This chapter explains how to obtain the current schema from the directory server, and how to modify it to add object class or attribute definitions.
It also contains a list of all the object classes and attributes that belong to the default schema for Sun Directory Services 3.1 with a description of their purpose and meaning.
The schema is the set of rules that describe the data that can be stored in the directory. It defines the type of entries, their structure and their syntax. The schema can be modified and extended, though certain objects and attributes cannot be changed.
The schema definition is stored in two files in the configuration directory /etc/opt/SUNWconn/ldap/current:
dsserv.oc.conf defines the object classes. These specify the types of entries permitted, their superior object class, and their mandatory and optional attributes.
dsserv.at.conf contains attribute definition information:
An oid representing the attribute
The attribute syntax, specified using a keyword
Alternate names for some attributes
The keyword naming for attributes that are naming attributes
The keyword single for single-valued attributes
For the exact format of an LDAP attribute definition, refer to the dsserv.at.conf(4) man page.
There are two ways of displaying the current schema:
From the command line, using the ldapsearch command
In the Admin Console
Use the ldapsearch command with the following arguments to read the current schema through the directory server:
/opt/SUNWconn/bin/ldapsearch -h hostname -b "cn=schema" -s base 'objectclass=*'
where hostname is the name of the directory server.
Table 8-1 shows an extract of the type of information returned.
Table 8-1 Extract from the Directory Schema
When you use the ldapsearch command to display the schema, the keywords are shown in capitals. They introduce the following:
NAME introduces the name of the object class.
DESC introduces a description of the object class.
SUP introduces the name of the superior object class.
MUST introduces the list of mandatory attributes for an object class. In dsserv.oc.conf mandatory attributes are identified by the keyword requires.
MAY introduces the list of optional attributes for an object class. In dsserv.oc.conf mandatory attributes are identified by the keyword allows.
In the Admin Console, go to the Schema section.
This section displays a list of object classes in hierarchical order, or in alphabetical order. Use the buttons below the pane to change the display mode.
Click the folder icon for an object class to display its mandatory (M) and optional (O) attributes. With the hierarchical display, clicking on the folder icon of an object class will display any subclasses of that object class.
To display a list of attributes, click the Attributes list button.
An attribute list window is displayed. It contains a five-column table that shows:
The name of the attribute
Alias names for this attribute (separated by commas)
The attribute syntax, identified by a keyword (see "Attribute Reference")
A unique OID for the attribute
Whether the attribute is a naming attribute (that is, an attribute that can be used in the distinguished name of an entry), and whether it is single-valued
You can modify the schema in the following ways:
By creating new object classes or attributes
By modifying object classes and attributes
It is safer to always create a new object class rather than modify an existing one. If you want to extend an existing object class, you can create an object class that inherits from the object class that you want to extend.
Deleting object classes or attributes is not advisable since there might be directory entries that use the existing definitions.
There is no automatic check that schema modifications do not invalidate entries. Therefore, to minimize the risk of entries becoming invalid, restrict your changes to the addition of object classes or attributes. You can, however, enable schema checking. For this, refer to "Schema Checking".
The schema definition contains object classes that are used internally by the Sun Directory Services directory server or by the Sun Internet Mail Server (SIMS). The Admin Console does not permit you to modify these object classes. They are marked with the keyword frozen in the configuration files. You must not remove this keyword from any standard schema item.
If you use the web gateway to allow users to browse the directory, all modification made to the schema must also be made to the dswebtmpl.conf file. See the dswebtmpl.conf(4) man page for details.
Sun Directory Services provides a schema checking feature. When directory information is added or modified, the directory server checks that all mandatory attributes of the object class or inherited by the object class are present.
The schema checking options are:
Off: no checking is performed
Weak: a check is performed when entries are created or modified
Strong: in addition to the previous level, a check is performed on search operations
Select the appropriate level of checking from the Schema check menu button in the Schema section of the Admin Console. The default level of checking is weak.
Schema checking cannot be performed on the compatibility of object classes. For example, you could create an entry with the device object class and the person object class. The IETF standards do not enforce rules on object classes.
From the Admin Console main window, choose Class/Attribute from the Create menu.
The Create Object Class window is displayed.
Specify:
The name of the new object class
The object identifier for the object class (optional)
The superior object class, from which this object class will inherit attributes
Specify the mandatory and optional attributes you want to include in this class:
Click OK to save the modified object class definition.
This change will take effect when you restart the dsservd daemon. Figure 8-1 shows a new object class plumber, with the atttributes you would need to contact a plumber.
From the Admin Console main window, choose Class/Attribute from the Create menu.
In the Create Object Class window, choose Attribute from the Create menu.
The Add Attribute window is displayed.
Specify:
The name of the attribute
The unique OID for this attribute (optional)
Any alternate names in the Aliases field (optional)
Whether the attribute is multi-valued
Whether the attribute can be used as a naming attribute
Click OK to save the new attribute definition.
This change will take effect when you restart the dsservd daemon. Figure 8-2 shows a new attribute hourlyRate has been created to be added to the plumber object class.
In the object class list, highlight the object class to which you want to add an attribute, and choose Modify Class/Attribute from the Selected menu.
The Modify Object Class window is displayed. The name of the object class you are modifying is displayed in the General section of this window. The mandatory and optional attributes for that object class are listed in the Object class attributes section.
In the Defined Attributes list, highlight the attribute that you want to add.
Select the mode of the attribute (Mandatory or Optional) from the pop-up menu.
Click Add to add the attribute to the object class definition.
Click OK to save the modified object class definition.
This change will take effect when you restart the dsservd daemon.
To change the mode of an attribute that is already included in the object class definition, select the attribute in the Class attributes list and change the mode using the Mode pop-up menu.
This section contains an alphabetical list of the object classes accepted by the default schema, except for pilot project object classes described in RFC 1274 The COSINE and Internet X.500 Schema. It explains the purpose of each object class, and gives the list of mandatory and optional attributes specific to the particular object class. An object class also inherits the mandatory and optional attributes from its superior object class. Inherited attributes are not listed.
The keyword frozen after the object class name indicates that this object class is used by a component of Sun Internet Mail Server, or by a component of Sun Directory Services. You cannot change a frozen object class definition using the Admin Console. If you change the definition of such an object class, ensure that your changes do not prevent the Sun Internet Mail Server and the Sun Directory Services components from using objects of this class.
Description: Used to define entries representing a user account.
Superior object class: top
Mandatory attribute: uid
Optional attributes: description, host, l, o, ou, seeAlso
Description: An alternative name for an object located under the same data store suffix.
Superior object class: top
Mandatory attribute: aliasedObjectName
It is preferable to avoid using the alias object class and use instead the aliasObject subclass. This is because the alias object class only allows the full DN of the aliased object as its naming attribute, and not just the RDN.
Description: An alternative name for an object located under the same data store suffix.
Superior object class: alias
Optional attributes: * (allows any attribute)
The attributes in the aliasObject entry must include the naming attribute of the entry. The naming attribute should be the same as for the aliased object.
Description: Used to define an entry representing an application entity.
Superior object class: top
Mandatory attributes: cn, presentationAddress
Optional attributes: description, l, o, ou, seeAlso, supportedApplicationContext
Description: Used to define an entry representing an application process.
