his
appendix describes the schema elements most commonly used in the directory
server. Most of the schema elements used in the directory server are part
of the standard LDAP protocol, which is in turn based on the X.500 standard.
However, some of the directory server's object classes and attributes are
extensions created by Netscape for use with its implementation of LDAP.
If an object class or attribute was created by Netscape and is not part
of the standard LDAP schema, a note is made in the description of that
object or attribute.
The directory server schema defines the type of information that can be stored on a directory server entry. This definition is provided by the following types of schema elements:
It is important that you use a consistent schema within your directory server because LDAP clients locate entries in your directory by searching for object classes or attributes and their associated values. If you use an inconsistent schema, then it becomes virtually impossible to locate information in your directory tree.
Further, LDAP clients are designed to work with a specific, well-defined schema. For the most part, the schema that these LDAP clients are designed to work with is the standard LDAP schema which, itself, is based on the X.500 standard. For this reason, most LDAP-based directory services begin with the standard LDAP schema, but then they add to it as they discover site-specific needs that are not met by the standard schema.
The Netscape LDAP schema takes this approach as well. Most of the schema elements in this appendix are based on the LDAP standard. However, Netscape has extended the schema to allow for directory activities that are not otherwise supported by the standard LDAP implementation. All of these extensions are noted in the following schema description. In addition, Netscape ships LDAP clients that expect the schema as defined in this appendix.
You can enforce your directory server's schema by turning schema checking on. When schema checking is turned on, you cannot add an object class or attribute to your directory server that is not a recognized part of the schema. For more information on schema checking, see the Netscape Directory Server Administrator's Guide.
Note that schema checking is not supported for the Netscape local directory.
You do not have to use the schema that is described here. In fact, it is assumed that you will extend this schema to support your own site's requirements. This is perhaps one of the most common activities surrounding a new directory server installation.
For a discussion on how to extend your schema, see the web page at the following URL:
As you extend your schema, it is important to remember that will have to start building customized LDAP clients to manage and use your directory. This is because the standard LDAP clients will not know the names of your new schema elements or what type of information they expect to be stored on these new elements. This is a problem that only gets worse as the clients become more sophisticated and begin to offer a graphical look at your directory contents, or to perform sophisticated directory management capabilities.
To aid you in developing customized LDAP clients, Netscape ships several command line LDAP clients with the directory server. You can use the command line tools to build rudimentary tools such as shell scripts to help you perform batch operations on your directory tree. You can also use these same command line tools with cgi scripts that allow you to perform directory management activities using a web server and your web browser.
In addition, Netscape provides the LDAP client SDK to allow you to quickly build LDAP clients using the C or Java programming languages.
For more information, on the command line client tools, see the Netscape Directory Server Administrator's Guide. For more information on the LDAP client SDK, go to:
http://developer.netscape.com/library/documentation/index.html
Perhaps one of the more confusing aspects about an LDAP schema is that you can place any data that you want on any attribute value. LDAP and the directory server place no restrictions on the data format, length, or type that you associate with individual attributes (other than some minimal syntax definitions that are used strictly for searching and pattern matching purposes). For example, when you represent a telephone number in your directory tree, you can legally represent it in any of the following ways:
(408) 555-5555
408-555-5555
1-408-555-5555
1.408.555.5555
555-5555
This free form data model provides you with maximum flexibility when you design your data policy. However, the caveat to this data model is that while the directory server and the LDAP protocol do not care about your data format, your LDAP clients do care about the representation of the data in your directory tree. This is especially true of graphical user interface clients that must display directory data in rigid-length fields. The format of your directory data is also important to the user who is searching your directory tree for a particular value. For example, if the user is searching for a telephone number in the form:
(408) 555-5555
but you have stored telephone numbers in the format:
1.408.555.5555
then the user may have difficulty in locating the actual entry for which she is searching. For these two reasons, it is important that you be as consistent as possible when storing data in your directory tree. Pick a format and stick with it. When managing the data in your directory tree, keep in mind not so much what the directory server requires, but rather what your LDAP clients and the users of your directory expects to find there. Doing so will vastly improve the usability of your directory data.
Object classes define the type of data an entry can contain. Each object class has a defined set of required and optional attributes. An object class may be a subclass of another object class, in which case the required attributes of the latter class are also required attributes of the former class.
Object classes are defined in the directory server NSHOME/slapd-server/config/slapd.oc.conf file, where NSHOME is the directory where you installed your server.
Attributes hold information about a specific descriptive aspect of the entry. Each attribute consists of an attribute type and an attribute value. The attribute type identifies the class of information given by that attribute (for example, telephone number). The attribute value is the particular instance of information appearing in that entry (for example, 555-1999).
Originally, attributes were defined using long names, such as commonName. Over several year, the standards have changed to allow the use of abbreviations. For example:
cn
commonName
If an attribute has an abbreviation, the abbreviation is given in the description of the attribute and may be used interchangeably with the full name in the list of attributes for an object class.
Object classes usually contain at least one required attribute, and they always contain one or more optional attributes. When an attribute is required, then attempts to add an entry to the directory without the required attribute results in an object class violation; that is, the attempt to add the entry fails.
Optional attributes are attributes that you are allowed, but not required, to add to the directory entry. If you attempt to add an attribute to an entry that is neither required or allowed according to the entry's object class definition, then the directory server will return an object class violation.
Note that the concept of a required or allowed attribute is meaningful only if schema checking is turned on. If schema checking is turned off, then you can add (or fail to add) any attribute to your directory; the directory server will make no attempt to ensure that the data you are adding to your directory conforms to the schema.
It is strongly recommended that you run your directory server with schema checking turned on.
The following sections describe the most common object classes that are used in the directory server. Most object classes are defined by the X.500 standard. In addition, Netscape provides some additional object classes for use with its LDAP implementation. Netscape also extends many of its object classes with new attribute definitions. The following types of object classes are described here:
The following two object classes describe entries representing an unordered set of names that represent individual objects or other groups of objects. Membership of a group is static: only administrative action can modify a group (such as adding a member), the membership is not determined dynamically each time a reference is made to the group. Each object class contains attributes that describe the group and its members. The two object classes described here are groupOfNames and groupOfUniqueNames.
Defines entries for a group of names.
Attributes
Attribute Description
cn
(Required) Defines the group's common name.
member
(Required) Defines a group member in distinguished name format.
businessCategory
Defines the type of business in which the group is engaged.
description
Provides a text description of the group's purpose.
o
Defines the organization in which the group resides.
ou
Defines the organizational unit in which the group resides.
owner
Defines the group's owner.
seeAlso
URL to information relevant to the group.
Defines entries for a group of unique names.
Attributes
Attribute Description
cn
(Required) Defines the group's common name.
uniqueMember
(Required) Defines a unique group member in distinguished name format.
businessCategory
Defines the type of business in which the group is engaged.
description
Provides a text description of the group's purpose.
o
Defines the organization in which the group resides.
ou
Defines the organizational unit in which the group resides.
owner
Defines the group's owner.
seeAlso
URL to information relevant to the group.
