UhEduPerson LDAP Recipe
Version: v1-14, March 02, 2009
History:
- 03/02/2009, Michael Hodges; redefine uhExpiration to format yyyymmdd, 'account expiration date'.
- 02/19/2009, Michael Hodges; revived uhDataOrigin and expanded to string(128); removed uhFileShareMaxQuota; uhSSN, uhDOB, and secret Q&As attributes
- 07/31/2002, Russell Tokuyama; Changed uhAllowedServices to uhAllowedService. Added allowed value of 'file sharing' to uhAllowedService.
- 07/09/2002, Russell Tokuyama; Added uhAllowedServices attribute and allowed values, notes to uhRestrict for usage and allowed values, and Change Log.
Object Identifiers
Per RFC 2578 a unique object identifier (OID) is assigned to each LDAP attribute. The LDAP attribute OIDs are based on the UH Enterprise OID assigned by IANA.
OIDs |
|
|
|
---|---|---|---|
|
UH Enterprise Number |
2160 |
Assigned by IANA, http://www.iana.org/ |
|
X.500 |
0.9.2342.19200300 |
Directory Access Protocol |
|
UH OID |
1.3.6.1.4.1.2160 |
UH OID, based on the IANA assigned UH Enterprise Number |
|
UH LDAP OID |
1.3.6.1.4.1.2160.1.1.1 |
Lightweight Directory Access Protocol |
|
Internet2 eduPerson |
1.3.6.1.4.1.5923 |
http://www.educause.edu/netatedu/groups/pki/eduperson/spec.doc |
Sample DN for looking up person information
Distinguished Name |
Example |
---|---|
dn |
uhUuid=2314231232,ou=people,dc=hawaii,dc=edu |
Table of LDAP Attributes
|
Attribute Name |
OID |
Format |
Indexing |
Required? |
Syntax |
MultiValued? |
Example Raw Data |
Privacy? |
Manager |
Usage |
---|---|---|---|---|---|---|---|---|---|---|---|
Identifiers, Access Control |
|
|
|
|
|
|
|
|
|
|
|
|
uid |
0.9.2342.19200300.100.1.1 |
string(8) |
yes |
no |
{a..z}{0..9}{-_} |
yes |
jdoe |
public |
no |
Unix account name, WebCT account name, ... |
|
uhUuid |
1.3.6.1.4.1.2160.1.1.1.1 |
string(10) |
yes |
no |
{0..9} |
no |
810321, 1014353266 |
private |
no |
UNISON ID, employee ID, ... |
|
uhRestrict |
1.3.6.1.4.1.2160.1.1.1.30 |
string(32) |
no |
no |
{a..z}{A..Z}{0..9}{-_} |
yes |
uhUnlisted, uhNoPhoto |
private |
no |
indicates that this info is to be 'unlisted'; used for filtering search results |
|
uhAllowedService |
1.3.6.1.4.1.2160.1.1.1.32 |
string(32) |
no |
no |
{a..z}{A..Z}{0..9}{-_} |
yes |
email, home page, shell |
private |
no |
indicates services user is allowed to use |
|
userPassword |
2.5.4.35 |
binary |
no |
no |
|
no |
|
private |
yes |
({crypt}xxxxxxxxx) |
Organizational Identification |
|
|
|
|
|
|
|
|
|
|
|
|
eduPersonAffiliation |
1.3.6.1.4.1.5923.1.1.1.1 |
string(32) |
yes |
yes |
{a..z}{0..9}{-_} |
yes |
student, faculty, staff, ... |
optional |
no |
white pages |
|
eduPersonOrgDN |
1.3.6.1.4.1.5923.1.1.1.3 |
string(32) |
yes |
yes |
{a..z}{0..9}{-_} |
yes |
kcc, lcc, ... |
optional |
no |
white pages |
|
uhPrimaryOrgDN |
1.3.6.1.4.1.2160.1.1.1.21 |
string(32) |
no |
no |
{a..z}{0..9}{-_} |
no |
kcc, lcc, ... |
optional |
no |
white pages |
|
uhOrgRole |
1.3.6.1.4.1.2160.1.1.1.22 |
string(64) |
no |
no |
{a..z}{0..9}{-_} |
yes |
uh.cc.kapcc.bus.clerical |
optional |
no |
authorization |
|
uhOrgRoleLevel |
1.3.6.1.4.1.2160.1.1.1.23 |
string(2) |
no |
no |
{0..9} |
yes |
90 |
optional |
no |
authorization |
|
uhOrgAffiliation |
1.3.6.1.4.1.2160.1.1.1.28 |
string(64) |
no |
yes |
{a..z}{0..9}{-_} |
yes |
eduPersonOrgDn=kauaicc, eduPersonAffiliation=student |
public |
no |
authorization, white pages |
|
uhAggregatePersonAffiliation |
1.3.6.1.4.1.2160.1.1.1.30 |
string(64) |
no |
no |
{a..z} |
yes |
|
private |
no |
authorization |
|
uhBU |
1.3.6.1.4.1.2160.1.1.1.40 |
string(2) |
yes |
no |
{0..9} |
