Supported Standards
DS software implements the following RFCs, Internet-Drafts, and standards:
- RFC 1274: The COSINE and Internet X.500 Schema
X.500 Directory Schema, or Naming Architecture, for use in the COSINE and Internet X.500 pilots.
- RFC 1321: The MD5 Message-Digest Algorithm
MD5 message-digest algorithm that takes as input a message of arbitrary length, and produces a 128-bit "fingerprint" or "message digest" of the input.
- RFC 1777: Lightweight Directory Access Protocol (LDAPv2)
Provide access to the X.500 Directory while not incurring the resource requirements of the Directory Access Protocol.
Classified as an historic document.
- RFC 1778: The String Representation of Standard Attribute Syntaxes
Defines the requirements that must be satisfied by encoding rules used to render X.500 Directory attribute syntaxes into a form suitable for use in LDAP. Defines the encoding rules for the standard set of attribute syntaxes.
Classified as an historic document.
- RFC 1779: A String Representation of Distinguished Names
Defines a string format for representing names, which is designed to give a clean representation of commonly used names, while being able to represent any distinguished name.
Classified as an historic document.
- RFC 2079: Definition of an X.500 Attribute Type and an Object Class to Hold Uniform Resource Identifiers (URIs)
Defines a new attribute type and an auxiliary object class to store URIs, including URLs, in directory entries.
- RFC 2222: Simple Authentication and Security Layer (SASL)
Describes a method for adding authentication support to connection-based protocols.
- RFC 2246: The TLS Protocol Version 1.0
Specifies Version 1.0 of the Transport Layer Security protocol.
- RFC 2247: Using Domains in LDAP/X.500 Distinguished Names
Defines an algorithm by which a name registered with the Internet Domain Name Service can be represented as an LDAP distinguished name.
- RFC 2251: Lightweight Directory Access Protocol (v3)
Describes a directory access protocol designed to provide access to directories supporting the X.500 models, while not incurring the resource requirements of the X.500 Directory Access Protocol.
- RFC 2252: Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions
Defines a set of syntaxes for LDAPv3, and the rules by which attribute values of these syntaxes are represented as octet strings for transmission in the LDAP protocol.
- RFC 2253: Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
Defines a common UTF-8 format to represent distinguished names unambiguously.
- RFC 2254: The String Representation of LDAP Search Filters
Defines the string format for representing names, which is designed to give a clean representation of commonly used distinguished names, while being able to represent any distinguished name.
- RFC 2255: The LDAP URL Format
Describes a format for an LDAP URL.
- RFC 2256: A Summary of the X.500(96) User Schema for use with LDAPv3
Provides an overview of the attribute types and object classes defined by the ISO and ITU-T committees in the X.500 documents, in particular those intended for use by directory clients.
- RFC 2307: An Approach for Using LDAP as a Network Information Service
Describes an experimental mechanism for mapping entities related to TCP/IP and the UNIX system into X.500 entries so that they may be resolved with LDAP.
- RFC 2377: Naming Plan for Internet Directory-Enabled Applications
Proposes a new directory naming plan that leverages the strengths of the most popular and successful Internet naming schemes for naming objects in a hierarchical directory.
- RFC 2696: LDAP Control Extension for Simple Paged Results Manipulation
Lets a client control the rate at which an LDAP server returns the results of an LDAP search operation.
- RFC 2713: Schema for Representing Java(tm) Objects in an LDAP Directory
Defines a common way for applications to store and retrieve Java objects from the directory.
- RFC 2714: Schema for Representing CORBA Object References in an LDAP Directory
Define a common way for applications to store and retrieve CORBA object references from the directory.
- RFC 2739: Calendar Attributes for vCard and LDAP
Defines a mechanism to locate a user calendar and free/busy time using the LDAP protocol.
- RFC 2798: Definition of the inetOrgPerson LDAP Object Class
Defines an object class called inetOrgPerson for use in LDAP and X.500 directory services that extends the X.521 standard organizationalPerson class.
- RFC 2829: Authentication Methods for LDAP
Specifies particular combinations of security mechanisms which are required and recommended in LDAP implementations.
- RFC 2830: Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security
Defines the Start Transport Layer Security (TLS) operation for LDAP.
- RFC 2849: The LDAP Data Interchange Format (LDIF) - Technical Specification
Describes a file format suitable for describing directory information or modifications made to directory information.
- RFC 2891: LDAP Control Extension for Server Side Sorting of Search Results
Describes two LDAPv3 control extensions for server-side sorting of search results.
- RFC 2926: Conversion of LDAP Schemas to and from SLP Templates
Describes a procedure for mapping between Service Location Protocol service advertisements and LDAP descriptions of services.
