Values are Access Control Instructions (ACI). See the directory documentation for details.

Shows effective access rights. See the directory documentation for details.

Shows how the server calculates effective access rights. See the directory documentation for details.

An address for contacting the administrator who manages the server. For example, mailto:helpdesk@example.com.

Holds the name of the entry that an alias points to.

An alias name is an alternative name for an entry. Alias objects are leaf entries (no subordinates).

ForgeRock servers do not support alias dereferencing.

This operational attribute lists URIs of alternate servers to contact when this server is not available.

A type A (address) DNS resource record.

An attribute for specifying DNS host names associated with an object. For example, the entry with DN dc=example,dc=com could have an associated domain of example.com.

Values of this attribute conform to the following ABNF:

domain = root / label *( DOT label )
root   = SPACE
label  = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ]
LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z"
SPACE  = %x20                        ; space (" ")
HYPHEN = %x2D                        ; hyphen ("-")
DOT    = %x2E                        ; period (".")
    

DNs of entries associated with a DNS domain.

This operational attribute used in LDAP schema defines attribute types, which specify attributes of directory entries, including their syntaxes and matching rules.

Attribute for storing sounds encoded according to the algorithm.

X.509 certificate lists, as described in X.509 clause 11.2.5.

Request and transfer values using the binary option for the attribute description, authorityRevocationList;binary.

Encoded or hashed passwords, prefixed with a scheme and authentication info.

Names of buildings where an organization or organizational unit is based.

The kind of business performed by an organization. Each kind corresponds to a different attribute value.

Fax phone number for a collection of entries.

ISDN address for a collection of entries.

Name of a locality or place for a collection of entries.

Organization name for a collection of entries.

Organizational unit name for a collection of entries.

Post office for a collection of entries.

Postal address for a collection of entries.

Postal code for a collection of entries.

Postal box identifier for a collection of entries.

Full name of a state or province for a collection of entries.

Street address for a collection of entries.

Phone number for a collection of entries.

Telex terminal number for a collection of entries.

Two-letter ISO 3166 country code.

X.509 certificate issued to the Certificate Authority (CA), as described in X.509 clause 11.2.2.

Request and transfer values using the binary option for the attribute description, cACertificate;binary.

Protocol-independent location for a calendaring and scheduling client to send an event request to a user.

Protocol-independent location for a calendaring and scheduling client to retrieve an entire snapshot copy of a user's calendar as one or more iCalendar objects.

Protocol-independent location for a calendaring and scheduling client can communicate with a user's entire calendar.

Protocol-independent location for a calendaring and scheduling client to retrieve information about when a user is busy as an iCalendar object with one or more "VFREEBUSY" calendar components.

Protocol-independent additional locations for a calendaring and scheduling client to send event requests to a user.

Protocol-independent location for a calendaring and scheduling client to retrieve snapshots of other calendars a user has as iCalendar objects.

Protocol-independent location for a calendaring and scheduling client can communicate with a user's other calendars.

Protocol-independent location for a calendaring and scheduling client to retrieve other information about when a user is busy as iCalendar objects with one or more "VFREEBUSY" calendar components.

Car license or registration plate number for a person's vehicle.

X.509 certificate lists, as described in X.509 clause 11.2.4.

Request and transfer values using the binary option for the attribute description, certificateRevocationList;binary.

Points to the entry that initiated the modification.

Opaque unique identifier for a change in distributed replication changelog.

The set of changes made to a directory server is given by the set of all entries in the changelog, ordered by changeNumber, which strictly increases for a given server.

Note The changeNumber is unique to a server, and not necessarily shared or synchronized across servers. The change numbers for ForgeRock servers can be synchronized using the dsreplication reset-change-number command. ForgeRock servers also provide an alternative changeLogCookie attribute, which can be used reliably across a replicated topology.

A client application may synchronize its local copy of directory data by reading the server's changelog for entries where the changeNumber is greater than or equal to the last change that the client read from the server. A server can, however, trim its changelog. If the last change read from the changelog is not returned in search results, the client application must fall back to rebuilding its entire copy of directory data.

Indicates when an entry was changed for replication.

The type of change made to the entry specified by the targetDN attribute of the changelog entry. One of:

X.500 commonName attribute that contains the name of an object.

When used for a person, this attribute contains the full name.

A type CNAME (canonical name) DNS resource record.

Friendly country name in human readable format. This attribute is commonly used with c country name, whose values are two-letter codes defined in the ISO 3166 standard.

This operational attribute identifies the collective attribute subentries that apply to the entry.

Indicates how to handle conflicts between real (stored) and virtual (computed) attribute values.

This operational attribute identifies the collective attributes to exclude from the entry. The value excludeAllCollectiveAttributes causes all collective attributes to be excluded.

String representation of an interoperable object reference (IOR) for a CORBA object. The value holds all the information necessary to locate the object even if it is in another ORB.

Unique repository ID, also known as type ID, for a CORBA interface. Multiple values reflect multiple interfaces, but the list is not necessarily complete.

Although the value string can be of any syntax, the following ID styles are specified:

For entries added over protocol (by an LDAP add request), this operational attribute reflects the time the entry was first added.

For entries added over protocol (by an LDAP add request), this operational attribute indicates the DN of the creator's entry.

X.509 certificate pair, as described in X.509 clause 11.2.3.

Request and transfer values using the binary option for the attribute description, crossCertificatePair;binary.

Domain component as described in RFC 1274, where each attribute value holds one component, or label, of a DNS domain name. A value of this attribute is a string of ASCII characters following this ABNF:

label = (ALPHA / DIGIT) [*61(ALPHA / DIGIT / HYPHEN) (ALPHA / DIGIT)]
ALPHA   = %x41-5A / %x61-7A     ; "A"-"Z" / "a"-"z"
DIGIT   = %x30-39               ; "0"-"9"
HYPHEN  = %x2D                  ; hyphen ("-")
    

Examples: example, com (but not example.com)