yes |
01, 02, 03, ... |
public |
no |
white pages, distribution list generation |
|
uhPrimaryCampus |
1.3.6.1.4.1.2160.1.1.1.41 |
string(2) |
yes |
no |
{a..z}{A..Z}{0..9}{-_} |
no |
|
public |
no |
white pages, distribution list generation |
|
uhPrimaryEAC |
1.3.6.1.4.1.2160.1.1.1.42 |
string(20) |
yes |
no |
{a..z}{A..Z}{0..9}{-_} |
no |
|
public |
no |
white pages, distribution list generation |
Authentication |
|
|
|
|
|
|
|
|
|
|
|
|
userCertificate |
2.5.4.36 |
binary |
no |
no |
binary |
yes |
|
public |
yes |
authentication |
|
userSMIMECertificate |
2.16.840.1.113730.3.1.40 |
binary |
no |
no |
binary |
yes |
|
public |
yes |
authentication |
Names |
|
|
|
|
|
|
|
|
|
|
|
|
cn |
2.5.4.3 |
string(50) |
no |
no |
{a..z}{A..Z}{0..9}{-_.} |
yes |
jonathan m doe, jr |
optional |
no |
white pages; Full name |
|
sn |
2.5.4.4 |
string(30) |
no |
no |
{a..z}{A..Z}{0..9}{-_.} |
yes |
doe |
optional |
no |
white pages; Last name |
|
givenName |
2.5.4.42 |
string(30) |
no |
no |
{a..z}{A..Z}{0..9}{-_.} |
yes |
jonathan |
optional |
no |
white pages; First name |
|
initials |
2.5.4.43 |
string(8) |
no |
no |
{a..z} |
yes |
jmd |
optional |
no |
|
|
displayName |
2.16.840.1.113730.3.1.241 |
string(50) |
no |
no |
{a..z}{0..9}{-_'.} |
no |
jonathan 'jon' morris doe |
optional |
no |
white pages |
|
eduPersonNickname |
1.3.6.1.4.1.5923.1.1.1.2 |
string(16) |
no |
no |
{a..z}{0..9}{-_.} |
yes |
jon |
optional |
no |
white pages |
|
jpegPhoto |
0.9.2342.19200300.100.1.60 |
binary |
no |
no |
binary |
no |
|
optional |
no |
white pages |
Current Legal Name |
|
|
|
|
|
|
|
|
|
|
|
|
uhOfficialSurname |
1.3.6.1.4.1.2160.1.1.1.90 |
string(30) |
no |
no |
{a..z}{0..9}{-_.} |
no |
doe |
optional |
no |
Official documents, ie: transcripts |
|
uhOfficialGivenName |
1.3.6.1.4.1.2160.1.1.1.91 |
string(30) |
no |
no |
{a..z}{0..9}{-_.} |
no |
jonathan |
optional |
no |
Official documents, ie: transcripts |
|
uhOfficialMiddleName |
1.3.6.1.4.1.2160.1.1.1.92 |
string(16) |
no |
no |
{a..z}{0..9}{-_.} |
no |
morris |
optional |
no |
Official documents, ie: transcripts |
|
uhOfficialNamePrefix |
1.3.6.1.4.1.2160.1.1.1.93 |
string(16) |
no |
no |
{a..z}{0..9}{-_.} |
no |
dr |
optional |
no |
Official documents, ie: transcripts |
|
uhOfficialNameSuffix |
1.3.6.1.4.1.2160.1.1.1.94 |
string(16) |
no |
no |
{a..z}{0..9}{-_.} |
no |
jr |
optional |
no |
Official documents, ie: transcripts |
|
uhOfficialSalutation |
1.3.6.1.4.1.2160.1.1.1.95 |
string(16) |
no |
no |
{a..z}{0..9}{-_.} |
no |
dear |
optional |
no |
Official documents, ie: transcripts |
Contact Info |
|
|
|
|
|
|
|
|
|
|
|
|
0.9.2342.19200300.100.1.3 |
string(50) |
no |
no |
{a..z}{0..9}{-_@.} |
yes |
jon@university.edu |
optional |
no |
UH assigned email address |
|
|
uhPreferredMail |
1.3.6.1.4.1.2160.1.1.1.62 |
string(50) |
no |
no |
{a..z}{0..9}{-_@.} |
no |
jon01001@mymail.com |
public |
yes |
White pages; Preferred email address |
|
homePhone |
0.9.2342.19200300.100.1.20 |
string(16) |
no |
no |
+cc aaa nnn nnnn and derivatives |
yes |
+1 202 687 2202, 687 2201 |
optional |
no |
White pages |
|
homePostalAddress |
0.9.2342.19200300.100.1.39 |
string(50) |
no |
no |
{a..z}{0..9}{-_#.} |
no |
|
optional |
no |
Home Mailing Address: address line |
|
mobile |
0.9.2342.19200300.100.1.41 |
string(16) |
no |
no |
+cc aaa nnn nnnn and derivatives |
yes |
+1 202 687 2202, 687 2201 |
optional |
no |
White pages |
|
pager |
0.9.2342.19200300.100.1.42 |
string(16) |
no |
no |
+cc aaa nnn nnnn and derivatives |
yes |
+1 202 687 2202, 687 2201 |
optional |
no |
White pages |
|
