stta/stta/perl-ldap-0.26/blib/man3/Net::LDAP::RFC.3pm

.\" Automatically generated by Pod::Man version 1.15
.\" Fri Oct  4 06:36:44 2002
.\"
.\" Standard preamble:
.\" ======================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R

.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  | will give a
.\" real vertical bar.  \*(C+ will give a nicer C++.  Capital omega is used
.\" to do unbreakable dashes and therefore won't be available.  \*(C` and
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
.\" index entries marked with X<> in POD.  Of course, you'll have to process
.\" the output yourself in some meaningful fashion.
.if \nF \{\
.    de IX
.    tm Index:\\$1\t\\n%\t"\\$2"
..
.    nr % 0
.    rr F
.\}
.\"
.\" For nroff, turn off justification.  Always turn off hyphenation; it
.\" makes way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.bd B 3
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ======================================================================
.\"
.IX Title "RFC 1"
.TH RFC 1 "perl v5.6.1" "2001-10-24" "User Contributed Perl Documentation"
.UC
.SH "NAME"
Net::LDAP::RFC \- List of related \s-1RFC\s0's
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\&  none
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1LDAP\s0 protocol is defined in the following \s-1RFC\s0's
.SH "Core LDAP Specification"
.IX Header "Core LDAP Specification"
.Sh "\s-1RFC-2251\s0 Lightweight Directory Access Protocol (v3)"
.IX Subsection "RFC-2251 Lightweight Directory Access Protocol (v3)"
http://www.ietf.org/rfc/rfc2251.txt
.PP
The protocol described in this document is designed to provide
access to directories supporting the X.500 models, while not
incurring the resource requirements of the X.500 Directory
Access Protocol (\s-1DAP\s0). This protocol is specifically targeted
at management applications and browser applications that
provide read/write interactive access to directories. When used
with a directory supporting the X.500 protocols, it is intended
to be a complement to the X.500 \s-1DAP\s0.
.Sh "\s-1RFC-2252\s0 LDAPv3 Attribute Syntax Definitions"
.IX Subsection "RFC-2252 LDAPv3 Attribute Syntax Definitions"
http://www.ietf.org/rfc/rfc2252.txt
.PP
The \s-1LDAP\s0 requires that the contents of AttributeValue fields in
protocol elements be octet strings. This document defines a set
of syntaxes for LDAPv3, and the rules by which attribute values
of these syntaxes are represented as octet strings for
transmission in the \s-1LDAP\s0 protocol. The syntaxes defined in this
document are referenced by this and other documents that define
attribute types. This document also defines the set of
attribute types which \s-1LDAP\s0 servers should support.
.Sh "\s-1RFC-2253\s0 \s-1UTF-8\s0 String Representation of Distinguished Names"
.IX Subsection "RFC-2253 UTF-8 String Representation of Distinguished Names"
http://www.ietf.org/rfc/rfc2253.txt
.PP
The X.500 Directory uses distinguished names as the primary
keys to entries in the directory. Distinguished Names are
encoded in \s-1ASN\s0.1 in the X.500 Directory protocols. In the \s-1LDAP\s0,
a string representation of distinguished names is transferred.
This specification defines the string format for representing
names, which is designed to give a clean representation of
commonly used distinguished names, while being able to
represent any distinguished name.
.Sh "\s-1RFC-2254\s0 The String Representation of \s-1LDAP\s0 Search Filters"
.IX Subsection "RFC-2254 The String Representation of LDAP Search Filters"
http://www.ietf.org/rfc/rfc2254.txt
.PP
The \s-1LDAP\s0 defines a network representation of a search filter
transmitted to an \s-1LDAP\s0 server. Some applications may find it
useful to have a common way of representing these search
filters in a human-readable form. This document defines a
human-readable string format for representing \s-1LDAP\s0 search
filters. This document replaces \s-1RFC\s0 1960, extending the string
\&\s-1LDAP\s0 filter definition to include support for LDAPv3 extended
match filters.
.Sh "\s-1RFC-2255\s0 The \s-1LDAP\s0 \s-1URL\s0 Format"
.IX Subsection "RFC-2255 The LDAP URL Format"
http://www.ietf.org/rfc/rfc2255.txt
.PP
This document describes a format for an \s-1LDAP\s0 Uniform Resource
Locator, and describes an \s-1LDAP\s0 search operation performed to
retrieve information from an \s-1LDAP\s0 directory. It updates the
\&\s-1LDAP\s0 \s-1URL\s0 format for LDAPv3. This document also defines a second
\&\s-1URL\s0 scheme prefix for \s-1LDAP\s0 running over the \s-1TLS\s0 protocol.
.Sh "\s-1RFC-2256\s0 A Summary of the X.500(96) User Schema for use with LDAPv3"
.IX Subsection "RFC-2256 A Summary of the X.500(96) User Schema for use with LDAPv3"
http://www.ietf.org/rfc/rfc2256.txt
.PP
This document provides an overview of the attribute types and
object classes defined by the \s-1ISO\s0 and \s-1ITU-T\s0 committees in the
X.500 documents, in particular those intended for use by
directory clients. This is the most widely used schema for
\&\s-1LDAP/X\s0.500 directories, and many other schema definitions for
white pages objects use it as a basis. This document does not
cover attributes used for the administration of X.500 directory
servers, nor does it include attributes defined by other
\&\s-1ISO/ITU-T\s0 documents.
.SH "Other LDAP Related RFCs"
.IX Header "Other LDAP Related RFCs"
.Sh "\s-1RFC-1823\s0 The \s-1LDAP\s0 Application Program Interface"
.IX Subsection "RFC-1823 The LDAP Application Program Interface"
http://www.ietf.org/rfc/rfc1823.txt
.PP
This document defines a C language application program
interface to \s-1LDAP\s0, which is designed to be powerful, yet simple
to use. It defines compatible synchronous and asynchronous
interfaces to \s-1LDAP\s0 to suit a wide variety of applications. This
document gives a brief overview of the \s-1LDAP\s0 model, then an
overview of how the \s-1API\s0 is used by an application program to
obtain \s-1LDAP\s0 information. The \s-1API\s0 calls are described in detail,
followed by an appendix that provides some example code
demonstrating the use of the \s-1API\s0.
.Sh "\s-1RFC-2079\s0 Definition of an X.500 Attribute Type and an Object Class to Hold Uniform Resource Identifiers"
.IX Subsection "RFC-2079 Definition of an X.500 Attribute Type and an Object Class to Hold Uniform Resource Identifiers"
http://www.ietf.org/rfc/rfc2079.txt
.PP
URLs are being widely used to specify the location of Internet
resources. There is an urgent need to be able to include URLs
in directories that conform to the \s-1LDAP\s0 and X.500 information
models, and a desire to include other types of URIs as they are
defined. A number of independent groups are already
experimenting with the inclusion of URLs in \s-1LDAP\s0 and X.500
directories. This document builds on the experimentation to
date and defines a new attribute type and an auxiliary object
class to allow URIs, including URLs, to be stored in directory
entries in a standard way.
.Sh "\s-1RFC-2164\s0 Use of an X.500/LDAP directory to support \s-1MIXER\s0 address mapping"
.IX Subsection "RFC-2164 Use of an X.500/LDAP directory to support MIXER address mapping"
http://www.ietf.org/rfc/rfc2164.txt
.PP
\&\s-1MIXER\s0 (\s-1RFC\s0 2156) defines an algorithm for use of a set of
global mapping between X.400 and \s-1RFC\s0 822 addresses. This
specification defines how to represent and maintain these
mappings (\s-1MIXER\s0 Conformant Global Address Mappings of MCGAMs)
in an X.500 or \s-1LDAP\s0 directory. Mechanisms for representing \s-1OR\s0
Address and Domain hierarchies within the \s-1DIT\s0. These techniques
are used to define two independent subtrees in the \s-1DIT\s0, which
contain the mapping information.
