Table of Contents
ED-ID Schema
| Release | 1.11 |
| Date | 2009-11-01 |
Introduction
About this Document
This document is the schema for the first phase of the Enterprise Directory system. It contains most of the demographic data about a person that will be in the final phase of the Enterprise Directory, with the exception of those attributes which a person will have direct control over as this directory does not allow for writes. It also contains group and service entry representation. For more information on these entries see the Directory Group Entries Explained and Directory Service Entries Explained documents respectively.
Layout
This document will begin with an outline of the schema used in the ED-ID directory which will give the object class and attributes in the class as well as the DIT for the directory. An in-depth description of each attribute will follow the outline.
Schema Outline
Object Class Outline
objectclass virginiaTechAddress
| superior: | top |
| required: | addressType uuaid |
| optional: | city country facsimileTelephoneNumber mailStop mobile pager postalCode postOfficeBox stateOrProvince street1 street2 telephoneNumber |
objectclass virginiaTechPerson
| superior: | top |
| required: | cn creationDate eduPersonAffiliation eduPersonPrimaryAffiliation gender personType sn uid |
| optional: | accountCreationDate accountExpirationDate accountShelveDate accountState address authId bannerName bannerPIDM c campus chapSecret classLevel classLevelCode dateOfBirth degreeType department departmentNumber displayName eduPersonPrincipalName employeeOffCampus expirationDate facsimileTelephoneNumber givenName groupAddDate groupExpireDate groupMembership guestId homeFAX homeMobile homePager homePhone homePostalAddress initials instantMessagingID jpegPhoto l labeledURI lastEnrollmentTerm lastEnrollmentTermCode localFAX localMobile localPager localPhone localPostalAddress mailAccount mailAlias mailForwardingAddress mailPreferredAddress mailStop major majorCode middleName mobile nextEnrollmentTerm nextEnrollmentTermCode pager passwordState personData postalAddress postalCode postOfficeBox preferredLanguage publicKey responsiblePerson st street suppressEmployeeDisplay suppressDisplay suppressedAttribute telephoneNumber title udcIdentifier undergraduateLevel userCertificate userPassword userSMIMECertificate uupid virginiaTechID |
objectclass virginiaTechGroup
| superior: | top |
| requires: | contactPerson creationDate uid uugid |
| optional: | administrator displayName emailAddress expirationDate groupData groupMembership labeledURI manager member suppressDisplay suppressMembers viewer |
objectclass virginiaTechService
| superior: | top |
| requires: | accountState certificate contactPerson creationDate serviceDN serviceType uid uusid |
| optional: | administrator expirationDate viewablePersonAttribute |
objectclass virginiaTechEntitlement
| superior: | top |
| requires: | creationDate entitlement manager uid |
| optional: | entitled expirationDate sponsor viewer |
Directory DIT
Object Classes
Objectclass virginiaTechAddress
addressType
| Required: | Yes |
| # of values: | single |
| Definition: | The type of the address: home - indicates this is a person's permanent mailing address. This would be an employee's home, or a student's permanent mailing address (most likely their parent or guardian's address). local - indicates this is a person's temporary address. This is used for a student's address while they are actively attending VT (most likely a student's dorm or apartment address). office - indicates this is a person's business address. This may be an employee's office address or a vendor's business address. meeting – indicates the location where a given group meets. |
| Notes: | accepted values are home|local|business|meeting. See Banner to Registry Address Mapping. |
| Example: | addressType: home |
city
| Required: | Yes |
| # of values: | single |
| Definition: | The city the street or post office box is in. |
| Notes: | |
| Example: | city: Blacksburg |
country
| Required: | No |
| # of values: | single |
| Definition: | The two letter abbreviation for the country that this address is in. |
| Notes: | a two-letter ISO 3166 country code. |
| Example: | country: US |
facsimileTelephoneNumber
| Required: | No |
| # of values: | multi |
| Definition: | The facsimile (fax) number for this address. |
| Notes: | International phone number, as described in E.123[15]. |
| Example: | facsimileNumber: (540) 231-7886 |
mailStop
| Required: | No |
| # of values: | single |
| Definition: | This field is used to store internal mail routing information. |
| Notes: | For VT business addresses this should be the mail code. This is not to be used for P.O. Box information, use postOfficeBox instead. |
| Example: | mailStop: 0999 |
mobile
| Required: | No |
| # of values: | multi |
| Definition: | The cellular phone number for this address. |
| Notes: | |
| Example: | mobile: (540) 999-9999 |
pager
| Required: | No |
| # of values: | multi |
| Definition: | The pager number for this address. |
| Notes: | |
| Example: | pager: +1 202 555 4321 |
postalCode
| Required: | No |
| # of values: | single |
| Definition: | This is the post office box (P.O. Box) of a person. |
| Notes: | Do not include the string “P.O. Box” in the field. This is not to be used for internal mail routing information (like mail codes), use mailStop instead. If postOfficeBox is not populated street1 must be. |
| Example: | postOfficeBox: 600 |
postOfficeBox
| Required: | No |
| # of values: | multi |
| Definition: | The postal office box by which this address will receive physical postal delivery. |
