Supported standards
DS software implements the following RFCs, Internet-Drafts, and standards:
- RFC 1274: The COSINE and Internet X.500 Schema
-
X.500 Directory Schema, or Naming Architecture, for use in the COSINE and Internet X.500 pilots.
- RFC 1321: The MD5 Message-Digest Algorithm
-
MD5 message-digest algorithm that takes as input a message of arbitrary length, and produces a 128-bit "fingerprint" or "message digest" of the input.
- RFC 1777: Lightweight Directory Access Protocol (LDAPv2)
-
Provide access to the X.500 Directory while not incurring the resource requirements of the Directory Access Protocol.
Classified as an historic document.
- RFC 1778: The String Representation of Standard Attribute Syntaxes
-
Defines the requirements that must be satisfied by encoding rules, used to render X.500 Directory attribute syntaxes into a form suitable for use in LDAP. Defines the encoding rules for the standard set of attribute syntaxes.
Classified as an historic document.
- RFC 1779: A String Representation of Distinguished Names
-
Defines a string format for representing names, which is designed to give a clean representation of commonly used names, while being able to represent any distinguished name.
Classified as an historic document.
- RFC 2079: Definition of an X.500 Attribute Type and an Object Class to Hold Uniform Resource Identifiers (URIs)
-
Defines a new attribute type and an auxiliary object class to store URIs, including URLs, in directory entries.
- RFC 2222: Simple Authentication and Security Layer (SASL)
-
Describes a method for adding authentication support to connection-based protocols.
- RFC 2246: The TLS Protocol Version 1.0
-
Specifies Version 1.0 of the Transport Layer Security protocol.
- RFC 2247: Using Domains in LDAP/X.500 Distinguished Names
-
Defines an algorithm by which a name registered with the Internet Domain Name Service can be represented as an LDAP distinguished name.
- RFC 2251: Lightweight Directory Access Protocol (v3)
-
Describes a directory access protocol designed to provide access to directories supporting the X.500 models, while not incurring the resource requirements of the X.500 Directory Access Protocol.
- RFC 2252: Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions
-
Defines a set of syntaxes for LDAPv3, and the rules by which attribute values of these syntaxes are represented as octet strings for transmission in the LDAP protocol.
- RFC 2253: Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
-
Defines a common UTF-8 format to represent distinguished names unambiguously.
- RFC 2254: The String Representation of LDAP Search Filters
-
Defines the string format for representing names, which is designed to give a clean representation of commonly used distinguished names, while being able to represent any distinguished name.
- RFC 2255: The LDAP URL Format
-
Describes a format for an LDAP URL.
- RFC 2256: A Summary of the X.500(96) User Schema for use with LDAPv3
-
Provides an overview of the attribute types and object classes defined by the ISO and ITU-T committees in the X.500 documents, in particular those intended for use by directory clients.
- RFC 2307: An Approach for Using LDAP as a Network Information Service
-
Describes an experimental mechanism for mapping entities related to TCP/IP and the UNIX system into X.500 entries so that they may be resolved with LDAP.
- RFC 2377: Naming Plan for Internet Directory-Enabled Applications
-
Proposes a new directory naming plan that leverages the strengths of the most popular and successful Internet naming schemes for naming objects in a hierarchical directory.
- RFC 2696: LDAP Control Extension for Simple Paged Results Manipulation
-
Lets a client control the rate at which an LDAP server returns the results of an LDAP search operation.
- RFC 2713: Schema for Representing Java(tm) Objects in an LDAP Directory
-
Defines a common way for applications to store and retrieve Java objects from the directory.
- RFC 2714: Schema for Representing CORBA Object References in an LDAP Directory
-
Define a common way for applications to store and retrieve CORBA object references from the directory.
- RFC 2739: Calendar Attributes for vCard and LDAP
-
Defines a mechanism to locate a user calendar and free/busy time using the LDAP protocol.
- RFC 2798: Definition of the inetOrgPerson LDAP Object Class
-
Defines an object class called inetOrgPerson for use in LDAP and X.500 directory services that extends the X.521 standard organizationalPerson class.
- RFC 2829: Authentication Methods for LDAP
-
Specifies particular combinations of security mechanisms which are required and recommended in LDAP implementations.
- RFC 2830: Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security
-
Defines the Start Transport Layer Security (TLS) operation for LDAP.
- RFC 2849: The LDAP Data Interchange Format (LDIF) - Technical Specification
-
Describes a file format suitable for describing directory information or modifications made to directory information.
- RFC 2891: LDAP Control Extension for Server Side Sorting of Search Results
-
Describes two LDAPv3 control extensions for server-side sorting of search results.
- RFC 2926: Conversion of LDAP Schemas to and from SLP Templates
-
Describes a procedure for mapping between Service Location Protocol service advertisements and LDAP descriptions of services.
- RFC 3045: Storing Vendor Information in the LDAP root DSE
-
Specifies two LDAP attributes, vendorName and vendorVersion that may be included in the root DSA-specific Entry (DSE) to advertise vendor-specific information.
