Versions Compared

Old Version 7

changes.mady.by.user mhodges

Saved on

compared with

New Version 8

changes.mady.by.user mhodges

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Version: v1-14, March 02, 2009

History:

  • 03/02/2009, Michael Hodges; redefine uhExpiration to format yyyymmdd, 'account expiration date'.
  • 02/19/2009, Michael Hodges; revived uhDataOrigin and expanded to string(128); removed uhFileShareMaxQuota; uhSSN, uhDOB, and secret Q&As attributes
  • 07/31/2002, Russell Tokuyama; Changed uhAllowedServices to uhAllowedService. Added allowed value of 'file sharing' to uhAllowedService.
  • 07/09/2002, Russell Tokuyama; Added uhAllowedServices attribute and allowed values, notes to uhRestrict for usage and allowed values, and Change Log.

Object Identifiers

Per RFC 2578 a unique object identifier (OID) is assigned to each LDAP attribute.  The LDAP attribute OIDs are based on the UH Enterprise OID assigned by IANA.

OIDs

 

 

 

 

UH Enterprise Number

2160

Assigned by IANA, http://www.iana.org/

 

X.500

0.9.2342.19200300

Directory Access Protocol

 

UH OID

1.3.6.1.4.1.2160

UH OID, based on the IANA assigned UH Enterprise Number

 

UH LDAP OID

1.3.6.1.4.1.2160.1.1.1

Lightweight Directory Access Protocol

 

Internet2 eduPerson

1.3.6.1.4.1.5923

http://www.educause.edu/netatedu/groups/pki/eduperson/spec.doc

Sample DN for looking up person information

Distinguished Name

Example

dn

uhUuid=2314231232,ou=people,dc=hawaii,dc=edu

Table of LDAP Attributes

...

 

...

Attribute Name

...

OID

...

Format

...

Indexing

...

Required?

...

Syntax

...

MultiValued?

...

Example Raw Data

...

Privacy?

...

Manager

...

Usage

...

Identifiers, Access Control

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

uid

...

0.9.2342.19200300.100.1.1

...

string(8)

...

yes

...

no

...

{a..z}{0..9}{-_}

...

yes

...

jdoe

...

public

...

no

...

Unix account name, WebCT account name, ...

...

 

...

uhUuid

...

1.3.6.1.4.1.2160.1.1.1.1

...

string(10)

...

yes

...

no

...

{0..9}

...

no

...

810321, 1014353266

...

private

...

no

...

UNISON ID, employee ID, ...

...

 

...

uhRestrict

...

1.3.6.1.4.1.2160.1.1.1.30

...

string(32)

...

no

...

no

...

{a..z}{A..Z}{0..9}{-_}

...

yes

...

uhUnlisted, uhNoPhoto

...

private

...

no

...

indicates that this info is to be 'unlisted'; used for filtering search results

...

 

...

uhAllowedService

...

1.3.6.1.4.1.2160.1.1.1.32

...

string(32)

...

no

...

no

...

{a..z}{A..Z}{0..9}{-_}

...

yes

...

email, home page, shell

...

private

...

no

...

indicates services user is allowed to use

...

 

...

userPassword

...

2.5.4.35

...

binary

...

no

...

no

...

 

...

no

...

 

...

private

...

yes

...

({crypt}xxxxxxxxx)

...

Object Identifiers

Per RFC 2578 a unique object identifier (OID) is assigned to each LDAP attribute.  The LDAP attribute OIDs are based on the UH Enterprise OID assigned by IANA.