The following two object classes define directory servers. The first object class identifies the master or supplier server. The second object class identifies consumer servers and the entries to be supplied to those consumers. The two object classes are LDAPServer and LDAPReplica.
Identifies the local server. This object class is an extension to the standard LDAP schema.
Attributes
Attribute Description
cn
(Required) Defines the entry's common name.
changeLogMaximumAge
Identifies the maximum age that any change log entry is allowed to be.
changeLogMaximumSize
Identifies the maximum size of the server's change long.
description
Provides a text description of the server.
generation
Unique byte vector that identifies the server for replication purposes.
l
Identifies the locality in which the server resides.
ou
Defines the organizational unit in which the server resides.
seeAlso
URL to information relevant to the server.
subtreeACI
Defines access control information for the server's entry.
Identifies entries in the local server that are replicated to a remote server, and identifies the remote server to which the entries are replicated. This object class is an extension to the standard LDAP schema.
Attributes
|
Attribute Description
|
---|---|
cn
|
(Required)
Defines the entry's common name.
|
description
|
Provides a text description of the server.
|
l
|
Identifies the locality in which the server resides.
|
ou
|
Defines the organizational unit in which the
server resides.
|
replicaBinddn
|
Identifies the DN used by the local server to
bind to the consumer server.
|
replicaBindMethod
|
Identifies the method used by the local server
to bind to the consumer. Currently this attribute must be set to simple.
|
replicaCredentials
|
Password used by the local server to bind to
the consumer.
|
replicaHost
|
Hostname of the consumer server.
|
replicaPort
|
Port used by the consumer server for LDAP communications.
|
replicaRoot
|
Distinguished name representing the subtree on
the local server that is to be supplied to the consumer server.
|
replicaUpdateFailedAt
|
Time stamp when an update to the consumer server
failed.
|
replicaUpdateReplayed
|
Change number of the last change supplied to
the consumer server.
|
replicaUpdateSchedule
|
Identifies the schedule when the local server
begins an update to the consumer server.
|
replicaUseSSL
|
Indicates whether SSL is to be used for communications
with the consumer server.
|
seeAlso
|
URL to information relevant to the server.
|
subtreeACI
|
Defines access control information for the server's
entry.
|
The following two object classes describe locations in the directory tree. Each object class contains attributes that describe a location, such as the country name and description. The two object classes described here are country and locality.
Defines entries that represent countries.
Attributes
|
Attribute Description
|
---|---|
c
|
(Required)
Defines the entry's country name.
|
description
|
Provides a text description of the country.
|
Defines entries that represent localities or geographic areas.
Attributes
|
Attribute Description
|
---|---|
description
|
Provides a text description of the locality.
|
l
|
Identifies the entry's locality.
|
seeAlso
|
URL to information relevant to the locality.
|
st
|
Identifies the state or province in which the
locality resides.
|
streetAddress
|
Identifies a street address associated with the
locality.
|
The following two object classes describe entries representing organizations in the directory tree. Each object class contains attributes that describe an organization, such as its name and description. The two object classes described here are organization and organizationalUnit.
Defines entries that represent organizations. An organization is generally assumed to be a large, relatively static grouping within the larger corporation or enterprise.
Attributes
|
Attribute Description
|
---|---|
o
|
(Required)
Identifies the organization's name.
|
businessCategory
|
Identifies the business in which the organization
is involved.
|
description
|
Provides a text description of the organization.
|
facsimileTelephoneNumber
|
Identifies the fax number associated with the
organization.
|
l
|
Identifies the organization's location.
|
physicalDeliveryOfficeName
|
Identifies a location where physical deliveries
can be made.
|
postalAddress
|
Identifies the organization's mailing address.
|
postalCode
|
Identifies the organization's postal code (such
as a United States zip code).
|
postOfficeBox
|
Identifies the organization's post office box.
|
preferredDeliveryMethod
|
Identifies the organization's preferred method
of contact or delivery.
|
seeAlso
|
URL to information relevant to the organization.
|
st
|
Identifies the state or province in which the
organization resides.
|
streetAddress
|
Identifies a street address at which the organization
is located.
|
telephoneNumber
|
Identifies the telephone number associated with
the organization.
|
userPassword
|
Identifies the password with which the entry
can bind to the directory.
|
Defines entries that represent organizational units. An organizational unit is generally assumed to be a relatively static grouping within the larger organization
Attributes
|
Attribute Description
|
---|---|
ou
|
(Required)
Identifies the organizational unit's name.
|
businessCategory
|
Identifies the business in which the organizational
unit is involved.
|
description
|
Provides a text description of the organizational
unit.
|
facsimileTelephoneNumber
|
Identifies the fax number associated with the
organizational unit.
|
l
|
Identifies the organizational unit's location.
|
physicalDeliveryOfficeName
|
Identifies a location where physical deliveries
can be made.
|
postalAddress
|
Identifies the organizational unit's mailing
address.
|
postalCode
|
Identifies the organizational unit's postal code
(such as a United States zip code).
|
postOfficeBox
|
Identifies the organizational unit's post office
box.
|
preferredDeliveryMethod
|
Identifies the organizational unit's preferred
method of contact or delivery.
|
seeAlso
|
URL to information relevant to the organizational
unit.
|
st
|
Identifies the state or province in which the
organizational unit resides.
|
streetAddress
|
Identifies a street address at which the organizational
unit is located.
|
telephoneNumber
|
Identifies the telephone number associated with
the organizational unit.
|
userPassword
|
Identifies the password with which the entry
can bind to the directory.
|
The following four object classes describe entries representing people in the directory. Each object class contains attributes that describe a person, such as name, telephone number, and address. The four object classes described here are person, organizationalPerson, inetOrgPerson, and NTUser.
Defines entries that represent people generically. This object class is the base class for the organizationalPerson object class.
Attributes
|
Attribute Description
|
---|---|
cn
|
(Required)
Defines the person's common name.
|
sn
|
(Required)
Defines the person's surname, or last name.
|
description
|
Provides a text description of the person.
|
seeAlso
|
URL to information relevant to the person.
|
telephoneNumber
|
Identifies the person's telephone number.
|
userPassword
|
Identifies the password with which the person
can bind to the directory.
|
Defines entries for people employed by or in some other important way associated with an organization. The organizationalPerson object class is an extension of the person object class.
Attributes
|
Attribute Description
|
---|---|
cn
|
(Required)
Defines the person's common name.
|
sn
|
(Required)
Defines the person's surname, or last name.
|
description
|
Provides a text description of the person.
|
facsimileTelephoneNumber
|
Identifies the person's fax number.
|
l
|
Identifies the location in which the person resides.
|
ou
|
Identifies the organizational unit to which the
person belongs.
|
physicalDeliveryOfficeName
|
Identifies a location where physical deliveries
can be made.
|
postalAddress
|
Identifies the person's mailing address.
|
postalCode
|
Identifies the person's postal code (such as
a United States zip code).
|
postOfficeBox
|
Identifies the person's post office box.
|
preferredDeliveryMethod
|
Identifies the person's preferred method of contact
or delivery.
|
seeAlso
|
URL to information relevant to the person.
|
st
|
Identifies the state or province in which the
person resides.
|
streetAddress
|
Identifies a street address at which the person
is located.
|
telephoneNumber
|
Identifies the person's telephone number.
|
title
|
Identifies the person's title.
|
userPassword
|
Identifies the password with which the person
can bind to the directory.
|
Defines entries representing people organization's intranet. This object class is a Netscape extension to the standard LDAP schema.
