Browse Prior Art Database

Collective Attributes in the Lightweight Directory Access Protocol (LDAP) (RFC3671)

IP.com Disclosure Number: IPCOM000021124D
Original Publication Date: 2003-Dec-01
Included in the Prior Art Database: 2003-Dec-24
Document File: 11 page(s) / 18K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

K. Zeilenga: AUTHOR

Abstract

X.500 collective attributes allow common characteristics to be shared between collections of entries. This document summarizes the X.500 information model for collective attributes and describes use of collective attributes in LDAP (Lightweight Directory Access Protocol). This document provides schema definitions for collective attributes for use in LDAP.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 19% of the total text.

Network Working Group K. Zeilenga

Request for Comments: 3671 OpenLDAP Foundation

Category: Standards Track December 2003

Collective Attributes in

the Lightweight Directory Access Protocol (LDAP)

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2003). All Rights Reserved.

Abstract

X.500 collective attributes allow common characteristics to be shared

between collections of entries. This document summarizes the X.500

information model for collective attributes and describes use of

collective attributes in LDAP (Lightweight Directory Access

Protocol). This document provides schema definitions for collective

attributes for use in LDAP.

1. Introduction

In X.500 [X.500], a collective attribute is "a user attribute whose

values are the same for each member of an entry collection" [X.501].

This document details their use in the Lightweight Directory Access

Protocol (LDAP) [RFC3377].

1.1. Entry Collections

A collection of entries is a grouping of object and alias entries

based upon common properties or shared relationship between the

corresponding entries which share certain attributes. An entry

collection consists of all entries within scope of a collective

attributes subentry [RFC3672]. An entry can belong to several entry

collections.

Zeilenga Standards Track [Page 1]

RFC 3671 Collective Attributes in LDAP December 2003

1.2. Collective Attributes

Attributes shared by the entries comprising an entry collection are

called collective attributes. Values of collective attributes are

visible but not updateable to clients accessing entries within the

collection. Collective attributes are updated (i.e., modified) via

their associated collective attributes subentry.

When an entry belongs to multiple entry collections, the entry's

values of each collective attribute are combined such that

independent sources of these values are not manifested to clients.

Entries can specifically exclude a particular collective attribute by

listing the attribute as a value of the collectiveExclusions

attribute. Like other user attributes, collective attributes are

subject to a variety of controls including access, administrative,

and content controls.

1.3. Conventions

Schema definitions are provided using LDAPv3 [RFC2251] description

formats [RFC2252]. Definitions provided here are formatted (line

wrapped) for readability.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",

"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this

document are to be interpreted as described in BCP 14 [RFC2119].

2. System Schema for Collective Attributes

The following operational attributes are used to manage Colle...