Skip to main content

3.3. Syntax Definitions (A-J)

3.3.1. Attribute Type Description

A value of the Attribute Type Description syntax is the definition of an attribute type. The LDAP-specific encoding of a value of this syntax is defined by the <AttributeTypeDescription> rule in [RFC4512].

For example, the following definition of the createTimestamp attribute type from [RFC4512] is also a value of the Attribute Type Description syntax. (Note: Line breaks have been added for readability; they are not part of the value when transferred in protocol.)

( 2.5.18.1 NAME 'createTimestamp'
   EQUALITY generalizedTimeMatch
   ORDERING generalizedTimeOrderingMatch
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
   SINGLE-VALUE NO-USER-MODIFICATION
   USAGE directoryOperation )

The LDAP definition for the Attribute Type Description syntax is:

( 1.3.6.1.4.1.1466.115.121.1.3 DESC 'Attribute Type Description' )

This syntax corresponds to the AttributeTypeDescription ASN.1 type from [X.501].

3.3.2. Bit String

A value of the Bit String syntax is a sequence of binary digits. The LDAP-specific encoding of a value of this syntax is defined by the following ABNF:

BitString    = SQUOTE *binary-digit SQUOTE "B"
binary-digit = "0" / "1"

The <SQUOTE> rule is defined in [RFC4512].

Example: '0101111101'B

The LDAP definition for the Bit String syntax is:

( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' )

This syntax corresponds to the BIT STRING ASN.1 type from [ASN.1].

3.3.3. Boolean

A value of the Boolean syntax is one of the Boolean values, true or false. The LDAP-specific encoding of a value of this syntax is defined by the following ABNF:

Boolean = "TRUE" / "FALSE"

The LDAP definition for the Boolean syntax is:

( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' )

This syntax corresponds to the BOOLEAN ASN.1 type from [ASN.1].

3.3.4. Country String

A value of the Country String syntax is one of the two-character codes from ISO 3166 [ISO3166] for representing a country. The LDAP-specific encoding of a value of this syntax is defined by the following ABNF:

CountryString  = 2(PrintableCharacter)

The <PrintableCharacter> rule is defined in Section 3.2.

Examples:

US
AU

The LDAP definition for the Country String syntax is:

( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' )

This syntax corresponds to the following ASN.1 type from [X.520]:

PrintableString (SIZE (2)) -- ISO 3166 codes only

3.3.5. Delivery Method

A value of the Delivery Method syntax is a sequence of items that indicate, in preference order, the service(s) by which an entity is willing and/or capable of receiving messages. The LDAP-specific encoding of a value of this syntax is defined by the following ABNF:

DeliveryMethod = pdm *( WSP DOLLAR WSP pdm )

pdm = "any" / "mhs" / "physical" / "telex" / "teletex" /
      "g3fax" / "g4fax" / "ia5" / "videotex" / "telephone"

The <WSP> and <DOLLAR> rules are defined in [RFC4512].

Example: telephone $ videotex

The LDAP definition for the Delivery Method syntax is:

( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' )

This syntax corresponds to the following ASN.1 type from [X.520]:

SEQUENCE OF INTEGER {
    any-delivery-method     (0),
    mhs-delivery            (1),
    physical-delivery       (2),
    telex-delivery          (3),
    teletex-delivery        (4),
    g3-facsimile-delivery   (5),
    g4-facsimile-delivery   (6),
    ia5-terminal-delivery   (7),
    videotex-delivery       (8),
    telephone-delivery      (9) }

3.3.6. Directory String

A value of the Directory String syntax is a string of one or more arbitrary characters from the Universal Character Set (UCS) [UCS]. A zero-length character string is not permitted. The LDAP-specific encoding of a value of this syntax is the UTF-8 encoding [RFC3629] of the character string. Such encodings conform to the following ABNF:

DirectoryString = 1*UTF8

The <UTF8> rule is defined in [RFC4512].

Example: This is a value of Directory String containing #!%#@.