| Notes: | |
| Example: | postOfficeBox: 109260 |
stateOrProvince
| Required: | No |
| # of values: | single |
| Definition: | The abbreviated state or province the city is in. |
| Notes: | For a US address use the two letter state abbreviations. |
| Example: | stateOrProvince: VA |
street1
| Required: | No |
| # of values: | single |
| Definition: | This is the first line of a person’s street address. Normally this would be the house number and road they live on. |
| Notes: | This field is never to be used for a P.O. Box number or internal mail routing information (like mail codes). Use either postOfficeBox or mailStop, respectively, instead. If a steet1 is not populated postOfficeBox must be. |
| Example: | street1: 1700 Washington St. |
street2
| Required: | No |
| # of values: | single |
| Definition: | This is the second line of a person's street address. Normally this would be used for apartment numbers. |
| Notes: | This field is never to be used for a P.O. Box number or internal mail routing information (like mail codes). Use either postOfficeBox or mailStop, respectively, instead. |
| Example: | street2: Apt. L |
telephoneNumber
| Required: | No |
| # of values: | multi |
| Definition: | The telephone number(s) associated with this address. |
| Notes: | International phone number, as described in E.123[15]. |
| Example: | telephoneNumber: (608) 555-1212 |
uuaid
| Required: | Yes |
| # of values: | single |
| Definition: | This is the unique identifier for this address object. |
| Notes: | |
| Example: | uuaid: 1018614882726 |
Objectclass virginiaTechPerson
accountCreationDate
| Required: | No |
| # of values: | single |
| Definition: | This is the date the person's account was created |
| Notes: | Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: | accountCreationDate: 2003-08-10T06:32:08 |
accountExpirationDate
| Required: | No |
| # of values: | single |
| Definition: | This is the date the person's account will expire. |
| Notes: | Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: | accountExpirationDate: 2003-08-10T06:32:08 |
accountShelveDate
| Required: | No |
| # of values: | single |
| Definition: | This is the date the person's account will be moved to a shelved state. |
| Notes: | Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: | accountShelveDate: 2003-08-10T06:32:08 |
accountState
| Required: | No |
| # of values: | single |
| Definition: | This is the current authentication state of this person's account. |
| Notes: | This attribute will have the following controlled vocabulary: expected, ACTIVE, LOCKED, SHELVED, TO BE RELEASED. Refer to the PID Account States document for more information on these terms. |
| Example: | accountState: locked |
address
| Required: | Yes |
| # of values: | multi |
| Definition: | A list of all the addresses, identified by address dn, currently known for this person. |
| Notes: | Special care should be taken to remove addresses as they are determined to be out of date. |
| Example: | address: uuaid=123456,ou=Addresses,dc=vt,dc=edu |
authId
| Required: | No |
| # of values: | multi |
| Definition: | The authentication identifier(s). |
| Notes: | May contain uupid and guestId. |
| Example: | authId: dave |
bannerName
| Required: | No |
| # of values: | single |
| Alias: | legalName |
| Definition: | The banner name of this person. |
| Notes: | This should be the user name of this person in the banner spriden table. |
| Example: | bannerName: John Q. Public |
bannerPIDM
| Required: | No |
| # of values: | multi |
| Definition: | The 8 digit Banner PIDM number for this person. |
| Notes: | |
| Example: | bannerPIDM: 12345678 |
c
| Required: | No |
| # of values: | single |
| Definition: | The two letter country abbreviation. |
| Notes: | This should be the country code associated with the address whose address type office. |
| Example: | c: CA |
campus
| Required: | No |
| # of values: | single |
| Definition: | The name of the campus this person is currently affiliated with. For instance the campus a student is attending, or the campus at which a staff member works. |
| Notes: | This field will have a controlled vocabulary however it has not yet been determined. |
| Example: | campus: NoVA |
chapSecret
| Required: | No |
| # of values: | single |
| Definition: | A secret that can be used in CHAP authentication. |
| Notes: | |
| Example: | chapSecret: myChapSecret |
cn
| Required: | Yes |
| # of values: | multi |
| Definition: | The person's full name. |
| Notes: | |
| Example: | cn: Mary Francis Xavier |
classLevel
| Required: | No |
| # of values: | single |
| Definition: | The Banner class level. |
| Notes: | |
| Example: | classLevel: Senior |
classLevelCode
| Required: | No |
| # of values: | single |
| Definition: | The Banner class level code. |
| Notes: | |
| Example: | classLevelCode: 40 |
creationDate
| Required: | Yes |
| # of values: | single |
| Definition: | This is the date the person was added to the directory. |
| Notes: | Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: | creationDate: 2001-11-09T15:25:15-0500 |
dateOfBirth
| Required: | No |
| # of values: | single |
| Definition: | A person's date of birth. |
| Notes: | The date of birth must be in the following format yyyy-mm-dd. Where yyyy is the 4 digit year, mm is the two digit month, and dd is the two digit day. |
| Example: | dateOfBirth: 2001-01-01 |
degreeType
| Required: | No |
| # of values: | single |
| Definition: | The type of degree a student is seeking. |
| Notes: | This attribute will only have a value for people who have an affiliation type of student. This attribute has the following controlled vocabulary: bachelor, masters, doctorate, vetmed. |
