Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

UhEduPerson LDAP Recipe

Version: v1-14, March 02, 2009

History:

...

The University of Hawai'i Identity and Access Management system (IAM, previously known as UHIMS) collects, consolidates and makes available information concerning people associated with the University. LDAP is one of the most useful ways that IAM makes the information available. The UH Online Directory is an LDAP service that provides UH with a directory of names, phone numbers, and email addresses.

The UH Online Directory is based on the eduPerson Schema defined by the Internet2 Middleware initiative to create a recipe for building general purpose institutional directories. The UH directory is very similar in design to LDAP directories at other Universities.

UhEduPerson LDAP Recipe

Version: v1-15, April 10, 2013

Object Identifiers

Per RFC 2578 a unique object identifier (OID) is assigned to each LDAP attribute.  The LDAP attribute OIDs are based on the UH Enterprise OID assigned by IANA.

OIDs

 

 

 

 

UH Enterprise Number

2160

Assigned by IANA, http://www.iana.org/

 

X.500

0.9.2342.19200300

Directory Access Protocol

 

UH OID

1.3.6.1.4.1.2160

UH OID, based on the IANA assigned UH Enterprise Number

 

UH LDAP OID

1.3.6.1.4.1.2160.1.1.1

Lightweight Directory Access Protocol

 

Internet2 eduPerson

1.3.6.1.4.1.5923

http://www.educauseinternet2.edu/netatedu/groups/pki/eduperson/spec.docproducts-services/trust-identity-middleware/eduperson-eduorg/#service-features

Sample DN for looking up person information

Distinguished Name

Example

dn

uhUuid=2314231232,ou=people,dc=hawaii,dc=edu  

Table of LDAP Attributes

 

 

Attribute Name

OID

Format

Indexing

Required?

Syntax

MultiValued?

Example Raw Data

PrivacyRequired? Manager  

Usage

Identifiers, Access Control

 

 

 

 

 

 

 

 

  

 

 

uid

0.9.2342.19200300.100.1.1

string(8)

yes

no

{a..z}{0..9}{-_}

yes

jdoe

public

no required

Unix account name, WebCT account name, ...

 

uhUuid

1.3.6.1.4.1.2160.1.1.1.1

string(10)

yes

no

{0..9}

no

810321, 1014353266

private

no

UNISON required

UH Number ( Employee ID, employee ID, ... Banner ID)

 

uhRestrict

1.3.6.1.4.1.2160.1.1.1.30

string(32)

no

no

{a..z}{A..Z}{0..9}{-_}

yes

uhUnlisted, uhNoPhoto

private

no required

indicates that this info is to be 'unlisted'; used for filtering search results

 

uhAllowedService

1.3.6.1.4.1.2160.1.1.1.32

string(32)

no

no

{a..z}{A..Z}{0..9}{-_}

yes

email, home page, shell

private

no

indicates services user is allowed to use

 

userPassword

2.5.4.35

binary

no

no

 

no

 

private

yes required

({cryptencrypted}xxxxxxxxx)

Organizational Identification 

 

 

 

 

 

 

 

 

 

 

 

eduPersonAffiliation

1.3.6.1.4.1.5923.1.1.1.1

string(32)

yes

yes

{a..z}{0..9}{-_}

yes

student, faculty, staff, ...

optional no

White Pages

white pages

 

eduPersonOrgDN

1.3.6.1.4.1.5923.1.1.1.3

string(32)

yes

yes

{a..z}{0..9}{-_}

yes

kcc, lcc, ...

optional

no

white pages White Pages

 

uhPrimaryOrgDN

1.3.6.1.4.1.2160.1.1.1.21

string(32)

no

no

{a..z}{0..9}{-_}

no

kcc, lcc, ...

optional no

White Pages

white pages

 

uhOrgRole

1.3.6.1.4.1.2160.1.1.1.22

string(64)

no

no

{a..z}{0..9}{-_}

yes

uh.cc.kapcc.bus.clerical

optional

no

authorization

 

uhOrgRoleLevel

1.3.6.1.4.1.2160.1.1.1.23

string(2)

no

no

{0..9}

yes

90

optional

no

authorization

 

uhOrgAffiliation

1.3.6.1.4.1.2160.1.1.1.28

string(64)

no

yes

{a..z}{0..9}{-_}

yes

eduPersonOrgDn=kauaicc, eduPersonAffiliation=student

public

no

authorization, white pages

 

uhAggregatePersonAffiliation

1.3.6.1.4.1.2160.1.1.1.30

string(64)

no

no

{a..z}

yes

preparticipant,participant,grace,postparticipant

private

no

authorization

 

uhBU

1.3.6.1.4.1.2160.1.1.1.40

string(2)

yes

no

{0..9}

yes

01, 02, 03, ...

