Sun Directory Services 3.1 Administration Guide

Object Class Reference

This section contains an alphabetical list of the object classes accepted by the default schema, except for pilot project object classes described in RFC 1274 The COSINE and Internet X.500 Schema. It explains the purpose of each object class, and gives the list of mandatory and optional attributes specific to the particular object class. An object class also inherits the mandatory and optional attributes from its superior object class. Inherited attributes are not listed.

The keyword frozen after the object class name indicates that this object class is used by a component of Sun Internet Mail Server, or by a component of Sun Directory Services. You cannot change a frozen object class definition using the Admin Console. If you change the definition of such an object class, ensure that your changes do not prevent the Sun Internet Mail Server and the Sun Directory Services components from using objects of this class.

account

Description: Used to define entries representing a user account.
Superior object class: top
Mandatory attribute: uid
Optional attributes: description, host, l, o, ou, seeAlso

alias (frozen)

Description: An alternative name for an object located under the same data store suffix.
Superior object class: top
Mandatory attribute: aliasedObjectName

Note -

It is preferable to avoid using the alias object class and use instead the aliasObject subclass. This is because the alias object class only allows the full DN of the aliased object as its naming attribute, and not just the RDN.

aliasObject

Description: An alternative name for an object located under the same data store suffix.
Superior object class: alias
Optional attributes: * (allows any attribute)

Note -

The attributes in the aliasObject entry must include the naming attribute of the entry. The naming attribute should be the same as for the aliased object.

applicationEntity

Description: Used to define an entry representing an application entity.
Superior object class: top
Mandatory attributes: cn, presentationAddress
Optional attributes: description, l, o, ou, seeAlso, supportedApplicationContext

applicationProcess

Description: Used to define an entry representing an application process.
Superior object class: top
Mandatory attribute: cn
Optional attributes: description, l, ou, seeAlso

automount

Description: Used to define an entry representing an NIS automount record.
Superior object class: top
Mandatory attributes: cn, automountInformation
Optional attribute: description

bootableDevice (auxiliary object class)

Description: Used to define an entry representing any device that requires boot parameters. Used to import information from the /etc/bootparams file. It is an auxiliary object class, which means that it should be used in conjunction with a structural object class.
Superior object class: device
Optional attribute: bootFile, bootParameter

certificationAuthority (auxiliary object class)

Description: Used to define entries representing objects that act as certification authorities. It is an auxiliary object class, which means that it should be used in conjunction with a structural object class.
Superior object class: top
Mandatory attributes: authorityRevocationList, cACertificate, certificateRevocationList
Optional attribute: crossCertificatePair

certificationAuthority-V2 (auxiliary object class)

Description: Used to define entries representing objects that act as certification authorities for version 2. It is an auxiliary object class, which means that it should be used in conjunction with a structural object class.
Superior object class: certificationAuthority
Optional attribute: crossCertificatePair

country

Description: Identifies country entries in the directory.
Superior object class: top
Mandatory attribute: c
Optional attributes: description, searchGuide

cRLDistributionPoint

Description: Used to define an entry that provides a service for certification authority revocation lists.
Superior object class: top
Mandatory attribute: cn
Optional attributes: authorityRevocationList, certificateRevocationList, deltaRevocationList

device

Description: Used to define an entry representing a device (for example a modem or CD-ROM drive).
Superior object class: top
Mandatory attribute: cn
Optional attributes: description, l, o, ou, owner, seeAlso, serialNumber

dcObject (auxiliary object class)

Description: Used to define an entry representing a domain component, that is a component in the dot-separated sequence that forms a domain name. It is an auxiliary object class, which means that it should be used in conjunction with a structural object class.
Superior object class: top
Mandatory attribute: dc

dmd

Description: Used to define an entry that represents a directory management domain (DMD), that is the authority responsible for a particular directory server.
Superior object class: top
Mandatory attribute: dmdName
Optional attributes: businessCategory, description, destinationIndicator, facsimileTelephoneNumber, internationaliSDNNumber, l, physicalDeliveryOfficeName, postOfficeBox, postalAddress, postalCode, preferredDeliveryMethod, registeredAddress, searchGuide, seeAlso, st, street, telephoneNumber, userPassword, x121Address

dNSDomain

Description: Used to define entries representing a DNS domain.
Superior object class: domain
Optional attribute: dNSRecord