Attributes
|
Attribute Description
|
---|---|
cn
|
(Required)
Defines the person's common name.
|
sn
|
(Required)
Defines the person's surname, or last name.
|
businessCategory
|
Identifies the business in which the person is
involved.
|
carLicense
|
Identifies the person's car license plate number.
|
departmentNumber
|
Identifies the department for which the person
works.
|
description
|
Provides a text description of the person.
|
employeeNumber
|
Identifies the person's employee number.
|
employeeType
|
Identifies the person's type of employment (for
example, full time).
|
facsimileTelephoneNumber
|
Identifies the person's fax number.
|
givenName
|
Identifies the person's given, or first, name.
|
homePhone
|
Identifies the person's home phone number.
|
homePostalAddress
|
Identifies the person's home mailing address.
|
initials
|
Identifies the person's initials.
|
jpegPhoto
|
Contains an image in jpeg format.
|
l
|
Identifies the location in which the person resides.
|
labeledURI
|
Specifies a universal resource locator that is
relevant to the person.
|
mail
|
Identifies the person's electronic mailing address.
|
manager
|
Distinguished name representing the person's
manager.
|
mobile
|
Identifies the person's mobile phone number.
|
ou
|
Identifies the organizational unit to which the
person belongs.
|
pager
|
Identifies the person's pager number.
|
physicalDeliveryOfficeName
|
Identifies a location where physical deliveries
can be made.
|
postalAddress
|
Identifies the person's business mailing address.
|
postalCode
|
Identifies the person's business postal code
(such as a United States zip code).
|
postOfficeBox
|
Identifies the person's business post office
box.
|
preferredDeliveryMethod
|
Identifies the person's preferred method of contact
or delivery.
|
roomNumber
|
Identifies the room number in which the person
is located.
|
secretary
|
Identifies the person's secretary or administrator.
|
seeAlso
|
URL to information relevant to the person.
|
st
|
Identifies the state or province in which the
person resides.
|
streetAddress
|
Identifies a street address at which the person
is located.
|
subtreeACI
|
Identifies access control information for the
person's entry.
|
telephoneNumber
|
Identifies the person's telephone number.
|
title
|
Identifies the person's title.
|
uid
|
Identifies the person's user ID.
|
userPassword
|
Identifies the password with which the person
can bind to the directory.
|
Defines entries that are to be synchronized between directory server and a Windows NT network. The attributes defined by NTUser assist in NT Synchronization. This is a Netscape extended object class for use with the Netscape LDAP implementation.
All NTUser attributes are read-only, except for NTUserCreateNewAccount, NTUserDomainId, and NTUserDeleteAccount. Any modifications you make to read-only NTUser attributes will be deleted and the original values will be replaced when the next NT Synchronization occurs.
Several directory server attributes correspond directly to NT user account fields. When you create a new person entry in directory server that is to be synchronized with NT, directory server attributes will be assigned to NT user account fields as follows:
directory server attribute
NT user account field
cn or commonName
full_name
description
comment
userid
name
userid
password
Attributes
|
Attribute Description
|
---|---|
NTUserDomainId
|
(Required)
Identifies the corresponding NT user and domain name.
|
NTUserAcctExpires
|
Identifies when the user's NT account will expire.
|
NTUserAuthFlags
|
Identifies the user's privileges on the NT network.
|
NTUserBadPwCount
|
Identifies the number of times that a failed
login attempt occurred in NT using the user's NT login ID.
|
NTUserCodePage
|
Identifies the user's code page.
|
NTUserComment
|
Provides a description for the user's NT account.
|
NTUserCountryCode
|
Identifies the user's country code.
|
NTUserCreateNewAccount
|
Identifies whether an NT account should be created
when this entry is created in the directory server.
|
NTUserDeleteAccount
|
Identifies whether the user's NT account should
be deleted when this entry is deleted from the directory server.
|
NTUserFlags
|
Identifies various NT account flags.
|
NTUserHomeDir
|
NT directory path to the user's home directory.
|
NTUserHomeDirDrive
|
Drive letter assigned to the user's home directory.
|
NTUserLastLogoff
|
Time of the user's last logoff from NT.
|
NTUserLastLogon
|
Time of the user's last logon to NT.
|
NTUserLogonHours
|
Identifies the times when the user is allowed
to logon to NT.
|
NTUserLogonServer
|
Server to which the user's NT logon requests
are sent.
|
NTUserMaxStorage
|
Maximum disk space available to the user under
NT.
|
NTUserNumLogons
|
Identifies the number of successful logins to
the user's NT account.,
|
NTUserPasswordExpired
|
Identifies if the user's password has expired
under NT.
|
NTUserPrimaryGroupId
|
Identifies the user's primary global group.
|
NTUserProfile
|
Path to the user's NT profile.
|
NTUserScriptPath
|
Path to the user's NT login script.
|
NTUserUniqueId
|
Identifies the user's NT RID.
|
NTUserUnitsPerWeek
|
Value used to compute the user's NTUserLogonHours.
|
NTUserUsrComment
|
Contains comments regarding the user's NT entry.
|
NTUserParms
|
Unicode string used by NT applications.
|
NTUserWorkstations
|
NT workstations from which the user is allowed
to log into the NT domain.
|
The following object classes are used by Netscape to integrate Suitespot 3.0 servers with the directory. The object classes described here are nginfo, mailRecipient, mailGroup, groupOfMailEnhancedUniqueNames, netscapeServer, and nsLicenseUser.
Object class used by the collabra server to store discussion (news) group information. nginfo is a Netscape extension to the standard LDAP schema.
Object classes of this type are stored in a separate subtree off your directory's root point. The branch point is represented by the ngcomponent=. entry. Thus, if your directory's suffix is o=Ace Industry, c=US, then all discussion group information is stored in the subtree:
ngcomponent=., o=Ace Industry, c=US
This subtree and it's contents are written directly to the directory by the collabra server. The structure of this tree, the format and usage of the nginfo object class, and the format and usage of the nginfo attributes are subject to change without notice.
Attributes
|
Attribute Description
|
---|---|
ngcomponent
|
(Required)
Provides a single part of the discussion group's name.
|
description
|
Provides a text description of the discussion
group.
|
nsnewsACL
|
Access control set for the discussion group.
|
subtreeACI
|
Directory permissions set for the discussion
group entry.
|
description
|
Description of the discussion group.
|
nsaclrole
|
Identifies the access permissions set for the
various collabra roles.
|
nsprettyname
|
Provides the discussion group's name.
|
nsflags
|
Reserved for future use.
|
nscreator
|
Indicates the user ID of the discussion group's
creator.
|
Object class used as an enhancement to inetOrgPerson. mailRecipient is a Netscape extension used by the Messaging Server to define a person who is a user of the Netscape Messaging Server. That is, mailRecipient represents a mail account.
