Chapter 10   Object Class Reference

This chapter contains an alphabetical list of the object classes accepted by the default schema. It provides a definition of each object class, and lists its Required and Allowed Attributes. If an object class inherits attributes from other object classes, the inherited attributes are shown in italics. An object class that inherits from another object class must appear after this object class in the schema.ldif file, otherwise the server will not start.

This chapter distinguishes between structural, and auxiliary, and abstract object classes. All directory entries are instances of structural object classes. Structural object classes represent real world objects, such as people, buildings, or countries. Auxiliary object classes allow you to extend object class definitions for specific entries. Abstract object classes are defined purely as a superclasses or templates for other (structural) object classes. Object classes listed here can be considered structural, unless otherwise indicated.

The object classes listed in this chapter are available to support your own information in the Directory Server. Object classes that are used by the Directory Server or other Sun ONE products for internal operations are not documented here. For information about these internal object classes, refer to Chapter 5 "Plug-In Implemented Server Functionality."

---

Note

The schema provided with Sun ONE Directory Server differs from that specified in RFC 2256 with regard to the groupOfNames and groupOfUniqueNames object classes. In the schema provided, the member and uniquemember attribute types are optional, while RFC 2256 specifies that at least one value for these types must be present in the respective object class. The LDAP RFCs (and X.500 standards) allow for an object class to have more than one superior. This behavior is not currently supported by Directory Server.

---

account

Definition

Used to define entries representing computer accounts.

This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.5

Required Attributes

Attribute	Description
objectClass	Defines the object class for the entry.
uid (userID)	Identifies the account's user ID.

Allowed Attributes

Attribute	Description
description	Text description of the entry.
host	Hostname of the computer on which the account resides.
l (localityName)	Place in which the account is located.
o (organizationName)	Organization to which the account belongs.
ou (organizationUnitName)	Organizational unit to which the account belongs.
seeAlso	DN to information relevant to the account.

alias

Definition

Abstract object class, used to point to other entries in the directory tree.

Note that alias dereferencing is not supported in Sun ONE Directory Server.

This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.1

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
aliasedObjectName	Distinguished name of the entry for which this entry is an alias.

bootableDevice

Definition

Auxiliary object class that specifies a device with boot parameters.

This object class is defined in RFC 2307.

Superior Class

top

OID

1.3.6.1.1.1.2.12

Allowed Attributes

Attribute	Description
bootFile	The name of the boot image.
bootParameter	Boot parameters.

changeLogEntry

Definition

Internal object class, used to represent changes made to the directory server. You can configure Sun ONE Directory Server 5.2 to maintain a change log that is compatible with the change log implemented in Directory Server 4.x, 5.0, and 5.1 by enabling the Retro Changelog plug-in. Each entry in the change log has the object class changeLogEntry. This object class is defined in the Changelog Internet Draft.

Superior Class

top

OID

2.16.840.1.113730.3.2.1

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
changeNumber	Number assigned arbitrarily to the changelog.
changeTime	The time at which a change took place.
changeType	The type of change performed on an entry.
targetDn	The distinguished name of an entry added, modified, or deleted on a supplier server.

Allowed Attributes

Attribute	Description
changes	Changes made to Directory Server.
deleteOldRdn	A flag that defines whether the old Relative Distinguished Name (RDN) of the entry should be kept as a distinguished attribute of the entry, or deleted.
newRdn	New RDN of an entry that is the target of a modRDN or modDN operation.
newSuperior	Name of the entry that becomes the immediate superior of the existing entry, when processing a modDN operation.

cosClassicDefinition

Definition

Identifies the template entry using both the template entry's DN (as specified in the cosTemplateDn attribute) and the value of one of the target entry's attributes (as specified in the cosSpecifier attribute).

This object class is defined in Sun ONE Directory Server.

Superior Class

cosSuperDefinition

OID

2.16.840.1.113730.3.2.100

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
cosAttribute	Provides the name of the attribute for which you want to generate a value. You can specify more than one cosAttribute value.

Allowed Attributes

Attribute	Description
cn (commonName)	Common name of the entry.
cosSpecifier	Specifies the attribute value used by a classic CoS, which, along with the template entry's DN, identifies the template entry.
cosTemplateDn	Provides the DN of the template entry associated with the CoS definition.
description	Text description of the entry.

cosDefinition

Definition

Defines the Class of Service you are using. This object class is supported for compatibility with the Directory Server 4.1 CoS Plugin. It will be deprecated in a future Directory Server release.

This object class is defined in Sun ONE Directory Server.

Superior Class

top

OID

2.16.840.1.113730.3.2.84

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.

Allowed Attributes

Attribute	Description
aci	Evaluates what rights are granted or denied when the directory receives an LDAP request from a client.
cn (commonName)	Common name of the entry.
cosAttribute	Provides the name of the attribute for which you want to generate a value. You can specify more than one cosAttribute value.
cosSpecifier	Specifies the attribute value used by a classic CoS, which, along with the template entry's DN, identifies the template entry.
cosTargetTree	Determines the subtree of the DIT to which the CoS schema applies. This attribute is single-valued. Using multiple values will have a negative performance impact.
cosTemplateDn	Provides the DN of the template entry associated with the CoS definition.
uid (userID)	Identifies the user id.

cosIndirectDefinition

Definition

Identifies the template entry using the value of one of the target entry's attributes. The attribute of the target entry is specified in the cosIndirectSpecifier attribute.

This object class is defined in Sun ONE Directory Server.

Superior Class

cosSuperDefinition

OID

2.16.840.1.113730.3.2.102

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
cosAttribute	Provides the name of the attribute for which you want to generate a value. You can specify more than one cosAttribute value.

Allowed Attributes

Attribute	Description
cn (commonName)	Common name of the entry.
cosIndirectSpecifier	Specifies the attribute value used by an indirect CoS to identify the template entry.
description	Text description of the entry.

cosPointerDefinition

Definition

Identifies the template entry associated with the CoS definition using the template entry's DN value. The DN of the template entry is specified in the cosTemplateDn attribute.