document

Description: Used to define an entry representing a document.
Superior object class: pilotObject
Mandatory attribute: documentIdentifier
Optional attributes: abstract, cn, description, documentAuthor, documentAuthorCommonName, documentAuthorSurname, documentLocation, documentPublisher, documentStore, documentTitle, documentVersion, keywords, l, o, obsoletedByDocument, obsoletesDocument, ou, seeAlso, subject, updatedByDocument, updatesDocument

documentSeries

Description: Used to define an entry representing a series of related documents.
Superior object class: top
Mandatory attributes: cn
Optional attributes: description, l, o, ou, seeAlso, telephoneNumber

domain

Description: Used to define an entry representing a domain.
Superior object class: top
Mandatory attribute: dc
Optional attributes: associatedName, businessCategory, description, destinationIndicator, facsimileTelephoneNumber, internationaliSDNNumber, l, o, physicalDeliveryOfficeName, postOfficeBox, postalAddress, postalCode, preferredDeliveryMethod, registeredAddress, searchGuide, seeAlso, st, street, telephoneNumber, teletexTerminalIdentifier, telexNumber, userPassword, x121Address

domainRelatedObject

Description: Used to define an entry related to a domain.
Superior object class: top
Mandatory attribute: associatedDomain

dSA

Description: Used to define an entry representing a directory system agent (DSA) or any directory server.
Superior object class: applicationEntity
Optional attribute: knowledgeInformation

emailGroup

Description: Used to define an entry representing an electronic mail distribution list that uses aliases(4) format.
Superior object class: top
Mandatory attributes: cn
Optional attributes: authorizedDomain, authorizedSubmitter, dataSource, expandable, mailDeliveryFile, mailDeliveryOption, mailProgramDeliveryInfo, mailHost, ownerDeliveryFile, ownerDeliveryOption, ownerProgramDeliveryInfo, requestsToDeliveryFile, requestsToDeliveryOption, requestsToProgramDeliveryInfo, rfc822AuthorizedSubmitter, rfc822MailMember, rfc822Owner, rfc822UnauthorizedSubmitter, unauthorizedDomain, unauthorizedSubmitter

emailPerson (frozen)

Description: Used to define an entry for a person who uses electronic mail.
Superior object class: inetOrgPerson
Mandatory attributes: cn, objectClass
Optional attributes: assistant, channelName, channelType, dataSource, generationQualifier, freeFormName, homeDirectory, homeFacsimileTelephoneNumber, mail, mailAutoReplyExpirationDate, mailAutoReplyMode, mailAutoReplySubject, mailAutoReplyText, mailAutoReplyTextInternal, mailDeliveryFile, mailDeliveryOption, mailFolderMap, mailForwardingAddress, mailHost, mailMessageStore, mailProgramDeliveryInfo, mailQuota, objectStatus, preferredRfc822Recipient, reportsTo, rfc822Mailbox, userDefinedAttribute1, userDefinedAttribute2, userDefinedAttribute3, userDefinedAttribute4

friendlyCountry

Description: Used to allow friendlier naming of country entries than with the object class country. The naming attribute of object class country, countryName, has to be a 2 letter string defined in ISO 3166.
Superior object class: country
Mandatory attribute: co

gatewayCCMailUser (frozen)

Description: Used to define an entry representing a user of Lotus CC:Mail.
Superior object class: top
Optional attributes: cCMailAddresses, preferredCCMailOriginator, preferredCCMailRecipient

gatewayChannel (frozen)

Description: Used to define an entry representing a legacy mail gateway channel.
Superior object class: top
Mandatory attributes: channelName
Optional attributes: ackedSequenceNumber, channelType, currentSequenceNumber, maxLastModifiedTime, objectStatus, seeAlso, userPassword

gatewayDocConvPreference (frozen)

Description: Used to store preferences for document conversion for a gateway user.
Superior object class: top
Optional attribute: docConvPreference

gatewayLotusNotesUser (frozen)

Description: Used to define an entry representing a user of Lotus Notes.
Superior object class: top
Optional attributes: lotusNotesAddresses, preferredLotusNotesOriginator, preferredLotusNotesRecipient

gatewayMail11User (frozen)

Description: Used to define an entry representing a user of Mail-11 (DEC).
Superior object class: top
Optional attributes: mail11Addresses, preferredMail11Originator, preferredMail11Recipient

gatewayMrUser (frozen)

