Skip to main content
Directory Server Standards and Specifications
OpenDS Logo

RFCs

Document Description See Also Planned for OpenDS? Implemented in OpenDS?
RFC 1274 The COSINE and Internet X.500 Schema RFC 4524 Yes Yes
RFC 1321 The MD5 Message-Digest Algorithm N/A Yes Yes
RFC 1777 Lightweight Directory Access Protocol (LDAPv2) RFC 2251
RFC 4511
Legacy Legacy
RFC 1778 The String Representation of Standard Attribute Syntaxes RFC 2252
RFC 4517
Legacy Legacy
RFC 1779 A String Representation of Distinguished Names RFC 2253
RFC 4514
Legacy Legacy
RFC 2079 Definition of an X.500 Attribute Type and an Object Class to Hold Uniform Resource Identifiers (URIs) N/A Yes Yes
RFC 2222 Simple Authentication and Security Layer (SASL) RFC 4422 Yes Yes
RFC 2246 The TLS Protocol Version 1.0 RFC 3546
RFC 4346
Yes Yes
RFC 2247 Using Domains in LDAP/X.500 Distinguished Names N/A Yes Yes
RFC 2251 Lightweight Directory Access Protocol (v3) RFC 4511 Yes Yes
RFC 2252 Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions RFC 4517 Yes Yes
RFC 2253 Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names RFC 4514 Yes Yes
RFC 2254 The String Representation of LDAP Search Filters RFC 4515 Yes Yes
RFC 2255 The LDAP URL Format RFC 4516 Yes Yes
RFC 2256 A Summary of the X.500(96) User Schema for use with LDAPv3 RFC 4519 Yes Yes
RFC 2307 An Approach for Using LDAP as a Network Information Service draft-howard-rfc2307bis Yes Yes
RFC 2377 Naming Plan for Internet Directory-Enabled Applications N/A Partial Partial
RFC 2589 Lightweight Directory Access Protocol (v3): Extensions for Dynamic Directory Services N/A No No
RFC 2605 Directory Server Monitoring MIB N/A Partial No
RFC 2649 An LDAP Control and Schema for Holding Operation Signatures N/A Yes No
RFC 2696 LDAP Control Extension for Simple Paged Results Manipulation draft-ietf-ldapext-ldapv3-vlv Yes Yes
RFC 2713 Schema for Representing Java(tm) Objects in an LDAP Directory N/A Yes Yes
RFC 2714 Schema for Representing CORBA Object References in an LDAP Directory N/A Yes Yes
RFC 2739 Calendar Attributes for vCard and LDAP N/A Yes Yes
RFC 2788 Network Services Monitoring MIB N/A Yes No
RFC 2798 Definition of the inetOrgPerson LDAP Object Class RFC 4524 Yes Yes
RFC 2820 Access Control Requirements for LDAP N/A N/A Needs Consideration
RFC 2829 Authentication Methods for LDAP RFC 4513 Yes Yes
RFC 2830 Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security RFC 4513 Yes Yes
RFC 2831 Using Digest Authentication as a SASL Mechanism draft-ietf-sasl-rfc2831bis Yes Partial
RFC 2849 The LDAP Data Interchange Format (LDIF) - Technical Specification N/A Yes Yes
RFC 2891 LDAP Control Extension for Server Side Sorting of Search Results N/A Yes No
RFC 2926 Conversion of LDAP Schemas to and from SLP Templates N/A Partial Partial
RFC 3045 Storing Vendor Information in the LDAP root DSE N/A Yes Yes
RFC 3062 LDAP Password Modify Extended Operation N/A Yes Yes
RFC 3112 LDAP Authentication Password Schema N/A Yes Yes
RFC 3296 Named Subordinate References in Lightweight Directory Access Protocol (LDAP) Directories N/A Yes Partial
RFC 3377 Lightweight Directory Access Protocol (v3): Technical Specification RFC 4510 Yes Yes
RFC 3383 Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP) RFC 4520
ldap-parameters
Partial Yes
RFC 3384 Lightweight Directory Access Protocol (version 3) Replication Requirements N/A N/A Needs Consideration
RFC 3454 Preparation of Internationalized Strings ("stringprep") RFC 4518 Partial Partial
RFC 3494 Lightweight Directory Access Protocol version 2 (LDAPv2) to Historic Status N/A N/A N/A
RFC 3546 Transport Layer Security (TLS) Extensions RFC 2246 Yes Yes
RFC 3641 Generic String Encoding Rules (GSER) for ASN.1 Types draft-legg-ldap-gser-ei No No
RFC 3642 Common Elements of Generic String Encoding Rules (GSER) Encodings draft-legg-ldap-gser-ei No No
RFC 3663 Domain Administrative Data in Lightweight Directory Access Protocol (LDAP) N/A N/A N/A
RFC 3671 Collective Attributes in the Lightweight Directory Access Protocol (LDAP) N/A Yes No
RFC 3672 Subentries in the Lightweight Directory Access Protocol (LDAP) N/A Yes No
RFC 3673 Lightweight Directory Access Protocol version 3 (LDAPv3): All Operational Attributes N/A Yes Yes
RFC 3674 Feature Discovery in Lightweight Directory Access Protocol (LDAP) N/A Yes Yes
RFC 3687 Lightweight Directory Access Protocol (LDAP) and X.500 Component Matching Rules RFC 3727 No No