.Sh "\s-1RFC-2218\s0 A Common Schema for the Internet White Pages Service"
.IX Subsection "RFC-2218 A Common Schema for the Internet White Pages Service"
http://www.ietf.org/rfc/rfc2218.txt
.PP
This \s-1IETF\s0 Integrated Directory Services(\s-1IDS\s0) Working Group
proposes a standard specification for a simple Internet White
Pages service by defining a common schema for use by the
various White Pages servers. This schema is independent of
specific implementations of the White Pages service. This
document specifies the minimum set of core attributes of a
White Pages entry for an individual and describes how new
objects with those attributes can be defined and published. It
does not describe how to represent other objects in the White
Pages service. Further, it does not address the search sort
expectations within a particular service.
.Sh "\s-1RFC-2222\s0 Simple Authentication and Security Layer (\s-1SASL\s0)"
.IX Subsection "RFC-2222 Simple Authentication and Security Layer (SASL)"
http://www.ietf.org/rfc/rfc2222.txt
.PP
This document describes a method for adding authentication
support to connection-based protocols. To use this
specification, a protocol includes a command for identifying
and authenticating a user to a server and for optionally
negotiating protection of subsequent protocol interactions. If
its use is negotiated, a security layer is inserted between the
protocol and the connection. This document describes how a
protocol specifies such a command, defines several mechanisms
for use by the command, and defines the protocol used for
carrying a negotiated security layer over the connection.
.Sh "\s-1RFC-2247\s0 Using Domains in \s-1LDAP/X\s0.500 Distinguished Names"
.IX Subsection "RFC-2247 Using Domains in LDAP/X.500 Distinguished Names"
http://www.ietf.org/rfc/rfc2247.txt
.PP
\&\s-1LDAP\s0 uses X.500\-compatible distinguished names for providing
unique identification of entries. This document defines an
algorithm by which a name registered with the Internet Domain
Name Service can be represented as an \s-1LDAP\s0 distinguished name.
.Sh "\s-1RFC-2307\s0 An Approach for Using \s-1LDAP\s0 as a Network Information Service"
.IX Subsection "RFC-2307 An Approach for Using LDAP as a Network Information Service"
http://www.ietf.org/rfc/rfc2307.txt
.PP
This document describes an experimental mechanism for mapping
entities related to \s-1TCP/IP\s0 and the \s-1UNIX\s0 system into X.500
entries so that they may be resolved with the \s-1LDAP\s0. A set of
attribute types and object classes are proposed, along with
specific guidelines for interpreting them. The intention is to
assist the deployment of \s-1LDAP\s0 as an organizational nameservice.
No proposed solutions are intended as standards for the
Internet. Rather, it is hoped that a general consensus will
emerge as to the appropriate solution to such problems, leading
eventually to the adoption of standards. The proposed mechanism
has already been implemented with some success.
.Sh "\s-1RFC-2559\s0 Internet X.509 Public Key Infrastructure Operational Protocols \- LDAPv2"
.IX Subsection "RFC-2559 Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2"
http://www.ietf.org/rfc/rfc2559.txt
.PP
The protocol described in this document is designed to satisfy
some of the operational requirements within the Internet X.509
\&\s-1PKI\s0. Specifically, this document addresses requirements to
provide access to \s-1PKI\s0 repositories for the purposes of
retrieving \s-1PKI\s0 information and managing that same information.
The mechanism described in this document is based on the
LDAPv2, defined in \s-1RFC\s0 1777, defining a profile of that
protocol for use within the \s-1PKIX\s0 and updates encodings for
certificates and revocation lists from \s-1RFC\s0 1778. Additional
mechanisms addressing \s-1PKIX\s0 operational requirements are
specified in separate documents.
.Sh "\s-1RFC-2587\s0 Internet X.509 Public Key Infrastructure LDAPv2 Schema"
.IX Subsection "RFC-2587 Internet X.509 Public Key Infrastructure LDAPv2 Schema"
http://www.ietf.org/rfc/rfc2587.txt
.PP
The schema defined in this document is a minimal schema to
support \s-1PKIX\s0 in an LDAPv2 environment, as defined in \s-1RFC\s0 2559.
Only PKIX-specific components are specified here. \s-1LDAP\s0 servers,
acting as \s-1PKIX\s0 repositories should support the auxiliary object
classes defined in this specification and integrate this schema
specification with the generic and other application-specific
schemas as appropriate, depending on the services to be
supplied by that server.
.Sh "\s-1RFC-2589\s0 Extensions for Dynamic Directory Services"
.IX Subsection "RFC-2589 Extensions for Dynamic Directory Services"
http://www.ietf.org/rfc/rfc2589.txt
.PP
\&\s-1LDAP\s0 supports lightweight access to static directory services,
allowing relatively fast search and update access. Static
directory services store information about people that persists
in its accuracy and value over a long period of time. Dynamic
directory services are different in that they store information
about people that only persists in its accuracy and value while
people are online. Though the protocol operations and
attributes used by dynamic directory services are similar to
the ones used for static directory services, clients that are
bound to a dynamic directory service need to periodically
refresh their presence at the server to keep directory entries
from getting stale in the presence of client application
crashes. A flow control mechanism from the server is also
described that allows a server to inform clients how often they
should refresh their presence.
.Sh "\s-1RFC-2596\s0 Use of Language Codes in \s-1LDAP\s0"
.IX Subsection "RFC-2596 Use of Language Codes in LDAP"
http://www.ietf.org/rfc/rfc2596.txt
.PP
\&\s-1LDAP\s0 provides a means for clients to interrogate and modify
information stored in a distributed directory system. The
information in the directory is maintained as attributes of
entries. Most of these attributes have syntaxes which are
human-readable strings, and it is desirable to be able to
indicate the natural language associated with attribute values.
This document describes how language codes are carried in \s-1LDAP\s0
and are to be interpreted by \s-1LDAP\s0 servers. All implementations
\&\s-1MUST\s0 be prepared to accept language codes in the \s-1LDAP\s0
protocols. Servers may or may not be capable of storing
attributes with language codes in the directory.
.Sh "\s-1RFC-2649\s0 Signed Directory Operations Using S/MIME"
.IX Subsection "RFC-2649 Signed Directory Operations Using S/MIME"
http://www.ietf.org/rfc/rfc2649.txt
.PP
This document defines an LDAPv3 based mechanism for signing
directory operations in order to create a secure journal of
changes that have been made to each directory entry. Both
client and server based signatures are supported. An object
class for subsequent retrieval are 'journal entries' is also
defined. This document specifies LDAPv3 controls that enable
this functionality. It also defines an LDAPv3 schema that
allows for subsequent browsing of the journal information.
.Sh "\s-1RFC-2657\s0 LDAPv2 Client vs. the Index Mesh"
.IX Subsection "RFC-2657 LDAPv2 Client vs. the Index Mesh"
http://www.ietf.org/rfc/rfc2657.txt
.PP
LDAPv2 clients as implemented according to \s-1RFC\s0 1777 have no
notion of referral. The integration between such a client and
an Index Mesh, as defined by the Common Indexing Protocol,
heavily depends on referrals and therefore needs to be handled
in a special way. This document defines one possible way of
doing this.
.Sh "\s-1RFC-2696\s0 \s-1LDAP\s0 Control Extension for Simple Paged Results Manipulation"
.IX Subsection "RFC-2696 LDAP Control Extension for Simple Paged Results Manipulation"
http://www.ietf.org/rfc/rfc2696.txt
.PP
This document describes an LDAPv3 control extension for simple
paging of search results. This control extension allows a
client to control the rate at which an \s-1LDAP\s0 server returns the
results of an \s-1LDAP\s0 search operation. This control may be useful
when the \s-1LDAP\s0 client has limited resources and may not be able
to process the entire result set from a given \s-1LDAP\s0 query, or
when the \s-1LDAP\s0 client is connected over a low-bandwidth
connection. Other operations on the result set are not defined
in this extension. This extension is not designed to provide
more sophisticated result set management.
.Sh "\s-1RFC-2713\s0 Schema for Representing Java Objects in an \s-1LDAP\s0 Directory"
.IX Subsection "RFC-2713 Schema for Representing Java Objects in an LDAP Directory"
http://www.ietf.org/rfc/rfc2713.txt
.PP
This document defines the schema for representing Java objects
in an \s-1LDAP\s0 directory. It defines schema elements to represent a
Java serialized object, a Java marshalled object, a Java remote
object, and a \s-1JNDI\s0 reference.