- RFC 3045: Storing Vendor Information in the LDAP root DSE
Specifies two LDAP attributes, vendorName and vendorVersion that may be included in the root DSA-specific Entry (DSE) to advertise vendor-specific information.
- RFC 3062: LDAP Password Modify Extended Operation
Describes an LDAP extended operation to allow modification of user passwords, which does not depend on the authentication identity or the password storage mechanism.
- RFC 3112: LDAP Authentication Password Schema
Describes LDAP schema for user/password authentication including the authPassword attribute type. This attribute type holds values derived from the user's password(s) (commonly using cryptographic strength one-way hash).
- RFC 3296: Named Subordinate References in Lightweight Directory Access Protocol (LDAP) Directories
Details schema and protocol elements for representing and managing named subordinate references in LDAP directories.
- RFC 3377: Lightweight Directory Access Protocol (v3): Technical Specification
Specifies the set of RFCs comprising LDAPv3, and addresses the "IESG Note" attached to RFCs 2251 through 2256.
- RFC 3383: Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)
Provides procedures for registering extensible elements of LDAP.
- RFC 3546: Transport Layer Security (TLS) Extensions
Describes extensions that may be used to add functionality to Transport Layer Security.
- RFC 3671: Collective Attributes in the Lightweight Directory Access Protocol (LDAP)
Summarizes the X.500 information model for collective attributes and describes use of collective attributes in LDAP.
- RFC 3672: Subentries in the Lightweight Directory Access Protocol (LDAP)
Adapts the X.500 subentry mechanisms for use with LDAP.
DS servers extend the subtree specification's
specificationFilter
component to allow any search filter.- RFC 3673: Lightweight Directory Access Protocol version 3 (LDAPv3): All Operational Attributes
Describes an LDAP extension which clients may use to request the return of all operational attributes.
- RFC 3674: Feature Discovery in Lightweight Directory Access Protocol (LDAP)
Introduces a general mechanism for discovery of elective features and extensions, which cannot be discovered using existing mechanisms.
- RFC 3712: Lightweight Directory Access Protocol (LDAP): Schema for Printer Services
Defines a schema, object classes and attributes, for printers and printer services, for use with LDAP directories.
- RFC 3771: Lightweight Directory Access Protocol (LDAP) Intermediate Response Message
Defines and describes the IntermediateResponse message, a general mechanism for defining single-request/multiple-response operations in LDAP.
- RFC 3829: Lightweight Directory Access Protocol (LDAP) Authorization Identity Request and Response Controls
Extends the LDAP bind operation with a mechanism for requesting and returning the authorization identity it establishes.
- RFC 3876: Returning Matched Values with the Lightweight Directory Access Protocol version 3 (LDAPv3)
Describes a control for LDAPv3 that is used to return a subset of attribute values from an entry.
- RFC 3909: Lightweight Directory Access Protocol (LDAP) Cancel Operation
Describes an LDAP extended operation to cancel (or abandon) an outstanding operation, with a response to indicate the outcome of the operation.
- RFC 4346: The Transport Layer Security (TLS) Protocol Version 1.1
Specifies Version 1.1 of the Transport Layer Security protocol.
- RFC 4370: Lightweight Directory Access Protocol (LDAP) Proxied Authorization Control
Defines the Proxy Authorization Control, which lets a client request that an operation be processed under a provided authorization identity instead of under the current authorization identity associated with the connection.
- RFC 4403: Lightweight Directory Access Protocol (LDAP) Schema for Universal Description, Discovery, and Integration version 3 (UDDIv3)
Defines the LDAP schema for representing UDDIv3 data types in an LDAP directory.
- RFC 4422: Simple Authentication and Security Layer (SASL)
Describes a framework for providing authentication and data security services in connection-oriented protocols via replaceable mechanisms.
- RFC 4505: Anonymous Simple Authentication and Security Layer (SASL) Mechanism
Describes a new way to provide anonymous login needed within the context of the SASL framework.
- RFC 4510: Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map
Provides a road map of the LDAP Technical Specification.
- RFC 4511: Lightweight Directory Access Protocol (LDAP): The Protocol
Describes LDAP protocol elements, and their semantics and encodings.
- RFC 4512: Lightweight Directory Access Protocol (LDAP): Directory Information Models
Describes the X.500 Directory Information Models as used in LDAP.
- RFC 4513: Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms
Describes LDAP authentication methods and security mechanisms.
- RFC 4514: Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names
Defines the string representation used in LDAP to transfer distinguished names.
- RFC 4515: Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters
Defines a human-readable string representation of LDAP search filters that is appropriate for use in LDAP URLs and in other applications.
- RFC 4516: Lightweight Directory Access Protocol (LDAP): Uniform Resource Locator
Describes a format for an LDAP URL.
