-uddiv3.ldifSyntax Directory String

uddiDescriptionThe value of this attribute localized descriptions.

Each value has the form, xml:lang-value#description.

Origin RFC 4403Usage userApplicationsDescription short descriptionOID 1.3.6.1.1.10.4.5



Attribute TypesuddiDiscoveryURLs


Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uddiDescriptionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiBindingTemplate, uddiBusinessEntity, uddiBusinessService, uddiContact,uddiTModel, uddiTModelInstanceInfo

Schema File 03-uddiv3.ldifSyntax Directory String

uddiDiscoveryURLsThe value of this attribute holds a list of URL to alternate, file-based service discovery mechanisms.

In UDDIv3, the convention is to precede the URL with the use type, as in use-type#URL.

Origin RFC 4403Usage userApplicationsDescription URL to retrieve a businessEntity instanceOID 1.3.6.1.1.10.4.6Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uddiDiscoveryURLsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiBusinessEntitySchema File 03-uddiv3.ldifSyntax Directory String

uddiEMailThe value of this attribute holds email addresses for the contact.


Attribute TypesuddiFromKey


Prefix values with use type descriptions if more than one email address is provided, as in use-type#email-address.

Origin RFC 4403Usage userApplicationsDescription e-mail address for contactOID 1.3.6.1.1.10.4.10Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uddiEMailOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiContactSchema File 03-uddiv3.ldifSyntax Directory String

uddiFromKeyThe value of this attribute uniquely references the first business entity for which an assertion ismade.

Origin RFC 4403Usage userApplicationsDescription unique businessEntity key referenceOID 1.3.6.1.1.10.4.25Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiFromKeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiPublisherAssertionSchema File 03-uddiv3.ldifSyntax Directory String



Attribute TypesuddiHostingRedirector


uddiHostingRedirectorThe value of this attribute indicates that a binding template entry is a pointer to another bindingtemplate entry.

UDDIv3 deprecates this element. Use uddiAccessPoint instead.

Origin RFC 4403Usage userApplicationsDescription designates a pointer to another bindingTemplateOID 1.3.6.1.1.10.4.20Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiHostingRedirectorOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


uddiIdentifierBagThe value of this attribute holds information about common forms of identification, such as D-U-N-Snumbers, and tax identifiers.

The value can optionally be prefixed with a template model and key name, as in #t-model#key-name#key-value. Only key-value is mandatory.

Origin RFC 4403Usage userApplicationsDescription identification informationOID 1.3.6.1.1.10.4.14Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uddiIdentifierBag



Attribute TypesuddiInstanceDescription



true

Used By uddiBusinessEntity, uddiTModelSchema File 03-uddiv3.ldifSyntax Directory String

uddiInstanceDescriptionThe value of this attribute holds one or more localized descriptions indicating the role a templatemodel reference plays in the service description.


Origin RFC 4403Usage userApplicationsDescription instance details descriptionOID 1.3.6.1.1.10.4.21Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uddiInstanceDescriptionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiTModelInstanceInfoSchema File 03-uddiv3.ldifSyntax Directory String

uddiInstanceParmsThe value of this attribute holds the settings, or a URL reference to a file containing the settings, thatare required to use a facet of a UDDI binding template description.

Origin RFC 4403Usage userApplicationsDescription URL reference to required settings



Attribute TypesuddiIsHidden


OID 1.3.6.1.1.10.4.22Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiInstanceParmsOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiTModelInstanceInfoSchema File 03-uddiv3.ldifSyntax Directory String

uddiIsHiddenThe value of this attribute indicates a deleted template model that is not found in result sets whenfinding template models.

Origin RFC 4403Usage userApplicationsDescription isHidden attributeOID 1.3.6.1.1.10.4.28Equality Matching Rule booleanMatchSingle Value trueNames uddiIsHiddenUser ModificationAllowed

true

Used By uddiTModelSchema File 03-uddiv3.ldifSyntax Boolean

uddiIsProjectionThe value of this attribute indicates a business service that has a service projection.




Attribute TypesuddiKeyedReference


Description isServiceProjection attributeOID 1.3.6.1.1.10.4.29Equality Matching Rule booleanMatchSingle Value trueNames uddiIsProjectionUser ModificationAllowed

true

Used By uddiBusinessServiceSchema File 03-uddiv3.ldifSyntax Boolean

uddiKeyedReferenceThe value of this attribute holds a name-value pair with an additional reference to a template model.

The value can optionally be prefixed with a template model and key name, as in #t-model#key-name#key-value.

Origin RFC 4403Usage userApplicationsDescription categorization informationOID 1.3.6.1.1.10.4.16Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uddiKeyedReferenceOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


uddiLangThe value of this attribute models the xml:lang value for a UDDIv3 address structure.


Attribute TypesuddiName


Origin RFC 4403Usage userApplicationsDescription xml:lang value in v3 Address structureOID 1.3.6.1.1.10.4.30Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiLangOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiAddressSchema File 03-uddiv3.ldifSyntax Directory String

uddiNameThe value of this attribute holds a human-readable name for a UDDI business entity, business service,or template model.

Each value has the form, xml:lang-value#name, where at most one value can omit the xml:lang-value#prefix.

Origin RFC 4403Usage userApplicationsDescription human readable nameOID 1.3.6.1.1.10.4.4Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uddiNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiBusinessEntity, uddiBusinessService, uddiTModelSchema File 03-uddiv3.ldifSyntax Directory String



Attribute TypesuddiOperator


uddiOperatorThe value of this attribute holds the certified name of the UDDI registry site operator that managesthe master copy of the UDDI business entity or template model.

UDDIv3 uses uddiv3NodeId instead.

Origin RFC 4403Usage userApplicationsDescription registry site operator of businessEntitys master copyOID 1.3.6.1.1.10.4.3Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiOperatorOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiBusinessEntity, uddiTModelSchema File 03-uddiv3.ldifSyntax Directory String

uddiOverviewDescriptionThe value of this attribute holds one or more localized descriptions indicating how to use a UDDItemplate model.


Origin RFC 4403Usage userApplicationsDescription outlines tModel usageOID 1.3.6.1.1.10.4.23Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uddiOverviewDescriptionOrdering Matching Rule caseIgnoreOrderingMatch



Attribute TypesuddiOverviewURL



true

Used By uddiTModel, uddiTModelInstanceInfoSchema File 03-uddiv3.ldifSyntax Directory String

uddiOverviewURLThe value of this attribute holds a URL to longer overview document describing how a UDDI templatemodel reference is used as a component of an overall web service description.

Origin RFC 4403Usage userApplicationsDescription URL reference to overview documentOID 1.3.6.1.1.10.4.24Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiOverviewURLOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiTModel, uddiTModelInstanceInfoSchema File 03-uddiv3.ldifSyntax Directory String

uddiPersonNameThe value of this attribute lists names of people or names of job roles available behind the contact.

Examples: webmaster, administrator.

In UDDIv3, each value can have the form, xml:lang-value#name.

Origin RFC 4403Usage userApplicationsDescription name of person or job role available for contactOID 1.3.6.1.1.10.4.8



Attribute TypesuddiPhone


Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiPersonNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


uddiPhoneThe value of this attribute holds telephone numbers for the contact.

Prefix values with use type descriptions if more than one phone number is provided, as in use-type#phone-number.

Origin RFC 4403Usage userApplicationsDescription telephone number for contactOID 1.3.6.1.1.10.4.9Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uddiPhoneOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


uddiServiceKeyThe value of this attribute uniquely identifies a UDDI business service.


Attribute TypesuddiSortCode


This value should be empty when saving a new UDDI business service structure.

This attribute is optional for a business service whose parent already has a business key.

Origin RFC 4403Usage userApplicationsDescription businessService unique identifierOID 1.3.6.1.1.10.4.17Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiServiceKeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiBindingTemplate, uddiBusinessServiceSchema File 03-uddiv3.ldifSyntax Directory String

uddiSortCodeThe value of this attribute drives behavior of external display mechanisms that sort addresses.

This is deprecated in UDDIv3.

Origin RFC 4403Usage userApplicationsDescription specifies an external disply mechanismOID 1.3.6.1.1.10.4.11Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiSortCodeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiAddressSchema File 03-uddiv3.ldif



Attribute TypesuddiTModelKey



uddiTModelKeyThe value of this attribute uniquely identifies a UDDI template model.

When used with a keyed reference, it serves as the key identifying a value set, and implies thatthe key name-key value pair in a UDDI identify or category bag should be interpreted by the valueset referenced by the template model key. When used with an address line element, it implies thekey name and key pair in subsequent address line elements should be interpreted by the addressstructure associated with the referenced template model.

Origin RFC 4403Usage userApplicationsDescription tModel unique identifierOID 1.3.6.1.1.10.4.12Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiTModelKeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiAddress, uddiTModel, uddiTModelInstanceInfoSchema File 03-uddiv3.ldifSyntax Directory String

uddiToKeyThe value of this attribute uniquely references the second business entity for which an assertion ismade.

Origin RFC 4403Usage userApplicationsDescription unique businessEntity key referenceOID 1.3.6.1.1.10.4.26Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatch



Attribute TypesuddiUseType


Single Value trueNames uddiToKeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


uddiUseTypeThe value of this attribute holds text describing a type of contact or address.

Examples: technical contact, billing department.

Origin RFC 4403Usage userApplicationsDescription name of convention the referenced document followsOID 1.3.6.1.1.10.4.7Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiUseTypeOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiAddress, uddiContactSchema File 03-uddiv3.ldifSyntax Directory String

uddiUUIDThe value of this attribute uniquely a UDDI contact, address, or publisher assertion.

Origin RFC 4403Usage userApplicationsDescription unique attribute



Attribute Typesuddiv3BindingKey


OID 1.3.6.1.1.10.4.27Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiUUIDOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiAddress, uddiContact, uddiPublisherAssertion, uddiv3EntityObituary,uddiv3Subscription


uddiv3BindingKeyThe value of this attribute holds a unique, UDDIv3 identifier for a binding template.

Origin RFC 4403Usage userApplicationsDescription UDDIv3 BindingTemplate unique identifierOID 1.3.6.1.1.10.4.33Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiv3BindingKeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiBindingTemplate, uddiv3SubscriptionSchema File 03-uddiv3.ldifSyntax Directory String

uddiv3BriefResponseThe value of this attribute indicates whether a brief response is associated with a subscription entity.It controls the level of detail returned to a subscription listener.


Attribute Typesuddiv3BusinessKey


Origin RFC 4403Usage userApplicationsDescription UDDIv3 Subscription ExpiresAfter fieldOID 1.3.6.1.1.10.4.43Equality Matching Rule booleanMatchSingle Value trueNames uddiv3BriefResponseUser ModificationAllowed

true

Used By uddiv3SubscriptionSchema File 03-uddiv3.ldifSyntax Boolean

uddiv3BusinessKeyThe value of this attribute holds a unique, UDDIv3 identifier for a business entity.

Origin RFC 4403Usage userApplicationsDescription UDDIv3 businessEntity unique identifierOID 1.3.6.1.1.10.4.31Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiv3BusinessKeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiBusinessEntity, uddiBusinessServiceSchema File 03-uddiv3.ldifSyntax Directory String

uddiv3DigitalSignatureThe value of this attribute holds an XML digital signature for a UDDI entity.



Attribute Typesuddiv3EntityCreationTime


Origin RFC 4403Usage userApplicationsDescription UDDIv3 entity digital signatureOID 1.3.6.1.1.10.4.35Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactMatchSingle Value false: multiple values allowedNames uddiv3DigitalSignatureOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiBindingTemplate, uddiBusinessEntity, uddiBusinessService,uddiPublisherAssertion, uddiTModel


uddiv3EntityCreationTimeThe value of this attribute holds the original creation time for a UDDI entity that is deleted in anentity obituary.

It is also used to record the original creation time in the event of a move.

Origin RFC 4403Usage userApplicationsDescription UDDIv3 Entity Creation TimeOID 1.3.6.1.1.10.4.45Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames uddiv3EntityCreationTimeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

true

Used By uddiBindingTemplate, uddiBusinessService, uddiv3EntityObituarySchema File 03-uddiv3.ldifSyntax Generalized Time



Attribute Typesuddiv3EntityDeletionTime


uddiv3EntityDeletionTimeThe value of this attribute holds the deletion time for a UDDI entity that is deleted in an entityobituary.

Origin RFC 4403Usage userApplicationsDescription UDDIv3 Entity Deletion TimeOID 1.3.6.1.1.10.4.46Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames uddiv3EntityDeletionTimeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

true

Used By uddiv3EntityObituarySchema File 03-uddiv3.ldifSyntax Generalized Time

uddiv3EntityKeyThe value of this attribute holds a unique, UDDIv3 identifier for an instance of a UDDI data structureto be logged as an entity obituary.

Origin RFC 4403Usage userApplicationsDescription UDDIv3 Entity unique identifierOID 1.3.6.1.1.10.4.44Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiv3EntityKeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiv3EntityObituary



Attribute Typesuddiv3EntityModificationTime



uddiv3EntityModificationTimeThe value of this attribute holds the last modification time for a UDDI entity.

When a child entity is updated, the parent entity timestamp is also updated.

Origin RFC 4403Usage userApplicationsDescription UDDIv3 Last Modified Time for EntityOID 1.3.6.1.1.10.4.37Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames uddiv3EntityModificationTimeOrdering Matching Rule generalizedTimeOrderingMatchUser ModificationAllowed

true

Used By uddiBusinessEntity, uddiBusinessServiceSchema File 03-uddiv3.ldifSyntax Generalized Time

uddiv3ExpiresAfterThe value of this attribute specifies the expiry time for a subscription. Its type is xsd:dateTime.

Origin RFC 4403Usage userApplicationsDescription UDDIv3 Subscription ExpiresAfter fieldOID 1.3.6.1.1.10.4.42Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule generalizedTimeMatchSingle Value trueNames uddiv3ExpiresAfterOrdering Matching Rule generalizedTimeOrderingMatch



Attribute Typesuddiv3MaxEntities



true

Used By uddiv3SubscriptionSchema File 03-uddiv3.ldifSyntax Generalized Time

uddiv3MaxEntitiesThe value of this attribute specifies the maximum number of entities that are returned as part of asubscription notification.

Origin RFC 4403Usage userApplicationsDescription UDDIv3 Subscription maxEntities fieldOID 1.3.6.1.1.10.4.41Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames uddiv3MaxEntitiesOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By uddiv3SubscriptionSchema File 03-uddiv3.ldifSyntax Integer

uddiv3NodeIdThe value of this attribute holds a node identity for a UDDIv3 node.

Origin RFC 4403Usage userApplicationsDescription UDDIv3 Node IdentifierOID 1.3.6.1.1.10.4.36Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value true



Attribute Typesuddiv3NotificationInterval


Names uddiv3NodeIdOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiBindingTemplate, uddiBusinessEntity, uddiBusinessService,uddiPublisherAssertion, uddiTModel, uddiv3EntityObituary, uddiv3Subscription


uddiv3NotificationIntervalThe value of this attribute holds a notification interval string. The string type is xsd:duration.

The interval specifies how often to send asynchronous change notifications to a subscriber.

Origin RFC 4403Usage userApplicationsDescription UDDIv3 Notification IntervalOID 1.3.6.1.1.10.4.40Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiv3NotificationIntervalOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiv3SubscriptionSchema File 03-uddiv3.ldifSyntax Directory String

uddiv3ServiceKeyThe value of this attribute holds a unique, UDDIv3 identifier for a business service.

Origin RFC 4403Usage userApplicationsDescription UDDIv3 businessService unique identifier



Attribute Typesuddiv3SubscriptionFilter


OID 1.3.6.1.1.10.4.32Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiv3ServiceKeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiBindingTemplate, uddiBusinessServiceSchema File 03-uddiv3.ldifSyntax Directory String

uddiv3SubscriptionFilterThe value of this attribute holds a UDDIv3 subscription filter. The filter criteria limit the scope of asubscription to a subset of registry records.

Origin RFC 4403Usage userApplicationsDescription UDDIv3 Subscription FilterOID 1.3.6.1.1.10.4.39Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiv3SubscriptionFilterOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


uddiv3SubscriptionKeyThe value of this attribute holds a unique, UDDIv3 identifier for a subscription entity.

Origin RFC 4403



Attribute Typesuddiv3TModelKey


Usage userApplicationsDescription UDDIv3 Subscription unique identifierOID 1.3.6.1.1.10.4.38Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiv3SubscriptionKeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


uddiv3TModelKeyThe value of this attribute holds a unique, UDDIv3 identifier for a template model.

Origin RFC 4403Usage userApplicationsDescription UDDIv3 TModel unique identifierOID 1.3.6.1.1.10.4.34Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value trueNames uddiv3TModelKeyOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By uddiAddress, uddiTModel, uddiTModelInstanceInfoSchema File 03-uddiv3.ldifSyntax Directory String

uidComputer system login names associated with the entry.


Attribute TypesuidNumber


Example: bjensen, root.

Origin RFC 4519Usage userApplicationsOID 0.9.2342.19200300.100.1.1Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uid, useridOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By account, inetOrgPerson, inetuser, pilotPerson, posixAccount, sambaSamAccount,shadowAccount, uidObject, untypedObject


uidNumber

Origin draft-howard-rfc2307bisUsage userApplicationsDescription An integer uniquely identifying a user in an administrative domainOID 1.3.6.1.1.1.1.0Substring Matching Rule caseExactSubstringsMatchEquality Matching Rule integerMatchSingle Value trueNames uidNumberOrdering Matching Rule integerOrderingMatchUser ModificationAllowed

true

Used By nisKeyObject, posixAccount, sambaIdmapEntry, sambaUnixIdPoolSchema File 04-rfc2307bis.ldifSyntax Integer



Attribute TypesuniqueIdentifier


uniqueIdentifierUnique identifier for a directory object. The semantics of uniqueness are defined locally for thedirectory, so the values are not necessarily universally unique identifiers, but might be a payrollnumber for an individual or a department code for an organizational unit.

Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.44Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames uniqueIdentifierOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true


uniqueMemberDistinguished names of objects that are part of a group, where the RDN of the object includes a valueto distinguish between names that have been reused.

Origin RFC 4519Usage userApplicationsOID 2.5.4.50Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule uniqueMemberMatchSingle Value false: multiple values allowedNames uniqueMemberUser ModificationAllowed

true

Used By groupOfUniqueNamesSchema File 00-core.ldifSyntax Name and Optional UID



Attribute TypesuserCertificate


userCertificateX.509 certificate issued to the user, as described in X.509 clause 11.2.1.

Request and transfer values using the binary option for the attribute description,userCertificate;binary.

Origin RFC 4523Usage userApplicationsOID 2.5.4.36Equality Matching Rule certificateExactMatchSingle Value false: multiple values allowedNames userCertificateOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By ds-certificate-user, inetOrgPerson, pkiUser, strongAuthenticationUserSchema File 00-core.ldifSyntax Certificate

userClassCategories to refer to a computer or application user, such as full-time employee or contractor.

Similar attributes include organizationalStatus and title.

Origin RFC 4524Usage userApplicationsOID 0.9.2342.19200300.100.1.8Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames userClassOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By pilotPerson



Attribute TypesuserPassword



userPasswordOctet string known only to the user and the system to which the user has access.

Applications should prepare textual strings used as passwords by transcoding them to Unicode,applying SASLprep as described in RFC 4013, and encoding as UTF-8. The client must determinewhether a password is a textual string.

Passwords are not encrypted during transport. If the underlying transport is not secure, transmissioncan result in disclosure of the password to unauthorized parties.

Origin RFC 4519Usage userApplicationsOID 2.5.4.35Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames userPasswordOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By dNSDomain, dmd, domain, inetOrgPerson, inetuser, ipHost, organization,organizationalPerson, organizationalUnit, person, pilotOrganization, pilotPerson,posixAccount, posixGroup, rFC822LocalPart, residentialPerson, shadowAccount,simpleSecurityObject, sunservicecomponent

Schema File 00-core.ldifSyntax Octet String

userPKCS12PKCS#12 format personal identity information.

Request and transfer values using the binary option for the attribute description, userPKCS12;binary.





Attribute TypesuserSMIMECertificate


Description PKCS #12 PFX PDU for exchange of personal identity informationOID 2.16.840.1.113730.3.1.216Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames userPKCS12Ordering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By inetOrgPersonSchema File 00-core.ldifSyntax Binary

userSMIMECertificatePKCS#7 SignedData, where the content signed is ignored by consumers of userSMIMECertificate values.PKCS#7 is described in RFC 2315.

A value holds the entire certificate chain and a smimeCapabilities field as described in RFC 2633. Thisattribute is preferred over userCertificate for S/MIME applications.

Values should have a data contentType and omit the content field.

Request and transfer values using the binary option for the attribute description,userSMIMECertificate;binary.

Origin RFC 2798Usage userApplicationsDescription PKCS#7 SignedData used to support S/MIMEOID 2.16.840.1.113730.3.1.40Equality Matching Rule octetStringMatchSingle Value false: multiple values allowedNames userSMIMECertificateOrdering Matching Rule octetStringOrderingMatchUser ModificationAllowed

true

Used By inetOrgPersonSchema File 00-core.ldifSyntax Binary




Attribute TypesvendorName


vendorNameName of the party who implemented this LDAP server.

Access to this attribute may be restricted, so client applications must not expect this attribute to beavailable.

Origin RFC 3045Usage dSAOperationOID 1.3.6.1.1.4Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames vendorNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

false


vendorVersionVersion of this LDAP server implementation, which must be unique between two versions.

Access to this attribute may be restricted, so client applications must not expect this attribute to beavailable.

Origin RFC 3045Usage dSAOperationOID 1.3.6.1.1.5Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseExactIA5MatchSingle Value trueNames vendorVersionOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

false




Attribute TypeswebauthnDeviceProfiles



webauthnDeviceProfilesOrigin OpenAMUsage userApplicationsDescription WebAuthn device profiles stringInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.1.12Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames webauthnDeviceProfilesOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Used By webauthnDeviceProfilesContainerSchema File 60-identity-store-ds-webauthndevices.ldifSyntax Directory String

winAccountNameOrigin Solaris SpecificUsage userApplicationsDescription Windows user or group Name corresponding to a Unix user or groupOID 1.3.6.1.4.1.42.2.27.5.1.62Substring Matching Rule caseIgnoreSubstringsMatchEquality Matching Rule caseIgnoreMatchSingle Value false: multiple values allowedNames winAccountNameOrdering Matching Rule caseIgnoreOrderingMatchUser ModificationAllowed

true

Schema File 05-solaris.ldifSyntax Directory String

Attribute Typesx121Address


x121AddressData network address as defined by ITU Recommendation X.121.

Origin RFC 4519Usage userApplicationsOID 2.5.4.24Substring Matching Rule numericStringSubstringsMatchEquality Matching Rule numericStringMatchSingle Value false: multiple values allowedNames x121AddressOrdering Matching Rule numericStringOrderingMatchUser ModificationAllowed

true



x500UniqueIdentifierBinary string used to distinguish between objects that reuse the same distinguished name.

Origin RFC 4519Usage userApplicationsOID 2.5.4.45Equality Matching Rule bitStringMatchSingle Value false: multiple values allowedNames x500UniqueIdentifierUser ModificationAllowed

true

Used By inetOrgPersonSchema File 00-core.ldifSyntax Bit String



DIT Content Rules


Chapter 2

DIT Content RulesNone defined in the default LDAP schema.