.Sh "\s-1RFC-2714\s0 Schema for Representing \s-1CORBA\s0 Objects in an \s-1LDAP\s0 Directory"
.IX Subsection "RFC-2714 Schema for Representing CORBA Objects in an LDAP Directory"
http://www.ietf.org/rfc/rfc2714.txt
.PP
\&\s-1CORBA\s0 is the Common Object Request Broker Architecture defined
by the Object Management Group. This document defines the
schema for representing \s-1CORBA\s0 object references in an \s-1LDAP\s0
directory.
.Sh "\s-1RFC-2739\s0 Calendar Attributes for vCard and \s-1LDAP\s0"
.IX Subsection "RFC-2739 Calendar Attributes for vCard and LDAP"
http://www.ietf.org/rfc/rfc2739.txt
.PP
When scheduling a calendar entity, such as an event, it is a
prerequisite that an organizer has the calendar address of each
attendee that will be invited to the event. Additionally,
access to an attendee's current \*(L"busy time\*(R" provides an a
priori indication of whether the attendee will be free to
participate in the event. In order to meet these challenges, a
calendar user agent (\s-1CUA\s0) needs a mechanism to locate
individual user's calendar and free/busy time. This memo
defines three mechanisms for obtaining a \s-1URI\s0 to a user's
calendar and free/busy time. These include:
.Sh "\s-1RFC-2798\s0 Definition of the inetOrgPerson Object Class"
.IX Subsection "RFC-2798 Definition of the inetOrgPerson Object Class"
http://www.ietf.org/rfc/rfc2798.txt
.PP
While the X.500 standards define many useful attribute types
[X520] and object classes [X521], they do not define a person
object class that meets the requirements found in today's
Internet and Intranet directory service deployments. We define
a new object class called inetOrgPerson for use in \s-1LDAP\s0 and
X.500 directory services that extends the X.521 standard
organizationalPerson class to meet these needs.
.Sh "\s-1RFC-2820\s0 Access Control Requirements for \s-1LDAP\s0"
.IX Subsection "RFC-2820 Access Control Requirements for LDAP"
http://www.ietf.org/rfc/rfc2820.txt
.PP
This document describes the fundamental requirements of an
access control list (\s-1ACL\s0) model for the \s-1LDAP\s0 directory service.
It is intended to be a gathering place for access control
requirements needed to provide authorized access to and
interoperability between directories.
.Sh "\s-1RFC-2829\s0 Authentication Methods for \s-1LDAP\s0"
.IX Subsection "RFC-2829 Authentication Methods for LDAP"
http://www.ietf.org/rfc/rfc2829.txt
.PP
This document specifies particular combinations of \s-1SASL\s0
mechanisms and extensions which are required and recommended in
\&\s-1LDAP\s0 implementations.
.Sh "\s-1RFC-2831\s0 Using Digest Authentication as a \s-1SASL\s0 Mechanism"
.IX Subsection "RFC-2831 Using Digest Authentication as a SASL Mechanism"
http://www.ietf.org/rfc/rfc2831.txt
.PP
This specification defines how \s-1HTTP\s0 Digest Authentication can
be used as a \s-1SASL\s0 [\s-1RFC\s0 2222] mechanism for any protocol that
has a \s-1SASL\s0 profile. It is intended both as an improvement over
\&\s-1CRAM-MD5\s0 [\s-1RFC\s0 2195] and as a convenient way to support a single
authentication mechanism for web, mail, \s-1LDAP\s0, and other
protocols.
.Sh "\s-1RFC-2891\s0 \s-1LDAP\s0 Control Extension for Server Side Sorting of Search Results"
.IX Subsection "RFC-2891 LDAP Control Extension for Server Side Sorting of Search Results"
http://www.ietf.org/rfc/rfc2891.txt
.PP
This document describes two LDAPv3 control extensions for
server side sorting of search results. These controls allows a
client to specify the attribute types and matching rules a
server should use when returning the results to an \s-1LDAP\s0 search
request. The controls may be useful when the \s-1LDAP\s0 client has
limited functionality or for some other reason cannot sort the
results but still needs them sorted. Other permissible controls
on search operations are not defined in this extension.
.Sh "\s-1RFC-2849\s0 The \s-1LDAP\s0 Data Interchange Format (\s-1LDIF\s0) \- Technical Specification"
.IX Subsection "RFC-2849 The LDAP Data Interchange Format (LDIF) - Technical Specification"
http://www.ietf.org/rfc/rfc2849.txt
.PP
This document describes a file format suitable for describing
directory information or modifications made to directory
information. The file format, known as \s-1LDIF\s0, for \s-1LDAP\s0 Data
Interchange Format, is typically used to import and export
directory information between LDAP-based directory servers, or
to describe a set of changes which are to be applied to a
directory.
.SH "Current Internet Drafts"
.IX Header "Current Internet Drafts"
.Sh "draft-armijo-ldap-control-error \*(-- Result Message for \s-1LDAP\s0 Controls"
.IX Subsection "draft-armijo-ldap-control-error  Result Message for LDAP Controls"
LDAPv3 allows for the extension of the protocol through the use
of controls. These controls allow existing operations to be
enhanced to provide additional functionality for directory
operations. Complex controls are being established that are
bringing up error conditions not anticipated in the LDAPv3
specifications. The purpose of this draft is to create new
result codes specific to \s-1LDAP\s0 controls and to define guidelines
for the use of these result codes.
.Sh "draft-armijo-ldap-treedelete \*(-- Tree Delete Control"
.IX Subsection "draft-armijo-ldap-treedelete  Tree Delete Control"
This document defines an LDAPv3 control that deletes an entire
subtree of a container entry. This control extends the scope of
the LDAPv3 delete operation as defined in \s-1RFC\s0 2251. This
control is beneficial in extending the functionality of the
\&\s-1LDAP\s0 protocol and may be useful in administration in an \s-1LDAP\s0
environment.
.Sh "draft-behera-ldap-password-policy \*(-- Password Policy for \s-1LDAP\s0 Directories"
.IX Subsection "draft-behera-ldap-password-policy  Password Policy for LDAP Directories"
Password policy is a set of rules that controls how passwords
are used in \s-1LDAP\s0 directories. In order to improve the security
of \s-1LDAP\s0 directories and make it difficult for password cracking
programs to break into directories, it is desirable to enforce
a set of rules on password usage. These rules are made to
ensure that users change their passwords periodically,
passwords meet construction requirements, the re-use of old
password is restricted, and users are locked out after a
certain number of failed attempts.
.Sh "draft-daigle-tisdag \*(-- Technical Infrastructure for Swedish Directory Access Gateways (\s-1TISDAG\s0)"
.IX Subsection "draft-daigle-tisdag  Technical Infrastructure for Swedish Directory Access Gateways (TISDAG)"
The strength of the \s-1TISDAG\s0 project's \s-1DAG\s0 proposal is that it
defines the necessary technical infrastructure to provide a
single-access-point service for information on Swedish Internet
users. The resulting service will provide uniform access for
all information \*(-- the same level of access to information
(7x24 service), and the same information made available,
irrespective of the service provider responsible for
maintaining that information, their directory service
protocols, or the end-user's client access protocol.
.Sh "draft-good-ldap-changelog \*(-- Definition of an Object Class to Hold \s-1LDAP\s0 Change Records"
.IX Subsection "draft-good-ldap-changelog  Definition of an Object Class to Hold LDAP Change Records"
In  order to  support more flexible  replication methods, it  is
desirable  to specify  some manner in  which an \s-1LDAP\s0 client  may
retrieve  a set  of changes which have  been applied to an  \s-1LDAP\s0
server's  database.  The  client,  which  may  be  another  \s-1LDAP\s0
server,  may then  choose to update  its own replicated copy  of
the  data. This document specifies an object class which  may be
used  to represent  changes applied to  an \s-1LDAP\s0 server. It  also
specifies   a  method  for  discovering  the  location   of  the
container  object  which  holds these  change records,  so  that
clients  and servers  have a  common rendezvous  point for  this
information.