Superior object class: top
Mandatory attribute: cn
Optional attributes: description, l, ou, seeAlso
Description: Used to define an entry representing an NIS automount record.
Superior object class: top
Mandatory attributes: cn, automountInformation
Optional attribute: description
Description: Used to define an entry representing any device that requires boot parameters. Used to import information from the /etc/bootparams file. It is an auxiliary object class, which means that it should be used in conjunction with a structural object class.
Superior object class: device
Optional attribute: bootFile, bootParameter
Description: Used to define entries representing objects that act as certification authorities. It is an auxiliary object class, which means that it should be used in conjunction with a structural object class.
Superior object class: top
Mandatory attributes: authorityRevocationList, cACertificate, certificateRevocationList
Optional attribute: crossCertificatePair
Description: Used to define entries representing objects that act as certification authorities for version 2. It is an auxiliary object class, which means that it should be used in conjunction with a structural object class.
Superior object class: certificationAuthority
Optional attribute: crossCertificatePair
Description: Identifies country entries in the directory.
Superior object class: top
Mandatory attribute: c
Optional attributes: description, searchGuide
Description: Used to define an entry that provides a service for certification authority revocation lists.
Superior object class: top
Mandatory attribute: cn
Optional attributes: authorityRevocationList, certificateRevocationList, deltaRevocationList
Description: Used to define an entry representing a device (for example a modem or CD-ROM drive).
Superior object class: top
Mandatory attribute: cn
Optional attributes: description, l, o, ou, owner, seeAlso, serialNumber
Description: Used to define an entry representing a domain component, that is a component in the dot-separated sequence that forms a domain name. It is an auxiliary object class, which means that it should be used in conjunction with a structural object class.
Superior object class: top
Mandatory attribute: dc
Description: Used to define an entry that represents a directory management domain (DMD), that is the authority responsible for a particular directory server.
Superior object class: top
Mandatory attribute: dmdName
Optional attributes: businessCategory, description, destinationIndicator, facsimileTelephoneNumber, internationaliSDNNumber, l, physicalDeliveryOfficeName, postOfficeBox, postalAddress, postalCode, preferredDeliveryMethod, registeredAddress, searchGuide, seeAlso, st, street, telephoneNumber, userPassword, x121Address
Description: Used to define entries representing a DNS domain.
Superior object class: domain
Optional attribute: dNSRecord
Description: Used to define an entry representing a document.
Superior object class: pilotObject
Mandatory attribute: documentIdentifier
Optional attributes: abstract, cn, description, documentAuthor, documentAuthorCommonName, documentAuthorSurname, documentLocation, documentPublisher, documentStore, documentTitle, documentVersion, keywords, l, o, obsoletedByDocument, obsoletesDocument, ou, seeAlso, subject, updatedByDocument, updatesDocument
Description: Used to define an entry representing a series of related documents.
Superior object class: top
Mandatory attributes: cn
Optional attributes: description, l, o, ou, seeAlso, telephoneNumber
Description: Used to define an entry representing a domain.
Superior object class: top
Mandatory attribute: dc
Optional attributes: associatedName, businessCategory, description, destinationIndicator, facsimileTelephoneNumber, internationaliSDNNumber, l, o, physicalDeliveryOfficeName, postOfficeBox, postalAddress, postalCode, preferredDeliveryMethod, registeredAddress, searchGuide, seeAlso, st, street, telephoneNumber, teletexTerminalIdentifier, telexNumber, userPassword, x121Address
Description: Used to define an entry related to a domain.
Superior object class: top
Mandatory attribute: associatedDomain
Description: Used to define an entry representing a directory system agent (DSA) or any directory server.
Superior object class: applicationEntity
Optional attribute: knowledgeInformation
Description: Used to define an entry representing an electronic mail distribution list that uses aliases(4) format.
Superior object class: top
Mandatory attributes: cn
Optional attributes: authorizedDomain, authorizedSubmitter, dataSource, expandable, mailDeliveryFile, mailDeliveryOption, mailProgramDeliveryInfo, mailHost, ownerDeliveryFile, ownerDeliveryOption, ownerProgramDeliveryInfo, requestsToDeliveryFile, requestsToDeliveryOption, requestsToProgramDeliveryInfo, rfc822AuthorizedSubmitter, rfc822MailMember, rfc822Owner, rfc822UnauthorizedSubmitter, unauthorizedDomain, unauthorizedSubmitter
Description: Used to define an entry for a person who uses electronic mail.
Superior object class: inetOrgPerson
Mandatory attributes: cn, objectClass
Optional attributes: assistant, channelName, channelType, dataSource, generationQualifier, freeFormName, homeDirectory, homeFacsimileTelephoneNumber, mail, mailAutoReplyExpirationDate, mailAutoReplyMode, mailAutoReplySubject, mailAutoReplyText, mailAutoReplyTextInternal, mailDeliveryFile, mailDeliveryOption, mailFolderMap, mailForwardingAddress, mailHost, mailMessageStore, mailProgramDeliveryInfo, mailQuota, objectStatus, preferredRfc822Recipient, reportsTo, rfc822Mailbox, userDefinedAttribute1, userDefinedAttribute2, userDefinedAttribute3, userDefinedAttribute4
Description: Used to allow friendlier naming of country entries than with the object class country. The naming attribute of object class country, countryName, has to be a 2 letter string defined in ISO 3166.
Superior object class: country
Mandatory attribute: co
Description: Used to define an entry representing a user of Lotus CC:Mail.
Superior object class: top
Optional attributes: cCMailAddresses, preferredCCMailOriginator, preferredCCMailRecipient
Description: Used to define an entry representing a legacy mail gateway channel.
Superior object class: top
Mandatory attributes: channelName
Optional attributes: ackedSequenceNumber, channelType, currentSequenceNumber, maxLastModifiedTime, objectStatus, seeAlso, userPassword
Description: Used to store preferences for document conversion for a gateway user.
Superior object class: top
Optional attribute: docConvPreference
Description: Used to define an entry representing a user of Lotus Notes.
Superior object class: top
Optional attributes: lotusNotesAddresses, preferredLotusNotesOriginator, preferredLotusNotesRecipient
Description: Used to define an entry representing a user of Mail-11 (DEC).
Superior object class: top
Optional attributes: mail11Addresses, preferredMail11Originator, preferredMail11Recipient
Description: Used to define an entry representing a user of the legacy Mail Relay (MR) mail system.
Superior object class: top
Optional attributes: mrAddresses, preferredMrOriginator, preferredMrRecipient
Description: Used to define an entry representing a user of Microsoft Mail.
Superior object class: top
Optional attributes: mSMailAddresses, preferredMSMailOriginator, preferredMSMailRecipient
Description: Used to define an entry representing a user of the legacy Novell Groupwise Mail (NGM) mail system.
Superior object class: top
Optional attributes: nGMAddresses, preferredNGMOriginator, preferredNGMRecipient
Description: Used to define an entry representing a user of the legacy Novell Groupwise Mail 7.0 (NGM70) mail system.
Superior object class: top
Optional attributes: nGM70Addresses, preferredNGM70Originator, preferredNGM70Recipient
Description: Used to define an entry representing a user of IBM PROFS.
