| Attribute |
Sup/Type |
Description |
| objectClass |
objectIdentifier |
The values of the objectClass attribute describe the kind of objectwhich
an entry represents. The objectClass attribute is present in every entry,
with at least two values. One of the values is either "top" or
"alias". |
| aliasedObjectName |
distinguishedName |
The aliasedObjectName attribute is used by the directory service if the
entry containing this attribute is an alias. |
| knowledgeInformation |
caseIgnore |
This attribute is no longer used. |
| cn, commonName |
name |
This is the X.500 commonName attribute, which contains a name of an object.
If the object corresponds to a person, it is typically the person's full
name. |
| sn, surname |
name |
This is the X.500 surname attribute, which contains the family name of
a person. |
| serialNumber |
caseIgnore |
This attribute contains the serial number of a device. |
| c, countryName |
name |
This attribute contains a two-letter ISO 3166 country code. |
l, localityName
|
name |
This attribute contains the name of a locality, such as a city, county
or other geographic region. |
| st, stateOrProvinceName |
name |
This attribute contains the full name of a state or province. |
| street, streetAddress |
caseIgnore |
This attribute contains the physical address of the object to which the
entry corresponds, such as an address for package delivery. |
| o, organizationName |
name |
This attribute contains the name of an organization. |
| ou, organizationalUnitName |
name |
This attribute contains the name of an organizational unit. |
title
|
name |
This attribute contains the title, such as "Vice President",
of a person in their organizational context. The "personalTitle"
attribute would be used for a person's title independent of their job function. |
| description |
caseIgnore |
This attribute contains a human-readable description of the object. |
| searchGuide |
? |
This attribute is for use by X.500 clients in constructing search filters.
It is obsoleted by enhancedSearchGuide. |
| businessCategory |
caseIgnore |
This attribute describes the kind of business performed by an organization. |
| postalAddress |
caseIgnoreList |
|
| postalCode |
caseIgnore |
|
| postOfficeBox |
caseIgnore |
|
| physicalDeliveryOfficeName |
caseIgnore |
|
| telephoneNumber |
telephoneNumber |
|
| telexNumber |
? |
|
| teletexTerminalIdentifier |
? |
|
| facsimileTelephoneNumber |
? |
|
| x121Address |
numericString |
|
| internationaliSDNNumber |
numericString |
|
| registeredAddress |
postalAddress |
This attribute holds a postal address suitable for reception of telegrams
or expedited documents, where it is necessary to have the recipient accept
delivery. |
| destinationIndicator |
caseIgnore |
This attribute is used for the telegram service. |
| preferredDeliveryMethod |
? |
|
| presentationAddress |
presentationAddress |
This attribute contains an OSI presentation address. |
| supportedApplicationContext |
objectIdentifier |
This attribute contains the identifiers of OSI application contexts. |
| member |
distinguishedName |
|
| owner |
distinguishedName |
|
| roleOccupant |
distinguishedName |
|
| seeAlso |
distinguishedName |
|
| userPassword |
octetString |
Passwords are stored using an Octet String syntax and are not encrypted.
Transfer of cleartext passwords are strongly discouraged where the underlying
transport service cannot guarantee confidentiality and may result in disclosure
of the password to unauthorized parties. |
| userCertificate |
? |
This attribute is to be stored and requested in the binary form, as 'userCertificate;binary'.
