Network Working Group K. Zeilenga
Request for Comments: 5020 Isode Limited
Category: Standards Track August 2007
Network Working Group K. Zeilenga
Request for Comments: 5020 Isode Limited
Category: Standards Track August 2007
The Lightweight Directory Access Protocol (LDAP) entryDN Operational Attribute
轻量级目录访问协议(LDAP)entryDN操作属性
Status of This Memo
关于下段备忘
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The IETF Trust (2007).
版权所有(C)IETF信托基金(2007年)。
Abstract
摘要
This document describes the Lightweight Directory Access Protocol (LDAP) / X.500 'entryDN' operational attribute. The attribute provides a copy of the entry's distinguished name for use in attribute value assertions.
本文档描述了轻量级目录访问协议(LDAP)/X.500“entryDN”操作属性。该属性提供条目可分辨名称的副本,用于属性值断言。
In X.500 Directory Services [X.501], such as those accessible using the Lightweight Directory Access Protocol (LDAP) [RFC4510], an entry is identified by its distinguished name (DN) [RFC4512]. However, as an entry's DN is not an attribute of the entry, it is not possible to perform attribute value assertions [RFC4511] against it.
在X.500目录服务[X.501]中,例如使用轻量级目录访问协议(LDAP)[RFC4510]可访问的目录服务,条目由其可分辨名称(DN)[RFC4512]标识。但是,由于条目的DN不是条目的属性,因此无法对其执行属性值断言[RFC4511]。
This document describes the 'entryDN' operational attribute which holds a copy of the entry's distinguished name. This attribute may be used in search filters. For instance, searching the subtree <dc=example,dc=com> with the filter:
本文档描述了“entryDN”操作属性,该属性保存条目的可分辨名称副本。此属性可在搜索筛选器中使用。例如,使用过滤器搜索子树<dc=example,dc=com>:
(entryDN:componentFilterMatch:=or:{
item:{ component "3", rule rdnMatch, value "ou=A" },
item:{ component "3", rule rdnMatch, value "ou=B" } })
(entryDN:componentFilterMatch:=or:{
item:{ component "3", rule rdnMatch, value "ou=A" },
item:{ component "3", rule rdnMatch, value "ou=B" } })
would return entries in the subtree <ou=A,dc=example,dc=com> and entries in subtree <ou=B,dc=example,dc=com>, but would not return any other entries in the subtree <dc=example,dc=com>.
将返回子树<ou=A,dc=example,dc=com>中的条目和子树<ou=B,dc=example,dc=com>中的条目,但不会返回子树<dc=example,dc=com>中的任何其他条目。
In the above paragraph, DNs are presented using the string representation defined in [RFC4514], and the example search filter is presented using the string representation defined in [RFC4515] with whitespace (line breaks and indentation) added to improve readability. The 'componentFilterMatch' and 'rdnMatch' rules are specified in [RFC3687].
在上述段落中,DNs使用[RFC4514]中定义的字符串表示法表示,示例搜索过滤器使用[RFC4515]中定义的字符串表示法表示,并添加空格(换行和缩进)以提高可读性。[RFC3687]中指定了“componentFilterMatch”和“rdnMatch”规则。
Schema definitions are provided using LDAP description formats [RFC4512]. Definitions provided here are formatted (line wrapped) for readability.
模式定义使用LDAP描述格式[RFC4512]提供。为了便于阅读,这里提供的定义是格式化的(换行)。
The 'entryDN' operational attribute provides a copy of the entry's current DN.
“entryDN”操作属性提供条目当前DN的副本。
The following is an LDAP attribute type description suitable for publication in subschema subentries.
以下是适用于在子模式子条目中发布的LDAP属性类型描述。
( 1.3.6.1.1.20 NAME 'entryDN' DESC 'DN of the entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
(1.3.6.1.1.20名称'entryDN'DESC'DN的条目'EQUALITY DifferentiedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12单值无用户修改使用指南操作)
Note that the DN of the entry cannot be modified through this attribute.
请注意,无法通过此属性修改条目的DN。
As this attribute only provides an additional mechanism to access an entry's DN, the introduction of this attribute is not believed to introduce new security considerations.
由于此属性仅提供访问条目DN的附加机制,因此不认为引入此属性会引入新的安全注意事项。
IANA has registered (upon Standards Action) an LDAP Object Identifier [RFC4520] for use in this document.