Superior object class: top
Optional attributes: pROFSAddresses, preferredPROFSOriginator, preferredPROFSRecipient
Description: Used to define entries representing an unordered set of names of objects or other groups.
Superior object class: top
Mandatory attributes: cn, member
Optional attributes: businessCategory, description, o, ou, owner, seeAlso
Description: Used to define entries representing an unordered set of names of objects or other groups. Each name in the set is unique in the directory.
Superior object class: top
Mandatory attributes: cn, uniqueMember
Optional attributes: businessCategory, description, o, ou, owner, seeAlso
Description: Used to define entries representing any device that has a MAC address. Used to import information from the /etc/ethers file. It is an auxiliary object class, which means that it should be used in conjunction with a structural object class.
Superior object class: device
Optional attributes: macAddress
Description: Used to define an entry for a person who uses the Internet and belongs to an organization.
Superior object class: organizationalPerson
Optional attributes: audio, businessCategory, carLicense, departmentNumber, employeeNumber, employeeType, givenName, homePhone, homePostalAddress, initials, jpegPhoto, labeledURI, mail, manager, mobile, pager, photo, preferredLanguage, roomNumber, secretary, uid, userCertificate, userSMIMECertificate, x500uniqueIdentifier
Description: Used to describe a device that has an IP address. Used to import information from the /etc/hosts file. It is an auxiliary object class, which means that it should be used in conjunction with a structural object class.
Superior object class: top
Mandatory attributes: cn, ipHostNumber
Optional attributes: description, bootFile, bootParameter, l, macAddress, manager, serialNumber
Description: Used to define an entry that describes an IP protocol. Used to import information from the /etc/protocols file.
Superior object class: top
Mandatory attributes: cn, ipProtocolNumber
Optional attribute: description
Description: Used to define an entry that describes an IP network. Used to import information from the /etc/networks file.
Superior object class: top
Mandatory attributes: cn, ipNetworkNumber
Optional attributes: description, ipNetmaskNumber, l, manager
Description: Used to define an entry that represents an IP service.
Superior object class: top
Mandatory attributes: cn, ipServicePort, ipServiceProtocol
Optional attribute: description
Description: Used to define an entry that describes a resource on the network that is identified by a URI. It is an auxiliary object class, which means that it should be used in conjunction with a structural object class.
Superior object class: top
Optional attribute: labeledURI
Description: Used to define entries that describe locality.
Superior object class: top
Optional attributes: description, locality, searchGuide, seeAlso, st, street
Description: Used to define a Network Access Server used in the context of RADIUS authentication.
Superior object class: device
Mandatory attributes: iphostnumber, sharedKey
Optional attributes: dictionaryFile, acctattrFile
Description: Used to define an entry that represents an NIS mail.aliases record. Used to import information from the /etc/mail/aliases file.
Superior object class: top
Mandatory attribute: cn
Optional attribute: rfc822MailMember
Description: Used to define an entry that represents an NIS map.
Superior object class: top
Mandatory attribute: nisMapName
Optional attribute: description
Description: Used to define an entry that represents an NIS netgroup record. Used to import information from the /etc/netgroup file.
Superior object class: top
Mandatory attribute: cn
Optional attributes: description, memberNisNetGroup, nisNetGroupTriple
Description: Used to define an entry that represents an NIS netid.byname record.
Superior object class: top
Mandatory attribute: cn
Optional attribute: nisNetIdGroup, nisNetIdHost, nisNetIdUser
Description: Used to define an entry in the directory that represents an entry in an NIS map. The NIS key is stored in the cn attribute.
Superior object class: top
Mandatory attribute: nisMapName
Optional attributes: cn, description, nisMapEntry
Description: Used to define an entry in the directory that represents an entry in an NIS map. This object class is used in the generic NIS map definition in Sun Directory Services. The NIS key is stored in the sunNisKey attribute.
Superior object class: top
Mandatory attribute: nisMapName
Optional attributes: cn, description, nisMapEntry, sunNisKey
Description: Used to define an entry that represents an Open Network Computing (ONC) remote procedure call (RPC). Used to import information from the /etc/rpc file.
Superior object class: top
Mandatory attributes: cn, oncRpcNumber
Optional attribute: description
Description: Used to define organization entries in the directory.
Superior object class: top
Mandatory attributes: o
Optional attributes: businessCategory, description, destinationIndicator, facsimileTelephoneNumber, internationaliSDNNumber, l, physicalDeliveryOfficeName, postOfficeBox, postalAddress, postalCode, preferredDeliveryMethod, registeredAddress, searchGuide, seeAlso, st, street, telephoneNumber, teletexTerminalIdentifier, telexNumber, userPassword, x121Address
Description: Used to define entries representing people employed by, or in some way associated with, an organization.
Superior object class: person
Optional attributes: destinationIndicator, facsimileTelephoneNumber, internationaliSDNNumber, l, ou, physicalDeliveryOfficeName, postOfficeBox, postalAddress, postalCode, preferredDeliveryMethod, registeredAddress, st, street, telephoneNumber, teletexTerminalIdentifier, telexNumber, title, x121Address
Description: Used to define entries representing a role or position within an organization. An organizationalRole is usually filled by an organizationalPerson, but it can also be filled by a non-human entity.
Superior object class: top
Mandatory attribute: cn
Optional attributes: description, destinationIndicator, facsimileTelephoneNumber, internationaliSDNNumber, l, ou, physicalDeliveryOfficeName, postOfficeBox, postalAddress, postalCode, preferredDeliveryMethod, registeredAddress, roleOccupant, seeAlso, st, street, telephoneNumber, teletexTerminalIdentifier, telexNumber, x121Address
Description: Used to define entries representing subdivisions of an organization.
Superior object class: top
Mandatory attributes: ou
Optional attributes: businessCategory, description, destinationIndicator, facsimileTelephoneNumber, internationaliSDNNumber, l, physicalDeliveryOfficeName, postOfficeBox, postalAddress, postalCode, registeredAddress, searchGuide, seeAlso, st, street, telephoneNumber, teletexTerminalIdentifier, telexNumber, userPassword, x121Address
Description: Used to define entries representing people.
Superior object class: top
Mandatory attributes: cn, sn
Optional attributes: description, seeAlso, telephoneNumber, userPassword
Description: Used to represent an account defined by POSIX attributes. Used to import information from the /etc/passwd file. It is an auxiliary object class, which means that it should be used in conjunction with a structural object class.
Superior object class: top
Mandatory attributes: cn, uid, uidNumber, gidNumber, homeDirectory
Optional attributes: description, gecos, loginShell, userPassword
Description: Used to define an entry that represents a group of POSIX accounts. Used to import information from the /etc/group file.
Superior object class: top
Mandatory attributes: cn, gidNumber
Optional attributes: description, memberUid, userPassword
Description: Used to define an entry that points to another data store.
Superior object class: top
Optional attributes: ref, * (allows any attribute, in particular the same naming attribute as in the RDN of the referenced object)
Description: In the context of RADIUS authentication, used to define remote users who access the network through a Network Access Server (NAS).