.Sh "draft-greenblatt-ldapext-sos \*(-- Simple Operations on Subtrees (for \s-1LDAP\s0)"
.IX Subsection "draft-greenblatt-ldapext-sos  Simple Operations on Subtrees (for LDAP)"
This draft defines several new \s-1LDAP\s0 extensions, which are
operations that can manipulate an entire portion of Directory
Information Tree (\s-1DIT\s0) at once. This draft does not presume any
specific \s-1DIT\s0 structure or schema modifications.
.Sh "draft-greenblatt-ldapextstyle \*(-- \s-1LDAP\s0 Extension Style Guide"
.IX Subsection "draft-greenblatt-ldapextstyle  LDAP Extension Style Guide"
LDAPv3 provides a base set of services. Additionally, \s-1LDAP\s0
provides several mechanisms by which the base set of services
may be enhanced to provide additional services. This document
describes the different ways that \s-1LDAP\s0 may be enhanced, and how
developers can decide which enhancement mechanism is best
suited for their environment. It also discusses the positives
and negatives for each \s-1LDAP\s0 enhancement mechanism
.Sh "draft-haripriya-ldapext-entryselect \*(-- EntrySelection Control for \s-1LDAP\s0 Modify and Delete Operations on Multiple Entries"
.IX Subsection "draft-haripriya-ldapext-entryselect  EntrySelection Control for LDAP Modify and Delete Operations on Multiple Entries"
This document defines an LDAPv3 control that can select
multiple entries in a subtree of a container entry for
modification or deletion. This control extends the scope of the
LDAPv3 modify and delete operations as defined in [\s-1RFC\s0 2251].
This control is useful for modifying or deleting multiple
entries on the basis of a single selection criterion. This may
be useful for maintenance of an \s-1LDAP\s0 directory having a large
number of objects.
.Sh "draft-hodges-ldapv3\-as \*(-- Lightweight Directory Access Protocol (v3): Applicability Statement"
.IX Subsection "draft-hodges-ldapv3-as  Lightweight Directory Access Protocol (v3): Applicability Statement"
The specification for LDAPv3 nominally comprises eight separte
RFCs which were issued in two distinct subsets at separate
times (RFCs 2251..2256 first, then RFCs 2229 and 2830 following
later), but this has never been formally stated. Additionally,
RFCs 2251 .. 2256 each are embellished with an \*(L"\s-1IESG\s0 Note\*(R"
warning implementors and deployers of potential
interoperability problems due to the lack of a specification of
mandatory-to-implement authentication \fImechanism\fR\|(s). This
document corrects both situations by explicitly specifying the
set of RFCs comprising LDAPv3 and rescinding the \*(L"\s-1IESG\s0 Note\*(R"
due to the specification of mandatory-to-implement
authentication mechanisms in \s-1RFC\s0 2829.
.Sh "draft-ietf-ids-ds-bcp \*(-- Best Current Practice for the Internet White Pages Service"
.IX Subsection "draft-ietf-ids-ds-bcp  Best Current Practice for the Internet White Pages Service"
This document makes the following recommendations for
organizations on the Internet:
.Sh "draft-ietf-ldapext-acl-model \*(-- Access Control Model for \s-1LDAP\s0"
.IX Subsection "draft-ietf-ldapext-acl-model  Access Control Model for LDAP"
This document describes the access control list (\s-1ACL\s0) model for
an \s-1LDAP\s0 directory service. It includes a description of the
model, the \s-1LDAP\s0 controls, and the extended operations to the
\&\s-1LDAP\s0 protocol. A separate document defines the corresponding
APIs.
.Sh "draft-ietf-ldapext-cldap \*(-- Connection-less Lightweight Directory Access Protocol"
.IX Subsection "draft-ietf-ldapext-cldap  Connection-less Lightweight Directory Access Protocol"
This memo describes modifications to LDAPv3 to allow transport
of a subset of the \s-1LDAP\s0 protocol over connection-less
transport. The case of \s-1UDP/IP\s0 is covered in detail in this memo
but other transport layers are possible.
.Sh "draft-ietf-ldapext-ldap-c-api \*(-- The C \s-1LDAP\s0 Application Program Interface"
.IX Subsection "draft-ietf-ldapext-ldap-c-api  The C LDAP Application Program Interface"
This document defines a C language application program
interface to \s-1LDAP\s0, and replaces the previous definition of this
\&\s-1API\s0, defined in \s-1RFC\s0 1823, updating it to include support for
features found in LDAPv3, as well as other changes to support
information hiding and thread safety.
.Sh "draft-ietf-ldapext-ldap-java-api \*(-- The Java \s-1LDAP\s0 Application Program Interface"
.IX Subsection "draft-ietf-ldapext-ldap-java-api  The Java LDAP Application Program Interface"
This document defines a java language application program
interface to the \s-1LDAP\s0, in the form of a class library. It
complements but does not replace the C language \s-1API\s0. This
version adds support for \s-1SASL\s0 authentication.
.Sh "draft-ietf-ldapext-ldap-java-api-asynch-ext \*(-- The Java \s-1LDAP\s0 Application Program Interface Asynchronous Extension"
.IX Subsection "draft-ietf-ldapext-ldap-java-api-asynch-ext  The Java LDAP Application Program Interface Asynchronous Extension"
This document defines asynchronous extensions to the java
language application program interface to \s-1LDAP\s0 defined in
draft-ietf-ldapext-ldap-java-api (v7)
.Sh "draft-ietf-ldapext-ldap-taxonomy \*(-- A Taxonomy of Methods for \s-1LDAP\s0 Clients Finding Servers"
.IX Subsection "draft-ietf-ldapext-ldap-taxonomy  A Taxonomy of Methods for LDAP Clients Finding Servers"
There  are several different methods for a \s-1LDAP\s0 client to find a
\&\s-1LDAP\s0  server. This  draft discusses  these methods and  provides
pointers   for   interested   parties  to   learn   more   about
implementing a particular method.
.Sh "draft-ietf-ldapext-ldapv3\-dupent \*(-- \s-1LDAP\s0 Control for a Duplicate Entry Representation of Search Results"
.IX Subsection "draft-ietf-ldapext-ldapv3-dupent  LDAP Control for a Duplicate Entry Representation of Search Results"
This document describes a Duplicate Entry Representation
control extension for the \s-1LDAP\s0 Search operation. By using the
control with an \s-1LDAP\s0 search, a client requests that the server
return separate entries for each value held in the specified
attributes. For instance, if a specified attribute of an entry
holds multiple values, the search operation will return
multiple instances of that entry, each instance holding a
separate single value in that attribute.
.Sh "draft-ietf-ldapext-ldapv3\-vlv \*(-- \s-1LDAP\s0 Extensions for Scrolling View Browsing of Search Results"
.IX Subsection "draft-ietf-ldapext-ldapv3-vlv  LDAP Extensions for Scrolling View Browsing of Search Results"
This  document describes a  Virtual List View control  extension
for  the  \s-1LDAP\s0 Search  operation.  This control  is designed  to
allow  the  ''virtual  list box''  feature, common  in  existing
commercial  e-mail address  book applications,  to be  supported
efficiently  by \s-1LDAP\s0 servers. \s-1LDAP\s0 servers' inability to support
this   client  feature  is  a  significant  impediment  to  \s-1LDAP\s0
replacing  proprietary protocols  in commercial e-mail  systems.
.Sh "draft-ietf-ldapext-locate \*(-- Discovering \s-1LDAP\s0 Services with \s-1DNS\s0"
.IX Subsection "draft-ietf-ldapext-locate  Discovering LDAP Services with DNS"
An  \s-1LDAP\s0 request must be  directed to an appropriate  server for
processing.  This document  specifies a  method for  discovering
such  servers  using  information  in the  Domain  Name  System.