RFC 3698 Lightweight Directory Access Protocol (LDAP): Additional Matching Rules RFC 4517 Partial Partial
RFC 3703 Policy Core Lightweight Directory Access Protocol (LDAP) Schema RFC 4104 No No
RFC 3712 Lightweight Directory Access Protocol (LDAP): Schema for Printer Services N/A No No
RFC 3727 ASN.1 Module Definition for the LDAP and X.500 Component Matching Rules RFC 3687 No No
RFC 3771 Lightweight Directory Access Protocol (LDAP) Intermediate Response Message N/A Yes Yes
RFC 3829 Lightweight Directory Access Protocol (LDAP) Authorization Identity Request and Response Controls RFC 4532 Yes Yes
RFC 3866 Language Tags and Ranges in the Lightweight Directory Access Protocol (LDAP) N/A Partial No
RFC 3876 Returning Matched Values with the Lightweight Directory Access Protocol version 3 (LDAPv3) N/A Yes Yes
RFC 3909 Lightweight Directory Access Protocol (LDAP) Cancel Operation N/A Yes Yes
RFC 3928 Lightweight Directory Access Protocol (LDAP) Client Update Protocol (LCUP) N/A No No
RFC 4104 Policy Core Extension Lightweight Directory Access Protocol Schema (PCELS) RFC 3703 No No
RFC 4237 Voice Messaging Directory Service N/A No No
RFC 4346 The Transport Layer Security (TLS) Protocol Version 1.1 RFC 2246 Yes Yes
RFC 4370 Lightweight Directory Access Protocol (LDAP) Proxied Authorization Control draft-weltman-ldapv3-proxy Yes Yes
RFC 4373 Lightweight Directory Access Protocol (LDAP) Bulk Update/Replication Protocol (LBURP) N/A No No
RFC 4403 Lightweight Directory Access Protocol (LDAP) Schema for Universal Description, Discovery, and Integration version 3 (UDDIv3) N/A Yes Yes
RFC 4422 Simple Authentication and Security Layer (SASL) RFC 2222 Yes Yes
RFC 4505 Anonymous Simple Authentication and Security Layer (SASL) Mechanism N/A Yes Yes
RFC 4510 Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map RFC 3377 Yes Yes
RFC 4511 Lightweight Directory Access Protocol (LDAP): The Protocol RFC 2251 Yes Yes
RFC 4512 Lightweight Directory Access Protocol (LDAP): Directory Information Models N/A Yes Yes
RFC 4513 Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms RFC 2829
RFC 2830
Yes Yes
RFC 4514 Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names RFC 2253 Yes Yes
RFC 4515 Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters RFC 2254 Yes Yes
RFC 4516 Lightweight Directory Access Protocol (LDAP): Uniform Resource Locator RFC 2255 Yes Yes
RFC 4517 Lightweight Directory Access Protocol (LDAP): Syntaxes and Matching Rules RFC 2252
RFC 3698
Yes Yes
RFC 4518 Lightweight Directory Access Protocol (LDAP): Internationalized String Preparation RFC 3454 Partial Partial
RFC 4519 Lightweight Directory Access Protocol (LDAP): Schema for User Applications RFC 2256 Yes Yes
RFC 4520 Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP) RFC 3383 Partial Partial
RFC 4521 Considerations for Lightweight Directory Access Protocol (LDAP) Extensions N/A N/A N/A
RFC 4522 Lightweight Directory Access Protocol (LDAP): The Binary Encoding Option N/A Yes No
RFC 4523 Lightweight Directory Access Protocol (LDAP) Schema Definitions for X.509 Certificates N/A No No
RFC 4524 COSINE LDAP/X.500 Schema RFC 1274 Yes Yes
RFC 4525 Lightweight Directory Access Protocol (LDAP) Modify-Increment Extension N/A Yes Yes
RFC 4526 Lightweight Directory Access Protocol (LDAP) Absolute True and False Filters N/A Yes Yes
RFC 4527 Lightweight Directory Access Protocol (LDAP) Read Entry Controls N/A Yes Yes
RFC 4528 Lightweight Directory Access Protocol (LDAP) Assertion Control N/A Yes Yes
RFC 4529 Requesting Attributes by Object Class in the Lightweight Directory Access Protocol (LDAP) N/A Yes Yes
RFC 4530 Lightweight Directory Access Protocol (LDAP) entryUUID Operational Attribute N/A Yes Yes
RFC 4531 Lightweight Directory Access Protocol (LDAP) Turn Operation N/A No No
RFC 4532 Lightweight Directory Access Protocol (LDAP) "Who am I?" Operation RFC 3829 Yes Yes
RFC 4533 Lightweight Directory Access Protocol (LDAP) Content Synchronization Operation N/A No No
RFC 4616 The PLAIN Simple Authentication and Security Layer (SASL) Mechanism N/A Yes Yes
RFC 4634 US Secure Hash Algorithms (SHA and HMAC-SHA) FIPS 180-1 (PDF)
FIPS 180-2 (PDF)
Partial Partial
RFC 4752 The Kerberos V5 ("GSSAPI") SASL Mechanism N/A Yes Partial
RFC 4876 A Configuration Profile Schema for LDAP-Based Agents N/A Yes No
RFC 5020 The LDAP entryDN Operational Attribute N/A Yes Yes

