UnboundID LDAP SDK for Java

LDAP Specifications Defined in RFCs

This page provides a listing of a number of LDAP-related specifications that are defined in RFCs. Note that some of these specifications are obsolete, and are no longer recommended for use. In addition, some of these specifications are not widely implemented in or supported by LDAP servers and/or clients. Before attempting to use any of these specifications, check the capabilities of your LDAP directory server and/or clients.

RFCs Defining the LDAP Protocol and Other Core Specifications

• RFC 2849: The LDAP Data Interchange Format (LDIF) - Technical Specification
  
  
• RFC 3296: Named Subordinate References in Lightweight Directory Access Protocol (LDAP) Directories
  
  
• RFC 3671: Collective Attributes in the Lightweight Directory Access Protocol (LDAP)
  
  
• RFC 3672: Subentries in the Lightweight Directory Access Protocol (LDAP)
  
  
• RFC 3673: Lightweight Directory Access Protocol version 3 (LDAPv3): All Operational Attributes
  
  
• RFC 3866: Language Tags and Ranges in the Lightweight Directory Access Protocol (LDAP)
  Obsoletes: RFC 2596
  
  
• RFC 4511: Lightweight Directory Access Protocol (LDAP): The Protocol
  Obsoletes: RFC 2251, RFC 2830, RFC 3771
  
  
• RFC 4512: Lightweight Directory Access Protocol (LDAP): Directory Information Models
  Obsoletes: RFC 2251, RFC 2252, RFC 2256, RFC 3674
  
  
• RFC 4513: Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms
  Obsoletes: RFC 2251, RFC 2829, RFC 2830
  
  
• RFC 4514: Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names
  Obsoletes: RFC 2253
  
  
• RFC 4515: Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters
  Obsoletes: RFC 2254
  
  
• RFC 4516: Lightweight Directory Access Protocol (LDAP): Uniform Resource Locator
  Obsoletes: RFC 2255
  
  
• RFC 4518: Lightweight Directory Access Protocol (LDAP): Internationalized String Preparation
  
  
• RFC 4522: Lightweight Directory Access Protocol (LDAP): The Binary Encoding Option
  
  
• RFC 4525: Lightweight Directory Access Protocol (LDAP) Modify-Increment Extension
  
  
• RFC 4526: Lightweight Directory Access Protocol (LDAP) Absolute True and False Filters
  
  
• RFC 4529: Requesting Attributes by Object Class in the Lightweight Directory Access Protocol
  
  

RFCs Containing Informational Documents, Recommendations, and Best Practices

• RFC 1823: The LDAP Application Program Interface
  
  
• RFC 2377: Naming Plan for Internet Directory-Enabled Applications
  Updated by: RFC 4519
  
  
• RFC 2820: Access Control Requirements for LDAP
  
  
• RFC 3352: Connection-less Lightweight Directory Access Protocol (CLDAP) to Historic Status
  Obsoletes: RFC 1798
  
  
• RFC 3384: Lightweight Directory Access Protocol (version 3) Replication Requirements
  
  
• RFC 3494: Lightweight Directory Access Protocol version 2 (LDAPv2) to Historic Status
  Obsoletes: RFC 1484, RFC 1485, RFC 1487, RFC 1777, RFC 1778, RFC 1779, RFC 1781, RFC 2559
  
  
• RFC 4510: Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map
  Obsoletes: RFC 2251, RFC 2252, RFC 2253, RFC 2254, RFC 2255, RFC 2256, RFC 2829, RFC 2830, RFC 3377, RFC 3771
  
  
• RFC 4520: Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)
  Obsoletes: RFC 3383
  
  
• RFC 4521: Considerations for Lightweight Directory Access Protocol (LDAP) Extensions
  
  

RFCs Defining Controls and Extended Operations

• RFC 2589: Lightweight Directory Access Protocol (v3): Extensions for Dynamic Directory Services
  
  
• RFC 2649: An LDAP Control and Schema for Holding Operation Signatures
  
  
• RFC 2696: LDAP Control Extension for Simple Paged Results Manipulation
  
  
• RFC 2891: LDAP Control Extension for Server Side Sorting of Search Results
  
  
• RFC 3062: LDAP Password Modify Extended Operation
  
  
• RFC 3829: Lightweight Directory Access Protocol (LDAP) Authorization Identity Request and Response Controls
  
  
• RFC 3876: Returning Matched Values with the Lightweight Directory Access Protocol version 3 (LDAPv3)
  