IANA已注册(根据标准行动)一个LDAP对象标识符[RFC4520],以供在本文档中使用。
Subject: Request for LDAP OID Registration
Person & email address to contact for further information:
Kurt Zeilenga <Kurt.Zeilenga@Isode.COM>
Specification: RFC 5020
Author/Change Controller: IESG
Comments:
Identifies the 'entryDN' attribute type
Subject: Request for LDAP OID Registration
Person & email address to contact for further information:
Kurt Zeilenga <Kurt.Zeilenga@Isode.COM>
Specification: RFC 5020
Author/Change Controller: IESG
Comments:
Identifies the 'entryDN' attribute type
IANA has registered (upon Standards Action) the LDAP 'entryDN' descriptor [RFC4520].
IANA已注册(根据标准操作)LDAP“entryDN”描述符[RFC4520]。
Subject: Request for LDAP Descriptor Registration
Descriptor (short name): entryDN
Object Identifier: 1.3.6.1.1.20
Person & email address to contact for further information:
Kurt Zeilenga <Kurt.Zeilenga@Isode.COM>
Usage: Attribute Type
Specification: RFC 5020
Author/Change Controller: IESG
Subject: Request for LDAP Descriptor Registration
Descriptor (short name): entryDN
Object Identifier: 1.3.6.1.1.20
Person & email address to contact for further information:
Kurt Zeilenga <Kurt.Zeilenga@Isode.COM>
Usage: Attribute Type
Specification: RFC 5020
Author/Change Controller: IESG
[RFC4510] Zeilenga, K., Ed., "Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map", RFC 4510, June 2006.
[RFC4510]Zeilenga,K.,Ed.“轻量级目录访问协议(LDAP):技术规范路线图”,RFC45102006年6月。
[RFC4512] Zeilenga, K., Ed., "Lightweight Directory Access Protocol (LDAP): Directory Information Models", RFC 4512, June 2006.
[RFC4512]Zeilenga,K.,Ed.,“轻量级目录访问协议(LDAP):目录信息模型”,RFC4512,2006年6月。
[X.501] International Telecommunication Union - Telecommunication Standardization Sector, "The Directory -- Models," X.501(1993) (also ISO/IEC 9594-2:1994).
[X.501]国际电信联盟-电信标准化部门,“目录——模型”,X.501(1993)(也指ISO/IEC 9594-2:1994)。
[RFC3687] Legg, S., "Lightweight Directory Access Protocol (LDAP) and X.500 Component Matching Rules", RFC 3687, February 2004.
[RFC3687]Legg,S.,“轻型目录访问协议(LDAP)和X.500组件匹配规则”,RFC 3687,2004年2月。
[RFC4511] Sermersheim, J., Ed., "Lightweight Directory Access Protocol (LDAP): The Protocol", RFC 4511, June 2006.
[RFC4511]Sermersheim,J.,Ed.,“轻量级目录访问协议(LDAP):协议”,RFC4511,2006年6月。
[RFC4514] Zeilenga, K., Ed., "Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names", RFC 4514, June 2006.
[RFC4514]Zeilenga,K.,Ed.“轻量级目录访问协议(LDAP):可分辨名称的字符串表示”,RFC4514,2006年6月。
[RFC4515] Smith, M., Ed., and T. Howes, "Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters", RFC 4515, June 2006.
[RFC4515]Smith,M.,Ed.,和T.Howes,“轻量级目录访问协议(LDAP):搜索过滤器的字符串表示”,RFC45152006年6月。
[RFC4520] Zeilenga, K., "Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)", BCP 64, RFC 4520, June 2006.
[RFC4520]Zeilenga,K.,“轻量级目录访问协议(LDAP)的互联网分配号码管理局(IANA)注意事项”,BCP 64,RFC 4520,2006年6月。
Author's Address
作者地址
Kurt D. Zeilenga Isode Limited
Kurt D.Zeilenga Isode有限公司
EMail: Kurt.Zeilenga@Isode.COM
EMail: Kurt.Zeilenga@Isode.COM
Full Copyright Statement
完整版权声明
Copyright (C) The IETF Trust (2007).
版权所有(C)IETF信托基金(2007年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息以“原样”为基础提供,贡献者、他/她所代表或赞助的组织(如有)、互联网协会、IETF信托基金和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。