DIT Structure RulesuddiAddressStructureRule


Chapter 3

DIT Structure RulesThis chapter covers schema definitions for DIT structure rules:

• "uddiAddressStructureRule"

• "uddiBindingTemplateStructureRule"

• "uddiBusinessEntityStructureRule"

• "uddiBusinessServiceStructureRule"

• "uddiContactStructureRule"

• "uddiPublisherAssertionStructureRule"

• "uddiTModelInstanceInfoStructureRule"

• "uddiTModelStructureRule"

• "uddiv3EntityObituaryStructureRule"

• "uddiv3SubscriptionStructureRule"

uddiAddressStructureRuleNames uddiAddressStructureRuleOrigin RFC 4403Rule ID 3Name Form uddiAddressNameFormSuperior Rules uddiContactStructureRuleSchema File 03-uddiv3.ldif

uddiBindingTemplateStructureRuleNames uddiBindingTemplateStructureRuleOrigin RFC 4403



DIT Structure RulesuddiBusinessEntityStructureRule


Rule ID 5Name Form uddiBindingTemplateNameFormSuperior Rules uddiBusinessServiceStructureRuleSchema File 03-uddiv3.ldif

uddiBusinessEntityStructureRuleNames uddiBusinessEntityStructureRuleOrigin RFC 4403Rule ID 1Name Form uddiBusinessEntityNameFormSchema File 03-uddiv3.ldif

uddiBusinessServiceStructureRuleNames uddiBusinessServiceStructureRuleOrigin RFC 4403Rule ID 4Name Form uddiBusinessServiceNameFormSuperior Rules uddiBusinessEntityStructureRuleSchema File 03-uddiv3.ldif

uddiContactStructureRuleNames uddiContactStructureRuleOrigin RFC 4403Rule ID 2Name Form uddiContactNameFormSuperior Rules uddiBusinessEntityStructureRuleSchema File 03-uddiv3.ldif

uddiPublisherAssertionStructureRuleNames uddiPublisherAssertionStructureRule




DIT Structure RulesuddiTModelInstanceInfoStructureRule


Origin RFC 4403Rule ID 8Name Form uddiPublisherAssertionNameFormSchema File 03-uddiv3.ldif

uddiTModelInstanceInfoStructureRuleNames uddiTModelInstanceInfoStructureRuleOrigin RFC 4403Rule ID 6Name Form uddiTModelInstanceInfoNameFormSuperior Rules uddiBindingTemplateStructureRuleSchema File 03-uddiv3.ldif

uddiTModelStructureRuleNames uddiTModelStructureRuleOrigin RFC 4403Rule ID 7Name Form uddiTModelNameFormSchema File 03-uddiv3.ldif

uddiv3EntityObituaryStructureRuleNames uddiv3EntityObituaryStructureRuleOrigin RFC 4403Rule ID 10Name Form uddiv3EntityObituaryNameFormSchema File 03-uddiv3.ldif

uddiv3SubscriptionStructureRuleNames uddiv3SubscriptionStructureRule





DIT Structure Rulesuddiv3SubscriptionStructureRule


Origin RFC 4403Rule ID 9Name Form uddiv3SubscriptionNameFormSchema File 03-uddiv3.ldif


Matching Rule Uses


Chapter 4

Matching Rule UsesNone defined in the default LDAP schema.

Matching Rules


Chapter 5

Matching RulesThis chapter covers schema definitions for matching rules:

• "1.3.6.1.4.1.26027.1.4.8.1.3.6.1.4.1.26027.1.3.6"

• "authPasswordExactMatch"

• "authPasswordMatch"

• "bitStringMatch"

• "booleanMatch"

• "caseExactIA5Match"

• "caseExactIA5SubstringsMatch"

• "caseExactJsonIdMatch"

• "caseExactJsonQueryMatch"

• "caseExactMatch"

• "caseExactOrderingMatch"

• "caseExactSubstringsMatch"

• "caseIgnoreIA5Match"

• "caseIgnoreIA5SubstringsMatch"

• "caseIgnoreJsonIdMatch"

• "caseIgnoreJsonQueryMatch"

• "caseIgnoreJsonQueryMatchClusterObject"

• "caseIgnoreJsonQueryMatchManagedRole"

• "caseIgnoreJsonQueryMatchManagedUser"

• "caseIgnoreJsonQueryMatchRelationship"

• "caseIgnoreListMatch"

Matching Rules


• "caseIgnoreListSubstringsMatch"

• "caseIgnoreMatch"

• "caseIgnoreOrderingMatch"

• "caseIgnoreSubstringsMatch"

• "certificateExactMatch"

• "ctsOAuth2GrantSetEqualityMatch"

• "directoryStringFirstComponentMatch"

• "distinguishedNameMatch"

• "ds-mr-double-metaphone-approx"

• "ds-mr-user-password-equality"

• "ds-mr-user-password-exact"

• "generalizedTimeMatch"

• "generalizedTimeOrderingMatch"

• "historicalCsnOrderingMatch"

• "historicalCsnRangeMatch"

• "integerFirstComponentMatch"

• "integerMatch"

• "integerOrderingMatch"

• "jsonFirstComponentCaseExactJsonQueryMatch"

• "jsonFirstComponentCaseIgnoreJsonQueryMatch"

• "keywordMatch"

• "nameAndOptionalCaseExactJsonIdEqualityMatch"

• "nameAndOptionalCaseIgnoreJsonIdEqualityMatch"

• "nameAndOptionalJsonEqualityMatchingRule"

• "numericStringMatch"

• "numericStringOrderingMatch"

• "numericStringSubstringsMatch"

Matching Rules1.3.6.1.4.1.26027.1.4.8.1.3.6.1.4.1.26027.1.3.6


• "objectIdentifierFirstComponentMatch"

• "objectIdentifierMatch"

• "octetStringMatch"

• "octetStringOrderingMatch"

• "octetStringSubstringsMatch"

• "partialDateAndTimeMatchingRule"

• "presentationAddressMatch"

• "protocolInformationMatch"

• "relativeTimeGTOrderingMatch"

• "relativeTimeLTOrderingMatch"

• "telephoneNumberMatch"

• "telephoneNumberSubstringsMatch"

• "uniqueMemberMatch"

• "uuidMatch"

• "uuidOrderingMatch"

• "wordMatch"

1.3.6.1.4.1.26027.1.4.8.1.3.6.1.4.1.26027.1.3.6Origin OpenDJ X-ENUM SyntaxDescription Collective Conflict Behavior enumeration ordering matching ruleOID 1.3.6.1.4.1.26027.1.4.8.1.3.6.1.4.1.26027.1.3.6Syntax Collective Conflict Behavior

authPasswordExactMatchCompares an asserted authPasswordSyntax value with an authPasswordSyntax attribute's value.

The rule evaluates to TRUE if and only if there is an attribute value with the same scheme, authInfo,and authValue as the asserted value. The rule evaluates to FALSE if no attribute value has the samecomponents. Otherwise, the rule evaluates to Undefined.

Matching RulesauthPasswordMatch


Names authPasswordExactMatchOrigin RFC 3112Description authentication password exact matching ruleOID 1.3.6.1.4.1.4203.1.2.2Syntax Authentication Password Syntax

authPasswordMatchCompares an asserted authPasswordSyntax value with an authPasswordSyntax attribute's value when anextensibleMatch filter component is used. Each value is matched according to its scheme.

The rule evaluates to TRUE if and only if there is an attribute value that matches the assertedvalue. The rule evaluates to FALSE if no attribute value matches. Otherwise, the rule evaluates toUndefined.

Names authPasswordMatchDescription authentication password matching ruleOID 1.3.6.1.4.1.4203.1.2.3Syntax Authentication Password Syntax

bitStringMatchCompares an assertion of Bit String syntax to a value whose syntax is the ASN.1 BIT STRING type.

If the ASN.1 type does not have a named bit list, the rule evaluates to TRUE if and only if theassertion and value have the same number of bits, and each bit matches. Otherwise, the same rulesapply, but trailing zero bits are ignored.

Names bitStringMatchOrigin RFC 4517OID 2.5.13.16Syntax Bit String

booleanMatchCompares an assertion of Boolean syntax to a value whose syntax is the ASN.1 BOOLEAN type.

The rule evaluates to TRUE if and only if the assertion and value are either both TRUE, or bothFALSE.



Matching RulescaseExactIA5Match


Names booleanMatchOrigin RFC 4517OID 2.5.13.13Syntax Boolean

caseExactIA5MatchCompares an assertion of IA5 String syntax to a value whose syntax is the ASN.1 IA5String type.

The rule evaluates to TRUE if and only if the prepared attribute value string and prepared assertionvalue string have the same number of characters, and corresponding characters have the same codepoint. For the comparison, characters are not case folded, and only insignificant white space handlingis applied.

Names caseExactIA5MatchOrigin RFC 4517OID 1.3.6.1.4.1.1466.109.114.1Syntax IA5 String

caseExactIA5SubstringsMatchCompares an assertion of Substring Assertion syntax to a value whose syntax is the ASN.1 IA5Stringtype, or one of the alternative types.

The rule evaluates to TRUE if and only if:

1. The prepared substrings in the assertion value match disjoint portions of the prepared attributevalue string in the order they occur in the attribute value.

2. An initial substring in the assertion value, if present, matches the beginning of the attribute valuestring.

3. A final substring in the assertion value, if present, matches the end of the attribute value string.

Strings match when their characters correspond at each code point. For the comparison, charactersare not case folded, and only insignificant white space handling is applied.

Names caseExactIA5SubstringsMatchOrigin RFC 4517OID 1.3.6.1.4.1.26027.1.4.902




Matching RulescaseExactJsonIdMatch


Syntax Substring Assertion

caseExactJsonIdMatchThis matching rule is used for attributes whose values are JSON objects. With this rule, only the "_id"fields matter for matching. In other words, two JSON objects are considered equal if their "_id" valuesmatch, regardless of other values.

Respect case when finding matches. For example, BJensen and bjensen do not match.

Names caseExactJsonIdMatchOrigin OpenDJ Directory ServerOID 1.3.6.1.4.1.36733.2.1.4.5Syntax Json

caseExactJsonQueryMatchThis matching rule is used for attributes whose values are JSON objects.

Respect case when finding matches. For example, Babs and babs do not match.

Names caseExactJsonQueryMatchOrigin OpenDJ Directory ServerOID 1.3.6.1.4.1.36733.2.1.4.2Syntax Json Query

caseExactMatchCompares an assertion of Directory String syntax to a value whose syntax is the ASN.1DirectoryString type, or one of the alternative types.


Names caseExactMatchOrigin RFC 4517OID 2.5.13.5Syntax Directory String


Matching RulescaseExactOrderingMatch


caseExactOrderingMatchCompares an assertion of Directory String syntax to a value whose syntax is the ASN.1DirectoryString type, or one of the alternative types.

The rule evaluates to TRUE if and only if the prepared attribute value string is less than preparedassertion value string according to the code point collation order. For the comparison, characters arenot case folded, and only insignificant white space handling is applied.

Names caseExactOrderingMatchOrigin RFC 4517OID 2.5.13.6Syntax Directory String

caseExactSubstringsMatchCompares an assertion of Substring Assertion syntax to a value whose syntax is the ASN.1DirectoryString type, or one of the alternative types.






Names caseExactSubstringsMatchOrigin RFC 4517OID 2.5.13.7Syntax Substring Assertion

caseIgnoreIA5MatchCompares an assertion of IA5 String syntax to a value whose syntax is the ASN.1 IA5String type.

The rule evaluates to TRUE if and only if the prepared attribute value string and prepared assertionvalue string have the same number of characters, and corresponding characters have the same code



Matching RulescaseIgnoreIA5SubstringsMatch


point. For the comparison, characters are case folded, and only insignificant white space handling isapplied.

Names caseIgnoreIA5MatchOrigin RFC 4517OID 1.3.6.1.4.1.1466.109.114.2Syntax IA5 String

caseIgnoreIA5SubstringsMatchCompares an assertion of Substring Assertion syntax to a value whose syntax is the ASN.1 IA5Stringtype, or one of the alternative types.





Strings match when their characters correspond at each code point. For the comparison, charactersare case folded, and only insignificant white space handling is applied.

Names caseIgnoreIA5SubstringsMatchOrigin RFC 4517OID 1.3.6.1.4.1.1466.109.114.3Syntax Substring Assertion

caseIgnoreJsonIdMatchThis matching rule is used for attributes whose values are JSON objects. With this rule, only the "_id"fields matter for matching. In other words, two JSON objects are considered equal if their "_id" valuesmatch, regardless of other values.

Ignore case when finding matches. For example, BJensen matches bjensen.

Names caseIgnoreJsonIdMatchOrigin OpenDJ Directory ServerOID 1.3.6.1.4.1.36733.2.1.4.4



Matching RulescaseIgnoreJsonQueryMatch


Syntax Json

caseIgnoreJsonQueryMatchThis matching rule is used for attributes whose values are JSON objects.

Ignore case when finding matches. For example, Babs matches babs.

Names caseIgnoreJsonQueryMatchOrigin OpenDJ Directory ServerOID 1.3.6.1.4.1.36733.2.1.4.1Syntax Json Query

caseIgnoreJsonQueryMatchClusterObjectNames caseIgnoreJsonQueryMatchClusterObjectOID 1.3.6.1.4.1.36733.2.3.4.4Syntax Json Query

caseIgnoreJsonQueryMatchManagedRoleNames caseIgnoreJsonQueryMatchManagedRoleOID 1.3.6.1.4.1.36733.2.3.4.2Syntax Json Query

caseIgnoreJsonQueryMatchManagedUserNames caseIgnoreJsonQueryMatchManagedUserOID 1.3.6.1.4.1.36733.2.3.4.1Syntax Json Query

caseIgnoreJsonQueryMatchRelationshipNames caseIgnoreJsonQueryMatchRelationship

Matching RulescaseIgnoreListMatch


OID 1.3.6.1.4.1.36733.2.3.4.3Syntax Json Query

caseIgnoreListMatchCompares an assertion that is a sequence of strings to a value whose syntax is an ASN.1 SEQUENCEOF the DirectoryString type.

The rule evaluates to TRUE if and only if the attribute value and the assertion value have the samenumber of strings, and corresponding strings match according to the caseIgnoreMatch matching rule.

Names caseIgnoreListMatchOrigin RFC 4517OID 2.5.13.11Syntax Postal Address

caseIgnoreListSubstringsMatchCompares an assertion value of the Substring Assertion syntax to a value whose syntax is an ASN.1SEQUENCE OF the DirectoryString type.

The rule evaluates to TRUE if and only if the assertion value matches the concatenated strings of theattribute value, where none of the initial, any, or final substrings match if they span more than one ofthe original attribute value strings. The match is evaluated according to the caseIgnoreSubstringsMatchrule.

Names caseIgnoreListSubstringsMatchOrigin RFC 4517OID 2.5.13.12Syntax Substring Assertion

caseIgnoreMatchCompares an assertion of Directory String syntax to a value whose syntax is the ASN.1DirectoryString type, or one of the alternative types.

The rule evaluates to TRUE if and only if the prepared attribute value string and prepared assertionvalue string have the same number of characters, and corresponding characters have the same codepoint. For the comparison, characters are case folded, and only insignificant white space handling isapplied.



Matching RulescaseIgnoreOrderingMatch


Names caseIgnoreMatchOrigin RFC 4517OID 2.5.13.2Syntax Directory String

caseIgnoreOrderingMatchCompares an assertion of Directory String syntax to a value whose syntax is the ASN.1DirectoryString type, or one of the alternative types.

The rule evaluates to TRUE if and only if the prepared attribute value string is less than preparedassertion value string according to the code point collation order. For the comparison, characters arecase folded, and only insignificant white space handling is applied.

Names caseIgnoreOrderingMatchOrigin RFC 4517OID 2.5.13.3Syntax Directory String

caseIgnoreSubstringsMatchCompares an assertion of Substring Assertion syntax to a value whose syntax is the ASN.1DirectoryString type, or one of the alternative types.





Strings match when their characters correspond at each code point. For the comparison, charactersare case folded, and only insignificant white space handling is applied.

Names caseIgnoreSubstringsMatchOrigin RFC 4517OID 2.5.13.4Syntax Substring Assertion




Matching RulescertificateExactMatch


certificateExactMatchCompares a certificate exact assertion value with an attribute value of certificate syntax.

Names certificateExactMatchOrigin RFC 4523OID 2.5.13.34Syntax X.509 Certificate Exact Assertion

ctsOAuth2GrantSetEqualityMatchNames ctsOAuth2GrantSetEqualityMatchOID 1.3.6.1.4.1.36733.2.2.4.1Syntax Json Query

directoryStringFirstComponentMatchCompares an assertion value of DirectoryString syntax to a value whose syntax is an ASN.1SEQUENCE with a mandatory first component of the ASN.1 DirectoryString type.

The rule evaluates to TRUE if and only if the assertion value matches the first component of theattribute value according to the caseIgnoreMatch matching rule.

Names directoryStringFirstComponentMatchOrigin RFC 4517OID 2.5.13.31Syntax Directory String

distinguishedNameMatchCompares an assertion value of DN syntax to a value whose syntax is an ASN.1 DistinguishedNametype.

The rule evaluates to TRUE if and only if the assertion value and the attribute value have the samenumber of RDNs, and the RDNs in the same position are the same. Two RDNs are the same if andonly if they have the same number of attribute value assertions (AVA), and each AVA of the first RDNis the same as the AVA of the second RDN with the same attribute type, according to the equalitymatching rule for the attribute type. Order of AVAs is not significant. If one or more AVAs evaluateto Undefined, and the remaining AVAs evaluate to TRUE, then the distinguishedNameMatch evaluates toUndefined.



Matching Rulesds-mr-double-metaphone-approx


Names distinguishedNameMatchOrigin RFC 4517OID 2.5.13.1Syntax DN

ds-mr-double-metaphone-approxNames ds-mr-double-metaphone-approxOrigin OpenDS Directory ServerDescription Double Metaphone Approximate MatchOID 1.3.6.1.4.1.26027.1.4.1Syntax Directory String

ds-mr-user-password-equalityNames ds-mr-user-password-equalityDescription user password matching ruleOID 1.3.6.1.4.1.26027.1.4.3Syntax Octet String

ds-mr-user-password-exactNames ds-mr-user-password-exactOrigin OpenDS Directory ServerDescription user password exact matching ruleOID 1.3.6.1.4.1.26027.1.4.2Syntax User Password

generalizedTimeMatchCompares an assertion value of Generalized Time syntax to a value whose syntax is an ASN.1GeneralizedTime type.

The rule evaluates to TRUE if and only if the attribute value represents a universal coordinated timethat is the same as the assertion value.


Matching RulesgeneralizedTimeOrderingMatch


Names generalizedTimeMatchOrigin RFC 4517OID 2.5.13.27Syntax Generalized Time

generalizedTimeOrderingMatchCompares an assertion value of Generalized Time syntax to a value whose syntax is an ASN.1GeneralizedTime type.

The rule evaluates to TRUE if and only if the attribute value represents a universal coordinated timethat is earlier than the assertion value.

Names generalizedTimeOrderingMatchOrigin RFC 4517OID 2.5.13.28Syntax Generalized Time

historicalCsnOrderingMatchNames historicalCsnOrderingMatchOID 1.3.6.1.4.1.26027.1.4.4Syntax Octet String

historicalCsnRangeMatchNames historicalCsnRangeMatchOrigin OpenDJ Directory ServerOID 1.3.6.1.4.1.36733.2.1.4.3Syntax Directory String

integerFirstComponentMatchCompares an assertion value of Integer syntax to a value whose syntax is an ASN.1 SEQUENCE witha mandatory first component of the ASN.1 INTEGER type.



Matching RulesintegerMatch


The rule evaluates to TRUE if and only if the assertion value and the first component of the attributevalue are the same integer value.

Names integerFirstComponentMatchOrigin RFC 4517OID 2.5.13.29Syntax Integer

integerMatchCompares an assertion value of Integer syntax to a value whose syntax is the ASN.1 INTEGER type.

The rule evaluates to TRUE if and only if the assertion value and the attribute value are the sameinteger value.

Names integerMatchOrigin RFC 4517OID 2.5.13.14Syntax Integer

integerOrderingMatchCompares an assertion value of Integer syntax to a value whose syntax is the ASN.1 INTEGER type.

The rule evaluates to TRUE if and only if the integer value of the assertion is less than the integervalue of the attribute.

Names integerOrderingMatchOrigin RFC 4517OID 2.5.13.15Syntax Integer

jsonFirstComponentCaseExactJsonQueryMatchThis matching rule compares JSON ignoring white space that is not significant. For the comparison,characters are not case-folded.

When used for JSON indexing, this rule indexes all JSON fields.

Names jsonFirstComponentCaseExactJsonQueryMatch




Matching RulesjsonFirstComponentCaseIgnoreJsonQueryMatch


Origin OpenDJ Directory ServerOID 1.3.6.1.4.1.36733.2.1.4.9Syntax Name and Optional JSON

jsonFirstComponentCaseIgnoreJsonQueryMatchThis matching rule compares JSON ignoring white space that is not significant. For the comparison,characters are case-folded.

When used for JSON indexing, this rule indexes all JSON fields.

Names jsonFirstComponentCaseIgnoreJsonQueryMatchOrigin OpenDJ Directory ServerOID 1.3.6.1.4.1.36733.2.1.4.8Syntax Name and Optional JSON

keywordMatchCompares an assertion value of Directory String syntax to a value whose syntax is the ASN.1DirectoryString type.

The rule evaluates to TRUE if and only if the assertion value character string matches a keyword inthe attribute value, where keyword matches are implementation defined.

In this implementation, a keyword match occurs if the assertion value is contained within theattribute value, and the assertion value is bounded by the start or the end of the attribute value orany of the following characters:

• A space

• A period

• A comma

• A slash

• A dollar sign

• A plus sign

• A dash

• An underscore

Matching RulesnameAndOptionalCaseExactJsonIdEqualityMatch


• An octothorpe (#)

• An equal sign

Names keywordMatchOrigin RFC 4517OID 2.5.13.33Syntax Directory String

nameAndOptionalCaseExactJsonIdEqualityMatchThis matching rule compares only the DN and the _id field of the optional JSON, ignoring other fieldsof the optional JSON.

For the comparison, characters are not case-folded.

Names nameAndOptionalCaseExactJsonIdEqualityMatchOrigin OpenDJ Directory ServerOID 1.3.6.1.4.1.36733.2.1.4.11Syntax Name and Optional JSON

nameAndOptionalCaseIgnoreJsonIdEqualityMatchThis matching rule compares only the DN and the _id field of the optional JSON, ignoring other fieldsof the optional JSON.

For the comparison, characters are case-folded.

Names nameAndOptionalCaseIgnoreJsonIdEqualityMatchOrigin OpenDJ Directory ServerOID 1.3.6.1.4.1.36733.2.1.4.10Syntax Name and Optional JSON

nameAndOptionalJsonEqualityMatchingRuleThis matching rule ignores optional JSON prepended to the DN value.

Names nameAndOptionalJsonEqualityMatchingRule


Matching RulesnumericStringMatch


Origin OpenDJ Directory ServerOID 1.3.6.1.4.1.36733.2.1.4.7Syntax Name and Optional JSON

numericStringMatchCompares an assertion of Numeric String syntax to a value whose syntax is the ASN.1 NumericStringtype.


Names numericStringMatchOrigin RFC 4517OID 2.5.13.8Syntax Numeric String

numericStringOrderingMatchCompares an assertion of Numeric String syntax to a value whose syntax is the ASN.1 NumericStringtype.

The rule evaluates to TRUE if and only if the prepared attribute value string is less than preparedassertion value string according to the code point collation order. For the comparison, charactersare not case folded, and only insignificant white space handling is applied. All space characters areskipped during rule evaluation.

Names numericStringOrderingMatchOrigin RFC 4517OID 2.5.13.9Syntax Numeric String

numericStringSubstringsMatchCompares an assertion of Numeric String syntax to a value whose syntax is the ASN.1 NumericStringtype.




Matching RulesobjectIdentifierFirstComponentMatch






Names numericStringSubstringsMatchOrigin RFC 4517OID 2.5.13.10Syntax Substring Assertion

objectIdentifierFirstComponentMatchCompares an assertion value of OID syntax to a value whose syntax is an ASN.1 SEQUENCE with amandatory first component of the ASN.1 OBJECT IDENTIFIER type.

The rule evaluates to TRUE if and only if the assertion value matches the first component of theattribute value according to the objectIdentifierMatch matching rule.

