As per Relevance of the word represent, we have this rfc below:
Network Working Group S.
Request for Comments: 2247 Isode Ltd
Category: Standards Track M.
Critical Angle Inc
A.
AT&
R.
AT&
S.
AT&
January 1998
Using Domains in LDAP/X.500 Distinguished
Status of this
This document specifies an Internet standards track protocol for
Internet community, and requests discussion and suggestions
improvements. Please refer to the current edition of the "
Official Protocol Standards" (STD 1) for the standardization
and status of this protocol. Distribution of this memo is unlimited
Copyright
Copyright (C) The Internet Society (1998). All Rights Reserved
1.
The Lightweight Directory Access Protocol (LDAP) uses X.500-
compatible distinguished names [3] for providing
identification of entries
This document defines an algorithm by which a name registered
the Internet Domain Name Service [2] can be represented as an
distinguished name
2.
The Domain (Nameserver) System (DNS) provides a hierarchical
labeling system. A name is made up of an ordered set of components
each of which are short strings. An example domain name with
components would be "CRITICAL-ANGLE.COM".
Kille, et. al. Standards Track [Page 1]
RFC 2247 Using Domains in LDAP/X.500 January 1998
LDAP-based directories provide a more general hierarchical
framework. A primary difference in specification of
names from domain names is that each component of an
name has an explicit attribute type indication
X.500 does not mandate any particular naming structure. It
contain suggested naming structures which are based on geographic
national regions, however there is not currently an
registration infrastructure in many regions which would be able
assign or ensure uniqueness of names
The mechanism described in this document automatically provides
enterprise a distinguished name for each domain name it has
for use in the Internet. These distinguished names may be used
identify objects in an LDAP directory
An example distinguished name represented in the LDAP string
[3] is "DC=CRITICAL-ANGLE,DC=COM". As with a domain name, the
significant component, closest to the root of the namespace,
written last
This document does not define how to represent objects which do
have domain names. Nor does this document define the procedure
locate an enterprise's LDAP directory server, given their
name. Such procedures may be defined in future RFCs
3. Mapping Domain Names into Distinguished
This section defines a subset of the possible distinguished
structures for use in representing names allocated in the
Domain Name System. It is possible to algorithmically transform
Internet domain name into a distinguished name, and to convert
distinguished names back into the original domain names
The algorithm for transforming a domain name is to begin with
empty distinguished name (DN) and then attach Relative
Names (RDNs) for each component of the domain, most significant (e.g
rightmost) first. Each of these RDNs is a
AttributeTypeAndValue, where the type is the attribute "DC" and
value is an IA5 string containing the domain name component
Thus the domain name "CS.UCL.AC.UK" can be transformed
DC=CS,DC=UCL,DC=AC,DC=
Kille, et. al. Standards Track [Page 2]
RFC 2247 Using Domains in LDAP/X.500 January 1998
Distinguished names in which there are one or more RDNs,
containing only the attribute type DC, can be mapped back into
names. Note that this document does not define a domain
equivalence for any other distinguished names
4. Attribute Type
The DC (short for domainComponent) attribute type is defined
follows
( 0.9.2342.19200300.100.1.25 NAME 'dc' EQUALITY caseIgnoreIA5
SUBSTR caseIgnoreIA5
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
The value of this attribute is a string holding one component of
domain name. The encoding of IA5String for use in LDAP is simply
characters of the string itself. The equality matching rule is
insensitive, as is today's DNS
5. Object Class
An object with a name derived from its domain name using
algorithm of section 3 is represented as an entry in the directory
The "DC" attribute is present in the entry and used as the RDN
An attribute can only be present in an entry held by an LDAP
when that attribute is permitted by the entry's object class
This section defines two object classes. The first, dcObject,
intended to be used in entries for which there is an
structural object class. For example, if the domain represents
particular organization, the entry would have as its
object class 'organization', and the 'dcObject' class would be
auxiliary class. The second, domain, is a structural object
used for entries in which no other information is being stored.
