Release 1.18
Date 2016

Introduction

About this Document

This document is the schema for the first phase of the Enterprise Directory system. It contains most of the demographic data about a person that will be in the final phase of the Enterprise Directory, with the exception of those attributes which a person will have direct control over as this directory does not allow for writes. It also contains group and service entry representation. For more information on these entries see the [[middleware:ed:edid:groups:explained|Directory Group Entries Explained]] and [[middleware:ed:edid:services:explained|Directory Service Entries Explained]] documents respectively.

ED-Auth, ED-Lite, and ED-ID attributes are marked in the objectClass outline sections.

Layout

This document will begin with an outline of the schema used in the ED-LDAP directory which will give the object class and attributes in the class as well as the DIT for the directory. An in-depth description of each attribute will follow the outline.

Indexing

As with databases, LDAP directories provide a mechanism for creating indexes. Searching on indexed attributes provide far faster results than searching on non-indexed fields. The two most common types of indexing for LDAP directories are equality and substring. Those attributes marked as being equality indexed allow exact match searches to be performed against them. Attributes indexed in a substring manner allow wildcard searches to be performed against them. If an attribute is marked as having both equality and substring indexes, the equality search will perform better and should be used if possible. The equality index is used when no wildcard character appears in the string being searched for.

Schema Outline

ObjectClass Outline

objectclass virginiaTechAddress

superior: top      
required:        
    ED-ID ED-Auth ED-Lite
  addressType    
  uuaid    
optional:        
  city    
  country    
  facsimileTelephoneNumber    
  mailStop    
  mobile    
  pager    
  postalCode    
  postOfficeBox    
  stateOrProvince    
  street1    
  street2    
  telephoneNumber    

objectclass virginiaTechPerson

superior: top      
required:        
    ED-ID ED-Auth ED-Lite
  cn  
  creationDate    
  eduPersonAffiliation  
  eduPersonPrimaryAffiliation  
  gender    
  personType    
  sn  
  uid
  virginiaTechAffiliation  
optional:        
  accountCreationDate    
  accountExpirationDate    
  accountRecoveryMaintenanceDate    
  accountShelveDate    
  accountState  
  address    
  authId  
  bannerName    
  bannerPIDM    
  c  
  campus    
  classLevel    
  classLevelCode    
  confidentialFlag    
  dateOfBirth    
  degreeType    
  department  
  departmentNumber  
  displayName  
  eduPersonPrincipalName    
  employeeOffCampus    
  expirationDate    
  facsimileTelephoneNumber    
  givenName  
  groupAddDate    
  groupExpireDate    
  groupMembership  
  groupMembershipUugid  
  guestId  
  homeFAX    
  homeMobile    
  homePager    
  homePhone    
  homePostalAddress    
  initials    
  instantMessagingID  
  jpegPhoto    
  l  
  labeledURI  
  lastEnrollmentTerm    
  lastEnrollmentTermCode    
  localFAX    
  localMobile    
  localPager    
  localPhone  
  localPostalAddress  
  mail  
  mailAccount    
  mailAlias    
  mailExternalAddress    
  mailForwardingAddress    
  mailPreferredAddress    
  mailStop  
  major  
  majorCode    
  middleName  
  mobile    
  networkPassword    
  nextEnrollmentTerm    
  nextEnrollmentTermCode    
  pager    
  passwordChangeDate  
  passwordExpirationDate  
  passwordState  
  personData  
  postalAddress  
  postalCode  
  postOfficeBox  
  preferredLanguage    
  publicKey  
  responsiblePerson    
  st  
  street  
  studentLevelCode    
  suppressEmployeeDisplay    
  suppressDisplay    
  suppressedAttribute    
  telephoneNumber  
  title  
  udcIdentifier    
  undergraduateLevel    
  userCertificate  
  userPassword  
  userSMIMECertificate  
  uupid
  virginiaTechID    

objectclass virginiaTechGroup

superior: top      
required:        
    ED-ID ED-Auth ED-Lite
  contactPerson    
  creationDate    
  uid
  uugid
optional:        
  administrator    
  displayName  
  emailAddress  
  expirationDate    
  groupData  
  groupMembership
  labeledURI  
  manager    
  member
  suppressDisplay  
  suppressMembers  
  viewer    

objectclass virginiaTechService

superior: top      
required:        
    ED-ID ED-Auth ED-Lite
  accountState    
  administrator    
  certificate    
  contactPerson    
  creationDate    
  serviceDN    
  serviceType    
  uid    
  uusid    
optional:        
  expirationDate    
  viewablePersonAttribute    

objectclass virginiaTechEntitlement

superior: top      
required:        
    ED-ID ED-Auth ED-Lite
  creationDate    
  entitlement    
  manager    
  uid    
optional:        
  entitled    
  expirationDate    
  sponsor    
  viewer    

objectclass virginiaTechOrganization

superior: top      
required:        
    ED-ID ED-Auth ED-Lite
  orgCode    
  orgTitle    
  orgLevel    
  orgLevelCode    
  uid    
  orgStatus    
optional:        
  creationDate    
  orgEmployee    
  orgLevelCode 1    
  orgLevelCode 2    
  orgLevelCode 3    
  orgLevelCode 4    
  orgLevelCode 5    
  orgLevelCode 6    