Names objectIdentifierFirstComponentMatchOrigin RFC 4517OID 2.5.13.30Syntax OID

objectIdentifierMatchCompares an assertion value of OID syntax to a value whose syntax is the ASN.1 OBJECTIDENTIFIER type.

The rule evaluates to TRUE if and only if the assertion value and the attribute value represent thesame object identifier value, that is, the same sequence of integers.

Names objectIdentifierMatchOrigin RFC 4517OID 2.5.13.0Syntax OID




Matching RulesoctetStringMatch


octetStringMatchCompares an assertion value of Octet String syntax to a value whose syntax is the ASN.1 OCTETSTRING type.

The rule evaluates to TRUE if and only if the assertion value and the attribute value are of the samelength, and corresponding octets are the same.

Names octetStringMatchOrigin RFC 4517OID 2.5.13.17Syntax Octet String

octetStringOrderingMatchCompares an assertion value of Octet String syntax to a value whose syntax is the ASN.1 OCTETSTRING type.

The rule evaluates to TRUE if and only if the assertion value is less than the attribute value accordingto the collation order. Octets are compared from the first octet to the last octet, and within octetsfrom the most significant bit to the least significant bit.

Names octetStringOrderingMatchOrigin RFC 4517OID 2.5.13.18Syntax Octet String

octetStringSubstringsMatchNames octetStringSubstringsMatchOrigin X.500OID 2.5.13.19Syntax Octet String

partialDateAndTimeMatchingRuleNames partialDateAndTimeMatchingRule



Matching RulespresentationAddressMatch


Origin OpenDS Directory ServerDescription partial date and time matchingOID 1.3.6.1.4.1.26027.1.4.7Syntax Generalized Time

presentationAddressMatchThis rule behaves exactly like the caseIgnoreMatch rule.

Names presentationAddressMatchOrigin RFC 2252OID 2.5.13.22Syntax Presentation Address

protocolInformationMatchThis rule behaves exactly like the caseIgnoreMatch rule.

Names protocolInformationMatchOrigin RFC 2252OID 2.5.13.24Syntax Protocol Information

relativeTimeGTOrderingMatchNames relativeTimeGTOrderingMatch, relativeTimeOrderingMatch.gtOrigin OpenDS Directory ServerDescription greater-than relative time for time-based searchesOID 1.3.6.1.4.1.26027.1.4.5Syntax Generalized Time

relativeTimeLTOrderingMatchNames relativeTimeLTOrderingMatch, relativeTimeOrderingMatch.lt



Matching RulestelephoneNumberMatch


Origin OpenDS Directory ServerDescription less-than relative time for time-based searchesOID 1.3.6.1.4.1.26027.1.4.6Syntax Generalized Time

telephoneNumberMatchCompares an assertion value of Telephone Number syntax to a value whose syntax is an ASN.1PrintableString representing a telephone number.

The rule evaluates to TRUE if and only if the assertion value and the attribute value are of the samelength, and corresponding octets are the same. For the comparison, characters are case folded, andonly telephoneNumber insignificant white space handling is applied.

Names telephoneNumberMatchOrigin RFC 4517OID 2.5.13.20Syntax Telephone Number

telephoneNumberSubstringsMatchCompares an assertion of Substring Assertion syntax to a value whose syntax is an ASN.1PrintableString representing a telephone number.





Strings match when their characters correspond at each code point. For the comparison, charactersare case folded, and only telephoneNumber insignificant white space handling is applied.

Names telephoneNumberSubstringsMatchOrigin RFC 4517OID 2.5.13.21Syntax Substring Assertion



Matching RulesuniqueMemberMatch


uniqueMemberMatchCompares an assertion value of Name And Optional UID syntax to a value whose syntax is an ASN.1NameAndOptionalUID type.

The rule evaluates to TRUE if and only if The distinguished name components of the assertion valueand the attribute value match according to the distinguishedNameMatch rule, and either of the followingare true:

• The bit string component is absent from both values.

• The bit string components are present in both values, and they match according to thebitStringMatch rule.

Names uniqueMemberMatchOrigin RFC 4517OID 2.5.13.23Syntax Name and Optional UID

uuidMatchCompares an asserted UUID with a stored UUID for equality.

This rule uses the same semantics as octetStringMatch, except the assertion value is encoded using theUUID string representation, rather than the normal OCTET STRING string representation.

Names uuidMatchOrigin RFC 4530OID 1.3.6.1.1.16.2Syntax UUID

uuidOrderingMatchCompares an asserted UUID with a stored UUID for ordering.

This rule uses the same semantics as octetStringOrderingMatch, except the assertion value is encodedusing the UUID string representation, rather than the normal OCTET STRING string representation.

UUIDs do not necessarily have a natural ordering. Servers are not required to assign UUIDs in anyparticular order.

Names uuidOrderingMatch



Matching RuleswordMatch


Origin RFC 4530OID 1.3.6.1.1.16.3Syntax UUID

wordMatchCompares an assertion value of Directory String syntax to a value whose syntax is the ASN.1DirectoryString type.

The rule evaluates to TRUE if and only if the assertion value character string matches a word in theattribute value, according to the semantics of the caseIgnoreMatch rule.

In this implementation, a word match occurs if the assertion value is contained within the attributevalue, and the assertion value is bounded by the start or the end of the attribute value or any of thefollowing characters:

• A space

• A period

• A comma

• A slash

• A dollar sign

• A plus sign

• A dash

• An underscore

• An octothorpe (#)

• An equal sign

Names wordMatchOrigin RFC 4517OID 2.5.13.32Syntax Directory String



Name FormsuddiAddressNameForm


Chapter 6

Name FormsThis chapter covers schema definitions for name forms:

• "uddiAddressNameForm"

• "uddiBindingTemplateNameForm"

• "uddiBusinessEntityNameForm"

• "uddiBusinessServiceNameForm"

• "uddiContactNameForm"

• "uddiPublisherAssertionNameForm"

• "uddiTModelInstanceInfoNameForm"

• "uddiTModelNameForm"

• "uddiv3EntityObituaryNameForm"

• "uddiv3SubscriptionNameForm"

uddiAddressNameFormThis name form defines the naming attribute for an address.

Names uddiAddressNameFormOrigin RFC 4403Structural Object Class uddiAddressSchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.15.3Required Attributes uddiUUID

uddiBindingTemplateNameFormThis name form defines the naming attribute for a binding template.


Name FormsuddiBusinessEntityNameForm


Names uddiBindingTemplateNameFormOrigin RFC 4403Structural Object Class uddiBindingTemplateSchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.15.5Required Attributes uddiBindingKey

uddiBusinessEntityNameFormThis name form defines the naming attribute for a business entity.

Names uddiBusinessEntityNameFormOrigin RFC 4403Structural Object Class uddiBusinessEntitySchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.15.1Required Attributes uddiBusinessKey

uddiBusinessServiceNameFormThis name form defines the naming attribute for a business service.

Names uddiBusinessServiceNameFormOrigin RFC 4403Structural Object Class uddiBusinessServiceSchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.15.4Required Attributes uddiServiceKey

uddiContactNameFormThis name form defines the naming attribute for a contact.

Names uddiContactNameFormOrigin RFC 4403Structural Object Class uddiContact





Name FormsuddiPublisherAssertionNameForm


Schema File 03-uddiv3.ldifOID 1.3.6.1.1.10.15.2Required Attributes uddiUUID

uddiPublisherAssertionNameFormThis name form defines the naming attribute for a publisher assertion.

Names uddiPublisherAssertionNameFormOrigin RFC 4403Structural Object Class uddiPublisherAssertionSchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.15.8Required Attributes uddiUUID

uddiTModelInstanceInfoNameFormThis name form defines the naming attribute for a template model instance information object.

Names uddiTModelInstanceInfoNameFormOrigin RFC 4403Structural Object Class uddiTModelInstanceInfoSchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.15.6Required Attributes uddiTModelKey

uddiTModelNameFormThis name form defines the naming attribute for a name form.

Names uddiTModelNameFormOrigin RFC 4403Structural Object Class uddiTModelSchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.15.7Required Attributes uddiTModelKey




Name Formsuddiv3EntityObituaryNameForm


uddiv3EntityObituaryNameFormThis name form defines the naming attribute for an entry obituary.

Names uddiv3EntityObituaryNameFormOrigin RFC 4403Structural Object Class uddiv3EntityObituarySchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.15.10Required Attributes uddiUUID

uddiv3SubscriptionNameFormThis name form defines the naming attribute for a subscription.

Names uddiv3SubscriptionNameFormOrigin RFC 4403Structural Object Class uddiv3SubscriptionSchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.15.9Required Attributes uddiUUID



Object Classes


Chapter 7

Object ClassesThis chapter covers schema definitions for object classes:

• "account"

• "alias"

• "applicationEntity"

• "applicationProcess"

• "authPasswordObject"

• "automount"

• "automountMap"

• "bootableDevice"

• "calEntry"

• "certificationAuthority-V2"

• "certificationAuthority"

• "changeLogEntry"

• "collectiveAttributeSubentry"

• "container"

• "corbaContainer"

• "corbaObject"

• "corbaObjectReference"

• "country"

• "cRLDistributionPoint"

• "dcObject"

Object Classes


• "deltaCRL"

• "device"

• "devicePrintProfilesContainer"

• "deviceProfilesContainer"

• "dmd"

• "dNSDomain"

• "document"

• "documentSeries"

• "domain"

• "domainRelatedObject"

• "ds-certificate-user"

• "ds-monitor-backend-db"

• "ds-monitor-backend-pluggable"

• "ds-monitor-backend-proxy"

• "ds-monitor-backend"

• "ds-monitor-base-dn"

• "ds-monitor-branch"

• "ds-monitor-certificate"

• "ds-monitor-changelog-domain"

• "ds-monitor-changelog"

• "ds-monitor-connected-changelog"

• "ds-monitor-connected-replica"

• "ds-monitor-connection-handler"

• "ds-monitor-disk-space"

• "ds-monitor-entry-cache"

Object Classes


• "ds-monitor-health-status"

• "ds-monitor-http-connection-handler"

• "ds-monitor-je-database"

• "ds-monitor-jvm"

• "ds-monitor-ldap-connection-handler"

• "ds-monitor-raw-je-database-statistics"

• "ds-monitor-remote-replica"

• "ds-monitor-replica-db"

• "ds-monitor-replica"

• "ds-monitor-server"

• "ds-monitor-topology-server"

• "ds-monitor-work-queue"

• "ds-monitor"

• "ds-pwp-attribute-value-validator"

• "ds-pwp-character-set-validator"

• "ds-pwp-dictionary-validator"

• "ds-pwp-length-based-validator"

• "ds-pwp-password-policy"

• "ds-pwp-random-generator"

• "ds-pwp-repeated-characters-validator"

• "ds-pwp-similarity-based-validator"

• "ds-pwp-unique-characters-validator"

• "ds-pwp-validator"

• "ds-root-dse"

• "ds-virtual-static-group"

Object Classes


• "dSA"

• "DUAConfigProfile"

• "extensibleObject"

• "forgerock-am-dashboard-service"

• "fr-idm-cluster-obj"

• "fr-idm-generic-obj"

• "fr-idm-hybrid-obj"

• "fr-idm-internal-role"

• "fr-idm-internal-user"

• "fr-idm-link"

• "fr-idm-lock"

• "fr-idm-managed-assignment"

• "fr-idm-managed-role"

• "fr-idm-managed-user-explicit"

• "fr-idm-managed-user-hybrid-obj"

• "fr-idm-managed-user"

• "fr-idm-notification"

• "fr-idm-recon-clusteredTargetIds"

• "fr-idm-reconassoc"

• "fr-idm-reconassocentry"

• "fr-idm-relationship"

• "fr-idm-syncqueue"

• "frCoreToken"

• "friendlyCountry"

• "glue"

• "groupOfEntries"

Object Classes


• "groupOfNames"

• "groupOfUniqueNames"

• "groupOfURLs"

• "ieee802Device"

• "inetOrgPerson"

• "inetuser"

• "inheritableLDAPSubEntry"

• "inheritedCollectiveAttributeSubentry"

• "inheritedFromDNCollectiveAttributeSubentry"

• "inheritedFromRDNCollectiveAttributeSubentry"

• "ipHost"

• "iplanet-am-auth-configuration-service"

• "iplanet-am-managed-person"

• "iplanet-am-session-service"

• "iplanet-am-user-service"

• "iPlanetPreferences"

• "ipNetwork"

• "ipProtocol"

• "ipService"

• "ipTnetHost"

• "ipTnetTemplate"

• "javaContainer"

• "javaMarshalledObject"

• "javaNamingReference"

• "javaObject"

• "javaSerializedObject"

Object Classes


• "kbaInfoContainer"

• "labeledURIObject"

• "ldapSubEntry"

• "locality"

• "mailGroup"

• "namedObject"

• "nisDomainObject"

• "nisKeyObject"

• "nisMailAlias"

• "nisMap"

• "nisNetgroup"

• "nisNetId"

• "nisObject"

• "nisplusTimeZoneData"

• "oathDeviceProfilesContainer"

• "oncRpc"

• "organization"

• "organizationalPerson"

• "organizationalRole"

• "organizationalUnit"

• "person"

• "pilotDSA"

• "pilotObject"

• "pilotOrganization"

• "pilotPerson"

• "pkiCA"

Object Classes


• "pkiUser"

• "posixAccount"

• "posixGroup"

• "printerAbstract"

• "printerIPP"

• "printerLPR"

• "printerService"

• "printerServiceAuxClass"

• "pushDeviceProfilesContainer"

• "pwdPolicy"

• "pwdValidatorPolicy"

• "qualityLabelledData"

• "referral"

• "residentialPerson"

• "rFC822LocalPart"

• "room"

• "sambaConfig"

• "sambaConfigOption"

• "sambaDomain"

• "sambaGroupMapping"

• "sambaIdmapEntry"

• "sambaPrivilege"

• "sambaSamAccount"

• "sambaShare"

• "sambaSidEntry"

• "sambaTrustPassword"

Object Classes


• "sambaUnixIdPool"

• "shadowAccount"

• "simpleSecurityObject"

• "slpService"

• "slpServicePrinter"

• "SolarisAuditUser"

• "SolarisAuthAttr"

• "SolarisExecAttr"

• "SolarisNamingProfile"

• "SolarisProfAttr"

• "SolarisProject"

• "SolarisUserAttr"

• "strongAuthenticationUser"

• "subentry"

• "subschema"

• "sunAMAuthAccountLockout"

• "sunFMSAML2NameIdentifier"

• "sunPrinter"

• "sunRealmService"

• "sunservice"

• "sunservicecomponent"

• "top"

• "uddiAddress"

• "uddiBindingTemplate"

• "uddiBusinessEntity"

• "uddiBusinessService"

Object Classesaccount


• "uddiContact"

• "uddiPublisherAssertion"

• "uddiTModel"

• "uddiTModelInstanceInfo"

• "uddiv3EntityObituary"

• "uddiv3Subscription"

• "uidObject"

• "untypedObject"

• "userSecurityInformation"

• "webauthnDeviceProfilesContainer"

accountEntries of this object class represent computer accounts.

Use uid as the naming attribute.

Names accountOrigin RFC 4524Superior Classes topOptional Attributes description, host, l, o, ou, seeAlsoSchema File 00-core.ldifOID 0.9.2342.19200300.100.4.5Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes objectClass, uid

aliasEntry pointing to another entry, using an aliasedObjectName attribute value.

An alias name is an alternative name for an entry. Alias objects are leaf entries (no subordinates).

ForgeRock servers do not support alias dereferencing.


Object ClassesapplicationEntity


Names aliasOrigin RFC 4512Superior Classes topSchema File 00-core.ldifOID 2.5.6.1Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes aliasedObjectName, objectClass

applicationEntityRepresents an OSI application.

Names applicationEntityOrigin RFC 2256Superior Classes topOptional Attributes description, l, o, ou, seeAlso, supportedApplicationContextSchema File 00-core.ldifOID 2.5.6.12Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes cn, objectClass, presentationAddress

applicationProcessRepresents an application executing in a computer system.

Names applicationProcessOrigin RFC 4519Superior Classes topOptional Attributes description, l, ou, seeAlsoSchema File 00-core.ldifOID 2.5.6.11Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes cn, objectClass




Object ClassesauthPasswordObject


authPasswordObjectEntries of this class optionally contain authPassword attributes.

Names authPasswordObjectOrigin RFC 3112Description authentication password mix in classOptional Attributes authPasswordSchema File 03-rfc3112.ldifOID 1.3.6.1.4.1.4203.1.4.7Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.

automountNames automountOrigin draft-howard-rfc2307bisSuperior Classes topDescription Automount informationOptional Attributes descriptionSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.17Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes automountInformation, automountKey, objectClass

automountMapNames automountMapOrigin draft-howard-rfc2307bisSuperior Classes topOptional Attributes descriptionSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.16Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.




Object ClassesbootableDevice


Required Attributes automountMapName, objectClass

bootableDeviceNames bootableDeviceOrigin draft-howard-rfc2307bisSuperior Classes topDescription A device with boot parameters; device SHOULD be used as a structural classOptional Attributes bootFile, bootParameterSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.12Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes objectClass

calEntryEntry specifying locations for a calendaring and scheduling client to access a user's calendar andsend event requests to the user.

Names calEntryOrigin RFC 2739Superior Classes topOptional Attributes calCAPURI, calCalAdrURI, calCalURI, calFBURL, calOtherCAPURIs,

calOtherCalAdrURIs, calOtherCalURIs, calOtherFBURLsSchema File 03-rfc2739.ldifOID 1.2.840.113556.1.5.87Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


certificationAuthority-V2Object class for augmenting entries that act as certificate authorities, as described in X.521 clause6.18.

This object class is deprecated. Use pkiCA instead.



Object ClassescertificationAuthority


Names certificationAuthority-V2Origin RFC 4523Superior Classes certificationAuthorityOptional Attributes crossCertificatePair, deltaRevocationListSchema File 00-core.ldifOID 2.5.6.16.2Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes authorityRevocationList, cACertificate, certificateRevocationList, objectClass

certificationAuthorityObject class for augmenting entries that act as certificate authorities, as described in X.521 clause6.17.

This object class is deprecated. Use pkiCA instead.

Names certificationAuthorityOrigin RFC 4523Superior Classes topOptional Attributes crossCertificatePairSchema File 00-core.ldifOID 2.5.6.16Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes authorityRevocationList, cACertificate, certificateRevocationList, objectClass

changeLogEntryEntries of this object class represent changes made to a directory server. The set of changes made toa directory server is given by the set of all entries in the changelog, ordered by changeNumber.

Note The changeNumber is unique to a server, and not necessarily shared or synchronized acrossservers. The change numbers for ForgeRock servers can be synchronized using the dsrepl reset-change-number command. ForgeRock servers also provide an alternative changeLogCookie attribute, whichcan be used reliably across a replicated topology.

A client application may synchronize its local copy of directory data by reading the server's changelogfor entries where the changeNumber is greater than or equal to the last change that the client read from



Object ClassescollectiveAttributeSubentry


the server. A server can, however, trim its changelog. If the last change read from the changelog isnot returned in search results, the client application must fall back to rebuilding its entire copy ofdirectory data.

Names changeLogEntryOrigin draft-good-ldap-changelogSuperior Classes topOptional Attributes changes, deleteOldRDN, newRDN, newSuperiorSchema File 03-changelog.ldifOID 2.16.840.1.113730.3.2.1Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes changeNumber, changeTime, changeType, objectClass, targetDN

collectiveAttributeSubentrySubentry for allocating collective attributes, which are attributes that apply to a group of entries.

Names collectiveAttributeSubentryOrigin RFC 3671Description LDAP Collective Attributes Subentry classSchema File 00-core.ldifOID 2.5.17.2Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


containerMicrosoft Active Directory object class for an entry used to contain other classes.

Names containerOrigin Microsoft Active DirectorySuperior Classes topSchema File 03-changelog.ldifOID 1.2.840.113556.1.3.23Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one




Object ClassescorbaContainer


Required Attributes cn, objectClass

corbaContainerEntry that contains a CORBA object.

Names corbaContainerOrigin RFC 2714Superior Classes topDescription Container for a CORBA objectSchema File 03-rfc2714.ldifOID 1.3.6.1.4.1.42.2.27.4.2.10Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


corbaObjectAbstract parent for entries that represent CORBA objects.

Names corbaObjectOrigin RFC 2714Superior Classes topDescription CORBA object representationOptional Attributes corbaRepositoryId, descriptionSchema File 03-rfc2714.ldifOID 1.3.6.1.4.1.42.2.27.4.2.9Class Type ABSTRACT: for use when defining other object classes.Required Attributes objectClass

corbaObjectReferenceEntry that represents a reference to a CORBA object.

Names corbaObjectReferenceOrigin RFC 2714




Object Classescountry


Superior Classes corbaObjectDescription CORBA interoperable object referenceOptional Attributes corbaRepositoryId, descriptionSchema File 03-rfc2714.ldifOID 1.3.6.1.4.1.42.2.27.4.2.11Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes corbaIor, objectClass

countryRepresents a country.

Names countryOrigin RFC 4519Superior Classes topOptional Attributes description, searchGuideSchema File 00-core.ldifOID 2.5.6.2Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes c, objectClass

cRLDistributionPointObject class for augmenting entries that act as certificate revocation list distribution points, asdescribed in X.509 clause 11.1.3.

Names cRLDistributionPointOrigin RFC 4523Superior Classes topOptional Attributes authorityRevocationList, certificateRevocationList, deltaRevocationListSchema File 00-core.ldifOID 2.5.6.19Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one




Object ClassesdcObject



dcObjectPermits an entry to hold domain component information.

Names dcObjectOrigin RFC 4519Superior Classes topSchema File 00-core.ldifOID 1.3.6.1.4.1.1466.344Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes dc, objectClass

deltaCRLObject class for augmenting entries that hold delta revocation lists, as described in X.509 clause11.1.4.

Names deltaCRLOrigin RFC 4523Superior Classes topDescription X.509 delta CRLOptional Attributes deltaRevocationListSchema File 00-core.ldifOID 2.5.6.23Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


deviceRepresents an appliance, computer, or network element.

Names device



Object ClassesdevicePrintProfilesContainer


Origin RFC 4519Superior Classes topOptional Attributes description, l, o, ou, owner, seeAlso, serialNumberSchema File 00-core.ldifOID 2.5.6.14Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


devicePrintProfilesContainerNames devicePrintProfilesContainerOrigin OpenAMSuperior Classes topDescription Class containing device print profilesOptional Attributes devicePrintProfilesSchema File 60-identity-store-ds-deviceprint.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.2.4Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


deviceProfilesContainerNames deviceProfilesContainerOrigin OpenAMSuperior Classes topDescription Class containing device profilesOptional Attributes deviceProfilesSchema File 60-identity-store-ds-deviceprofiles.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.2.13Class Type AUXILIARY: for use in augmenting attributes of entries that already have a



Object Classesdmd


Required Attributes objectClass

dmdRepresents a Directory Management Domain, which is the administrative authority for this directoryserver.

Names dmdOrigin RFC 2256Superior Classes topOptional Attributes businessCategory, description, destinationIndicator, facsimileTelephoneNumber,

internationaliSDNNumber, l, physicalDeliveryOfficeName, postOfficeBox,postalAddress, postalCode, preferredDeliveryMethod, registeredAddress,searchGuide, seeAlso, st, street, telephoneNumber, teletexTerminalIdentifier,telexNumber, userPassword, x121Address

Schema File 00-core.ldifOID 2.5.6.20Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes dmdName, objectClass

dNSDomainEntries of this object class represent DNS domains.

