Page Comparison

UhEduPerson Recipe

Version: v1-14, March 02, 2009

History:

...

The University of Hawai'i Identity and Access Management system (IAM, previously known as UHIMS) collects, consolidates and makes available information concerning people associated with the University. LDAP is one of the most useful ways that IAM makes the information available. The UH Online Directory is an LDAP service that provides UH with a directory of names, phone numbers, and email addresses.

The UH Online Directory is based on the eduPerson Schema defined by the Internet2 Middleware initiative to create a recipe for building general purpose institutional directories. The UH directory is very similar in design to LDAP directories at other Universities.

UhEduPerson LDAP Recipe

Version: v1-15, April 10, 2013

Object Identifiers

Per RFC 2578 a unique object identifier (OID) is assigned to each LDAP attribute.

...

The LDAP attribute OIDs are based on the UH Enterprise OID assigned by IANA.


UH Enterprise Number	2160	Assigned by IANA, http://www.iana.org/
X.500	0.9.2342.19200300	Directory Access Protocol
UH OID	1.3.6.1.4.1.2160	UH OID, based on the IANA assigned UH Enterprise Number
UH LDAP OID	1.3.6.1.4.1.2160.1.1.1	Lightweight Directory Access Protocol
Internet2 eduPerson	1.3.6.1.4.1.5923	http://www.educauseinternet2.edu/netatedu/groups/pkiproducts-services/trust-identity-middleware/eduperson/spec.doc-eduorg/#service-features

