Object Classes and Attributes

his appendix describes the schema elements most commonly used in the directory server. Most of the schema elements used in the directory server are part of the standard LDAP protocol, which is in turn based on the X.500 standard. However, some of the directory server's object classes and attributes are extensions created by Netscape for use with its implementation of LDAP. If an object class or attribute was created by Netscape and is not part of the standard LDAP schema, a note is made in the description of that object or attribute.

This chapter includes:

Schema definition

The directory server schema defines the type of information that can be stored on a directory server entry. This definition is provided by the following types of schema elements:

A consistent schema

It is important that you use a consistent schema within your directory server because LDAP clients locate entries in your directory by searching for object classes or attributes and their associated values. If you use an inconsistent schema, then it becomes virtually impossible to locate information in your directory tree.

Further, LDAP clients are designed to work with a specific, well-defined schema. For the most part, the schema that these LDAP clients are designed to work with is the standard LDAP schema which, itself, is based on the X.500 standard. For this reason, most LDAP-based directory services begin with the standard LDAP schema, but then they add to it as they discover site-specific needs that are not met by the standard schema.

The Netscape LDAP schema takes this approach as well. Most of the schema elements in this appendix are based on the LDAP standard. However, Netscape has extended the schema to allow for directory activities that are not otherwise supported by the standard LDAP implementation. All of these extensions are noted in the following schema description. In addition, Netscape ships LDAP clients that expect the schema as defined in this appendix.

You can enforce your directory server's schema by turning schema checking on. When schema checking is turned on, you cannot add an object class or attribute to your directory server that is not a recognized part of the schema. For more information on schema checking, see the Netscape Directory Server Administrator's Guide.

Note that schema checking is not supported for the Netscape local directory.

Customizing the schema

You do not have to use the schema that is described here. In fact, it is assumed that you will extend this schema to support your own site's requirements. This is perhaps one of the most common activities surrounding a new directory server installation.

For a discussion on how to extend your schema, see the web page at the following URL:

Building custom clients

As you extend your schema, it is important to remember that will have to start building customized LDAP clients to manage and use your directory. This is because the standard LDAP clients will not know the names of your new schema elements or what type of information they expect to be stored on these new elements. This is a problem that only gets worse as the clients become more sophisticated and begin to offer a graphical look at your directory contents, or to perform sophisticated directory management capabilities.

To aid you in developing customized LDAP clients, Netscape ships several command line LDAP clients with the directory server. You can use the command line tools to build rudimentary tools such as shell scripts to help you perform batch operations on your directory tree. You can also use these same command line tools with cgi scripts that allow you to perform directory management activities using a web server and your web browser.

In addition, Netscape provides the LDAP client SDK to allow you to quickly build LDAP clients using the C or Java programming languages.

For more information, on the command line client tools, see the Netscape Directory Server Administrator's Guide. For more information on the LDAP client SDK, go to:

          http://developer.netscape.com/library/documentation/index.html

A note about attribute values

Perhaps one of the more confusing aspects about an LDAP schema is that you can place any data that you want on any attribute value. LDAP and the directory server place no restrictions on the data format, length, or type that you associate with individual attributes (other than some minimal syntax definitions that are used strictly for searching and pattern matching purposes). For example, when you represent a telephone number in your directory tree, you can legally represent it in any of the following ways:

          (408) 555-5555

          408-555-5555

          1-408-555-5555

          1.408.555.5555

          555-5555

This free form data model provides you with maximum flexibility when you design your data policy. However, the caveat to this data model is that while the directory server and the LDAP protocol do not care about your data format, your LDAP clients do care about the representation of the data in your directory tree. This is especially true of graphical user interface clients that must display directory data in rigid-length fields. The format of your directory data is also important to the user who is searching your directory tree for a particular value. For example, if the user is searching for a telephone number in the form:

          (408) 555-5555

but you have stored telephone numbers in the format:

          1.408.555.5555

then the user may have difficulty in locating the actual entry for which she is searching. For these two reasons, it is important that you be as consistent as possible when storing data in your directory tree. Pick a format and stick with it. When managing the data in your directory tree, keep in mind not so much what the directory server requires, but rather what your LDAP clients and the users of your directory expects to find there. Doing so will vastly improve the usability of your directory data.

Object classes

Object classes define the type of data an entry can contain. Each object class has a defined set of required and optional attributes. An object class may be a subclass of another object class, in which case the required attributes of the latter class are also required attributes of the former class.

Object classes are defined in the directory server NSHOME/slapd-server/config/slapd.oc.conf file, where NSHOME is the directory where you installed your server.

Attributes

Attributes hold information about a specific descriptive aspect of the entry. Each attribute consists of an attribute type and an attribute value. The attribute type identifies the class of information given by that attribute (for example, telephone number). The attribute value is the particular instance of information appearing in that entry (for example, 555-1999).