  

OIDs

 

 

 

 

 

UH Enterprise Number

2160

Assigned by IANA, http://www.iana.org/

 

 

 

X.500

0.9.2342.19200300

Directory Access Protocol

 

 

eduPersonAffiliation UH OID

1.3.6.1.4.1.5923.1.1.1.1

string(32)

yes

yes

{a..z}{0..9}{-_}

yes

student, faculty, staff, ...

optional

no

white pages

 

eduPersonOrgDN 2160

UH OID, based on the IANA assigned UH Enterprise Number

 

UH LDAP OID

1.3.6.1.4.1.2160.1.1.1

Lightweight Directory Access Protocol

 

Internet2 eduPerson

1.3.6.1.4.1.5923 .1.1.1.3

string(32)

yes

yes

{a..z}{0..9}{-_}

yes

kcc, lcc, ...

optional

no

white pages

 

uhPrimaryOrgDN

1.3.6.1.4.1.2160.1.1.1.21

string(32)

no

no

{a..z}{0..9}{-_}

no

kcc, lcc, ...

optional

no

white pages

 

uhOrgRole

1.3.6.1.4.1.2160.1.1.1.22

string(64)

no

no

{a..z}{0..9}{-_}

yes

uh.cc.kapcc.bus.clerical

optional

no

authorization

 

uhOrgRoleLevel

1.3.6.1.4.1.2160.1.1.1.23

string(2)

no

no

{0..9}

yes

90

optional

no

authorization

 

uhOrgAffiliation

http://www.educause.edu/netatedu/groups/pki/eduperson/spec.doc

Sample DN for looking up person information

Distinguished Name

Example

dn

uhUuid=2314231232,ou=people,dc=hawaii,dc=edu

Table of LDAP Attributes

Authentication no Current Legal Name   homePostalAddress uhAllowedService User has forwarding of incoming email only. Implied if email value set for this attribute.

 

Attribute Name

OID

Format

Indexing

Required?

Syntax

MultiValued?

Example Raw Data

Privacy?

Manager

Usage

Identifiers, Access Control

 

 

 

 

 

 

 

 

 

 

 

 

uid

0.9.2342.19200300.100.1.1

string(8)

yes

no

{a..z}{0..9}{-_}

yes

jdoe

public

no

Unix account name, WebCT account name, ...

 

uhUuid

1.3.6.1.4.1.2160.1.1.1.28 1

string(6410)

yes

no yes

{a..z} {0..9} {-_}

yes no

eduPersonOrgDn=kauaicc, eduPersonAffiliation=student

public 810321, 1014353266

private

no authorization

, white pages UNISON ID, employee ID, ...

 

uhAggregatePersonAffiliation userPassword

1.3.6.1.4.1.2160.1.1.1.30

string(64)

no

no

{a..z}

yes

private

no

authorization

 

uhBU 2.5.4.35

binary

no

no

 

no

 

private

yes

({crypt}xxxxxxxxx)

Organizational Identification

 

 

 

 

 

 

 

 

 

 

 

 

eduPersonAffiliation

1.3.6.1.4.1.21605923.1.1.1.40 1

string(232)

yes

no

yes

{a..z}{0..9}{-_}

yes

01 student, 02faculty, 03staff, ...

public optional

no

white pages , distribution list generation

 

uhPrimaryCampus eduPersonOrgDN

1.3.6.1.4.1.21605923.1.1.1.41 3

string(232)

yes

no yes

{a..z}{A..Z}{0..9}{-_}

no

 

public yes

kcc, lcc, ...

optional

no

white pages , distribution list generation

 

uhPrimaryEAC uhPrimaryOrgDN

1.3.6.1.4.1.2160.1.1.1.42 21

string(2032)

yes no

no

{a..z}{A..Zz}{0..9}{-_}

no

 

public kcc, lcc, ...

optional

no

white pages , distribution list generation

 

 

 

 

 

 

 

 

 

 

 

 

userCertificate

2.5.4.36

binary uhOrgRole

1.3.6.1.4.1.2160.1.1.1.22

string(64)

no

no binary

{a..z}{0..9}{-_}

yes

 

public

yes

authentication uh.cc.kapcc.bus.clerical

optional

no

authorization

 

userSMIMECertificate

2.16.840 uhOrgRoleLevel

1.3.6.1.4.1.2160.1.113730.31.1.40 binary 23

string(2)

no

no binary

{0..9}

yes

90

optional

  no

public authorization

yes  

authentication

Names

 

 

 

 

 

 

 

 

 

 

 