Attributes
|
Attribute Description
|
---|---|
cn
|
(Required)
Defines the person's common name.
|
mail
|
Identifies the person's electronic mailing address.
|
mailAccessDomain
|
Identifies the domain from which the mail user
can login to obtain mail.
|
mailAlternateAddress
|
Identifies an alternate mail address for the
user.
|
mailAutoReplyMode
|
Identifies the auto reply mode set for the mail
user.
|
mailAutoReplyText
|
Contains the text sent when autoreplying to mail
sent to the user.
|
mailDeliveryOption
|
Identifies the mail delivery mechanism to be
used for the mail user.
|
mailForwardingAddress
|
Identifies a mail address to which the user's
mail is to be forwarded.
|
mailHost
|
Identifies the host on which the user's mail
account resides.
|
mailMessageStore
|
Identifies the path to the user's mail box.
|
mailProgramDeliveryInfo
|
Identifies commands used for programmed mail
delivery.
|
mailQuota
|
Maximum disk size allowed for the user's mail
box.
|
multiLineDescription
|
Contains descriptive text regarding the mail
user.
|
uid
|
Identifies the mail user's user ID.
|
userPassword
|
Identifies the password with which the mail user
can bind to the directory.
|
Object class used as an enhancement to groupOfUniqueNames. mailGroup is a Netscape extension used by the Messaging Server to define a group of mailRecipient. mailGroup is used to store Messaging Server mailing lists.
Attributes
|
Attribute Description
|
---|---|
mail
|
(Required)
Identifies the person's electronic mailing address.
|
cn
|
Defines the person's common name.
|
mailAlternateAddress
|
Identifies an alternate mail address for the
user.
|
mailHost
|
Identifies the host on which the user's mail
account resides.
|
mgrpAllowedBroadcaster
|
URL identifying a mail user that is allowed to
send mail to the mail group.
|
mgrpAllowedDomain
|
Domain from which users can send mail to the
mail group.
|
mgrpDeliverTo
|
Alternative method of identifying members of
the mail group.
|
mgrpErrorsTo
|
Mailing address to which mail delivery error
messages are sent.
|
mgrpModerator
|
Mailing address to which rejected mail messages
are sent.
|
mgrpMsgMaxSize
|
Maximum message size that can be sent to the
mail group.
|
mgrpMsgRejectAction
|
Specifies the action to the taken in the event
that mail sent to the mail group is rejected
|
mgrpMsgRejectText
|
Contains the text to be sent in the event that
mail sent to the mail group is rejected.
|
mgrpRFC822MailMember
|
Identifies a recipient of mail that is sent to
the mail group, but who is not in actuality a member of the mail group.
|
owner
|
Distinguished name that identifies the mail group's
owner.
|
Netscape extension used by the Messaging Server. Reserved for future use.
Attributes
|
Attribute Description
|
---|---|
cn
|
(Required)
Defines the group's common name.
|
businessCategory
|
Identifies the business in which the mail group
is involved.
|
description
|
Provides a text description of the group.
|
o
|
Identifies the organization to which the group
belongs.
|
ou
|
Identifies the organizational unit to which the
group belongs.
|
seeAlso
|
URL to information relevant to the person.
|
Object class used to identify entries used by Netscape servers to bind to the directory when performing directory access. netscapeServer is a Netscape extension to the standard LDAP schema.
Attributes
|
Attribute Description
|
---|---|
cn
|
(Required)
Defines the server entry's common name.
|
description
|
Provides a text description of the server.
|
serverRoot
|
Path to the server's installation root.
|
serverHostname
|
Hostname on which the Netscape server is installed.
|
serverProductName
|
Identifies the Netscape server's product name.
|
serverVersionNumber
|
Identifies the Netscape server's version number.
|
installationTimeStamp
|
Time when the Netscape server was installed.
|
administratorContactInfo
|
URL to information for the person responsible
for administering the Netscape server.
|
adminURL
|
URL to the administration server under which
the Netscape server is running.
|
Object class used to track licenses for Netscape Servers that are licensed on a per-client basis. This object class is a Netscape extension to the standard LDAP schema. It is intended to be used with the inetOrgPerson object class. The contents of this object class can be managed by the User and Group area of the Netscape Administration Server 3.0.
Attributes
|
Attribute Description
|
---|---|
nsLicensedFor
|
Identifies the Netscape server that the user
is licensed to use.
|
nsLicenseStartTime
|
Reserved for future use.
|
nsLicenseEndTime
|
Reserved for future use.
|
The following define the most common attributes used to describe an entry in the directory tree. To determine which attributes are required and allowed for each object class, see "Object Class Definitions" .
Each attribute has a corresponding syntax definition that describes the nature of the attribute information. This syntax is important only when the directory server is performing sorting and pattern matching; there is nothing to otherwise prevent you from, for example, placing a telephone number on an attribute that expects a distinguished name. For more information about attributes and attribute values, see "A note about attribute values" .
The possible attribute syntaxes are:
Attributes are defined in the NSHOME\slapd-server\config\slapd.at.conf file.
Provides a URL to information about the person responsible for administering the Netscape server. This attribute is a Netscape extension used by the netscapeServer object class. Normally this attribute and this attribute value is written to the directory when a Netscape server is initially installed. For example:
administratorContactInfo: ldap://uid=ssarette, o=Ace Industry, c=US
Syntax: cis
Provides the URL to the administration server through which you can manage the Netscape server. This attribute is a Netscape extension used by the netscapeServer object class. Normally this attribute and this attribute value is written to the directory when a Netscape server is initially installed. For example:
adminURL: http://twain.aceindustry.com:2468
Syntax: cis
Identifies the type of business in which the entry is engaged. This should be a broad generalization such as is made at the corporate division level.
For example:
businessCategory: Engineering
Syntax: cis
Identifies the entry's automobile license plate number. For example:
carLicense: 6ABC246
Syntax: cis
This attribute is a Netscape extension to the standard LDAP schema.
Identifies the maximum age in seconds for entries in the change log. Entries are discarded once they become older than the maximum age specified. For example:
changeLogMaximumAge: 86000
Syntax: cis
This attribute is a Netscape extension to the standard LDAP schema.
Identifies the maximum size in bytes for the change log file. Entries are discarded from this file once it reaches the maximum size. For example:
changeLogMaximumSize: 2400000
Syntax: cis
This attribute is a Netscape extension to the standard LDAP schema.
When in reference to an object class other than LDAPReplica or LDAPServer, cn identifies the entry's common name, or full name. For example:
commonName: Bill Anderson
or:
cn: Bill Anderson
When in reference to the LDAPReplica or LDAPServer object classes, it identifies the converted DNS name of the server and root of the replicated directory tree into distinguished name format. For example:
commonName: replicater.netscape.com:17430/o%3Dace%20industry %2Cc%3us
or:
cn: replicater.netscape.com:17430/o%3Dace%20industry%2Cc%3us
Abbreviation: cn
Syntax: cis
Identifies the name of a country. For example:
countryName: Ireland
Abbreviation: c
Syntax: cis
Identifies the entry's department number. For example:
departmentNumber: 2604
Syntax: cis
This attribute is a Netscape extension to the standard LDAP schema.