Originally, attributes were defined using long names, such as commonName. Over several year, the standards have changed to allow the use of abbreviations. For example:

          cn

          is the abbreviation for:

          commonName

If an attribute has an abbreviation, the abbreviation is given in the description of the attribute and may be used interchangeably with the full name in the list of attributes for an object class.

Required versus optional attributes

Object classes usually contain at least one required attribute, and they always contain one or more optional attributes. When an attribute is required, then attempts to add an entry to the directory without the required attribute results in an object class violation; that is, the attempt to add the entry fails.

Optional attributes are attributes that you are allowed, but not required, to add to the directory entry. If you attempt to add an attribute to an entry that is neither required or allowed according to the entry's object class definition, then the directory server will return an object class violation.

Note that the concept of a required or allowed attribute is meaningful only if schema checking is turned on. If schema checking is turned off, then you can add (or fail to add) any attribute to your directory; the directory server will make no attempt to ensure that the data you are adding to your directory conforms to the schema.

It is strongly recommended that you run your directory server with schema checking turned on.

Object Class Definitions

The following sections describe the most common object classes that are used in the directory server. Most object classes are defined by the X.500 standard. In addition, Netscape provides some additional object classes for use with its LDAP implementation. Netscape also extends many of its object classes with new attribute definitions. The following types of object classes are described here:

Groups

The following two object classes describe entries representing an unordered set of names that represent individual objects or other groups of objects. Membership of a group is static: only administrative action can modify a group (such as adding a member), the membership is not determined dynamically each time a reference is made to the group. Each object class contains attributes that describe the group and its members. The two object classes described here are groupOfNames and groupOfUniqueNames.

groupOfNames

Defines entries for a group of names.

Attributes

Attribute Description

cn

(Required) Defines the group's common name.

member

(Required) Defines a group member in distinguished name format.

businessCategory

Defines the type of business in which the group is engaged.

description

Provides a text description of the group's purpose.

o

Defines the organization in which the group resides.

ou

Defines the organizational unit in which the group resides.

owner

Defines the group's owner.

seeAlso

URL to information relevant to the group.

groupOfUniqueNames

Defines entries for a group of unique names.

Attributes

Attribute Description

cn

(Required) Defines the group's common name.

uniqueMember

(Required) Defines a unique group member in distinguished name format.

businessCategory

Defines the type of business in which the group is engaged.

description

Provides a text description of the group's purpose.

o

Defines the organization in which the group resides.

ou

Defines the organizational unit in which the group resides.

owner

Defines the group's owner.

seeAlso

URL to information relevant to the group.

Replication

The following two object classes define directory servers. The first object class identifies the master or supplier server. The second object class identifies consumer servers and the entries to be supplied to those consumers. The two object classes are LDAPServer and LDAPReplica.

LDAPServer

Identifies the local server. This object class is an extension to the standard LDAP schema.

Attributes

Attribute Description

cn

(Required) Defines the entry's common name.

changeLogMaximumAge

Identifies the maximum age that any change log entry is allowed to be.

changeLogMaximumSize

Identifies the maximum size of the server's change long.

description

Provides a text description of the server.

generation

Unique byte vector that identifies the server for replication purposes.

l

Identifies the locality in which the server resides.

ou

Defines the organizational unit in which the server resides.

seeAlso

URL to information relevant to the server.

subtreeACI

Defines access control information for the server's entry.

LDAPReplica

Identifies entries in the local server that are replicated to a remote server, and identifies the remote server to which the entries are replicated. This object class is an extension to the standard LDAP schema.

Attributes

Attribute Description

cn

(Required) Defines the entry's common name.

description

Provides a text description of the server.

l

Identifies the locality in which the server resides.

ou

Defines the organizational unit in which the server resides.

replicaBinddn

Identifies the DN used by the local server to bind to the consumer server.

replicaBindMethod

Identifies the method used by the local server to bind to the consumer. Currently this attribute must be set to simple.

replicaCredentials

Password used by the local server to bind to the consumer.

replicaHost

Hostname of the consumer server.

replicaPort

Port used by the consumer server for LDAP communications.

replicaRoot

Distinguished name representing the subtree on the local server that is to be supplied to the consumer server.

replicaUpdateFailedAt

Time stamp when an update to the consumer server failed.

replicaUpdateReplayed

Change number of the last change supplied to the consumer server.

replicaUpdateSchedule

Identifies the schedule when the local server begins an update to the consumer server.

replicaUseSSL

Indicates whether SSL is to be used for communications with the consumer server.

seeAlso

URL to information relevant to the server.

subtreeACI

Defines access control information for the server's entry.

Locations

The following two object classes describe locations in the directory tree. Each object class contains attributes that describe a location, such as the country name and description. The two object classes described here are country and locality.

country

Defines entries that represent countries.

Attributes

Attribute Description

c

(Required) Defines the entry's country name.

description

Provides a text description of the country.

locality

Defines entries that represent localities or geographic areas.

