none
[MS-ADTS] SYNTAX of AttributeTypeDescription RRS feed

  • Question

  • Section 3.1.1.3.1.1.1 of MS-ADTS specisies that "AttributeTypeDescription" should be of the following syntax.

    AttributeTypeDescription = "(" whsp
    numericoid whsp ; attributeID
    [ "NAME" qdescrs ] ; lDAPDisplayName
    [ "SYNTAX" whsp noidlen whsp ] ; see RFC 2252 section 4.3
    [ "SINGLE-VALUE" whsp ] ; default multi-valued
    [ "NO-USER-MODIFICATION" whsp ] ; default user modifiable
    whsp ")"

    For SYNTAX it is written to see RFC 2252 section 4.3

    But according to section 3.1.1.3.1.1.2 of ADTS Active Directory does not use the same syntaxes. It does not even have a syntax OID for all of the syntaxes it supports.

    So what does SYNTAX mean in this format? Is it "attributeSyntax"?, "OMSyntax"?  "oMObjectClass"? or all of these together?

    It was also mentioend in the section 3.1.1.2.2.2 that oMObjectClass contains the OID. But not all syntaxes have it. So should we assime that AttributeTypeDescription should only use Syntaxe OIDs from the syntaxes which have oMObjectClass ?

    Any help in this regard is appriciated.

     

    Friday, May 13, 2011 3:32 AM

Answers

  • Rajesh,

     

    We have completed our investigation regarding the list of values that SYNTAX can take in the AttributeTypeDescription field when Active Directory populates subschema’s attributeTypes (ref. MS-ADTS 3.1.1.3.1.1.1   subSchema).

     

    A future version of MS-ADTS will be updated to reflect the following mapping. This table allows mapping the returned syntax values to LDAP syntax names.

     

    LDAP syntax name

    SYNTAX Value

    Boolean

    1.3.6.1.4.1.1466.115.121.1.7

    Enumeration

    1.3.6.1.4.1.1466.115.121.1.27

    Integer

    1.3.6.1.4.1.1466.115.121.1.27

    LargeInteger

    1.2.840.113556.1.4.906

    Object(Access-Point)

    1.3.6.1.4.1.1466.115.121.1.2

    Object(DN-Binary)

    1.2.840.113556.1.4.903

    Object(DN-String)

    1.2.840.113556.1.4.904

    Object(DS-DN)

    1.3.6.1.4.1.1466.115.121.1.12

    Object(OR-Name)

    1.2.840.113556.1.4.1221

    Object(Presentation-Address)

    1.3.6.1.4.1.1466.115.121.1.43

    Object(Replica-Link)

    OctetString

    String(Case)

    1.2.840.113556.1.4.1362

    String(Generalized-Time)

    1.3.6.1.4.1.1466.115.121.1.24

    String(IA5)

    1.3.6.1.4.1.1466.115.121.1.26

    String(NT-Sec-Desc)

    1.2.840.113556.1.4.907

    String(Numeric)

    1.3.6.1.4.1.1466.115.121.1.36

    String(Object-Identifier)

    1.3.6.1.4.1.1466.115.121.1.38

    String(Octet)

    1.3.6.1.4.1.1466.115.121.1.40

    String(Printable)

    1.3.6.1.4.1.1466.115.121.1.44

    String(Sid)

    1.3.6.1.4.1.1466.115.121.1.40

    String(Teletex)

    1.2.840.113556.1.4.905

    String(Unicode)

    1.3.6.1.4.1.1466.115.121.1.15

    String(UTC-Time)

    1.3.6.1.4.1.1466.115.121.1.53

     

    The LDAP syntax names can be correlated to AD syntaxes (attributeSyntax, oMSyntax, oMObjectClass) as specified in [MS-ADTS] Section 3.1.1.2.2.2 in the table with the following header.

    3.1.1.2.2.2 LDAP Representations

    LDAP syntax name            attributeSyntax oMSyntax            oMObjectClass

     

    NOTE: SYNTAX OID 1.3.6.1.4.1.1466.115.121.1.40 (Octet String) is defined in RFC2252, but the RFC does not explicitly specify any usage of Octet String. LDAP RFCs are referring to the ASN.1 OCTET STRING encoding.  This is better described in RFC2251 which describes the base LDAP protocol that RFC2252 supplements.

     

    Regards,

    Edgar

    Tuesday, June 14, 2011 9:40 PM
    Moderator

All replies

  • Hi Rajesh,

    Thank you for your question.  A colleague will follow up with you soon to investigate.

    Regards,
    Mark Miller

    Escalation Engineer

    US-CSS DSC PROTOCOL TEAM
    Friday, May 13, 2011 12:04 PM
  • Rajesh,

     

    As specified in MS-ADTS Sections 3.1.1.2.3 Attributes, 3.1.1.2.2.2 LDAP Representations, each syntax is identified by the combination of three attributes of the attributeSchema object: attributeSyntax, oMSyntax, and oMObjectClass.