.Sh "draft-ietf-ldapext-matchedval \*(-- Returning Matched Values with LDAPv3"
.IX Subsection "draft-ietf-ldapext-matchedval  Returning Matched Values with LDAPv3"
This document describes a control for the LDAPv3 that is used
to return a subset of attribute values from an entry,
specifically, only those values that contributed to the search
filter evaluating to \s-1TRUE\s0. Without support for this control, a
client must retrieve all of an attribute's values and search
for specific values locally.
.Sh "draft-ietf-ldapext-psearch \*(-- Persistent Search: A Simple \s-1LDAP\s0 Change Notification Mechanism"
.IX Subsection "draft-ietf-ldapext-psearch  Persistent Search: A Simple LDAP Change Notification Mechanism"
This document defines two controls that extend the LDAPv3
search operation to provide a simple mechanism by which an \s-1LDAP\s0
client can receive notification of changes that occur in an
\&\s-1LDAP\s0 server. The mechanism is designed to be very flexible yet
easy for clients and servers to implement.
.Sh "draft-ietf-ldapext-refer \*(-- Referrals in \s-1LDAP\s0 Directories"
.IX Subsection "draft-ietf-ldapext-refer  Referrals in LDAP Directories"
This document defines two reference attributes and associated
\&\*(L"referral\*(R" object class for representing generic knowledge
information in \s-1LDAP\s0 directories. The attribute uses URIs to
represent knowledge, enabling \s-1LDAP\s0 and non-LDAP services alike
to be referenced. The object class can be used to construct
entries in an \s-1LDAP\s0 directory containing references to other
directories or services. This document also defines procedures
directory servers should follow when supporting these schema
elements and when responding to requests for which the
directory server does not contain the requested object but may
contain some knowledge of the location of the requested object.
.Sh "draft-ietf-ldapext-x509\-sasl \*(-- X.509 Authentication \s-1SASL\s0 Mechanism"
.IX Subsection "draft-ietf-ldapext-x509-sasl  X.509 Authentication SASL Mechanism"
This document defines a \s-1SASL\s0 [\s-1RFC\s0 2222] authentication
mechanism based on X.509 strong authentication, providing two
way authentication. This mechanism is only for authentication,
and has no effect on the protocol encodings and is not designed
to provide integrity or confidentiality services.
.Sh "draft-ietf-ldup-framing \*(-- Extended Operations for Framing \s-1LDAP\s0 Operations"
.IX Subsection "draft-ietf-ldup-framing  Extended Operations for Framing LDAP Operations"
Certain types of \s-1LDAP\s0 applications can benefit from the ability
to specify the beginning and end of a related group of
operations. For example, the \s-1LDUP\s0 multimaster update protocol
requires that two servers agree to begin a session to transfer
pending replication updates. This document provides a framework
for constructing protocols that feature a framed set of related
operations. It defines a pair of LDAPv3 extended operations
that provide begin-end framing, and a pair of extended
operations used to respond the begin-end framing operations.
The nature of the actual \s-1LDAP\s0 operations carried inside these
framing operations is not specified in this document.
.Sh "draft-ietf-ldup-infomod \*(-- \s-1LDUP\s0 Replication Information Model"
.IX Subsection "draft-ietf-ldup-infomod  LDUP Replication Information Model"
draft-merrells-ldup-model (v1) describes the architectural
approach to replication of \s-1LDAP\s0 directory contents. This
document describes the information model and schema elements
which support \s-1LDAP\s0 Replication Services
.Sh "draft-ietf-ldup-model \*(-- \s-1LDAP\s0 Replication Architecture"
.IX Subsection "draft-ietf-ldup-model  LDAP Replication Architecture"
This  architectural  document  outlines a  suite of  schema  and
protocol   extensions  to   LDAPv3  that  enables  the   robust,
reliable,  server-to-server  exchange of  directory content  and
changes.
.Sh "draft-ietf-ldup-protocol \*(-- The \s-1LDUP\s0 Replication Update Protocol"
.IX Subsection "draft-ietf-ldup-protocol  The LDUP Replication Update Protocol"
The protocol described in this document is designed to allow
one \s-1LDAP\s0 server to replicate its directory content to another
\&\s-1LDAP\s0 server. The protocol is designed to be used in a
replication configuration where multiple updatable servers are
present. Provisions are made in the protocol to carry
information that allows the server receiving updates to apply a
total ordering to all updates in the replicated system. This
total ordering allows all replicas to correctly resolve
conflicts that arise when \s-1LDAP\s0 clients submit changes to
different servers that later replicate to one another.
.Sh "draft-ietf-ldup-replica-req \*(-- \s-1LDAP\s0 V3 Replication Requirements"
.IX Subsection "draft-ietf-ldup-replica-req  LDAP V3 Replication Requirements"
This   document  discusses  the  fundamental   requirements  for
replication  of data accessible via  the LDAPv3 protocol. It  is
intended  to  be  a  gathering  place  for  general  replication
requirements   needed   to  provide   interoperability   between
informational directories.
.Sh "draft-ietf-ldup-subentry \*(-- \s-1LDAP\s0 Subentry Schema"
.IX Subsection "draft-ietf-ldup-subentry  LDAP Subentry Schema"
This  document  describes an  object  class called  ldapSubEntry
which  \s-1MAY\s0 be used to indicate operations and management related
entries  in the directory, called \s-1LDAP\s0 Subentries.  This version
of  this  document  is updated  with  an  assigned \s-1OID\s0  for  the
ldapSubEntry object class.
.Sh "draft-ietf-ldup-urp \*(-- \s-1LDUP\s0 Update Reconciliation Procedures"
.IX Subsection "draft-ietf-ldup-urp  LDUP Update Reconciliation Procedures"
This document describes the procedures used by directory
servers to reconcile updates performed by autonomously
operating directory servers in a distributed, replicated
directory service.
.Sh "draft-ietf-pkix-ldap-schema \*(-- Internet X.509 Public Key Infrastructure Additional \s-1LDAP\s0 Schema for PKIs and PMIs"
.IX Subsection "draft-ietf-pkix-ldap-schema  Internet X.509 Public Key Infrastructure Additional LDAP Schema for PKIs and PMIs"
This document describes \s-1LDAP\s0 schema features in addition to \s-1RFC\s0
2587 that are needed to support a Privilege Management
Infrastructure and a Public Key Infrastructure. \s-1RFC2587\s0
describes some of the subschema applicable to LDAPv2 servers,
specifically the public key certificate related attribute types
and object classes that \s-1MUST\s0 or \s-1MAY\s0 be supported. This document
does not revoke any of the contents of \s-1RFC2587\s0, but supplements
them. \s-1RFC2587\s0 is equally applicable to LDAPv3 servers as to
LDAPv2 servers and \s-1MUST\s0 be supported by LDAPv3 servers. Neither
\&\s-1RFC2587\s0 nor the user schema for LDAPv3 (\s-1RFC2256\s0) nor the
attribute syntax definitions for LDAPv3 (\s-1RFC2252\s0) describe in
detail the matching rules that should be supported by \s-1LDAP\s0
servers, nor do they describe how attribute value assertions
for each matching rule should be encoded in filter items.
Finally none of these documents mention attributeCertificates
or any schema to support privilege management, since these
concepts superseded the publishing of the RFCs.
.Sh "draft-just-ldapv3\-rescodes \*(-- LDAPv3 Result Codes: Definitions and Appropriate Use"
.IX Subsection "draft-just-ldapv3-rescodes  LDAPv3 Result Codes: Definitions and Appropriate Use"
The purpose of this document is to describe, in some detail,
the meaning and use of the result codes used with the LDAPv3
protocol. Of particular importance are the error codes, which
represent the majority of the result codes. This document
provides definitions for each result code, and outlines the
expected behaviour of the various operations with respect to
how result codes and in particular, error conditions should be
handled and which specific error code should be returned. It is
hoped that this document will facilitate interoperability
between clients and servers and the development of intelligent
\&\s-1LDAP\s0 clients capable of acting upon the results received from
the server.