Explanation of "Legacy" notations:
  • The Directory Server is designed as an LDAPv3 server, and LDAPv2 has been transitioned to "historic" status. Some support for LDAPv2-specific elements does exist (e.g., use of semicolons instead of commas in DNs, or escaping with quotation marks rather than backslashes), and the server will avoid sending LDAPv2 clients LDAPv3-specific elements like controls or referrals. However, strict compliance with the LDAPv2 specification may not be enforced in all areas.

Explanation of "Partial" notations:
  • RFC 2377 -- Only the uidObject class is defined in the Directory Server schema. The name forms are not defined in the schema, as that would interfere with legitimate uses of attributes other than "dc" in the RDNs of he associated objects.
  • RFC 2831 -- At the present time, only the "auth" quality of protection may be used. Neither the "auth-int" or "auth-conf" modes are currently supported.
  • RFC 2926 -- None of the SLP-specific attribute syntaxes referenced in this document have been implemented. References to those syntaxes have been replaced with references to the IA5 String syntax.
  • RFC 3296 -- The Directory Server schema does contain the ref attribute type and the referral objectclass, but referral support is not yet implemented in the Directory Server, nor is support for the ManageDsaIT control.
  • RFC 3383 -- Not all of the specifications referenced in this document have been implemented.
  • RFC 3454 -- Not all of the specifications referenced in this document have been implemented.
  • RFC 3698 -- Not all of the matching rules referenced in this document have been implemented. Only those specified in RFC 4517 are currently supported.
  • RFC 4518 -- The string parsing mechanism is not in strict compliance with this document.
  • RFC 4520 -- Not all of the specifications referenced in this document have been implemented.
  • RFC 4634 -- At least the SHA-1, SHA-256, SHA-384, and SHA-512 digests should be implemented as password storage schemes. The SHA-224 scheme may not be available, as it is currently not provided by JCE.