Description: Used to define an entry representing a user of the legacy Mail Relay (MR) mail system.
Superior object class: top
Optional attributes: mrAddresses, preferredMrOriginator, preferredMrRecipient

gatewayMSMailUser (frozen)

Description: Used to define an entry representing a user of Microsoft Mail.
Superior object class: top
Optional attributes: mSMailAddresses, preferredMSMailOriginator, preferredMSMailRecipient

gatewayNGMUser (frozen)

Description: Used to define an entry representing a user of the legacy Novell Groupwise Mail (NGM) mail system.
Superior object class: top
Optional attributes: nGMAddresses, preferredNGMOriginator, preferredNGMRecipient

gatewayNGM70User (frozen)

Description: Used to define an entry representing a user of the legacy Novell Groupwise Mail 7.0 (NGM70) mail system.
Superior object class: top
Optional attributes: nGM70Addresses, preferredNGM70Originator, preferredNGM70Recipient

gatewayPROFSUser (frozen)

Description: Used to define an entry representing a user of IBM PROFS.
Superior object class: top
Optional attributes: pROFSAddresses, preferredPROFSOriginator, preferredPROFSRecipient

groupOfNames

Description: Used to define entries representing an unordered set of names of objects or other groups.
Superior object class: top
Mandatory attributes: cn, member
Optional attributes: businessCategory, description, o, ou, owner, seeAlso

groupOfUniqueNames

Description: Used to define entries representing an unordered set of names of objects or other groups. Each name in the set is unique in the directory.
Superior object class: top
Mandatory attributes: cn, uniqueMember
Optional attributes: businessCategory, description, o, ou, owner, seeAlso

ieee802Device (auxiliary object class)

Description: Used to define entries representing any device that has a MAC address. Used to import information from the /etc/ethers file. It is an auxiliary object class, which means that it should be used in conjunction with a structural object class.
Superior object class: device
Optional attributes: macAddress

inetOrgPerson

Description: Used to define an entry for a person who uses the Internet and belongs to an organization.
Superior object class: organizationalPerson

Optional attributes: audio, businessCategory, carLicense, departmentNumber, employeeNumber, employeeType, givenName, homePhone, homePostalAddress, initials, jpegPhoto, labeledURI, mail, manager, mobile, pager, photo, preferredLanguage, roomNumber, secretary, uid, userCertificate, userSMIMECertificate, x500uniqueIdentifier

ipHost (auxiliary object class)

Description: Used to describe a device that has an IP address. Used to import information from the /etc/hosts file. It is an auxiliary object class, which means that it should be used in conjunction with a structural object class.
Superior object class: top
Mandatory attributes: cn, ipHostNumber
Optional attributes: description, bootFile, bootParameter, l, macAddress, manager, serialNumber

ipProtocol

Description: Used to define an entry that describes an IP protocol. Used to import information from the /etc/protocols file.
Superior object class: top
Mandatory attributes: cn, ipProtocolNumber
Optional attribute: description

ipNetwork

Description: Used to define an entry that describes an IP network. Used to import information from the /etc/networks file.
Superior object class: top
Mandatory attributes: cn, ipNetworkNumber
Optional attributes: description, ipNetmaskNumber, l, manager

ipService

Description: Used to define an entry that represents an IP service.
Superior object class: top
Mandatory attributes: cn, ipServicePort, ipServiceProtocol
Optional attribute: description

labeledURIObject (auxiliary object class)

Description: Used to define an entry that describes a resource on the network that is identified by a URI. It is an auxiliary object class, which means that it should be used in conjunction with a structural object class.
Superior object class: top
Optional attribute: labeledURI

locality

Description: Used to define entries that describe locality.
Superior object class: top
Optional attributes: description, locality, searchGuide, seeAlso, st, street

nas

Description: Used to define a Network Access Server used in the context of RADIUS authentication.
Superior object class: device
Mandatory attributes: iphostnumber, sharedKey
Optional attributes: dictionaryFile, acctattrFile

nisMailAlias

Description: Used to define an entry that represents an NIS mail.aliases record. Used to import information from the /etc/mail/aliases file.
Superior object class: top
Mandatory attribute: cn
Optional attribute: rfc822MailMember

nisMap

Description: Used to define an entry that represents an NIS map.
Superior object class: top
Mandatory attribute: nisMapName
Optional attribute: description

nisNetGroup

Description: Used to define an entry that represents an NIS netgroup record. Used to import information from the /etc/netgroup file.
Superior object class: top
Mandatory attribute: cn
Optional attributes: description, memberNisNetGroup, nisNetGroupTriple

