| Internet-Draft | Abbreviated Title | February 2025 |
| Codère | Expires 8 August 2025 | [Page] |
This document registers additional syntax definitions for use in Lightweight Directory Access Protocol (LDAP) directory and Directoy services series X.500. This includes widely used datatypes and syntaxes.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 8 August 2025.¶
Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.¶
The Lightweight Directory Access Protocol (LDAP) directory defines several data types which specify the syntax definitions of attributes. These are identified by ASN.1 OBJECT IDENTIFIERS. Furthermore, these syntax definitions could be used to uniquely identify data types as character representations in other applications. Some widely used syntax specifications are missing from the initial LDAP specification. This document provides additional syntax definitions that have been registered and may be used by application providers.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
Syntax definitions are written according to the regular expressions defined in [RFC9485].¶
The following additional syntaxes and their associated descriptions and OBJECT IDENTIFIER are defined.¶
The following additional syntaxes are defined and are based on [ASN.1].¶
The Date type represents a date in the Gregorian calender. It is defined as a useful TIME type in [ASN.1] and conforms to the extended format syntax of a calendar date as defined in [ISO.8601.2004].¶
A Date value SHALL be written using the following syntax: YYYY-MM-DD where YYYY represents a year between 1582 and 9999, MM the month value from 01 to 12 and DD a day in the month from 01 to 31.¶
Examples¶
The LDAP definition for the Date syntax is:¶
This syntax corresponds to the DATE ASN.1 type from [ASN.1].¶
The Date-time type represents a date and local time using a 24 hour clock. It is defined as a useful TIME type in [ASN.1] and conforms to the extended format syntax of a date and time without any timezone specifier as defined in [ISO.8601.2004].¶
A Date-Time value SHALL be written using the following syntax: YYYY-MM-DDThh:mm:ss where YYYY represents a year between 1582 and 9999, MM the month value from 01 to 12, DD a day in the month from 01 to 31, hh the hour from 00 to 24, mm the minute from 00 to 59, and ss the seconnds with allowed values of 00 to 60 where 60 represents a leap second¶
Examples¶
The LDAP definition for the Date-Time syntax is:¶
This syntax corresponds to the DATE-TIME ASN.1 type from [ASN.1].¶
The Duration type represents an elapsed time with a resolution of up to a fractions of seconds. It is defined as a useful TIME type in [ASN.1] and conforms to the extended format syntax of a time interval by duration as defined in [ISO.8601.2004].¶
A duration syntax value SHALL conform to the following regular expression¶
P([0-9]+Y)?([0-9]+M)?([0-9]+D)?(T([0-9]+H)?([0-9]+M)?([0-9]+(\.[0-9]+)?S)?)?¶
Examples¶
The LDAP definition for the Duration syntax is:¶
This syntax corresponds to a very strict subset of DURATION ASN.1 type from [ASN.1], in that the order of parameters need to be respected.¶
The Real type represents the computational approximations to the mathematical "real number". The format for the Real is as defined in Section 21 of [ASN.1].¶
A Real syntax value SHALL conform to the following regular expression¶
([-]?[0-9]*\.?[0-9]+([eE][-+]?[0-9]+)?)|PLUS-INFINITY|MINUS-INFINITY|NOT-A-NUMBER¶
Examples¶
The LDAP definition for the Real syntax is:¶
This syntax corresponds to a subset of the REAL ASN.1 type from [ASN.1] where the sequence syntax is not allowed and the values are limited to base ten.¶
The Time Of Day type represents a local time using a 24 hour clock. It is defined as a useful TIME type in [ASN.1] and conforms to the extended format syntax of a local time as defined in [ISO.8601.2004].¶
A Time Of Day value SHALL be written using the following syntax: hh:mm:ss where hh represents the hour from 00 to 24, mm represents the minute from 00 to 59, and ss represents the seconnds with allowed values of 00 to 60 where 60 represents a leap second.¶
Examples for Time Of Day:¶
The LDAP definition for the Time Of Day syntax is:¶
This syntax corresponds to the TIME-OF-DAY ASN.1 type from [ASN.1].¶