Describes the entry. For people and organizations this often includes their role or work assignment. For example:
description: Quality control inspector for the ME2873 product line
Syntax: cis
Identifies the entry's employee number. For example:
employeeNumber: 15300
Syntax: cis
This attribute was created by Netscape for use with its LDAP implementation.
Identifies the entry's type of employment. For example:
employeeType: Full time
Syntax: cis
This attribute is a Netscape extension to the standard LDAP schema.
Identifies the fax number at which the entry can be reached. For example:
facsimileTelephoneNumber: 415-555-1212
or:
fax: 415-555-1212
Abbreviation: fax
Syntax: tel
Identifies a byte vector assigned to the server to distinguish it from any other generation or version of the server. The generation attribute is used only for replica synchronization.
Syntax: ces
This attribute is a Netscape extension to the standard LDAP schema.
Identifies the entry's given, or first, name. For example:
givenName: Bill
Syntax: cis
Identifies the entry's home phone number. For example:
homeTelephoneNumber: 415-555-1212
or:
homePhone: 415-555-1234
Abbreviation: homePhone
Syntax: tel
Identifies the entry's home mailing address. This field is intended to include multiple lines, but each line within the entry should be separated by a dollar sign ($). For example:
homePostalAddress: 1234 Ridgeway Drive$Santa Clara, CA$99555
To represent an actual dollar sign ($) or backslash (\) within this text, use the escaped hex values \24 and \5c respectively. For example, to represent the string:
The dollar ($) value can be found in the c:\cost file.
provide the string:
The dollar (\24) value can be found$in the c:\5ccost file.
Syntax: cis
Identifies the entry's initials. For example:
initials: BFA
Syntax: cis
Identifies the date and time in zulu format when the Netscape server was installed. This attribute is a Netscape extension used by the netscapeServer object class. Normally this attribute and this attribute value is written to the directory when a Netscape server is initially installed. For example:
installationTimeStamp: 199703261517z
Syntax: cis
Defines a JPEG photo of the entry.
Syntax: bin
Specifies a Uniform Resource Identifier (URI) that is relevant in some way to the entry. Values placed in the attribute should consist of a URI (currently only URLs are supported) optionally followed by one or more space characters and a label. For example:
labeledURI: http://home.netscape.com [Netscape corporations's home page]
Syntax: cis
Identifies the county, city, or other geographical area in which the entry is located or in some other way associated with. For example:
localityName: Santa Clara
or:
l: Santa Clara
Abbreviation: l
Syntax: cis
Identifies the entry's email address. For example:
mail: banderson@aceindustry.com
Syntax: cis
Identifies the domain or IP address from which the user can perform a POP/ IMAP logon. This attribute is a Netscape extension used by the Messaging Server. For example:
mailAccessDomain: aceindustry.com
Syntax: cis
Identifies an alternative mail address for a mail user. This attribute is a Netscape extension used by the Messaging Server to match a mail address to a user. A mail account can have as many instances of this attribute as the user has alternate mail addresses. For example:
mailAlternateAddress: Babs_Jensen@aceindustry.com mailAlternateAddress: Bjensen@aceindustry.com
Syntax: cis
Identifies the mail auto reply mode for the mail user. This attribute is a Netscape extension used by the Messaging Server. Zero or one (0 - 1) instances of this attribute are expected per mail user account. Valid keywords for this attribute are:
For example:
mailAutoReplyMode: vacation
Syntax: cis
Provides auto reply text for a mail user. This attribute is a Netscape extension used by Messaging Server. When represented in LDIF format, each line should be separated by a dollar sign ($). The Messaging Server expects 0 or 1 occurrences of this attribute per mail account. For example:
mailAutoReplyText: On vacation$Back in the office on Monday.
To represent an actual dollar sign ($) or backslash (\) within this text, use the escaped hex values \24 and \5c respectively. For example, to represent the string:
The dollar ($) value can be found in the c:\cost file.
provide the string:
The dollar (\24) value can be found$in the c:\5ccost file.
Syntax: cis
Identifies the mail delivery mechanism to be used for the mail user. This attribute is a Netscape extension used by the Messaging Server. Zero to three (0 - 3) instances of this attribute are expected per mail user account. However, if no instance of this attribute exists on the mail user entry, then at least one mailForwardingAddress attribute must exist on the entry. Valid keywords for this attribute are:
For example:
mailDeliveryOption: mailbox
Syntax: cis
Netscape extension used by the Messaging Server. Reserved for future use.
Syntax: dn
Identifies a mail address to which mail is forwarded. This attribute is a Netscape extension used by the Messaging Server to forward incoming mail to the correct location. For example:
mailForwardingAddress: bjensen@royalairways.com
Syntax: cis
Identifies the DNS hostname of the host on which the user's mail account resides. This attribute is a Netscape extension used by the Messaging Server to route incoming mail to the correct location. The Messaging Server expects one and only one instance of this attribute per mailRecipient entry, or zero or one instances of this attribute on a mailGroup entry. The value specified on this attribute must be the host's fully qualified domain name. For example:
mailHost: mars.aceindustry.com
Syntax: cis
Identifies the absolute path on the user's mail host to the location under which the user's mailbox resides. This attribute is a Netscape extension used by the Messaging Server and this attribute is applicable only if the user's mailDeliveryOption is set to mailbox. The Messaging Server expects zero or one (0 or 1) instances of this attribute. If no instances of this attribute exist on the user's entry, then the default configured on the user's Messaging Server is used. For example:
mailMessageStore: /disk2/mail
Syntax: ces
Identifies one or more commands, delimited by $, to be used for programmed mail delivery. This attribute is a Netscape extension used by the Messaging Server. The Messaging Server expect zero or one (0-1) instances of this attribute per user account. This attribute is meaningful only if all of the following conditions are true:
For example:
mailProgramDeliveryInfo: /usr/local/bin/procmail -f-
Syntax: ces
Identifies the maximum disk space in bytes that may be consumed by the user's mailbox. This attribute is a Netscape extension used by the Messaging Server and this attribute is applicable only if the user's mailDeliveryOption is set to mailbox. The Messaging Server expects zero or one (0 or 1) instances of this attribute. If no instances of this attribute exist on the user's entry, then the default configured on the user's Messaging Server is used. For example:
mailQuota: 1000000
Note that if this attribute is set to zero, then no limit is set on the disk space quota.
Syntax: cis
Identifies the distinguished name of the person's manager. For example:
manager: cn=Jane Doe, ou=Quality Control, o=Ace Industry, c=US
Syntax: dn
Identifies the distinguished names for each member of the group. For example:
member: cn=John Doe, o=Netscape Communications Corp., c=US
Syntax: dn
Identifies mail users allowed to send messages to the mail group. This attribute is a Netscape extension used by the Messaging Server to manage mailing lists. If no instances of this attribute exist on the mailGroup entry, then there are no restrictions on who can send messages to the mail group unless the mgrpAllowedDomain attribute is used.