nisNetId

Description: Used to define an entry that represents an NIS netid.byname record.
Superior object class: top
Mandatory attribute: cn
Optional attribute: nisNetIdGroup, nisNetIdHost, nisNetIdUser

nisObject

Description: Used to define an entry in the directory that represents an entry in an NIS map. The NIS key is stored in the cn attribute.
Superior object class: top
Mandatory attribute: nisMapName
Optional attributes: cn, description, nisMapEntry

nisSunObject

Description: Used to define an entry in the directory that represents an entry in an NIS map. This object class is used in the generic NIS map definition in Sun Directory Services. The NIS key is stored in the sunNisKey attribute.
Superior object class: top
Mandatory attribute: nisMapName
Optional attributes: cn, description, nisMapEntry, sunNisKey

oncRpc

Description: Used to define an entry that represents an Open Network Computing (ONC) remote procedure call (RPC). Used to import information from the /etc/rpc file.
Superior object class: top
Mandatory attributes: cn, oncRpcNumber
Optional attribute: description

organization

Description: Used to define organization entries in the directory.
Superior object class: top
Mandatory attributes: o
Optional attributes: businessCategory, description, destinationIndicator, facsimileTelephoneNumber, internationaliSDNNumber, l, physicalDeliveryOfficeName, postOfficeBox, postalAddress, postalCode, preferredDeliveryMethod, registeredAddress, searchGuide, seeAlso, st, street, telephoneNumber, teletexTerminalIdentifier, telexNumber, userPassword, x121Address

organizationalPerson

Description: Used to define entries representing people employed by, or in some way associated with, an organization.
Superior object class: person
Optional attributes: destinationIndicator, facsimileTelephoneNumber, internationaliSDNNumber, l, ou, physicalDeliveryOfficeName, postOfficeBox, postalAddress, postalCode, preferredDeliveryMethod, registeredAddress, st, street, telephoneNumber, teletexTerminalIdentifier, telexNumber, title, x121Address

organizationalRole

Description: Used to define entries representing a role or position within an organization. An organizationalRole is usually filled by an organizationalPerson, but it can also be filled by a non-human entity.
Superior object class: top
Mandatory attribute: cn
Optional attributes: description, destinationIndicator, facsimileTelephoneNumber, internationaliSDNNumber, l, ou, physicalDeliveryOfficeName, postOfficeBox, postalAddress, postalCode, preferredDeliveryMethod, registeredAddress, roleOccupant, seeAlso, st, street, telephoneNumber, teletexTerminalIdentifier, telexNumber, x121Address

organizationalUnit

Description: Used to define entries representing subdivisions of an organization.
Superior object class: top
Mandatory attributes: ou
Optional attributes: businessCategory, description, destinationIndicator, facsimileTelephoneNumber, internationaliSDNNumber, l, physicalDeliveryOfficeName, postOfficeBox, postalAddress, postalCode, registeredAddress, searchGuide, seeAlso, st, street, telephoneNumber, teletexTerminalIdentifier, telexNumber, userPassword, x121Address

person

Description: Used to define entries representing people.
Superior object class: top
Mandatory attributes: cn, sn
Optional attributes: description, seeAlso, telephoneNumber, userPassword

posixAccount (auxiliary object class)

Description: Used to represent an account defined by POSIX attributes. Used to import information from the /etc/passwd file. It is an auxiliary object class, which means that it should be used in conjunction with a structural object class.
Superior object class: top
Mandatory attributes: cn, uid, uidNumber, gidNumber, homeDirectory
Optional attributes: description, gecos, loginShell, userPassword

posixGroup

Description: Used to define an entry that represents a group of POSIX accounts. Used to import information from the /etc/group file.
Superior object class: top
Mandatory attributes: cn, gidNumber
Optional attributes: description, memberUid, userPassword

referral (frozen)

Description: Used to define an entry that points to another data store.
Superior object class: top
Optional attributes: ref, * (allows any attribute, in particular the same naming attribute as in the RDN of the referenced object)

remoteUser (frozen)

