Standards, RFCs, & Internet-DraftsOpenDJ software implements the following
RFCs, Internet-Drafts, and standards.RFC 1274:
The COSINE and Internet X.500 SchemaSupported standardsRFC 1274X.500 Directory Schema, or Naming Architecture, for use in the
COSINE and Internet X.500 pilots.RFC 1321:
The MD5 Message-Digest AlgorithmSupported standardsRFC 1321MD5 message-digest algorithm that takes as input a message of
arbitrary length and produces as output a 128-bit "fingerprint" or
"message digest" of the input.RFC 1777:
Lightweight Directory Access Protocol (LDAPv2)Supported standardsRFC 1777Provide access to the X.500 Directory while not incurring the
resource requirements of the Directory Access Protocol.Classified as an Historic document.RFC 1778:
The String Representation of Standard Attribute SyntaxesSupported standardsRFC 1778Defines the requirements that must be satisfied by encoding
rules used to render X.500 Directory attribute syntaxes into a form
suitable for use in the LDAP, then defines the encoding rules for the
standard set of attribute syntaxes.Classified as an Historic document.RFC 1779:
A String Representation of Distinguished NamesSupported standardsRFC 1779Defines a string format for representing names, which is designed
to give a clean representation of commonly used names, whilst being
able to represent any distinguished name.Classified as an Historic document.RFC 2079:
Definition of an X.500 Attribute Type and an Object Class to Hold
Uniform Resource Identifiers (URIs)Supported standardsRFC 2079Defines a new attribute type and an auxiliary object class to
allow URIs, including URLs, to be stored in directory entries in a
standard way.RFC 2222:
Simple Authentication and Security Layer (SASL)Supported standardsRFC 2222Describes a method for adding authentication support to
connection-based protocols.RFC 2246:
The TLS Protocol Version 1.0Supported standardsRFC 2246Specifies Version 1.0 of the Transport Layer Security
protocol.RFC 2247:
Using Domains in LDAP/X.500 Distinguished NamesSupported standardsRFC 2247Defines an algorithm by which a name registered with the Internet
Domain Name Service can be represented as an LDAP distinguished name.RFC 2251:
Lightweight Directory Access Protocol (v3)Supported standardsRFC 2251Describes a directory access protocol designed to provide access
to directories supporting the X.500 models, while not incurring the
resource requirements of the X.500 Directory Access Protocol.RFC 2252:
Lightweight Directory Access Protocol (v3): Attribute Syntax
DefinitionsSupported standardsRFC 2252Defines a set of syntaxes for LDAPv3, and the rules by which
attribute values of these syntaxes are represented as octet strings
for transmission in the LDAP protocol.RFC 2253:
Lightweight Directory Access Protocol (v3): UTF-8 String Representation
of Distinguished NamesSupported standardsRFC 2253Defines a common UTF-8 format to represent distinguished names
unambiguously.RFC 2254:
The String Representation of LDAP Search FiltersSupported standardsRFC 2254Defines the string format for representing names, which is designed
to give a clean representation of commonly used distinguished names,
while being able to represent any distinguished name.RFC 2255:
The LDAP URL FormatSupported standardsRFC 2255Describes a format for an LDAP Uniform Resource Locator.RFC 2256:
A Summary of the X.500(96) User Schema for use with LDAPv3Supported standardsRFC 2256Provides an overview of the attribute types and object classes
defined by the ISO and ITU-T committees in the X.500 documents, in
particular those intended for use by directory clients.RFC 2307:
An Approach for Using LDAP as a Network Information ServiceSupported standardsRFC 2307Describes an experimental mechanism for mapping entities related
to TCP/IP and the UNIX system into X.500 entries so that they may be
resolved with the Lightweight Directory Access Protocol.RFC 2377:
Naming Plan for Internet Directory-Enabled ApplicationsSupported standardsRFC 2377Proposes a new directory naming plan that leverages the strengths
of the most popular and successful Internet naming schemes for naming
objects in a hierarchical directory.RFC 2696:
LDAP Control Extension for Simple Paged Results ManipulationSupported standardsRFC 2696Allows a client to control the rate at which an LDAP server
returns the results of an LDAP search operation.RFC 2713:
Schema for Representing Java(tm) Objects in an LDAP DirectorySupported standardsRFC 2713Defines a common way for applications to store and retrieve Java
objects from the directory.RFC 2714:
Schema for Representing CORBA Object References in an LDAP
DirectorySupported standardsRFC 2714Define a common way for applications to store and retrieve CORBA
object references from the directory.RFC 2739:
Calendar Attributes for vCard and LDAPSupported standardsRFC 2739Defines a mechanism to locate a user calendar and free/busy time
using the LDAP protocol.RFC 2798:
Definition of the inetOrgPerson LDAP Object ClassSupported standardsRFC 2798Define an object class called inetOrgPerson for use in LDAP and
X.500 directory services that extends the X.521 standard
organizationalPerson class.RFC 2829:
Authentication Methods for LDAPSupported standardsRFC 2829Specifies particular combinations of security mechanisms which
are required and recommended in LDAP implementations.RFC 2830:
Lightweight Directory Access Protocol (v3): Extension for Transport
Layer SecuritySupported standardsRFC 2830Defines the "Start Transport Layer Security (TLS) Operation"
for LDAP.RFC 2849:
The LDAP Data Interchange Format (LDIF) - Technical
SpecificationSupported standardsRFC 2849LDIFSpecificationDescribes a file format suitable for describing directory
information or modifications made to directory information.RFC 2891:
LDAP Control Extension for Server Side Sorting of Search ResultsSupported standardsRFC 2891Describes two LDAPv3 control extensions for server side
sorting of search results.RFC 2926:
Conversion of LDAP Schemas to and from SLP TemplatesSupported standardsRFC 2926Describes a procedure for mapping between Service Location
Protocol service advertisements and lightweight directory access
protocol descriptions of services.RFC 3045:
Storing Vendor Information in the LDAP root DSESupported standardsRFC 3045Specifies two Lightweight Directory Access Protocol attributes,
vendorName and vendorVersion that MAY be included in the root
DSA-specific Entry (DSE) to advertise vendor-specific information.RFC 3062:
LDAP Password Modify Extended OperationSupported standardsRFC 3062Describes an LDAP extended operation to allow modification of
user passwords which is not dependent upon the form of the authentication
identity nor the password storage mechanism used.RFC 3112:
LDAP Authentication Password SchemaSupported standardsRFC 3112Describes schema in support of user/password authentication in
a LDAP directory including the authPassword attribute type. This
attribute type holds values derived from the user's password(s)
(commonly using cryptographic strength one-way hash).RFC 3377:
Lightweight Directory Access Protocol (v3): Technical
SpecificationSupported standardsRFC 3377Specifies the set of RFCs comprising the Lightweight Directory
Access Protocol Version 3 (LDAPv3), and addresses the "IESG Note"
attached to RFCs 2251 through 2256.RFC 3383:
Internet Assigned Numbers Authority (IANA) Considerations for the
Lightweight Directory Access Protocol (LDAP)Supported standardsRFC 3383Provides procedures for registering extensible elements
of the Lightweight Directory Access Protocol (LDAP).RFC 3546:
Transport Layer Security (TLS) ExtensionsSupported standardsRFC 3546Describes extensions that may be used to add functionality to
Transport Layer Security.RFC 3671:
Collective Attributes in the Lightweight Directory Access Protocol
(LDAP)Supported standardsRFC 3671Summarizes the X.500 information model for collective attributes
and describes use of collective attributes in LDAP.RFC 3672:
Subentries in the Lightweight Directory Access Protocol
(LDAP)Supported standardsRFC 3672Adapts X.500 subentries mechanisms for use with the Lightweight
Directory Access Protocol (LDAP).RFC 3673:
Lightweight Directory Access Protocol version 3 (LDAPv3): All Operational
AttributesSupported standardsRFC 3673Describes an LDAP extension which clients may use to request the
return of all operational attributes.RFC 3674:
Feature Discovery in Lightweight Directory Access Protocol
(LDAP)Supported standardsRFC 3674Introduces a general mechanism for discovery of elective features
and extensions which cannot be discovered using existing mechanisms.RFC 3771:
Lightweight Directory Access Protocol (LDAP) Intermediate Response