Superior object class: top
Mandatory attribute: uid
Optional attributes: acctAuthentic, acctDelayTime, acctInputOctet, acctOutputOctet, acctSessionId, acctSessionTime, acctStatusType, acctTerminateCause, authCalleddStationId, authCallingStationId, authFilterId, authHostPortNumber, authHostPortType, authLoginService, authPortLimit, authPrefixName, authReplyMessage, authServiceProtocol, authType, authStartMenuId, authSuffixName, authState, authStopMenuId, authTerminationAction, chapPassword, expirationDate, framedCompression, framedIPAddress, framedMTU, framedRoute, framedRouting, framedProtocol, grpCheckInfo, grpReplyInfo, idleTimeoutNumber, ipHostNumber, ipLoginHost, ipLoginPort, ipNetmaskNumber, ipxNetworkNumber, radiusLoginProfile, radiusPppProfile, radiusSlipProfile, radiusAuthFailedAccess, radiusLoginExpiration, radiusLoginPasswd, radiusPppExpiration, radiusPppPasswd, radiusSlipExpiration, radiusSlipPasswd, dynamicSessionCounter, dynamicSessionId, dynamicIPAddress, sessionTimeoutNumber, userCallbackId, userCallbackNumber, userPassword
Description: Used to define entries representing a person in the residential environment.
Superior object class: top
Mandatory attribute: l
Optional attributes: businessCategory, destinationIndicator, facsimileTelephoneNumber, internationaliSDNNumber, l, physicalDeliveryOfficeName, postOfficeBox, postalAddress, postalCode, preferredDeliveryMethod, registeredAddress, st, street, telephoneNumber, teletexTerminalIdentifier, telexNumber, x121Address
Description: Used to define entries which represent the local part of RFC822 mail addresses. This treats this part of an RFC822 address as a domain.
Superior object class: domain
Optional attributes: cn, description, destinationIndicator, facsimileTelephoneNumber, internationaliSDNNumber, l, o, physicalDeliveryOfficeName, postOfficeBox, postalAddress, postalCode, preferredDeliveryMethod, registeredAddress, seeAlso, sn, st, street, telephoneNumber, teletexTerminalIdentifier, telexNumber, userPassword, x121Address
Description: Used to define an entry representing a room.
Superior object class: top
Mandatory attribute: cn
Optional attributes: description, roomNumber, seeAlso, telephoneNumber
Description: Used to represent a user that has a shadow password. It is an auxiliary object class, which means that it may be used in conjunction with any object class.
Superior object class: top
Mandatory attribute: uid
Optional attributes: description, shadowLastChange, shadowMax, shadowMin, shadowWarning, shadowInactive, shadowExpire, shadowFlag, userPassword
Description: Used to define an entry containing a user password, for simple authentication.
Superior object class: top
Mandatory attribute: userPassword
Description: Used to define an entry for an object participating in Strong Authentication. It is an auxiliary object class, which means that it should be used in conjunction with a structural object class.
Superior object class: top
Mandatory attribute: userCertificate
Description: Used to define an entry that contains the rules governing the schema. It is an auxiliary object class, which means that it should be used in conjunction with a structural object class.
Optional attributes: attributeTypes, dITStructureRules, ditContentRules, matchingRules, matchingRuleUse, nameForms, objectClasses
Description: Used by the NIS/LDAP server to manage NIS maps. An entry is created for each map stored in the LDAP directory.
Superior object class: top
Mandatory attributes: sunNisDomain, sunNisMapFullName, sunNisMapState, sunNisMaster, sunNisSecurityMode
Optional attributes: description, seeAlso, sunNisDbmCache, sunNisDnsForwarding, sunNisInputFile, sunNisOutputName, sunNisLoadMap
Description: Used to define an entry that represents an NIS ypservers record. Used to import information from the ypservers file.
Superior object class: top
Mandatory attributes: cn
Description: An abstract object class, parent of all others. It ensures that every object class contains the objectClass attribute.
Mandatory attribute: objectClass
Description: Used to name an entry with a unique ID. It is an auxiliary object class, which means that it should be used in conjunction with a structural object class.
Superior object class: top
Mandatory attribute: uid
Description: Used to store security information about a user. It is an auxiliary object class, which means that it should be used in conjunction with a structural object class.
Superior object class: top
Optional attribute: supportedAlgorithms
All attributes defined in the schema have one of the following syntaxes:
Distinguished name (dn)
Case-ignore string (cis) -- An alphanumeric string, not case-sensitive
Case-exact string (ces) -- A case-sensitive alphanumeric string
Telephone number (tel)
Integer (int or long)
Binary (bin)
Encrypted (protected) -- A value that has been encrypted using the method specified through the Admin Console. Possible values are sunds, crypt, or none.
UTC time (utctime)
The following list of attributes in the default schema gives the attribute syntax, any alternative names, and explains how the attribute is used.
Syntax: cis
Description: A brief description of the document described by the entry.
Syntax: ces
Description: Specifies the name of the dynamic accounting attributes file to be used to interpret the dynamic accounting information received from the NAS described by the entry.
Syntax: ces
Description: Used in RADIUS accounting requests to indicate how the user described by the entry was authenticated.
Syntax: ces
Description: Used in RADIUS accounting requests to indicate for how long the NAS has been trying to send an accounting report. The delay is deducted from the time of arrival of the report to determine the actual time at which the event occurred.
Syntax: ces
Description: Used in RADIUS accounting requests to indicate the number of octets received during the provision of service.
Syntax: ces
Description: Used in RADIUS accounting requests to indicate the number of packets received during the provision of service.
Syntax: ces
Description: Used in RADIUS accounting requests to indicate the number of octets sent during the provision of service.
Syntax: ces
Description: Used in RADIUS accounting requests to indicate the number of packets sent during the provision of service.
Syntax: ces
Description: Used in RADIUS accounting to provide a unique accounting ID. It is used to match start and stop records for the same session.
Syntax: ces
Description: Used in RADIUS accounting to indicate the number of seconds during which the user described by the entry has received service.
Syntax: ces
Description: Used in RADIUS accounting to indicate whether the current report marks the beginning of service (start) or the end (stop).
Syntax: ces
Description: Used in RADIUS accounting to indicate how a session was terminated.
Syntax: ces
Description: A sequence number used during Legacy Mail directory synchronization.
Syntax: dn
Description: The DN of the entry for which the alias entry is an alias. This attribute is single-valued.
Syntax: cis
Description: Specifies the URLs of other servers to contact if the current server is unavailable.
Syntax: cis
Description: An assistant to the person described by the entry.
Syntax: cis
Description: The domain with which the object described by this entry is associated.
Syntax: dn
Description: The distinguished name of an entry associated with this entry.
Syntax: cis
Description: Specifies the name of an attribute.
Syntax: cis
Description: Specifies the attribute types allowed in the schema.
Syntax: bin
Description: Sound information associated with the object described by the entry.
Syntax: ces
Description: Indicates the phone number called by the user to request access through a NAS.
Syntax: ces
Description: Indicates the phone number from which the used called to request access through a NAS.
Syntax: ces
Description: Indicates the name of the filter list for the user described by the entry.
Syntax: ces
Description: Indicates the physical port number of the NAS that is authenticating the user.
Syntax: ces
Description: Indicates the type of physical port number of the NAS that is authenticating the user.