  
• RFC 3909: Lightweight Directory Access Protocol (LDAP) Cancel Operation
  
  
• RFC 3928: Lightweight Directory Access Protocol (LDAP) Client Update Protocol
  
  
• RFC 4370: Lightweight Directory Access Protocol (LDAP) Proxied Authorization Control
  
  
• RFC 4373: Lightweight Directory Access Protocol (LDAP) Bulk Update/Replication Protocol (LBURP)
  
  
• RFC 4527: Lightweight Directory Access Protocol (LDAP) Read Entry Controls
  
  
• RFC 4528: Lightweight Directory Access Protocol (LDAP) Assertion Control
  
  
• RFC 4531: Lightweight Directory Access Protocol (LDAP) Turn Operation
  
  
• RFC 4532: Lightweight Directory Access Protocol (LDAP) "Who am I?" Operation
  
  
• RFC 4533: The Lightweight Directory Access Protocol (LDAP) Content Synchronization Operation
  
  
• RFC 5805: Lightweight Directory Access Protocol (LDAP) Transactions
  
  
• RFC 6171: The Lightweight Directory Access Protocol (LDAP) Don't Use Copy Control
  
  

RFCs Defining Core LDAP Schema

• RFC 2247: Using Domains in LDAP/X.500 Distinguished Names
  Updated by: RFC 4519, RFC 4524
  
  
• RFC 2798: Definition of the inetOrgPerson LDAP Object Class
  Updated by: RFC 3698, RFC 4519, RFC 4524
  
  
• RFC 2926: Conversion of LDAP Schemas to and from SLP Templates
  
  
• RFC 2985: PKCS #9: Selected Object Classes and Attribute Types Version 2.0
  
  
• RFC 3045: Storing Vendor Information in the LDAP root DSE
  
  
• RFC 3112: LDAP Authentication Password Schema
  
  
• RFC 3687: Lightweight Directory Access Protocol (LDAP) and X.500 Component Matching Rules
  
  
• RFC 3698: Lightweight Directory Access Protocol (LDAP) Additional Matching Rules
  Updates: RFC 2798
  Updated by: RFC 4517
  
  
• RFC 4517: Lightweight Directory Access Protocol (LDAP): Syntaxes and Matching Rules
  Updates: RFC 3698
  Obsoletes: RFC 2252, RFC 2256
  
  
• RFC 4519: Lightweight Directory Access Protocol (LDAP): Schema for User Applications
  Updates: RFC 2247, RFC 2377, RFC 2798
  Obsoletes: RFC 2256
  
  
• RFC 4524: COSINE LDAP/X.500 Schema
  Updates: RFC 2247, RFC 2798
  Obsoletes: RFC 1274
  
  
• RFC 4530: Lightweight Directory Access Protocol (LDAP) entryUUID Operational Attribute
  
  
• RFC 5020: The Lightweight Directory Access Protocol (LDAP) entryDN Operational Attribute
  
  

RFCs Containing Additional LDAP Schema Definitions

• RFC 2079: Definition of an X.500 Attribute Type and an Object Class to Hold Uniform Resource Identifiers (URIs)
  
  
• RFC 2307: An Approach for Using LDAP as a Network Information Service
  
  
• RFC 2713: Schema for Representing Java(tm) Objects in an LDAP Directory
  
  
• RFC 2714: Schema for Representing CORBA Objects in an LDAP Directory
  
  
• RFC 2739: Calendar Attributes for vCard and LDAP
  
  
• RFC 3641: Generic String Encoding Rules (GSER) for ASN.1 Types
  Updated by: RFC 4792
  
  
• RFC 3642: Common Elements of Generic String Encoding Rules (GSER) Encodings
  
  
• RFC 3703: Policy Core Lightweight Directory Access Protocol (LDAP) Schema
  Updated by: RFC 4104
  
  
• RFC 3727: ASN.1 Module Definition for the LDAP and X.500 Component Matching Rules
  
  
• RFC 4104: Policy Core Extension Lightweight Directory Access Protocol Schema (PCELS)
  Updates: RFC 3703
  
  
• RFC 4403: Lightweight Directory Access Protocol (LDAP) Schema for Universal Description, Discovery, and Integration version 3 (UDDIv3)
  
  
• RFC 4523: Lightweight Directory Access Protocol (LDAP) Schema Definitions for X.509 Certificates
  Obsoletes: RFC 2252, RFC 2256, RFC 2587
  
  
• RFC 4792: Encoding Instructions for the Generic String Encoding Rules (GSER)
  Updates: RFC 3641
  