| Example: | degreeType: bachelor |
department
| Required: | No |
| # of values: | multi |
| Definition: | The home department this person works in on campus. |
| Notes: | Only a person with an affiliation of employee will have an entry in this attribute. |
| Example: | department: Middleware Services |
departmentNumber
| Required: | No |
| # of values: | multi |
| Definition: | The numerical identifier for the home department this person works in on campus. |
| Notes: | Only a person with an affiliation of employee will have an entry in this attribute. |
| Example: | departmentNumber: 065602 |
displayName
| Required: | No |
| # of values: | single |
| Definition: | Preferred name of a person to be used when displaying this person's name. |
| Notes: | |
| Example: | displayName: John Smith |
eduPersonAffiliation
| Required: | Yes |
| # of values: | multi |
| Definition: | Specifies the person's relationship(s) to the institution in broad categories such as student, faculty, staff, alum, etc. |
| Notes: | See the document entitled Person Affiliations Explained for more information. |
| Example: | eduPersonAffiliation: faculty |
eduPersonPrimaryAffiliation
| Required: | Yes |
| # of values: | single |
| Definition: | Specifies the person's PRIMARY relationship to the institution in broad categories such as student, faculty, staff, alum, etc. |
| Notes: | See the document entitled Person Affiliations Explained on the Middleware web site for more information. |
| Example: | eduPersonPrimaryAffiliation: student |
eduPersonPrincipalName
| Required: | No |
| # of values: | single |
| Definition: | The “NetID” of the person for the purposes of inter-institutional authentication. Should be stored in the form of user@univ.edu, where univ.edu is the name of the local security domain. |
| Notes: | See extensive explanation of this field in the eduPerson specification: http://www.educause.edu/netatedu/groups/pki/eduperson/spec.txt This is NOT the person’s email address. |
| Example: | eduPersonPrincipalName: jsmith@vt.edu |
employeeOffCampus
| Required: | No |
| # of values: | single |
| Definition: | Whether an employee is off campus or not. |
| Notes: | Will be true or false. |
| Example: | employeeOffCampus: false |
expirationDate
| Required: | No |
| # of values: | single |
| Definition: | This is the date the person is set to expire from the directory. |
| Notes: | ISO8601 complete data w/ hours, minutes, and seconds Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: | expirationDate: 2001-11-09T15:25:15-0500 |
facsimileTelephoneNumber
| Required: | No |
| # of values: | multi |
| Definition: | A fax number for the person. |
| Notes: | This should be the fax number associated with the address whose address type is office. |
| Example: | facsimileTelephoneNumber: (540) 961-4567 |
gender
| Required: | Yes |
| # of values: | single |
| Definition: | The gender of the person. |
| Notes: | Will be Male, Female, or Unreported. |
| Example: | gender: Male |
givenName
| Required: | No |
| # of values: | multi |
| Definition: | The part of a person's name which is not their surname nor middle name. |
| Notes: | This is commenly a person’s first name. Names which contains hyphens (-) or spaces will be broken up into multiple entries as well as recorded as a single entry. Therefore a person with a given name of “Mary Jane” would have there entries here; “Mary”, “Jane”, and “Mary Jane”. |
| Example: | givenName: Stephen |
groupAddDate
| Required: | No |
| # of values: | multi |
| Definition: | This is the date the person was added to a group. |
| Notes: | The format for this entry is as follows. uugid date, where the uugid is a valid group id, and the date is an ISO8601 date, complete data w/ hours, minutes, and seconds, with a space separating the id and the date. Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: | groupAddDate: fooGroup 2001-11-09T15:25:15-0500 |
groupExpireDate
| Required: | No |
| # of values: | multi |
| Definition: | This is the date the person is to expire from a group. |
| Notes: | The format for this entry is as follows. uugid date, where the uugid is a valid group id, and the date is an ISO8601 date, complete data w/ hours, minutes, and seconds, with a space separating the id and the date. Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: | groupExpireDate: fooGroup 2001-11-09T15:25:15-0500 |
groupMembership
| Required: | No |
| # of values: | multi |
| Definition: | A list of the group DNs this person is a member of. |
| Notes: | |
| Example: | groupMembership: uugid=bioclub,ou=Groups,dc=vt,dc=edu |
guestId
| Required: | No |
| # of values: | single |
| Definition: | The guest identifier for authentication. |
| Notes: | For guest people. |
| Example: | guestId: guest |
homeFAX
| Required: | No |
| # of values: | multi |
| Definition: | A fax number for the person. |
| Notes: | This should be the fax number associated with the address whose address type is home. |
| Example: | homeFAX: (540) 961-4567 |
homeMobile
| Required: | No |
| # of values: | multi |
| Definition: | The cellular phone number of the person associated with the address whose address type is home. |
| Notes: | |
| Example: | homeMobile: (540) 999-9999 |
homePager
| Required: | No |
| # of values: | multi |
| Definition: | A person's page number associated with the address whose address type is home. |
| Notes: | |
| Example: | pager: +1 202 555 4321 |
homePhone
| Required: | No |
| # of values: | multi |
| Definition: | The home telephone number associated with a person. |
| Notes: | This should be the phone number associated with the address whose address type is home. |