This object class is defined in Sun ONE Directory Server.

Superior Class

cosSuperDefinition

OID

2.16.840.1.113730.3.2.101

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
cosAttribute	Provides the name of the attribute for which you want to generate a value. You can specify more than one cosAttribute value.

Allowed Attributes

Attribute	Description
cn (commonName)	Common name of the entry.
cosTemplateDn	Provides the DN of the template entry associated with the CoS definition.
description	Text description of the entry.

cosSuperDefinition

Definition

All CoS definition object classes inherit from the cosSuperDefinition object class.

This object class is defined in Sun ONE Directory Server.

Superior Class

ldapSubEntry

OID

2.16.840.1.113730.3.2.99

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
cosAttribute	Provides the name of the attribute for which you want to generate a value. You can specify more than one cosAttribute value.

Allowed Attributes

Attribute	Description
cn (commonName)	Common name of the entry.
description	Text description of the entry.

cosTemplate

Definition

Contains a list of the shared attribute values.

This object class is defined in Sun ONE Directory Server.

Superior Class

top

OID

2.16.840.1.113730.3.2.128

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.

Allowed Attributes

Attribute	Description
cn (commonName)	Common name of the entry.
cosPriority	Specifies which template provides the attribute value, when CoS templates compete to provide an attribute value.

country

Definition

Used to define entries that represent countries.

This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.2

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
c (countryName)	Contains the two-character code representing country names in the directory (as defined in ISO-3166.)

Allowed Attributes

Attribute	Description
description	Text description of the country.
searchGuide	Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation (Distinguished Name).

dcObject

Definition

This auxiliary object class defines a domain component, such as a network domain that is associated with the entry. This object class is defined as auxiliary because it is commonly used in combination with another object class, such as organization, organizationUnit, or locality. For example:

dn: ou=Engineering,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
objectClass: dcObject
ou: Engineering
dc: eng

This object class is defined in RFC 2247.

---

Note

Suffixes often contain the dc attribute, such as dc=example,dc=com in the example above. Suffixes use the dc attribute to suggest that the directory they represent is associated with a certain domain. However, the suffix is a string associated with a database and is not related to the dcObject object class.

---

Superior Class

top

OID

1.3.6.1.4.1.1466.344

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
dc (domainComponent)	One component of a domain name.

See Also

domain

device

Definition

Used to store information about network devices, such as printers, in the directory.

This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.14

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
cn (commonName)	The common name of the series.

Allowed Attributes

Attribute	Description
description	Text description of the device.
l (localityName)	Place in which the device is located.
o (organizationName)	Organization to which the device belongs.
ou (organizationUnitName)	Organizational unit to which the device belongs.
owner	Distinguished name of the person responsible for the device.
seeAlso	DN to information relevant to the device.
serialNumber	Serial number of the device.

document

Definition

Used to define entries that represent documents in the directory.

This object class is defined in RFC 1274.

Superior Class

pilotObject

OID

0.9.2342.19200300.100.4.6

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
documentIdentifier	Unique identifier for a document.

Allowed Attributes

Attribute	Description
abstract	Abstract of the document.
audio	Stores a sound file in binary format.
authorCn	Author's common or given name.
authorSn	Author's surname.
cn (commonName)	Common name of the document.
description	Text description of the document.
ditRedirect	Distinguished name to use as a redirect for the entry.
documentAuthor	Distinguished name of the document author.
documentLocation	Location of the original document.
documentPublisher	Person or organization that published the document.
documentStore	Not defined.
documentTitle	The document's title.
documentVersion	The document's version number.
info	Information about the object.
jpegPhoto	Photo in jpeg format.
keyWords	Keywords that describe the document.
l (localityName)	Place in which the document is located.
lastModifiedBy	Distinguished name of the last user to modify the document.
lastModifiedTime	Last time the document was modified.
manager	Distinguished name of the object's manager.
o (organizationName)	Organization to which the document belongs.
obsoletedByDocument	Distinguished name of a document that obsoletes this document.
obsoletesDocument	Distinguished name of a document that is obsoleted by this document.
ou (organizationUnitName)	Organizational unit to which the document belongs.
photo	Photo of the document, in binary form.
seeAlso	DN to information relevant to the document.
subject	Subject of the document.
uniqueIdentifier	Specific item used to distinguish between two entries when a distinguished name has been reused.
updatedByDocument	Distinguished name of a document that is an updated version of this document.
updatesDocument	Distinguished name of a document for which this document is an updated version.

documentSeries

Definition

Used to define an entry that represents a series of documents.

This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.9

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
cn (commonName)	The common name of the series.

Allowed Attributes

Attribute	Description
description	Text description of the series.
l (localityName)	Place in which the series is located.
o (organizationName)	Organization to which the series belongs.
ou (organizationUnitName)	Organizational unit to which the series belongs.
seeAlso	DN to information relevant to the series.
telephoneNumber	Telephone number of the person responsible for the series.

domain

Definition

Used to represent Internet Domains (for example, example.com). The domainComponent attribute should be used for naming entries of this object class.

The domain object class can only be used with an entry that does not correspond to an organization, organizational unit, or other type of object for which an object class has been defined. The domain object class requires that the domainComponent attribute be present, and allows several other attributes to be present in the entry. These allowed attributes are used to describe the object represented by the domain, and may also be useful when searching.

This object class is defined in RFC 2247.

Superior Class

top

OID

0.9.2342.19200300.100.4.13

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
dc (domainComponent)	One component of a domain name.