  
• RFC 4876: A Configuration Profile Schema for Lightweight Directory Access Protocol (LDAP)-Based Agents
  
  
• RFC 5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted Challenge Response Authentication Mechanism (SCRAM) Secrets
  
  
• RFC 7612: Lightweight Directory Access Protocol (LDAP) Schema for Printer Services
  Obsoletes: RFC 3712
  
  
• RFC 8284: Lightweight Directory Access Protocol (LDAP) Schema for Supporting the Extensible Messaging and Presence Protocol (XMPP) in White Pages
  
  

RFCs Containing Other Specifications Commonly Used in Conjunction with LDAP

• RFC 1321: The MD5 Message-Digest Algorithm
  Updated by: RFC 6151
  
  
• RFC 2104: HMAC: Keyed-Hashing for Message Authentication
  Updated by: RFC 6151
  
  
• RFC 1964: The Kerberos Version 5 GSS-API Mechanism
  
  
• RFC 2605: Directory Server Monitoring MIB
  Obsoletes: RFC 1567
  
  
• RFC 2743: Generic Security Service API Version 2, Update 1
  Obsoletes: RFC 2078
  
  
• RFC 2744: Generic Security Service API Version 2: C-bindings
  Obsoletes: RFC 1509
  
  
• RFC 2782: A DNS RR for specifying the location of services (DNS SRV)
  
  
• RFC 2808: The SecurID(r) SASL Mechanism
  
  
• RFC 2831: Using Digest Authentication as a SASL Mechanism
  Obsoleted by: RFC 6331
  
  
• RFC 2986: PKCS #10: Certificate Request Syntax Specification Version 1.7
  
  
• RFC 3174: US Secure Hash Algorithm 1 (SHA1)
  Updated by: RFC 4634, RFC 6234
  
  
• RFC 3454: Preparation of Internationalized Strings ("stringprep")
  
  
• RFC 4013: SASLprep: Stringprep Profile for User Names and Passwords
  
  
• RFC 4121: The Kerberos Version 5 Generic Security Service Application Program Interface (GSS-API) Mechanism: Version 2
  Updates: RFC 1964
  
  
• RFC 4122: A Universally Unique IDentifier (UUID) URN Resource
  
  
• RFC 4226: HOTP: An HMAC-Based One-Time Password Algorithm
  
  
• RFC 4422: Simple Authentication and Security Layer (SASL)
  Obsoletes: RFC 2222
  
  
• RFC 4505: Anonymous Simple Authentication and Security Layer (SASL) Mechanism
  Obsoletes: RFC 2245
  
  
• RFC 4616: The PLAIN Simple Authentication and Security Layer (SASL) Mechanism
  
  
• RFC 4648: The Base16, Base32, and Base64 Data Encodings
  
  
• RFC 4752: The Kerberos V5 ("GSSAPI") Simple Authentication and Security Layer (SASL) Mechanism
  Obsoletes: RFC 2222
  
  
• RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
  
  
• RFC 5802: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms
  
  
• RFC 5958: Asymmetric Key Packages (PKCS #8)
  
  
• RFC 6151: Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms
  Updates: RFC 1321, RFC 2104
  
  
• RFC 6234: US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)
  Updates: RFC 3174
  Obsoletes: RFC 4634
  
  
• RFC 6238: TOTP: Time-Based One-Time Password Algorithm
  
  
• RFC 6331: Moving DIGEST-MD5 to Historic
  Obsoletes: RFC 2831
  
  
• RFC 6595: A Simple Authentication and Security Layer (SASL) and GSS-API Mechanism for the Security Assertion Markup Language (SAML)
  
  
• RFC 7292: PKCS #12: Personal Information Exchange Syntax v1.1
  
  
• RFC 7628: A Set of Simple Authentication and Security Later (SASL) Mechanisms for OAuth
  
  
• RFC 7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS Simple Authentication And Security Layer (SASL) Mechanisms
  
  
• RFC 8017: PKCS #1: RSA Cryptography Specifications Version 2.2
  
  
• RFC 8353: Generic Security Service API Version 2: Java Bindings Update
  Obsoletes: RFC 5653
  
  
• RFC 9371: Registration Procedures for Private Enterprise Numbers (PENs)
  
  

Obsolete RFCs Provided for Informational Purposes

• RFC 1274: The COSINE and Internet X.500 Schema
  Obsoleted by: RFC 4524
  
  
• RFC 1484: Using the OSI Directory to achieve User Friendly Naming
  Obsoleted by: RFC 3494
  
  
• RFC 1485: A String Representation of Distinguished Names
  Obsoleted by: RFC 1779, RFC 3494
  