| Example: | homePhone: (608) 555-1212 |
homePostalAddress
| Required: | No |
| # of values: | single |
| Definition: | This is the home postal address for this person. |
| Notes: | This should be the address associated with the address whose address type is home. Addresses are in standard mailing format with a “$” used to represent a line break. See Banner to Registry Address Mapping. |
| Example: | homePostalAddress: 1234 Main St.$Anytown, CA 12345$US |
initials
| Required: | No |
| # of values: | single |
| Definition: | The initials of all of an individuals names, except for their surname(s). |
| Notes: | |
| Example: | initials: f.x. |
instantMessagingID
| Required: | No |
| # of values: | multi |
| Definition: | This is a list of a person’s instant messaging Ids. |
| Notes: | The format for this field is serviceId:userid where userId is a person's id on a given messaging service, and serviceId is the id of the service. See the “Instant Messaging Service ID List” on the Middleware website for a complete list of possible service IDs. |
| Example: | instantMessagingID: yahoo:jsmith |
jpegPhoto
| Required: | No |
| # of values: | single |
| Definition: | An image of this person in the JPEG File Interchange Format [JFIF]. |
| Notes: | |
| Example: |
l
| Required: | No |
| # of values: | single |
| Definition: | The name of a locality, such as a city, county or other geographic region. |
| Notes: | This should be populated with the city information in the address object whose address type is office. |
| Example: | l: Blacksburg |
labeledURI
| Required: | No |
| # of values: | multi |
| Definition: | Webpage(s) associated with the person. |
| Notes: | The format for this attribute is “label:url”, where the label describes the link and the url is the URL of the link. |
| Example: | labeledURI: homepage:http://filebox.vt.edu/users/jsmith |
lastEnrollmentTerm
| Required: | No |
| # of values: | single |
| Definition: | Human readable form of the last academic term a student was enrolled in. |
| Notes: | Only people with an affiliation of student will have a value in this attribute. |
| Example: | lastEnrollmentTerm: Fall Semester 2004 |
lastEnrollmentTermCode
| Required: | No |
| # of values: | single |
| Definition: | The last academic term a student was enrolled in. |
| Notes: | Only people with an affiliation of student will have a value in this attribute. The values in this attribute are of the following syntax YYYYMM where YYYY is the 4 digit year this person last attended class and MM is the 2 digit month that term start. |
| Example: | lastEnrollmentTermCode: 200101 |
localFAX
| Required: | No |
| # of values: | multi |
| Definition: | A fax number for the person. |
| Notes: | This should be the fax number associated with the address whose address type is local. |
| Example: | homeFAX: (540) 961-4567 |
localMobile
| Required: | No |
| # of values: | multi |
| Definition: | The cellular phone number of the person associated with the address whose address type is local. |
| Notes: | |
| Example: | homeMobile: (540) 999-9999 |
localPager
| Required: | No |
| # of values: | multi |
| Definition: | A person's page number associated with the address whose address type is local. |
| Notes: | |
| Example: | pager: +1 202 555 4321 |
localPhone
| Required: | No |
| # of values: | multi |
| Definition: | The local phone number of this person. |
| Notes: | This should be the phone number associated with the address whose address type is local. |
| Example: | localPhone: 5402312345 |
localPostalAddress
| Required: | No |
| # of values: | single |
| Definition: | This is the local postal address for this person. |
| Notes: | This should be the address associated with the address whose address type is local. Addresses are in standard mailing format with a “$” used to represent a line break. See Banner to Registry Address Mapping. |
| Example: | localPostalAddress: 411 Slusher Hall$Blacksburg, VA 24060$US |
| Required: | No |
| # of values: | multi |
| Definition: | These are the e-mail address(es), last known in some cases, of a person. |
| Notes: | This includes a person's POP email address, POP email aliases, and Exchange email address(es) for VT affiliated personnel who have them. |
| Example: | mail: jsmith@vt.edu |
mailAccount
| Required: | No |
| # of values: | single |
| Definition: | This is the name of the person's email account in the mail system. |
| Notes: | |
| Example: | mail: jsmith@vt.edu |
mailAlias
| Required: | No |
| # of values: | multi |
| Definition: | These are the e-mail alias(es) of a person. |
| Notes: | |
| Example: | mail: john.smith@vt.edu |
mailForwardingAddress
| Required: | No |
| # of values: | single |
| Definition: | This is a person's email forwarding address. |
| Notes: | |
| Example: | mail: jsmith@gmail.com |
mailPreferredAddress
| Required: | No |
| # of values: | single |
| Definition: | This is a person's preferred email address. |
| Notes: | |
| Example: | mail: jsmith@vt.edu |
mailStop
| Required: | No |
| # of values: | single |
| Definition: | This field is used to store internal mail routing information. |
| Notes: | This should be the mailStop associated with the address whose address type is office. |
| Example: | MailStop: 0999 |
major
| Required: | No |
| # of values: | multi |
| Definition: | The academic major of this person. |
| Notes: | This attribute is only populated if this person has a student affiliation. |
| Example: | major: computer science |
majorCode
| Required: | No |
| # of values: | multi |
| Definition: | The academic major code of this person. |