The Messaging Server expects this attribute to contain either a distinguished name or a rfc822address. If a distinguished name is used, it must represent a mailable entry or entries of type group or groupOfUniqueNames. The distinguished name must be represented in the form of a LDAP URL as described in RFC1959, An LDAP URL format.
For example:
mgrpAllowedBroadcaster: ldap://uid=bjensen, o=Ace Industry, c=US mgrpAllowedBroadcaster: mailto:sys50@aceindustry.com
Syntax: ces
Identifies domains from which users are allowed to send messages to the mail group. This attribute is a Netscape extension used by the Messaging Server to manage mailing lists. If no instances of this attribute exist on the mailGroup entry, then there are no restrictions on who can send messages to the mail group unless the mgrpAllowedBroadcaster attribute is used.
This is by defaulted to a wild card value. That is, a value of "aceindustry.com" will match any user sending from "*.aceindustry.com"
For example:
mgrpAllowedDomain: aceindustry.com
Syntax: cis
Alternative method of specifying mail group membership. This attribute is a Netscape extension used by the Messaging Server to manage mailing lists. The Messaging Server expects this attribute to contain an LDAP URL using the format described in RFC1959, An LDAP URL format. Any entries returned by the resulting LDAP search are members of the mailing group. For example:
mgrpDeliverTo: ldap:///ou=Accounting,o=Netscape,c=US??sub?(& (objectClass=mailRecipient)(objectClass=inetOrgPerson))
Syntax: ces
Identifies a mailing address to send error messages to for notification of mail delivery problems, such as bounced mails or members of the mailing group that lack a mailing address. This attribute is a Netscape extension used by the Messaging Server to manage mailing lists. If no instances of this attribute exist on the mailGroup entry, then error handling is managed according to the default set in the Messaging Server.
The Messaging Server expects this attribute to contain either a distinguished name or a rfc822address. If a distinguished name is used, it must represent a mailable entry or entries of type group or groupOfUniqueNames. The distinguished name must be represented in the form of a LDAP URL as described in RFC1959, An LDAP URL format.
For example:
mgrpErrorsTo: ldap://uid=bjensen, o=Ace Industry, c=US mgrpErrorsTo: mailto:sys50@aceindustry.com
Syntax: ces
Identifies a mailing address to send rejected messages to. This attribute is a Netscape extension used by the Messaging Server to manage mailing lists. This is the address that rejected mail from a mailing list is sent to.
The Messaging Server may reject mail either because it is received from an unauthorized domain (as defined by the mgrpAllowedDomain attribute) or is received from an mail address that is not a member of the mgrpAllowedBroadcaster attribute. The Messaging Server will only forward mail to the address(es) identified by this attribute if the mgrpMsgRejectAction attribute includes toModerator. If no instances of this attribute exist on the mailGroup entry, and mgrpMsgRejectAction attribute is set to toModerator, then rejected mail that is supposed to be sent to the moderator is dumped (that is, it is deleted from the mail system with no further human interaction).
The Messaging Server expects this attribute to contain either a distinguished name or a rfc822address. If a distinguished name is used, it must represent a mailable entry or entries of type group or groupOfUniqueNames. The distinguished name must be represented in the form of a LDAP URL as described in RFC1959, An LDAP URL format.
For example:
mgrpErrorsTo: ldap://uid=bjensen, o=Ace Industry, c=US mgrpErrorsTo: mailto:sys50@aceindustry.com
Syntax: ces
Identifies the maximum message size in bytes that is allowed to be sent to the mail group. This attribute is a Netscape extension used by the Messaging Server to manage mailing lists. The Messaging Server expects one and only one instance of this attribute to exist for every mailGroup entry. For example:
mgrpMsgMaxSize: 2000
Syntax: cis
Identifies the action to be taken when a mail sent to a mail group is rejected. This attribute is a Netscape extension used by the Messaging Server to manage mailing lists.
The Messaging Server may reject mail either because it is received from an unauthorized domain (as defined by the mgrpAllowedDomain attribute), is received from an mail address that is not a member of the mgrpAllowedBroadcaster attribute, or is larger than the size permitted on mgrpMsgMaxSize.
The Messaging Server expects from zero to two (0-2) instances of this attribute per mailGroup entry. If no instances of this attribute exist on the mailGroup entry, then reply is used by default. Valid keywords for this attribute are:
For example:
mgrpMsgRejectAction: bounce
Syntax: cis
Identifies the text to be sent by the Messaging Server when mail sent to a mail group is rejected and the mgrpMsgRejectAction attribute is set to either bounce or reply. This attribute is a Netscape extension used by the Messaging Server to manage mailing lists.
The Messaging Server expects from zero to one (0-1) instances of this attribute to exist per mailGroup entry. Multiline text may be delimited using $ when represented in LDIF format. If no instances of this attribute exist on the mailGroup entry, then the default text set in the Messaging Server is used for rejected mail.
For example:
mgrpMsgRejectText: The mail you have sent to the Crazed Bikers$ mailing list has been rejected because$you are not a recognized member of the Crazed Bikers group.$Please contact Big Daddy Biker at rsweeny@aceindustry.com for information on how to become$a crazed biker.
Syntax: ces
Identifies recipients of mail sent to a mailGroup that are not actually members of the mail group. Conceptually, these mail addresses can be thought of as "CC recipients". That is, this attribute is used to represent mail recipients that cannot be expressed as distinguished names, or who are to be sent mail from this group but who do not have the full privileges of a unique group member. This attribute is a Netscape extension used by the Messaging Server to manage mailing lists.
The Messaging Server expects this attribute to contain rfc822 mail addresses using the following form:
rfc822MailAddress [ % 'full' name] [ %1 (group parameter #1)] [ %2 (group parameter #2)]...
bjensen@aceindustry.com
For example:
mgrpRFC822MailMember: bjensen@aceindustry.com%Babs Jensen
Syntax: cis
Identifies the entry's mobile or cellular phone number. For example:
mobileTelephoneNumber: 415-555-4321
or:
mobile: 415-555-4321
Abbreviation: mobile
Syntax: tel
Provides descriptive text for a mail user. This attribute is a Netscape extension used by Messaging Server. When represented in LDIF format, each line should be separated by a dollar sign ($). The Messaging Server expects 0 or 1 occurrences of this attribute per mail account. For example:
multiLineDescription: Account Administrator and$directory manager.
Syntax: cis
To represent an actual dollar sign ($) or backslash (\) within this text, use the escaped hex values \24 and \5c respectively. For example, to represent the string:
The dollar ($) value can be found in the c:\cost file.
provide the string:
The dollar (\24) value can be found$in the c:\5ccost file.
Identifies a part of a the news group name. This attribute is a Netscape extension to the standard LDAP schema. It is used by the collabra server on nginfo entries to uniquely identify news groups. The format and nature of the information placed on this attribute by the collabra server is subject to change without notice.