domain object class is typically used for entries that
placeholders or whose domains do not correspond to real-
entities
5.1. The dcObject object
The dcObject object class permits the dc attribute to be present
an entry. This object class is defined as auxiliary, as it
typically be used in conjunction with an existing structural
class, such as organization, organizationalUnit or locality
The following object class, along with the dc attribute, can be
to any entry
Kille, et. al. Standards Track [Page 3]
RFC 2247 Using Domains in LDAP/X.500 January 1998
( 1.3.6.1.4.1.1466.344 NAME 'dcObject' SUP top AUXILIARY MUST dc )
An example entry would be
dn: dc=critical-angle,dc=
objectClass:
objectClass:
objectClass:
dc: critical-
o: Critical Angle Inc
5.2. The domain object
If the entry does not correspond to an organization,
unit or other type of object for which an object class has
defined, then the "domain" object class can be used. The "domain
object class requires that the "DC" attribute be present, and
several other attributes to be present in the entry
The entry will have as its structural object class the "domain
object class
( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top
MUST
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l $ description $ o $
associatedName ) )
The optional attributes of the domain class are used for
the object represented by this domain, and may also be useful
searching. These attributes are already defined for use with
[4].
An example entry would be
dn: dc=tcp,dc=critical-angle,dc=
objectClass:
objectClass:
dc:
description: a placeholder entry used with SRV
The DC attribute is used for naming entries of the domain class,
this can be represented in X.500 servers by the following name
rule
Kille, et. al. Standards Track [Page 4]
RFC 2247 Using Domains in LDAP/X.500 January 1998
( 1.3.6.1.4.1.1466.345 NAME 'domainNameForm' OC domain MUST ( dc ) )
6.
[1] The Directory: Selected Attribute Types. ITU-T
X.520, 1993.
[2] Mockapetris, P., " Domain Names - Concepts and Facilities,"
STD 13, RFC 1034, November 1987.
[3] Kille, S., and M. Wahl, " Lightweight Directory Access
(v3): UTF-8 String Representation of Distinguished Names",
2253, December 1997.
[4] Wahl, M., "A Summary of the X.500(96) User Schema for use
LDAP", RFC 2256, December 1997.
7. Security
This memo describes how attributes of objects may be discovered
retrieved. Servers should ensure that an appropriate security
is maintained
An enterprise is not restricted in the information which it may
in DNS or LDAP servers. A client which contacts an untrusted
may have incorrect or misleading information returned (e.g.
organization's server may claim to hold naming contexts
domain names which have not been delegated to that organization).
8. Authors'
Steve
Isode Ltd
The
The
Richmond,
TW9 1
Phone: +44-181-332-9091
EMail: S.Kille@ISODE.
Kille, et. al. Standards Track [Page 5]
RFC 2247 Using Domains in LDAP/X.500 January 1998
Mark
Critical Angle Inc
4815 W. Braker Lane #502-385
Austin, TX 78759
Phone: (1) 512 372 3160
EMail: M.Wahl@critical-angle.
Al
AT&
Room 1C-429, 101 Crawfords Corner
Holmdel, NJ 07733-3030
EMail: alg@att.
Rick
AT&
Room 1B-433, 101 Crawfords Corner
Holmdel, NJ 07733-3030
EMail: rvh@att.
Sri
AT&
Room 4G-202, 101 Crawfords Corner
Holmdel, NJ 07733-3030
EMail: sri@att.
Kille, et. al. Standards Track [Page 6]
RFC 2247 Using Domains in LDAP/X.500 January 1998
9. Full Copyright
Copyright (C) The Internet Society (1998). All Rights Reserved
This document and translations of it may be copied and furnished
others, and derivative works that comment on or otherwise explain
or assist in its implementation may be prepared, copied,
and distributed, in whole or in part, without restriction of
kind, provided that the above copyright notice and this paragraph
included on all such copies and derivative works. However,
document itself may not be modified in any way, such as by
the copyright notice or references to the Internet Society or
Internet organizations, except as needed for the purpose
developing Internet standards in which case the procedures
copyrights defined in the Internet Standards process must
followed, or as required to translate it into languages other
English
The limited permissions granted above are perpetual and will not
revoked by the Internet Society or its successors or assigns
This document and the information contained herein is provided on
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED,
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
Kille, et. al. Standards Track [Page 7]
if you see any problems within the linking, don't worry be happy,
this is version 0.1 of the Relevance System and you gotta expect some crappy subroutines sometimes,
just be content we did not write this in Java, which would have made this "bigger and better" HAHAHHA.
RFC documents can be found at I.E.T.F.
Relevance System Copyright © 2002 Spectrum WorldResearch
other technical nosh by ServerMasters Corporation
collaboration of BobX