Allowed Attributes

Attribute	Description
associatedName	Entry in the organizational directory tree associated with a DNS domain.
businessCategory	Type of business in which this domain is engaged.
description	Text description of the domain.
destinationIndicator	Country and city associated with the entry needed to provide Public Telegram Service.
fax (facsimileTelephoneNumber)	Domain's fax number.
internationaliSDNNumber	Domain's ISDN number.
l (localityName)	Place in which the domain is located.
o (organizationName)	Organization to which the domain belongs.
physicalDeliveryOfficeName	Location where physical deliveries can be made.
postOfficeBox	Domain's post office box.
postalAddress	Domain's mailing address.
postalCode	The postal code for this address (such as a United States zip code).
preferredDeliveryMethod	Domain's preferred method of contact or delivery.
registeredAddress	Postal address suitable for reception of expedited documents, where the recipient must verify delivery.
searchGuide	Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation.
seeAlso	DN to information relevant to the domain.
st (stateOrProvinceName)	State or province in which the domain is located.
street (streetAddress)	Street address in which the domain is located.
telephoneNumber	Domain's telephone number.
telexNumber	Identifier for a domain's teletex terminal.
telexNumber	Domain's telex number.
userPassword	Password with which the entry can bind to the directory.
x121Address	X.121 address of the domain.

See Also

dcObject

domainRelatedObject

Definition

Used to define entries that represent DNS/NRS domains that are "equivalent" to an X.500 domain, for example, an organization or organizational unit.

This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.17

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
associatedDomain	Specifies a DNS domain associated with an object in the directory tree.

dSA

Definition

Used to define entries representing Directory Server Agents.

This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.13

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
cn (commonName)	The Directory Server Agent's common name.
presentationAddress	Contains an OSI presentation address for the entry.

Allowed Attributes

Attribute	Description
description	Text description of the series.
knowledgeInformation	This attribute is no longer used.
l (localityName)	Place in which the series is located.
o (organizationName)	Organization to which the series belongs.
ou (organizationUnitName)	Organizational unit to which the series belongs.
seeAlso	DN to information relevant to the series.
supportedApplicationContext	This attribute contains the identifiers of OSI application contexts.

extensibleObject

Definition

Auxiliary object class which, when present in an entry, permits the entry to optionally hold any attribute. The allowed attribute list of this class is implicitly the set of all attributes known to the server.

This object class is defined in RFC 2252.

Superior Class

top

OID

1.3.6.1.4.1.1466.101.120.111

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.

Allowed Attributes

All attributes known to the server.

friendlyCountry

Definition

Used to define country entries in the directory tree. This object class is used to allow more user-friendly country names than those allowed by the country object class.

This object class is defined in RFC 1274.

Superior Class

country

OID

0.9.2342.19200300.100.4.18

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
co (friendlyCountryName)	Stores the name of a country.
c (countryName)	Contains the two-character code representing country names in the directory (as defined in ISO-3166).

Allowed Attributes

Attribute	Description
description	Text description of the country.
searchGuide	Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation.

groupOfCertificates

Definition

Used to describe a set of X.509 certificates. Any certificate that matches one of the memberCertificateDescription values is considered a member of the group.

This object class is defined in Sun ONE Directory Server.

Superior Class

top

OID

2.16.840.1.113730.3.2.31

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
cn (commonName)	The group's common name.

Allowed Attributes

Attribute	Description
businessCategory	Type of business in which the group is engaged.
description	Text description of the group's purpose.
memberCertificateDescription	Values used to determine if a particular certificate is a member of this group.
o (organizationName)	Organization to which the group of certificates belongs.
ou (organizationUnitName)	Organizational unit to which the group belongs.
owner	Distinguished name of the person responsible for the group.
seeAlso	DN to information relevant to the group.

groupOfNames

Definition

Used to define entries for a group of names.

---

Note	The definition in Sun ONE Directory Server differs from the standard definition. In the standard definition, member is a required attribute. In Directory Server member is an allowed attribute. Directory Server therefore allows a group to have no member.

---

This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.9

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
cn (commonName)	The group's common name.

Allowed Attributes

Attribute	Description
businessCategory	Type of business in which the group is engaged.
description	Text description of the group's purpose.
member	Distinguished name of a group member.
o (organizationName)	Organization to which the group belongs.
ou (organizationUnitName)	Organizational unit to which the group belongs.
owner	Distinguished name of the person responsible for the group.
seeAlso	DN to information relevant to the group.

groupOfUniqueNames

Definition

Used to define entries for a group of unique names.

This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.17

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
cn (commonName)	The group's common name.

Allowed Attributes

Attribute	Description
businessCategory	Type of business in which the group is engaged.
description	Text description of the group's purpose.
o (organizationName)	Organization to which the group belongs.
ou (organizationUnitName)	Organizational unit to which the group belongs.
owner	Distinguished name of the person responsible for the group.
seeAlso	DN to information relevant to the group.
uniqueMember	Distinguished name of a unique group member, optionally followed by a hash (#) and a unique identifier label.

groupOfURLs

Definition

An auxiliary object class of groupOfUniqueNames or groupOfNames. The group consists of a list of labeled URLs.

This object class is defined in Sun ONE Directory Server.

Superior Class

top

OID

2.16.840.1.113730.3.2.33

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
cn (commonName)	The group's common name.

Allowed Attributes

Attribute	Description
businessCategory	Type of business in which the group is engaged.
description	Text description of the group's purpose.
memberURL	URL associated with each member of the group.
o (organizationName)	Organization to which the group belongs.
ou (organizationUnitName)	Organizational unit to which the group belongs.
owner	Distinguished name of the person responsible for the group.
seeAlso	DN to information relevant to the group.

ieee802Device

Definition

Auxiliary object class, specifying a device with a MAC address.

This object class is defined in RFC 2307.

Superior Class

top

OID

1.3.6.1.1.1.2.11

Allowed Attributes

Attribute	Description
macAddress	The MAC address of the device.

inetOrgPerson

Definition

Used to define entries representing people in an organization's enterprise network.

This object class is defined in RFC 2798.

Superior Class

organizationalPerson

OID

2.16.840.1.113730.3.2.2

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
cn (commonName)	The person's common name.
sn (surname)	The person's surname, or last name.