 

cn

2.5.4.3

string(50)

no

no

{a..z}{A..Z}{0..9}{-_.}

yes

jonathan m doe, jr

optional

no

white pages; Full name

 

sn

2.5.4.4

string(30)

no uhOrgAffiliation

1.3.6.1.4.1.2160.1.1.1.28

string(64)

no

yes

{a..z}{0..9}{-_}

yes

eduPersonOrgDn=kauaicc, eduPersonAffiliation=student

public

no

authorization, white pages

 

uhBU

1.3.6.1.4.1.2160.1.1.1.40

string(2)

yes

no

{0..9}

yes

01, 02, 03, ...

public

no

white pages, distribution list generation

 

uhPrimaryCampus

1.3.6.1.4.1.2160.1.1.1.41

string(2)

yes

no

{a..z}{A..Z}{0..9}{-_.}

yes no

doe  

optional public

no

white pages; Last name , distribution list generation

 

givenName

2.5.4. uhPrimaryEAC

1.3.6.1.4.1.2160.1.1.1.42

string(3020)

no yes

no

{a..z}{A..Z}{0..9}{-_.}

yes no

jonathan  

optional public

no

white pages; First name , distribution list generation

Names

 

initials

2.5.4.43

string(8)

no

no

{a..z}

yes

jmd

optional

 

 

 

 

 

 

 

 

 

 

 

displayName cn

2.16.840.15.1137304.3 .1.241

string(50)

no

no

{a..z}{A..Z}{0..9}{-_'.}

no yes

jonathan 'jon' morris doe m doe, jr

optional

no

white pages; Full name

 

eduPersonNickname sn

1 2.35.64.1.4 .1.5923.1.1.1.2

string(1630)

no

no

{a..z}{A..Z}{0..9}{-_.}

yes

jon doe

optional

no

white pages; Last name

 

jpegPhoto givenName

0 2.95.2342.19200300.100.1.60 binary 4.42

string(30)

no

no

binary

no

  {a..z}{A..Z}{0..9}{-_.}

yes

jonathan

optional

no

white pages

; First name

 

 

 

 

 

 

 

 

 

initials

2.5.4.43

string(8)

no

no

{a..z}

yes

jmd

optional

no

 

 

uhOfficialSurname displayName

1 2.316.6840.1.4113730.1.21603.1.1.1.90 241

string(3050)

no

no

{a..z}{0..9}{-_'.}

no

jonathan 'jon' morris doe

optional

no Official

documents, ie: transcripts white pages

 

uhOfficialGivenName eduPersonNickname

1.3.6.1.4.1.21605923.1.1.1.91 2

string(3016)

no

no

{a..z}{0..9}{-_.}

no yes

jonathan jon

optional

no Official documents, ie: transcripts

white pages

Current Legal Name

 

 

 

 

 

 

 

 

 

 

 

 

uhOfficialMiddleName uhOfficialSurname

1.3.6.1.4.1.2160.1.1.1.92 90

string(1630)

no

no

{a..z}{0..9}{-_.}

no

morris doe

optional

no

Official documents, ie: transcripts

 

uhOfficialNamePrefix uhOfficialGivenName

1.3.6.1.4.1.2160.1.1.1.93 91

string(1630)

no

no

{a..z}{0..9}{-_.}

no

dr jonathan

optional

no

Official documents, ie: transcripts

 

uhOfficialNameSuffix uhOfficialMiddleName

1.3.6.1.4.1.2160.1.1.1.94 92

string(16)

no

no

{a..z}{0..9}{-_.}

no

jr morris

optional

no

Official documents, ie: transcripts

 

uhOfficialSalutation uhOfficialNamePrefix

1.3.6.1.4.1.2160.1.1.1.95 93

string(16)

no

no

{a..z}{0..9}{-_.}

no

dear

optional

no

Official documents, ie: transcripts

Contact Info

 

 

 

 

 

 

 

 

 

 

 