Names dNSDomainOrigin RFC 1274Superior Classes domainOptional Attributes aRecord, associatedName, businessCategory, cNAMERecord, description,

destinationIndicator, facsimileTelephoneNumber, internationaliSDNNumber, l,mDRecord, mxRecord, nSRecord, o, physicalDeliveryOfficeName, postOfficeBox,postalAddress, postalCode, preferredDeliveryMethod, registeredAddress,sOARecord, searchGuide, seeAlso, st, street, telephoneNumber,teletexTerminalIdentifier, telexNumber, userPassword, x121Address

Schema File 00-core.ldifOID 0.9.2342.19200300.100.4.15Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes dc, objectClass



Object Classesdocument


documentEntries of this object class represent documents.

Names documentOrigin RFC 4524Superior Classes topOptional Attributes cn, description, documentAuthor, documentLocation, documentPublisher,

documentTitle, documentVersion, l, o, ou, seeAlsoSchema File 00-core.ldifOID 0.9.2342.19200300.100.4.6Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes documentIdentifier, objectClass

documentSeriesEntries of this object class represent a series of documents.

Names documentSeriesOrigin RFC 4524Superior Classes topOptional Attributes description, l, o, ou, seeAlso, telephoneNumberSchema File 00-core.ldifOID 0.9.2342.19200300.100.4.9Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


domainEntries of this object class represent DNS domains for entries that do not represent organizations ororganizational units. For organizations or organizational units, see domainRelatedObject.

Use dc as the naming attribute.

Names domainOrigin RFC 4524




Object ClassesdomainRelatedObject


Superior Classes topOptional Attributes associatedName, businessCategory, description, destinationIndicator,

facsimileTelephoneNumber, internationaliSDNNumber, l, o,physicalDeliveryOfficeName, postOfficeBox, postalAddress, postalCode,preferredDeliveryMethod, registeredAddress, searchGuide, seeAlso, st, street,telephoneNumber, teletexTerminalIdentifier, telexNumber, userPassword,x121Address


structural object class superclass chain.Required Attributes dc, objectClass

domainRelatedObjectEntries of this object class represent DNS domains that are equivalent to an X.500 domain, in otherwords an organization or organizational unit.

Names domainRelatedObjectOrigin RFC 4524Superior Classes topSchema File 00-core.ldifOID 0.9.2342.19200300.100.4.17Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes associatedDomain, objectClass

ds-certificate-userObject class for a user or application entry with a digital certificate.

Names ds-certificate-userOrigin OpenDS Directory ServerSuperior Classes topOptional Attributes ds-certificate-fingerprint, ds-certificate-issuer-dn, ds-certificate-subject-dn,

userCertificateSchema File 02-config.ldifOID 1.3.6.1.4.1.26027.1.2.82


Object Classesds-monitor-backend-db


Class Type AUXILIARY: for use in augmenting attributes of entries that already have astructural object class.


ds-monitor-backend-dbNames ds-monitor-backend-dbOrigin OpenDJ Directory ServerSuperior Classes ds-monitor-backend-pluggableDescription Database backend metricsOptional Attributes ds-mon-backend-degraded-index, ds-mon-backend-entry-count, ds-mon-backend-

filter-useSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.96Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes ds-mon-backend-degraded-index-count, ds-mon-backend-filter-use-indexed, ds-

mon-backend-filter-use-start-time, ds-mon-backend-filter-use-unindexed, ds-mon-backend-is-private, ds-mon-backend-ttl-entries-deleted, ds-mon-backend-ttl-is-running, ds-mon-backend-ttl-last-run-time, ds-mon-backend-ttl-queue-size, ds-mon-backend-ttl-thread-count, ds-mon-backend-writability-mode, ds-mon-db-cache-evict-internal-nodes-count, ds-mon-db-cache-evict-leaf-nodes-count, ds-mon-db-cache-leaf-nodes, ds-mon-db-cache-misses-internal-nodes, ds-mon-db-cache-misses-leaf-nodes, ds-mon-db-cache-size-active, ds-mon-db-cache-size-total, ds-mon-db-cache-total-tries-internal-nodes, ds-mon-db-cache-total-tries-leaf-nodes,ds-mon-db-checkpoint-count, ds-mon-db-log-cleaner-file-deletion-count, ds-mon-db-log-files-open, ds-mon-db-log-files-opened, ds-mon-db-log-size-active, ds-mon-db-log-size-total, ds-mon-db-log-utilization-max, ds-mon-db-log-utilization-min, ds-mon-db-version, objectClass, ds-cfg-backend-id

ds-monitor-backend-pluggableNames ds-monitor-backend-pluggableOrigin OpenDJ Directory ServerSuperior Classes ds-monitor-backendDescription Pluggable backend metricsOptional Attributes ds-mon-backend-degraded-index, ds-mon-backend-entry-count, ds-mon-backend-

filter-useSchema File 02-config.ldif

Object Classesds-monitor-backend-proxy


OID 1.3.6.1.4.1.36733.2.1.2.75Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes ds-mon-backend-degraded-index-count, ds-mon-backend-filter-use-indexed, ds-

mon-backend-filter-use-start-time, ds-mon-backend-filter-use-unindexed, ds-mon-backend-is-private, ds-mon-backend-ttl-entries-deleted, ds-mon-backend-ttl-is-running, ds-mon-backend-ttl-last-run-time, ds-mon-backend-ttl-queue-size, ds-mon-backend-ttl-thread-count, ds-mon-backend-writability-mode, objectClass, ds-cfg-backend-id

ds-monitor-backend-proxyNames ds-monitor-backend-proxyOrigin OpenDJ Directory ServerSuperior Classes ds-monitor-backendDescription Proxy backend metricsOptional Attributes ds-mon-backend-entry-countSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.93Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes ds-mon-backend-is-private, ds-mon-backend-proxy-base-dn, ds-mon-backend-

proxy-shard, ds-mon-backend-writability-mode, objectClass, ds-cfg-backend-id

ds-monitor-backendNames ds-monitor-backendOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Backend metricsOptional Attributes ds-mon-backend-entry-countSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.74Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes ds-mon-backend-is-private, ds-mon-backend-writability-mode, objectClass, ds-cfg-

backend-id

Object Classesds-monitor-base-dn


ds-monitor-base-dnNames ds-monitor-base-dnOrigin OpenDJ Directory ServerSuperior Classes ds-monitor-backendDescription Metrics for base DN handled in a backendOptional Attributes ds-mon-backend-entry-countSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.94Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes ds-mon-backend-is-private, ds-mon-backend-writability-mode, ds-mon-base-dn, ds-

mon-base-dn-entry-count, objectClass, ds-cfg-backend-id

ds-monitor-branchNames ds-monitor-branchOrigin OpenDJ Directory ServerSuperior Classes topDescription Glue entry with no metrics of its ownSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.69Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


ds-monitor-certificateNames ds-monitor-certificateOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Key manager certificate metricsSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.73Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


Object Classesds-monitor-changelog-domain


Required Attributes ds-mon-alias, ds-mon-certificate-expires-at, ds-mon-certificate-issuer-dn, ds-mon-certificate-serial-number, ds-mon-certificate-subject-dn, objectClass

ds-monitor-changelog-domain

Names ds-monitor-changelog-domainOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Replication server changelog domain metricsSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.89Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes ds-mon-domain-generation-id, ds-mon-domain-name, objectClass

ds-monitor-changelog

Names ds-monitor-changelogOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Replication server metricsSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.88Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes cn, ds-mon-newest-change-number, ds-mon-oldest-change-number, ds-mon-server-

id, objectClass

ds-monitor-connected-changelog

Names ds-monitor-connected-changelogOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Metrics for a remote replication server connected to this replication server

Object Classesds-monitor-connected-replica


Optional Attributes ds-mon-server-stateSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.87Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes ds-mon-changelog-hostport, ds-mon-changelog-id, ds-mon-connected-to-server-

hostport, ds-mon-current-receive-window, ds-mon-domain-generation-id, ds-mon-ssl-encryption, objectClass

ds-monitor-connected-replicaNames ds-monitor-connected-replicaOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Metrics for a remote replica connected to this serverSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.84Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes ds-mon-admin-hostport, ds-mon-connected-to-server-hostport, ds-mon-current-

receive-window, ds-mon-domain-generation-id, ds-mon-server-id, ds-mon-ssl-encryption, objectClass

ds-monitor-connection-handlerNames ds-monitor-connection-handlerOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Connection handler metricsSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.70Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes cn, ds-mon-active-connections-count, ds-mon-bytes-read, ds-mon-bytes-written, ds-

mon-config-dn, ds-mon-listen-address, ds-mon-protocol, ds-mon-requests-failure-client-invalid-request, ds-mon-requests-failure-client-security, ds-mon-requests-failure-server, ds-mon-requests-failure-uncategorized, objectClass

Object Classesds-monitor-disk-space


ds-monitor-disk-spaceNames ds-monitor-disk-spaceOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Monitored disks metricsSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.78Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes ds-mon-disk-dir, ds-mon-disk-free, ds-mon-disk-full-threshold, ds-mon-disk-low-

threshold, ds-mon-disk-root, ds-mon-disk-state, objectClass

ds-monitor-entry-cacheNames ds-monitor-entry-cacheOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Entry cache metricsOptional Attributes ds-mon-cache-max-entry-count, ds-mon-cache-max-size-bytesSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.79Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes cn, ds-mon-cache-entry-count, ds-mon-cache-misses, ds-mon-cache-total-tries,

objectClass

ds-monitor-health-statusNames ds-monitor-health-statusOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription The server health statusOptional Attributes ds-mon-alive-errors, ds-mon-healthy-errorsSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.99

Object Classesds-monitor-http-connection-handler


Class Type STRUCTURAL: for structural specification of the DIT. Entries have only onestructural object class superclass chain.

Required Attributes cn, ds-mon-alive, ds-mon-healthy, objectClass

ds-monitor-http-connection-handlerNames ds-monitor-http-connection-handlerOrigin OpenDJ Directory ServerSuperior Classes ds-monitor-connection-handlerDescription HTTP connection handler metricsSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.72Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes cn, ds-mon-active-connections-count, ds-mon-bytes-read, ds-mon-bytes-written,

ds-mon-config-dn, ds-mon-listen-address, ds-mon-protocol, ds-mon-requests-delete, ds-mon-requests-failure-client-invalid-request, ds-mon-requests-failure-client-redirect, ds-mon-requests-failure-client-security, ds-mon-requests-failure-server, ds-mon-requests-failure-uncategorized, ds-mon-requests-get, ds-mon-requests-patch, ds-mon-requests-post, ds-mon-requests-put, ds-mon-requests-uncategorized, objectClass

ds-monitor-je-databaseNames ds-monitor-je-databaseOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription JE database metricsSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.77Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes objectClass

ds-monitor-jvmNames ds-monitor-jvm

Object Classesds-monitor-ldap-connection-handler


Origin OpenDJ Directory ServerSuperior Classes ds-monitorDescription JVM metricsOptional Attributes ds-mon-jvm-threads-deadlocksSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.81Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes ds-mon-jvm-architecture, ds-mon-jvm-arguments, ds-mon-jvm-available-cpus, ds-

mon-jvm-class-path, ds-mon-jvm-classes-loaded, ds-mon-jvm-classes-unloaded, ds-mon-jvm-java-home, ds-mon-jvm-java-vendor, ds-mon-jvm-java-version, ds-mon-jvm-memory-heap-init, ds-mon-jvm-memory-heap-max, ds-mon-jvm-memory-heap-reserved, ds-mon-jvm-memory-heap-used, ds-mon-jvm-memory-init, ds-mon-jvm-memory-max, ds-mon-jvm-memory-non-heap-init, ds-mon-jvm-memory-non-heap-max, ds-mon-jvm-memory-non-heap-reserved, ds-mon-jvm-memory-non-heap-used,ds-mon-jvm-memory-reserved, ds-mon-jvm-memory-used, ds-mon-jvm-supported-tls-ciphers, ds-mon-jvm-supported-tls-protocols, ds-mon-jvm-threads-blocked-count, ds-mon-jvm-threads-count, ds-mon-jvm-threads-daemon-count, ds-mon-jvm-threads-deadlock-count, ds-mon-jvm-threads-new-count, ds-mon-jvm-threads-runnable-count, ds-mon-jvm-threads-terminated-count, ds-mon-jvm-threads-timed-waiting-count, ds-mon-jvm-threads-waiting-count, ds-mon-jvm-vendor, ds-mon-jvm-version, objectClass

ds-monitor-ldap-connection-handlerNames ds-monitor-ldap-connection-handlerOrigin OpenDJ Directory ServerSuperior Classes ds-monitor-connection-handlerDescription LDAP connection handler metricsOptional Attributes ds-mon-connectionSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.71Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes cn, ds-mon-abandoned-requests, ds-mon-active-connections-count, ds-mon-active-

persistent-searches, ds-mon-bytes-read, ds-mon-bytes-written, ds-mon-config-dn,ds-mon-connections, ds-mon-listen-address, ds-mon-protocol, ds-mon-requests-abandon, ds-mon-requests-add, ds-mon-requests-bind, ds-mon-requests-compare,ds-mon-requests-delete, ds-mon-requests-extended, ds-mon-requests-failure-client-invalid-request, ds-mon-requests-failure-client-referral, ds-mon-requests-failure-client-resource-limit, ds-mon-requests-failure-client-security, ds-mon-requests-failure-server, ds-mon-requests-failure-uncategorized, ds-mon-requests-modify, ds-

Object Classesds-monitor-raw-je-database-statistics


mon-requests-modify-dn, ds-mon-requests-search-base, ds-mon-requests-search-one, ds-mon-requests-search-sub, ds-mon-requests-unbind, ds-mon-requests-uncategorized, objectClass

ds-monitor-raw-je-database-statisticsNames ds-monitor-raw-je-database-statisticsOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Raw metrics exposed by a JE databaseSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.95Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


ds-monitor-remote-replicaNames ds-monitor-remote-replicaOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Remote replica metricsSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.90Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes ds-mon-domain-name, ds-mon-receive-delay, ds-mon-replay-delay, ds-mon-

replayed-updates, ds-mon-server-id, objectClass

ds-monitor-replica-dbNames ds-monitor-replica-dbOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Replica database metrics

Object Classesds-monitor-replica


Schema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.85Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes ds-mon-newest-csn, ds-mon-newest-csn-timestamp, ds-mon-oldest-csn, ds-mon-

oldest-csn-timestamp, ds-mon-server-id, objectClass

ds-monitor-replica

Names ds-monitor-replicaOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Local replica metricsOptional Attributes ds-mon-total-update, ds-mon-total-update-entry-count, ds-mon-total-update-entry-

leftSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.91Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes ds-mon-connected-to-server-hostport, ds-mon-connected-to-server-id, ds-mon-

current-receive-window, ds-mon-domain-generation-id, ds-mon-domain-name, ds-mon-entries-awaiting-updates-count, ds-mon-lost-connections, ds-mon-receive-delay, ds-mon-replay-delay, ds-mon-replayed-updates, ds-mon-replayed-updates-conflicts-resolved, ds-mon-replayed-updates-conflicts-unresolved, ds-mon-sent-updates, ds-mon-server-id, ds-mon-ssl-encryption, ds-mon-status, ds-mon-status-last-changed, ds-mon-updates-inbound-queue, ds-mon-updates-outbound-queue,ds-mon-updates-totals-per-replay-thread, objectClass

ds-monitor-server

Names ds-monitor-serverOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Directory Server version information and other global metricsOptional Attributes ds-mon-build-number, ds-mon-fix-ids, ds-mon-version-qualifierSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.76

Object Classesds-monitor-topology-server



Required Attributes ds-mon-build-time, ds-mon-compact-version, ds-mon-current-connections, ds-mon-current-time, ds-mon-full-version, ds-mon-install-path, ds-mon-instance-path, ds-mon-major-version, ds-mon-max-connections, ds-mon-minor-version, ds-mon-os-architecture, ds-mon-os-name, ds-mon-os-version, ds-mon-point-version, ds-mon-product-name, ds-mon-revision, ds-mon-short-name, ds-mon-start-time, ds-mon-system-name, ds-mon-total-connections, ds-mon-vendor-name, ds-mon-working-directory, objectClass

ds-monitor-topology-serverNames ds-monitor-topology-serverOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription A server in the topologyOptional Attributes ds-mon-admin-hostport, ds-mon-changelog-hostport, ds-mon-changelog-purge-

delay, ds-mon-ldap-hostport, ds-mon-ldap-starttls-hostport, ds-mon-ldaps-hostport,ds-mon-replication-domain

Schema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.103Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes ds-mon-group-id, ds-mon-last-seen, ds-mon-process-id, ds-mon-replication-

protocol-version, ds-mon-server-id, ds-mon-server-is-local, objectClass

ds-monitor-work-queueNames ds-monitor-work-queueOrigin OpenDJ Directory ServerSuperior Classes ds-monitorDescription Work queue metricsSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.83Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes cn, ds-mon-requests-in-queue, ds-mon-requests-rejected-queue-full, ds-mon-

requests-submitted, objectClass

Object Classesds-monitor


ds-monitor

Names ds-monitorOrigin OpenDJ Directory ServerSuperior Classes topDescription Base object class for Directory Server metricsSchema File 02-config.ldifOID 1.3.6.1.4.1.36733.2.1.2.68Class Type ABSTRACT: for use when defining other object classes.Required Attributes objectClass

ds-pwp-attribute-value-validator

Names ds-pwp-attribute-value-validatorOrigin ForgeRock Directory ServerSuperior Classes ds-pwp-validatorOptional Attributes ds-pwp-attribute-value-check-substrings, ds-pwp-attribute-value-match-attribute,

ds-pwp-attribute-value-min-substring-length, ds-pwp-attribute-value-test-reversed-password

Schema File 03-pwpolicyextension.ldifOID 1.3.6.1.4.1.36733.2.1.2.118Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


ds-pwp-character-set-validator

Names ds-pwp-character-set-validatorOrigin ForgeRock Directory ServerSuperior Classes ds-pwp-validatorOptional Attributes ds-pwp-character-set-allow-unclassified-characters, ds-pwp-character-set-

character-set, ds-pwp-character-set-character-set-ranges, ds-pwp-character-set-min-character-sets

Schema File 03-pwpolicyextension.ldifOID 1.3.6.1.4.1.36733.2.1.2.119

Object Classesds-pwp-dictionary-validator




ds-pwp-dictionary-validatorNames ds-pwp-dictionary-validatorOrigin ForgeRock Directory ServerSuperior Classes ds-pwp-validatorOptional Attributes ds-pwp-dictionary-case-sensitive-validation, ds-pwp-dictionary-check-substrings,

ds-pwp-dictionary-min-substring-length, ds-pwp-dictionary-test-reversed-passwordSchema File 03-pwpolicyextension.ldifOID 1.3.6.1.4.1.36733.2.1.2.117Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes ds-pwp-dictionary-data, objectClass

ds-pwp-length-based-validatorNames ds-pwp-length-based-validatorOrigin ForgeRock Directory ServerSuperior Classes ds-pwp-validatorOptional Attributes ds-pwp-length-based-max-password-length, ds-pwp-length-based-min-password-

lengthSchema File 03-pwpolicyextension.ldifOID 1.3.6.1.4.1.36733.2.1.2.112Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


ds-pwp-password-policyNames ds-pwp-password-policyOrigin ForgeRock Directory ServerSuperior Classes top

Object Classesds-pwp-random-generator


Optional Attributes cn, ds-pwp-account-status-notification-handler, ds-pwp-allow-expired-password-changes, ds-pwp-allow-multiple-password-values, ds-pwp-allow-pre-encoded-passwords, ds-pwp-allow-user-password-changes, ds-pwp-deprecated-password-storage-scheme, ds-pwp-expire-passwords-without-warning, ds-pwp-force-change-on-add, ds-pwp-force-change-on-reset, ds-pwp-grace-login-count, ds-pwp-idle-lockout-interval, ds-pwp-last-login-time-attribute, ds-pwp-last-login-time-format,ds-pwp-lockout-duration, ds-pwp-lockout-failure-count, ds-pwp-lockout-failure-expiration-interval, ds-pwp-max-password-age, ds-pwp-max-password-reset-age,ds-pwp-min-password-age, ds-pwp-password-change-requires-current-password,ds-pwp-password-expiration-warning-interval, ds-pwp-password-history-count, ds-pwp-password-history-duration, ds-pwp-previous-last-login-time-format, ds-pwp-require-change-by-time, ds-pwp-require-secure-authentication, ds-pwp-require-secure-password-changes, ds-pwp-skip-validation-for-administrators, ds-pwp-state-update-failure-policy


structural object class.Required Attributes ds-pwp-default-password-storage-scheme, ds-pwp-password-attribute, objectClass

ds-pwp-random-generatorNames ds-pwp-random-generatorOrigin ForgeRock Directory ServerSuperior Classes topSchema File 03-pwpolicyextension.ldifOID 1.3.6.1.4.1.36733.2.1.2.113Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes ds-pwp-random-password-character-set, ds-pwp-random-password-format,

objectClass

ds-pwp-repeated-characters-validatorNames ds-pwp-repeated-characters-validatorOrigin ForgeRock Directory ServerSuperior Classes ds-pwp-validatorOptional Attributes ds-pwp-repeated-characters-case-sensitive-validation, ds-pwp-repeated-characters-

max-consecutive-lengthSchema File 03-pwpolicyextension.ldif

Object Classesds-pwp-similarity-based-validator


OID 1.3.6.1.4.1.36733.2.1.2.116Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


ds-pwp-similarity-based-validatorNames ds-pwp-similarity-based-validatorOrigin ForgeRock Directory ServerSuperior Classes ds-pwp-validatorOptional Attributes ds-pwp-similarity-based-min-password-differenceSchema File 03-pwpolicyextension.ldifOID 1.3.6.1.4.1.36733.2.1.2.114Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


ds-pwp-unique-characters-validatorNames ds-pwp-unique-characters-validatorOrigin ForgeRock Directory ServerSuperior Classes ds-pwp-validatorOptional Attributes ds-pwp-unique-characters-case-sensitive-validation, ds-pwp-unique-characters-

min-unique-charactersSchema File 03-pwpolicyextension.ldifOID 1.3.6.1.4.1.36733.2.1.2.115Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


ds-pwp-validatorNames ds-pwp-validatorOrigin ForgeRock Directory ServerSuperior Classes top

Object Classesds-root-dse


Schema File 03-pwpolicyextension.ldifOID 1.3.6.1.4.1.36733.2.1.2.111Class Type ABSTRACT: for use when defining other object classes.Required Attributes objectClass

ds-root-dseObject class for the server root DSE entry.

Names ds-root-dseOrigin OpenDS Directory ServerSuperior Classes topSchema File 02-config.ldifOID 1.3.6.1.4.1.26027.1.2.53Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


ds-virtual-static-groupObject class for an entry allowing a dynamic group to appear as a static group to applications.

Names ds-virtual-static-groupOrigin OpenDS Directory ServerSuperior Classes topSchema File 02-config.ldifOID 1.3.6.1.4.1.26027.1.2.98Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes ds-target-group-dn, objectClass

dSARepresents a Directory Specific Agent, the part of a directory service that provides user agentsaccess to directory data.

Names dSA

Object ClassesDUAConfigProfile


Origin RFC 2256Superior Classes applicationEntityOptional Attributes description, knowledgeInformation, l, o, ou, seeAlso, supportedApplicationContextSchema File 00-core.ldifOID 2.5.6.13Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes cn, objectClass, presentationAddress

DUAConfigProfileNames DUAConfigProfileOrigin RFC 4876Superior Classes topDescription Abstraction of a base configuration for a DUAOptional Attributes attributeMap, authenticationMethod, bindTimeLimit, credentialLevel,

defaultSearchBase, defaultSearchScope, defaultServerList, dereferenceAliases,followReferrals, objectclassMap, preferredServerList, profileTTL,searchTimeLimit, serviceAuthenticationMethod, serviceCredentialLevel,serviceSearchDescriptor

Schema File 05-rfc4876.ldifOID 1.3.6.1.4.1.11.1.3.1.2.5Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


extensibleObjectAuxiliary object class that allows the entry to hold any user attribute.

Attributes required or precluded by other object classes are still required or precluded when thisobject class is present.

