Lightweight Directory Access Protocol (LDAP): Auxiliary Object Class 'mailboxRelatedObject'

The attribute 'mail' can be used to store Internet mail addresses with internationalized <domain> by using the ToASCII method . But it cannot be used to store addresses with <local-part> containing non-ASCII characters. Therefore this documents defines a new attribute type 'intlMailAdr' for fully internationalized Internet mail addresses as defined in . Often there is a need to associate a, most times non-personal, Internet mail address with an arbitrary object (a service or system user) so applications can lookup where to send mail for this object. Many times the commonly available object class 'inetOrgPerson' is wrongly used for storing such non-personal Internet mail addresses in attribute 'mail' . Therefore this document defines the auxiliary object class 'mailboxRelatedObject' that can be used to associate an arbitrary object with an Internet mail address. It allows to add an Internet mail address attribute to any entry and allows to use either one or both of attributes 'mail' and 'intlMailAdr'. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in . This document is being discussed on the ldapext@ietf.org mailing list.

The attribute type 'intlMailAdr' is defined for storing SMTPUTF8 compliant addresses .

The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and the 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are described in . Note that an application might have used the ToASCII method to produce <sub-domain> components of the <Mailbox> production. This leads to different possible string representations of the same internationalized Internet mail address which could be listed as different values entry's 'intlMailAdr' attribute, operational issues may arise. The following issues like described for attribute type 'mail' in have to be considered also for 'intlMailAdr' defined above: Note that the directory will not ensure that values of this attribute conform to the <Mailbox> production . It is the application's responsibility to ensure that domains it stores in this attribute are appropriately represented. Additionally, the directory will compare values per the matching rules named in the above attribute type description. As these rules differ from rules that normally apply to <Mailbox> comparisons, operational issues may arise. For example, the assertion (mail=joe@example.com) will match "JOE@example.com" even though the <local-parts> differ. Also, where a user has two <Mailbox>es whose addresses differ only by case of the <local-part>, both cannot be listed as values of the entry's 'intlMailAdr' attribute in the same entry (as they are considered equal by the 'caseIgnoreMatch' rule).

Entries of auxiliary object class 'mailboxRelatedObject' MAY contain the following optional attributes: 'mail' 'displayName' 'intlMailAdr'

'mail' and 'intlMailAdr' are listed as optional attributes to allow to use only one of both. If 'mail' and 'intlMailAdr' are both set an application MAY choose one or the other to send mail to the entity represented by the directory entry. Therefore Internet mail addresses in attributes 'mail' and 'intlMailAdr' SHOULD represent the same mailbox if both are set or at least the entity MUST be able to retrieve the mail sent to either one of the addresses.

The OID arc used for the attribute type and object class definition is: iso(1) org(3) dod(6) internet(1) private(4) enter-prise(1) stroeder.com(5427) public(1) ldap(389)

The introduction of these object classes does not impact the security of the Internet or a particular LDAP directory service. Security considerations for LDAP in general are discussed in documents comprising the technical specification .