MessageSupported standardsRFC 3771Defines and describes the IntermediateResponse message, a general
mechanism for defining single-request/multiple-response operations in
Lightweight Directory Access Protocol.RFC 3829:
Lightweight Directory Access Protocol (LDAP) Authorization Identity
Request and Response ControlsSupported standardsRFC 3829Extends the Lightweight Directory Access Protocol bind operation
with a mechanism for requesting and returning the authorization identity
it establishes.RFC 3876:
Returning Matched Values with the Lightweight Directory Access Protocol
version 3 (LDAPv3)Supported standardsRFC 3876Describes a control for the Lightweight Directory Access Protocol
version 3 that is used to return a subset of attribute values from an
entry.RFC 3909:
Lightweight Directory Access Protocol (LDAP) Cancel OperationSupported standardsRFC 3909Describes a Lightweight Directory Access Protocol extended operation
to cancel (or abandon) an outstanding operation, with a response to
indicate the outcome of the operation.RFC 4346:
The Transport Layer Security (TLS) Protocol Version 1.1Supported standardsRFC 4346Specifies Version 1.1 of the Transport Layer Security
protocol.RFC 4370:
Lightweight Directory Access Protocol (LDAP) Proxied Authorization
ControlSupported standardsRFC 4370Defines the Proxy Authorization Control, that allows a client
to request that an operation be processed under a provided authorization
identity instead of under the current authorization identity associated
with the connection.RFC 4403:
Lightweight Directory Access Protocol (LDAP) Schema for Universal
Description, Discovery, and Integration version 3 (UDDIv3)Supported standardsRFC 4403Defines the Lightweight Directory Access Protocol schema for
representing Universal Description, Discovery, and Integration
data types in an LDAP directory.RFC 4422:
Simple Authentication and Security Layer (SASL)Supported standardsRFC 4422Describes a framework for providing authentication and data
security services in connection-oriented protocols via replaceable
mechanisms.RFC 4505:
Anonymous Simple Authentication and Security Layer (SASL)
MechanismSupported standardsRFC 4505Describes a new way to provide anonymous login is needed
within the context of the Simple Authentication and Security
Layer framework.RFC 4510:
Lightweight Directory Access Protocol (LDAP): Technical Specification
Road MapSupported standardsRFC 4510Provides a road map of the LDAP Technical Specification.RFC 4511:
Lightweight Directory Access Protocol (LDAP): The ProtocolSupported standardsRFC 4511Describes the protocol elements, along with their semantics and
encodings, of the Lightweight Directory Access Protocol.RFC 4512:
Lightweight Directory Access Protocol (LDAP): Directory Information
ModelsSupported standardsRFC 4512Describes the X.500 Directory Information Models as used in
LDAP.RFC 4513:
Lightweight Directory Access Protocol (LDAP): Authentication Methods
and Security MechanismsSupported standardsRFC 4513Describes authentication methods and security mechanisms of the
Lightweight Directory Access Protocol.RFC 4514:
Lightweight Directory Access Protocol (LDAP): String Representation of
Distinguished NamesSupported standardsRFC 4514Defines the string representation used in the Lightweight Directory
Access Protocol to transfer distinguished names.RFC 4515:
Lightweight Directory Access Protocol (LDAP): String Representation
of Search FiltersSupported standardsRFC 4515Defines a human-readable string representation of LDAP search
filters that is appropriate for use in LDAP URLs and in other
applications.RFC 4516:
Lightweight Directory Access Protocol (LDAP): Uniform Resource
LocatorSupported standardsRFC 4516Describes a format for a Lightweight Directory Access Protocol
Uniform Resource Locator.RFC 4517:
Lightweight Directory Access Protocol (LDAP): Syntaxes and Matching
RulesSupported standardsRFC 4517Defines a base set of syntaxes and matching rules for use in
defining attributes for LDAP directories.RFC 4518:
Lightweight Directory Access Protocol (LDAP): Internationalized
String PreparationSupported standardsRFC 4518Defines string preparation algorithms for character-based matching
rules defined for use in LDAP.RFC 4519:
Lightweight Directory Access Protocol (LDAP): Schema for User
ApplicationsSupported standardsRFC 4519Provides a technical specification of attribute types and object