The Visible string type represents a character repertoire that the contains printable ASCII character set (in the range 0020-007E hexadecimal). It is defined in [ASN.1].¶
Examples¶
The LDAP definition for the Visible String syntax is:¶
This syntax corresponds to the VisibleString ASN.1 type from [ASN.1].¶
The following additional syntaxes are defined as constraints of basic ASN.1 types that may be used to be more precise in encoding and input validation.¶
It is to note that length constraints of string types is already allowed in LDAP using the attribute definition syntax, as specified in [RFC4517] by adding curly braces following the syntax's OBJECT IDENTIFIER in an attribute type definition. The additional constrained string types here are present in case they are needed in the future or as a way to not use the above extension, which does not seem to be available in pure X.500 implementatons.¶
The Short String type represents an UTF-8 string that is limited to 127 octets when encoded. The acual number of characters that can be encoded depends on the characters.¶
Examples¶
The LDAP definition for the Short String type syntax is:¶
This syntax corresponds to the following ASN.1 type from [ASN.1]:¶
Shortstring ::= UTF8String(SIZE (0..127))¶
The Long String type represents a UTF-8 string that is limited to 1000 octets when encoded. The acual number of characters that can be encoded depends on the characters.¶
Examples¶
The LDAP definition for the Long String type syntax is:¶
This syntax corresponds to the following ASN.1 type from [ASN.1]:¶
Longstring ::= UTF8String(SIZE (0..1000))¶
The text type represents a UTF-8 string that is limited to 65535 octets when encoded. The acual number of characters that can be encoded depends on the characters.¶
Examples¶
The LDAP definition for the Text type syntax is:¶
This syntax corresponds to the following ASN.1 type from [ASN.1]:¶
Text ::= UTF8String(SIZE (0..65535))¶
The Float32 type represents a real number which fits in the range of a [IEEE_754_2019] single precision floating point value.¶
Examples¶
The LDAP definition for the Float32 type syntax is:¶
This syntax corresponds to the following ASN.1 type from [ASN.1]:¶
Float32 ::= REAL (WITH COMPONENTS {
mantissa (-16777215..16777215),
base (2),
exponent (-149..104) })
¶
The Float64 type represents a real number which fits in the range of a [IEEE_754_2019] double precision floating point value.¶
Examples¶
The LDAP definition for the Float64 type syntax is:¶
This syntax corresponds to the following ASN.1 type from [ASN.1]:¶
Float64 ::= REAL (WITH COMPONENTS {
mantissa (-9007199254740991..9007199254740991),
base (2),
exponent (-1074..971) })
¶
The UInt8 type represents an unsigned integer value within the range 0 to 255 inclusive.¶
Examples¶
The LDAP definition for the UInt8 type syntax is:¶
This syntax corresponds to the following ASN.1 type from [ASN.1]:¶
UInt8 ::= INTEGER(0..255)¶
The UInt16 type represents an unsigned integer value within the range 0 to 65535 inclusive.¶
Examples¶
The LDAP definition for the UInt16 type syntax is:¶
This syntax syntax corresponds to the following ASN.1 type from [ASN.1]:¶
UInt16 ::= INTEGER(0..65535)¶
The UInt32 type represents an unsigned integer value within the range 0 to 4294967295 inclusive.¶
Examples¶
The LDAP definition for the UInt32 type syntax is:¶
This syntax corresponds to the following ASN.1 type from [ASN.1]:¶
UInt32 ::= INTEGER(0..4294967295)¶
The UInt64 type represents an unsigned integer value within the range 0 to 18446744073709551615 inclusive.¶
Examples¶
The LDAP definition for the UInt64 type syntax is:¶
This syntax corresponds to the following ASN.1 type from [ASN.1]:¶
UInt64 ::= INTEGER(0..18446744073709551615)¶
The Int8 type represents a signed integer value within the range -128 to 127 inclusive.¶
Examples¶
The LDAP definition for the Int8 type syntax is:¶
This syntax corresponds to the following ASN.1 type from [ASN.1]:¶
Int8 ::= INTEGER(-128..127)¶
The Int16 type represents a signed integer value within the range -32768 to 32767 inclusive.¶
Examples¶
The LDAP definition for the Int16 type syntax is:¶
This syntax corresponds to the following ASN.1 type from [ASN.1]:¶
