2.2.5.1.2 Reference Attributes

The Reference Attribute specifies a reference to a name service entry in Active Directory. The value of the attribute MUST be a modified LDAP URL for an object in Active Directory that represents the referenced name service entry. This attribute MUST be identical to the object's LDAP URL without the URL scheme ("ldap:"). For more information on LDAP URLs, see [MS-ADTS].

In addition to being a valid LDAP URL, the Reference Attribute MUST adhere to the following format. This format is defined by using the extended Backus-Naur Form (BNF) specified in [C706].

Reference Attribute Value = "//" Domain "/cn=" Entry "," RestOfLDAPURL

Domain: MUST be a valid fully qualified domain name (FQDN) of the domain.

Entry: MUST be identical to the name component of the object's name service entry name specified by using the syntax described in section 2.2.2.

RestOfLDAPURL: MUST be the rest of the LDAP URL and MUST conform to the LDAP URL syntax specified in [MS-ADTS], without the domain and URL scheme ("ldap:").