Allowed Attributes

Attribute	Description
audio	Stores a sound file in binary format.
businessCategory	Type of business in which the person is engaged.
carLicense	The license plate number of the person's vehicle.
departmentNumber	Department for which the person works.
description	Text description of the person.
destinationIndicator	Country and city associated with the entry needed to provide Public Telegram Service.
displayName	Preferred name of a person to be used when displaying entries.
employeeNumber	The person's employee number.
employeeType	The person's type of employment (for example, full time).
fax (facsimileTelephoneNumber)	The person's fax number.
givenName	The person's given, or first, name.
homePhone	The person's home phone number.
homePostalAddress	The person's home mailing address.
initials	The person's initials.
internationaliSDNNumber	The person's ISDN number.
jpegPhoto	Photo in JPEG format.
l (localityName)	Place in which the person is located.
labeledURI	Universal Resource Identifier that is relevant to the person.
mail	The person's email address.
manager	Distinguished name of the person's manager.
mobile	The person's mobile phone number.
o (organizationName)	Organization to which the person belongs.
ou (organizationUnitName)	Organizational unit to which the person belongs.
pager (pagerTelephoneNumber)	The person's pager number.
photo	Photo of the person, in binary form.
physicalDeliveryOfficeName	Location where physical deliveries can be made to the person.
postOfficeBox	The person's post office box.
postalAddress	The person's mailing address.
postalCode	The postal code for this address (such as a United States zip code).
preferredDeliveryMethod	The person's preferred method of contact or delivery.
preferredLanguage	The person's preferred written or spoken language.
registeredAddress	Postal address suitable for reception of courier documents, where the recipient must verify delivery.
roomNumber	The room number in which the person is located.
secretary	Distinguished name of the person's secretary or administrative assistant.
seeAlso	DN to information relevant to the person.
st (stateOrProvinceName)	State or province in which the person is located.
street (streetAddress)	Street address at which the person is located.
telephoneNumber	The person's telephone number.
telexNumber	Identifier for the person's teletex terminal.
telexNumber	The person's telex number.
title	The person's job title.
uid (userID)	Identifies the person's user id (usually the logon ID).
userCertificate	Stores a user's certificate in clear text (not used).
userPassword	Password with which the entry can bind to the directory.
userSMIMECertificate	Stores a user's certificate in binary form. Used by Netscape Communicator for S/MIME.
x121Address	X.121 address of the person.
x500UniqueIdentifier	Reserved.

ipHost

Definition

Auxiliary object class, specifying an abstraction of a host, an IP device. The distinguished value of the cn attribute denotes the canonical name of the host.

This object class is defined in RFC 2307.

Superior Class

top

OID

1.3.6.1.1.1.2.6

Required Attributes

Attribute	Description
cn (commonName)	The common name of the host.
ipHostNumber	The IP address, expressed as a dotted decimal.

Allowed Attributes

Attribute	Description
description	Text description of the host.
manager	Distinguished name of the object's manager.

ipNetwork

Definition

Auxiliary object class, specifying an abstraction of a host, an IP device. The distinguished value of the cn attribute denotes the canonical name of the host.

This object class is defined in RFC 2307.

Superior Class

top

OID

1.3.6.1.1.1.2.7

Required Attributes

Attribute	Description
cn (commonName)	The common name of the host.
ipHostNumber	The IP address, expressed as a dotted decimal.

Allowed Attributes

Attribute	Description
description	Text description of the host.
manager	Distinguished name of the object's manager.

ipProtocol

Definition

Abstraction of an IP protocol. This object class maps a protocol number to one or more names. The distinguished value of the cn attribute denotes the protocol's canonical name.

This object class is defined in RFC 2307.

Superior Class

top

OID

1.3.6.1.1.1.2.4

Required Attributes

Attribute	Description
cn (commonName)	The common name of the protocol.
ipProtocolNumber	The IP protocol number.

Allowed Attributes

Attribute	Description
description	Text description of the host.

ipService

Definition

Abstraction an Internet Protocol service. This object class maps an IP port and protocol (such as tcp or udp) to one or more names. The distinguished value of the cn attribute denotes the service's canonical name.

This object class is defined in RFC 2307.

Superior Class

top

OID

1.3.6.1.1.1.2.3

Required Attributes

Attribute	Description
cn (commonName)	The common name of the protocol.
ipServicePort	The IP service port number.
ipServiceProtocol	The IP service protocol.

Allowed Attributes

Attribute	Description
description	Text description of the host.

javaContainer

Definition

Represents a container for a Java object.

This object class is defined in RFC 2713.

Superior Class

top

OID

1.3.6.1.4.1.42.2.27.4.2.1

Required Attributes

Attribute	Description
cn (commonName)	The common name of the protocol.

javaMarshalledObject

Definition

Auxiliary object class that represents a Java marshalled object. It must be mixed with a structural object class.

This object class is defined in RFC 2713.

Superior Class

javaObject

OID

1.3.6.1.4.1.42.2.27.4.2.8

Required Attributes

Attribute	Description
javaSerializedData	The serialized form of a Java object.

javaNamingReference

Definition

Auxiliary object class that represents a JNDI reference. It must be mixed in with a structural object class.

This object class is defined in RFC 2713.

Superior Class

javaObject

OID

1.3.6.1.4.1.42.2.27.4.2.7

Allowed Attributes

Attribute	Description
javaFactory	The fully qualified class name of the object factory.
javaReferenceAddress	The sequence of addresses of a JNDI reference.

javaObject

Definition

Abstract object class that represents a Java object.

This object class is defined in RFC 2713.

Superior Class

top

OID

1.3.6.1.4.1.42.2.27.4.2.4

Required Attributes

Attribute	Description
javaClassName	The fully qualified name of the Java object's distinguished class or interface.

Allowed Attributes

Attribute	Description
description	Text description of the host.
javaClassNames	The Java object's fully qualified class or interface names.
javaCodebase	The Java class definition's locations.
javaDoc	A pointer to the Java documentation for the class.

javaSerializedObject

Definition

Auxiliary object class that represents a Java serialized object. It must be mixed in with a structural object class.

This object class is defined in RFC 2713.