Servers and clients MUST be prepared to receive arbitrary UCS code points, including code points outside the range of printable ASCII and code points not presently assigned to any character.

Attribute type definitions using the Directory String syntax should not restrict the format of Directory String values, e.g., by requiring that the character string conforms to specific patterns described by ABNF. A new syntax should be defined in such cases.

The LDAP definition for the Directory String syntax is:

( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'Directory String' )

This syntax corresponds to the DirectoryString parameterized ASN.1 type from [X.520].

The DirectoryString ASN.1 type allows a choice between the TeletexString, PrintableString, or UniversalString ASN.1 types from [ASN.1]. However, note that the chosen alternative is not indicated in the LDAP-specific encoding of a Directory String value.

Implementations that convert Directory String values from the LDAP-specific encoding to the BER encoding used by X.500 must choose an alternative that permits the particular characters in the string and must convert the characters from the UTF-8 encoding into the character encoding of the chosen alternative. When converting Directory String values from the BER encoding to the LDAP-specific encoding, the characters must be converted from the character encoding of the chosen alternative into the UTF-8 encoding. These conversions SHOULD be done in a manner consistent with the Transcode step of the string preparation algorithms [RFC4518] for LDAP.

3.3.7. DIT Content Rule Description

A value of the DIT Content Rule Description syntax is the definition of a DIT (Directory Information Tree) content rule. The LDAP-specific encoding of a value of this syntax is defined by the <DITContentRuleDescription> rule in [RFC4512].

Example:

( 2.5.6.4 DESC 'content rule for organization'
   NOT ( x121Address $ telexNumber ) )

Note: A line break has been added for readability; it is not part of the value.

The LDAP definition for the DIT Content Rule Description syntax is:

( 1.3.6.1.4.1.1466.115.121.1.16
   DESC 'DIT Content Rule Description' )

This syntax corresponds to the DITContentRuleDescription ASN.1 type from [X.501].

3.3.8. DIT Structure Rule Description

A value of the DIT Structure Rule Description syntax is the definition of a DIT structure rule. The LDAP-specific encoding of a value of this syntax is defined by the <DITStructureRuleDescription> rule in [RFC4512].

Example: ( 2 DESC 'organization structure rule' FORM 2.5.15.3 )

The LDAP definition for the DIT Structure Rule Description syntax is:

( 1.3.6.1.4.1.1466.115.121.1.17
   DESC 'DIT Structure Rule Description' )

This syntax corresponds to the DITStructureRuleDescription ASN.1 type from [X.501].

3.3.9. DN

A value of the DN syntax is the (purported) distinguished name (DN) of an entry [RFC4512]. The LDAP-specific encoding of a value of this syntax is defined by the <distinguishedName> rule from the string representation of distinguished names [RFC4514].

Examples (from [RFC4514]):

UID=jsmith,DC=example,DC=net
OU=Sales+CN=J. Smith,DC=example,DC=net
CN=John Smith\, III,DC=example,DC=net
CN=Before\0dAfter,DC=example,DC=net
1.3.6.1.4.1.1466.0=#04024869,DC=example,DC=com
CN=Lu\C4\8Di\C4\87

The LDAP definition for the DN syntax is:

( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'DN' )

The DN syntax corresponds to the DistinguishedName ASN.1 type from [X.501]. Note that a BER encoded distinguished name (as used by X.500) re-encoded into the LDAP-specific encoding is not necessarily reversible to the original BER encoding since the chosen string type in any DirectoryString components of the distinguished name is not indicated in the LDAP-specific encoding of the distinguished name (see Section 3.3.6).

3.3.10. Enhanced Guide

A value of the Enhanced Guide syntax suggests criteria, which consist of combinations of attribute types and filter operators, to be used in constructing filters to search for entries of particular object classes. The Enhanced Guide syntax improves upon the Guide syntax by allowing the recommended depth of the search to be specified.