| Notes: | This attribute is only populated if this person has a student affiliation. |
| Example: | major: CS |
middleName
| Required: | No |
| # of values: | multi |
| Definition: | The middle name(s) of a person. |
| Notes: | |
| Example: | middleName: Christopher |
mobile
| Required: | No |
| # of values: | multi |
| Definition: | The cellular phone number of the person associated with the address whose address type is office. |
| Notes: | |
| Example: | mobile: (540) 999-9999 |
nextEnrollmentTerm
| Required: | No |
| # of values: | single |
| Definition: | The next academic term a student is enrolled in. |
| Notes: | Only people with an affiliation of student will have a value in this attribute. The values in this attribute are of the following syntax YYYYMM where YYYY is the 4 digit year this person last attended class and MM is the 2 digit month that term start. |
| Example: | nextEnrollmentTerm: 200301 |
nextEnrollmentTermCode
| Required: | No |
| # of values: | single |
| Definition: | The human readable form of the next academic term a student is enrolled in. |
| Notes: | Only people with an affiliation of student will have a value in this attribute. |
| Example: | nextEnrollmentTerm: Fall Semester 2004 |
pager
| Required: | No |
| # of values: | multi |
| Definition: | A person's page number associated with the address whose address type is office. |
| Notes: | |
| Example: | pager: +1 202 555 4321 |
passwordState
| Required: | No |
| # of values: | single |
| Definition: | Indicates the current state a person's password, which may be either active or expired. |
| Note: | See the PID Account States document for more information. |
| Example: | passwordState: active |
personData
| Required: | No |
| # of values: | multi |
| Definition: | This field allows additional information about a person to be stored. |
| Note: | The format for this attribute is “label:data”, where the label describes the data. |
| Example: | personData: sport:rugby |
personType
| Required: | Yes |
| # of values: | single |
| Definition: | This is the type of person. |
| Notes: | A person may be of type 'permanent' or 'revokable' depending on how loosely affilated they are with the university. |
| Example: | personType: PRM |
postalAddress
| Required: | No |
| # of values: | single |
| Definition: | The address of a person. |
| Notes: | This address should correspond to a person's address represented by the address object whose type is office. Addresses are in standard mailing format with a “$” used to represent a line break. See Banner to Registry Address Mapping. |
| Example: | postalAddress: P.O. Box 333$Sometown, WH 99999 |
postalCode
| Required: | No |
| # of values: | multi |
| Definition: | The postal code of the person. |
| Notes: | ZIP code in USA, postal code for other countries. This should be populated with the postalCode information in the address object whose address type is office. |
| Example: | postalCode: 54321-1234 |
postOfficeBox
| Required: | No |
| # of values: | multi |
| Definition: | The postal office box by which this person will receive physical postal delivery. |
| Notes: | This should be populated with the postOfficeBox information in the address object whose address type is office. |
| Example: | postOfficeBox: 109260 |
preferredLanguage
| Required: | No |
| # of values: | single |
| Definition: | The preffered written or spoken language of the person. |
| Notes: | |
| Example: | preferredLanguage: Esperanto |
publicKey
| Required: | No |
| # of values: | single |
| Definition: | A user's public key. |
| Notes: | May be their PGP key or some other key. |
| Example: |
responsiblePerson
| Required: | No |
| # of values: | single |
| Definition: | This is the DN of the person who is responsible for this person's inclusion in the directory and their access to services. |
| Notes: | This should be used for special case inclusion of people in the directory. This inclusion should be relatively temporary. It is suggested that the expiration date be explicitly set if this field is used. If the person responsible for this person is removed from this directory, responsiblePerson should be set to another valid DN or this person should be removed from the directory. |
| Example: | responsibleID: uid=1234565,ou=people,dc=vt,dc=edu |
sn
| Required: | Yes |
| # of values: | multi |
| Definition: | Surname, family name, or last name. |
| Notes: | If the person has a multi-part surname (whether hyphenated or not), store each component as a separate value in this multi-valued attribute. That yields the best results for the broadest range of clients doing name searches. |
| Example: | sn: Carson |
st
| Required: | No |
| # of values: | multi |
| Definition: | The name of the state or province a person lives in. Use two letter state abbreviations for US addresses. |
| Notes: | This should be populated with the stateOrProvince information in the address object whose address type is office. |
| Example: | st: VA |
street
| Required: | No |
| # of values: | multi |
| Definition: | The physical address of the person. |
| Notes: | This should be populated with the street1 information in the address object whose address type is office. |
| Example: | street: 303 Mulberry St. |
suppressEmployeeDisplay
| Required: | No |
| # of values: | single |
| Definition: | Whether this employee is suppressed. |
| Notes: | |
| Example: | suppressEmployeeDisplay: true |
suppressDisplay
| Required: | No |
| # of values: | single |
| Definition: | Whether this person's entire record should be suppressed from public view. |
| Notes: | |
| Example: | suppressDisplay: true |
suppressedAttribute
| Required: | No |