For example, the ngcomponent attributes put in place for the comp.sys.mac newsgroup would be:
dn: ngcomponent=mac, ngcomponent=sys, ngcomponent=comp, ngcomponent=., o=Ace Industry, c=US objectclass: top objectclass: nginfo ngcomponent=mac ngcomponent=sys ngcomponent=comp ngcomponent=.
Syntax: cis
Identifies the Netscape server that the user is licensed to use. The Netscape Administration server expects each nsLicenseUser entry to contain zero or more instances of this attribute. Valid keywords for this attribute are currently:
For example:
nsLicensedFor: slapd
Syntax: cis
Reserved for future use.
Syntax: cis
Reserved for future use.
Syntax: cis
Identifies the access for individual news group roles (for example, manager, poster, reader, etc). This attribute is a Netscape extension to the standard LDAP schema. It is used by the collabra server on nginfo entries to identify access control for individual news groups. This attribute is used only on the branch point of the ngcomponent subtree. The format and nature of the information placed on this attribute by the collabra server is subject to change without notice.
For example:
nsaclrole: admin:aprv
Syntax: cis
Identifies the creator of a news group. This attribute is a Netscape extension to the standard LDAP schema that is used by the collabra server on nginfo entries to identify a news group creator's uid. The format and nature of the information placed on this attribute by the collabra server is subject to change without notice.
For example:
nscreator: admin
Syntax: cis
Reserved for future use.
Syntax: cis
Identifies the pretty name or display name for the news group. This attribute is a Netscape extension to the standard LDAP schema that is used by the collabra server on nginfo entries to identify individual news groups. The format and nature of the information placed on this attribute by the collabra server is subject to change without notice.
For example:
nsprettyname: MKTG FOR RACHU
Syntax: cis
Identifies the access control set for individual news groups. This attribute is a Netscape extension to the standard LDAP schema. It is used by the collabra server on nginfo entries to identify access control for individual news groups. The format and nature of the information placed on this attribute by the collabra server is subject to change without notice.
For example:
nsnewsACL: 2:*:a:D::admin:bpolk::d:*:a:D::manager:admin::d:
Syntax: cis
Indicates when the entry's Windows NT account will expire. This value is stored as a string in GMT format. For example:
NTUserAcctExpires: 19961015203415Z
Syntax: cis
Identifies an unsigned long integer that contains the entry's operator privileges on the Windows network. For example:
NTUserAuthFlags: AAAAAA==
Syntax: bin
Identifies the number of attempts to log on to the Windows account using an incorrect password. A value of 0xFFFFFFFF represents that the value is unknown. For example:
NTUserBadPwCount: AAAAAA==
Syntax: bin
Code page for the user's language of choice. For example:
NTUserCodePage: AAAAAA==
Syntax: bin
ASCII string representing a description or comments about this entry. For example:
NTUserComment: Quality control inspector for the ME2873 product line
Syntax: cis
Country code for the user's language of choice. For example:
NTUserCountryCode: AAAAAA==
Syntax: cis
Indicates whether a corresponding NT user account should be created for the new person entry in the directory server. NTUserCreateNewAccount can be edited from directory server. If NTUserCreateNewAccount is set to True and an NT account does not exist for the specified user name, an NT account will be created. If the attribute is set to False and an NT account does not exist, an error will be logged. If an NT account exists and the attribute is set to False, the existing NT account will be updated. For example:
NTUserCreateNewAccount: true
Syntax: cis
Indicates whether the NT user account should be deleted when the entry is deleted from the directory server. NTUserDeleteAccount can be edited from directory server. If the attribute is set to true, the NT user account will be deleted if the entry is deleted from the directory server. If the attribute is set to false, the NT user account will not be deleted. See "Deleting NTUser entries" for more information on deleting NTUser entries. For example:
NTUserDeleteAccount: true
Syntax: cis
Identifies the NT domain name and user name of the entry in the form NT- domain-name:NT-username. NTUserDomainId can be edited from the directory server. For example:
NTUserDomainId: workgroup:jsmith
Syntax: cis
Identifies values that determine several features about the user and their account. For example:
NTUserFlags: AQIBAA==
Syntax: bin
ASCII string that represents the path of the user's home directory. The string can be null. For example:
NTUserHomeDir: c:\u\d78\jsmith\
Syntax: cis
ASCII string that represents the drive letter assigned to the user's home directory. For example:
NTUserHomeDirDrive: c:
Syntax: cis
Identifies the time of the last logoff. This value is stored as a string in GMT format. For example:
NTUserLastLogoff: 19961015203415Z
Note that if security logging is turned on, then this attribute is updated on synchronization only if some other aspect of the user's entry has changed.
Syntax: cis
Identifies the time of the last logon. This value is stored as a string in GMT format. For example:
NTUserLastLogon: 19961015203415Z
Note that if security logging is turned on, then this attribute is updated on synchronization only if some other aspect of the user's entry has changed.
Syntax: cis
Identifies the times during which the user may log on. Time is represented by a one-to-one correspondence between the hour of the week and a bit within the string. For example, bit 0 word 0 is Sunday, 0:00 to 0:59. Bit 1 word 0 is Sunday, 1:00 to 1:59, etc. For example:
NTUserLogonHours: ///1000011100000101111111...
Note that if security logging is turned on, then this attribute is updated on synchronization only if some other aspect of the user's entry has changed.
Syntax: bin
ASCII string that represents the name of the server to which the user's logon requests are sent. Server names should be preceded by two backslashes (\\). Server names of \\* indicate that the logon request can be handled by any logon server. A null string represents that requests are sent to the domain controller. For example:
NTUserLogonServer: \\firefly
Syntax: cis
Maximum amount of disk space the user may use. For example:
NTUserMaxStorage: ///////W==
Syntax: bin
Identifies the number of successful logons to this account. A value of 0xFFFFFFFF indicates the value is unknown. For example:
NTUserNumLogons: WwAAAA==
Syntax: bin
Unicode string that is set aside for use by applications. For example:
NTUserParms: Temp date is today
Syntax: cis
Identifies if the user's NT password has expired. The value will be zero if the password has not expired, or nonzero if it has. For example:
NTUserPasswordExpired: AAAAAA==
Syntax: bin
Identifies the relative ID (RID) of the Primary Global Group for the user. For example:
NTUserPrimaryGroupId: AQJAAA==
Syntax: bin
Identifies the user's level of privilege on the Window's Network. For example:
NTUserPriv: AgAAAA==
Syntax: bin
Identifies a path to the user's profile. For example:
NTUserProfile: c:\u\d78\jsmith\profile.txt
Syntax: cis
ASCII string that represents the path to the user's logon script. For example:
NTUserScriptPath: c:\u\d78\jsmith\lscript.bat
Syntax: cis
Identifies the relative ID (RID) of the user. The RID uniquely identifies the user to SAM within the domain. For example:
NTUserUniqueId: 6AMAAA==
Syntax: bin
Identifies the number of equal length time units to divide the week into in order to compute the length of NTUserLogonHours. For example:
NTUserUnitsPerWeek: qAAAAA==
Syntax: bin
ASCII string representing a description or comments about this entry. For example:
NTUserComment: Quality control inspector for the ME2873 product line
Syntax: cis
ASCII string that represents the names of workstations from which the user may log on. Up to eight workstations may be specified by separating each with a comma. Use null to allow the user to log on from any workstation. For example:
NTUserWorkstations: firefly
Syntax: cis
Identifies the name of the organization. For example:
organizationName: Ace Industries, Inc.