Attributes

Attribute Description

description

Provides a text description of the locality.

l

Identifies the entry's locality.

seeAlso

URL to information relevant to the locality.

st

Identifies the state or province in which the locality resides.

streetAddress

Identifies a street address associated with the locality.

Organizations

The following two object classes describe entries representing organizations in the directory tree. Each object class contains attributes that describe an organization, such as its name and description. The two object classes described here are organization and organizationalUnit.

organization

Defines entries that represent organizations. An organization is generally assumed to be a large, relatively static grouping within the larger corporation or enterprise.

Attributes

Attribute Description

o

(Required) Identifies the organization's name.

businessCategory

Identifies the business in which the organization is involved.

description

Provides a text description of the organization.

facsimileTelephoneNumber

Identifies the fax number associated with the organization.

l

Identifies the organization's location.

physicalDeliveryOfficeName

Identifies a location where physical deliveries can be made.

postalAddress

Identifies the organization's mailing address.

postalCode

Identifies the organization's postal code (such as a United States zip code).

postOfficeBox

Identifies the organization's post office box.

preferredDeliveryMethod

Identifies the organization's preferred method of contact or delivery.

seeAlso

URL to information relevant to the organization.

st

Identifies the state or province in which the organization resides.

streetAddress

Identifies a street address at which the organization is located.

telephoneNumber

Identifies the telephone number associated with the organization.

userPassword

Identifies the password with which the entry can bind to the directory.

organizationalUnit

Defines entries that represent organizational units. An organizational unit is generally assumed to be a relatively static grouping within the larger organization

.

Attributes

Attribute Description

ou

(Required) Identifies the organizational unit's name.

businessCategory

Identifies the business in which the organizational unit is involved.

description

Provides a text description of the organizational unit.

facsimileTelephoneNumber

Identifies the fax number associated with the organizational unit.

l

Identifies the organizational unit's location.

physicalDeliveryOfficeName

Identifies a location where physical deliveries can be made.

postalAddress

Identifies the organizational unit's mailing address.

postalCode

Identifies the organizational unit's postal code (such as a United States zip code).

postOfficeBox

Identifies the organizational unit's post office box.

preferredDeliveryMethod

Identifies the organizational unit's preferred method of contact or delivery.

seeAlso

URL to information relevant to the organizational unit.

st

Identifies the state or province in which the organizational unit resides.

streetAddress

Identifies a street address at which the organizational unit is located.

telephoneNumber

Identifies the telephone number associated with the organizational unit.

userPassword

Identifies the password with which the entry can bind to the directory.

People

The following four object classes describe entries representing people in the directory. Each object class contains attributes that describe a person, such as name, telephone number, and address. The four object classes described here are person, organizationalPerson, inetOrgPerson, and NTUser.

person

Defines entries that represent people generically. This object class is the base class for the organizationalPerson object class.

Attributes

Attribute Description

cn

(Required) Defines the person's common name.

sn

(Required) Defines the person's surname, or last name.

description

Provides a text description of the person.

seeAlso

URL to information relevant to the person.

telephoneNumber

Identifies the person's telephone number.

userPassword

Identifies the password with which the person can bind to the directory.

organizationalPerson

Defines entries for people employed by or in some other important way associated with an organization. The organizationalPerson object class is an extension of the person object class.

Attributes

Attribute Description

cn

(Required) Defines the person's common name.

sn

(Required) Defines the person's surname, or last name.

description

Provides a text description of the person.

facsimileTelephoneNumber

Identifies the person's fax number.

l

Identifies the location in which the person resides.

ou

Identifies the organizational unit to which the person belongs.

physicalDeliveryOfficeName

Identifies a location where physical deliveries can be made.

postalAddress

Identifies the person's mailing address.

postalCode

Identifies the person's postal code (such as a United States zip code).

postOfficeBox

Identifies the person's post office box.

preferredDeliveryMethod

Identifies the person's preferred method of contact or delivery.

seeAlso

URL to information relevant to the person.

st

Identifies the state or province in which the person resides.

streetAddress

Identifies a street address at which the person is located.

telephoneNumber

Identifies the person's telephone number.

title

Identifies the person's title.

userPassword

Identifies the password with which the person can bind to the directory.

inetOrgPerson

Defines entries representing people organization's intranet. This object class is a Netscape extension to the standard LDAP schema.