|
| cACertificate |
? |
This attribute is to be stored and requested in the binary form, as 'cACertificate;binary'. |
| authorityRevocationList |
? |
This attribute is to be stored and requested in the binary form, as 'authorityRevocationList;binary'. |
| certificateRevocationList |
? |
This attribute is to be stored and requested in the binary form, as 'certificateRevocationList;binary'. |
| crossCertificatePair |
? |
This attribute is to be stored and requested in the binary form, as 'crossCertificatePair;binary'. |
| name |
caseIgnoreMatch |
The name attribute type is the attribute supertype from which string attribute
types typically used for naming may be formed. It is unlikely that values
of this type itself will occur in an entry. LDAP server implementations
which do not support attribute subtyping need not recognize this attribute
in requests. Client implementations MUST NOT assume that LDAP servers are
capable of performing attribute subtyping. |
| givenName |
name |
The givenName attribute is used to hold the part of a person's name which
is not their surname nor middle name. |
| initials |
name |
The initials attribute contains the initials of some or all of an individuals
names, but not the surname(s). |
| generationQualifier |
name |
The generationQualifier attribute contains the part of the name which
typically is the suffix, as in "IIIrd". |
| x500UniqueIdentifier |
bitString |
The x500UniqueIdentifier attribute is used to distinguish between objects
when a distinguished name has been reused. This is a different attribute
type from both the "uid" and "uniqueIdentifier" types. |
| dnQualifier |
caseIgnore |
The dnQualifier attribute type specifies disambiguating information to
add to the relative distinguished name of an entry. It is intended for use
when merging data from multiple sources in order to prevent conflicts between
entries which would otherwise have the same name. It is recommended that
the value of the dnQualifier attribute be the same for all entries from
a particular source. |
| enhancedSearchGuide |
? |
This attribute is for use by X.500 clients in constructing search filters. |
| protocolInformation |
protocolInformation |
This attribute is used in conjunction with the presentationAddress attribute,
to provide additional information to the OSI network service. |
| distinguishedName |
distinguishedName |
This attribute type is not used as the name of the object itself, but
it is instead a base type from which attributes with DN syntax inherit.
It is unlikely that values of this type itself will occur in an entry.
LDAP server implementations which do not support attribute subtyping need
not recognize this attribute in requests. Client implementations MUST
NOT assume that LDAP servers are capable ofperforming attribute subtyping.
|
| uniqueMember |
uniqueMember |
|
| houseIdentifier |
caseIgnore |
This attribute is used to identify a building within a location. |
| supportedAlgorithms |
? |
This attribute is to be stored and requested in the binary form, as 'supportedAlgorithms;binary'. |
| deltaRevocationList |
? |
This attribute is to be stored and requested in the binary form, as 'deltaRevocationList;binary'. |
| dmdName |
? |
The value of this attribute specifies a directory management domain (DMD),
the administrative authority which operates the directory server. |
| dc, domainComponent |
caseIgnoreIA5String |
The Domain Component attribute type specifies a DNS/NRS domain. For example,
"uk" or "ac". RFC 1274 + RFC 2247 |
| mail, rfc822Mailbox |
caseIgnoreIA5String |
The RFC822 Mailbox attribute type specifies an electronic mailbox attribute
following the syntax specified in RFC 822. Note that this attribute should
not be used for greybook or other non-Internet order mailboxes. RFC 1274 |
| uid, userid |
caseIgnoreString |
The Userid attribute type specifies a computer system login name. RFC
1274 |
| labeledURI |
caseExactIA5 |
RFC2079: Uniform Resource Identifier with optional label |
| textEncodedORAddress |
caseIgnoreString |
The Text Encoded O/R Address attribute type specifies a text encoding
of an X.400 O/R address, as specified in RFC 987. The use of this attribute
is deprecated as the attribute is intended for interim use only. This attribute
will be the first candidate for the attribute expiry mechanisms!
|
| info |
caseIgnoreString |
The Information attribute type specifies any general information pertinent
to an object. It is recommended that specific usage of this attribute type
is avoided, and that specific requirements are met by other (possibly additional)
attribute types. |
| favouriteDrink |
caseIgnoreString |
The Favourite Drink attribute type specifies the favourite drink of an
object (or person). |
| roomNumber |
caseIgnoreString |
The Room Number attribute type specifies the room number of an object.
Note that the commonName attribute should be used for naming room objects. |
| photo |
g3-facsimile |
The Photo attribute type specifies a "photograph" for an object.
This should be encoded in G3 fax as explained in recommendation T.4, with
an ASN.1 wrapper to make it compatible with an X.400 BodyPart as defined
in X.420.