- RFC 4517: Lightweight Directory Access Protocol (LDAP): Syntaxes and Matching Rules
Defines a base set of syntaxes and matching rules for use in defining attributes for LDAP directories.
- RFC 4518: Lightweight Directory Access Protocol (LDAP): Internationalized String Preparation
Defines string preparation algorithms for character-based matching rules defined for use in LDAP.
- RFC 4519: Lightweight Directory Access Protocol (LDAP): Schema for User Applications
Provides a technical specification of attribute types and object classes intended for use by LDAP directory clients for many directory services, such as white pages.
- RFC 4523: Lightweight Directory Access Protocol (LDAP) Schema Definitions for X.509 Certificates
Describes schema for representing X.509 certificates, X.521 security information, and related elements in LDAP directories.
- RFC 4524: COSINE LDAP/X.500 Schema
Provides a collection of LDAP schema elements from the COSINE and Internet X.500 pilot projects.
- RFC 4525: Lightweight Directory Access Protocol (LDAP) Modify-Increment Extension
Describes an LDAP extension to the LDAP modify operation that supports an increment capability.
- RFC 4526: Lightweight Directory Access Protocol (LDAP) Absolute True and False Filters
Extends LDAP to support absolute True and False filters based upon similar capabilities found in X.500 directory systems.
- RFC 4527: Lightweight Directory Access Protocol (LDAP) Read Entry Controls
Specifies an LDAP extension to let the client read the target entry of an update operation.
- RFC 4528: Lightweight Directory Access Protocol (LDAP) Assertion Control
Defines the LDAP Assertion Control, which lets a client specify that a directory operation should only be processed if an assertion applied to the target entry of the operation is true.
- RFC 4529: Requesting Attributes by Object Class in the Lightweight Directory Access Protocol (LDAP)
Extends LDAP to support a mechanism that lets LDAP clients request the return of all attributes of an object class.
- RFC 4530: Lightweight Directory Access Protocol (LDAP) entryUUID Operational Attribute
Describes the LDAP/X.500 entryUUID operational attribute and associated matching rules and syntax.
- RFC 4532: Lightweight Directory Access Protocol (LDAP) "Who am I?" Operation
Provides an LDAP mechanism for clients to obtain the authorization identity that the server has associated with the user or application entity.
- RFC 4616: The PLAIN Simple Authentication and Security Layer (SASL) Mechanism
Defines a simple plaintext user/password SASL mechanism called the PLAIN mechanism.
- RFC 4634: US Secure Hash Algorithms (SHA and HMAC-SHA)
Specifies Secure Hash Algorithms, SHA-256, SHA-384, and SHA-512, for computing a condensed representation of a message or a data file.
- RFC 4752: The Kerberos V5 ("GSSAPI") Simple Authentication and Security Layer (SASL) Mechanism
Describes the method for using the GSS-API Kerberos V5 in SASL, called the GSSAPI mechanism.
- RFC 4876: A Configuration Profile Schema for Lightweight Directory Access Protocol (LDAP)-Based Agents
Defines a schema for storing a profile for agents that use LDAP.
- RFC 5020: The Lightweight Directory Access Protocol (LDAP) entryDN Operational Attribute
Describes the LDAP/X.500 entryDN operational attribute, which provides a copy of the entry's DN for use in attribute value assertions.
- RFC 5802: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms
Describes SASL SCRAM.
- RFC 5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted Challenge Response Authentication Mechanism (SCRAM) Secrets
Describes how an LDAP directory server stores passwords for use in SCRAM SASL binds.
- RFC 7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS Simple Authentication and Security Layer (SASL) Mechanisms
Registers mechanisms for SASL SCRAM, updating RFC 5802.
- FIPS 180-1: Secure Hash Standard (SHA-1)
Specifies a Secure Hash Algorithm, SHA-1, for computing a condensed representation of a message or a data file.
- FIPS 180-2: Secure Hash Standard (SHA-1, SHA-256, SHA-384, SHA-512)
Specifies four Secure Hash Algorithms for computing a condensed representation of electronic data.
- DSMLv2: Directory Service Markup Language
Provides a method for expressing directory queries and updates as XML documents.
- JavaScript Object Notation
A data-interchange format that aims to be both "easy for humans to read and write," and "easy for machines to parse and generate."
- Simple Cloud Identity Management: Core Schema 1.0
Platform neutral schema and extension model for representing users and groups in JSON and XML formats. DS supports the JSON formats.
- The LDAP Relax Rules Control (Internet-Draft)
Experimental LDAP control allowing a directory client application to request temporary relaxation of data and service model rules.
This control relaxes LDAP constraints, allowing operations that are not normally permitted, such as modifying read-only attributes. To prevent misuse, restrict access to this control to limited administrative accounts.