Syntax: ces
Description: Indicates the service that should be used to connect the user to the login host.
Syntax: ces
Description: Contains a string that identifies the NAS that transmitted an access request.
Syntax: cis
Description: A list of certificates that have been revoked by the certification authority described in the entry, or that the certification authority knows have been revoked by other certification authorities.
Syntax: cis
Description: Domain name from which users are authorized to post to the list described by the entry.
Syntax: cis
Description: A registered user authorized to post messages to the list described by the entry.
Syntax: ces
Description: Sets the maximum number of ports to be provided by the NAS to the user.
Syntax: ces
Description: Used internally by the RADIUS server to distinguish between the user name to be processed for authentication and a possible prefix. In some cases, the connection protocol can add a prefix to the user's name, for example, ppp%jsmith.
Syntax: cis
Description: Contains text that the NAS can display to the user.
Syntax: ces
Description: Indicates the type of service requested by the user.
Syntax: ces
Description: This attribute is used internally by the RADIUS server.
Syntax: ces
Description: A state attribute sent by the RADIUS server to the NAS. The NAS must send it back unchanged in the reply to the server. This attribute is single-valued.
Syntax: ces
Description: Used internally by the RADIUS server.
Syntax: ces
Description: Indicates to the RADIUS server how passwords are stored, so that the password supplied by the user can be compared correctly against the password stored under the user's entry in the directory. Possible values for this attribute are:
Crypt-Local -- specifies that passwords are stored encrypted
Local -- specifies that passwords are stored in clear text
System -- specifies that passwords are maintained in /etc/passwd
Syntax: ces
Description: Used internally by the RADIUS server to distinguish between the user name to process for authentication and a possible suffix. In some cases, the domain name can be added to the user's name, for example, jsmith@eng.xyz.com.
Syntax: ces
Description: Indicates the action to perform by the NAS when the service session is finished.
Syntax: ces
Description: The automount information for the entry in the NIS automount map.
Syntax: ces
Description: The name of the file containing the boot parameters for the bootable device described by the entry.
Syntax: ces
Description: A boot parameter for the bootable device described by the entry.
Syntax: cis
Description: The name of the building where the object described by the entry resides.
Syntax: cis
Description: The type of business of the object described by the entry.
Syntax: cis
Description: The type of car license held by the person described by the entry.
Syntax: bin
Description: The public key of the certification authority described by the entry.
Syntax: cis
Description: Used to route email messages through a Lotus CC:mail channel. It stores a copy of the email addresses in the preferredCCMailOriginator and preferredCCMailRecipient attributes.
Syntax: cis
Description: A list of certificates that have been revoked by the certification authority described by the entry, or that the certification authority knows have been revoked by other certification authorities.
Syntax: cis
Description: The name of the Legacy Mail channel for the user described by the entry. Channel names are chosen for users by the system administrator.
Syntax: ces
Description: The type of the Legacy Mail channel for the user described in the entry. The value must be one of the following:
0 for CC:mail
1 for Microsoft Mail
4 for an SMTP mail system
8 for IBM PROFS
Syntax: ces
Description: Contains the response value provided by a PPP Challenge Handshake Authentication Protocol (CHAP) user in response to a challenge. This attribute is single-valued.
Syntax: cis
Description: The copyright statement for the object described by the entry.
Syntax: cis
Description: The name of the country where the object described by the entry resides, or where a parent of the entry resides. The name has to be a two-letter string defined in ISO 3166. This attribute is single-valued. Multinational corporations usually use the country of their headquarters as the country of the whole organization.
Syntax: utctime
Description: A timestamp that indicates the time at which the entry was created. This attribute is single-valued. It is created and maintained by the server.
Syntax: dn
Description: The DN of the person who created the entry. This attribute is single-valued. It is created and maintained by the server.
Syntax: cis
Description: A pair of certificates, containing the public keys of the object described by the entry.
Syntax: ces
Description: A sequence number used during Legacy Mail directory synchronization.
Syntax: cis
Description: The original data source or migration tool for data in the entry.
Syntax: cis
Description: The differences in revocation lists. This attribute provides a list of newly revocated certificates.
Syntax: cis
Description: A string identifying the department to which a user described by the entry belongs. The format is a local decision.
Syntax: cis
Description: The description of the entry object.
Syntax: cis
Description: The country and city addressing information for the object described by the entry.
Syntax: ces
Description: Specifies the dictionary to be used by the RADIUS server when it receives a request from the NAS described by the entry.
Alternate name: dn
Syntax: dn
Description: Specifies the distinguished name of an entry.
Syntax: cis
Description: Specifies the rules governing the content of the DIT.
Syntax: dn
Description: Indicates that the object described by one entry now has a newer entry in the DIT. The entry containing the redirection attribute should be removed after a suitable period.
Syntax: cis
Description: Specifies the rules governing the structure of the DIT.
Syntax: cis
Description: Gives the name of the Directory Management Domain (DMD) stored on the server.
Syntax: ces
Description: Used to store DNS record fields.
Syntax: cis
Description: The preferred method for converting a document sent through the gateway described by the entry.
Syntax: dn
Description: The author of the document described by the entry.
Syntax: cis
Description: A string identifying the document described by the entry.
Syntax: cis
Description: The location of the document described by the entry.
Syntax: cis
Description: The publisher of the document described by the entry.
Syntax: cis
Description: The location where the document described by the entry is stored.
Syntax: cis
Description: The title of the document described by the entry.
Syntax: cis
Description: The version number of the document described by the entry.
Alternate name: dc
Syntax: cis
Description: Part of the name of the domain described by the entry. This attribute is single-valued.
Syntax: cis
Description: The favorite drink of the person described by the entry.
Syntax: cis
Description: When RADIUS accounting is activated, associates the dynamicIPAddress and the dynamicSessionId assigned to the remote user.
Syntax: cis
Description: When RADIUS accounting is activated, the IP address assigned to the remote user is recorded in the user's entry using this attribute. This attribute is created when the session begins, and removed when the session ends.
Syntax: int
Description: When RADIUS accounting is activated, the number of concurrent open sessions for a remote user is recorded in the user's entry using this attribute. This attribute is removed when the user ends the last session. This attribute is single-valued.
Syntax: cis
Description: When RADIUS accounting is activated, the session identifier assigned to the remote user for a particular session is recorded in the user's entry using this attribute. This identifier is used in to open and close the accounting report for the session.
Syntax: cis
Description: A number identifying the person described by the entry.
Syntax: cis
Description: Information identifying the type of the employee (for example, Contractor) described by the entry.
Syntax: cis
Description: Whether the membership of the list described by the entry is visible (TRUE or FALSE).
Syntax: ces
Description: Indicates the expiration date for the password stored in the userPassword attribute. The expirationDate attribute is single-valued.
Syntax: tel
Description: The fax telephone number of the object described by the entry.
Syntax: ces
Description: Indicates a compression protocol to be used for the link.
Syntax: ces
Description: Indicates the address to be configured for the user.
Syntax: ces
Description: Indicates the maximum transmission unit (MTU) to be configured for the user, when it is not negotiated by some other means (such as PPP).
Syntax: ces
Description: Indicates the framing to be used for framed access.