Sample DN for looking up person information

Distinguished Name	Example
dn	uhUuid=2314231232,ou=people,dc=hawaii,dc=edu

Table of LDAP Attributes

	Attribute Name	OID	Format	Indexing	Required?	Syntax	MultiValued?	Example Raw Data	PrivacyRequired?	Manager	Usage
Identifiers, Access Control
		uid	0.9.2342.19200300.100.1.1	string(8)	yes	no	{a..z}{0..9}{-_}	yes	jdoe	public required	no	Unix account name, WebCT account name, ...
	uhUuid	1.3.6.1.4.1.2160.1.1.1.1	string(10)	yes	no	{0..9}	no	810321, 1014353266	private	no	UNISON required	UH Number ( Employee ID, employee ID, ... Banner ID)
	uhRestrict	1.3.6.1.4.1.2160.1.1.1.30	string(32)	no	no	{a..z}{A..Z}{0..9}{-_}	yes	uhUnlisted, uhNoPhoto	private	no required	indicates that this info is to be 'unlisted'; used for filtering search results		uhAllowedService	1.3.6.1.4.1.2160.1.1.1.32	string(32)	no	no	{a..z}{A..Z}{0..9}{-_}	yes	email, home page, shell	private	no	indicates services user is allowed to use
	userPassword	2.5.4.35	binary	no	no		no		private required	yes	({cryptencrypted}xxxxxxxxx)
Organizational Identification
		eduPersonAffiliation	1.3.6.1.4.1.5923.1.1.1.1	string(32)	yes	yes	{a..z}{0..9}{-_}	yes	student, faculty, staff, ...	optional no	White Pages	white pages
	eduPersonOrgDN	1.3.6.1.4.1.5923.1.1.1.3	string(32)	yes	yes	{a..z}{0..9}{-_}	yes	kcc, lcc, ...	optional	no	white pages White Pages
	uhPrimaryOrgDN	1.3.6.1.4.1.2160.1.1.1.21	string(32)	no	no	{a..z}{0..9}{-_}	no	kcc, lcc, ...	optional	no	white pages
	uhOrgRole	1.3.6.1.4.1.2160.1.1.1.22	string(64)	no	no	{a..z}{0..9}{-_}	yes	uh.cc.kapcc.bus.clerical	optional	no	authorization
	uhOrgRoleLevel	1.3.6.1.4.1.2160.1.1.1.23	string(2)	no	no	{0..9}	yes	90	optional	no	authorization
	White Pages
	uhOrgAffiliation	1.3.6.1.4.1.2160.1.1.1.28	string(64)	no	yes	{a..z}{0..9}{-_}	yes	eduPersonOrgDn=kauaicc, eduPersonAffiliation=student	public	no	authorization, white pages
	uhAggregatePersonAffiliation	1.3.6.1.4.1.2160.1.1.1.30	string(64)	no	no	{a..z}	yes	preparticipant,participant,grace,postparticipant	private	no	authorization
	uhBU	1.3.6.1.4.1.2160.1.1.1.40	string(2)	yes	no	{0..9}	yes	01, 02, 03, ...	public	no	white pages, distribution list generation authorization, White Pages
	uhPrimaryCampus	1.3.6.1.4.1.2160.1.1.1.41	string(2)	yes	no	{a..z}{A..Z}{0..9}{-_}	no		public	no	white pagesWhite Pages, distribution list generation
	uhPrimaryEAC	1.3.6.1.4.1.2160.1.1.1.42	string(20)	yes	no	{a..z}{A..Z}{0..9}{-_}	no		public	no	white pagesWhite Pages, distribution list generation
Authentication
	userCertificate	2.5.4.36	binary	no	no	binary	yes		public	yes	authentication
	userSMIMECertificate	2.16.840.1.113730.3.1.40	binary	no	no	binary	yes		public	yes	authentication
Names
	cn	2.5.4.3	string(50)	no	no	{a..z}{A..Z}{0..9}{-_.}	yes	jonathan m doe, jr	optional	no	white pages; Full name
	sn	2.5.4.4	string(30)	no	no	{a..z}{A..Z}{0..9}{-_.}	yes	doe	optional	no	white pages; Last name
	givenName	2.5.4.42	string(30)	no	no	{a..z}{A..Z}{0..9}{-_.}	yes	jonathan	optional	no	white pages; First name
	initials	2.5.4.43	string(8)	no	no	{a..z}	yes	jmd	optional	no
	displayName	2.16.840.1.113730.3.1.241	string(50)	no	no	{a..z}{0..9}{-_'.}	no	jonathan 'jon' morris doe	optional	no	white pages Doe, Jonathan (Jon) M Doe	required	White pages, usually entered as "Last Name, First (Nickname) Middle, Suffix"
	eduPersonNickname	1.3.6.1.4.1.5923.1.1.1.2	string(16)	no	no	{a..z}{0..9}{-_.}	yes	jon	optional	no	white pages		jpegPhoto	0.9.2342.19200300.100.1.60	binary	no	no	binary	no		optional	no	white pages
Current Legal Name
	uhOfficialSurname	1.3.6.1.4.1.2160.1.1.1.90	string(30)	no	no	{a..z}{0..9}{-_.}	no	doe	optional	no	Official documents, ie: transcripts
	uhOfficialGivenName	1.3.6.1.4.1.2160.1.1.1.91	string(30)	no	no	{a..z}{0..9}{-_.}	no	jonathan	optional	no	Official documents, ie: transcripts
	uhOfficialMiddleName	1.3.6.1.4.1.2160.1.1.1.92	string(16)	no	no	{a..z}{0..9}{-_.}	no	morris	optional	no	Official documents, ie: transcripts
	uhOfficialNamePrefix	1.3.6.1.4.1.2160.1.1.1.93	string(16)	no	no	{a..z}{0..9}{-_.}	no	dr	optional	no	Official documents, ie: transcripts
	uhOfficialNameSuffix	1.3.6.1.4.1.2160.1.1.1.94	string(16)	no	no	{a..z}{0..9}{-_.}	no	jr	optional	no	Official documents, ie: transcripts
	uhOfficialSalutation	1.3.6.1.4.1.2160.1.1.1.95	string(16)	no	no	{a..z}{0..9}{-_.}	no	dear	optional	no	Official documents, ie: transcripts
Contact Info