  
• RFC 1487: X.500 Lightweight Directory Access Protocol
  Obsoleted by: RFC 1777, RFC 3494
  
  
• RFC 1488: The X.500 String Representation of Standard Attribute Syntaxes
  Obsoleted by: RFC 1778
  
  
• RFC 1558: A String Representation of LDAP Search Filters
  Obsoleted by: RFC 1960
  
  
• RFC 1567: X.500 Directory Monitoring MIB
  Obsoleted by: RFC 2605
  
  
• RFC 1777: Lightweight Directory Access Protocol
  Obsoletes: RFC 1487
  Obsoleted by: RFC 3494
  
  
• RFC 1778: The String Representation of Standard Attribute Syntaxes
  Obsoletes: RFC 1488
  Updated by: RFC 2559
  Obsoleted by: RFC 3494
  
  
• RFC 1779: A String Representation of Distinguished Names
  Obsoleted by: RFC 2253, RFC 3494
  
  
• RFC 1798: Connection-less Lightweight X.500 Directory Access Protocol
  Obsoleted by: RFC 3352
  
  
• RFC 1959: An LDAP URL Format
  Obsoleted by: RFC 2255
  
  
• RFC 1960: A String Representation of LDAP Search Filters
  Obsoletes: RFC 1558
  Obsoleted by: RFC 2254
  
  
• RFC 2222: Simple Authentication and Security Layer (SASL)
  Obsoleted by: RFC 4422, RFC 4752
  
  
• RFC 2245: Anonymous SASL Mechanism
  Obsoleted by: RFC 4505
  
  
• RFC 2251: Lightweight Directory Access Protocol (v3)
  Updated by: RFC 3377, RFC 3771
  Obsoleted by: RFC 4510, RFC 4511, RFC 4512, RFC 4513
  
  
• RFC 2252: Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions
  Updated by: RFC 3377
  Obsoleted by: RFC 4510, RFC 4512, RFC 4517, RFC 4523
  
  
• RFC 2253: Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
  Obsoletes: RFC 1779
  Updated by: RFC 3377
  Obsoleted by: RFC 4510, RFC 4514
  
  
• RFC 2254: The String Representation of LDAP Search Filters
  Obsoletes: RFC 1960
  Updated by: RFC 3377
  Obsoleted by: RFC 4510, RFC 4515
  
  
• RFC 2255: The LDAP URL Format
  Obsoletes: RFC 1959
  Updated by: RFC 3377
  Obsoleted by: RFC 4510, RFC 4516
  
  
• RFC 2256: A Summary of the X.500(96) User Schema for use with LDAPv3
  Updated by: RFC 3377
  Obsoleted by: RFC 4510, RFC 4512, RFC 4517, RFC 4519, RFC 4523
  
  
• RFC 2559: Internet X.590 Public Key Infrastructure Operational Protocols - LDAPv2
  Updates: RFC 1778
  Obsoleted by: RFC 3494
  
  
• RFC 2587: Internet X.590 Public Key Infrastructure LDAPv2 Schema
  Obsoleted by: RFC 4523
  
  
• RFC 2596: Use of Language Codes in LDAP
  Obsoleted by: RFC 3866
  
  
• RFC 2829: Authentication Methods for LDAP
  Updated by: RFC 3377
  Obsoleted by: RFC 4510, RFC 4513
  
  
• RFC 2830: Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security
  Updated by: RFC 3377
  Obsoleted by: RFC 4510, RFC 4511, RFC 4513
  
  
• RFC 3377: Lightweight Directory Access Protocol (v3): Technical Specification
  Updates: RFC 2251, RFC 2252, RFC 2253, RFC 2254, RFC 2255, RFC 2256, RFC 2829, RFC 2830
  Obsoleted by: RFC 4510
  
  
• RFC 3383: Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)
  Obsoleted by: RFC 4520
  
  
• RFC 3674: Feature Discovery in Lightweight Directory Access Protocol (LDAP)
  Obsoleted by: RFC 4512
  
  
• RFC 3712: Lightweight Directory Access Protocol (LDAP): Schema for Printer Services
  Obsoleted by: RFC 7612
  
  
• RFC 3771: The Lightweight Directory Access Protocol (LDAP) Intermediate Response Message
  Updates: RFC 2251
  Obsoleted by: RFC 4510, RFC 4511
  
  
• RFC 4634: US Secure Hash Algorithms (SHA and HMAC-SHA)
  Updates: RFC 3174
  Obsoleted by: RFC 6234