Attributes

Attribute Description

cn

(Required) Defines the person's common name.

sn

(Required) Defines the person's surname, or last name.

businessCategory

Identifies the business in which the person is involved.

carLicense

Identifies the person's car license plate number.

departmentNumber

Identifies the department for which the person works.

description

Provides a text description of the person.

employeeNumber

Identifies the person's employee number.

employeeType

Identifies the person's type of employment (for example, full time).

facsimileTelephoneNumber

Identifies the person's fax number.

givenName

Identifies the person's given, or first, name.

homePhone

Identifies the person's home phone number.

homePostalAddress

Identifies the person's home mailing address.

initials

Identifies the person's initials.

jpegPhoto

Contains an image in jpeg format.

l

Identifies the location in which the person resides.

labeledURI

Specifies a universal resource locator that is relevant to the person.

mail

Identifies the person's electronic mailing address.

manager

Distinguished name representing the person's manager.

mobile

Identifies the person's mobile phone number.

ou

Identifies the organizational unit to which the person belongs.

pager

Identifies the person's pager number.

physicalDeliveryOfficeName

Identifies a location where physical deliveries can be made.

postalAddress

Identifies the person's business mailing address.

postalCode

Identifies the person's business postal code (such as a United States zip code).

postOfficeBox

Identifies the person's business post office box.

preferredDeliveryMethod

Identifies the person's preferred method of contact or delivery.

roomNumber

Identifies the room number in which the person is located.

secretary

Identifies the person's secretary or administrator.

seeAlso

URL to information relevant to the person.

st

Identifies the state or province in which the person resides.

streetAddress

Identifies a street address at which the person is located.

subtreeACI

Identifies access control information for the person's entry.

telephoneNumber

Identifies the person's telephone number.

title

Identifies the person's title.

uid

Identifies the person's user ID.

userPassword

Identifies the password with which the person can bind to the directory.

NTUser

Defines entries that are to be synchronized between directory server and a Windows NT network. The attributes defined by NTUser assist in NT Synchronization. This is a Netscape extended object class for use with the Netscape LDAP implementation.

Note

All NTUser attributes are read-only, except for NTUserCreateNewAccount, NTUserDomainId, and NTUserDeleteAccount. Any modifications you make to read-only NTUser attributes will be deleted and the original values will be replaced when the next NT Synchronization occurs.

Several directory server attributes correspond directly to NT user account fields. When you create a new person entry in directory server that is to be synchronized with NT, directory server attributes will be assigned to NT user account fields as follows:

directory server attribute

NT user account field

cn or commonName

full_name

description

comment

userid

name

userid

password

Attributes

Attribute Description

NTUserDomainId

(Required) Identifies the corresponding NT user and domain name.

NTUserAcctExpires

Identifies when the user's NT account will expire.

NTUserAuthFlags

Identifies the user's privileges on the NT network.

NTUserBadPwCount

Identifies the number of times that a failed login attempt occurred in NT using the user's NT login ID.

NTUserCodePage

Identifies the user's code page.

NTUserComment

Provides a description for the user's NT account.

NTUserCountryCode

Identifies the user's country code.

NTUserCreateNewAccount

Identifies whether an NT account should be created when this entry is created in the directory server.

NTUserDeleteAccount

Identifies whether the user's NT account should be deleted when this entry is deleted from the directory server.

NTUserFlags

Identifies various NT account flags.

NTUserHomeDir

NT directory path to the user's home directory.

NTUserHomeDirDrive

Drive letter assigned to the user's home directory.

NTUserLastLogoff

Time of the user's last logoff from NT.

NTUserLastLogon

Time of the user's last logon to NT.

NTUserLogonHours

Identifies the times when the user is allowed to logon to NT.

NTUserLogonServer

Server to which the user's NT logon requests are sent.

NTUserMaxStorage

Maximum disk space available to the user under NT.

NTUserNumLogons

Identifies the number of successful logins to the user's NT account.,

NTUserPasswordExpired

Identifies if the user's password has expired under NT.

NTUserPrimaryGroupId

Identifies the user's primary global group.

NTUserProfile

Path to the user's NT profile.

NTUserScriptPath

Path to the user's NT login script.

NTUserUniqueId

Identifies the user's NT RID.

NTUserUnitsPerWeek

Value used to compute the user's NTUserLogonHours.

NTUserUsrComment

Contains comments regarding the user's NT entry.

NTUserParms

Unicode string used by NT applications.

NTUserWorkstations

NT workstations from which the user is allowed to log into the NT domain.

Netscape Suitespot extensions

The following object classes are used by Netscape to integrate Suitespot 3.0 servers with the directory. The object classes described here are nginfo, mailRecipient, mailGroup, groupOfMailEnhancedUniqueNames, netscapeServer, and nsLicenseUser.

nginfo

Object class used by the collabra server to store discussion (news) group information. nginfo is a Netscape extension to the standard LDAP schema.

Object classes of this type are stored in a separate subtree off your directory's root point. The branch point is represented by the ngcomponent=. entry. Thus, if your directory's suffix is o=Ace Industry, c=US, then all discussion group information is stored in the subtree:

ngcomponent=., o=Ace Industry, c=US

This subtree and it's contents are written directly to the directory by the collabra server. The structure of this tree, the format and usage of the nginfo object class, and the format and usage of the nginfo attributes are subject to change without notice.