Syntax: ces
Description: Provides routing information to be configured for the user on the NAS. Not to be confused with the framedRouting attribute.
Syntax: ces
Description: Indicates the routing method for the user, when the user is a router to a network. Not to be confused with the framedRoute attribute.
Syntax: cis
Description: The name of the person described by the entry.
Syntax: cis
Description: The gecos field of the user described in the entry. Usually the user's common name. This attribute is single-valued.
Syntax: cis
Description: Generation information, for example, Senior or III, to qualify the name of the user described by the entry.
Syntax: long
Description: An integer that uniquely identifies a group in an administrative domain. This attribute is single-valued.
Alternate name: gn
Syntax: cis
Description: The given name of the person described by the entry.
Syntax: ces
Description: Contains a list of attributes that must be checked by the RADIUS server against the information supplied by the remote user. If the grpCheckInfo attribute is not present, or if it does not contain any attributes, then all the attributes in the remote user's entry are checked before access is granted to the user. This attribute is used internally by the server.
Syntax: ces
Description: Contains a list of attributes returned by the RADIUS server with an access-accept or access-reject response. It can contain connection parameters such as a PPP or SLIP profile. This attribute is used internally by the server.
Syntax: ces
Description: The filesystem location of the home directory of the user described by the entry. This attribute is single-valued.
Alternate name: homeFax
Syntax: tel
Description: The home fax number of the user described by the entry.
Syntax: tel
Description: The home phone number of the user described by the entry.
Syntax: cis
Description: The home postal address of the user described by the entry.
Syntax: cis
Description: The host used by the object described by the entry.
Syntax: ces
Description: Sets the maximum number of consecutive seconds that the connection can remain idle before the session is terminated.
Syntax: cis
Description: The initials of the person described by the entry.
Syntax: cis
Description: The ISDN telephone number of the object described by the entry, including country and area codes.
Syntax: cis
Description: Specifies the IP address of the host described by the entry, in dotted decimal format, without leading zeros.
Syntax: cis
Description: Indicates the system with which to connect the user, when the authLoginService attribute is included in the connection request.
Syntax: cis
Description: Indicates the TCP port with which the user is to be connected, when the authLoginService attribute is included in the connection request.
Syntax: cis
Description: Specifies an IP netmask, in dotted decimal format, without leading zeros. This attribute is single-valued.
Syntax: cis
Description: Specifies the number of the IP network described by the entry, in dotted decimal format, without leading zeros. This attribute is single-valued.
Syntax: long
Description: Specifies the port number/port type (for example UDP or TCP) pair for the IP protocol described by the entry. This attribute is single-valued.
Syntax: cis
Description: Indicates the IPX network number to be configured for the user.
Syntax: cis
Purpose: Whether or not users may add themselves to the list described by the entry (TRUE or FALSE).
Syntax: bin
Description: A photograph, in JPEG format, of, or associated with, the object described by the entry.
Syntax: cis
Description: Keywords associated with the object described by the entry.
Syntax: cis
Description: The knowledge information (references to other directory servers) stored by the DSA described by the entry.
Syntax: ces
Description: The uniform resource identifier (URI) and label associated with the object described by the entry.
Syntax: dn
Description: The distinguished name of the user who last modified the object described by the entry. Note that this is not the user who last modified the entry itself.
Syntax: utctime
Description: The date and time when the object described by the entry was last modified. Note that this is not the date and time at which the entry itself was modified.
Syntax: ces
Description: The path to the login shell of the user described by the entry. This attribute is single-valued.
Syntax: cis
Description: Specifies the syntaxes supported by the LDAP server.
Syntax: cis
Description: The geographical locality of the object described by the entry.
Syntax: cis
Description: The Lotus Notes electronic mail address of the user described by the entry.
Syntax: cis
Description: Specifies a MAC address for the device described by the entry, expressed in colon-separated hex notation.
Syntax: cis
Description: The advertised electronic mail address, in RFC822 format, of the user described by the entry.
Syntax: cis
Description: The Mail-11 electronic mail address of the user described by the entry.
Syntax: cis
Description: At midnight on this date, disable auto-reply to email sent to the user described by the entry. The date must be in UTC format.
Syntax: cis
Description: Mode of operation for the auto-reply facility (currently only vacation is supported) for the user described by the entry.
Syntax: cis
Description: The subject line of an auto-reply message from the user described by the entry. If it contains the token $SUBJECT, it is replaced by the subject line of the incoming message.
Syntax: cis
Description: The body of an auto-reply message from the user described by the entry. If the text contains the tokens $SUBJECT or $BODY, they are replaced by the subject line or body from the incoming message. Use '$' as the line-separator.
Syntax: cis
Description: The body of an auto-reply message from the user described by the entry, for use within the organization. If the text contains the tokens $SUBJECT or $BODY, they are replaced by the subject line or body from the incoming message. Use '$' as the line-separator.
Syntax: ces
Description: The name of a file. Mail delivered to the user whose entry contains this attribute is appended to this file.
Syntax: cis
Description: One or more delivery options:
mailbox - deliver mail to the message store mailbox specified by the mailMessageStore attribute
shared - deliver mail to the message store shared-mailbox specified by the mailMessageStore attribute
native - deliver mail to a Unix filesystem mailbox
autoreply - deliver mail to an auto-reply facility (for example, vacation mail)
program - deliver mail to the Unix program specified by the mailProgramDeliveryInfo attribute
forward - forward mail to the address specified by the mailForwardingAddress attribute
file - append mail to the file specified by the mailDeliverFile attribute
Email received by the user described by the entry is delivered according to the options selected.
Syntax: cis
Description: The message store for a user's mail folders. The value must be one of the following:
UNIX V7 - UNIX V7 message store (also known as the /var/mail message store)
Sun-MS - Sun Internet Mail message store
Syntax: cis
Description: Forward mail received by the user described by the entry to the specified email address (RFC-822 format).
Syntax: cis
Description: The hostname of the SMTP/MIME mail server of the user described by the entry, including the full domain name.
Syntax: ces
Description: The filesystem location for the inbox of the user described by the entry.
Syntax: ces
Description: One or more commands, with arguments, to be executed when a message is delivered to the user whose entry contains this attribute if the attribute mailDeliveryOptions contains the value program.
Syntax: cis
Description: The maximum size (in bytes) of the message store of the user described by the entry. A value of zero denotes an unlimited message store.
Syntax: dn
Description: The distinguished name of the manager of the person or object described by the entry.
Syntax: cis
Description: Specifies the matching rules allowed in the schema.
Syntax: cis
Description: Specifies how matching rules are used in the schema.
Syntax: cis
Description: A timestamp used during Legacy Mail directory synchronization.
Syntax: dn
Description: The distinguished name of a member of the distribution list described by the entry.
Syntax: cis
Description: The uid name of a member of the Posix group described by the entry.
Syntax: cis
Description: The name of a member of the netgroup described by the entry.
Syntax: cis
Description: The middle name of the person described by the entry.
Syntax: tel
Description: The telephone number of the mobile phone used by the person described in the entry.
Syntax: dn
Description: The DN of the person who modified the entry . This attribute is single-valued.