| # of values: | multi |
| Definition: | A list of this person’s attributes this person wants suppressed from public view. |
| Notes: | |
| Example: | suppressedAttribute: cn |
telephoneNumber
| Required: | No |
| # of values: | multi |
| Definition: | Office/campus phone number. |
| Notes: | This should be populated with the phone number that corresponds to the person's address whose type is office. |
| Example: | telephoneNumber: +1 212 555 1234 ext. 123 |
title
| Required: | No |
| # of values: | single |
| Definition: | The working title of this person. |
| Notes: | |
| Example: | title: Executive Assitant |
udcIdentifier
| Required: | No |
| # of values: | single |
| Definition: | The Sun Gard UDC Identifier. |
| Notes: | |
| Example: | udcIdentifier: 00000000000000000000000000000001 |
uid
| Required: | Yes |
| # of values: | single |
| Definition: | A unique numerical value representing this person. This value is non-revocable and non-reusable. This value should be used when looking up authorization information. |
| Notes: | |
| Example: | uid: 1125486 |
undergraduateLevel
| Required: | No |
| # of values: | single |
| Definition: | The current grade level of an undergraduate student. |
| Notes: | Only a person will only have a value in this attribute if they have an affiliaiton type of student and a degree type of bachelor. This attribute has the following controlled vocabulary: freshmen, sophomore, junior, senior. |
| Example: | undergraduateLevel: junior |
userCertificate
| Required: | No |
| # of values: | single |
| Definition: | A user's X.509 certificate. |
| Notes: | RFC 2256 states that this attribute is to be stored and requested in the binary form, as 'userCertificate;binary'. |
| Example: |
userPassword
| Required: | No |
| # of values: | single |
| Definition: | A user’s hashed password |
| Notes: | Passwords must follow the rules stipulated in the Password Requirements document, which includes limits on password length. Passwords must be hashed via SHA1. Entries must begin with {sha} and be followed by the SHA1 hashed password. |
| Example: | userPassword: {sha}X5/DBrWPOQQaI |
userSMIMECertificate
| Required: | No |
| # of values: | single |
| Definition: | An X.509 certificate specifically for use in S/MIME applications (see RFCs 2632, 2633 and 2634). |
| Notes: | |
| Example: |
uupid
| Required: | No |
| # of values: | single |
| Definition: | Universally unique personal identifier; replaces current PID. |
| Notes: | UUPIDs will only be issued to people and only one UUPID will be issued to a person. UUPIDs are revocable and reusable; as such they should NOT be the basis for any authorization decision. Instead use the UID. |
| Example: | uupid: john_smith |
virginiaTechID
| Required: | No |
| # of values: | single |
| Definition: | This is the 9 digit Virginia Tech ID number from Banner, sometimes known as the Banner ID number. |
| Notes: | |
| Example: | virginiaTechID: 123456789 |
Objectclass virginiaTechGroup
administrator
| Required: | No |
| # of values: | multi |
| Definition: | These are the DNs of the people who may administer this group. |
| Notes: | |
| Example: | administrator: uid=987654,ou=People,dc=vt,dc=edu |
contactPerson
| Required: | Yes |
| # of values: | multi |
| Definition: | This is the DN of the person who should receive any correspondence for the group. |
| Notes: | This is the person that will be contacted for administrative purposes (such a group renewal announcements). If a group email address isn’t specified this person will also get the daily correspondence for this group. |
| Example: | contactPerson: uid=1234567,ou=People,dc=vt,dc=edu |
creationDate
| Required: | Yes |
| # of values: | single |
| Definition: | This is the date the group was added to the directory. |
| Notes: | Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: | creationDate: 2001-11-09T15:25:15-0500 |
displayName
| Required: | No |
| # of values: | single |
| Definition: | This represents the human readable name of a group and will be displayed in place of, or along side of, the group's uugid. |
| Notes: | This name is not guaranteed to be unique. |
| Example: | displayName: Karate Club |
emailAddress
| Required: | No |
| # of values: | single |
| Definition: | This is the email address that everyday correspondence to the group should be sent to. |
| Notes: | If no email address is specified email correspondence will be sent to the contact person's email address. |
| Example: | emailAddress: karate_club@vt.edu |
expirationDate
| Required: | No |
| # of values: | single |
| Definition: | This is the date the group is set to expire from the directory. |
| Notes: | Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: | expirationDate: 2001-11-09T15:25:15-0500 |
groupData
| Required: | No |
| # of values: | multi |
| Definition: | This field allows a group to store additional information about the group, which may be displayed along with other group information. |
| Notes: | Some information that may be included here is a telephone number, an address, other websites, etc. Valid XHTML may be included to added emphasis to certain items. |
| Example: | groupData: Meets on <strong>Thursdays</strong> from 5-7 |
groupMembership
| Required: | No |
| # of values: | multi |
| Definition: | A list of the group DNs this group is a member of. |
| Notes: | |
| Example: | groupMembership: uugid=bioclub,ou=Groups,dc=vt,dc=edu |
labeledURI
| Required: | No |
| # of values: | multi |
| Definition: | Webpage(s) associated with the group. |
| Notes: | The format for this attribute is “label:url”, where the label describes the link and the url is the URL of the link. |