Superior Class

javaObject

OID

1.3.6.1.4.1.42.2.27.4.2.5

Required Attributes

Attribute	Description
javaSerializedData	The serialized form of a Java object.

labeledURIObject

Definition

Auxiliary object class that can be added to existing directory objects to allow for inclusion of URI values. This approach does not preclude including the labeledURI attribute type directly in other object classes as appropriate.

This object class is defined in RFC 2079.

Superior Class

top

OID

1.3.6.1.4.1.250.3.15

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.

Allowed Attributes

Attribute	Description
labeledURI	Universal Resource Identifier that is relevant to the entry.

ldapSubentry

Definition

This structural object class may be used to indicate operations and management related entries in the directory, called LDAP Subentries.

This object class is defined in the LDAP Subentry Internet Draft.

Superior Class

top

OID

2.16.840.1.113719.2.142.6.1.1

Allowed Attributes

Attribute	Description
cn (commonName)	Identifies the name of the subentry.

locality

Definition

Used to define entries that represent localities or geographic areas.

This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.3

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.

Allowed Attributes

Attribute	Description
description	Text description of the locality.
l (localityName)	Place in which the entry is located.
searchGuide	Specifies information for a suggested search criteria when using the entry as the base object in the directory tree for a search operation.
seeAlso	DN to information relevant to the locality.
st (stateOrProvinceName)	State or province to which the locality belongs.
street (streetAddress)	Street address associated with the locality.

newPilotPerson

Definition

Used as a subclass of person, to allow the use of a number of additional attributes to be assigned to entries of the person object class. Inherits cn and sn from the person object class.

This object class is defined in Internet White Pages Pilot.

Superior Class

person

OID

0.9.2342.19200300.100.4.4

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
cn (commonName)	The person's common name.
sn (surname)	The person's surname, or last name.

Allowed Attributes

Attribute	Description
businessCategory	Type of business in which this person is engaged.
description	Text description of the person.
drink (favoriteDrink)	The person's favorite drink.
homePhone	The person's home phone number.
homePostalAddress	The person's home mailing address.
janetMailbox	The person's email address, intended for the convenience of UK users unfamiliar with rfc822 mail addresses.
mail	The person's email address.
mailPreferenceOption	Indicates a preference for inclusion of the person's name on mailing lists (electronic or physical). Not valid in Messaging Server 4.0.
mobile	The person's mobile phone number.
organizationalStatus	The person's type of employment (for example, full time).
otherMailbox	Values for electronic mailbox types other than X.400 and rfc822.
pager (pagerTelephoneNumber)	The person's pager number.
personalSignature	The person's signature file.
personalTitle	The person's personal title.
preferredDeliveryMethod	The person's preferred method of contact or delivery.
roomNumber	The person's room number.
secretary	Distinguished name of the person's secretary or administrative assistant.
seeAlso	DN to information relevant to the person.
telephoneNumber	The person's telephone number.
textEncodedORAddress	The person's text-encoded Originator/Recipient (X.400) address.
uid (userID)	Identifies the person's user id (usually the logon ID).
userClass	Category of user.
userPassword	Password with which the entry can bind to the directory.

nisMap

Definition

A generic abstraction of a NIS map.

This object class is defined in RFC 2307.

Superior Class

top

OID

1.3.6.1.1.1.2.9

Required Attributes

Attribute	Description
nisMapName	The name of the NIS map.

Allowed Attributes

Attribute	Description
description	Text description of the NIS map.

nisNetgroup

Definition

An abstraction of a netgroup. May refer to other netgroups.

This object class is defined in RFC 2307.

Superior Class

top

OID

1.3.6.1.1.1.2.8

Required Attributes

Attribute	Description
cn (commonName)	The common name of the netgroup.

Allowed Attributes

Attribute	Description
description	Text description of the netgroup.
nisNetgroupTriple	Defines a NIS netgroup with the syntax "hostname","username","domainname".
memberNisNetgroup	The name of the netgroup.

nisObject

Definition

Defines an entry in a NIS map.

This object class is defined in RFC 2307.

Superior Class

top

OID

1.3.6.1.1.1.2.10

Required Attributes

Attribute	Description
cn (commonName)	The common name of the entry.
nisMapEntry	The NIS map entry ID.
nisMapName	The name of the NIS map.

Allowed Attributes

Attribute	Description
description	Text description of the locality.

nsComplexRoleDefinition

Definition

Any role that is not a simple role is, by definition, a complex role.

This object class is defined in Sun ONE Directory Server.

Superior Class

nsRoleDefinition

OID

2.16.840.1.113730.3.2.95

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.

Allowed Attributes

Attribute	Description
cn (commonName)	The entry's common name.
description	Text description of the entry.

nsFilteredRoleDefinition

Definition

Specifies assignment of entries to the role, depending upon the attributes contained by each entry.

This object class is defined in Sun ONE Directory Server.

Superior Class

nsComplexRoleDefinition

OID

2.16.840.1.113730.3.2.97

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
nsRoleFilter	Specifies the filter assigned to an entry.

Allowed Attributes

Attribute	Description
cn (commonName)	The entry's common name.
description	Text description of the entry.

nsLicenseUser

Definition

Used to track licenses for servers that are licensed on a per-client basis. nsLicenseUser is intended to be used with the inetOrgPerson object class. You can manage the contents of this object class through the Users and Groups area of the Administration Server.

This object class is defined in Sun ONE Administration Services.

Superior Class

top

OID

2.16.840.1.113730.3.2.7

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.

Allowed Attributes

Attribute	Description
nsLicensedFor	Specifies a license.
nsLicenseEndTime	Specifies an end time for a license.
nsLicenseStartTime	Specifies a start time for a license.

nsManagedRoleDefinition

Definition

Specifies assignment of a role to an explicit, enumerated list of members.

This object class is defined in Sun ONE Directory Server.

Superior Class

nsSimpleRoleDefinition

OID

2.16.840.1.113730.3.2.96

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.

Allowed Attributes

Attribute	Description
cn (commonName)	The entry's common name.
description	Text description of the entry.

nsNestedRoleDefinition

Definition

Specifies containment of one or more roles of any type within the role.