Names extensibleObjectOrigin RFC 4512Superior Classes topOptional Attributes All attributesSchema File 00-core.ldif




Object Classesforgerock-am-dashboard-service


OID 1.3.6.1.4.1.1466.101.120.111Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


forgerock-am-dashboard-serviceNames forgerock-am-dashboard-serviceOrigin ForgerockOptional Attributes assignedDashboardSchema File 60-identity-store-ds-dashboard.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.2.3.1Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


fr-idm-cluster-objNames fr-idm-cluster-objOrigin OpenIDM DSRepoServiceSuperior Classes topSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.8Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes fr-idm-cluster-json, objectClass

fr-idm-generic-objNames fr-idm-generic-objOrigin OpenIDM DSRepoServiceSuperior Classes topSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.

Object Classesfr-idm-hybrid-obj


OID 1.3.6.1.4.1.36733.2.3.2.3Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes fr-idm-json, objectClass

fr-idm-hybrid-objNames fr-idm-hybrid-objOrigin OpenIDM DSRepoServiceSuperior Classes topOptional Attributes fr-idm-custom-attrsSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.18Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


fr-idm-internal-roleNames fr-idm-internal-roleOrigin OpenIDM DSRepoServiceSuperior Classes topOptional Attributes description, fr-idm-condition, fr-idm-internal-role-authzmembers-internal-user, fr-

idm-internal-role-authzmembers-managed-user, fr-idm-name, fr-idm-privilege, fr-idm-temporal-constraints

Schema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.4Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


fr-idm-internal-userNames fr-idm-internal-user

Object Classesfr-idm-link


Origin OpenIDM DSRepoServiceSuperior Classes topOptional Attributes fr-idm-internal-user-authzroles-internal-role, fr-idm-internal-user-authzroles-

managed-role, fr-idm-passwordSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.2Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


fr-idm-linkNames fr-idm-linkOrigin OpenIDM DSRepoServiceSuperior Classes topSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.1Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes fr-idm-link-firstid, fr-idm-link-firstid-constraint, fr-idm-link-qualifier, fr-idm-link-

secondid, fr-idm-link-secondid-constraint, fr-idm-link-type, objectClass

fr-idm-lockNames fr-idm-lockOrigin OpenIDM DSRepoServiceSuperior Classes topOptional Attributes fr-idm-lock-nodeidSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.13Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


Object Classesfr-idm-managed-assignment


fr-idm-managed-assignment

Names fr-idm-managed-assignmentOrigin OpenIDM DSRepoServiceSuperior Classes topSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.20Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes fr-idm-managed-assignment-json, objectClass

fr-idm-managed-role

Names fr-idm-managed-roleOrigin OpenIDM DSRepoServiceSuperior Classes topOptional Attributes fr-idm-managed-role-assignmentsSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.9Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes fr-idm-managed-role-json, objectClass

fr-idm-managed-user-explicit

Names fr-idm-managed-user-explicitOrigin OpenIDM DSRepoServiceSuperior Classes topDescription Maps an explicit managed user where all data is mapped to individual LDAP

attributesOptional Attributes co, fr-idm-accountStatus, fr-idm-consentedMapping, fr-idm-effectiveAssignment,

fr-idm-effectiveRole, fr-idm-kbaInfo, fr-idm-lastSync, fr-idm-managed-user-authzroles-internal-role, fr-idm-managed-user-authzroles-managed-role, fr-

Object Classesfr-idm-managed-user-hybrid-obj


idm-managed-user-manager, fr-idm-managed-user-meta, fr-idm-managed-user-notifications, fr-idm-managed-user-roles, fr-idm-password, fr-idm-preferences, fr-idm-role, fr-idm-uuid

Schema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.17Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


fr-idm-managed-user-hybrid-obj

Names fr-idm-managed-user-hybrid-objOrigin OpenIDM DSRepoServiceSuperior Classes topOptional Attributes fr-idm-managed-user-custom-attrsSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.19Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


fr-idm-managed-user

Names fr-idm-managed-userOrigin OpenIDM DSRepoServiceSuperior Classes topDescription Maps a generic managed user where all data is stored in the json LDAP attribute

as a json blob, reference attributes are explicitly mappedOptional Attributes fr-idm-managed-user-authzroles-internal-role, fr-idm-managed-user-authzroles-

managed-role, fr-idm-managed-user-manager, fr-idm-managed-user-meta, fr-idm-managed-user-notifications, fr-idm-managed-user-roles

Schema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.6

Object Classesfr-idm-notification



Required Attributes fr-idm-managed-user-json, objectClass

fr-idm-notificationNames fr-idm-notificationOrigin OpenIDM DSRepoServiceSuperior Classes topSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.21Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes fr-idm-notification-json, objectClass

fr-idm-recon-clusteredTargetIdsNames fr-idm-recon-clusteredTargetIdsOrigin OpenIDM DSRepoServiceSuperior Classes topSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.5Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes fr-idm-recon-id, fr-idm-recon-targetIds, objectClass

fr-idm-reconassocNames fr-idm-reconassocOrigin OpenIDM DSRepoServiceSuperior Classes topOptional Attributes fr-idm-reconassoc-finishtimeSchema File 60-repo-schema.ldif

Object Classesfr-idm-reconassocentry


Interface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.15Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes fr-idm-reconassoc-isanalysis, fr-idm-reconassoc-mapping, fr-idm-reconassoc-

reconid, fr-idm-reconassoc-sourceresourcecollection, fr-idm-reconassoc-targetresourcecollection, objectClass

fr-idm-reconassocentryNames fr-idm-reconassocentryOrigin OpenIDM DSRepoServiceSuperior Classes topOptional Attributes fr-idm-reconassocentry-action, fr-idm-reconassocentry-ambiguoustargetobjectids,

fr-idm-reconassocentry-exception, fr-idm-reconassocentry-message, fr-idm-reconassocentry-messagedetail, fr-idm-reconassocentry-phase, fr-idm-reconassocentry-situation, fr-idm-reconassocentry-sourceobjectid, fr-idm-reconassocentry-targetobjectid

Schema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.16Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes fr-idm-reconassocentry-linkqualifier, fr-idm-reconassocentry-reconid, fr-idm-

reconassocentry-status, objectClass

fr-idm-relationshipNames fr-idm-relationshipOrigin OpenIDM DsSRepoServiceSuperior Classes topSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.10Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes fr-idm-relationship-json, objectClass

Object Classesfr-idm-syncqueue


fr-idm-syncqueue

Names fr-idm-syncqueueOrigin OpenIDM DSRepoServiceSuperior Classes topOptional Attributes fr-idm-syncqueue-newobject, fr-idm-syncqueue-nodeid, fr-idm-syncqueue-

objectrev, fr-idm-syncqueue-oldobject, fr-idm-syncqueue-remainingretriesSchema File 60-repo-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.3.2.14Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes fr-idm-syncqueue-context, fr-idm-syncqueue-createdate, fr-idm-syncqueue-

mapping, fr-idm-syncqueue-resourcecollection, fr-idm-syncqueue-resourceid, fr-idm-syncqueue-state, fr-idm-syncqueue-syncaction, objectClass

frCoreToken

Names frCoreTokenOrigin ForgeRock OpenAM CTSv2Superior Classes topDescription object containing ForgeRock Core TokenOptional Attributes coreTokenDate01, coreTokenDate02, coreTokenDate03, coreTokenDate04,

coreTokenDate05, coreTokenExpirationDate, coreTokenInteger01,coreTokenInteger02, coreTokenInteger03, coreTokenInteger04,coreTokenInteger05, coreTokenInteger06, coreTokenInteger07,coreTokenInteger08, coreTokenInteger09, coreTokenInteger10,coreTokenMultiString01, coreTokenMultiString02, coreTokenMultiString03,coreTokenObject, coreTokenString01, coreTokenString02, coreTokenString03,coreTokenString04, coreTokenString05, coreTokenString06, coreTokenString07,coreTokenString08, coreTokenString09, coreTokenString10, coreTokenString11,coreTokenString12, coreTokenString13, coreTokenString14, coreTokenString15,coreTokenTtlDate, coreTokenUserId

Schema File 60-cts-schema.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.2.27Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes coreTokenId, coreTokenType, objectClass

Object ClassesfriendlyCountry


friendlyCountryEntries of this object class represent countries. This object class allows friendlier naming thanallowed by the country object class.

Names friendlyCountryOrigin RFC 4524Superior Classes countryOptional Attributes description, searchGuideSchema File 00-core.ldifOID 0.9.2342.19200300.100.4.18Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes c, co, objectClass

glueDSEE object class for an entry restored due to a replication conflict.

Names glueOrigin Sun Directory ServerSuperior Classes topSchema File 06-compat.ldifOID 2.16.840.1.113730.3.2.30Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


groupOfEntriesThis object class is like the standard groupOfNames object class, except that the member attribute isoptional, making it possible to have an empty group.

Note The default schema defines groupOfNames as if it were groupOfEntries, making it possible to have anempty group. This is a deviation from the standard definition.

Names groupOfEntriesOrigin draft-findlay-ldap-groupofentries


https://tools.ietf.org/html/draft-findlay-ldap-groupofentries

Object ClassesgroupOfNames


Superior Classes topOptional Attributes businessCategory, description, member, o, ou, owner, seeAlsoSchema File 00-core.ldifOID 1.2.826.0.1.3458854.2.1.1Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


groupOfNamesNote The default schema defines groupOfNames as if it were groupOfEntries, making it possible tohave an empty group. This is a deviation from the standard definition, as proposed in the LDAPgroupOfEntries Internet-Draft.

Names groupOfNamesOrigin RFC 4519Superior Classes topOptional Attributes businessCategory, description, member, o, ou, owner, seeAlsoSchema File 00-core.ldifOID 2.5.6.9Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


groupOfUniqueNamesRepresents a set of named objects, like groupOfNames, including information relating to the purpose ormaintenance of the set. Object names are not repeated or reassigned within the set.

Names groupOfUniqueNamesOrigin RFC 4519Superior Classes topOptional Attributes businessCategory, description, o, ou, owner, seeAlso, uniqueMemberSchema File 00-core.ldifOID 2.5.6.17Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one




Object ClassesgroupOfURLs



groupOfURLsObject class for a dynamic group.

Names groupOfURLsOrigin Sun Java System Directory ServerSuperior Classes topDescription Sun-defined objectclassOptional Attributes businessCategory, description, memberURL, o, ou, owner, seeAlsoSchema File 00-core.ldifOID 2.16.840.1.113730.3.2.33Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


ieee802DeviceNames ieee802DeviceOrigin draft-howard-rfc2307bisSuperior Classes topDescription A device with a MAC address; device SHOULD be used as a structural classOptional Attributes macAddressSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.11Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


inetOrgPersonA person object class for Internet and Intranet directory service deployments.

RFC 2798 specifies this object class in detail.

Example:



Object Classesinetuser


dn: uid=bjensen,ou=People,dc=example,dc=comobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersonuid: bjensenou: Product Developmentou: Peoplecn: Barbara Jensencn: Babs Jensengivenname: Barbarasn: Jensenmail: [email protected]: +1 408 555 1992telephonenumber: +1 408 555 1862preferredLanguage: en, ko;q=0.8l: San Franciscomanager: uid=trigden, ou=People, dc=example,dc=comroomnumber: 0209userpassword: {PBKDF2-HMAC-SHA256}10000:<hash>description: Babs Jensen's entry

Names inetOrgPersonOrigin RFC 2798Superior Classes organizationalPersonOptional Attributes audio, businessCategory, carLicense, departmentNumber, description,

destinationIndicator, displayName, employeeNumber, employeeType,facsimileTelephoneNumber, givenName, homePhone, homePostalAddress,initials, internationaliSDNNumber, jpegPhoto, l, labeledURI, mail, manager,mobile, o, ou, pager, photo, physicalDeliveryOfficeName, postOfficeBox,postalAddress, postalCode, preferredDeliveryMethod, preferredLanguage,registeredAddress, roomNumber, secretary, seeAlso, st, street, telephoneNumber,teletexTerminalIdentifier, telexNumber, title, uid, userCertificate, userPKCS12,userPassword, userSMIMECertificate, x121Address, x500UniqueIdentifier

Schema File 00-core.ldifOID 2.16.840.1.113730.3.2.2Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes cn, objectClass, sn

inetuserThis object class stores AM profile information.

Names inetuserOrigin Nortel subscriber interoperability


Object ClassesinheritableLDAPSubEntry


Superior Classes topDescription Auxiliary class which has to be present in an entry for delivery of subscriber

servicesOptional Attributes inetUserHttpURL, inetUserStatus, memberof, uid, userPasswordSchema File 60-identity-store-ds-schema.ldifOID 2.16.840.1.113730.3.2.130Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


inheritableLDAPSubEntryNames inheritableLDAPSubEntryOrigin draft-ietf-ldup-subentrySuperior Classes ldapSubEntryDescription Inheritable LDAP Subentry class, version 1Optional Attributes blockInheritance, cnSchema File 00-core.ldifOID 1.3.6.1.4.1.7628.5.6.1.1Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes inheritable, objectClass

inheritedCollectiveAttributeSubentryObject class for specifying how collective attributes are inherited.

Names inheritedCollectiveAttributeSubentryOrigin OpenDS Directory ServerSuperior Classes subentryDescription Inherited Collective Attributes Subentry classOptional Attributes collectiveConflictBehaviorSchema File 00-core.ldifOID 1.3.6.1.4.1.26027.1.2.238Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one



Object ClassesinheritedFromDNCollectiveAttributeSubentry


Required Attributes cn, inheritAttribute, objectClass, subtreeSpecification

inheritedFromDNCollectiveAttributeSubentryObject class for specifying an entry from which a collective attribute is inherited.

Names inheritedFromDNCollectiveAttributeSubentryOrigin OpenDS Directory ServerSuperior Classes inheritedCollectiveAttributeSubentryDescription Inherited from DN Collective Attributes Subentry classOptional Attributes collectiveConflictBehavior, inheritFromDNParentSchema File 00-core.ldifOID 1.3.6.1.4.1.26027.1.2.239Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes cn, inheritAttribute, inheritFromDNAttribute, objectClass, subtreeSpecification

inheritedFromRDNCollectiveAttributeSubentryObject class for specifying a relative entry from which a collective attribute is inherited.

Names inheritedFromRDNCollectiveAttributeSubentryOrigin OpenDS Directory ServerSuperior Classes inheritedCollectiveAttributeSubentryDescription Inherited from RDN Collective Attributes Subentry classOptional Attributes collectiveConflictBehaviorSchema File 00-core.ldifOID 1.3.6.1.4.1.26027.1.2.240Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes cn, inheritAttribute, inheritFromBaseRDN, inheritFromRDNAttribute,

inheritFromRDNType, objectClass, subtreeSpecification

ipHostNames ipHost

Object Classesiplanet-am-auth-configuration-service


Origin draft-howard-rfc2307bisSuperior Classes topDescription Abstraction of a host, an IP device. The distinguished value of the cn attribute

denotes the canonical name of the host. Device SHOULD be used as a structuralclass

Optional Attributes authPassword, description, l, manager, userPasswordSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.6Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes cn, ipHostNumber, objectClass

iplanet-am-auth-configuration-serviceThis object class stores AM profile information.

Names iplanet-am-auth-configuration-serviceOrigin OpenSSOSuperior Classes topDescription Authentication Configuration Service OCOptional Attributes iplanet-am-auth-configuration, iplanet-am-auth-login-failure-url, iplanet-am-auth-

login-success-url, iplanet-am-auth-post-login-process-class, oath2faEnabled,push2faEnabled

Schema File 60-identity-store-ds-schema.ldifOID 1.3.6.1.4.1.42.2.27.9.2.23Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


iplanet-am-managed-personThis object class stores AM profile information.

Names iplanet-am-managed-personOrigin OpenSSOSuperior Classes topDescription Managed Person OC


Object Classesiplanet-am-session-service


Optional Attributes iplanet-am-user-account-lifeSchema File 60-identity-store-ds-schema.ldifOID 2.16.840.1.113730.3.2.184Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


iplanet-am-session-serviceThis object class stores AM profile information.

Names iplanet-am-session-serviceOrigin OpenSSOSuperior Classes topDescription Session Service OCOptional Attributes iplanet-am-session-destroy-sessions, iplanet-am-session-get-valid-sessions, iplanet-

am-session-max-caching-time, iplanet-am-session-max-idle-time, iplanet-am-session-max-session-time, iplanet-am-session-quota-limit, iplanet-am-session-service-status

Schema File 60-identity-store-ds-schema.ldifOID 2.16.840.1.113730.3.2.175Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


iplanet-am-user-serviceThis object class stores AM profile information.

Names iplanet-am-user-serviceOrigin OpenSSOSuperior Classes topDescription User Service OCOptional Attributes iplanet-am-user-admin-start-dn, iplanet-am-user-alias-list, iplanet-am-user-auth-

config, iplanet-am-user-auth-modules, iplanet-am-user-failure-url, iplanet-am-user-login-status, iplanet-am-user-password-reset-force-reset, iplanet-am-user-password-reset-options, iplanet-am-user-password-reset-question-answer, iplanet-am-user-success-url, sunIdentityMSISDNNumber

Object ClassesiPlanetPreferences


Schema File 60-identity-store-ds-schema.ldifOID 2.16.840.1.113730.3.2.176Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


iPlanetPreferencesThis object class stores AM profile information.

Names iPlanetPreferencesOrigin iPlanetOptional Attributes preferredLanguage, preferredLocale, preferredTimeZoneSchema File 60-identity-store-ds-schema.ldifOID 1.3.6.1.4.1.1466.101.120.142Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


ipNetworkNames ipNetworkOrigin draft-howard-rfc2307bisSuperior Classes topDescription Abstraction of a network. The distinguished value of the cn attribute denotes the

canonical name of the networkOptional Attributes cn, description, ipNetmaskNumber, l, managerSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.7Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes ipNetworkNumber, objectClass

ipProtocolNames ipProtocolOrigin draft-howard-rfc2307bis



Object ClassesipService


Superior Classes topDescription Abstraction of an IP protocol. Maps a protocol number to one or more names. The

distinguished value of the cn attribute denotes the canonical name of the protocolOptional Attributes descriptionSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.4Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes cn, ipProtocolNumber, objectClass

ipServiceNames ipServiceOrigin draft-howard-rfc2307bisSuperior Classes topDescription Abstraction an Internet Protocol service. Maps an IP port and protocol (such as

tcp or udp) to one or more names; the distinguished value of the cn attributedenotes the canonical name of the service

Optional Attributes descriptionSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.3Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes cn, ipServicePort, ipServiceProtocol, objectClass

ipTnetHostNames ipTnetHostOrigin Solaris SpecificSuperior Classes topDescription Associates an IP address or wildcard with a TSOL template_nameSchema File 05-solaris.ldifOID 1.3.6.1.4.1.42.2.27.5.2.9Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes ipTnetNumber, objectClass


Object ClassesipTnetTemplate


ipTnetTemplate

Names ipTnetTemplateOrigin Solaris SpecificSuperior Classes topDescription Object class for TSOL network templatesOptional Attributes SolarisAttrKeyValueSchema File 05-solaris.ldifOID 1.3.6.1.4.1.42.2.27.5.2.8Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes ipTnetTemplateName, objectClass

javaContainerEntry that contains a Java object. The entry's form is specified by an auxiliary object class.

Names javaContainerOrigin RFC 2713Superior Classes topDescription Container for a Java objectSchema File 03-rfc2713.ldifOID 1.3.6.1.4.1.42.2.27.4.2.1Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


javaMarshalledObjectEntry that represents a marshalled Java object.

Names javaMarshalledObjectOrigin RFC 2713Superior Classes javaObjectDescription Java marshalled object



Object ClassesjavaNamingReference


Optional Attributes description, javaClassNames, javaCodebase, javaDocSchema File 03-rfc2713.ldifOID 1.3.6.1.4.1.42.2.27.4.2.8Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes javaClassName, javaSerializedData, objectClass

javaNamingReferenceEntry that represents a JNDI reference to a Java object.

Names javaNamingReferenceOrigin RFC 2713Superior Classes javaObjectDescription JNDI referenceOptional Attributes description, javaClassNames, javaCodebase, javaDoc, javaFactory,

javaReferenceAddressSchema File 03-rfc2713.ldifOID 1.3.6.1.4.1.42.2.27.4.2.7Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes javaClassName, objectClass

javaObjectAbstract parent for entries that represent Java objects.

Names javaObjectOrigin RFC 2713Superior Classes topDescription Java object representationOptional Attributes description, javaClassNames, javaCodebase, javaDocSchema File 03-rfc2713.ldifOID 1.3.6.1.4.1.42.2.27.4.2.4Class Type ABSTRACT: for use when defining other object classes.Required Attributes javaClassName, objectClass



Object ClassesjavaSerializedObject


javaSerializedObjectEntry that represents a serialized Java object.

Names javaSerializedObjectOrigin RFC 2713Superior Classes javaObjectDescription Java serialized objectOptional Attributes description, javaClassNames, javaCodebase, javaDocSchema File 03-rfc2713.ldifOID 1.3.6.1.4.1.42.2.27.4.2.5Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes javaClassName, javaSerializedData, objectClass

kbaInfoContainerNames kbaInfoContainerOrigin OpenAMSuperior Classes topDescription Class containing KBA informationOptional Attributes kbaActiveIndex, kbaInfo, kbaInfoAttemptsSchema File 60-identity-store-ds-kba.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.2.5Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


labeledURIObjectClass allowing a labeledURI attribute, which holds a URI with an optional label, as described in RFC2079.

Names labeledURIObjectOrigin RFC 2079Superior Classes top





Object ClassesldapSubEntry


Description object that contains the URI attribute typeOptional Attributes labeledURISchema File 00-core.ldifOID 1.3.6.1.4.1.250.3.15Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


ldapSubEntryLDAP subentries are analogous to operational attributes in that they are used by the server foradministrative purposes. Examples include password policies, entries for allocating collectiveattributes, and the entry exposing directory schema.

Unlike entries in the server-specific configuration backend, Subentries are present in and replicatedwith user data. Modifying subentries nevertheless requires the subentry-write administrative privilege.

For details, see the Internet-Draft, LDAP Subentry Schema .

Names ldapSubEntryOrigin draft-ietf-ldup-subentrySuperior Classes topDescription LDAP Subentry class, version 1Optional Attributes cnSchema File 00-core.ldifOID 2.16.840.1.113719.2.142.6.1.1Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


localityThe entry with this object class represents a place in the physical world.

Names localityOrigin RFC 4519Superior Classes topOptional Attributes description, l, searchGuide, seeAlso, st, street




Object ClassesmailGroup




mailGroupNames mailGroupOrigin Solaris SpecificSuperior Classes topOptional Attributes cn, mgrpRFC822MailMemberSchema File 05-solaris.ldifOID 2.16.840.1.113730.3.2.4Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes mail, objectClass

namedObjectThe namedObject structural object class is a placeholder. It is intended for use in entries that haveauxiliary object classes, and for which there is no appropriate structural object class.

