1
Scope
2
Normative references
2.1
Identical Recommendations | International Standards
2.2
Paired Recommendations | International Standards equivalent in technical
content
2.3
Other references
3
Definitions
3.1
Communication definitions
3.2
Basic Directory definitions
3.3
Distributed operation definitions
3.4
Replication definitions
4
Abbreviations
5
Conventions
6
Directory Models
6.1
Definitions
6.2
The Directory and its users
6.3
Directory and DSA Information Models
6.4
Directory Administrative Authority Model
7
Directory Information Base
7.1
Definitions
7.2
Objects
7.3
Directory entries
7.4
Directory Information Tree (DIT)
8
Directory entries
8.1
Definitions
8.2
Overall structure
8.3 Object
classes
8.4 Attribute
types
8.5 Attribute
values
8.6 Attribute
type hierarchies
8.7 Friend attributes
8.8 Contexts
8.9
Matching rules
8.10
Entry collections
8.11
Compound entries and families of entries
9
Names
9.1
Definitions
9.2
Names in general
9.3
Relative distinguished name
9.4
Name matching
9.5
Distinguished names
9.6
Alias names
10 Hierarchical
groups
10.1
Definitions
10.2
Hierarchical relationship
10.3
Sequential ordering of a hierarchical group
11
Directory Administrative Authority model
11.1
Definitions
11.2
Overview
11.3
Policy
11.4
Specific administrative authorities
11.5
Administrative areas and administrative points
11.6 DIT
Domain policies
11.7 DMD
policies
12
Model of Directory Administrative and Operational Information
12.1
Definitions
12.2
Overview
12.3
Subtrees
12.4
Operational attributes
12.5
Entries
12.6
Subentries
12.7
Information model for collective attributes
12.8
Information model for context defaults
13
Directory Schema
13.1
Definitions
13.2
Overview
13.3
Object class definition
13.4
Attribute type definition
13.5
Matching rule definition
13.6
Relaxation and tightening
13.7 DIT
structure definition
13.8 DIT
content rule definition
13.9
Context type definition
13.10
DIT Context Use definition
13.11
Friends definition
13.12
Syntax definitions
14
Directory System Schema
14.1
Overview
14.2
System schema supporting the administrative and operational information
model
14.3
System schema supporting the administrative model
14.4
System schema supporting general administrative and operational
requirements
14.5
System schema supporting access control
14.6
System schema supporting the collective attribute model
14.7
System schema supporting context assertion defaults
14.8
System schema supporting the service administration model
14.9
System schema supporting password administration
14.10
System schema supporting hierarchical groups
14.11
Maintenance of system schema
14.12
System schema for first-level subordinates
15
Directory schema administration
15.1
Overview
15.2
Policy objects
15.3
Policy parameters
15.4
Policy procedures
15.5
Subschema modification procedures
15.6
Entry addition and modification procedures
15.7
Subschema policy attributes
16
Service Administration Model
16.1
Definitions
16.2
Service-type/user-class model
16.3
Service-specific administrative areas
16.4
Introduction to search-rules
16.5
Subfilters
16.6
Filter requirements
16.7
Attribute information selection based on search-rules
16.8
Access control aspects of search-rules
Page
16.9
Contexts aspects of search-rules
16.10
Search-rule specification
16.11
Matching restriction definition
16.12
Search-validation function
17
Security model
17.1
Definitions
17.2
Security policies
17.3
Protection of Directory operations
18
Basic Access Control
18.1
Scope and application
18.2
Basic Access Control model
18.3
Access control administrative areas
18.4
Representation of Access Control Information
18.5
ACI operational attributes
18.6
Protecting the ACI
18.7
Access control and Directory operations
18.8
Access Control Decision Function
18.9
Simplified Access Control
19
Rule-based Access Control
19.1
Scope and application
19.2
Rule-based Access Control model
19.3
Access control administrative areas
19.4
Security Label
19.5
Clearance
19.6
Access Control and Directory operations
19.7
Access Control Decision Function
19.8
Use of Rule-based and Basic Access Control
20
Data Integrity in Storage
20.1
Introduction
20.2
Protection of an Entry or Selected Attribute Types
20.3
Context for Protection of a Single Attribute Value
21
DSA Models
21.1
Definitions
21.2
Directory Functional Model
21.3
Directory Distribution Model
22
Knowledge
22.1
Definitions
22.2
Introduction
22.3
Knowledge References
22.4
Minimum Knowledge
22.5
First Level DSAs
22.6
Knowledge references to LDAP servers
23
Basic Elements of the DSA Information Model
23.1
Definitions
23.2
Introduction
23.3
DSA Specific Entries and their Names
23.4
Basic Elements
24
Representation of DSA Information
24.1
Representation of Directory User and Operational Information
24.2
Representation of Knowledge References
24.3
Representation of Names and Naming Contexts
25
Overview
25.1
Definitions
25.2
Introduction
26
Operational bindings
26.1
General
26.2
Application of the operational framework
26.3
States of cooperation
27
Operational binding specification and management
27.1
Operational binding type specification
27.2
Operational binding management
27.3
Operational binding specification templates
28
Operations for operational binding management
28.1
Application-context definition
28.2
Establish Operational Binding operation
28.3
Modify Operational Binding operation
28.4
Terminate Operational Binding operation
28.5
Operational Binding Error
28.6
Operational Binding Management Bind and Unbind
29
Overview
29.1
Definitions
29.2
Introduction
30
LDAP interworking model
30.1
LDAP interworking scenarios
30.2
Overview of bound DSA handling LDAP operations
30.3
General LDAP requestor characteristics
30.4
LDAP extension mechanisms
31
LDAP specific system schema
31.1
Operational Attribute types from IETF RFC 4512
Annex A – Object identifier usage
Annex B – Information framework in ASN.1
Annex C – Subschema administration in ASN.1
Annex D – Service administration in ASN.1
Annex E – Basic Access Control in ASN.1
Annex F – DSA operational attribute types in ASN.1
Annex G – Operational binding management in ASN.1
Annex H – Enhanced security in ASN.1
Annex I – LDAP system schema
Annex J – The mathematics of trees
Annex K – Name design criteria
Annex L – Examples of various aspects of schema
L.1
Example of an attribute hierarchy
L.2
Example of a subtree specification
L.3
Schema specification
L.4
DIT content rules
L.5
DIT context use
Annex M – Overview of basic access control permissions
M.1
Introduction
M.2
Permissions required for operations
M.3
Permissions affecting error
M.4
Entry level permissions
M.5
Entry level permissions
Annex N – Examples of access control
Page
N.1
Introduction
N.2
Design principles for Basic Access Control
N.3
Introduction to example
N.4
Policy affecting the definition of specific and inner areas
N.5
Policy affecting the definition of Directory Access Control Domains
(DACDs)
N.6
Policy expressed in prescriptiveACI attributes
N.7
Policy expressed in subentryACI attributes
N.8
Policy expressed in entryACI attributes
N.9
ACDF examples
N.10
Rule-based access control
Annex O – DSE type combinations
Annex P – Modelling of knowledge
Annex Q – Subfilters
Annex R – Compound entry name patterns and their use
Annex S – Naming concepts and considerations
S.1
History tells us …
S.2
A new look at name resolution
Annex T – Alphabetical index of definitions
Annex U – Amendments and corrigenda