Syntax: utctime
Description: A timestamp that indicates the time at which the entry was modified. This attribute is single-valued.
Syntax: cis
Description: The address of a user of the MR mail system.
Syntax: cis
Description: Used to route email messages through a Microsoft Mail channel. It stores a copy of the email addresses in the preferredMSMailOriginator and preferredMSMailRecipient attributes.
Syntax: cis
Description: Specifies the name forms allowed in the schema.
Syntax: dn
Description: Specifies the master and slave naming contexts stored on the server.
Syntax: cis
Description: The electronic mail address of a user of the NMG70 mail system.
Syntax: cis
Description: The electronic mail address of a user of the NMG mail system.
Syntax: ces
Description: Contains a record in the NIS map described by the entry. This attribute is single-valued.
Syntax: ces
Description: Specifies the name of the NIS map described by the entry. This attribute is single-valued.
Syntax: cis
Description: Represents a triple of the form hostname/username/domainname associated with the netgroup described by the entry.
Syntax: ces
Description: Represents the group id associated with a record in the netid.byname map.
Syntax: ces
Description: Represents the hostname associated with a record in the netid.byname map.
Syntax: ces
Description: Represents the user id associated with a record in the netid.byname map.
Syntax: cis
Description: The object class of the type of entry.
Syntax: cis
Description: Specifies the object classes allowed in the schema.
Syntax: cis
Description: Used during Legacy Mail directory synchronization to denote a deleted entry.
Syntax: cis
Description: Information identifying a document that makes the document described in the entry obsolete.
Syntax: cis
Description: Information identifying a document that is made obsolete by the document described in the entry.
Syntax: long
Description: RPC number of the RPC service described by the entry. This attribute is single-valued.
Syntax: cis
Description: The name of the organization to which the object described by the entry belongs.
Syntax: dn
Description: The distinguished name of an entry describing the person responsible for the distribution list described by the entry.
Syntax: ces
Description: The name of the file to which mail addressed to the owner of the distribution list described by the entry is appended.
Syntax: ces
Description: Delivery options for mail addressed to owner-listname. The values must be one of the following:
mailbox: deliver mail to a message store mailbox
shared: deliver mail to a message store shared mailbox
native: deliver mail to a UNIX filesystem mailbox
autoreply: deliver mail to the autoreply facility, such as a vacation mailer
program: deliver mail to the UNIX program specified as the value of the attribute ownerProgramDeliveryInfo
forward: forward mail to another recipient
file: append mail to the file specified as a value of the attribute ownerDeliveryFile
Syntax: ces
Description: Mail addressed to the owner of a distribution list is delivered to this program. Specifies one or more commands, with arguments, to use in program delivery. Use '$' as the line-separator.
Syntax: tel
Description: The telephone number of the pager of the person described by the entry.
Syntax: tel
Description: The telephone number of the mobile phone belonging personally to the person described by the entry.
Syntax: tel
Description: The telephone number of the pager belonging personally to the person described by the entry.
Syntax: bin
Description: The signature of the person described by the entry.
Syntax: cis
Description: The title of the person described by the entry, for example, Doctor, or Ms.
Syntax: bin
Description: A photograph of, or associated with, the object described by the entry.
Syntax: cis
Description: The mailstop of the object described by the entry.
Syntax: cis
Description: The postal address of the object described by the entry.
Syntax: cis
Description: The postal code of the object described by the entry.
Syntax: cis
Description: The post office box of the object described by the entry.
Syntax: cis
Description: The email address for routing through a Lotus CC:mail channel.
Syntax: cis
Description: The native Lotus CC:mail address.
Syntax: cis
Description: Preferred delivery method for communication with the object described by the entry. This attribute is single-valued.
Syntax: cis
Description: The preferred language for communication with the person described by the entry. This attribute is single-valued.
Syntax: cis
Description: The email address used for routing through a Lotus Notes channel.
Syntax: cis
Description: The native Lotus Notes mail address.
Syntax: cis
Description: The email address used for routing through a Mail-11 channel.
Syntax: cis
Description: The native Mail-11 mail address.
Syntax: cis
Description: The email address used for routing through a Mail Relay (MR) channel.
Syntax: cis
Description: The native MR mail address.
Syntax: cis
Description: The email address for routing through a Microsoft Mail channel.
Syntax: cis
Description: The native Microsoft Mail address.
Syntax: cis
Description: The email address used for routing through a Novell Groupwise Mail 7.0 (NMG70) channel.
Syntax: cis
Description: The native NMG70 address.
Syntax: cis
Description: The email address used for routing through a Novell Groupwise Mail (NMG) channel.
Syntax: cis
Description: The email address for routing through an IBM PROFS channel.
Syntax: cis
Description: The native IBM PROFS address.
Syntax: cis
Description: The user's internal email address (RFC-822 format).
Syntax: cis
Description: The presentation address of the object described by the entry. This attribute is single-valued.
Syntax: cis
Description: Used to route email messages through an IBM PROFS channel. It stores a copy of the email addresses in the preferredPROFSOriginator and preferredPROFSRecipient attributes.
Syntax: ces
Description: Created dynamically in a remote user's entry when an access request is rejected. This counter is incremented by 1 at each failed attempt. The user account is blocked when this counter reaches the blocking value specified in the configuration (by default, 4). This attribute is single-valued.
Syntax: ces
Description: Indicates the expiration date for the password stored in the radiusLoginPasswd attribute. The radiusLoginExpiration attribute is single-valued.
Syntax: ces
Description: Password provided by the remote user to gain access to the network through the LOGIN protocol. This attribute is single-valued.
Syntax: ces
Description: Flag with value 0 or 1. Value 1 indicates to check the password supplied by the user against the password stored in the radiusLoginPasswd attribute. Value 0 disables this check. The radiusLoginProfile attribute is single-valued.
Syntax: ces
Description: Indicates the expiration date for the password stored in the radiusPppPasswd attribute. The radiusPppExpiration attribute is single-valued.
Syntax: ces
Description: Password provided by the remote user to gain access to the network through the PPP protocol This attribute is single-valued.
Syntax: ces
Description: Flag with value 0 or 1. Value 1 indicates to check the password supplied by the user against the password stored in the radiusPppPasswd attribute. Value 0 disables this check. The radiusPppProfile attribute is single-valued.
Syntax: ces
Description: Indicates the expiration date for the password stored in the radiusSlipPasswd attribute. The radiusSlipExpiration attribute is single-valued.
Syntax: ces
Description: Password provided by the remote user to gain access to the network through the SLIP protocol. This attribute is single-valued.
Syntax: ces
Description:Flag with value 0 or 1. Value 1 indicates to check the password supplied by the user against the password stored in the radiusSlipPasswd attribute. Value 0 disables this check. The radiusSlipProfile attribute is single-valued.
Syntax: ces
Description: Provides a pointer to a subtree or entry in the DIT stored on a different data store. The pointer is a URL of the form "ldap://hostname[:port]/DN", where hostname is the name of the host where the data store resides, port is the LDAP port number (by default port 389), and DN is the data store suffix.
Syntax: cis
Description: The registered postal address of the entity described by the entry.
Syntax: cis
Description: The name of the manager of the user described by the entry.