Description: In the context of RADIUS authentication, used to define remote users who access the network through a Network Access Server (NAS).
Superior object class: top
Mandatory attribute: uid
Optional attributes: acctAuthentic, acctDelayTime, acctInputOctet, acctOutputOctet, acctSessionId, acctSessionTime, acctStatusType, acctTerminateCause, authCalleddStationId, authCallingStationId, authFilterId, authHostPortNumber, authHostPortType, authLoginService, authPortLimit, authPrefixName, authReplyMessage, authServiceProtocol, authType, authStartMenuId, authSuffixName, authState, authStopMenuId, authTerminationAction, chapPassword, expirationDate, framedCompression, framedIPAddress, framedMTU, framedRoute, framedRouting, framedProtocol, grpCheckInfo, grpReplyInfo, idleTimeoutNumber, ipHostNumber, ipLoginHost, ipLoginPort, ipNetmaskNumber, ipxNetworkNumber, radiusLoginProfile, radiusPppProfile, radiusSlipProfile, radiusAuthFailedAccess, radiusLoginExpiration, radiusLoginPasswd, radiusPppExpiration, radiusPppPasswd, radiusSlipExpiration, radiusSlipPasswd, dynamicSessionCounter, dynamicSessionId, dynamicIPAddress, sessionTimeoutNumber, userCallbackId, userCallbackNumber, userPassword

residentialPerson

Description: Used to define entries representing a person in the residential environment.
Superior object class: top
Mandatory attribute: l
Optional attributes: businessCategory, destinationIndicator, facsimileTelephoneNumber, internationaliSDNNumber, l, physicalDeliveryOfficeName, postOfficeBox, postalAddress, postalCode, preferredDeliveryMethod, registeredAddress, st, street, telephoneNumber, teletexTerminalIdentifier, telexNumber, x121Address

rFC822LocalPart

Description: Used to define entries which represent the local part of RFC822 mail addresses. This treats this part of an RFC822 address as a domain.
Superior object class: domain
Optional attributes: cn, description, destinationIndicator, facsimileTelephoneNumber, internationaliSDNNumber, l, o, physicalDeliveryOfficeName, postOfficeBox, postalAddress, postalCode, preferredDeliveryMethod, registeredAddress, seeAlso, sn, st, street, telephoneNumber, teletexTerminalIdentifier, telexNumber, userPassword, x121Address

room

Description: Used to define an entry representing a room.
Superior object class: top
Mandatory attribute: cn
Optional attributes: description, roomNumber, seeAlso, telephoneNumber

shadowAccount (auxiliary object class)

Description: Used to represent a user that has a shadow password. It is an auxiliary object class, which means that it may be used in conjunction with any object class.
Superior object class: top
Mandatory attribute: uid
Optional attributes: description, shadowLastChange, shadowMax, shadowMin, shadowWarning, shadowInactive, shadowExpire, shadowFlag, userPassword

simpleSecurityObject

Description: Used to define an entry containing a user password, for simple authentication.
Superior object class: top
Mandatory attribute: userPassword

strongAuthenticationUser (auxiliary object class)

Description: Used to define an entry for an object participating in Strong Authentication. It is an auxiliary object class, which means that it should be used in conjunction with a structural object class.
Superior object class: top
Mandatory attribute: userCertificate

subschema (auxiliary object class)

Description: Used to define an entry that contains the rules governing the schema. It is an auxiliary object class, which means that it should be used in conjunction with a structural object class.
Optional attributes: attributeTypes, dITStructureRules, ditContentRules, matchingRules, matchingRuleUse, nameForms, objectClasses

sunNisMap

Description: Used by the NIS/LDAP server to manage NIS maps. An entry is created for each map stored in the LDAP directory.
Superior object class: top
Mandatory attributes: sunNisDomain, sunNisMapFullName, sunNisMapState, sunNisMaster, sunNisSecurityMode
Optional attributes: description, seeAlso, sunNisDbmCache, sunNisDnsForwarding, sunNisInputFile, sunNisOutputName, sunNisLoadMap

sunNisServer

Description: Used to define an entry that represents an NIS ypservers record. Used to import information from the ypservers file.
Superior object class: top
Mandatory attributes: cn

top

Description: An abstract object class, parent of all others. It ensures that every object class contains the objectClass attribute.
Mandatory attribute: objectClass

uidObject (auxiliary object class)

Description: Used to name an entry with a unique ID. It is an auxiliary object class, which means that it should be used in conjunction with a structural object class.
Superior object class: top
Mandatory attribute: uid

userSecurityInformation (auxiliary object class)

Description: Used to store security information about a user. It is an auxiliary object class, which means that it should be used in conjunction with a structural object class.
Superior object class: top
Optional attribute: supportedAlgorithms