|
| userClass |
caseIgnoreString |
The User Class attribute type specifies a category of computer user. The
semantics placed on this attribute are for local interpretation. Examples
of current usage od this attribute in academia are undergraduate student,
researcher, lecturer, etc. Note that the organizationalStatus attribute
may now often be preferred as it makes no distinction between computer users
and others. |
| host |
caseIgnoreString |
The Host attribute type specifies a host computer. |
| manager |
distinguishedName |
The Manager attribute type specifies the manager of an object represented
by an entry. |
| documentIdentifier |
caseIgnoreString |
The Document Identifier attribute type specifies a unique identifier for
a document. |
| documentTitle |
caseIgnoreString |
The Document Title attribute type specifies the title of a document. |
| documentVersion |
caseIgnoreString |
The Document Version attribute type specifies the version number of a
document. |
| documentAuthor |
distinguishedName |
The Document Author attribute type specifies the distinguished name of
the author of a document. |
| documentLocation |
caseIgnoreString |
The Document Location attribute type specifies the location of the document
original. |
| homeTelephoneNumber |
telephoneNumberSyntax |
The Home Telephone Number attribute type specifies a home telephone number
associated with a person. Attribute values should follow the agreed format
for international telephone numbers: i.e., "+44 71 123 4567". |
| secretary |
distinguishedName |
The Secretary attribute type specifies the secretary of a person. The attribute
value for Secretary is a distinguished name. |
| otherMailbox |
SEQUENCE {
mailboxType PrintableString, -- e.g. Telemail
mailbox IA5String -- e.g. X378:Joe
}
|
The Other Mailbox attribute type specifies values for electronic mailbox
types other than X.400 and rfc822 |
| lastModifiedTime |
uTCTime |
The Last Modified Time attribute type specifies the last time, in UTC
time, that an entry was modified. Ideally, this attribute should be maintained
by the Directory System Agent (DSA). |
| lastModifiedBy |
distinguishedName |
The Last Modified By attribute specifies the distinguished name of the last
user to modify the associated entry. Ideally, this attribute should be maintained
by the Directory System Agent (DSA). |
| aRecord |
DNSRecord |
The A Record attribute type specifies a type A (Address) DNS resource
record. |
| mXRecord |
DNSRecord |
The MX Record attribute type specifies a type MX (Mail Exchange) DNS resource
record. |
| nSRecord |
DNSRecord |
The NS Record attribute type specifies an NS (Name Server) DNS resource
record. |
| sOARecord |
DNSRecord |
The SOA Record attribute type specifies a type SOA (Start of Authority)
DNS resorce record. |
| cNAMERecord |
iA5String |
The CNAME Record attribute type specifies a type CNAME (Canonical Name)
DNS resource record. |
associatedDomain |
caseIgnoreIA5String |
The Associated Domain attribute type specifies a DNS or NRS domain which
is associated with an object in the Directory Information Tree (DIT). For example, the entry in the Directory Information Tree (DIT)
with a distinguished name "C=GB, O=University College London"
would have an associated domain of "UCL.AC.UK. Note that all domains
should be represented in rfc822 order. |
| associatedName |
distinguishedName |
The Associated Name attribute type specifies an entry in the organisational
Directory Information Tree (DIT) associated with a DNS/NRS domain. |
| homePostalAddress |
postalAddress |
The Home postal address attribute type specifies a home postal address
for an object. This should be limited to up to 6 lines of 30 characters
each. |
| personalTitle |
caseIgnoreString |
The Personal Title attribute type specifies a personal title for a person.
Examples of personal titles are "Ms", "Dr", "Prof"
and "Rev". |
| mobileTelephoneNumber |
telephoneNumber |
The Mobile Telephone Number attribute type specifies a mobile telephone
number associated with a person. Attribute values should follow the agreed
format for international telephone numbers: i.e., "+44 71 123 4567". |
| pagerTelephoneNumber |
telephoneNumber |
The Pager Telephone Number attribute type specifies a pager telephone
number for an object. Attribute values should follow the agreed format for
international telephone numbers: i.e., "+44 71 123 4567". |
| friendlyCountryName |
caseIgnoreString |
The Friendly Country Name attribute type specifies names of countries
in human readable format. The standard attribute country name must be one
of the two-letter codes defined in ISO 3166. |
| uniqueIdentifier |
caseIgnoreString |
The Unique Identifier attribute type specifies a "unique identifier"
for an object represented in the Directory. The domain within which the
identifier is unique, and the exact semantics of the identifier, are for
local definition. For a person, this might be an institution-wide payroll
number. For an organisational unit, it might be a department code. |
| organizationalStatus |
caseIgnoreString |
The Organisational Status attribute type specifies a category by which
a person is often referred to in an organisation. Examples of usage in academia
might include undergraduate student, researcher, lecturer, etc. |
| janetMailbox |
caseIgnoreIA5String |
The Janet Mailbox attribute type specifies an electronic mailbox attribute
following the syntax specified in the Grey Book of the Coloured Book series.