The LDAP-specific encoding of a value of this syntax is defined by the following ABNF:

EnhancedGuide = object-class SHARP WSP criteria WSP
                   SHARP WSP subset
object-class  = WSP oid WSP
subset        = "baseobject" / "oneLevel" / "wholeSubtree"

criteria   = and-term *( BAR and-term )
and-term   = term *( AMPERSAND term )
term       = EXCLAIM term /
             attributetype DOLLAR match-type /
             LPAREN criteria RPAREN /
             true /
             false
match-type = "EQ" / "SUBSTR" / "GE" / "LE" / "APPROX"
true       = "?true"
false      = "?false"
BAR        = %x7C  ; vertical bar ("|")
AMPERSAND  = %x26  ; ampersand ("&")
EXCLAIM    = %x21  ; exclamation mark ("!")

The <SHARP>, <WSP>, <oid>, <LPAREN>, <RPAREN>, <attributetype>, and <DOLLAR> rules are defined in [RFC4512].

The LDAP definition for the Enhanced Guide syntax is:

( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' )

Example: person#(sn$EQ)#oneLevel

The Enhanced Guide syntax corresponds to the EnhancedGuide ASN.1 type from [X.520]. The EnhancedGuide type references the Criteria ASN.1 type, also from [X.520]. The <true> rule, above, represents an empty "and" expression in a value of the Criteria type. The <false> rule, above, represents an empty "or" expression in a value of the Criteria type.

3.3.11. Facsimile Telephone Number

A value of the Facsimile Telephone Number syntax is a subscriber number of a facsimile device on the public switched telephone network. The LDAP-specific encoding of a value of this syntax is defined by the following ABNF:

fax-number       = telephone-number *( DOLLAR fax-parameter )
telephone-number = PrintableString
fax-parameter    = "twoDimensional" /
                   "fineResolution" /
                   "unlimitedLength" /
                   "b4Length" /
                   "a3Width" /
                   "b4Width" /
                   "uncompressed"

The <telephone-number> is a string of printable characters that complies with the internationally agreed format for representing international telephone numbers [E.123]. The <PrintableString> rule is defined in Section 3.2. The <DOLLAR> rule is defined in [RFC4512].

The LDAP definition for the Facsimile Telephone Number syntax is:

( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'Facsimile Telephone Number')

The Facsimile Telephone Number syntax corresponds to the FacsimileTelephoneNumber ASN.1 type from [X.520].

3.3.12. Fax

A value of the Fax syntax is an image that is produced using the Group 3 facsimile process [FAX] to duplicate an object, such as a memo. The LDAP-specific encoding of a value of this syntax is the string of octets for a Group 3 Fax image as defined in [FAX].

The LDAP definition for the Fax syntax is:

( 1.3.6.1.4.1.1466.115.121.1.23 DESC 'Fax' )

The ASN.1 type corresponding to the Fax syntax is defined as follows, assuming EXPLICIT TAGS:

Fax ::= CHOICE {
  g3-facsimile  [3] G3FacsimileBodyPart
}

The G3FacsimileBodyPart ASN.1 type is defined in [X.420].

3.3.13. Generalized Time

A value of the Generalized Time syntax is a character string representing a date and time. The LDAP-specific encoding of a value of this syntax is a restriction of the format defined in [ISO8601], and is described by the following ABNF:

GeneralizedTime = century year month day hour
                     [ minute [ second / leap-second ] ]
                     [ fraction ]
                     g-time-zone

century = 2(%x30-39) ; "00" to "99"
year    = 2(%x30-39) ; "00" to "99"
month   =   ( %x30 %x31-39 ) ; "01" (January) to "09"
          / ( %x31 %x30-32 ) ; "10" to "12"
day     =   ( %x30 %x31-39 )    ; "01" to "09"
          / ( %x31-32 %x30-39 ) ; "10" to "29"
          / ( %x33 %x30-31 )    ; "30" to "31"
hour    = ( %x30-31 %x30-39 ) / ( %x32 %x30-33 ) ; "00" to "23"
minute  = %x30-35 %x30-39                        ; "00" to "59"

second      = ( %x30-35 %x30-39 ) ; "00" to "59"
leap-second = ( %x36 %x30 )       ; "60"

fraction        = ( DOT / COMMA ) 1*(%x30-39)
g-time-zone     = %x5A  ; "Z"
                  / g-differential
g-differential  = ( MINUS / PLUS ) hour [ minute ]
MINUS           = %x2D  ; minus sign ("-")

The <DOT>, <COMMA>, and <PLUS> rules are defined in [RFC4512].