This object class is defined in Sun ONE Directory Server.

Superior Class

nsComplexRoleDefinition

OID

1.3.6.1.4.1.42.2.27.9.2.9

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
nsRoleDN	Specifies the roles assigned to an entry.

Allowed Attributes

Attribute	Description
cn (commonName)	The entry's common name.
description	Text description of the entry.
nsRoleScopeDN	Defines the scope of the role entry.

nsRoleDefinition

Definition

All role definition object classes inherit from the nsRoleDefinition object class.

This object class is defined in Sun ONE Directory Server.

Superior Class

ldapSubEntry

OID

2.16.840.1.113730.3.2.93

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.

Allowed Attributes

Attribute	Description
cn (commonName)	The entry's common name.
description	Text description of the entry.

nsSimpleRoleDefinition

Definition

Roles containing this object class are called simple roles because they have a deliberately limited flexibility, which makes it easy to:

• Enumerate the members of a role.
• Determine whether a given entry possesses a particular role.
• Enumerate all the roles possessed by a given entry.
• Assign a particular role to a given entry.
• Remove a particular role from a given entry.

This object class is defined in Sun ONE Directory Server.

Superior Class

nsRoleDefinition

OID

2.16.840.1.113730.3.2.94

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.

Allowed Attributes

Attribute	Description
cn (commonName)	The entry's common name.
description	Text description of the entry.

oncRpc

Definition

An abstraction of an Open Network Computing (ONC) Remote Procedure Call (RPC) binding. This class maps an ONC RPC number to a name. The distinguished value of the cn attribute denotes the RPC service's canonical name.

This object class is defined in RFC 2307.

Superior Class

top

OID

1.3.6.1.1.1.2.5

Required Attributes

Attribute	Description
cn (commonName)	The entry's common name.
oncRpcNumber	The ONC RPC number.

Allowed Attributes

Attribute	Description
description	Text description of the entry.

organization

Definition

Used to define entries that represent organizations. An organization is generally assumed to be a large, relatively static grouping within a larger corporation or enterprise.

This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.4

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
o (organizationName)	The name of the organization.

Allowed Attributes

Attribute	Description
businessCategory	Type of business in which the organization is engaged.
description	Text description of the organization.
destinationIndicator	Country and city associated with the entry needed to provide Public Telegram Service.
fax (facsimileTelephoneNumber)	The organization's fax number.
internationaliSDNNumber	The organization's ISDN number.
l (localityName)	Place in which the organization is located.
physicalDeliveryOfficeName	Location where physical deliveries can be made to the organization.
postalAddress	The organization's mailing address.
postalCode	The postal code for this address (such as a United States zip code).
postOfficeBox	The organization's post office box.
preferredDeliveryMethod	The organization's preferred method of contact or delivery.
registeredAddress	Postal address suitable for reception of expedited documents, where the recipient must verify delivery.
searchGuide	Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation.
seeAlso	DN to information relevant to the organization.
st (stateOrProvinceName)	State or province in which the organization is located.
street (streetAddress)	Street address at which the organization is located.
telephoneNumber	The organization's telephone number.
telexNumber	Identifier for the organization's teletex terminal.
telexNumber	The organization's telex number.
userPassword	Password with which the entry can bind to the directory.
x121Address	X.121 address of the organization.

organizationalPerson

Definition

Used to define entries for people employed by or associated with an organization.

This object class is defined in RFC 2256.

Superior Class

person

OID

2.5.6.7

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
cn (commonName)	The person's common name.
sn (surname)	The person's surname, or last name.

Allowed Attributes

Attribute	Description
description	Text description of the person.
destinationIndicator	Country and city associated with the person needed to provide Public Telegram Service.
fax (facsimileTelephoneNumber)	The person's fax number.
internationaliSDNNumber	The person's ISDN number.
l (localityName)	Place in which the person is located.
ou (organizationUnitName)	Organizational unit to which the person belongs.
physicalDeliveryOfficeName	Location where physical deliveries can be made to this person.
postalAddress	The person's mailing address.
postalCode	The postal code for this address (such as a United States zip code).
postOfficeBox	The person's post office box.
preferredDeliveryMethod	The person's preferred method of contact or delivery.
registeredAddress	Postal address suitable for reception of expedited documents, where the recipient must verify delivery.
seeAlso	DN to information relevant to the person.
st (stateOrProvinceName)	State or province in which the person is located.
street (streetAddress)	Street address at which the person is located.
telephoneNumber	The person's telephone number.
telexNumber	Identifier for the person's teletex terminal.
telexNumber	The person's telex number.
title	The person's job title.
userPassword	Password with which the entry can bind to the directory.
x121Address	X.121 address of the person.

organizationalRole

Definition

Used to define entries that represent roles held by people within an organization.

This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.8

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
cn (commonName)	The role's common name.

Allowed Attributes

Attribute	Description
description	Text description of the role.
destinationIndicator	Country and city associated with the entry needed to provide Public Telegram Service.
fax (facsimileTelephoneNumber)	Fax number of the person in the role.
internationaliSDNNumber	ISDN number of the person in the role.
l (localityName)	Place in which the person in the role is located.
ou (organizationUnitName)	Organizational unit to which the person in the role belongs.
physicalDeliveryOfficeName	Location where physical deliveries can be made to the person in the role.
postalAddress	The mailing address for the person in the role.
postalCode	The postal code for this address (such as a United States zip code).
postOfficeBox	The post office box for the person in the role.
preferredDeliveryMethod	Preferred method of contact or delivery of the person in the role.
registeredAddress	Postal address suitable for reception of expedited documents, where the recipient must verify delivery.
roleOccupant	Distinguished name of the person in the role.
seeAlso	DN to information relevant to the person in the role.
st (stateOrProvinceName)	State or province in which the person in the role is located.
street (streetAddress)	Street address at which the person in the role is located.
telephoneNumber	Telephone number of the person in the role.
telexNumber	Identifier for the teletex terminal of the person in the role.
telexNumber	Telex number of the person in the role.
x121Address	X.121 address of the person in the role.

organizationalUnit

Definition

Used to define entries that represent organizational units. An organizational unit is generally assumed to be a relatively static grouping within a larger organization.