This attribute is intended for the convenience of U.K users unfamiliar with
rfc822 and little-endian mail addresses. Entries using this attribute MUST
also include an rfc822Mailbox attribute. |
| mailPreferenceOption |
'no-list-inclusion', 'any-list-inclusion', 'professional-list-inclusion' |
An attribute to allow users to indicate a preference for inclusion of
their names on mailing lists (electronic or physical). The absence of such
an attribute should be interpreted as if the attribute was present with
value "no-list-inclusion". This attribute should be interpreted
by anyone using the directory to derive mailing lists, and its value respected. |
| buildingName |
caseIgnoreString |
The Building Name attribute type specifies the name of the building where
an organisation or organisational unit is based. |
| dSAQuality |
DSAQuality |
The DSA Quality attribute type specifies the purported quality of a Directory System Agent (DSA).
It allows a DSA manager to indicate the expected level of availability of
the DSA. |
| singleLevelQuality |
DataQuality |
The Single Level Quality attribute type specifies the purported data quality
at the level immediately below in the Directory Information Tree (DIT). |
| subtreeMinimumQuality |
DataQuality |
The Subtree Minimum Quality attribute type specifies the purported minimum
data quality for a Directory Information Tree (DIT) subtree. |
| subtreeMaximumQuality |
DataQuality |
The Subtree Maximum Quality attribute type specifies the purported maximum
data quality for a Directory Information Tree (DIT) subtree. |
| personalSignature |
g3-facsimile |
The Personal Signature attribute type allows for a representation of a
person's signature. This should be encoded in G3 fax as explained in recommendation
T.4, with an ASN.1 wrapper to make it compatible with an X.400 BodyPart
as defined in X.420. |
| dITRedirect |
distinguishedName |
The Directory Information Tree (DIT) Redirect attribute type is used to indicate that the object described
by one entry now has a newer entry in the Directory Information Tree (DIT). The entry containing the
redirection attribute should be expired after a suitable grace period. This
attribute may be used when an individual changes his/her place of work,
and thus acquires a new organisational DN. |
| audio |
audio |
The Audio attribute type allows the storing of sounds in the Directory.
The attribute uses a u-law encoded sound file as used by the "play"
utility on a Sun 4. This is an interim format. |
| documentPublisher |
caseIgnoreString |
The Publisher of Document attribute is the person and/or organization
that published a document. |
| carLicense |
caseIgnore |
This multivalued field is used to record the values of the license or
registration plate associated with an individual. |
| departmentNumber |
caseIgnore |
Code for department to which a person belongs. This can also be strictly
numeric (e.g., 1234) or alphanumeric (e.g., ABC/123). |
| displayName |
caseIgnore |
When displaying an entry, especially within a one-line summary list, it
is useful to be able to identify a name to be used. Since other attribute
types such as 'cn' are multivalued, an additional attribute type is needed. Display name is defined for this purpose. |
| employeeNumber |
caseIgnore |
Numeric or alphanumeric identifier assigned to a person, typically based
on order of hire or association with an organization. Single valued. |
| employeeType |
caseIgnore |
Used to identify the employer to employee relationship. Typical values
used will be "Contractor", "Employee", "Intern",
"Temp", "External", and "Unknown" but any
value may be used. |
| jpegPhoto |
|
Used to store one or more images of a person using the JPEG File Interchange
Format [JFIF]. |
| preferredLanguage |
caseIgnore |
Used to indicate an individual's preferred written or spoken language.
This is useful for international correspondence or human-computer interaction.
Values for this attribute type MUST conform to the definition of the Accept-Language header field defined in [RFC2068]
with one exception: the sequence "Accept-Language" ":"
should be omitted. This is a single valued attribute type. |
| userSMIMECertificate |
|
A PKCS#7 [RFC2315] SignedData, where the content that is signed is ignored
by consumers of userSMIMECertificate values. It is recommended that values
have a `contentType' of data with an absent `content' field. Values of this attribute contain a person's entire certificate
chain and an smimeCapabilities field [RFC2633] that at a minimum describes
their SMIME algorithm capabilities. Values for this attribute are to be
stored and requested in binary form, as 'userSMIMECertificate;binary'. If
available, this attribute is preferred over the userCertificate attribute
for S/MIME applications. |
| userPKCS12 |
|
PKCS #12 provides a format for exchange of personal identity information.
When such information is stored in a directory service, the userPKCS12 attribute
should be used. This attribute is to be stored and requested in binary form,
as 'userPKCS12;binary'. The attribute values are PFX PDUs stored as binary
data. |