Internet Drafts

Document Description See Also Planned for OpenDS? Implemented in OpenDS?
draft-armijo-ldap-treedelete Tree Delete Control N/A Yes Yes
draft-behera-ldap-password-policy Password Policy for LDAP Directories N/A Partial Partial
draft-byrne-ldap-alias Use of Aliases within LDAP N/A No No
draft-chu-ldap-ldapi Using LDAP over IPC Mechanisms N/A No No
draft-chu-ldap-logschema A Schema for Logging the LDAP Protocol N/A No No
draft-chu-ldap-xordered Ordered Entries and Values in LDAP N/A No No
draft-cridland-sasl-hexa The Hash Exchange Authentication SASL Mechanism N/A No No
draft-findlay-ldap-groupofentries The LDAP groupOfEntries object class N/A Yes Yes
draft-furuseth-ldap-untypedobject Structural object class 'untypedObject' for LDAP/X.500 draft-howard-namedobject Partial Partial
draft-good-ldap-changelog Definition of an Object Class to Hold LDAP Change Records N/A Yes Partial
draft-haripriya-dynamicgroup LDAP: Dynamic Groups for LDAPv3 N/A Partial No
draft-howard-namedobject A Structural Object Class for Arbitrary Auxiliary Object Classes draft-furuseth-ldap-untypedobject Yes Yes
draft-howard-rfc2307bis An Approach for Using LDAP as a Network Information Service N/A Yes Yes
draft-ietf-boreham-numsubordinates numSubordinates LDAP Operational Attribute N/A No No
draft-ietf-dhc-ldap-schema LDAP Schema for DHCP N/A No No
draft-ietf-ldapext-acl-model Access Control Model for LDAPv3 N/A No No
draft-ietf-ldapext-ldap-java-api The Java LDAP Application Program Interface N/A N/A N/A
draft-ietf-ldapext-ldap-java-api-asynch-ext The Java LDAP Application Program Interface Asynchronous Extension N/A N/A N/A
draft-ietf-ldapext-ldapv3-dupent LDAP Control for a Duplicate Entry Representation of Search Results N/A Yes No
draft-ietf-ldapext-ldapv3-vlv LDAP Extensions for Scrolling View Browsing of Search Results RFC 2696 Yes No
draft-ietf-ldapext-psearch Persistent Search: A Simple LDAP Change Notification Mechanism N/A Yes Yes
draft-ietf-ldup-subentry LDAP Subentry Schema N/A Yes Yes
draft-ietf-sasl-crammd5 The CRAM-MD5 SASL Mechanism N/A Yes Yes
draft-ietf-sasl-rfc2831bis Using Digest Authentication as a SASL Mechanism RFC 2831 Yes Partial
draft-legg-ldap-acm-admin LDAP: Access Control Administration N/A No No
draft-legg-ldap-acm-bac LDAP: Basic and Simplified Access Control N/A No No
draft-legg-ldap-admin LDAP: Directory Administrative Model N/A No No
draft-legg-ldap-gser-ei Encoding Instructions for the Generic String Encoding Rules (GSER) RFC 3641 No No
draft-legg-ldap-transfer Lightweight Directory Access Protocol (LDAP): Transfer Encoding Options N/A No No
draft-melnikov-digest-to-historic Moving DIGEST-MD5 to Historic N/A No No
draft-melnikov-ldap-distr-auth Distributed SASL authentication in LDAP N/A No No
draft-newman-auth-scram Salted Challenge Response Authentication Mechanism (SCRAM) N/A No No
draft-poitou-ldap-schema-update LDAP Schema Update Procedures N/A Yes No
draft-rajasekaran-kerberos-schema Kerberos version 5 schema for LDAP Directories N/A No No
draft-schleiff-ldap-xri LDAP Schema for eXtensible Resource Identifier (XRI) N/A No No
draft-sermersheim-ldap-chaining LDAP Control to Specify Chaining Behavior N/A No No
draft-sermersheim-ldap-csn The LDAP Change Sequence Number N/A No No
draft-sermersheim-ldap-distproc Distributed Procedures for LDAP Operations N/A No No
draft-sermersheim-ldap-subordinate-scope Subordinate Subtree Search Scope for LDAP N/A Yes Yes
draft-vchu-ldap-pwd-policy Password Policy for LDAP Directories draft-behera-ldap-password-policy Partial Partial
draft-wahl-ldap-adminaddr LDAP Administrator Address Attribute N/A Yes Yes
draft-wahl-ldap-p3p P3P Policy Attributes for LDAP N/A Yes No
draft-wahl-ldap-session LDAP Session Tracking Control N/A Yes No
draft-wahl-ldap-subtree-source LDAP Subtree Data Source URI Attribute N/A Yes No
draft-wahl-schema-eupp-attribute Enrolled User Policy Profiles Attribute N/A Yes No
draft-wahl-schema-rdf-attribute Identity Associated RDF Attribute N/A Yes No
draft-weltman-ldapv3-proxy LDAP Proxied Authorization Control RFC 4370 Yes Yes
draft-zeilenga-auth-lvl Authentication Mechanisms Levels N/A No No
draft-zeilenga-ldap-dontusecopy The LDAP Don't Use Copy Control N/A No No
draft-zeilenga-ldap-grouping LDAP: Grouping of Related Operations N/A No No
draft-zeilenga-ldap-managedit The LDAP Manage Directory Information Tree Control N/A No No
draft-zeilenga-ldap-noop The LDAP No-Op Control N/A Yes Partial
draft-zeilenga-ldap-proxy-grp LDAPv3 Proxy Group N/A No No
draft-zeilenga-ldap-relax The LDAP Relax Rules Control N/A No No
draft-zeilenga-ldap-txn LDAP Transactions N/A No No
draft-zeilenga-sasl-yap SASL Yet Another Password Mechanism N/A No No