The Internet-Draft shows the example of a POSIX group entry:

dn: cn=wheel,ou=Groups,dc=padl,dc=comobjectClass: topobjectClass: namedObjectobjectClass: posixGroupcn: wheelgidNumber: 0memberUid: root

Names namedObjectOrigin draft-howard-namedobjectSuperior Classes topOptional Attributes cnSchema File 00-core.ldifOID 1.3.6.1.4.1.5322.13.1.1

https://tools.ietf.org/html/draft-howard-namedobject

Object ClassesnisDomainObject




nisDomainObjectNames nisDomainObjectOrigin draft-howard-rfc2307bisSuperior Classes topDescription Associates a NIS domain with a naming contextSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.15Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes nisDomain, objectClass

nisKeyObjectNames nisKeyObjectOrigin draft-howard-rfc2307bisSuperior Classes topDescription An object with a public and secret keyOptional Attributes description, uidNumberSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.14Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes cn, nisPublicKey, nisSecretKey, objectClass

nisMailAliasNames nisMailAliasOrigin Solaris SpecificSuperior Classes topOptional Attributes rfc822mailMember



Object ClassesnisMap


Schema File 05-solaris.ldifOID 1.3.6.1.4.1.42.2.27.1.2.5Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


nisMapNames nisMapOrigin draft-howard-rfc2307bisSuperior Classes topDescription A generic abstraction of a NIS mapOptional Attributes descriptionSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.9Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes nisMapName, objectClass

nisNetgroupNames nisNetgroupOrigin draft-howard-rfc2307bisSuperior Classes topDescription Abstraction of a netgroup. May refer to other netgroupsOptional Attributes description, memberNisNetgroup, nisNetgroupTripleSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.8Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


nisNetIdNames nisNetId



Object ClassesnisObject


Origin Solaris SpecificSuperior Classes topOptional Attributes nisNetIdGroup, nisNetIdHost, nisNetIdUserSchema File 05-solaris.ldifOID 1.3.6.1.4.1.42.2.27.1.2.6Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


nisObject

Names nisObjectOrigin draft-howard-rfc2307bisSuperior Classes topDescription An entry in a NIS mapOptional Attributes descriptionSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.10Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes cn, nisMapEntry, nisMapName, objectClass

nisplusTimeZoneData

Names nisplusTimeZoneDataOrigin Solaris SpecificSuperior Classes topDescription NIS+ timezone table dataOptional Attributes description, nisplusTimeZoneSchema File 05-solaris.ldifOID 1.3.6.1.4.1.42.2.27.5.2.12Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one



Object ClassesoathDeviceProfilesContainer


oathDeviceProfilesContainerNames oathDeviceProfilesContainerOrigin OpenAMSuperior Classes topDescription Class containing OATH device profilesOptional Attributes oathDeviceProfilesSchema File 60-identity-store-ds-oathdevices.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.2.10Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


oncRpcNames oncRpcOrigin draft-howard-rfc2307bisSuperior Classes topDescription Abstraction of an Open Network Computing (ONC) [RFC1057] Remote Procedure

Call (RPC) binding. This class maps an ONC RPC number to a name. Thedistinguished value of the cn attribute denotes the canonical name of the RPCservice

Optional Attributes descriptionSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.5Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes cn, objectClass, oncRpcNumber

organizationThe entry with this object class represents a structured group of people.

Names organizationOrigin RFC 4519



Object ClassesorganizationalPerson


Superior Classes topOptional Attributes businessCategory, description, destinationIndicator, facsimileTelephoneNumber,



structural object class superclass chain.Required Attributes o, objectClass

organizationalPersonThe entry with this object class represents a person in relation to an organization.

Names organizationalPersonOrigin RFC 4519Superior Classes personOptional Attributes description, destinationIndicator, facsimileTelephoneNumber,

internationaliSDNNumber, l, ou, physicalDeliveryOfficeName, postOfficeBox,postalAddress, postalCode, preferredDeliveryMethod, registeredAddress, seeAlso,st, street, telephoneNumber, teletexTerminalIdentifier, telexNumber, title,userPassword, x121Address



organizationalRoleThe entry with this object class represents a job, function, or position in an organization.

Names organizationalRoleOrigin RFC 4519Superior Classes topOptional Attributes description, destinationIndicator, facsimileTelephoneNumber,

internationaliSDNNumber, l, ou, physicalDeliveryOfficeName, postOfficeBox,postalAddress, postalCode, preferredDeliveryMethod, registeredAddress,



Object ClassesorganizationalUnit


roleOccupant, seeAlso, st, street, telephoneNumber, teletexTerminalIdentifier,telexNumber, x121Address



organizationalUnitThe entry with this object class represents a piece of an organization.

Names organizationalUnitOrigin RFC 4519Superior Classes topOptional Attributes businessCategory, description, destinationIndicator, facsimileTelephoneNumber,



structural object class superclass chain.Required Attributes objectClass, ou

personThe entry with this object class represents a human being.

Names personOrigin RFC 4519Superior Classes topOptional Attributes description, seeAlso, telephoneNumber, userPasswordSchema File 00-core.ldifOID 2.5.6.6Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one




Object ClassespilotDSA


Required Attributes cn, objectClass, sn

pilotDSAObject class assigning common attributes for COSINE and Internet X.500 pilot Directory SystemAgent (DSA) entries.

Names pilotDSAOrigin RFC 1274Superior Classes dSAOptional Attributes description, knowledgeInformation, l, o, ou, seeAlso, supportedApplicationContextSchema File 00-core.ldifOID 0.9.2342.19200300.100.4.21Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes cn, dSAQuality, objectClass, presentationAddress

pilotObjectObject class assigning common attributes for COSINE and Internet X.500 pilot entries.

Names pilotObjectOrigin RFC 1274Superior Classes topOptional Attributes audio, dITRedirect, info, jpegPhoto, lastModifiedBy, lastModifiedTime, manager,

photo, uniqueIdentifierSchema File 00-core.ldifOID 0.9.2342.19200300.100.4.3Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


pilotOrganizationOrganization object class for COSINE and Internet X.500 pilot entries.

Names pilotOrganization



Object ClassespilotPerson


Origin RFC 1274Superior Classes organization, organizationalUnitOptional Attributes buildingName, businessCategory, description, destinationIndicator,

facsimileTelephoneNumber, internationaliSDNNumber, l,physicalDeliveryOfficeName, postOfficeBox, postalAddress, postalCode,preferredDeliveryMethod, registeredAddress, searchGuide, seeAlso, st, street,telephoneNumber, teletexTerminalIdentifier, telexNumber, userPassword,x121Address


structural object class superclass chain.Required Attributes o, objectClass, ou

pilotPersonPerson object class for COSINE and Internet X.500 pilot entries.

Names pilotPersonOrigin RFC 1274Superior Classes personOptional Attributes businessCategory, description, drink, homePhone, homePostalAddress,

janetMailbox, mail, mailPreferenceOption, mobile, organizationalStatus,otherMailbox, pager, personalSignature, personalTitle, preferredDeliveryMethod,roomNumber, secretary, seeAlso, telephoneNumber, textEncodedORAddress, uid,userClass, userPassword



pkiCAObject class for augmenting entries that act as certificate authorities, as described in X.509 clause11.1.2.

Names pkiCAOrigin RFC 4523




Object ClassespkiUser


Superior Classes topDescription X.509 PKI Certificate AuthorityOptional Attributes authorityRevocationList, cACertificate, certificateRevocationList,

crossCertificatePairSchema File 00-core.ldifOID 2.5.6.22Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


pkiUserObject class for augmenting entries that may be subject to certificates, as described in X.509 clause11.1.1.

Names pkiUserOrigin RFC 4523Superior Classes topDescription X.509 PKI UserOptional Attributes userCertificateSchema File 00-core.ldifOID 2.5.6.21Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


posixAccount

Names posixAccountOrigin draft-howard-rfc2307bisSuperior Classes topDescription Abstraction of an account with POSIX attributesOptional Attributes authPassword, description, gecos, loginShell, userPasswordSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.0



Object ClassesposixGroup



Required Attributes cn, gidNumber, homeDirectory, objectClass, uid, uidNumber

posixGroupNames posixGroupOrigin draft-howard-rfc2307bisSuperior Classes topDescription Abstraction of a group of accountsOptional Attributes authPassword, description, memberUid, userPasswordSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.2Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes gidNumber, objectClass

printerAbstractNames printerAbstractOrigin RFC 3712Superior Classes topDescription Printer related information.Optional Attributes printer-charset-configured, printer-charset-supported, printer-color-supported,

printer-compression-supported, printer-copies-supported, printer-current-operator, printer-delivery-orientation-supported, printer-document-format-supported, printer-finishings-supported, printer-generated-natural-language-supported, printer-info, printer-job-k-octets-supported, printer-job-priority-supported, printer-location, printer-make-and-model, printer-media-local-supported, printer-media-supported, printer-more-info, printer-multiple-document-jobs-supported, printer-name, printer-natural-language-configured, printer-number-up-supported, printer-output-features-supported, printer-pages-per-minute, printer-pages-per-minute-color, printer-print-quality-supported, printer-resolution-supported, printer-service-person, printer-sides-supported, printer-stacking-order-supported

Schema File 03-rfc3712.ldifOID 1.3.18.0.2.6.258Class Type ABSTRACT: for use when defining other object classes.Required Attributes objectClass



Object ClassesprinterIPP


printerIPPNames printerIPPOrigin RFC 3712Superior Classes topDescription Internet Printing Protocol (IPP) information.Optional Attributes printer-ipp-versions-supported, printer-multiple-document-jobs-supportedSchema File 03-rfc3712.ldifOID 1.3.18.0.2.6.256Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


printerLPRNames printerLPROrigin RFC 3712Superior Classes topDescription LPR information.Optional Attributes printer-aliasesSchema File 03-rfc3712.ldifOID 1.3.18.0.2.6.253Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes objectClass, printer-name

printerServiceNames printerServiceOrigin RFC 3712Superior Classes printerAbstractDescription Printer information.Optional Attributes printer-charset-configured, printer-charset-supported, printer-color-supported,

printer-compression-supported, printer-copies-supported, printer-current-operator, printer-delivery-orientation-supported, printer-document-format-supported, printer-finishings-supported, printer-generated-natural-language-




Object ClassesprinterServiceAuxClass


supported, printer-info, printer-job-k-octets-supported, printer-job-priority-supported, printer-location, printer-make-and-model, printer-media-local-supported, printer-media-supported, printer-more-info, printer-multiple-document-jobs-supported, printer-name, printer-natural-language-configured, printer-number-up-supported, printer-output-features-supported, printer-pages-per-minute, printer-pages-per-minute-color, printer-print-quality-supported, printer-resolution-supported, printer-service-person, printer-sides-supported, printer-stacking-order-supported, printer-uri, printer-xri-supported

Schema File 03-rfc3712.ldifOID 1.3.18.0.2.6.255Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


printerServiceAuxClassNames printerServiceAuxClassOrigin RFC 3712Superior Classes printerAbstractDescription Printer information.Optional Attributes printer-charset-configured, printer-charset-supported, printer-color-supported,

printer-compression-supported, printer-copies-supported, printer-current-operator, printer-delivery-orientation-supported, printer-document-format-supported, printer-finishings-supported, printer-generated-natural-language-supported, printer-info, printer-job-k-octets-supported, printer-job-priority-supported, printer-location, printer-make-and-model, printer-media-local-supported, printer-media-supported, printer-more-info, printer-multiple-document-jobs-supported, printer-name, printer-natural-language-configured, printer-number-up-supported, printer-output-features-supported, printer-pages-per-minute, printer-pages-per-minute-color, printer-print-quality-supported, printer-resolution-supported, printer-service-person, printer-sides-supported, printer-stacking-order-supported, printer-uri, printer-xri-supported

Schema File 03-rfc3712.ldifOID 1.3.18.0.2.6.257Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


pushDeviceProfilesContainerNames pushDeviceProfilesContainer


Object ClassespwdPolicy


Origin OpenAMSuperior Classes topDescription Class containing Push device profilesOptional Attributes pushDeviceProfilesSchema File 60-identity-store-ds-pushdevices.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.2.11Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


pwdPolicyPassword policy that is part of the directory data and can be replicated.

Names pwdPolicyOrigin draft-behera-ldap-password-policySuperior Classes topOptional Attributes pwdAllowUserChange, pwdCheckQuality, pwdExpireWarning,

pwdFailureCountInterval, pwdGraceAuthNLimit, pwdInHistory, pwdLockout,pwdLockoutDuration, pwdMaxAge, pwdMaxFailure, pwdMinAge, pwdMinLength,pwdMustChange, pwdSafeModify

Schema File 01-pwpolicy.ldifOID 1.3.6.1.4.1.42.2.27.8.2.1Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes objectClass, pwdAttribute

pwdValidatorPolicyObject class for an entry that specifies a password validation policy.

Names pwdValidatorPolicyOrigin OpenDJ Directory ServerSuperior Classes topDescription This auxiliary objectClass represents a password validator by referencing one

from the configuration. It has been replaced with ds-pwp-validator and will beobsoleted in future versions


Object ClassesqualityLabelledData



structural object class.Required Attributes objectClass, ds-cfg-password-validatorDeprecated Since 7.0.0

qualityLabelledDataObject class assigning common data quality attributes to subtrees in the DIT.

Names qualityLabelledDataOrigin RFC 1274Superior Classes topOptional Attributes subtreeMaximumQuality, subtreeMinimumQualitySchema File 00-core.ldifOID 0.9.2342.19200300.100.4.22Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes dSAQuality, objectClass

referralRepresents a subordinate reference in the directory, in other words an entry that refers to anotherentry.

Use this object class with extensibleObject to allow the entry to support the naming attributes used inits DN.

Names referralOrigin RFC 3296Superior Classes topDescription named subordinate reference objectSchema File 00-core.ldifOID 2.16.840.1.113730.3.2.6Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one




Object ClassesresidentialPerson


Required Attributes ref

residentialPersonThe entry with this object class represents a person's residence in representation of the person.

Names residentialPersonOrigin RFC 4519Superior Classes personOptional Attributes businessCategory, description, destinationIndicator, facsimileTelephoneNumber,

internationaliSDNNumber, physicalDeliveryOfficeName, postOfficeBox,postalAddress, postalCode, preferredDeliveryMethod, registeredAddress,seeAlso, st, street, telephoneNumber, teletexTerminalIdentifier, telexNumber,userPassword, x121Address


structural object class superclass chain.Required Attributes cn, l, objectClass, sn

rFC822LocalPartEntries of this object class represent the local part of Internet mail addresses as described in RFC2822.

The local part of the address is handled like a domain entry.

Names rFC822LocalPartOrigin RFC 4524Superior Classes domainOptional Attributes associatedName, businessCategory, cn, description, destinationIndicator,

facsimileTelephoneNumber, internationaliSDNNumber, l, o,physicalDeliveryOfficeName, postOfficeBox, postalAddress, postalCode,preferredDeliveryMethod, registeredAddress, searchGuide, seeAlso, sn, st,street, telephoneNumber, teletexTerminalIdentifier, telexNumber, userPassword,x121Address







Object Classesroom


Required Attributes dc, objectClass

roomEntries of this object class represent rooms with cn as the naming attribute.

Names roomOrigin RFC 4524Superior Classes topOptional Attributes description, roomNumber, seeAlso, telephoneNumberSchema File 00-core.ldifOID 0.9.2342.19200300.100.4.7Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


sambaConfigNames sambaConfigSuperior Classes topDescription Samba Configuration SectionOptional Attributes descriptionSchema File 05-samba.ldifOID 1.3.6.1.4.1.7165.1.2.2.10Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


sambaConfigOptionNames sambaConfigOptionSuperior Classes topDescription Samba Configuration OptionOptional Attributes description, sambaBoolOption, sambaIntegerOption, sambaStringListOption,

sambaStringOptionSchema File 05-samba.ldif


Object ClassessambaDomain


OID 1.3.6.1.4.1.7165.2.2.12Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes objectClass, sambaOptionName

sambaDomainNames sambaDomainSuperior Classes topDescription Samba Domain InformationOptional Attributes sambaAlgorithmicRidBase, sambaForceLogoff, sambaLockoutDuration,

sambaLockoutObservationWindow, sambaLockoutThreshold,sambaLogonToChgPwd, sambaMaxPwdAge, sambaMinPwdAge,sambaMinPwdLength, sambaNextGroupRid, sambaNextRid, sambaNextUserRid,sambaPwdHistoryLength, sambaRefuseMachinePwdChange

Schema File 05-samba.ldifOID 1.3.6.1.4.1.7165.2.2.5Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes objectClass, sambaDomainName, sambaSID

sambaGroupMappingNames sambaGroupMappingSuperior Classes topDescription Samba Group MappingOptional Attributes description, displayName, sambaSIDListSchema File 05-samba.ldifOID 1.3.6.1.4.1.7165.2.2.4Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes gidNumber, objectClass, sambaGroupType, sambaSID

sambaIdmapEntryNames sambaIdmapEntry

Object ClassessambaPrivilege


Superior Classes topDescription Mapping from a SID to an IDOptional Attributes gidNumber, uidNumberSchema File 05-samba.ldifOID 1.3.6.1.4.1.7165.1.2.2.8Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes objectClass, sambaSID

sambaPrivilegeNames sambaPrivilegeSuperior Classes topDescription Samba PrivilegeOptional Attributes sambaPrivilegeListSchema File 05-samba.ldifOID 1.3.6.1.4.1.7165.2.2.13Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes objectClass, sambaSID

sambaSamAccountNames sambaSamAccountSuperior Classes topDescription Samba 3.0 Auxilary SAM AccountOptional Attributes cn, description, displayName, sambaAcctFlags, sambaBadPasswordCount,

sambaBadPasswordTime, sambaDomainName, sambaHomeDrive,sambaHomePath, sambaKickoffTime, sambaLMPassword, sambaLogoffTime,sambaLogonHours, sambaLogonScript, sambaLogonTime, sambaMungedDial,sambaNTPassword, sambaPasswordHistory, sambaPrimaryGroupSID,sambaProfilePath, sambaPwdCanChange, sambaPwdLastSet,sambaPwdMustChange, sambaUserWorkstations

Schema File 05-samba.ldifOID 1.3.6.1.4.1.7165.2.2.6Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


Object ClassessambaShare


Required Attributes objectClass, sambaSID, uid

sambaShareNames sambaShareSuperior Classes topDescription Samba Share SectionOptional Attributes descriptionSchema File 05-samba.ldifOID 1.3.6.1.4.1.7165.2.2.11Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes objectClass, sambaShareName

sambaSidEntryNames sambaSidEntrySuperior Classes topDescription Structural Class for a SIDSchema File 05-samba.ldifOID 1.3.6.1.4.1.7165.1.2.2.9Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes objectClass, sambaSID

sambaTrustPasswordNames sambaTrustPasswordSuperior Classes topDescription Samba Trust PasswordOptional Attributes sambaPwdLastSet, sambaSIDSchema File 05-samba.ldifOID 1.3.6.1.4.1.7165.2.2.14Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


Object ClassessambaUnixIdPool


Required Attributes objectClass, sambaDomainName, sambaNTPassword, sambaTrustFlags

sambaUnixIdPoolNames sambaUnixIdPoolSuperior Classes topDescription Pool for allocating UNIX uids/gidsSchema File 05-samba.ldifOID 1.3.6.1.4.1.7165.1.2.2.7Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes gidNumber, objectClass, uidNumber

shadowAccountNames shadowAccountOrigin draft-howard-rfc2307bisSuperior Classes topDescription Additional attributes for shadow passwordsOptional Attributes authPassword, description, shadowExpire, shadowFlag, shadowInactive,

shadowLastChange, shadowMax, shadowMin, shadowWarning, userPasswordSchema File 04-rfc2307bis.ldifOID 1.3.6.1.1.1.2.1Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes objectClass, uid

simpleSecurityObjectEntries of this object class require that the entry have a userPassword attribute when the userPasswordattribute is not required or allowed by the structural object class chain.

Names simpleSecurityObjectOrigin RFC 4524Superior Classes topSchema File 00-core.ldif



Object ClassesslpService


OID 0.9.2342.19200300.100.4.19Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes objectClass, userPassword

slpServiceParent class for Service Location Protocol (SLP) objects. Specific service types inherit from this classand define their own attributes. They are structural object classes.

SLP service type templates have the following properties:

template-type

Defines the service type of the template. The service type can reflect:

• A simple service, for example service:ftp

• An abstract service type, for example service:printer

• An concrete service type, for example service:printer:lpr

• A service with a naming authority, for example service:printer.sun:local

This definition is used as the name of the LDAP object class for the template. To translate theservice type name, : and . are replaced with -. For example, service:printer.sun:local becomes theobject class name service-printer-sun-local.

template-version

String containing a major and minor version number, separated by .

template-description

Block of human-readable text describing what the service does.

template-url-syntax

ABNF grammar describing the service type specific part of the service URL.

Names slpServiceOrigin RFC 2926Superior Classes topDescription parent superclass for SLP servicesOptional Attributes service-advert-attribute-authenticator, service-advert-url-authenticatorSchema File 03-rfc2926.ldif


Object ClassesslpServicePrinter


OID 1.3.6.1.4.1.6252.2.27.6.2.1Class Type ABSTRACT: for use when defining other object classes.Required Attributes description, objectClass, service-advert-scopes, service-advert-service-type,

template-major-version-number, template-minor-version-number, template-url-syntax

slpServicePrinterNames slpServicePrinterOrigin RFC 3712Superior Classes slpServiceDescription Service Location Protocol (SLP) information.Optional Attributes service-advert-attribute-authenticator, service-advert-url-authenticatorSchema File 03-rfc3712.ldifOID 1.3.18.0.2.6.254Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes description, objectClass, service-advert-scopes, service-advert-service-type,

template-major-version-number, template-minor-version-number, template-url-syntax

SolarisAuditUserNames SolarisAuditUserOrigin Solaris SpecificSuperior Classes topOptional Attributes SolarisAuditAlways, SolarisAuditNeverSchema File 05-solaris.ldifOID 1.3.6.1.4.1.42.2.27.5.2.2Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


SolarisAuthAttrNames SolarisAuthAttr


Object ClassesSolarisExecAttr


Origin Solaris SpecificSuperior Classes topDescription Authorizations dataOptional Attributes SolarisAttrKeyValue, SolarisAttrLongDesc, SolarisAttrReserved1,

SolarisAttrReserved2, SolarisAttrShortDescSchema File 05-solaris.ldifOID 1.3.6.1.4.1.42.2.27.5.2.4Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


SolarisExecAttrNames SolarisExecAttrOrigin Solaris SpecificSuperior Classes topDescription Profiles execution attributesOptional Attributes SolarisAttrKeyValue, SolarisAttrReserved1, SolarisAttrReserved2,

SolarisKernelSecurityPolicy, SolarisProfileId, SolarisProfileTypeSchema File 05-solaris.ldifOID 1.3.6.1.4.1.42.2.27.5.2.6Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


SolarisNamingProfileNames SolarisNamingProfileOrigin Solaris SpecificSuperior Classes topDescription Solaris LDAP Naming client profile objectClassOptional Attributes SolarisAuthMethod, SolarisBindDN, SolarisBindPassword, SolarisBindTimeLimit,

SolarisCacheTTL, SolarisCertificatePassword, SolarisCertificatePath,SolarisDataSearchDN, SolarisPreferredServer, SolarisPreferredServerOnly,SolarisSearchReferral, SolarisSearchScope, SolarisSearchTimeLimit,SolarisTransportSecurity

Schema File 05-solaris.ldif

Object ClassesSolarisProfAttr


OID 1.3.6.1.4.1.42.2.27.5.2.7Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes SolarisLDAPServers, SolarisSearchBaseDN, cn, objectClass

SolarisProfAttr

Names SolarisProfAttrOrigin Solaris SpecificSuperior Classes topDescription Profiles dataOptional Attributes SolarisAttrKeyValue, SolarisAttrLongDesc, SolarisAttrReserved1,

SolarisAttrReserved2Schema File 05-solaris.ldifOID 1.3.6.1.4.1.42.2.27.5.2.5Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


SolarisProject

Names SolarisProjectOrigin Solaris SpecificSuperior Classes topOptional Attributes SolarisProjectAttr, description, memberGid, memberUidSchema File 05-solaris.ldifOID 1.3.6.1.4.1.42.2.27.5.2.1Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes SolarisProjectID, SolarisProjectName, objectClass

SolarisUserAttr

Names SolarisUserAttr

Object ClassesstrongAuthenticationUser


Origin Solaris SpecificSuperior Classes topDescription User attributesOptional Attributes SolarisAttrKeyValue, SolarisAttrReserved1, SolarisAttrReserved2,

SolarisUserQualifierSchema File 05-solaris.ldifOID 1.3.6.1.4.1.42.2.27.5.2.3Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


strongAuthenticationUserObject class for augmenting entries that use certificate-based authentication, as described in X.521clause 6.15.

This object class is deprecated. Use pkiUser instead.