| Example: | labeledURI: homepage:http://filebox.vt.edu/karate_club |
manager
| Required: | No |
| # of values: | multi |
| Definition: | A list of the DNs who are managers of this group. |
| Notes: | |
| Example: | manager: uid=1234567,ou=people,dc=vt,dc=edu |
member
| Required: | No |
| # of values: | multi |
| Definition: | A list of the DNs who are members of this group. May include person and/or group DNs. |
| Notes: | |
| Example: | member: uid=1234567,ou=people,dc=vt,dc=edu |
suppressDisplay
| Required: | No |
| # of values: | single |
| Definition: | Whether this group's entire record should be suppressed from public view. |
| Notes: | |
| Example: | suppressDisplay: true |
suppressMembers
| Required: | No |
| # of values: | single |
| Definition: | Whether this group's membership should be suppressed from public view. |
| Notes: | |
| Example: | suppressMembers: true |
uid
| Required: | Yes |
| # of values: | single |
| Definition: | The unique indentifier for this group. Corresponds to the sequence number in the Registry. |
| Notes: | |
| Example: | uid: 1 |
uugid
| Required: | Yes |
| # of values: | single |
| Definition: | This Universally Unique Group Identifier is the unique identifier of a group within the directory. |
| Notes: | |
| Example: |
viewer
| Required: | No |
| # of values: | multi |
| Definition: | The DNs that may view this group and its membership. |
| Notes: | |
| Example: | user: uusid=exampleService,ou=Services,dc=vt,dc=edu |
Objectclass virginiaTechService
accountState
| Required: | Yes |
| # of values: | single |
| Definition: | The current state of this service account. |
| Notes: | May be one of two values: active or inactive. |
| Example: | accountState: active |
administrator
| Required: | No |
| # of values: | multi |
| Definition: | A list of people DNs that may administer a service. |
| Notes: | Administrators may add or remove authorized users from a service. |
| Example: | administrator: uid=1254884,ou=People,dc=vt,dc=edu |
contactPerson
| Required: | Yes |
| # of values: | single |
| Definition: | This is the DN of the person who is ultimately responsible for this service. |
| Notes: | |
| Example: | contactPerson: uid=987654,ou=People,dc=vt,dc=edu |
creationDate
| Required: | Yes |
| # of values: | single |
| Definition: | This is the date the service was added to the directory. |
| Notes: | Time is 24 hour based. Format is yyyy-mm-ddThh:mmTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: | creationDate: 2001-11-09T15:25:15-0500 |
certificate
| Required: | Yes |
| # of values: | multi |
| Definition: | This is a service's certificate. |
| Notes: | |
| Example: |
expirationDate
| Required: | No |
| # of values: | single |
| Definition: | This is the date the service is set to expire from the directory. |
| Notes: | Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: | expirationDate: 2001-11-09T15:25:15-0500 |
serviceDN
| Required: | Yes |
| # of values: | multi |
| Definition: | The DN of the service certificate |
| Notes: | The serviceDN must map to the certificate that did TLS client authentication to ED-ID for the service to have any privileges other than anonymous access. |
| Example: | cn=ED-ID Service,ou=1,ou=Middleware-Client,o=Virginia Polytechnic Institute and State University,l=Blacksburg,st=Virginia,c=US,dc=vt,dc=edu |
serviceType
| Required: | Yes |
| # of values: | single |
| Definition: | This is the service type of the service. |
| Notes: | Personal services may view any non-suppressed person attribute as well as any suppressed attribute in it’s view access control list (vACL) for the authenticated user originating the request, and may only display that information to that authenticated user. In other words a personal service will show you any of your suppressed attributes in its vACL, but only to you. Private services may view any non-suppressed person attribute as well as any suppressed attribute in its vACL for any person, however it may not make this information publicly viewable. |
| Example: | serviceType: personal |
uid
| Required: | Yes |
| # of values: | single |
| Definition: | The unique indentifier for this service. Corresponds to the sequence number in the Registry. |
| Notes: | |
| Example: | uid: 1 |
uusid
| Required: | Yes |
| # of values: | single |
| Definition: | This Universally Unique Service Id is the unique identifier of a service within the directory. |
| Notes: | |
| Example: | uusid: filebox |
viewablePersonAttribute
| Required: | No |
| # of values: | multi |
| Definition: | This is a list of virginiaTechPerson attributes that this service may view. |
| Notes: | This list in used in conjunction with the service type to determine what usersuppressed fields a service can view. See the serviceType attribute description for a complete explanation of this. |
| Example: | viewablePersonAttribute: mail |
Objectclass virginiaTechEntitlement
creationDate
| Required: | Yes |
| # of values: | single |
| Definition: | This is the date the entitlement was added to the directory. |
| Notes: | Time is 24 hour based. Format is yyyy-mm-ddThh:mmTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: | creationDate: 2001-11-09T15:25:15-0500 |
entitled
| Required: | No |
| # of values: | multi |
| Definition: | A DN that represents the entry with this virginiaTechEntitlement. |
| Notes: | Only people can currently have entitlements. In the future, this may be expanded to include services and groups. |
| Example: | entitled: uid=1152120,ou=People,dc=vt,dc=edu |
entitlement
| Required: | Yes |
| # of values: | single |
| Definition: | A string that identifies the virginiaTechEntitlement |
