The UhEduPerson LDAP Recipe
- mhodges
The University of Hawai'i Identity and Access Management system (IAM, previously known as UHIMS) collects, consolidates and makes available information concerning people associated with the University. LDAP is one of the most useful ways that IAM makes the information available. The UH Online Directory is an LDAP service that provides UH with a directory of names, phone numbers, and email addresses.
The UH Online Directory is based on the eduPerson Schema defined by the Internet2 Middleware initiative to create a recipe for building general purpose institutional directories. The UH directory is very similar in design to LDAP directories at other Universities.
UhEduPerson LDAP Recipe
Version: v1-15, April 10, 2013
Object Identifiers
Per RFC 2578 a unique object identifier (OID) is assigned to each LDAP attribute. The LDAP attribute OIDs are based on the UH Enterprise OID assigned by IANA.
OIDs |
|
|
|
|---|---|---|---|
| UH Enterprise Number | 2160 | Assigned by IANA, http://www.iana.org/ |
| X.500 | 0.9.2342.19200300 | Directory Access Protocol |
| UH OID | 1.3.6.1.4.1.2160 | UH OID, based on the IANA assigned UH Enterprise Number |
| UH LDAP OID | 1.3.6.1.4.1.2160.1.1.1 | Lightweight Directory Access Protocol |
| Internet2 eduPerson | 1.3.6.1.4.1.5923 |
Sample DN for looking up person information
Distinguished Name | Example |
|---|---|
dn |
|
Table of LDAP Attributes
| Attribute Name | OID | Format | Indexing | Required? | Syntax | MultiValued? | Example Raw Data | Required? | Usage |
|---|---|---|---|---|---|---|---|---|---|---|
Identifiers |
|
|
|
|
|
|
|
| ||
| uid | 0.9.2342.19200300.100.1.1 | string(8) | yes | no | {a..z}{0..9}{-_} | yes | jdoe | required | Unix account name, WebCT account name, ... |
| uhUuid | 1.3.6.1.4.1.2160.1.1.1.1 | string(10) | yes | no | {0..9} | no | 810321, 1014353266 | required | UH Number ( Employee ID, Banner ID) |
| uhRestrict | 1.3.6.1.4.1.2160.1.1.1.30 | string(32) | no | no | {a..z}{A..Z}{0..9}{-_} | yes | uhUnlisted | required | indicates that this info is to be 'unlisted'; used for filtering search results |
| userPassword | 2.5.4.35 | binary | no | no |
| no |
| required | {encrypted} |
Organizational Identification |
|
|
|
|
|
|
|
|
|
|
| eduPersonAffiliation | 1.3.6.1.4.1.5923.1.1.1.1 | string(32) | yes | yes | {a..z}{0..9}{-_} | yes | student, faculty, staff, ... | optional | White Pages |
| eduPersonOrgDN | 1.3.6.1.4.1.5923.1.1.1.3 | string(32) | yes | yes | {a..z}{0..9}{-_} | yes | kcc, lcc, ... | optional | White Pages |
| uhPrimaryOrgDN | 1.3.6.1.4.1.2160.1.1.1.21 | string(32) | no | no | {a..z}{0..9}{-_} | no | kcc, lcc, ... | optional | White Pages |
| uhOrgAffiliation | 1.3.6.1.4.1.2160.1.1.1.28 | string(64) | no | yes | {a..z}{0..9}{-_} | yes | eduPersonOrgDn=kauaicc, eduPersonAffiliation=student | public | authorization, White Pages |
| uhPrimaryCampus | 1.3.6.1.4.1.2160.1.1.1.41 | string(2) | yes | no | {a..z}{A..Z}{0..9}{-_} | no |
| public | White Pages, distribution list generation |
| uhPrimaryEAC | 1.3.6.1.4.1.2160.1.1.1.42 | string(20) | yes | no | {a..z}{A..Z}{0..9}{-_} | no |
| public | White Pages, distribution list generation |
Names |
|
|
|
|
|
|
|
|
|
|
| cn | 2.5.4.3 | string(50) | no | no | {a..z}{A..Z}{0..9}{-_.} | yes | jonathan m doe, jr | optional | |
| sn | 2.5.4.4 | string(30) | no | no | {a..z}{A..Z}{0..9}{-_.} | yes | doe | optional | |
| givenName | 2.5.4.42 | string(30) | no | no | {a..z}{A..Z}{0..9}{-_.} | yes | jonathan | optional |
|
| initials | 2.5.4.43 | string(8) | no | no | {a..z} | yes | jmd | optional |
|
| displayName | 2.16.840.1.113730.3.1.241 | string(50) | no | no | {a..z}{0..9}{-_'.} | no | Doe, Jonathan (Jon) M Doe | required | White pages, usually entered as "Last Name, First (Nickname) Middle, Suffix" |
| eduPersonNickname | 1.3.6.1.4.1.5923.1.1.1.2 | string(16) | no | no | {a..z}{0..9}{-_.} | yes | jon | optional | white pages |
Contact Info |
|
|
|
|
|
|
|
|
|
|
| 0.9.2342.19200300.100.1.3 | string(50) | no | no | {a..z}{0..9}{-_@.} | yes | jon@university.edu | optional | UHIMS assigned and White Pages assigned email addresses. There can be more than one. Their order of appearance has no significance. | |
| uhPreferredMail | 1.3.6.1.4.1.2160.1.1.1.62 | string(50) | no | no | {a..z}{0..9}{-_@.} | no | jon01001@mymail.com | public |
|
| title | 2.5.4.12 | string(64) | no | no | {a..z}{0..9}{-_#.} | yes | Assoc Clin Prof or Registered Architect, Facil Plan Ofc or Prof, Finance/Dir, Ctr for Japanese Global Investment & Finance | optional | White pages; Job Title |
| physicalDeliveryOfficeName | 2.5.4.19 | string(64) | no | no | {a..z}{0..9}{-_#.} | yes | Queen's POB I #614 or Manele 106, Kapiolani CC or Nat Energy Lab of Haw, 73-4460 Queen Kaahumanu Hwy, Kailua-Kona | required | White pages; Office Location or Number |
| ou | 2.5.4.11 | string(64) | no | no | {a..z}{0..9}{-_#.} | yes | Surgery, University of Hawaii at Manoa or School-to-Work/Computing, Electronics & Ntwrk Tech (CENT) | required | White pages; Department, Campus |
| telephoneNumber | 2.5.4.20 | string(16) | no | no | +cc aaa nnn nnnn and derivatives | yes | +1 202 687 2202, 687 2201 | required | White pages; Telephone number |
| facsimileTelephoneNumber | 2.5.4.23 | string(16) | no | no | +cc aaa nnn nnnn and derivatives | yes | +1 202 687 2202, 687 2201 | optional | White pages; FAX number |
LDAP Data Management Information |
|
|
|
|
|
|
|
|
|
|
| uhExpiration | 1.3.6.1.4.1.2160.1.1.1.60 | string(8) | yes | no | yyyymmdd | no | 20090302 | private | Visitor Internet Access: account expiration date |
| uhMetaData | 1.3.6.1.4.1.2160.1.1.1.61 | string(128) | no | no | {a..z}{0..9}{=-_,.?<>;[]{}()&$@} | yes | VIA example: "dataOrigin=via,requesterID=jdoe" | private | Authoritative source indicator |
currently not used