	mail	0.9.2342.19200300.100.1.3	string(50)	no	no	{a..z}{0..9}{-_@.}	yes	jon@university.edu	optional	no	UH assigned email address UHIMS assigned and White Pages assigned email addresses. There can be more than one. Their order of appearance has no significance.
	uhPreferredMail	1.3.6.1.4.1.2160.1.1.1.62	string(50)	no	no	{a..z}{0..9}{-_@.}	no	jon01001@mymail.com	public	yes	White pages; Preferred email address
	homePhone	0.9.2342.19200300.100.1.20	string(16)	no	no	+cc aaa nnn nnnn and derivatives	yes	+1 202 687 2202, 687 2201	optional	no	White pages
	homePostalAddress	0.9.2342.19200300.100.1.39	string(50)	no	no	{a..z}{0..9}{-_#.}	no		optional	no	Home Mailing Address: address line
	mobile	0.9.2342.19200300.100.1.41	string(16)	no	no	+cc aaa nnn nnnn and derivatives	yes	+1 202 687 2202, 687 2201	optional	no	White pages
	pager	0.9.2342.19200300.100.1.42	string(16)	no	no	+cc aaa nnn nnnn and derivatives	yes	+1 202 687 2202, 687 2201	optional	no	White pages
	st	2.5.4.8	string(30)	no	no	{a..z}{0..9}{-_.}	no		optional	no	White pages; Mailing Address: state
	street	2.5.4.9	string(50)	no	no	{a..z}{0..9}{-_#.}	no		optional	no	White pages; Mailing Address: street address
	postalAddress	2.5.4.16	string(50)	no	no	{a..z}{0..9}{-_#.}	no		optional	no	White pages; Mailing Address: address line
	postalCode	2.5.4.17	string(15)	no	no	{a..z}{0..9}{-_#.}	no		optional	no	White pages; Mailing Address: zip code
	postOfficeBox	2.5.4.18	string(15)	no	no	{a..z}{0..9}{-_#.}	no		optional	no	White pages; Mailing Address: post office box
	currently not used
	title	2.5.4.12	string(64)	no	no	{a..z}{0..9}{-_#.}	yes	Assoc Clin Prof or Registered Architect, Facil Plan Ofc or Prof, Finance/Dir, Ctr for Japanese Global Investment & Finance	optional no	White pages; Job Title
	physicalDeliveryOfficeName	2.5.4.19	string(64)	no	no	{a..z}{0..9}{-_#.}	yes	Queen's POB I #614 or Manele 106, Kapiolani CC or Nat Energy Lab of Haw, 73-4460 Queen Kaahumanu Hwy, Kailua-Kona	optional	no required	White pages; Office Location or Number
	ou	2.5.4.11	string(64)	no	no	{a..z}{0..9}{-_#.}	yes	Surgery, University of Hawaii at Manoa or School-to-Work/Computing, Electronics & Ntwrk Tech (CENT)	optional	no required	White pages; Department, Campus
	telephoneNumber	2.5.4.20	string(16)	no	no	+cc aaa nnn nnnn and derivatives	yes	+1 202 687 2202, 687 2201	optional required	no	White pages; Telephone number
	facsimileTelephoneNumber	2.5.4.23	string(16)	no	no	+cc aaa nnn nnnn and derivatives	yes	+1 202 687 2202, 687 2201	optional	no	White pages; FAX number
LDAP Data Management Information
	uhExpiration	1.3.6.1.4.1.2160.1.1.1.60	string(8)	yes	no	yyyymmdd	no	20090302	private	no	Visitor Internet Access: account expiration date
Information	uhDataOrigin uhMetaData	1.3.6.1.4.1.2160.1.1.1.61	string(128)	no	no	{a..z}{0..9}{=-_,.?<>;[]{}()&$@}	yes	VIA example: "dataOriginTypedataOrigin=applicationvia,dataOriginID=VIA,requesterID=mhodges" By definition dataOriginType={erp,application} jdoe"	private	no	Authoritative source indicator
UH Attribute Values	Attribute Name	Keyword Value	Description
	uhRestrict	uhUnlisted	this leaf is to be unlisted and will not be displayed in a normal interactive retrieval.
	uhRestrict	uhNoPhoto	the photo for this individual is not to be appear in normal interactive retrievals.
	uhRestrict	uhNoDisplay	indicates that a specific attribute is not to be displayed during a normal interactive retrieval.
	uhRestrict	uhFullProfile	indicates that this individual has access to all updatedable attributes via the Interactive Profile Manager.
	uhRestrict	null	indicates no restrictions

	uhAllowedService	email	User has full access to a personal email account
	uhAllowedService	emailforwarding	User has forwarding of incoming email only. Implied if email value set for this attribute.
	uhAllowedService	shell	User has access to a personal shell account (doesn't mean that one has necessarily been enabled)
	uhAllowedService	softwaredownloads	User has access to ITS software downloads
	uhAllowedService	wireless	User can access campus wireless network
	uhAllowedService	homepage	User has home (Web) page (personal web pages)
	uhAllowedService	null	Indicates no limits, all services allowed
	uhAllowedService	-'service'	Negates access to a specific service

Versions Compared

Old Version 4

New Version Current

Key

UhEduPerson Recipe

UhEduPerson LDAP Recipe

Object Identifiers

Sample DN for looking up person information

Table of LDAP Attributes