 

mail

0.9.2342.19200300.100.1.3

string(50.}

no

dr

optional

no

Official documents, ie: transcripts

 

uhOfficialNameSuffix

1.3.6.1.4.1.2160.1.1.1.94

string(16)

no

no

{a..z}{0..9}{-_@.}

yes no

jon@university.edu jr

optional

no UH assigned email address

Official documents, ie: transcripts

 

uhPreferredMail uhOfficialSalutation

1.3.6.1.4.1.2160.1.1.1.62 95

string(5016)

no

no

{a..z}{0..9}{-_@.}

no

dear

jon01001@mymail.com optional

public

yes

White pages; Preferred email address no

Official documents, ie: transcripts

Contact Info

 

homePhone

0.9.2342.19200300.100.1.20

string(16)

no

no

+cc aaa nnn nnnn and derivatives

yes

+1 202 687 2202, 687 2201

optional

no

White pages

 

 

 

 

 

 

 

 

 

 

 

 

mail

0.9.2342.19200300.100.1.39 3

string(50)

no

no

{a..z}{0..9}{-_#@.}

no yes  

jon@university.edu

optional

no Home

Mailing Address: address line UH assigned email address

 

mobile

0.9.2342.19200300.100 uhPreferredMail

1.3.6.1.4.1.2160.1.1.1.41 62

string(1650)

no

no

+cc aaa nnn nnnn and derivatives

yes

+1 202 687 2202, 687 2201

optional

no

White pages

 

pager {a..z}{0..9}{-_@.}

no

jon01001@mymail.com

public

yes

White pages; Preferred email address

 

homePhone

0.9.2342.19200300.100.1.42 20

string(16)

no

no

+cc aaa nnn nnnn and derivatives

yes

+1 202 687 2202, 687 2201

optional

no

White pages

 

st

2.5.4.8

string(30)

no

no

{a..z}{0..9}{-_.}

no

 

optional

no

White pages; Mailing Address: state

 

street

2.5.4.9 homePostalAddress

0.9.2342.19200300.100.1.39

string(50)

no

no

{a..z}{0..9}{-_#.}

no

 

optional

no

White pages; Home Mailing Address: street address line

 

postalAddress

2.5.4.16 mobile

0.9.2342.19200300.100.1.41

string(5016)

no

no

{a..z}{0..9}{-_#.}

no

  +cc aaa nnn nnnn and derivatives

yes

+1 202 687 2202, 687 2201

optional

no

White pages ; Mailing Address: address line

 

postalCode

2.5.4.17 pager

0.9.2342.19200300.100.1.42

string(1516)

no

no

{a..z}{0..9}{-_#.}

no

  +cc aaa nnn nnnn and derivatives

yes

+1 202 687 2202, 687 2201

optional

no

White pages ; Mailing Address: zip code

 

postOfficeBox st

2.5.4.18 8

string(1530)

no

no

{a..z}{0..9}{-_#.}

no

 

optional

no

White pages; Mailing Address: post office box state

 

title street

2.5.4.12 9

string(6450)

no

no

{a..z}{0..9}{-_#.}

yes

Assoc Clin Prof or Registered Architect, Facil Plan Ofc or Prof, Finance/Dir, Ctr for Japanese Global Investment & Finance }

no

 

optional

no

White pages; Job Title Mailing Address: street address

 

physicalDeliveryOfficeName postalAddress

2.5.4.19 16

string(6450)

no

no

{a..z}{0..9}{-_#.}

yes

Queen's POB I #614 or Manele 106, Kapiolani CC or Nat Energy Lab of Haw, 73-4460 Queen Kaahumanu Hwy, Kailua-Kona }{0..9}{-_#.}

no

 

optional

no

White pages; Office Location or Number Mailing Address: address line

 

ou postalCode

2.5.4.11 17

string(6415)

no

no

{a..z}{0..9}{-_#.}

yes

Surgery, University of Hawaii at Manoa or School-to-Work/Computing, Electronics & Ntwrk Tech (CENT) }{-_#.}

no

 

optional

no

White pages; Department, Campus Mailing Address: zip code

 

telephoneNumber postOfficeBox

2.5.4.20 18

string(1615)

no

no

+cc aaa nnn nnnn and derivatives

yes

+1 202 687 2202, 687 2201 {a..z}{0..9}{-_#.}

no

 

optional

no

White pages; Telephone number Mailing Address: post office box

 

facsimileTelephoneNumber title

2.5.4.23

string(16)

no

no

+cc aaa nnn nnnn and derivatives

yes

+1 202 687 2202, 687 2201

optional

no

White pages; FAX number

LDAP Data Management

 