Attributes

Attribute Description

ngcomponent

(Required) Provides a single part of the discussion group's name.

description

Provides a text description of the discussion group.

nsnewsACL

Access control set for the discussion group.

subtreeACI

Directory permissions set for the discussion group entry.

description

Description of the discussion group.

nsaclrole

Identifies the access permissions set for the various collabra roles.

nsprettyname

Provides the discussion group's name.

nsflags

Reserved for future use.

nscreator

Indicates the user ID of the discussion group's creator.

mailRecipient

Object class used as an enhancement to inetOrgPerson. mailRecipient is a Netscape extension used by the Messaging Server to define a person who is a user of the Netscape Messaging Server. That is, mailRecipient represents a mail account.

Attributes

Attribute Description

cn

(Required) Defines the person's common name.

mail

Identifies the person's electronic mailing address.

mailAccessDomain

Identifies the domain from which the mail user can login to obtain mail.

mailAlternateAddress

Identifies an alternate mail address for the user.

mailAutoReplyMode

Identifies the auto reply mode set for the mail user.

mailAutoReplyText

Contains the text sent when autoreplying to mail sent to the user.

mailDeliveryOption

Identifies the mail delivery mechanism to be used for the mail user.

mailForwardingAddress

Identifies a mail address to which the user's mail is to be forwarded.

mailHost

Identifies the host on which the user's mail account resides.

mailMessageStore

Identifies the path to the user's mail box.

mailProgramDeliveryInfo

Identifies commands used for programmed mail delivery.

mailQuota

Maximum disk size allowed for the user's mail box.

multiLineDescription

Contains descriptive text regarding the mail user.

uid

Identifies the mail user's user ID.

userPassword

Identifies the password with which the mail user can bind to the directory.

mailGroup

Object class used as an enhancement to groupOfUniqueNames. mailGroup is a Netscape extension used by the Messaging Server to define a group of mailRecipient. mailGroup is used to store Messaging Server mailing lists.

Attributes

Attribute Description

mail

(Required) Identifies the person's electronic mailing address.

cn

Defines the person's common name.

mailAlternateAddress

Identifies an alternate mail address for the user.

mailHost

Identifies the host on which the user's mail account resides.

mgrpAllowedBroadcaster

URL identifying a mail user that is allowed to send mail to the mail group.

mgrpAllowedDomain

Domain from which users can send mail to the mail group.

mgrpDeliverTo

Alternative method of identifying members of the mail group.

mgrpErrorsTo

Mailing address to which mail delivery error messages are sent.

mgrpModerator

Mailing address to which rejected mail messages are sent.

mgrpMsgMaxSize

Maximum message size that can be sent to the mail group.

mgrpMsgRejectAction

Specifies the action to the taken in the event that mail sent to the mail group is rejected

mgrpMsgRejectText

Contains the text to be sent in the event that mail sent to the mail group is rejected.

mgrpRFC822MailMember

Identifies a recipient of mail that is sent to the mail group, but who is not in actuality a member of the mail group.

owner

Distinguished name that identifies the mail group's owner.

groupOfMailEnhancedUniqueNames

Netscape extension used by the Messaging Server. Reserved for future use.

Attributes

Attribute Description

cn

(Required) Defines the group's common name.

businessCategory

Identifies the business in which the mail group is involved.

description

Provides a text description of the group.

o

Identifies the organization to which the group belongs.

ou

Identifies the organizational unit to which the group belongs.

seeAlso

URL to information relevant to the person.

netscapeServer

Object class used to identify entries used by Netscape servers to bind to the directory when performing directory access. netscapeServer is a Netscape extension to the standard LDAP schema.

Attributes

Attribute Description

cn

(Required) Defines the server entry's common name.

description

Provides a text description of the server.

serverRoot

Path to the server's installation root.

serverHostname

Hostname on which the Netscape server is installed.

serverProductName

Identifies the Netscape server's product name.

serverVersionNumber

Identifies the Netscape server's version number.

installationTimeStamp

Time when the Netscape server was installed.

administratorContactInfo

URL to information for the person responsible for administering the Netscape server.

adminURL

URL to the administration server under which the Netscape server is running.

nsLicenseUser

Object class used to track licenses for Netscape Servers that are licensed on a per-client basis. This object class is a Netscape extension to the standard LDAP schema. It is intended to be used with the inetOrgPerson object class. The contents of this object class can be managed by the User and Group area of the Netscape Administration Server 3.0.

Attributes

Attribute Description

nsLicensedFor

Identifies the Netscape server that the user is licensed to use.

nsLicenseStartTime

Reserved for future use.

nsLicenseEndTime

Reserved for future use.

Attribute definitions

The following define the most common attributes used to describe an entry in the directory tree. To determine which attributes are required and allowed for each object class, see "Object Class Definitions" .

Each attribute has a corresponding syntax definition that describes the nature of the attribute information. This syntax is important only when the directory server is performing sorting and pattern matching; there is nothing to otherwise prevent you from, for example, placing a telephone number on an attribute that expects a distinguished name. For more information about attributes and attribute values, see "A note about attribute values" .