Names strongAuthenticationUserOrigin RFC 4523Superior Classes topSchema File 00-core.ldifOID 2.5.6.15Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes objectClass, userCertificate

subentrySubentries are analogous to operational attributes in that they are used by the server foradministrative purposes. Examples include password policies, entries for allocating collectiveattributes, and the entry exposing directory schema.

Unlike entries in the server-specific configuration backend, Subentries are present in and replicatedwith user data. Modifying subentries nevertheless requires the subentry-write administrative privilege.

For details, see RFC 3672, Subentries in the Lightweight Directory Access Protocol .

Names subentry



Object Classessubschema


Origin RFC 3672Superior Classes topDescription LDAP Subentry classSchema File 00-core.ldifOID 2.5.17.0Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes cn, objectClass, subtreeSpecification

subschemaAuxiliary object class for entries holding LDAP schema definitions.

Names subschemaOrigin RFC 4512Optional Attributes attributeTypes, dITContentRules, dITStructureRules, matchingRuleUse,

matchingRules, nameForms, objectClassesSchema File 00-core.ldifOID 2.5.20.1Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


sunAMAuthAccountLockoutThis object class stores AM profile information.

Names sunAMAuthAccountLockoutOrigin OpenSSOSuperior Classes topDescription Invalid Login Attempts Object ClassOptional Attributes sunAMAuthInvalidAttemptsDataSchema File 60-identity-store-ds-schema.ldifOID 1.3.6.1.4.1.42.2.27.9.2.118Class Type AUXILIARY: for use in augmenting attributes of entries that already have a




Object ClassessunFMSAML2NameIdentifier


sunFMSAML2NameIdentifierThis object class stores AM profile information.

Names sunFMSAML2NameIdentifierOrigin OpenSSOSuperior Classes topDescription SAML 2.0 name identifier objectclassOptional Attributes sun-fm-saml2-nameid-info, sun-fm-saml2-nameid-infokeySchema File 60-identity-store-ds-schema.ldifOID 1.3.6.1.4.1.42.2.27.9.2.148Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


sunPrinterNames sunPrinterOrigin Solaris SpecificSuperior Classes topDescription Sun printer informationOptional Attributes sun-printer-bsdaddr, sun-printer-kvpSchema File 05-solaris.ldifOID 1.3.6.1.4.1.42.2.27.5.2.14Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes objectClass, printer-name

sunRealmServiceThis object class stores AM configuration data.

Names sunRealmServiceOrigin Sun Java System Identity ManagementSuperior Classes topDescription object containing service information for realms

Object Classessunservice


Optional Attributes description, labeledURI, o, sunKeyValue, sunxmlKeyValueSchema File 60-config-schema.ldifOID 1.3.6.1.4.1.42.2.27.9.2.104Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


sunserviceThis object class stores AM configuration data.

Names sunserviceOrigin Sun Java System Identity ManagementSuperior Classes topDescription object containing service informationOptional Attributes description, labeledURI, sunKeyValue, sunPluginSchema, sunServiceSchema,

sunxmlKeyValueSchema File 60-config-schema.ldifOID 1.3.6.1.4.1.42.2.27.9.2.25Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


sunservicecomponentThis object class stores AM configuration data.

Names sunservicecomponentOrigin Sun Java System Identity ManagementSuperior Classes organizationalUnitDescription Sub-components of the serviceOptional Attributes businessCategory, description, destinationIndicator, facsimileTelephoneNumber,

internationaliSDNNumber, l, labeledURI, physicalDeliveryOfficeName,postOfficeBox, postalAddress, postalCode, preferredDeliveryMethod,registeredAddress, searchGuide, seeAlso, st, street, sunKeyValue, sunserviceID,sunsmspriority, sunxmlKeyValue, telephoneNumber, teletexTerminalIdentifier,telexNumber, userPassword, x121Address

Schema File 60-config-schema.ldif

Object Classestop


OID 1.3.6.1.4.1.42.2.27.9.2.27Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


topThe top-level object class, which is the abstract parent of all structural object class hierarchies.

Names topOrigin RFC 4512Schema File 00-core.ldifOID 2.5.6.0Class Type ABSTRACT: for use when defining other object classes.Required Attributes objectClass

uddiAddressThis entry represents an address contained by a UDDI contact.

Names uddiAddressOrigin RFC 4403Superior Classes topOptional Attributes uddiAddressLine, uddiLang, uddiSortCode, uddiTModelKey, uddiUseType,

uddiv3TModelKeySchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.6.3Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes objectClass, uddiUUID

uddiBindingTemplateThis entry represents a UDDI binding template.

Names uddiBindingTemplateOrigin RFC 4403




Object ClassesuddiBusinessEntity


Superior Classes topOptional Attributes uddiAccessPoint, uddiCategoryBag, uddiDescription, uddiHostingRedirector,

uddiServiceKey, uddiv3BindingKey, uddiv3DigitalSignature,uddiv3EntityCreationTime, uddiv3NodeId, uddiv3ServiceKey

Schema File 03-uddiv3.ldifOID 1.3.6.1.1.10.6.5Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes objectClass, uddiBindingKey

uddiBusinessEntityThis entry represents a UDDI business entity.

Names uddiBusinessEntityOrigin RFC 4403Superior Classes topOptional Attributes uddiAuthorizedName, uddiCategoryBag, uddiDescription, uddiDiscoveryURLs,

uddiIdentifierBag, uddiOperator, uddiv3BusinessKey, uddiv3DigitalSignature,uddiv3EntityModificationTime, uddiv3NodeId


structural object class superclass chain.Required Attributes objectClass, uddiBusinessKey, uddiName

uddiBusinessServiceThis entry represents a UDDI business service.

Names uddiBusinessServiceOrigin RFC 4403Superior Classes topOptional Attributes uddiBusinessKey, uddiCategoryBag, uddiDescription, uddiIsProjection, uddiName,

uddiv3BusinessKey, uddiv3DigitalSignature, uddiv3EntityCreationTime,uddiv3EntityModificationTime, uddiv3NodeId, uddiv3ServiceKey

Schema File 03-uddiv3.ldifOID 1.3.6.1.1.10.6.4



Object ClassesuddiContact



Required Attributes objectClass, uddiServiceKey

uddiContactThis entry represents a contact contained by a UDDI business entity.

Names uddiContactOrigin RFC 4403Superior Classes topOptional Attributes uddiDescription, uddiEMail, uddiPhone, uddiUseTypeSchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.6.2Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes objectClass, uddiPersonName, uddiUUID

uddiPublisherAssertionThis entry represents a UDDI publisher assertion.

Names uddiPublisherAssertionOrigin RFC 4403Superior Classes topOptional Attributes uddiv3DigitalSignature, uddiv3NodeIdSchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.6.8Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes objectClass, uddiFromKey, uddiKeyedReference, uddiToKey, uddiUUID

uddiTModelThis entry represents a UDDI template model.

Names uddiTModel



Object ClassesuddiTModelInstanceInfo


Origin RFC 4403Superior Classes topOptional Attributes uddiAuthorizedName, uddiCategoryBag, uddiDescription, uddiIdentifierBag,

uddiIsHidden, uddiOperator, uddiOverviewDescription, uddiOverviewURL,uddiv3DigitalSignature, uddiv3NodeId, uddiv3TModelKey


structural object class superclass chain.Required Attributes objectClass, uddiName, uddiTModelKey

uddiTModelInstanceInfoThis entry represents a UDDI template model instance info object.

Names uddiTModelInstanceInfoOrigin RFC 4403Superior Classes topOptional Attributes uddiDescription, uddiInstanceDescription, uddiInstanceParms,

uddiOverviewDescription, uddiOverviewURL, uddiv3TModelKeySchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.6.6Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one

structural object class superclass chain.Required Attributes objectClass, uddiTModelKey

uddiv3EntityObituaryThis entry represents a UDDI entity obituary that contains information for a deleted UDDIv3 entity.

Names uddiv3EntityObituaryOrigin RFC 4403Superior Classes topOptional Attributes uddiAuthorizedName, uddiv3EntityCreationTime, uddiv3EntityDeletionTime,

uddiv3NodeIdSchema File 03-uddiv3.ldifOID 1.3.6.1.1.10.6.10




Object Classesuddiv3Subscription



Required Attributes objectClass, uddiUUID, uddiv3EntityKey

uddiv3SubscriptionThis entry represents a UDDI subscription entity.

Names uddiv3SubscriptionOrigin RFC 4403Superior Classes topOptional Attributes uddiAuthorizedName, uddiv3BindingKey, uddiv3BriefResponse,

uddiv3ExpiresAfter, uddiv3MaxEntities, uddiv3NodeId, uddiv3NotificationInterval,uddiv3SubscriptionKey


structural object class superclass chain.Required Attributes objectClass, uddiUUID, uddiv3SubscriptionFilter

uidObjectThis object class permits the entry to contain user identification information.

Names uidObjectOrigin RFC 4519Superior Classes topSchema File 00-core.ldifOID 1.3.6.1.1.3.1Class Type AUXILIARY: for use in augmenting attributes of entries that already have a

structural object class.Required Attributes objectClass, uid

untypedObjectNames untypedObjectOrigin draft-furuseth-ldap-untypedobject



https://tools.ietf.org/html/draft-furuseth-ldap-untypedobject

Object ClassesuserSecurityInformation


Superior Classes topDescription Entry of no particular typeOptional Attributes c, cn, dc, description, l, o, ou, owner, seeAlso, st, street, uidSchema File 00-core.ldifOID 1.3.6.1.4.1.26027.1.2.900Class Type STRUCTURAL: for structural specification of the DIT. Entries have only one


userSecurityInformationObject class for augmenting entries with additional security information, as described in X.521 clause6.16.

Names userSecurityInformationOrigin RFC 4523Superior Classes topOptional Attributes supportedAlgorithmsSchema File 00-core.ldifOID 2.5.6.18Class Type AUXILIARY: for use in augmenting attributes of entries that already have a


webauthnDeviceProfilesContainerNames webauthnDeviceProfilesContainerOrigin OpenAMSuperior Classes topDescription Class containing WebAuthn device profilesOptional Attributes webauthnDeviceProfilesSchema File 60-identity-store-ds-webauthndevices.ldifInterface Stability Internal use only. Do not remove or modify. Subject to change without notice.OID 1.3.6.1.4.1.36733.2.2.2.12Class Type AUXILIARY: for use in augmenting attributes of entries that already have a



Object ClasseswebauthnDeviceProfilesContainer



Syntaxes


Chapter 8

SyntaxesThis chapter covers schema definitions for syntaxes:

• "Attribute Type Description"

• "Authentication Password Syntax"

• "Binary"

• "Bit String"

• "Boolean"

• "Certificate"

• "Certificate List"

• "Certificate Pair"

• "Collective Conflict Behavior"

• "Counter metric"

• "Country String"

• "CSN (Change Sequence Number)"

• "Delivery Method"

• "Directory String"

• "DIT Content Rule Description"

• "DIT Structure Rule Description"

• "DN"

• "Duration in milli-seconds"

• "Enhanced Guide"

• "Expression syntax for Boolean"

• "Expression syntax for Certificate"

• "Expression syntax for Directory String"

Syntaxes


• "Expression syntax for DN"

• "Expression syntax for Generalized Time"

• "Expression syntax for IA5 String"

• "Expression syntax for Integer"

• "Expression syntax for Numeric String"

• "Expression syntax for Octet String"

• "Expression syntax for OID"

• "Expression syntax for Sun-defined Access Control Information"

• "Expression syntax for User Password"

• "Facsimile Telephone Number"

• "Fax"

• "Filesystem path"

• "Generalized Time"

• "Guide"

• "Host port"

• "IA5 String"

• "Integer"

• "JPEG"

• "Json"

• "Json Query"

• "LDAP Syntax Description"

• "Matching Rule Description"

• "Matching Rule Use Description"

• "Name and Optional JSON"

• "Name and Optional UID"

• "Name Form Description"

• "Numeric String"

• "Object Class Description"

SyntaxesAttribute Type Description


• "Octet String"

• "OID"

• "Other Mailbox"

• "Postal Address"

• "Presentation Address"

• "Printable String"

• "Protocol Information"

• "Size in bytes"

• "Substring Assertion"

• "Subtree Specification"

• "Summary metric"

• "Sun-defined Access Control Information"

• "Supported Algorithm"

• "Telephone Number"

• "Teletex Terminal Identifier"

• "Telex Number"

• "Timer metric"

• "User Password"

• "UTC Time"

• "UUID"

• "X.509 Certificate Exact Assertion"

Attribute Type DescriptionValues of this syntax define attribute types.

The syntax corresponds to the AttributeTypeDescription ASN.1 type defined by X.501.

Origin RFC 4517Description Attribute Type DescriptionOID 1.3.6.1.4.1.1466.115.121.1.3


SyntaxesAuthentication Password Syntax


Authentication Password SyntaxValues of this syntax hold encoded or hashed passwords.

The syntax follows this ABNF:

authPasswordValue = w scheme s authInfo s authValue wscheme = %x30-39 / %x41-5A / %x2D-2F / %x5F ; 0-9, A-Z, "-", ".", "/", or "_"authInfo = schemeSpecificValueauthValue = schemeSpecificValue schemeSpecificValue = *( %x21-23 / %x25-7E ) ; printable ASCII less "$" and " "s = w SEP ww = *SPSEP = %x24 ; "$"SP = %x20 ; " " (space)

The scheme describes the mechanism.

The authInfo is often base64-encoded salt.

The authValue is often a base64-encoded value derived from the password(s).

Origin RFC 3112Description Authentication Password SyntaxOID 1.3.6.1.4.1.4203.1.1.2

BinaryValues of this syntax hold binary values.

The values are BER-encoded instances of an attribute value ASN.1 data type for X.500, where thefirst byte inside the OCTET STRING wrapper is a tag octet, and the OCTET STRING is encoded inprimitive form.

Origin RFC 4517Description BinaryOID 1.3.6.1.4.1.1466.115.121.1.5

Bit StringValues of this syntax hold a sequence of binary digits.

The syntax follows this ABNF, corresponding to the BIT STRING ASN.1 type:



SyntaxesBoolean


BitString = SQUOTE *binary-digit SQUOTE "B"binary-digit = "0" / "1"

Origin RFC 4517Description Bit StringOID 1.3.6.1.4.1.1466.115.121.1.6

BooleanValues of this syntax hold a Boolean value, either TRUE or FALSE.

The syntax follows the BOOLEAN ASN.1 type.

Origin RFC 4517Description BooleanOID 1.3.6.1.4.1.1466.115.121.1.7

CertificateValues of this syntax hold an X.509 certificate.

Request values using the binary option for the attribute description, such as userCertificate;binary.

Values of this syntax and the form of each value must be preserved as presented to avoid corruptingthe digital signature.

Origin RFC 4523Description CertificateOID 1.3.6.1.4.1.1466.115.121.1.8

Certificate ListValues of this syntax hold an X.509 CertificateList as described in X.509, clause 7.3.

Request values using the binary option for the attribute description, such ascertificateRevocationList;binary.


Origin RFC 4523





SyntaxesCertificate Pair


Description Certificate ListOID 1.3.6.1.4.1.1466.115.121.1.9

Certificate PairValues of this syntax hold an X.509 CertificatePair as described in X.509, clause 11.2.3.

Request values using the binary option for the attribute description, such ascrossCertificatePair;binary.


Origin RFC 4523Description Certificate PairOID 1.3.6.1.4.1.1466.115.121.1.10

Collective Conflict BehaviorValues of this syntax indicate how to handle conflicts between real (stored) and virtual (computed)attribute values.

Schema File 00-core.ldifDescription Collective Conflict BehaviorAcceptable Values real-overrides-virtual, virtual-overrides-real, merge-real-and-virtualOID 1.3.6.1.4.1.26027.1.3.6

Counter metricOrigin OpenDJ Directory ServerSchema File 02-config.ldifDescription Counter metricSubstitute Syntax IntegerOID 1.3.6.1.4.1.36733.2.1.3.10

Country StringValues of this syntax hold two-character country codes as defined in the ISO 3166 standard.


http://www.iso.org/iso/country_codes.htm

SyntaxesCSN (Change Sequence Number)


Origin RFC 4517Description Country StringOID 1.3.6.1.4.1.1466.115.121.1.11

CSN (Change Sequence Number)Origin OpenDJ Directory ServerSchema File 02-config.ldifDescription CSN (Change Sequence Number)Substitute Syntax Directory StringOID 1.3.6.1.4.1.36733.2.1.3.9

Delivery MethodValues of this syntax have values that are sequences of items that indicate the service(s) by which anentity can receive messages, in order of preference.


DeliveryMethod = pdm *( WSP DOLLAR WSP pdm )pdm = "any" / "mhs" / "physical" / "telex" / "teletex" / "g3fax" / "g4fax" / "ia5" / "videotex" / "telephone"WSP = 0*SPACE ; zero or more " "DOLLAR = %x24 ; dollar sign ("$")SPACE = %x20 ; space (" ")

Origin RFC 4517Description Delivery MethodOID 1.3.6.1.4.1.1466.115.121.1.14

Directory StringValues of this syntax hold strings of one or more arbitrary characters from the Universal CharacterSet (UCS). A zero-length character string is not permitted for this syntax.

LDAP encodes these values in UTF-8, as specified in RFC 3629.

Client applications must accept arbitrary UCS code points, including code points outside theprintable range, and code points not presently assigned to any character.




SyntaxesDIT Content Rule Description


Origin RFC 4517Description Directory StringOID 1.3.6.1.4.1.1466.115.121.1.15

DIT Content Rule DescriptionValues of this syntax define DIT content rules.

The syntax corresponds to the DITContentRuleDescription ASN.1 type defined by X.501.

Origin RFC 4517Description DIT Content Rule DescriptionOID 1.3.6.1.4.1.1466.115.121.1.16

DIT Structure Rule DescriptionValues of this syntax define DIT structure rules.

The syntax corresponds to the DITStructureRuleDescription ASN.1 type defined by X.501.

Origin RFC 4517Description DIT Structure Rule DescriptionOID 1.3.6.1.4.1.1466.115.121.1.17

DNValues of this syntax hold the distinguished name (DN) of an entry.

The syntax corresponds to the DistinguishedName ASN.1 type defined by X.501.

Origin RFC 4517Description DNOID 1.3.6.1.4.1.1466.115.121.1.12

Duration in milli-secondsOrigin OpenDJ Directory ServerSchema File 02-config.ldif





SyntaxesEnhanced Guide


Description Duration in milli-secondsSubstitute Syntax IntegerOID 1.3.6.1.4.1.36733.2.1.3.4

Enhanced GuideValues of this syntax suggest criteria to be used in constructing filters to search for entries of aparticular object class. The criteria are combinations of attribute types and filter operators.

For example, the value person#(sn$EQ)#oneLevel suggests searching for person entries with an equalityfilter to match surname (SN) attribute values with a scope of one level below the base DN.


EnhancedGuide = object-class SHARP WSP criteria WSP SHARP WSP subsetobject-class = WSP oid WSPsubset = "baseobject" / "oneLevel" / "wholeSubtree"

criteria = and-term *( BAR and-term )and-term = term *( AMPERSAND term )term = EXCLAIM term / attributetype DOLLAR match-type / LPAREN criteria RPAREN / true / falsematch-type = "EQ" / "SUBSTR" / "GE" / "LE" / "APPROX"true = "?true"false = "?false"BAR = %x7C ; vertical bar ("|")AMPERSAND = %x26 ; ampersand ("&")EXCLAIM = %x21 ; exclamation mark ("!")

WSP = 0*SPACE ; zero or more " "DOLLAR = %x24 ; dollar sign ("$")SPACE = %x20 ; space (" ")SHARP = %x23 ; octothorpe (or sharp sign) ("#")LPAREN = %x28 ; left paren ("(")RPAREN = %x29 ; right paren (")")

attributetype = oidoid = descr / numericoiddescr = keystringnumericoid = number 1*( DOT number )keystring = leadkeychar *keycharleadkeychar = ALPHAkeychar = ALPHA / DIGIT / HYPHENnumber = DIGIT / ( LDIGIT 1*DIGIT )ALPHA = %x41-5A / %x61-7A ; "A"-"Z" / "a"-"z"DIGIT = %x30 / LDIGIT ; "0"-"9"LDIGIT = %x31-39 ; "1"-"9"HEX = DIGIT / %x41-46 / %x61-66 ; "0"-"9" / "A"-"F" / "a"-"f"

SyntaxesExpression syntax for Boolean


The syntax corresponds to the EnhancedGuide ASN.1 type defined by X.520.

Origin RFC 4517Description Enhanced GuideOID 1.3.6.1.4.1.1466.115.121.1.21

Expression syntax for BooleanValues of this syntax hold either a Boolean value, or a configuration expression that evaluates to aBoolean value.

Origin OpenDJ Directory ServerDescription Expression syntax for BooleanOID 1.3.6.1.4.1.36733.2.1.3.3.7

Expression syntax for CertificateValues of this syntax hold either an X.509 certificate value, or a configuration expression thatevaluates to an X.509 certificate value.

Origin OpenDJ Directory ServerDescription Expression syntax for CertificateOID 1.3.6.1.4.1.36733.2.1.3.3.8

Expression syntax for Directory StringValues of this syntax hold either an LDAP directory string value, or a configuration expression thatevaluates to an LDAP directory string value.

Origin OpenDJ Directory ServerDescription Expression syntax for Directory StringOID 1.3.6.1.4.1.36733.2.1.3.3.15

Expression syntax for DNValues of this syntax hold either a DN value, or a configuration expression that evaluates to a DNvalue.


SyntaxesExpression syntax for Generalized Time


Origin OpenDJ Directory ServerDescription Expression syntax for DNOID 1.3.6.1.4.1.36733.2.1.3.3.12

Expression syntax for Generalized TimeValues of this syntax hold either a generalized time value, or a configuration expression thatevaluates to a generalized time value.

Origin OpenDJ Directory ServerDescription Expression syntax for Generalized TimeOID 1.3.6.1.4.1.36733.2.1.3.3.24

Expression syntax for IA5 StringValues of this syntax hold either an IA5 string value, or a configuration expression that evaluates toan IA5 string value.

Origin OpenDJ Directory ServerDescription Expression syntax for IA5 StringOID 1.3.6.1.4.1.36733.2.1.3.3.26

Expression syntax for IntegerValues of this syntax hold either an integer value, or a configuration expression that evaluates to aninteger value.

Origin OpenDJ Directory ServerDescription Expression syntax for IntegerOID 1.3.6.1.4.1.36733.2.1.3.3.27

Expression syntax for Numeric StringValues of this syntax hold either a numeric string value, or a configuration expression that evaluatesto a numeric string value.


SyntaxesExpression syntax for Octet String


Description Expression syntax for Numeric StringOID 1.3.6.1.4.1.36733.2.1.3.3.36

Expression syntax for Octet StringValues of this syntax hold either an octet string value, or a configuration expression that evaluates toan octet string value.

Origin OpenDJ Directory ServerDescription Expression syntax for Octet StringOID 1.3.6.1.4.1.36733.2.1.3.3.40

Expression syntax for OIDValues of this syntax hold either an OID value, or a configuration expression that evaluates to an OIDvalue.

Origin OpenDJ Directory ServerDescription Expression syntax for OIDOID 1.3.6.1.4.1.36733.2.1.3.3.38

Expression syntax for Sun-defined Access Control InformationValues of this syntax hold either an access control instruction, or a configuration expression thatevaluates to an access control instruction.

Origin OpenDJ Directory ServerDescription Expression syntax for Sun-defined Access Control InformationOID 1.3.6.1.4.1.36733.2.1.3.3.14

Expression syntax for User PasswordValues of this syntax hold either an encoded password value, or a configuration expression thatevaluates to an encoded password value.