Int16 ::= INTEGER(-32768 .. 32767)¶
The Int32 type represents a signed integer value within the range -2147483648 to 2147483647 inclusive.¶
Examples¶
The LDAP definition for the Int32 type syntax is:¶
This syntax corresponds to the following ASN.1 type from [ASN.1]:¶
Int32 ::= INTEGER(-2147483648..2147483647)¶
The Int64 type represents a signed integer value within the range -9223372036854775808 to 9223372036854775807 inclusive.¶
Examples¶
The LDAP definition for the Int64 type syntax is:¶
This syntax corresponds to the following ASN.1 type from [ASN.1]:¶
Int64 ::= INTEGER(-9223372036854775808..9223372036854775807)¶
The Percentage type represents a percentage value, that is an unsigned integer in the range 0 to 100 inclusive.¶
Examples¶
The LDAP definition for the Percentage type syntax is:¶
This syntax corresponds to the following ASN.1 type from [ASN.1]:¶
Percentage ::= INTEGER(0..100)¶
The following additional syntaxes are defined and are based on IETF RFC's, or other international standards.¶
DCMIType is a controlled vocabulary to describe the type of a resource. It is specified in [DCMIType]¶
Examples¶
The LDAP definition for the DCMIType syntax is:¶
This syntax corresponds to the following ASN.1 type from [ASN.1]:¶
DCMIType ::= PrintableString("Collection" | "Dataset" |
"Event" | "Image" | "Interactive Resource" |
"Moving Image" |
"Physical Object" |
"Service" | "Software" |
"Sound" |
"Still Image" |
"Text")¶
A language provides a representation of a spoken or written language as well as an optional locale specifier. The exact syntax allowed is defined in Section 2 [RFC5646].¶
A Language syntax value SHALL conform to the following regular expression¶
[a-zA-Z]{1,8}(-[a-zA-Z0-9]{1,8})*¶
Examples¶
The LDAP definition for the Language syntax is:¶
This syntax corresponds to the following ASN.1 type from [ASN.1]:¶
Language ::= PrintableString(SIZE (1..255)) -- ISO 639 code minimally¶
The Media Type syntax type should be used to identify values that represent a Media type. The format for the MIME Media type is defined in Section 5.1 of [RFC6838]. A Media type should match the following regular expression:¶
This syntax value SHALL conform to the following regular expression¶
[A-Za-z0-9]([A-Za-z0-9!#$&^_.+-]){0,126}/[A-Za-z0-9]([A-Za-z0-9!#$&^_.+-]){0,126}¶
Examples¶
The LDAP definition for the MIME Media type syntax is:¶
This syntax corresponds to the following ASN.1 type from [ASN.1]:¶
MediaType ::= VisibleString (SIZE(3..255)) -- IANA Registered Media type¶
An OpenDate represents either part of a Date or a Date and Time in extended format as specified in ISO 8601. The exact syntax allowed is defined by W3C Date and Time formats [W3C.NOTE-datetime-19980827] with a 3 digit fraction.¶
Examples for OpenDate:¶
The LDAP definition for the Open Date syntax is:¶
This syntax corresponds to a subset of the TIME ASN.1 type from [ASN.1] with the specified configuration:¶
OpenDate ::= TIME((SETTINGS "Basic=Date Date=Y Year=Basic")|
(SETTINGS "Basic=Date Date=YM Year=Basic")|
(SETTINGS "Basic=Date Date=YMD Year=Basic")|
(SETTINGS "Basic=Date-Time Date=YMD Year=Basic Time=HM Local-or-UTC=LD")|
(SETTINGS "Basic=Date-Time Date=YMD Year=Basic Time=HMS Local-or-UTC=LD")|
(SETTINGS "Basic=Date-Time Date=YMD Year=Basic Time=HMSF3 Local-or-UTC=LD")|
(SETTINGS "Basic=Date-Time Date=YMD Year=Basic Time=HM Local-or-UTC=Z")|
(SETTINGS "Basic=Date-Time Date=YMD Year=Basic Time=HMS Local-or-UTC=Z")|
(SETTINGS "Basic=Date-Time Date=YMD Year=Basic Time=HMSF3 Local-or-UTC=Z"))
¶
The URI syntax type should be used to identify values that are referenced by a Uniform Resource Identifier (URI). The format for the URI is as defined in Section 3 of [RFC3986].¶
Examples¶
The LDAP definition for the URI syntax is:¶
This syntax corresponds to the following ASN.1 type from [ASN.1]:¶
URI ::= VisibleString (SIZE(1..ub-uri-length))¶
The value of ub-uri-length (an integer) is implementation defined but must be at least 2000 octets.¶
The IANA has registered the LDAP values [RFC4520] specified in this document.¶
This document should not affect the security of the Internet.¶
This template uses extracts from templates written by Pekka Savola, Elwyn Davies and Henrik Levkowetz.¶
Thanks to all of the contributors.¶