The possible attribute syntaxes are:

Attributes are defined in the NSHOME\slapd-server\config\slapd.at.conf file.

administratorContactInfo

Provides a URL to information about the person responsible for administering the Netscape server. This attribute is a Netscape extension used by the netscapeServer object class. Normally this attribute and this attribute value is written to the directory when a Netscape server is initially installed. For example:

          administratorContactInfo: ldap://uid=ssarette, 
           o=Ace Industry, c=US

Syntax: cis

adminURL

Provides the URL to the administration server through which you can manage the Netscape server. This attribute is a Netscape extension used by the netscapeServer object class. Normally this attribute and this attribute value is written to the directory when a Netscape server is initially installed. For example:

          adminURL: http://twain.aceindustry.com:2468

Syntax: cis

businessCategory

Identifies the type of business in which the entry is engaged. This should be a broad generalization such as is made at the corporate division level.

For example:

          businessCategory: Engineering 

Syntax: cis

carLicense

Identifies the entry's automobile license plate number. For example:

          carLicense: 6ABC246

Syntax: cis

This attribute is a Netscape extension to the standard LDAP schema.

changeLogMaximumAge

Identifies the maximum age in seconds for entries in the change log. Entries are discarded once they become older than the maximum age specified. For example:

          changeLogMaximumAge: 86000

Syntax: cis

This attribute is a Netscape extension to the standard LDAP schema.

changeLogMaximumSize

Identifies the maximum size in bytes for the change log file. Entries are discarded from this file once it reaches the maximum size. For example:

          changeLogMaximumSize: 2400000

Syntax: cis

This attribute is a Netscape extension to the standard LDAP schema.

commonName

When in reference to an object class other than LDAPReplica or LDAPServer, cn identifies the entry's common name, or full name. For example:

          commonName: Bill Anderson

or:

          cn: Bill Anderson

When in reference to the LDAPReplica or LDAPServer object classes, it identifies the converted DNS name of the server and root of the replicated directory tree into distinguished name format. For example:

          commonName: replicater.netscape.com:17430/o%3Dace%20industry
           %2Cc%3us

or:

          cn: replicater.netscape.com:17430/o%3Dace%20industry%2Cc%3us

Abbreviation: cn

Syntax: cis

countryName

Identifies the name of a country. For example:

          countryName: Ireland

Abbreviation: c

Syntax: cis

departmentNumber

Identifies the entry's department number. For example:

          departmentNumber: 2604

Syntax: cis

This attribute is a Netscape extension to the standard LDAP schema.

description

Describes the entry. For people and organizations this often includes their role or work assignment. For example:

          description: Quality control inspector for the ME2873 product line

Syntax: cis

employeeNumber

Identifies the entry's employee number. For example:

          employeeNumber: 15300

Syntax: cis

This attribute was created by Netscape for use with its LDAP implementation.

employeeType

Identifies the entry's type of employment. For example:

          employeeType: Full time

Syntax: cis

This attribute is a Netscape extension to the standard LDAP schema.

facsimileTelephoneNumber

Identifies the fax number at which the entry can be reached. For example:

          facsimileTelephoneNumber: 415-555-1212

or:

          fax: 415-555-1212

Abbreviation: fax

Syntax: tel

generation

Identifies a byte vector assigned to the server to distinguish it from any other generation or version of the server. The generation attribute is used only for replica synchronization.

Syntax: ces

This attribute is a Netscape extension to the standard LDAP schema.

givenName

Identifies the entry's given, or first, name. For example:

          givenName: Bill

Syntax: cis

homeTelephoneNumber

Identifies the entry's home phone number. For example:

          homeTelephoneNumber: 415-555-1212

or:

          homePhone: 415-555-1234

Abbreviation: homePhone

Syntax: tel

homePostalAddress

Identifies the entry's home mailing address. This field is intended to include multiple lines, but each line within the entry should be separated by a dollar sign ($). For example:

          homePostalAddress: 1234 Ridgeway Drive$Santa Clara, CA$99555

To represent an actual dollar sign ($) or backslash (\) within this text, use the escaped hex values \24 and \5c respectively. For example, to represent the string:

          The dollar ($) value can be found 
          in the c:\cost file.

provide the string:

          The dollar (\24) value can be found$in the c:\5ccost file.

Syntax: cis

initials

Identifies the entry's initials. For example:

          initials: BFA

Syntax: cis

installationTimeStamp

Identifies the date and time in zulu format when the Netscape server was installed. This attribute is a Netscape extension used by the netscapeServer object class. Normally this attribute and this attribute value is written to the directory when a Netscape server is initially installed. For example:

          installationTimeStamp: 199703261517z

Syntax: cis

jpegPhoto

Defines a JPEG photo of the entry.