.Sh "draft-mmeredith-rootdse-vendor-info \*(-- Storing Vendor Information in the \s-1LDAP\s0 root \s-1DSE\s0"
.IX Subsection "draft-mmeredith-rootdse-vendor-info  Storing Vendor Information in the LDAP root DSE"
This document specifies two \s-1LDAP\s0 attributes, vendorName and
vendorVersion that \s-1MAY\s0 be included in the root \s-1DSE\s0 to advertise
vendor-specific information. These two attributes supplement
the attributes defined in section 3.4 of \s-1RFC\s0 2251. The
information held in these attributes \s-1MAY\s0 be used for display
and informational purposes and \s-1MUST\s0 \s-1NOT\s0 be used for feature
advertisement or discovery.
.Sh "draft-moats-dmtf-application-ldap \*(-- \s-1LDAP\s0 Schema for the \s-1DMTF\s0 Application \s-1CIM\s0 v2.1 Model"
.IX Subsection "draft-moats-dmtf-application-ldap  LDAP Schema for the DMTF Application CIM v2.1 Model"
This draft presents a LDAPv3 schema for the \s-1DMTF\s0 \s-1CIM\s0
Application model. Associations are mapped using a combination
of auxiliary classes and \s-1DIT\s0 structure rules. Where auxiliary
classes are used, name form and \s-1DIT\s0 content rules are
specified. (This document is not a product of the \s-1DMTF\s0, and
represents the view of the authors.)
.Sh "draft-moats-dmtf-core-ldap \*(-- \s-1LDAP\s0 Schema for the \s-1DMTF\s0 Core \s-1CIM\s0 v2.2 Model"
.IX Subsection "draft-moats-dmtf-core-ldap  LDAP Schema for the DMTF Core CIM v2.2 Model"
This draft presents a LDAPv3 schema for the \s-1DMTF\s0 \s-1CIM\s0 Core
model. Associations are mapped using a combination of auxiliary
classes and \s-1DIT\s0 structure rules. All attribute, object class,
and name form OIDs are place holders, and syntax OIDs in
definitions have been replaced by names for clarity. Further,
structure rule identifiers are place holders and should be
replaced as dictated by local implementations. (This document
is a product of the \s-1DMTF\s0 \s-1LDAP\s0 \s-1WG\s0.)
.Sh "draft-moats-dmtf-device-ldap \*(-- \s-1LDAP\s0 Schema for the \s-1DMTF\s0 Device \s-1CIM\s0 v2.2 Model"
.IX Subsection "draft-moats-dmtf-device-ldap  LDAP Schema for the DMTF Device CIM v2.2 Model"
This draft presents a LDAPv3 schema for the \s-1DMTF\s0 \s-1CIM\s0 Device
model. It builds on the core model presented in
draft-moats-dmtf-core-ldap (v1). Associations are mapped using
a combination of auxiliary classes and \s-1DIT\s0 structure rules.
Where auxiliary classes are used, name form and \s-1DIT\s0 content
rules are specified. (This document is not a product of the
\&\s-1DMTF\s0, and represents the view of the authors.)
.Sh "draft-moats-dmtf-network-ldap \*(-- \s-1LDAP\s0 Schema for the \s-1DMTF\s0 Network \s-1CIM\s0 v2.2 Model"
.IX Subsection "draft-moats-dmtf-network-ldap  LDAP Schema for the DMTF Network CIM v2.2 Model"
This draft presents a LDAPv3 schema for the \s-1DMTF\s0 \s-1CIM\s0 Network
model. Associations are mapped using a combination of auxiliary
classes and \s-1DIT\s0 structure rules. Where auxiliary classes are
used, name form and \s-1DIT\s0 content rules are specified. (This
document is not a product of the \s-1DMTF\s0, and represents the view
of the authors.)
.Sh "draft-moats-dmtf-physical-ldap \*(-- \s-1LDAP\s0 Schema for the \s-1DMTF\s0 Physical \s-1CIM\s0 v2.2 Model"
.IX Subsection "draft-moats-dmtf-physical-ldap  LDAP Schema for the DMTF Physical CIM v2.2 Model"
This draft presents a LDAPv3 schema for the \s-1DMTF\s0 \s-1CIM\s0 Physical
model. Associations are mapped using a combination of auxiliary
classes and \s-1DIT\s0 structure rules. Where auxiliary classes are
used, name form and \s-1DIT\s0 content rules are specified. (This
document is not a product of the \s-1DMTF\s0, and represents the view
of the authors.)
.Sh "draft-moats-dmtf-system-ldap \*(-- \s-1LDAP\s0 Schema for the \s-1DMTF\s0 System \s-1CIM\s0 v2.2 Model"
.IX Subsection "draft-moats-dmtf-system-ldap  LDAP Schema for the DMTF System CIM v2.2 Model"
This draft presents a LDAPv3 schema for the \s-1DMTF\s0 \s-1CIM\s0 System
model. It builds on the core model presented in
draft-moats-dmtf-core-ldap (v1). Associations are mapped using
a combination of auxiliary classes and \s-1DIT\s0 structure rules.
Where auxiliary classes are used, name form and \s-1DIT\s0 content
rules are specified. (This document is not a product of the
\&\s-1DMTF\s0, and represents the view of the authors.)
.Sh "draft-moats-ldap-dereference-match \*(-- Extensible Match Rule to Dereference Pointers"
.IX Subsection "draft-moats-ldap-dereference-match  Extensible Match Rule to Dereference Pointers"
This document defines a LDAPv3 extensible matching rule that
allows a server to dereference pointers stored in an object's
attribute and apply a LDAPv3 search filter to the resulting
objects. This rule allows schema definitions to capture richer
association models without requiring extra protocol exchanges
or special client code.
.Sh "draft-natarajan-ldapext-cachedresults \*(-- The \s-1LDAP\s0 Caching model"
.IX Subsection "draft-natarajan-ldapext-cachedresults  The LDAP Caching model"
Seeking entries from a directory is a process involving network
resources. It is assumed that a directory is accessed for
reading and searching data more than for modification purposes.
Under such assumptions, for performance reasons, a mechanism
for caching as a proxy which caches all entries is desirable.
This document describes a mechanism for caching directory
entries. This document also defines one operational attribute
and two controls required to be implemented for the caching
model.
.Sh "draft-natkovich-ldap-lcup \*(-- \s-1LDAP\s0 Client Update Protocol"
.IX Subsection "draft-natkovich-ldap-lcup  LDAP Client Update Protocol"
This document defines the \s-1LDAP\s0 Client Update Protocol (\s-1LCUP\s0).
The protocol is intended to allow an \s-1LDAP\s0 client to synchronize
with the content of a directory information tree (\s-1DIT\s0) stored
by an \s-1LDAP\s0 server and to be notified about the changes to that
content.
.Sh "draft-rharrison-lburp \*(-- \s-1LDAP\s0 Bulk Update/Replication Protocol"
.IX Subsection "draft-rharrison-lburp  LDAP Bulk Update/Replication Protocol"
The \s-1LDAP\s0 Bulk Update/Replication Protocol (\s-1LBURP\s0) described in
this document allows an \s-1LDAP\s0 client (a genuine client or an
\&\s-1LDAP\s0 server acting as a client) to perform a bulk update to a
replica on an \s-1LDAP\s0 server. The protocol groups a set of update
operations using the \s-1LDAP\s0 framed protocol requests defined in
[\s-1FRAMING\s0] to notify the client that the update operations in
the framed set are related. The update operations within the
framed set are LDAPv3 extended operations each encapsulating a
sequence number and one or more LDAPv3 update operations. The
sequence number allows the server to process the update
operations in the proper order even when they are sent
asynchronously by the client, and the update operations can be
grouped within the extended request to maximize the efficiency
of client-server communication.
.Sh "draft-rharrison-ldap-extpartresp \*(-- Extended Partial Response Protocol Enhancement to LDAPv3"
.IX Subsection "draft-rharrison-ldap-extpartresp  Extended Partial Response Protocol Enhancement to LDAPv3"
This document describes the ExtendedPartialResponse, an element
of \s-1LDAP\s0 v3 protocol which allows multiple responses to LDAPv3
extended requests. Extended partial responses are backward
compatible with the existing LDAPv3 Extended Operation defined
in LDAPv3..