st |
2.5.4.8 |
string(30) |
no |
no |
{a..z}{0..9}{-_.} |
no |
|
optional |
no |
White pages; Mailing Address: state |
|
street |
2.5.4.9 |
string(50) |
no |
no |
{a..z}{0..9}{-_#.} |
no |
|
optional |
no |
White pages; Mailing Address: street address |
|
postalAddress |
2.5.4.16 |
string(50) |
no |
no |
{a..z}{0..9}{-_#.} |
no |
|
optional |
no |
White pages; Mailing Address: address line |
|
postalCode |
2.5.4.17 |
string(15) |
no |
no |
{a..z}{0..9}{-_#.} |
no |
|
optional |
no |
White pages; Mailing Address: zip code |
|
postOfficeBox |
2.5.4.18 |
string(15) |
no |
no |
{a..z}{0..9}{-_#.} |
no |
|
optional |
no |
White pages; Mailing Address: post office box |
|
title |
2.5.4.12 |
string(64) |
no |
no |
{a..z}{0..9}{-_#.} |
yes |
Assoc Clin Prof or Registered Architect, Facil Plan Ofc or Prof, Finance/Dir, Ctr for Japanese Global Investment & Finance |
optional |
no |
White pages; Job Title |
|
physicalDeliveryOfficeName |
2.5.4.19 |
string(64) |
no |
no |
{a..z}{0..9}{-_#.} |
yes |
Queen's POB I #614 or Manele 106, Kapiolani CC or Nat Energy Lab of Haw, 73-4460 Queen Kaahumanu Hwy, Kailua-Kona |
optional |
no |
White pages; Office Location or Number |
|
ou |
2.5.4.11 |
string(64) |
no |
no |
{a..z}{0..9}{-_#.} |
yes |
Surgery, University of Hawaii at Manoa or School-to-Work/Computing, Electronics & Ntwrk Tech (CENT) |
optional |
no |
White pages; Department, Campus |
|
telephoneNumber |
2.5.4.20 |
string(16) |
no |
no |
+cc aaa nnn nnnn and derivatives |
yes |
+1 202 687 2202, 687 2201 |
optional |
no |
White pages; Telephone number |
|
facsimileTelephoneNumber |
2.5.4.23 |
string(16) |
no |
no |
+cc aaa nnn nnnn and derivatives |
yes |
+1 202 687 2202, 687 2201 |
optional |
no |
White pages; FAX number |
LDAP Data Management |
|
|
|
|
|
|
|
|
|
|
|
|
uhExpiration |
1.3.6.1.4.1.2160.1.1.1.60 |
string(8) |
yes |
no |
yyyymmdd |
no |
20090302 |
private |
no |
Visitor Internet Access: account expiration date |
Information |
uhDataOrigin |
1.3.6.1.4.1.2160.1.1.1.61 |
string(128) |
no |
no |
{a..z}{0..9}{=-_,.?<>;[]{}()&$@} |
yes |
VIA example: "dataOriginType=application,dataOriginID=VIA,requesterID=mklinger" |
private |
no |
Authoritative source indicator |
UH Attribute Values |
Attribute Name |
Keyword Value |
Description |
---|---|---|---|
|
uhRestrict |
uhUnlisted |
this leaf is to be unlisted and will not be displayed in a normal interactive retrieval. |
|
uhRestrict |
uhNoPhoto |
the photo for this individual is not to be appear in normal interactive retrievals. |
|
uhRestrict |
uhNoDisplay |
indicates that a specific attribute is not to be displayed during a normal interactive retrieval. |
|
uhRestrict |
uhFullProfile |
indicates that this individual has access to all updatedable attributes via the Interactive Profile Manager. |
|
uhRestrict |
null |
indicates no restrictions |
|
|
|
|
|
uhAllowedService |
User has full access to a personal email account |
|
|
uhAllowedService |
emailforwarding |
User has forwarding of incoming email only. Implied if email value set for this attribute. |
|
uhAllowedService |
shell |
User has access to a personal shell account (doesn't mean that one has necessarily been enabled) |
|
uhAllowedService |
softwaredownloads |
User has access to ITS software downloads |
|
uhAllowedService |
wireless |
User can access campus wireless network |
|
uhAllowedService |
homepage |
User has home (Web) page (personal web pages) |
|
uhAllowedService |
null |
Indicates no limits, all services allowed |
|
uhAllowedService |
-'service' |
Negates access to a specific service |
|
|
|
|