 

 

 

 

 

 

 

 

 

 

 

uhExpiration

1.3.6.1.4.1.2160.1.1.1.60

string(8)

yes

no

yyyymmdd

no

20090302

private

no

Visitor Internet Access: account expiration date

Information

uhDataOrigin

1.3.6.1.4.1.2160.1.1.1.61

string(12812

string(64)

no

no

{a..z}{0..9}{-_#.}

yes

Assoc Clin Prof or Registered Architect, Facil Plan Ofc or Prof, Finance/Dir, Ctr for Japanese Global Investment & Finance

optional

no

White pages; Job Title

 

physicalDeliveryOfficeName

2.5.4.19

string(64)

no

no

{a..z}{0..9}{-_#.}

yes

Queen's POB I #614 or Manele 106, Kapiolani CC or Nat Energy Lab of Haw, 73-4460 Queen Kaahumanu Hwy, Kailua-Kona

optional

no

White pages; Office Location or Number

 

ou

2.5.4.11

string(64)

no

no

{a..z}{0..9}{=-_,.?<>;[]{}()&$@}

yes

VIA example: "dataOriginType=application,dataOriginID=VIA,requesterID=mklinger"
By definition dataOriginType={erp,application} 

private

no

Authoritative source indicator

UH Attribute Values

Attribute Name

Keyword Value

Description

 

uhRestrict

uhUnlisted

this leaf is to be unlisted and will not be displayed in a normal interactive retrieval.

 

uhRestrict

uhNoPhoto

the photo for this individual is not to be appear in normal interactive retrievals.

 

uhRestrict

uhNoDisplay

indicates that a specific attribute is not to be displayed during a normal interactive retrieval.

 

uhRestrict

uhFullProfile

indicates that this individual has access to all updatedable attributes via the Interactive Profile Manager.

 

uhRestrict

null

indicates no restrictions #.}

yes

Surgery, University of Hawaii at Manoa or School-to-Work/Computing, Electronics & Ntwrk Tech (CENT)

optional

no

White pages; Department, Campus

 

telephoneNumber

2.5.4.20

string(16)

no

no

+cc aaa nnn nnnn and derivatives

yes

+1 202 687 2202, 687 2201

optional

no

White pages; Telephone number

 

facsimileTelephoneNumber

2.5.4.23

string(16)

no

no

+cc aaa nnn nnnn and derivatives

yes

+1 202 687 2202, 687 2201

optional

no

White pages; FAX number

LDAP Data Management

 

 

 

 

 

 

email

User has full access to a personal email account

 

uhAllowedService

emailforwarding

 

 

 

 

 

uhAllowedService  

shell

User has access to a personal shell account (doesn't mean that one has necessarily been enabled)

 

uhAllowedService

softwaredownloads

User has access to ITS software downloads

 

uhAllowedService

wireless

User can access campus wireless network

 

uhAllowedService

homepage

User has home (Web) page (personal web pages)

 

uhAllowedService

null

Indicates no limits, all services allowed

 

uhAllowedService

-'service'

Negates access to a specific service

 

 

 

  uhExpiration

1.3.6.1.4.1.2160.1.1.1.60

string(8)

yes

no

yyyymmdd

no

20090302

private

no

Visitor Internet Access: account expiration date

Information

uhDataOrigin

1.3.6.1.4.1.2160.1.1.1.61

string(128)

no

no

{a..z}{0..9}{=-_,.?<>;[]{}()&$@}

yes

VIA example: "dataOriginType=application,dataOriginID=VIA,requesterID=mklinger"
By definition dataOriginType={erp,application} 

private

no

Authoritative source indicator