- RFC 3062: LDAP Password Modify Extended Operation
-
Describes an LDAP extended operation to allow modification of user passwords, which does not depend on the authentication identity or the password storage mechanism.
- RFC 3112: LDAP Authentication Password Schema
-
Describes LDAP schema for user/password authentication including the authPassword attribute type. This attribute type holds values derived from the user’s password(s) (commonly using cryptographic strength one-way hash).
- RFC 3296: Named Subordinate References in Lightweight Directory Access Protocol (LDAP) Directories
-
Details schema and protocol elements for representing and managing named subordinate references in LDAP directories.
- RFC 3377: Lightweight Directory Access Protocol (v3): Technical Specification
-
Specifies the set of RFCs comprising LDAPv3, and addresses the "IESG Note" attached to RFCs 2251 through 2256.
- RFC 3383: Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)
-
Provides procedures for registering extensible elements of LDAP.
- RFC 3546: Transport Layer Security (TLS) Extensions
-
Describes extensions that may be used to add functionality to Transport Layer Security.
- RFC 3671: Collective Attributes in the Lightweight Directory Access Protocol (LDAP)
-
Summarizes the X.500 information model for collective attributes and describes use of collective attributes in LDAP.
- RFC 3672: Subentries in the Lightweight Directory Access Protocol (LDAP)
-
Adapts the X.500 subentry mechanisms for use with LDAP.
DS servers extend the subtree specification’s
specificationFilter
component to allow any search filter.
- RFC 3673: Lightweight Directory Access Protocol version 3 (LDAPv3): All Operational Attributes
-
Describes an LDAP extension which clients may use to request the return of all operational attributes.
- RFC 3674: Feature Discovery in Lightweight Directory Access Protocol (LDAP)
-
Introduces a general mechanism for discovery of elective features and extensions, which cannot be discovered using existing mechanisms.
- RFC 3712: Lightweight Directory Access Protocol (LDAP): Schema for Printer Services
-
Defines a schema, object classes and attributes, for printers and printer services, for use with LDAP directories.
- RFC 3771: Lightweight Directory Access Protocol (LDAP) Intermediate Response Message
-
Defines and describes the IntermediateResponse message, a general mechanism for defining single-request/multiple-response operations in LDAP.
- RFC 3829: Lightweight Directory Access Protocol (LDAP) Authorization Identity Request and Response Controls
-
Extends the LDAP bind operation with a mechanism for requesting and returning the authorization identity it establishes.
- RFC 3876: Returning Matched Values with the Lightweight Directory Access Protocol version 3 (LDAPv3)
-
Describes a control for LDAPv3 that is used to return a subset of attribute values from an entry.
- RFC 3909: Lightweight Directory Access Protocol (LDAP) Cancel Operation
-
Describes an LDAP extended operation to cancel (or abandon) an outstanding operation, with a response to indicate the outcome of the operation.
- RFC 4346: The Transport Layer Security (TLS) Protocol Version 1.1
-
Specifies Version 1.1 of the Transport Layer Security protocol.
- RFC 4370: Lightweight Directory Access Protocol (LDAP) Proxied Authorization Control
-
Defines the Proxy Authorization Control, which lets a client request that an operation be processed under a provided authorization identity instead of under the current authorization identity associated with the connection.
- RFC 4403: Lightweight Directory Access Protocol (LDAP) Schema for Universal Description, Discovery, and Integration version 3 (UDDIv3)
-
Defines the LDAP schema for representing UDDIv3 data types in an LDAP directory.
- RFC 4422: Simple Authentication and Security Layer (SASL)
-
Describes a framework for providing authentication and data security services in connection-oriented protocols via replaceable mechanisms.
- RFC 4505: Anonymous Simple Authentication and Security Layer (SASL) Mechanism
-
Describes a new way to provide anonymous login needed within the context of the SASL framework.
- RFC 4510: Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map
-
Provides a road map of the LDAP Technical Specification.
- RFC 4511: Lightweight Directory Access Protocol (LDAP): The Protocol
-
Describes LDAP protocol elements, and their semantics and encodings.
- RFC 4512: Lightweight Directory Access Protocol (LDAP): Directory Information Models
-
Describes the X.500 Directory Information Models as used in LDAP.
- RFC 4513: Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms
-
Describes LDAP authentication methods and security mechanisms.
- RFC 4514: Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names
-
Defines the string representation used in LDAP to transfer distinguished names.
- RFC 4515: Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters
-
Defines a human-readable string representation of LDAP search filters that is appropriate for use in LDAP URLs and in other applications.
- RFC 4516: Lightweight Directory Access Protocol (LDAP): Uniform Resource Locator
-
Describes a format for an LDAP URL.
- RFC 4517: Lightweight Directory Access Protocol (LDAP): Syntaxes and Matching Rules
-
Defines a base set of syntaxes and matching rules for use in defining attributes for LDAP directories.