Syntax: ces
Description: The name of a file to which requests to be added to the distribution list described by the entry are appended.
Syntax: cis
Description: One or more delivery options for mail addressed to listname-request:
mailbox - deliver mail to a message store mailbox
shared - deliver mail to a message store shared-mailbox
native - deliver mail to a UNIX filesystem mailbox
autoreply - deliver mail to an auto-reply facility (for example, vacation mail)
program - deliver mail to a UNIX program
forward - forward mail to another address
file - append mail to a file
Syntax: ces
Description: Mail addressed to listname-request is delivered to this program. Specifies one or more commands, with arguments, to use in program delivery. Use $ as the line-separator.
Syntax: cis
Description: The email addresses of users authorized to post to the list.
Syntax: cis
Description: Stores all the email addresses (RFC-822 format) defined for the user. It stores a copy of the email addresses in the mail and preferredRfc822Recipient attributes.
Syntax: ces
Description: Stores the email addresses (RFC-822 format) defined for members of the list.
Syntax: cis
Description: The email address of the owner of the list.
Syntax: cis
Description: The email addresses of users not authorized to post to the list.
Syntax: cis
Description: Information identifying the object or person fulfilling the role described by the entry.
Syntax: cis
Description: The number of the room where the object described by the entry is located.
Syntax: cis
Description: Information to facilitate searching for information contained in the entry.
Syntax: dn
Description: The distinguished name of the secretary of the person or organization described by the entry.
Syntax: dn
Description: The distinguished name of an entry that contains information that is also of interest to anyone interested in the object described by this entry.
Syntax: cis
Description: The serial number of the device described by the entry.
Syntax: ces
Description: Sets the maximum number of seconds of service to be provided to the user described in the entry before the session is shut down.
Syntax: long
Description: Indicates the number of days between January 1, 1970 and the day when the user password was last changed in the /etc/shadow file. This attribute is single-valued.
Syntax: long
Description: Indicates the date on which the user login will be disabled. This attribute is single-valued.
Syntax: long
Description: Reserved attribute, not currently in use.
Syntax: long
Description: Indicates the number of days of inactivity allowed for the user. This attribute is single-valued.
Syntax: long
Description: Indicates the maximum number of days for which the user password remains valid. This attribute is single-valued.
Syntax: long
Description: Indicates the minimum number of days required between password changes. This attribute is single-valued.
Syntax: long
Description: The number of days of advance warning given to the user before the user password expires. This attribute is single-valued.
Syntax: ces
Description: Specifies the shared secret used by the network access server (NAS) described by the entry during RADIUS authentication. This attribute is single-valued.
Syntax: cis
Description: The name of the state, province, or geographical area within a country where the object described by the entry resides.
Syntax: cis
Description: The subject of the document described by the entry.
Syntax: dn
Description: The DN of the subschema entry or subentry that contains the attributes specifying the schema. This attribute is single-valued.
Syntax: cis
Description: Indicates whether the NIS/LDAP server must maintain the map described by the entry in plain NIS format. The possible values of this attribute are Enabled or Disabled. It is usually Enabled for a master server, and Disabled for a slave server. The value automatically changes to Disabled for a map that exceeds 50 000 entries. This attribute is single-valued.
Syntax: cis
Description: Indicates that the server must look up DNS for hostnames and addresses not found in the NIS tables. The possible values of this attribute are Enabled or Disabled. This attribute is created with the value Enabled when you run the dsypinit command with option -b. This attribute is single-valued.
Syntax: ces
Description: Gives the name of the NIS domain to which the map described by the entry belongs. This attribute is single-valued.
Syntax: ces
Description: Stores the value of a special NIS key called YP_INPUT_FILE. This attribute is single-valued.
Syntax: cis
Description: Adding this attribute to the entry launches a reload of the map described by the entry. It builds the map from the entries already present in the directory. This attribute is single-valued, and you can give it any value. This attribute is automatically removed when the reload of the map is complete. Creating this attribute is equivalent to running the dsypinit command with option -l.
Syntax: ces
Description: Gives the full name of a Sun NIS map with the domain name as suffix. This attribute is single-valued.
Syntax: cis
Description: Indicates whether the map described by the entry is supported by the server. The possible values of this attribute are Enabled and Disabled. Enabled indicates that the map is supported by the server, Disabled that it is not. This attribute is single-valued.
Syntax: ces
Description: Specifies the hostname of the master server for the map described by the entry. This attribute is single-valued.
Syntax: ces
Description: Stores the value of a special NIS key called YP_OUTPUT_FILE . This attribute is single-valued.
Syntax: cis
Description: Sets the security mode for the map described by the entry. The possible values of this attribute are Secure and Insecure. When set to Secure, the server will accept connections from secure networks only. This attribute is single-valued. Setting this attribute to Secure is equivalent to running the dsypinit command with the option -r.
Syntax: cis
Description: Specifies the algorithms that the server supports.
Syntax: cis
Description: An application context supported by the application entity described by the entry.
Syntax: cis
Description: Specifies the LDAP v3 controls that the server supports.
Syntax: int
Description: Specifies the LDAP version that the server supports.
Syntax: cis
Description: Specifies the LDAP v3 extensions that the server supports.
Syntax: cis
Description: Specifies the Simple Authentication Security Layer (SASL) mechanisms that the server supports.
Syntax: tel
Description: Telephone number (in international format).
Syntax: cis
Description: The teletex terminal identifier and, optionally, parameters for a teletex terminal associated with the object described by the entry.
Syntax: cis
Description: Telex number, country code and answerback code of a telex terminal. Dollar($)-separated string.
Syntax: cis
Description: The X.400 electronic mail originator/recipient address (ORAddress) of the user described in the entry.
Syntax: bin
Description: A thumbnail photograph of, or associated with, the object described by the entry.
Syntax: bin
Description: A thumbnail logo associated with the object described by the entry.
Syntax: cis
Description: The title of the person described by the entry, for example, Doctor, or Ms.
Syntax: long
Description: An integer that uniquely identifies a user in an administrative domain. This attribute is single-valued.
Syntax: cis
Description: A domain name from which users are not authorized to post to the list.
Syntax: cis
Description: The registered users not authorized to post messages to the list.
Syntax: cis
Description: A unique identifier for the object described by the entry.
Syntax: cis
Description: A unique member of the group described by the entry.
Syntax: cis
Description: Information identifying a document that updates the document described by the entry.
Syntax: cis
Description: Information identifying a document that is updated by the document described by the entry.
Syntax: ces
Description: Indicates a name of a place to be called. This attribute is interpreted by the NAS.
Syntax: ces
Description: Indicates a dialing string to use for callback to provide service to the user.
Syntax: cis
Description: A certificate containing the public key of the user described by the entry.
Syntax: cis
Description: Attribute for use by the user.
Syntax: cis
Description: Attribute for use by the user.
Syntax: cis
Description: Attribute for use by the user.
Syntax: cis
Description: Attribute for use by the user.
Syntax: protected
Description: The password that the user described by the entry uses to gain access to the entry.
Syntax: bin
Description: The Secure MIME certificate of the user described by the entry.
Syntax: cis
Description: An address as defined by ITU Recommendation X.121.
Syntax: cis
Description: A unique identifier for the object described by the entry.