or:
o: Ace Industries, Inc
Abbreviation: o
Syntax: cis
Identifies the name of an organizational unit. For example:
organizationUnitName: Marketing
or:
ou: Marketing
Abbreviation: ou
Syntax: cis
Identifies the distinguished name (DN) of the person responsible for the entry. For example:
owner: cn=John Smith, o=Netscape Communications Corp., c=US
Syntax: dn
Identifies the entry's pager phone number. For example:
pagerTelephoneNumber: 415-555-6789
or:
pager: 415-555-6789
Abbreviation: pager
Syntax: tel
Identifies the name of the city or village where a physical delivery office is located. For example:
physicalDeliveryOfficeName: Santa Clara
Syntax: cis
Identifies the entry's mailing address. This field is intended to include multiple lines. When represented in LDIF format, each line should be separated by a dollar sign ($). For example:
postalAddress: 1234 Ridgeway Drive$Santa Clara, CA$99555
Syntax: cis
To represent an actual dollar sign ($) or backslash (\) within this text, use the escaped hex values \24 and \5c respectively. For example, to represent the string:
The dollar ($) value can be found in the c:\cost file.
provide the string:
The dollar (\24) value can be found$in the c:\5ccost file.
Identifies the entry's zip code in the United States. For example:
postalCode: 95050
Syntax: cis
Identifies the entry's P.O. Box. For example:
postOfficeBox: P.O. Box 1234
Syntax: cis
Identifies the entry's preferred contact or delivery method. For example:
preferredDeliveryMethod: telephone
Syntax: cis
Identifies the DN that the server uses when communicating with a replica server. This DN can be assigned privileges. For example:
replicaBinddn: cn=replicator o=Netscape Communications Corp., c=US
Syntax: dn
This attribute is a Netscape extension to the standard LDAP schema.
Identifies the method of replication to be used. This attribute does not need to be present. If it is present it must be set to "simple." If it is not set to "simple" a warning is printed and replication will proceed as if it were "simple." For example:
replicaBindMethod: simple
Syntax: cis
This attribute is a Netscape extension to the standard LDAP schema.
Identifies the password to be used with the replicaBinddn sent to the consumer server. It is highly recommended that this attribute be specified with strict access controls. For example:
replicaCredentials: bogusPassword
Syntax: bin (plain text)
This attribute is a Netscape extension to the standard LDAP schema.
Identifies the host name of the consumer server. For example:
replicaHost: master.netscape.com
Syntax: cis
This attribute is a Netscape extension to the standard LDAP schema.
Identifies the port number of the consumer server. For example:
replicaPort: 9872
Syntax: cis
This attribute is a Netscape extension to the standard LDAP schema.
Identifies the DN for the subtree that is being replicated to the consumer machine. For example:
replicaRoot: o=Netscape Communications Corp., c=US
Syntax: dn
This attribute is a Netscape extension to the standard LDAP schema.
Identifies the day and time in zulu format when an update failed to complete successfully. If all updates have been successful, replicaUpdateFailedAt is blank. For example:
replicaUpdateFailedAt: 199603261300z
Syntax: cis
This attribute is a Netscape extension to the standard LDAP schema.
Identifies the change number of the last change propagated to the consumer server. This value is used internally between servers only.
Syntax: cis
This attribute is a Netscape extension to the standard LDAP schema.
Identifies the update schedule for the consumer server. If this attribute is not present, the consumer will be updated immediately. For example:
replicaUpdateSchedule: 0100-0400
replicaUpdateSchedule: * 06
replicaUpdateSchedule: 1145-1300 24
These values mean:
1:00 AM - 4:00 AM, daily
all day Saturday and Sunday
11:45 AM -1:00 PM, Tuesday and Thursday
Syntax: cis
This attribute is a Netscape extension to the standard LDAP schema.
Identifies whether SSL will be used to communicate with the consumer server. A non-zero value will cause SSL to be used. For example:
replicaUseSSL: 0
Syntax: cis
This attribute is a Netscape extension to the standard LDAP schema.
Identifies the entry's office number. For example:
roomNumber: 230
Syntax: cis
Identifies the entry's secretary or administrative assistant. For example:
secretary: Howard Benson
Syntax: cis
Identifies another directory server entry that may contain information related to this entry. For example:
seeAlso: cn=Quality Control Inspectors, ou=manufacturing, o=Ace Industry, c=US
Syntax: dn
Identifies the name of the host on which the Netscape server is installed. This attribute is a Netscape extension used by the netscapeServer object class. Normally this attribute and this attribute value is written to the directory when a Netscape server is initially installed. For example:
serverHostname: twain.aceindustry.com
Syntax: ces
Identifies the type of the installed Netscape server. This attribute is a Netscape extension used by the netscapeServer object class. Normally this attribute and this attribute value is written to the directory when a Netscape server is initially installed. For example:
serverProductName: Netscape Enterprise Server
Syntax: cis
Identifies the fully qualified path to the installation directory for a Netscape server. This attribute is a Netscape extension used by the netscapeServer object class. Normally this attribute and this attribute value is written to the directory when a Netscape server is initially installed. For example:
serverRoot: /usr/ns-home
Syntax: ces
Identifies the version number of the installed Netscape server. This attribute is a Netscape extension used by the netscapeServer object class. Normally this attribute and this attribute value is written to the directory when a Netscape server is initially installed. For example:
serverVersionNumber: 3.0
Syntax: cis
Identifies the state or province in which the entry resides. For example:
stateOrProvinceName: California
or:
st: California
Abbreviation: st
Syntax: cis
Identifies the entry's house number and street name. For example:
streetAddress: 1234 Ridgeway Drive
Syntax: cis
Stores the directory server access control information for this entry. For example:
subtreeACI: -(&(privilege=write)(!(target=ldap:///self)))
Syntax: ces
The subtreeACI attribute cannot contain end-of-line characters.
This attribute is a Netscape extension to the standard LDAP schema.
Identifies the entry's surname, or last name. For example:
surname: Anderson
or:
sn: Anderson
Abbreviation: sn
Syntax: cis
Identifies the entry's phone number. For example:
telephoneNumber: 415-555-2233
Syntax: tel
Identifies the entry's title. For example:
title: Senior QC Inspector
Syntax: cis
Identifies the entry's userid (that is, logon ID). For example:
userid: banderson
or:
uid: banderson
Abbreviation: uid
Syntax: cis
Identifies the entry's password and encryption method in the following format: {encryption method}encrypted password.
For example:
userPassword: {sha}FTSLQhxXpA05
Syntax: bin