.Sh "draft-salzr-ldap-repsig \*(-- \s-1LDAP\s0 Controls for Reply Signatures"
.IX Subsection "draft-salzr-ldap-repsig  LDAP Controls for Reply Signatures"
In many environments the final step of certificate issuance is
publishing the certificate to a repository. Unfortunately,
there is no way for a Certification Authority (\s-1CA\s0) to have a
secure application-level acknowledgement that the proper
repository did, in fact, receive the certificate. This issue is
of greater concern when considering the publication of
Certificate Revocation Lists (CRLs) \*(-- if an adversary manages
to interpose itself between the \s-1CA\s0 and its intended repository,
then clients could end up relying on outdated revocation lists.
.Sh "draft-smith-ldap-c-api-ext-lderrno \*(-- C \s-1LDAP\s0 \s-1API\s0 \s-1LDERRNO\s0 Extension"
.IX Subsection "draft-smith-ldap-c-api-ext-lderrno  C LDAP API LDERRNO Extension"
This document defines an extension to the C \s-1LDAP\s0 \s-1API\s0 to support
reporting of specific errors for functions in the \s-1API\s0 that do
not provide a way to access detailed information about
failures. Three new functions are defined: \fIldap_get_lderrno()\fR,
\&\fIldap_set_lderrno()\fR, and \fIldap_dup_string()\fR.
.Sh "draft-smith-ldap-c-api-ext-vlv \*(-- \s-1LDAP\s0 C \s-1API\s0 Virtual List View Extension (\s-1VLV\s0)"
.IX Subsection "draft-smith-ldap-c-api-ext-vlv  LDAP C API Virtual List View Extension (VLV)"
This document defines a virtual list view extension for the
\&\s-1LDAP\s0 C \s-1API\s0 to support the \s-1LDAP\s0 protocol extensions for
scrolling view browsing of search results. More specifically,
this document defines functions to create virtual list view
request controls and to parse virtual list view response
controls.
.Sh "draft-smith-ldapv3\-filter-update \*(-- The String Representation of \s-1LDAP\s0 Search Filters"
.IX Subsection "draft-smith-ldapv3-filter-update  The String Representation of LDAP Search Filters"
\&\s-1LDAP\s0 defines a network representation of a search filter
transmitted to an \s-1LDAP\s0 server. Some applications may find it
useful to have a common way of representing these search
filters in a human-readable form. This document defines a
human-readable string format for representing the full range of
possible LDAPv3 search filters, including extended match
filters.
.Sh "draft-smith-ldapv3\-url-update \*(-- The \s-1LDAP\s0 \s-1URL\s0 Format"
.IX Subsection "draft-smith-ldapv3-url-update  The LDAP URL Format"
\&\s-1LDAP\s0 is defined in RFCs 2251\-3. This document describes a
format for an \s-1LDAP\s0 Uniform
.Sh "draft-wahl-ldap-adminaddr \*(-- Administrator Address Attribute"
.IX Subsection "draft-wahl-ldap-adminaddr  Administrator Address Attribute"
Organizations running multiple directory servers need an
ability for administrators to determine who is responsible for
a particular server. This is conceptually similar to the
\&'sysContact' object of \s-1SNMP\s0. The administratorsAddress
attribute allows a server administrator to provide the contact
information of the responsible party for an \s-1LDAP\s0 server. This
can be used by management clients which are, for example,
checking the state of a replication or referral topology, to
provide a way for the user of the management client to send
email to manager of a particular server.
.Sh "draft-wahl-ldap-digest-example \*(-- An Example of \s-1DIGEST-MD5\s0 Authentication within an \s-1LDAP\s0 server"
.IX Subsection "draft-wahl-ldap-digest-example  An Example of DIGEST-MD5 Authentication within an LDAP server"
\&\s-1HTTP\s0 Digest Authentication as a \s-1SASL\s0 mechanism is required to
be supported in \s-1LDAP\s0 servers for password-based authentication
(see Authentication Methods for \s-1LDAP\s0). This specification
describes one approach to implement \s-1DIGEST-MD5\s0 authentication
in an \s-1LDAP\s0 server. It does not specify a standard of any kind.
.Sh "draft-weltman-java-sasl \*(-- The Java \s-1SASL\s0 Application Program Interface"
.IX Subsection "draft-weltman-java-sasl  The Java SASL Application Program Interface"
This document defines a client-side and a server-side Java
language interface for using the Simple Authentication and
Security Layer (\s-1SASL\s0) mechanisms for adding authentication
support to connection-based protocols. The interface promotes
sharing of \s-1SASL\s0 mechanism drivers and security layers between
applications using different protocols. It complements but does
not replace [\s-1SASL\s0], which defines and exemplifies use of the
\&\s-1SASL\s0 protocol in a language-independent way.
.Sh "draft-weltman-ldap-java-controls \*(-- Java \s-1LDAP\s0 Controls"
.IX Subsection "draft-weltman-ldap-java-controls  Java LDAP Controls"
This   document  defines  support  for  the  Preferred  Language
Control,  the  Server  Sorting  Control, and  the  Virtual  List
Control  in the Java \s-1LDAP\s0 \s-1API\s0. Controls are an LDAPv3 extension,
to  allow  passing arbitrary  control information  along with  a
standard   request  to  a  server,  and  to   receive  arbitrary
information back with a standard result.
.Sh "draft-weltman-ldapv3\-auth-response \*(-- \s-1LDAP\s0 Authentication Response Control"
.IX Subsection "draft-weltman-ldapv3-auth-response  LDAP Authentication Response Control"
This document defines support for the Authentication Response
Control. Controls are an LDAPv3 extension, to allow passing
arbitrary control information along with a standard request to
a server, and to receive arbitrary information back with a
standard result. The Authentication Response Control may be
returned by an \s-1LDAP\s0 server in a bind response to a client
authenticating with LDAPv3. The control contains the identity
assumed by the client. This is useful when there is a mapping
step or other indirection during the bind, so that the client
can be told what \s-1LDAP\s0 identity was granted. Client
authentication with certificates is the primary situation where
this applies. Also, some \s-1SASL\s0 authentication mechanisms may not
involve the client explicitly providing a \s-1DN\s0.
.Sh "draft-weltman-ldapv3\-proxy \*(-- \s-1LDAP\s0 Proxied Authorization Control"
.IX Subsection "draft-weltman-ldapv3-proxy  LDAP Proxied Authorization Control"
This document defines support for the Proxied Authorization
Control. Controls are an LDAPv3 extension, to allow passing
arbitrary control information along with a standard request to
a server, and to receive arbitrary information back with a
standard result. The Proxied Authorization Control allows a
connection with sufficient privileges to assume the identity of
another entry for the duration of an \s-1LDAP\s0 request.
.Sh "draft-zeilenga-ldap-authpasswd \*(-- \s-1LDAP\s0 Authentication Password Attribute"
.IX Subsection "draft-zeilenga-ldap-authpasswd  LDAP Authentication Password Attribute"
This document describes schema for storing authentication
passwords in an \s-1LDAP\s0 directory. The document provides schema
definitions for authPassword and related schema definitions.
The authPassword is intended to used instead of clear text
password storage mechanisms such as userPassword [\s-1RFC2256\s0] to
support simple bind operations. The attribute may be used to
store \s-1SASL\s0 authentication passwords in entries of a directory.
.Sh "draft-zeilenga-ldap-c-api-concurrency \*(-- \s-1LDAP\s0 C \s-1API\s0 Concurrency Extensions"
.IX Subsection "draft-zeilenga-ldap-c-api-concurrency  LDAP C API Concurrency Extensions"
This document defines extensions to the \s-1LDAP\s0 C \s-1API\s0 to support
use in concurrent execution environments. The document
describes and defines requirements for multiple concurrency
levels: thread safe, session thread safe, and operation thread
safe.