Syntax: bin

labeledURI

Specifies a Uniform Resource Identifier (URI) that is relevant in some way to the entry. Values placed in the attribute should consist of a URI (currently only URLs are supported) optionally followed by one or more space characters and a label. For example:

          labeledURI: http://home.netscape.com [Netscape corporations's 
           home page]

Syntax: cis

localityName

Identifies the county, city, or other geographical area in which the entry is located or in some other way associated with. For example:

          localityName: Santa Clara

or:

          l: Santa Clara

Abbreviation: l

Syntax: cis

mail

Identifies the entry's email address. For example:

          mail: banderson@aceindustry.com

Syntax: cis

mailAccessDomain

Identifies the domain or IP address from which the user can perform a POP/ IMAP logon. This attribute is a Netscape extension used by the Messaging Server. For example:

          mailAccessDomain: aceindustry.com

Syntax: cis

mailAlternateAddress

Identifies an alternative mail address for a mail user. This attribute is a Netscape extension used by the Messaging Server to match a mail address to a user. A mail account can have as many instances of this attribute as the user has alternate mail addresses. For example:

          mailAlternateAddress: Babs_Jensen@aceindustry.com
          mailAlternateAddress: Bjensen@aceindustry.com

Syntax: cis

mailAutoReplyMode

Identifies the mail auto reply mode for the mail user. This attribute is a Netscape extension used by the Messaging Server. Zero or one (0 - 1) instances of this attribute are expected per mail user account. Valid keywords for this attribute are:

          mailAutoReplyMode: vacation

mailAutoReplyText

          mailAutoReplyText: On vacation$Back in the office on Monday.

          The dollar ($) value can be found 
          in the c:\cost file.

          The dollar (\24) value can be found$in the c:\5ccost file.

mailDeliveryOption

          mailDeliveryOption: mailbox

mailEnhancedUniqueMember

mailForwardingAddress

          mailForwardingAddress: bjensen@royalairways.com

mailHost

          mailHost: mars.aceindustry.com

mailMessageStore

          mailMessageStore: /disk2/mail

mailProgramDeliveryInfo

          mailProgramDeliveryInfo: /usr/local/bin/procmail -f-

mailQuota

          mailQuota: 1000000

manager

          manager: cn=Jane Doe, ou=Quality Control, o=Ace Industry, c=US

member

          member: cn=John Doe, o=Netscape Communications Corp., c=US

mgrpAllowedBroadcaster

          mgrpAllowedBroadcaster: ldap://uid=bjensen, o=Ace Industry, c=US
          mgrpAllowedBroadcaster: mailto:sys50@aceindustry.com

mgrpAllowedDomain

          mgrpAllowedDomain: aceindustry.com

mgrpDeliverTo

          mgrpDeliverTo: ldap:///ou=Accounting,o=Netscape,c=US??sub?(&
           (objectClass=mailRecipient)(objectClass=inetOrgPerson))

mgrpErrorsTo

          mgrpErrorsTo: ldap://uid=bjensen, o=Ace Industry, c=US
          mgrpErrorsTo: mailto:sys50@aceindustry.com

mgrpModerator

          mgrpErrorsTo: ldap://uid=bjensen, o=Ace Industry, c=US
          mgrpErrorsTo: mailto:sys50@aceindustry.com

mgrpMsgMaxSize

          mgrpMsgMaxSize: 2000

mgrpMsgRejectAction

          mgrpMsgRejectAction: bounce

mgrpMsgRejectText

          mgrpMsgRejectText: The mail you have sent to the Crazed Bikers$
           mailing list has been rejected because$you are not a recognized
           member of the Crazed Bikers group.$Please contact Big Daddy Biker
           at rsweeny@aceindustry.com for information on how to become$a
           crazed biker.

mgrpRFC822Mail Member

          rfc822MailAddress [ % 'full' name] [ %1 (group parameter #1)]
           [ %2 (group parameter #2)]...

          mgrpRFC822MailMember: bjensen@aceindustry.com%Babs Jensen

mobileTelephoneNumber          

          mobileTelephoneNumber: 415-555-4321

          mobile: 415-555-4321

multiLineDescription

          multiLineDescription: Account Administrator and$directory manager.

          The dollar ($) value can be found 
          in the c:\cost file.

          The dollar (\24) value can be found$in the c:\5ccost file.

ngcomponent

          dn: ngcomponent=mac, ngcomponent=sys, ngcomponent=comp,
           ngcomponent=., o=Ace Industry, c=US
          objectclass: top
          objectclass: nginfo
          ngcomponent=mac
          ngcomponent=sys
          ngcomponent=comp
          ngcomponent=.

nsLicensedFor

          nsLicensedFor: slapd

nsLicenseStartTime

nsLicenseEndTime

nsaclrole

          nsaclrole: admin:aprv

nscreator

          nscreator: admin

nsflags

nsprettyname

          nsprettyname: MKTG FOR RACHU

nsnewsACL

          nsnewsACL: 2:*:a:D::admin:bpolk::d:*:a:D::manager:admin::d:

NTUserAcctExpires

          NTUserAcctExpires: 19961015203415Z 

NTUserAuthFlags

          NTUserAuthFlags: AAAAAA==

NTUserBadPwCount

          NTUserBadPwCount: AAAAAA==

NTUserCodePage

          NTUserCodePage: AAAAAA==

NTUserComment

          NTUserComment: Quality control inspector for the ME2873 
           product line

NTUserCountryCode

          NTUserCountryCode: AAAAAA==

NTUserCreateNewAccount

          NTUserCreateNewAccount: true

NTUserDeleteAccount

          NTUserDeleteAccount: true

NTUserDomainId

          NTUserDomainId: workgroup:jsmith

NTUserFlags

          NTUserFlags: AQIBAA==

NTUserHomeDir

          NTUserHomeDir: c:\u\d78\jsmith\

NTUserHomeDirDrive

          NTUserHomeDirDrive: c:

NTUserLastLogoff

          NTUserLastLogoff: 19961015203415Z 

NTUserLastLogon

          NTUserLastLogon: 19961015203415Z 

NTUserLogonHours

          NTUserLogonHours: ///1000011100000101111111...

NTUserLogonServer

          NTUserLogonServer: \\firefly

NTUserMaxStorage

          NTUserMaxStorage: ///////W==

NTUserNumLogons

          NTUserNumLogons: WwAAAA==

NTUserParms

          NTUserParms: Temp date is today

NTUserPasswordExpired

          NTUserPasswordExpired: AAAAAA==

NTUserPrimaryGroupId

          NTUserPrimaryGroupId: AQJAAA==

NTUserPriv

          NTUserPriv: AgAAAA==

NTUserProfile          

          NTUserProfile: c:\u\d78\jsmith\profile.txt

NTUserScriptPath

          NTUserScriptPath: c:\u\d78\jsmith\lscript.bat

NTUserUniqueId

          NTUserUniqueId: 6AMAAA==

NTUserUnitsPerWeek

          NTUserUnitsPerWeek: qAAAAA==

NTUserUsrComment

          NTUserComment: Quality control inspector for the ME2873 
           product line

NTUserWorkstations

          NTUserWorkstations: firefly

organizationName

          organizationName: Ace Industries, Inc.

          o: Ace Industries, Inc

organizationalUnitName

          organizationUnitName: Marketing

          ou: Marketing

owner

          owner: cn=John Smith, o=Netscape Communications Corp., c=US

pagerTelephoneNumber

          pagerTelephoneNumber: 415-555-6789

          pager: 415-555-6789

physicalDeliveryOfficeName

          physicalDeliveryOfficeName: Santa Clara

postalAddress

          postalAddress: 1234 Ridgeway Drive$Santa Clara, CA$99555

          The dollar ($) value can be found 
          in the c:\cost file.

          The dollar (\24) value can be found$in the c:\5ccost file.

postalCode

          postalCode: 95050

postOfficeBox

          postOfficeBox: P.O. Box 1234

preferredDeliveryMethod

          preferredDeliveryMethod: telephone

replicaBinddn

          replicaBinddn: cn=replicator o=Netscape Communications Corp., 
          c=US

replicaBindMethod

          replicaBindMethod: simple

replicaCredentials

          replicaCredentials: bogusPassword

replicaHost

          replicaHost: master.netscape.com

replicaPort          

          replicaPort: 9872

replicaRoot

          replicaRoot: o=Netscape Communications Corp., c=US

replicaUpdateFailedAt

          replicaUpdateFailedAt: 199603261300z

replicaUpdateReplayed

replicaUpdateSchedule

          replicaUpdateSchedule: 0100-0400

          replicaUpdateSchedule: * 06

          replicaUpdateSchedule: 1145-1300 24

          1:00 AM - 4:00 AM, daily

          all day Saturday and Sunday

          11:45 AM -1:00 PM, Tuesday and Thursday

replicaUseSSL

          replicaUseSSL: 0

roomNumber

          roomNumber: 230

secretary

          secretary: Howard Benson

seeAlso

          seeAlso: cn=Quality Control Inspectors, ou=manufacturing, o=Ace 
           Industry, c=US

serverHostname

          serverHostname: twain.aceindustry.com

serverProductName

          serverProductName: Netscape Enterprise Server

serverRoot

          serverRoot: /usr/ns-home

serverVersionNumber

          serverVersionNumber: 3.0

stateOrProvinceName

          stateOrProvinceName: California

          st: California

streetAddress

          streetAddress: 1234 Ridgeway Drive

subtreeACI

          subtreeACI: -(&(privilege=write)(!(target=ldap:///self)))

surname

          surname: Anderson

          sn: Anderson

telephoneNumber

          telephoneNumber: 415-555-2233

title

          title: Senior QC Inspector

userid

          userid: banderson

          uid: banderson

userPassword

          userPassword: {sha}FTSLQhxXpA05