| Notes: | May coexist with eduPersonEntitlement in the future. |
| Example: | entitlement: middleware:dat:person:create |
expirationDate
| Required: | No |
| # of values: | single |
| Definition: | The date this virginiaTechEntitlement will expire. |
| Notes: | Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is �0500 |
| Example: | expirationDate: 2001-11-09T15:25:15-0500 |
manager
| Required: | Yes |
| # of values: | multi |
| Definition: | The DN of the service that manages this virginaTechEntitlement. |
| Notes: | Though this will initially only contain service DNs, it may contain people or group DNs in the future. This attribute is defined as multi-valued in RFC1274 (used by inetOrgPerson), but it should always contain one value. This will be enforced through replication. |
| Example: | manager: uusid=service-manager,ou=Services,dc=vt,dc=edu |
sponsor
| Required: | No |
| # of values: | single |
| Definition: | The DN that is sponsoring this virginiaTechEntitlement. |
| Notes: | Initially this will be a person DN, but in the future it may contain service or group DNs. |
| Example: | sponsor: uid=1152120,ou=People,dc=vt,dc=edu |
uid
| Required: | Yes |
| # of values: | single |
| Definition: | The unique identifier for this virginiaTechEntitlement. Corresponds to VTENTITLEMENTS.VTENTITLEMENT_SEQNO in the Registry. |
| Notes: | Not to be confused with a person, group, or service uid. |
| Example: | uid: 1 |
viewer
| Required: | No |
| # of values: | multi |
| Definition: | The DNs that may view this virginiaTechEntitlement. |
| Notes: | Similar to a group's viewer. |
| Example: | viewer: uusid=viewer-service,ou=Services,dc=vt,dc=edu |
Approved for release
IAD Director __________________________________________________ Date _______________
IRM Representative ____________________________________________ Date _______________
Change Log
1.0 -> 1.1
- Added type “meeting” to the addressType attribute of the address object class
- Added memberOf attribute to virginiaTechPerson object class
- Added groupType attribute to group object class
1.1 -> 1.2
- Renamed address, group, and service objectclasses to virginiaTechAddress, virginiaTechGroup, virginiaTechService respectively
- Removed alternateID, userOfService, serviceExpirationDate, serviceAddDate, and groupVisibility from person object
- Added bannerPIDM, chapSecret, departmentNumber, previousVirginiaTechID, and virginiaTechID attributes to person
- Renamed memberOf attribute in person object to isMemberOf
- Renamed currentState to accountState to bring schema inline with ED-Auth schema
- Renamed responsibleID attribute in person object to responsiblePerson
- Removed groupType attribute from groups
- Added allowedServices attribute to groups
- Removed user and viewableGroup attributes from service
- Added contactPerson attribute to services
- Renamed credential attribute on services to certificate
1.2 -> 1.3
- Added legalName, majorCode, mailPreferredAddress, mailForwardingAddress, localPhone, localPostalAddress, mailStop, and title attributes
- Changed the definitions of homePhone and homePostalAddress such that they only contain home address data
- Changed the definitions of c, facsimileTelephoneNumber, l, postalAddress, postalCode, postalOfficeBox, st, street, and telephoneNumber such that they only contain business address data
- Moved address, c, homepostalAddress, postalAddress, and postalCode from required attributes to optional attributes
- Changed address definition to refer to address dn.
1.3 -> 1.4
- Added mailAlias
- Added mailAccount
- Added lastEnrollmentTermCode
- Changed lastEnrollmentTerm to be the human readable form of lastEnrollmentTermCode
- Added nextEnrollmentTermCode
- Changed nextEnrollmentTerm to be the human readable form of nextEnrollmentTermCode
- In addresses, changed the definition of country so that it is no longer a required attribute
1.4 -> 1.5
- Added suppressDisplay attribute for people
- Moved administrator from required to optional for services
- Renamed isMemberOf attribute in person object to groupMembership
- Finalized group schema
- Updated documentation for attributes that claim to contain UIDs, they really contain DNs
1.5 -> 1.6
- Removed amateurRadioCallsign
- Removed unixUid
- Removed previousVirginiaTechID
- Added personData
- accountState, passwordState, userPassword, and uupid are no longer required attributes for virginiaTechPerson
1.6 -> 1.7
- Added homeFAX, homeMobile, homePager, localFAX, localMobile, and localPager
- Made localPhone multi-value
- Renamed facsimileNumber to facsimileTelephoneNumber in virginiaTechAddress
- Added personType
- Made city and postalCode optional in virginiaTechAddress
1.7 -> 1.8
- Added accountCreationDate, accountExpirationDate, accountShelveDate, classLevel, classLevelCode to virginiaTechPerson
- Made uid a required attribute for virginiaTechService and virginiaTechGroup
- Added manager and suppressMembers to virginiaTechGroup
1.8 -> 1.9
- Add virginiaTechEntitlement objectclass.
- Remove joinability and leaveability from virginiaTechGroup.
- Add suppressEmployeeDisplay to virginiaTechPerson.
- Make contactPerson multi-valued.
- Add serviceDN to virginiaTechService.
- Make certificate multi-valued.
- Add authId and guestId.
1.9 -> 1.10
- Add required attribute gender to virginiaTechPerson.
- Add optional attribute employeeOffCampus to virginiaTechPerson.
1.10 -> 1.11
- Change legalName to bannerName. Keep legalName as an alias to bannerName.
- Add udcIdentifier.
Except where otherwise noted, content on this wiki is licensed under the following license:CC Attribution-Noncommercial-Share Alike 3.0 Unported