This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.5

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
ou (organizationUnitName)	The name of the organizational unit.

Allowed Attributes

Attribute	Description
businessCategory	Type of business in which the organizational unit is engaged.
description	Text description of the organizational unit.
destinationIndicator	Country and city associated with the organizational unit needed to provide Public Telegram Service.
fax (facsimileTelephoneNumber)	The organizational unit's fax number.
internationaliSDNNumber	The organizational unit's ISDN number.
l (localityName)	Place in which the organizational unit is located.
physicalDeliveryOfficeName	Location where physical deliveries can be made to the organizational unit.
postalAddress	The organizational unit's mailing address.
postalCode	The postal code for this address (such as a United States zip code).
postOfficeBox	The organizational unit's post office box.
preferredDeliveryMethod	The organizational unit's preferred method of contact or delivery.
registeredAddress	Postal address suitable for reception of expedited documents, where the recipient must verify delivery.
searchGuide	Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation.
seeAlso	DN to information relevant to the organizational unit.
st (stateOrProvinceName)	State or province in which the organizational unit is located.
street (streetAddress)	Street address at which the organizational unit is located.
telephoneNumber	The organizational unit's telephone number.
telexNumber	Identifier for the organizational unit's teletex terminal.
telexNumber	The organizational unit's telex number.
userPassword	Password with which the entry can bind to the directory.
x121Address	X.121 address of the organizational unit.

passwordPolicy

Definition

Defines a password policy entry.

This object class is defined in Sun ONE Directory Server.

Superior Class

top

OID

1.3.6.1.4.1.42.2.27.9.2.6

Required Attributes

Attribute	Description
cn (commonName)	The common name of the password policy.

Allowed Attributes

Attribute	Description
description	Text description of the password policy.
passwordChange	Indicates whether users may change their passwords.
passwordCheckSyntax	Indicates whether the password syntax will be checked before the password is saved.
passwordExp	Indicates whether user passwords will expire after a given number of seconds.
passwordExpireWithoutWarning	Indicates whether a password can expire regardless of whether the user was warned about the expiration date.
passwordInHistory	Indicates the number of passwords the Directory Server stores in history.
passwordLockout	Enables the account lockout mechanism.
passwordLockoutDuration	Specifies the length of time (in seconds) during which users will be locked out of the directory.
passwordMaxAge	Indicates the number of seconds after which user passwords will expire.
passwordMaxFailure	Specifies the number of consecutive failed bind attempts after which a user will be locked out of the directory.
passwordMinAge	Specifies the number of seconds that must elapse between password modifications.
passwordMinLength	Specifies the minimum number of characters that must be used in a password.
passwordMustChange	Indicates whether users must change their passwords when they first bind to the Directory Server, or when the password has been reset by the administrator.
passwordResetFailureCount	Specifies the length of time (in seconds) after which the password failure is reset to 0.
passwordStorageScheme	Specifies the algorithm used to encrypt Directory Server passwords.
passwordUnlock	Specifies whether user accounts will be unlocked after a period of time.
passwordWarning	Specifies the number of seconds before a user's password expires that the user will receive a password expiration warning on attempting to authenticate to the directory.

person

Definition

Used to define entries that generically represent people. This object class is the base class for the organizationalPerson object class.

This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.6

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
cn (commonName)	The person's common name.
sn (surname)	The person's surname, or last name.

Allowed Attributes

Attribute	Description
description	Text description of the person.
seeAlso	DN to information relevant to the person.
telephoneNumber	The person's telephone number.
userPassword	Password with which the entry can bind to the directory.

pilotObject

Definition

Used as a subclass to allow additional attributes to be assigned to entries of all other object classes.

This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.3

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.

Allowed Attributes

Attribute	Description
audio	Stores a sound file in binary format.
ditRedirect	Distinguished name to use as a redirect for the entry.
info	Information about the object.
jpegPhoto	Photo in jpeg format.
lastModifiedBy	Distinguished name of the last user to modify the object.
lastModifiedTime	Last time the object was modified.
manager	Distinguished name of the object's manager.
photo	Photo of the object.
uniqueIdentifier	Specific item used to distinguish between two entries when a distinguished name has been reused.

pilotOrganization

Definition

Used as a subclass to allow additional attributes to be assigned to organization and organizationalUnit object class entries.

This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.20

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
o (organizationName)	Organization to which the entry belongs.
ou (organizationUnitName)	Organizational unit to which the entry belongs.

Allowed Attributes

Attribute	Description
buildingName	Name of the building in which the entry is located.
businessCategory	Type of business in which the entry is engaged.
description	Text description of the entry.
destinationIndicator	Country and city associated with the pilot organization needed to provide Public Telegram Service.
fax (facsimileTelephoneNumber)	The pilot organization's fax number.
internationaliSDNNumber	The pilot organization's ISDN number.
l (localityName)	Place in which the pilot organization is located.
physicalDeliveryOfficeName	Location where physical deliveries can be made to the pilot organization.
postalAddress	The pilot organization's mailing address.
postalCode	The postal code for this address (such as a United States zip code).
postOfficeBox	The pilot organization's post office box.
preferredDeliveryMethod	The pilot organization's preferred method of contact or delivery.
registeredAddress	Postal address suitable for reception of expedited documents, where the recipient must verify delivery.
searchGuide	Specifies information for suggested search criteria when using the entry as the base object in the directory tree for a search operation.
seeAlso	DN to information relevant to the pilot organization.
st (stateOrProvinceName)	State or province in which the pilot organization is located.
street (streetAddress)	Street address at which the pilot organization is located.
telephoneNumber	The pilot organization's telephone number.
telexNumber	Identifier for the pilot organization's teletex terminal.
telexNumber	The pilot organization's telex number.
userPassword	Password with which the entry can bind to the directory.
x121Address	X.121 address of the pilot organization.

posixAccount

Definition

Auxiliary object class.