public

no

white pages, distribution list generation

authorization, White Pages

 

uhPrimaryCampus

1.3.6.1.4.1.2160.1.1.1.41

string(2)

yes

no

{a..z}{A..Z}{0..9}{-_}

no

 

public

no

white pagesWhite Pages, distribution list generation

 

uhPrimaryEAC

1.3.6.1.4.1.2160.1.1.1.42

string(20)

yes

no

{a..z}{A..Z}{0..9}{-_}

no

 

public

no

white pagesWhite Pages, distribution list generation

Authentication

 

 

 

 

 

 

 

 

 

 

 

userCertificate

2.5.4.36

binary

no

no

binary

yes

 

public

yes

authentication

 

userSMIMECertificate

2.16.840.1.113730.3.1.40

binary

no

no

binary

yes

 

public

yes

authentication

Names

 

 

 

 

 

 

 

 

 

 

 

 

cn

2.5.4.3

string(50)

no

no

{a..z}{A..Z}{0..9}{-_.}

yes

jonathan m doe, jr

optional

no

white pages; Full name

 

 

sn

2.5.4.4

string(30)

no

no

{a..z}{A..Z}{0..9}{-_.}

yes

doe

optional

no

white pages; Last name

 

 

givenName

2.5.4.42

string(30)

no

no

{a..z}{A..Z}{0..9}{-_.}

yes

jonathan

optional

no

white pages; First name

 

 

initials

2.5.4.43

string(8)

no

no

{a..z}

yes

jmd

optional no

 

 

displayName

2.16.840.1.113730.3.1.241

string(50)

no

no

{a..z}{0..9}{-_'.}

no

jonathan 'jon' morris doe

optional

no

white pages Doe, Jonathan (Jon) M Doe

required

White pages, usually entered as "Last Name, First (Nickname) Middle, Suffix"

 

eduPersonNickname

1.3.6.1.4.1.5923.1.1.1.2

string(16)

no

no

{a..z}{0..9}{-_.}

yes

jon

optional

no

white pages

 

jpegPhoto

0.9.2342.19200300.100.1.60

binary

no

no

binary

no

 

optional

no

white pages

Current Legal Name

 

 

 

 

 

 

 

 

 

 

 

 

uhOfficialSurname

1.3.6.1.4.1.2160.1.1.1.90

string(30)

no

no

{a..z}{0..9}{-_.}

no

doe

optional

no

Official documents, ie: transcripts

 

uhOfficialGivenName

1.3.6.1.4.1.2160.1.1.1.91

string(30)

no

no

{a..z}{0..9}{-_.}

no

jonathan

optional

no

Official documents, ie: transcripts

 

uhOfficialMiddleName

1.3.6.1.4.1.2160.1.1.1.92

string(16)

no

no

{a..z}{0..9}{-_.}

no

morris

optional

no

Official documents, ie: transcripts

 

uhOfficialNamePrefix

1.3.6.1.4.1.2160.1.1.1.93

string(16)

no

no

{a..z}{0..9}{-_.}

no

dr

optional

no

Official documents, ie: transcripts

 

uhOfficialNameSuffix

1.3.6.1.4.1.2160.1.1.1.94

string(16)

no

no

{a..z}{0..9}{-_.}

no

jr

optional

no

Official documents, ie: transcripts

 

uhOfficialSalutation

1.3.6.1.4.1.2160.1.1.1.95

string(16)

no

no

{a..z}{0..9}{-_.}

no

dear

optional

no

Official documents, ie: transcripts

Contact Info 

 

 

 

 

 

 

 

 

 

 

 

mail

0.9.2342.19200300.100.1.3

string(50)

no

no

{a..z}{0..9}{-_@.}

yes

jon@university.edu

optional

no

UH assigned email address UHIMS assigned and White Pages assigned email addresses. There can be more than one. Their order of appearance has no significance.