- RFC 4518: Lightweight Directory Access Protocol (LDAP): Internationalized String Preparation
-
Defines string preparation algorithms for character-based matching rules defined for use in LDAP.
- RFC 4519: Lightweight Directory Access Protocol (LDAP): Schema for User Applications
-
Provides a technical specification of attribute types and object classes intended for use by LDAP directory clients for many directory services, such as white pages.
- RFC 4523: Lightweight Directory Access Protocol (LDAP) Schema Definitions for X.509 Certificates
-
Describes schema for representing X.509 certificates, X.521 security information, and related elements in LDAP directories.
- RFC 4524: COSINE LDAP/X.500 Schema
-
Provides a collection of LDAP schema elements from the COSINE and Internet X.500 pilot projects.
- RFC 4525: Lightweight Directory Access Protocol (LDAP) Modify-Increment Extension
-
Describes an LDAP extension to the LDAP modify operation that supports an increment capability.
- RFC 4526: Lightweight Directory Access Protocol (LDAP) Absolute True and False Filters
-
Extends LDAP to support absolute True and False filters based upon similar capabilities found in X.500 directory systems.
- RFC 4527: Lightweight Directory Access Protocol (LDAP) Read Entry Controls
-
Specifies an LDAP extension to let the client read the target entry of an update operation.
- RFC 4528: Lightweight Directory Access Protocol (LDAP) Assertion Control
-
Defines the LDAP Assertion Control, which lets a client specify that a directory operation should only be processed if an assertion applied to the target entry of the operation is true.
- RFC 4529: Requesting Attributes by Object Class in the Lightweight Directory Access Protocol (LDAP)
-
Extends LDAP to support a mechanism that lets LDAP clients request the return of all attributes of an object class.
- RFC 4530: Lightweight Directory Access Protocol (LDAP) entryUUID Operational Attribute
-
Describes the LDAP/X.500 entryUUID operational attribute and associated matching rules and syntax.
- RFC 4532: Lightweight Directory Access Protocol (LDAP) "Who am I?" Operation
-
Provides an LDAP mechanism for clients to obtain the authorization identity that the server has associated with the user or application entity.
- RFC 4616: The PLAIN Simple Authentication and Security Layer (SASL) Mechanism
-
Defines a simple plaintext user/password SASL mechanism called the PLAIN mechanism.
- RFC 4634: US Secure Hash Algorithms (SHA and HMAC-SHA)
-
Specifies Secure Hash Algorithms, SHA-256, SHA-384, and SHA-512, for computing a condensed representation of a message or a data file.
- RFC 4752: The Kerberos V5 ("GSSAPI") Simple Authentication and Security Layer (SASL) Mechanism
-
Describes the method for using the GSS-API Kerberos V5 in SASL, called the GSSAPI mechanism.
- RFC 4876: A Configuration Profile Schema for Lightweight Directory Access Protocol (LDAP)-Based Agents
-
Defines a schema for storing a profile for agents that use LDAP.
- RFC 5020: The Lightweight Directory Access Protocol (LDAP) entryDN Operational Attribute
-
Describes the LDAP/X.500 entryDN operational attribute, which provides a copy of the entry’s DN for use in attribute value assertions.
- RFC 5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted Challenge Response Authentication Mechanism (SCRAM) Secrets
-
Describes how an LDAP directory server stores passwords for use in SCRAM SASL binds.
- RFC 7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS Simple Authentication and Security Layer (SASL) Mechanisms
-
Registers mechanisms for SASL SCRAM, updating RFC 5802.
- RFC 9106: Argon2 Memory-Hard Function for Password Hashing and Proof-of-Work Applications
-
Describes the Argon2 memory-hard function for calculating a password hash.
- FIPS 180-1: Secure Hash Standard (SHA-1)
-
Specifies a Secure Hash Algorithm, SHA-1, for computing a condensed representation of a message or a data file.
- FIPS 180-2: Secure Hash Standard (SHA-1, SHA-256, SHA-384, SHA-512)
-
Specifies four Secure Hash Algorithms for computing a condensed representation of electronic data.
- DSMLv2: Directory Service Markup Language
-
Provides a method for expressing directory queries and updates as XML documents.
- JavaScript Object Notation
-
A data-interchange format that aims to be both "easy for humans to read and write," and "easy for machines to parse and generate."
- RFC 7643: System for Cross-domain Identity Management: Core Schema
-
Platform neutral schema and extension model for representing users and groups in JSON and XML formats. DS supports the JSON format.
- The LDAP Relax Rules Control (Internet-Draft)
-
Experimental LDAP control allowing a directory client application to request temporary relaxation of data and service model rules.
This control relaxes LDAP constraints, allowing operations that are not normally permitted, such as modifying read-only attributes. To prevent misuse, restrict access to this control to limited administrative accounts.
- The Proxy Protocol
-
An HAProxy Technologies protocol that safely transports connection information, such as a client’s IP address, through multiple proxy layers.