Explanation of "Partial" notations:
  • draft-behera-ldap-password-policy -- This draft will not be supported in its entirety. In particular, the operational attributes will be supported, but the configuration schema will not. The OpenDS password policy implementation includes features not in this draft, and the implementation of other features differs from that specified in the draft.
  • draft-furuseth-ldap-untypedobject -- No official OID has yet been assigned for the untypedObject class. A temporary OID from the OpenDS experimental range has been allocated for use until the official OID is assigned by IANA.
  • draft-good-ldap-changelog -- The schema elements defined in this document are available in the Directory Server, but the server does not currently publish a changelog in this form.
  • draft-ietf-sasl-gssapi -- At the present time, only the "auth" quality of protection mode may be used. Neither the "auth-int" or "auth-conf" modes are currently supported.
  • draft-ietf-sasl-rfc2831bis -- At the present time, only the "auth" quality of protection mode may be used. Neither the "auth-int" or "auth-conf" modes are currently supported.
  • draft-zeilenga-ldap-noop -- Recent versions of this draft do not have an OID assigned for this control. However, earlier forms of the draft did provide an OID from the OpenLDAP private enterprise range. Until IANA assigns an official OID for this control, the server will use the OID originally assigned by the OpenLDAP Foundation.


Other Documents and Specifications

Document Description See Also Planned for OpenDS? Implemented in OpenDS?
DSMLv2.doc OASIS DSMLv2 Documentation N/A Yes Yes
DSMLv2.xsd OASIS DSMLv2 Standard N/A Yes Yes
FIPS 180-1 Secure Hash Standard (SHA-1) RFC 3174 Yes Yes
FIPS 180-2 Secure Hash Standard (SHA-2) RFC 4634 Yes Yes
ldap-parameters Lightweight Directory Access Protocol (LDAP) Parameters per [RFC-ietf-ldapbis-bcp64] RFC 3383
RFC 4520
Source Document
Partial Partial

Explanation of "Partial" notations:
  • ldap-parameters -- Not all of the specifications referenced in this document have been implemented.
 
 
Close
loading
Please Confirm
Close