Origin OpenDJ Directory ServerDescription Expression syntax for User PasswordOID 1.3.6.1.4.1.36733.2.1.3.3.11

SyntaxesFacsimile Telephone Number


Facsimile Telephone NumberValues of this syntax hold fax telephone numbers with optional additional fax parameters.


fax-number = telephone-number *( DOLLAR fax-parameter )telephone-number = PrintableStringfax-parameter = "twoDimensional" / "fineResolution" / "unlimitedLength" / "b4Length" / "a3Width" / "b4Width" / "uncompressed"

Origin RFC 4517Description Facsimile Telephone NumberOID 1.3.6.1.4.1.1466.115.121.1.22

FaxValues of this syntax hold fax images produced by the Group 3 facsimile process, as described inTerminal Equipment and Protocols for Telematic Services, ITU-T Recommendation T.4.

The ASN.1 type corresponds to this Fax syntax, assuming EXPLICIT TAGS:

Fax ::= CHOICE { g3-facsimile [3] G3FacsimileBodyPart}

The G3FacsimileBodyPart ASN.1 type is defined by X.420.

Origin RFC 4517Description FaxOID 1.3.6.1.4.1.1466.115.121.1.23

Filesystem path




SyntaxesGeneralized Time


Schema File 02-config.ldifDescription Filesystem pathSubstitute Syntax Directory StringOID 1.3.6.1.4.1.36733.2.1.3.8

Generalized TimeValues of this syntax hold generalized times, character strings representing a date and time.


GeneralizedTime = century year month day hour [ minute [ second / leap-second ] ] [ fraction ] g-time-zone

century = 2(%x30-39) ; "00" to "99"year = 2(%x30-39) ; "00" to "99"month = ( %x30 %x31-39 ) ; "01" (January) to "09" / ( %x31 %x30-32 ) ; "10" to "12"day = ( %x30 %x31-39 ) ; "01" to "09" / ( %x31-32 %x30-39 ) ; "10" to "29" / ( %x33 %x30-31 ) ; "30" to "31"hour = ( %x30-31 %x30-39 ) / ( %x32 %x30-33 ) ; "00" to "23"minute = %x30-35 %x30-39 ; "00" to "59"

second = ( %x30-35 %x30-39 ) ; "00" to "59"leap-second = ( %x36 %x30 ) ; "60"

fraction = ( DOT / COMMA ) 1*(%x30-39)g-time-zone = %x5A ; "Z" / g-differentialg-differential = ( MINUS / PLUS ) hour [ minute ]MINUS = %x2D ; minus sign ("-")PLUS = %x2B ; plus sign ("+")

Where the ABNF allows invalid times, such as Feb. 31, 2017, the values are considered invalid.

When the "Z" form of the time zone is used, the time value represents universal coordinated time.Otherwise, it represents a local time in the time zone indicated by the g-differential.

Example: 201702151036Z meaning 10:36 AM, February 15, 2017 universal coordinated time.

The syntax corresponds to the GeneralizedTime ASN.1 type, with the exception that local times withouta differential are not permitted.

Origin RFC 4517Description Generalized Time


SyntaxesGuide


OID 1.3.6.1.4.1.1466.115.121.1.24

GuideValues of this syntax suggest criteria to be used in constructing filters to search for entries of aparticular object class. The criteria are combinations of attribute types and filter operators.

This syntax is considered obsolete, and should not be used when defining new attribute types. Thealternative is EnhancedGuide.

Origin RFC 4517Description GuideOID 1.3.6.1.4.1.1466.115.121.1.25

Host portOrigin OpenDJ Directory ServerSchema File 02-config.ldifDescription Host portSubstitute Syntax Directory StringOID 1.3.6.1.4.1.36733.2.1.3.11

IA5 StringValues of this syntax hold strings of zero or more characters from International Alphabet 5 (IA5),the international version of the ASCII character set. The set is defined in International ReferenceAlphabet (IRA) (Formerly International Alphabet No. 5 or IA5) Information Technology - 7-Bit CodedCharacter Set for Information Interchange, ITU-T Recommendation T.50.


IA5String = *(%x00-7F)

The syntax corresponds to the IA5String ASN.1 type.

Origin RFC 4517Description IA5 StringOID 1.3.6.1.4.1.1466.115.121.1.26



SyntaxesInteger


IntegerValues of this syntax hold whole numbers of unlimited magnitude.


Integer = ( HYPHEN LDIGIT *DIGIT ) / numbernumber = DIGIT / ( LDIGIT 1*DIGIT )HYPHEN = %x2D ; hyphen ("-")DIGIT = %x30 / LDIGIT ; "0"-"9"LDIGIT = %x31-39 ; "1"-"9"

The syntax corresponds to the INTEGER ASN.1 type.

Origin RFC 4517Description IntegerOID 1.3.6.1.4.1.1466.115.121.1.27

JPEGValues of this syntax hold images in the JPEG File Interchange Format (JFIF), as described in JPEGFile Interchange Format (Version 1.02). The values are the sequence of octets of the JFIF encoding.

The syntax corresponds to the following ASN.1 type:

JPEG ::= OCTET STRING (CONSTRAINED BY { -- contents octets are an image in the -- -- JPEG File Interchange Format -- })

Origin RFC 4517Description JPEGOID 1.3.6.1.4.1.1466.115.121.1.28

JsonValues of this syntax hold JavaScript Object Notation (JSON) documents.

The syntax is specified in RFC 7159.

Origin OpenDJ Directory ServerDescription JsonOID 1.3.6.1.4.1.36733.2.1.3.1




SyntaxesJson Query


Json QueryValues of this syntax hold ForgeRock® Common REST JSON Query filter strings. See the directorydocumentation for details.

Origin OpenDJ Directory ServerDescription Json QueryOID 1.3.6.1.4.1.36733.2.1.3.2

LDAP Syntax DescriptionValues of this syntax define LDAP syntaxes.

The syntax corresponds to the following ASN.1 type:

LDAPSyntaxDescription ::= SEQUENCE { identifier OBJECT IDENTIFIER, description DirectoryString { ub-schema } OPTIONAL }

DirectoryString is defined in X.520. The integer value of ub-schema depends on the implementation.

Origin RFC 4517Description LDAP Syntax DescriptionOID 1.3.6.1.4.1.1466.115.121.1.54

Matching Rule DescriptionValues of this syntax define matching rules.

The syntax corresponds to the MatchingRuleDescription ASN.1 type defined by X.501.

Origin RFC 4517Description Matching Rule DescriptionOID 1.3.6.1.4.1.1466.115.121.1.30

Matching Rule Use DescriptionValues of this syntax define matching rule uses.



SyntaxesName and Optional JSON


The syntax corresponds to the MatchingRuleUseDescription ASN.1 type defined by X.501.

Origin RFC 4517Description Matching Rule Use DescriptionOID 1.3.6.1.4.1.1466.115.121.1.31

Name and Optional JSONValues of this syntax hold a DN optionally prepended with a JSON object. Examples:attribute: uid=bjensen,ou=people,dc=example,dc=comattribute: {"json": "value"}uid=bjensen,ou=people,dc=example,dc=com

Origin OpenDJ Directory ServerDescription Name and Optional JSONOID 1.3.6.1.4.1.36733.2.1.3.12

Name and Optional UIDValues of this syntax hold a DN followed by an optional unique identifier to distinguish the name fromothers with the same DN.


NameAndOptionalUID = distinguishedName [ SHARP BitString ]

Example: uid=bjensen,ou=people,dc=example,dc=com#'0101'B.

The syntax corresponds to the NameAndOptionalUID ASN.1 type defined by X.501.

Origin RFC 4517Description Name and Optional UIDOID 1.3.6.1.4.1.1466.115.121.1.34

Name Form DescriptionValues of this syntax define name forms.

The syntax corresponds to the NameFormDescription ASN.1 type defined by X.501.



SyntaxesNumeric String


Origin RFC 4517Description Name Form DescriptionOID 1.3.6.1.4.1.1466.115.121.1.35

Numeric StringValues of this syntax hold sequences of one or more numerals and spaces.


NumericString = 1*(DIGIT / SPACE)

Example: 123 456 789 0.

The syntax corresponds to the NumericString ASN.1 type.

Origin RFC 4517Description Numeric StringOID 1.3.6.1.4.1.1466.115.121.1.36

Object Class DescriptionValues of this syntax define object classes.

The syntax corresponds to the ObjectClassDescription ASN.1 type defined by X.501.

Origin RFC 4517Description Object Class DescriptionOID 1.3.6.1.4.1.1466.115.121.1.37

Octet StringValues of this syntax hold sequences of zero or more arbitrary octets.


OctetString = *OCTETOCTET = %x00-FF ; Any octet (8-bit data unit)




SyntaxesOID


The syntax corresponds to the OCTET STRING ASN.1 type.

Origin RFC 4517Description Octet StringOID 1.3.6.1.4.1.1466.115.121.1.40

OIDValues of this syntax hold Object Identifiers (OID), sequences of two or more non-negative integersthat uniquely identify some object or item of specification.

Examples: 1.2.3.4, cn.

The syntax corresponds to the OBJECT IDENTIFIER ASN.1 type.

Origin RFC 4517Description OIDOID 1.3.6.1.4.1.1466.115.121.1.38

Other MailboxValues of this syntax hold electronic mail addresses for a particular mail system.


OtherMailbox = mailbox-type DOLLAR mailboxmailbox-type = PrintableStringmailbox = IA5String

The mailbox-type identifies the mail system. The mailbox identifies the mail box within the system.

The syntax corresponds to this ASN.1 type, assuming EXPLICIT TAGS:

OtherMailbox ::= SEQUENCE { mailboxType PrintableString, mailbox IA5String}

Origin RFC 4517Description Other MailboxOID 1.3.6.1.4.1.1466.115.121.1.39




SyntaxesPostal Address


Postal AddressValues of this syntax hold sequences of strings of one or more arbitrary UCS characters, which forman address in a physical mail system.


PostalAddress = line *( DOLLAR line )line = 1*line-charline-char = %x00-23 / (%x5C "24") ; escaped "$" / %x25-5B / (%x5C "5C") ; escaped "\" / %x5D-7F / UTFMB

DOLLAR = %x24 ; dollar sign ("$")UTFMB = UTF2 / UTF3 / UTF4UTF1 = %x00-7FUTF2 = %xC2-DF UTF0UTF3 = %xE0 %xA0-BF UTF0 / %xE1-EC 2(UTF0) / %xED %x80-9F UTF0 / %xEE-EF 2(UTF0)UTF4 = %xF0 %x90-BF 2(UTF0) / %xF1-F3 3(UTF0) / %xF4 %x80-8F 2(UTF0)

Example: 1234 Main St.$Anytown, CA 12345$USA.

The syntax corresponds to the PostalAddress ASN.1 type:

PostalAddress ::= SEQUENCE SIZE(1..ub-postal-line) OF DirectoryString { ub-postal-string }

The integers ub-postal-line and ub-postal-string depend on the implementation. The syntax is definedin X.520.

Origin RFC 4517Description Postal AddressOID 1.3.6.1.4.1.1466.115.121.1.41

Presentation AddressValues of this syntax hold presentation addresses used when addressing other OSI applicationentities.

The syntax is described in RFC 1278, A string encoding of Presentation Address. However, thisimplementation treats the syntax exactly like DirectoryString syntax.



SyntaxesPrintable String


Origin RFC 2252Description Presentation AddressOID 1.3.6.1.4.1.1466.115.121.1.43

Printable StringValues of this syntax hold strings of one or more latin alphabetic, numeric, and selected punctuationcharacters as described by the following ABNF:

PrintableString = 1*PrintableCharacterPrintableCharacter = ALPHA / DIGIT / SQUOTE / LPAREN / RPAREN / PLUS / COMMA / HYPHEN / DOT / EQUALS / SLASH / COLON / QUESTION / SPACEALPHA = %x41-5A / %x61-7A ; "A"-"Z" / "a"-"z"DIGIT = %x30 / LDIGIT ; "0"-"9"LDIGIT = %x31-39 ; "1"-"9"SPACE = %x20 ; space (" ")SQUOTE = %x27 ; single quote ("'")LPAREN = %x28 ; left paren ("(")RPAREN = %x29 ; right paren (")")PLUS = %x2B ; plus sign ("+")COMMA = %x2C ; comma (",")HYPHEN = %x2D ; hyphen ("-")DOT = %x2E ; period (".")EQUALS = %x3D ; equals sign ("=")SLASH = %x2F ; forward slash ("/")COLON = %x3A ; colon (":")QUESTION = %x3F ; question mark ("?")

The syntax corresponds to the PrintableString ASN.1 type.

Origin RFC 4517Description Printable StringOID 1.3.6.1.4.1.1466.115.121.1.44

Protocol InformationAccording to X.520, Values of this syntax hold protocol information for network addresses in apresentation address.

This was referenced but not defined in the LDAP specifications. As a result, this syntax is treated likethat of Directory String.

Origin RFC 2252Description Protocol Information




SyntaxesSize in bytes


OID 1.3.6.1.4.1.1466.115.121.1.42

Size in bytesOrigin OpenDJ Directory ServerSchema File 02-config.ldifDescription Size in bytesSubstitute Syntax IntegerOID 1.3.6.1.4.1.36733.2.1.3.5

Substring AssertionValues of this syntax hold sequences of zero or more character substrings used as an argument forsubstring extensible matching of character string attribute values.

Such are the match values of matching rule assertions. They are not used in attribute values or in asubstring filter.

Each substring is a string of one or more characters from the Universal Character Set (UCS). Zero-length substrings are not permitted.

Values follow this ABNF:

SubstringAssertion = [ initial ] any [ final ]

initial = substringany = ASTERISK *(substring ASTERISK)final = substringASTERISK = %x2A ; asterisk ("*")

substring = 1*substring-charactersubstring-character = %x00-29 / (%x5C "2A") ; escaped "*" / %x2B-5B / (%x5C "5C") ; escaped "\" / %x5D-7F / UTFMB

UTFMB = UTF2 / UTF3 / UTF4UTF1 = %x00-7FUTF2 = %xC2-DF UTF0UTF3 = %xE0 %xA0-BF UTF0 / %xE1-EC 2(UTF0) / %xED %x80-9F UTF0 / %xEE-EF 2(UTF0)UTF4 = %xF0 %x90-BF 2(UTF0) / %xF1-F3 3(UTF0) / %xF4 %x80-8F 2(UTF0)

SyntaxesSubtree Specification


The syntax corresponds to the SubstringAssertion ASN.1 type defined in X.520.

Origin RFC 4517Description Substring AssertionOID 1.3.6.1.4.1.1466.115.121.1.58

Subtree Specification

Description Subtree SpecificationOID 1.3.6.1.4.1.1466.115.121.1.45

Summary metricJSON object metric that samples observations, providing a count of observations, sum total ofobserved amounts, average rate of events, and moving average rates across sliding time windows.

Summary values have the following fields:

{ "count": (number) events recorded for this metric, "total": (number) sum of the amounts of events recorded for this metric, "mean_rate": (number) average rate, "m1_rate": (number) one-minute average rate, "m5_rate": (number) five-minute average rate, "m15_rate": (number) fifteen-minute average rate}

Origin OpenDJ Directory ServerSchema File 02-config.ldifDescription Summary metricSubstitute Syntax JsonOID 1.3.6.1.4.1.36733.2.1.3.7

Sun-defined Access Control InformationValues of this syntax hold Access Control Instructions (ACI). See the directory documentation fordetails.


SyntaxesSupported Algorithm


Description Sun-defined Access Control InformationOID 1.3.6.1.4.1.26027.1.3.4

Supported AlgorithmValues of this syntax hold X.509 SupportedAlgorithms, as described in X.509, clause 11.2.7.

Request values using the binary option for the attribute description, such as supportedAlgorithms;binary.


Origin RFC 4523Description Supported AlgorithmOID 1.3.6.1.4.1.1466.115.121.1.49

Telephone NumberValues of this syntax hold telephone numbers, strings of printable characters, as in PrintableString,that comply with the internationally agreed format for representing international telephone numbers.

Examples: +1 415 555 1212, +1-415-555-1212.

The syntax corresponds to the following ASN.1 type from X.520:

PrintableString (SIZE(1..ub-telephone-number))

The integer value of ub-telephone-number depends on the implementation.

Origin RFC 4517Description Telephone NumberOID 1.3.6.1.4.1.1466.115.121.1.50

Teletex Terminal IdentifierValues of this syntax hold identifiers and, optionally, parameters of teletex terminals.

Values follow this ABNF:



SyntaxesTelex Number


teletex-id = ttx-term *(DOLLAR ttx-param)ttx-term = PrintableString ; terminal identifierttx-param = ttx-key COLON ttx-value ; parameterttx-key = "graphic" / "control" / "misc" / "page" / "private"ttx-value = *ttx-value-octetttx-value-octet = %x00-23 / (%x5C "24") ; escaped "$" / %x25-5B / (%x5C "5C") ; escaped "\" / %x5D-FF

DOLLAR = %x24 ; dollar sign ("$")PrintableString = 1*PrintableCharacterPrintableCharacter = ALPHA / DIGIT / SQUOTE / LPAREN / RPAREN / PLUS / COMMA / HYPHEN / DOT / EQUALS / SLASH / COLON / QUESTION / SPACEALPHA = %x41-5A / %x61-7A ; "A"-"Z" / "a"-"z"DIGIT = %x30 / LDIGIT ; "0"-"9"LDIGIT = %x31-39 ; "1"-"9"SPACE = %x20 ; space (" ")SQUOTE = %x27 ; single quote ("'")LPAREN = %x28 ; left paren ("(")RPAREN = %x29 ; right paren (")")PLUS = %x2B ; plus sign ("+")COMMA = %x2C ; comma (",")HYPHEN = %x2D ; hyphen ("-")DOT = %x2E ; period (".")EQUALS = %x3D ; equals sign ("=")SLASH = %x2F ; forward slash ("/")COLON = %x3A ; colon (":")QUESTION = %x3F ; question mark ("?")

The syntax corresponds to the TeletexTerminalIdentifier ASN.1 type defined in X.520.

Origin RFC 4517Description Teletex Terminal IdentifierOID 1.3.6.1.4.1.1466.115.121.1.51

Telex NumberValues of this syntax hold the telex number, country code, and answerback code of a telex terminal.



SyntaxesTimer metric


telex-number = actual-number DOLLAR country-code DOLLAR answerbackactual-number = PrintableStringcountry-code = PrintableStringanswerback = PrintableString

DOLLAR = %x24 ; dollar sign ("$")PrintableString = 1*PrintableCharacterPrintableCharacter = ALPHA / DIGIT / SQUOTE / LPAREN / RPAREN / PLUS / COMMA / HYPHEN / DOT / EQUALS / SLASH / COLON / QUESTION / SPACEALPHA = %x41-5A / %x61-7A ; "A"-"Z" / "a"-"z"DIGIT = %x30 / LDIGIT ; "0"-"9"LDIGIT = %x31-39 ; "1"-"9"SPACE = %x20 ; space (" ")SQUOTE = %x27 ; single quote ("'")LPAREN = %x28 ; left paren ("(")RPAREN = %x29 ; right paren (")")PLUS = %x2B ; plus sign ("+")COMMA = %x2C ; comma (",")HYPHEN = %x2D ; hyphen ("-")DOT = %x2E ; period (".")EQUALS = %x3D ; equals sign ("=")SLASH = %x2F ; forward slash ("/")COLON = %x3A ; colon (":")QUESTION = %x3F ; question mark ("?")

The syntax corresponds to the TelexNumber ASN.1 type, defined in X.520.

Origin RFC 4517Description Telex NumberOID 1.3.6.1.4.1.1466.115.121.1.52

Timer metricJSON object metric combining a summary with other statistics.

Timer values have the following fields:


SyntaxesUser Password


{ "count": (number) events recorded for this metric, "total": (number) sum of the durations of events recorded for this metric, "mean_rate": (number) average rate, "m1_rate": (number) one-minute average rate, "m5_rate": (number) five-minute average rate, "m15_rate": (number) fifteen-minute average rate, "mean": (number) total/count, or 0 if count is 0, "min": (number) minimum duration recorded, "max": (number) maximum duration recorded, "stddev": (number) standard deviation of recorded durations, "p50": (number) 50% at or below this value, "p75": (number) 75% at or below this value, "p95": (number) 95% at or below this value, "p98": (number) 98% at or below this value, "p99": (number) 99% at or below this value, "p999": (number) 99.9% at or below this value, "p9999": (number) 99.99% at or below this value, "p99999": (number) 99.999% at or below this value}

Origin OpenDJ Directory ServerSchema File 02-config.ldifDescription Timer metricSubstitute Syntax JsonOID 1.3.6.1.4.1.36733.2.1.3.6

User PasswordValues of this syntax hold user passwords in encoded form.

A value is formatted as {scheme}encoded-value, where the scheme is the password storage scheme, andencoded-value is the value encoded or hashed according to the storage scheme.

Cleartext passwords are octet strings.

Origin OpenDS Directory ServerDescription User PasswordOID 1.3.6.1.4.1.26027.1.3.1

UTC TimeValues of this syntax hold character strings representing a date and time to a precision of one minuteor one second.

SyntaxesUUID


This syntax is deprecated. For new attributes, use GeneralizedTime instead.


UTCTime = year month day hour minute [ second ] [ u-time-zone ]u-time-zone = %x5A ; "Z" / u-differentialu-differential = ( MINUS / PLUS ) hour minute

century = 2(%x30-39) ; "00" to "99"year = 2(%x30-39) ; "00" to "99"month = ( %x30 %x31-39 ) ; "01" (January) to "09" / ( %x31 %x30-32 ) ; "10" to "12"day = ( %x30 %x31-39 ) ; "01" to "09" / ( %x31-32 %x30-39 ) ; "10" to "29" / ( %x33 %x30-31 ) ; "30" to "31"hour = ( %x30-31 %x30-39 ) / ( %x32 %x30-33 ) ; "00" to "23"minute = %x30-35 %x30-39 ; "00" to "59"

second = ( %x30-35 %x30-39 ) ; "00" to "59"leap-second = ( %x36 %x30 ) ; "60"

fraction = ( DOT / COMMA ) 1*(%x30-39)MINUS = %x2D ; minus sign ("-")PLUS = %x2B ; plus sign ("+")

Where the ABNF allows invalid times, such as Feb. 31, 2017, the values are considered invalid.

When the "Z" form of the time zone is used, the time value represents universal coordinated time.Otherwise, it represents a local time in the time zone indicated by the u-differential.

The syntax corresponds to the UTCTime ASN.1 type.

Origin RFC 4517Description UTC TimeOID 1.3.6.1.4.1.1466.115.121.1.53

UUIDValues of this syntax hold 16-octet (128-bit) strings, constrained to the namespace specified in RFC4122, that identify an object. Values are encoded using the ASCII representation.

Example: 597ae2f6-16a6-1027-98f4-d28b5365dc14.

Origin RFC 4530Description UUIDOID 1.3.6.1.1.16.1





SyntaxesX.509 Certificate Exact Assertion


X.509 Certificate Exact AssertionValues of this syntax hold an X.509 CertificateExactAssertion as described in X.509, clause 11.3.1.

Values are encoded using Generic String Encoding Rules, specified in RFC 3641. The syntax followsthis ABNF:

CertificateExactAssertion = "{" sp cea-serialNumber "," sp cea-issuer sp "}"

cea-serialNumber = id-serialNumber msp CertificateSerialNumbercea-issuer = id-issuer msp Name

id-serialNumber = %x73.65.72.69.61.6C.4E.75.6D.62.65.72 ; 'serialNumber'id-issuer = %x69.73.73.75.65.72 ; 'issuer'

Name = id-rdnSequence ":" RDNSequenceid-rdnSequence = %x72.64.6E.53.65.71.75.65.6E.63.65 ; 'rdnSequence'

CertificateSerialNumber = INTEGER

Origin RFC 4523Description X.509 Certificate Exact AssertionOID 1.3.6.1.1.15.1



Documents

backstage.forgerock.com · Copyright © 2020 ForgeRock AS. Abstract Human-readable, hyperlinked view of the default directory schema. This work is licensed under the Creative Commons