This object class is defined in RFC 2307.

Superior Class

top

OID

1.3.6.1.1.1.2.0

Required Attributes

Attribute	Description
cn (commonName)	The common name of the account.
gidNumber	Group ID number.
homeDirectory	Home directory of the account.
uid (userID)	The userid of the account.
uidNumber	UNIX only. Related to the /etc/shadow file, this attribute specifies the login ID of the account.

Allowed Attributes

Attribute	Description
description	A human-readable description of the account.
gecos	The default GECOS.
loginShell	The path to the login shell.
userPassword	The entry's password and encryption method.

posixGroup

Definition

Structural object class.

This object class is defined in RFC 2307.

Superior Class

top

OID

1.3.6.1.1.1.2.2

Required Attributes

Attribute	Description
cn (commonName)	The common name of the group.
gidNumber	Group ID number.

Allowed Attributes

Attribute	Description
description	A human-readable description of the group.
memberUid	The member userid.
userPassword	The entry's password and encryption method.

referral

Definition

Used to represent a subordinate reference information in the directory. These referral objects hold one or more URIs contained in values of the ref attribute type and are used to generate protocol referrals and continuations.

This object class is defined in RFC 3296.

Superior Class

top

OID

2.16.840.1.113730.3.2.6

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
ref	The referral URI.

---

Note	To use this object class, you must either make it a subclass, or use it with the extensibleObject object class. This ensures that you have an attribute for naming the entry.

---

residentialPerson

Definition

Used by the directory server to contain a person's residential information.

This object class is defined in RFC 2256.

Superior Class

person

OID

2.5.6.10

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
cn (commonName)	The person's common name.
l (localityName)	Place in which the person resides.
sn (surname)	The person's surname, or last name.

Allowed Attributes

Attribute	Description
businessCategory	Type of business in which the person is engaged.
description	Text description of the person.
destinationIndicator	Country and city associated with the entry needed to provide Public Telegram Service.
fax (facsimileTelephoneNumber)	The person's fax number.
internationaliSDNNumber	The person's ISDN number.
physicalDeliveryOfficeName	Location where physical deliveries can be made to the person.
postalAddress	The person's business mailing address.
postalCode	The postal code for this address (such as a United States zip code).
postOfficeBox	The person's business post office box.
preferredDeliveryMethod	The person's preferred method of contact or delivery.
registeredAddress	Postal address suitable for reception of expedited documents, where the recipient must verify delivery.
seeAlso	DN to information relevant to the person.
st (stateOrProvinceName)	State or province in which the person resides.
street (streetAddress)	Street address at which the person is located.
telephoneNumber	The person's telephone number.
telexNumber	Identifier for the person's teletex terminal.
telexNumber	The person's telex number.
userPassword	Password with which the entry can bind to the directory.
x121Address	X.121 address of the person.

RFC822LocalPart

Definition

Used to define entries that represent the local part of RFC822 mail addresses. The directory treats this part of an RFC822 address as a domain.

This object class is defined in Internet directory pilot.

Superior Class

domain

OID

0.9.2342.19200300.100.4.14

Allowed Attributes

Attribute	Description
cn (commonName)	The local part's common name.
sn (surname)	The entry's surname, or last name.

room

Definition

Used to store information in the directory about a room.

This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.7

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
cn (commonName)	Common name of the room.

Allowed Attributes

Attribute	Description
description	Text description of the room.
roomNumber	The room's number.
seeAlso	DN to information relevant to the room.
telephoneNumber	The room's telephone number.

shadowAccount

Definition

Auxiliary object class applicable to UNIX systems only. Related to the /etc/shadow file.

This object class is defined in RFC 2307.

Superior Class

top

OID

1.3.6.1.1.1.2.1

Required Attributes

Attribute	Description
uid (userID)	The entry's userid (usually the logon ID).

Allowed Attributes

Attribute	Description
description	Text description of the account.
shadowExpire	An absolute date specifying when the login may no longer be used.
shadowFlag	Reserved for future use.
shadowInactive	Number of days of inacitivity allowed for the specified user.
shadowLastChange	Number of days between January 1, 1970, and the date that the password was last modified.
shadowMax	Maximum number of days the password is valid.
shadowMin	Minimum number of days required between password changes.
shadowWarning	Number of days before the password expires that the user is warned.
userPassword	Password with which the entry can bind to the directory.

simpleSecurityObject

Definition

Used to allow an entry to contain the userPassword attribute when an entry's principal object classes do not allow userPassword as an attribute type. Reserved for future use.

This object class is defined in RFC 1274.

Superior Class

top

OID

0.9.2342.19200300.100.4.19

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
userPassword	Password with which the entry can bind to the directory.

strongAuthenticationUser

Definition

Auxiliary object class, used to store a user's certificate entry in the directory. This object class is used with other object classes, such as the person and organization object classes.

This object class is defined in RFC 2256.

Superior Class

top

OID

2.5.6.15

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.
userCertificate	Stores a user's certificate, usually in binary form.

subschema

Definition

Internal object class. An auxiliary object class subentry used to administer the subschema for the subschema administrative area. It holds the operational attributes representing the policy parameters used to express the subschema.

This object class is defined in RFC 2252.

Superior Class

top

OID

2.5.20.1

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.

Allowed Attributes

Attribute	Description
attributeTypes	Attribute types used within a subschema.
dITContentRules	Defines the DIT content rules in force within a subschema.
dITStructureRules	Defines the DIT structure rules in force within a subschema.
matchingRules	Defines the matching rules used within a subschema.
matchingRuleUse	Indicates the attribute types to which a matching rule applies in a subschema.
nameForms	Defines the name forms used in a subschema.
objectClasses	Defines the object classes used in a subschema.

top

Definition

Abstract object class, that defines the root of the object class hierarchy.

This object class is defined in RFC 2256.

Superior Class

N/A

OID

2.5.6.0

Required Attributes

Attribute	Description
objectClass	Defines the object classes for the entry.