 

uhPreferredMail

1.3.6.1.4.1.2160.1.1.1.62

string(50)

no

no

{a..z}{0..9}{-_@.}

no

jon01001@mymail.com

public

yes

White pages; Preferred email address

 

homePhone

0.9.2342.19200300.100.1.20

string(16)

no

no

+cc aaa nnn nnnn and derivatives

yes

+1 202 687 2202, 687 2201

optional

no

White pages

 

homePostalAddress

0.9.2342.19200300.100.1.39

string(50)

no

no

{a..z}{0..9}{-_#.}

no

 

optional

no

Home Mailing Address: address line

 

mobile

0.9.2342.19200300.100.1.41

string(16)

no

no

+cc aaa nnn nnnn and derivatives

yes

+1 202 687 2202, 687 2201

optional

no

White pages

 

pager

0.9.2342.19200300.100.1.42

string(16)

no

no

+cc aaa nnn nnnn and derivatives

yes

+1 202 687 2202, 687 2201

optional

no

White pages

 

st

2.5.4.8

string(30)

no

no

{a..z}{0..9}{-_.}

no

 

optional

no

White pages; Mailing Address: state

 

street

2.5.4.9

string(50)

no

no

{a..z}{0..9}{-_#.}

no

 

optional

no

White pages; Mailing Address: street address

 

postalAddress

2.5.4.16

string(50)

no

no

{a..z}{0..9}{-_#.}

no

 

optional

no

White pages; Mailing Address: address line

 

postalCode

2.5.4.17

string(15)

no

no

{a..z}{0..9}{-_#.}

no

 

optional

no

White pages; Mailing Address: zip code

 

postOfficeBox

2.5.4.18

string(15)

no

no

{a..z}{0..9}{-_#.}

no

 

optional

no

White pages; Mailing Address: post office box

 

(warning) currently not used

 

title

2.5.4.12

string(64)

no

no

{a..z}{0..9}{-_#.}

yes

Assoc Clin Prof or Registered Architect, Facil Plan Ofc or Prof, Finance/Dir, Ctr for Japanese Global Investment & Finance

optional no

White pages; Job Title

 

physicalDeliveryOfficeName

2.5.4.19

string(64)

no

no

{a..z}{0..9}{-_#.}

yes

Queen's POB I #614 or Manele 106, Kapiolani CC or Nat Energy Lab of Haw, 73-4460 Queen Kaahumanu Hwy, Kailua-Kona

optional required

no

White pages; Office Location or Number

 

ou

2.5.4.11

string(64)

no

no

{a..z}{0..9}{-_#.}

yes

Surgery, University of Hawaii at Manoa or School-to-Work/Computing, Electronics & Ntwrk Tech (CENT)

optional

no required

White pages; Department, Campus

 

telephoneNumber

2.5.4.20

string(16)

no

no

+cc aaa nnn nnnn and derivatives

yes

+1 202 687 2202, 687 2201

optional

no required

White pages; Telephone number

 

facsimileTelephoneNumber

2.5.4.23

string(16)

no

no

+cc aaa nnn nnnn and derivatives

yes

+1 202 687 2202, 687 2201

optional no

White pages; FAX number

LDAP Data Management Information

 

 

 

 

 

 

 

 

 

 

 

 

uhExpiration

1.3.6.1.4.1.2160.1.1.1.60

string(8)

yes

no

yyyymmdd

no

20090302

private

no

Visitor Internet Access: account expiration date

Information  

uhDataOrigin uhMetaData

1.3.6.1.4.1.2160.1.1.1.61

string(128)

no

no

{a..z}{0..9}{=-_,.?<>;[]{}()&$@}

yes

VIA example: "dataOriginType=application,dataOriginID=VIAdataOrigin=via,requesterID=mhodgesjdoe" By definition dataOriginType={erp,application} 

private no

Authoritative source indicator

UH Attribute Values

Attribute Name

Keyword Value

Description

 

uhRestrict

uhUnlisted

this leaf is to be unlisted and will not be displayed in a normal interactive retrieval.

 

uhRestrict

uhNoPhoto

the photo for this individual is not to be appear in normal interactive retrievals.

 

uhRestrict

uhNoDisplay

indicates that a specific attribute is not to be displayed during a normal interactive retrieval.

 

uhRestrict

uhFullProfile

indicates that this individual has access to all updatedable attributes via the Interactive Profile Manager.

 

uhRestrict

null

indicates no restrictions

 

 

 

 

 

uhAllowedService

email

User has full access to a personal email account

 

uhAllowedService

emailforwarding

User has forwarding of incoming email only. Implied if email value set for this attribute.

 

uhAllowedService

shell

User has access to a personal shell account (doesn't mean that one has necessarily been enabled)

 

uhAllowedService

softwaredownloads

User has access to ITS software downloads

 

uhAllowedService

wireless

User can access campus wireless network

 

uhAllowedService

homepage

User has home (Web) page (personal web pages)

 

uhAllowedService

null

Indicates no limits, all services allowed

 

uhAllowedService

-'service'

Negates access to a specific service