classes intended for use by LDAP directory clients for many directory
services, such as White Pages.RFC 4524:
COSINE LDAP/X.500 SchemaSupported standardsRFC 4524Provides a collection of schema elements for use with the
Lightweight Directory Access Protocol from the COSINE and Internet
X.500 pilot projects.RFC 4525:
Lightweight Directory Access Protocol (LDAP) Modify-Increment
ExtensionSupported standardsRFC 4525Describes an extension to the Lightweight Directory Access
Protocol Modify operation to support an increment capability.RFC 4526:
Lightweight Directory Access Protocol (LDAP) Absolute True and False
FiltersSupported standardsRFC 4526Extends the Lightweight Directory Access Protocol to support
absolute True and False filters based upon similar capabilities found
in X.500 directory systems.RFC 4527:
Lightweight Directory Access Protocol (LDAP) Read Entry
ControlsSupported standardsRFC 4527Specifies an extension to the Lightweight Directory Access
Protocol to allow the client to read the target entry of an update
operation.RFC 4528:
Lightweight Directory Access Protocol (LDAP) Assertion
ControlSupported standardsRFC 4528Defines the Lightweight Directory Access Protocol Assertion
Control, which allows a client to specify that a directory operation
should only be processed if an assertion applied to the target entry
of the operation is true.RFC 4529:
Requesting Attributes by Object Class in the Lightweight Directory
Access Protocol (LDAP)Supported standardsRFC 4529Extends LDAP to support a mechanism that LDAP clients may use to
request the return of all attributes of an object class.RFC 4530:
Lightweight Directory Access Protocol (LDAP) entryUUID Operational
AttributeSupported standardsRFC 4530Describes the LDAP/X.500 'entryUUID' operational attribute and
associated matching rules and syntax.RFC 4532:
Lightweight Directory Access Protocol (LDAP) "Who am I?"
OperationSupported standardsRFC 4532Provides a mechanism for Lightweight Directory Access Protocol
clients to obtain the authorization identity the server has associated
with the user or application entity.RFC 4616:
The PLAIN Simple Authentication and Security Layer (SASL)
MechanismSupported standardsRFC 4616Defines a simple clear-text user/password Simple Authentication
and Security Layer mechanism called the PLAIN mechanism.RFC 4634:
US Secure Hash Algorithms (SHA and HMAC-SHA)Supported standardsRFC 4634Specifies Secure Hash Algorithms, SHA-256, SHA-384, and SHA-512,
for computing a condensed representation of a message or a data file.RFC 4752:
The Kerberos V5 ("GSSAPI") Simple Authentication and Security Layer
(SASL) MechanismSupported standardsRFC 4752Describes the method for using the Generic Security
Service Application Program Interface (GSS-API) Kerberos V5 in the
Simple Authentication and Security Layer, called the GSSAPI mechanism.RFC 4876:
A Configuration Profile Schema for Lightweight Directory Access Protocol
(LDAP)-Based AgentsSupported standardsRFC 4876Defines a schema for storing a profile for agents that make use
of the Lightweight Directory Access protocol (LDAP).RFC 5020:
The Lightweight Directory Access Protocol (LDAP) entryDN Operational
AttributeSupported standardsRFC 5020Describes the Lightweight Directory Access Protocol
(LDAP) / X.500 'entryDN' operational attribute, that
provides a copy of the entry's distinguished name for use in
attribute value assertions.FIPS 180-1: Secure Hash Standard (SHA-1)Supported standardsFIPS 180-1Specifies a Secure Hash Algorithm, SHA-1, for computing a condensed
representation of a message or a data file.FIPS 180-2: Secure Hash Standard (SHA-1, SHA-256, SHA-384,
SHA-512)Supported standardsFIPS 180-2Specifies four Secure Hash Algorithms for computing a condensed
representation of electronic data.DSMLv2: Directory Service Markup LanguageSupported standardsDSMLv2Provides a method for expressing directory queries and updates as
XML documents.JavaScript Object NotationSupported standardsJSONA data-interchange format that aims to be both "easy for humans to
read and write," and also "easy for machines to parse and generate."Simple Cloud Identity Management: Core Schema 1.0Supported standardsSCIM Core Schema 1.0Platform neutral schema and extension model for representing users
and groups in JSON and XML formats. OpenDJ supports the JSON formats.