.Sh "draft-zeilenga-ldap-c-api-errno \*(-- \s-1LDAP\s0 C \s-1API\s0 Error Reporting Extension"
.IX Subsection "draft-zeilenga-ldap-c-api-errno  LDAP C API Error Reporting Extension"
This document defines a mandatory extension to the \s-1LDAP\s0 C \s-1API\s0
to provide error reporting for all \s-1API\s0 calls. The mechanism is
non-intrusive and can, optionally, support concurrent execution
environments.
.Sh "draft-zeilenga-ldap-grouping \*(-- LDAPv3: Grouping of Related Operations"
.IX Subsection "draft-zeilenga-ldap-grouping  LDAPv3: Grouping of Related Operations"
This document provides a general mechanisms for grouping
related \s-1LDAP\s0 operations, which may be used to support
replication, proxies, and higher level operations such as
transactions. This document describes a set of \s-1LDAP\s0 extended
operations and other protocol and schema elements to support
grouping of related operations.
.Sh "draft-zeilenga-ldap-namedref \*(-- Named References in \s-1LDAP\s0 Directories"
.IX Subsection "draft-zeilenga-ldap-namedref  Named References in LDAP Directories"
This document defines schema and protocol elements for
representing and manipulating generic knowledge information in
\&\s-1LDAP\s0 directories. An attribute type \*(L"ref\*(R" is used to store URIs
which may refer to \s-1LDAP\s0 and non-LDAP services. An object class
\&\*(L"referral\*(R" is used to construct entries in an \s-1LDAP\s0 directory
which references to other directories or services. A control,
ManageDsaIT, is defined to allow clients to manipulate referral
objects as normal entries. The document describes procedures
directory servers should follow when supporting these elements.
.Sh "draft-zeilenga-ldap-passwd-exop \*(-- \s-1LDAP\s0 Password Modify Extended Operation"
.IX Subsection "draft-zeilenga-ldap-passwd-exop  LDAP Password Modify Extended Operation"
The integration of \s-1LDAP\s0 and external authentication services
has introducted non-DN authentication identities and allowed
for non-directory storage of passwords. As such, mechanisms
which update the directory, such as Modify operation, cannot be
used to change a user's password. This document describes an
\&\s-1LDAP\s0 extended operation to allow modification of user passwords
which is not dependent upon the form of the authentication
identity nor the password storage mechanism used.
.Sh "draft-zeilenga-ldap-txn \*(-- LDAPv3 Transactions"
.IX Subsection "draft-zeilenga-ldap-txn  LDAPv3 Transactions"
\&\s-1LDAP\s0 update operations have atomic properties upon individual
entries. However, it is often desirable to update two or more
entries as one atomic action, a transaction. Transactions are
necessary to support a number of applications including
resource provisioning and information replication. This
document defines an \s-1LDAP\s0 extension to support transactions.
.Sh "draft-zeilenga-ldapv3bis-opattrs \*(-- LDAPv3: All Operational Attributes"
.IX Subsection "draft-zeilenga-ldapv3bis-opattrs  LDAPv3: All Operational Attributes"
X.500 provides a mechanism for clients to request all
operational attributes be returned with entries provided in
response to a search operation. \s-1LDAP\s0 [\s-1RFC2251\s0] does not provide
a similar mechanism to clients to request the return of
operational attributes. The lack of such a mechanisms hinders
discovery of operational attributes present in an entry.
.Sh "draft-zeilenga-ldapv3bis-rfc2251 \*(-- LDAPv3bis Suggestions: Lightweight Directory Access Protocol (v3)"
.IX Subsection "draft-zeilenga-ldapv3bis-rfc2251  LDAPv3bis Suggestions: Lightweight Directory Access Protocol (v3)"
This Internet Draft suggests a number of updates to
\&\*(L"Lightweight Directory Access Protocol (v3)\*(R" [\s-1RFC2251\s0]. This
document is not intended to be published as an \s-1RFC\s0 but used to
identify LDAPv3bis work items.
.Sh "draft-zeilenga-ldapv3bis-rfc2252 \*(-- LDAPv3bis Suggestions: Attribute Syntax Definitions"
.IX Subsection "draft-zeilenga-ldapv3bis-rfc2252  LDAPv3bis Suggestions: Attribute Syntax Definitions"
This Internet Draft suggests a number of updates to \*(L"
Lightweight Directory Access Protocol (v3): Attribute Syntax
Definitions\*(R" [\s-1RFC2252\s0]. This document is not intended to be
published as an \s-1RFC\s0 but used to identify LDAPv3bis work items.
.Sh "draft-zeilenga-ldapv3bis-rfc2253 \*(-- LDAPv3bis Suggestions: \s-1UTF-8\s0 String Representation of Distinguished Names"
.IX Subsection "draft-zeilenga-ldapv3bis-rfc2253  LDAPv3bis Suggestions: UTF-8 String Representation of Distinguished Names"
This Internet Draft suggests a number of updates to
\&\*(L"Lightweight Directory Access Protocol (v3): \s-1UTF-8\s0 String
Representation of Distinguished Names\*(R" [\s-1RFC2253\s0]. This document
is not intended to be published as an \s-1RFC\s0 but used to identify
LDAPv3bis work items.
.Sh "draft-zeilenga-ldapv3bis-rfc2254 \*(-- LDAPv3bis Suggestions: The String Representation of \s-1LDAP\s0 Search Filters"
.IX Subsection "draft-zeilenga-ldapv3bis-rfc2254  LDAPv3bis Suggestions: The String Representation of LDAP Search Filters"
This Internet Draft suggests a number of updates to \*(L"The String
Representation of \s-1LDAP\s0 Search Filters\*(R" [\s-1RFC\s0 2254]. This
document is not intended to be published as an \s-1RFC\s0 but used to
identify LDAPv3bis work items.
.Sh "draft-zeilenga-ldapv3bis-rfc2255 \*(-- LDAPv3bis Suggestions: The \s-1LDAP\s0 \s-1URL\s0 Format"
.IX Subsection "draft-zeilenga-ldapv3bis-rfc2255  LDAPv3bis Suggestions: The LDAP URL Format"
This Internet Draft suggests a number of updates to \*(L"The \s-1LDAP\s0
\&\s-1URL\s0 Format\*(R" [\s-1RFC\s0 2255]. This document is not intended to be
published as an \s-1RFC\s0 but used to identify LDAPv3bis work items.
.Sh "draft-zeilenga-ldapv3bis-rfc2256 \*(-- LDAPv3bis Suggestions: Summary of the X.500(96) User Schema for use with LDAPv3"
.IX Subsection "draft-zeilenga-ldapv3bis-rfc2256  LDAPv3bis Suggestions: Summary of the X.500(96) User Schema for use with LDAPv3"
This Internet Draft suggests a number of updates to \*(L"A Summary
of the X.500(96) User Schema for use with LDAPv3\*(R" [\s-1RFC\s0 2256].
This document is not intended to be published as an \s-1RFC\s0 but
used to identify LDAPv3bis work items.
.Sh "draft-zeilenga-ldapv3bis-rfc2829 \*(-- LDAPv3bis Suggestions: Authentication Methods for \s-1LDAP\s0"
.IX Subsection "draft-zeilenga-ldapv3bis-rfc2829  LDAPv3bis Suggestions: Authentication Methods for LDAP"
This Internet Draft suggests a number of updates to
\&\*(L"Authentication Methods for \s-1LDAP\s0\*(R" [\s-1RFC2829\s0]. This document is
not intended to be published as an \s-1RFC\s0 but used to identify
LDAPv3bis work items.
.Sh "draft-zeilenga-ldapv3bis-rfc2830 \*(-- LDAPv3bis Suggestions: Extension for Transport Layer Security"
.IX Subsection "draft-zeilenga-ldapv3bis-rfc2830  LDAPv3bis Suggestions: Extension for Transport Layer Security"
This Internet Draft suggests a number of updates to the
\&\*(L"Lightweight Directory Access Protocol: Extension for Transport
Layer Security\*(R" [\s-1RFC\s0 2830]. This document is not intended to be
published as an \s-1RFC\s0 but used to identify LDAPv3bis work items.
.PP
\&\fI$Id: \s-1RFC\s0.pod,v 1.5 2001/10/24 14:08:54 chrisridd Exp $\fR