The above ABNF allows character strings that do not represent valid dates (in the Gregorian calendar) and/or valid times (e.g., February 31, 1994). Such character strings SHOULD be considered invalid for this syntax.

The time value represents coordinated universal time (equivalent to Greenwich Mean Time) if the "Z" form of <g-time-zone> is used; otherwise, the value represents a local time in the time zone indicated by <g-differential>. In the latter case, coordinated universal time can be calculated by subtracting the differential from the local time. The "Z" form of <g-time-zone> SHOULD be used in preference to <g-differential>.

If <minute> is omitted, then <fraction> represents a fraction of an hour; otherwise, if <second> and <leap-second> are omitted, then <fraction> represents a fraction of a minute; otherwise, <fraction> represents a fraction of a second.

Examples:

199412161032Z
199412160532-0500

Both example values represent the same coordinated universal time: 10:32 AM, December 16, 1994.

The LDAP definition for the Generalized Time syntax is:

( 1.3.6.1.4.1.1466.115.121.1.24 DESC 'Generalized Time' )

This syntax corresponds to the GeneralizedTime ASN.1 type from [ASN.1], with the constraint that local time without a differential SHALL NOT be used.

3.3.14. Guide

A value of the Guide syntax suggests criteria, which consist of combinations of attribute types and filter operators, to be used in constructing filters to search for entries of particular object classes. The Guide syntax is obsolete and should not be used for defining new attribute types.

The LDAP-specific encoding of a value of this syntax is defined by the following ABNF:

Guide = [ object-class SHARP ] criteria

The <object-class> and <criteria> rules are defined in Section 3.3.10. The <SHARP> rule is defined in [RFC4512].

The LDAP definition for the Guide syntax is:

( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' )

The Guide syntax corresponds to the Guide ASN.1 type from [X.520].

3.3.15. IA5 String

A value of the IA5 String syntax is a string of zero, one, or more characters from International Alphabet 5 (IA5) [T.50], the international version of the ASCII character set. The LDAP-specific encoding of a value of this syntax is the unconverted string of characters, which conforms to the <IA5String> rule in Section 3.2.

The LDAP definition for the IA5 String syntax is:

( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5 String' )

This syntax corresponds to the IA5String ASN.1 type from [ASN.1].

3.3.16. Integer

A value of the Integer syntax is a whole number of unlimited magnitude. The LDAP-specific encoding of a value of this syntax is the optionally signed decimal digit character string representation of the number (for example, the number 1321 is represented by the character string "1321"). The encoding is defined by the following ABNF:

Integer = ( HYPHEN LDIGIT *DIGIT ) / number

The <HYPHEN>, <LDIGIT>, <DIGIT>, and <number> rules are defined in [RFC4512].

The LDAP definition for the Integer syntax is:

( 1.3.6.1.4.1.1466.115.121.1.27 DESC 'INTEGER' )

This syntax corresponds to the INTEGER ASN.1 type from [ASN.1].

3.3.17. JPEG

A value of the JPEG syntax is an image in the JPEG File Interchange Format (JFIF), as described in [JPEG]. The LDAP-specific encoding of a value of this syntax is the sequence of octets of the JFIF encoding of the image.

The LDAP definition for the JPEG syntax is:

( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' )

The JPEG syntax corresponds to the following ASN.1 type:

JPEG ::= OCTET STRING (CONSTRAINED BY
             { -- contents octets are an image in the --
               -- JPEG File Interchange Format -- })
Last updated on