    It is also specified that oMObjectClass is optional (ref. 3.1.1.2.3 Attributes). The cases for which oMObjectClass is not used are indicated by the presence of a hyphen in the oMObjectClass column in the table specified in Section 3.1.1.2.2, which documents the list of syntaxes in Active Directory, their encodings, and how they map to the [RFC2252] syntaxes.

     

    3.1.1.2.2.2 LDAP Representations

    Examples of attribute syntaxes with no oMobjectClass

    LDAP syntax name

    attributeSyntax

    oMSyntax

    oMObjectClass

    String(IA5)

    2.5.5.5

    22

    -

    String(Printable)

    2.5.5.5

    19

    -

     

    Regards,

    Edgar

    Friday, May 13, 2011 9:00 PM
    Moderator
  • From your reply on my question at http://social.msdn.microsoft.com/Forums/en-US/os_windowsprotocols/thread/f76fa43d-75cf-4acf-a43e-7f755a0da78c

    'attributeSecurityGUID' SYNTAX is  '1.3.6.1.4.1.1466.115.121.1.40'.

    But it was never mentioned in any document. In one table it was mearly mentioned that String(Octet) is adapted from Binary of RFC 2252.
    Can you give us the list of SubSchema related SYNTAXs for all ADDS Syntaxes?


    Saturday, May 21, 2011 1:44 PM
  • Rajesh,

    Thank you for your feedback regarding syntaxes. I will be addressing the question in this thread. I will update you as soon I have news.

    Thanks,

    Edgar

    Monday, May 23, 2011 3:22 PM
    Moderator
  • Hi Edgar,

    Any update on this issue?

    Wednesday, June 8, 2011 11:10 AM
  • Rajesh,

     

    We have completed our investigation regarding the list of values that SYNTAX can take in the AttributeTypeDescription field when Active Directory populates subschema’s attributeTypes (ref. MS-ADTS 3.1.1.3.1.1.1   subSchema).

     

    A future version of MS-ADTS will be updated to reflect the following mapping. This table allows mapping the returned syntax values to LDAP syntax names.

     

    LDAP syntax name

    SYNTAX Value

    Boolean

    1.3.6.1.4.1.1466.115.121.1.7

    Enumeration

    1.3.6.1.4.1.1466.115.121.1.27

    Integer

    1.3.6.1.4.1.1466.115.121.1.27

    LargeInteger

    1.2.840.113556.1.4.906

    Object(Access-Point)

    1.3.6.1.4.1.1466.115.121.1.2

    Object(DN-Binary)

    1.2.840.113556.1.4.903

    Object(DN-String)

    1.2.840.113556.1.4.904

    Object(DS-DN)

    1.3.6.1.4.1.1466.115.121.1.12

    Object(OR-Name)

    1.2.840.113556.1.4.1221

    Object(Presentation-Address)

    1.3.6.1.4.1.1466.115.121.1.43

    Object(Replica-Link)

    OctetString

    String(Case)

    1.2.840.113556.1.4.1362

    String(Generalized-Time)

    1.3.6.1.4.1.1466.115.121.1.24

    String(IA5)

    1.3.6.1.4.1.1466.115.121.1.26

    String(NT-Sec-Desc)

    1.2.840.113556.1.4.907

    String(Numeric)

    1.3.6.1.4.1.1466.115.121.1.36

    String(Object-Identifier)

    1.3.6.1.4.1.1466.115.121.1.38

    String(Octet)

    1.3.6.1.4.1.1466.115.121.1.40

    String(Printable)

    1.3.6.1.4.1.1466.115.121.1.44

    String(Sid)

    1.3.6.1.4.1.1466.115.121.1.40

    String(Teletex)

    1.2.840.113556.1.4.905

    String(Unicode)

    1.3.6.1.4.1.1466.115.121.1.15

    String(UTC-Time)

    1.3.6.1.4.1.1466.115.121.1.53

     

    The LDAP syntax names can be correlated to AD syntaxes (attributeSyntax, oMSyntax, oMObjectClass) as specified in [MS-ADTS] Section 3.1.1.2.2.2 in the table with the following header.

    3.1.1.2.2.2 LDAP Representations

    LDAP syntax name            attributeSyntax oMSyntax            oMObjectClass

     

    NOTE: SYNTAX OID 1.3.6.1.4.1.1466.115.121.1.40 (Octet String) is defined in RFC2252, but the RFC does not explicitly specify any usage of Octet String. LDAP RFCs are referring to the ASN.1 OCTET STRING encoding.  This is better described in RFC2251 which describes the base LDAP protocol that RFC2252 supplements.

     

    Regards,

    Edgar

    Tuesday, June 14, 2011 9:40 PM
    Moderator