Object Classes

Objectclass virginiaTechAddress

addressType

Required: Yes
# of values: single
Indexing: none
Definition: The type of the address: home - indicates this is a person’s permanent mailing address. This would be an employee’s home, or a student’s permanent mailing address (most likely their parent or guardian’s address). local - indicates this is a person’s temporary address. This is used for a student’s address while they are actively attending VT (most likely a student’s dorm or apartment address). office - indicates this is a person’s business address. This may be an employee’s office address or a vendor’s business address. meeting – indicates the location where a given group meets.
Notes: accepted values are home, local, business, meeting.
Example: addressType: home

city

Required: Yes
# of values: single
Indexing: none
Definition: The city the street or post office box is in.
Notes:  
Example: city: Blacksburg

country

Required: No
# of values: single
Indexing: none
Definition: The two letter abbreviation for the country that this address is in.
Notes: a two-letter ISO 3166 country code.
Example: country: US

facsimileTelephoneNumber

Required: No
# of values: multi
Indexing: none
Definition: The facsimile (fax) number for this address.
Notes: International phone number, as described in E.123[15].
Example: facsimileTelephoneNumber: (540) 231-7886

mailStop

Required: No
# of values: single
Indexing: none
Definition: This field is used to store internal mail routing information.
Notes: For VT business addresses this should be the mail code. This is not to be used for P.O. Box information, use postOfficeBox instead.
Example: mailStop: 0999

mobile

Required: No
# of values: multi
Indexing: equality, substring, presence
Definition: The cellular phone number for this address.
Notes:  
Example: mobile: (540) 999-9999

pager

Required: No
# of values: multi
Indexing: equality, substring, presence
Definition: The pager number for this address.
Notes:  
Example: pager: +1 202 555 4321

postalCode

Required: No
# of values: single
Indexing: none
Definition: This is the post office box (P.O. Box) of a person.
Notes: Do not include the string “P.O. Box” in the field. This is not to be used for internal mail routing information (like mail codes), use mailStop instead. If postOfficeBox is not populated street1 must be.
Example: postOfficeBox: 600

postOfficeBox

Required: No
# of values: multi
Indexing: none
Definition: The postal office box by which this address will receive physical postal delivery.
Notes:  
Example: postOfficeBox: 109260

stateOrProvince

Required: No
# of values: single
Indexing: none
Definition: The abbreviated state or province the city is in.
Notes: For a US address use the two letter state abbreviations.
Example: stateOrProvince: VA

street1

Required: No
# of values: single
Indexing: none
Definition: This is the first line of a person’s street address. Normally this would be the house number and road they live on.
Notes: This field is never to be used for a P.O. Box number or internal mail routing information (like mail codes). Use either postOfficeBox or mailStop, respectively, instead. If a steet1 is not populated postOfficeBox must be.
Example: street1: 1700 Washington St.

street2

Required: No
# of values: single
Indexing: none
Definition: This is the second line of a person’s street address. Normally this would be used for apartment numbers.
Notes: This field is never to be used for a P.O. Box number or internal mail routing information (like mail codes). Use either postOfficeBox or mailStop, respectively, instead.
Example: street2: Apt. L

telephoneNumber

Required: No
# of values: multi
Indexing: equality, substring, presence
Definition: The telephone number(s) associated with this address.
Notes: International phone number, as described in E.123[15].
Example: telephoneNumber: (608) 555-1212

uuaid

Required: Yes
# of values: single
Indexing: equality, presence
Definition: This is the unique identifier for this address object.
Notes:  
Example: uuaid: 1018614882726

Objectclass virginiaTechPerson

accountCreationDate

Required: No
# of values: single
Indexing: none
Definition: This is the date the person’s account was created
Notes: Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500
Example: accountCreationDate: 2003-08-10T06:32:08

accountExpirationDate

Required: No
# of values: single
Indexing: none
Definition: This is the date the person’s account will expire.
Notes: Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500
Example: accountExpirationDate: 2003-08-10T06:32:08

accountRecoveryMaintenanceDate

Required: No
# of values: single
Indexing: none
Definition: This is the last date the person’s account recovery options were maintained
Notes: Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500
Example: accountRecoveryMaintenanceDate: 2003-08-10T06:32:08

accountShelveDate

Required: No
# of values: single
Indexing: none
Definition: This is the date the person’s account will be moved to a shelved state.
Notes: Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500
Example: accountShelveDate: 2003-08-10T06:32:08

accountState

Required: No
# of values: single
Indexing: none
Definition: This is the current authentication state of this person’s account.
Notes: This attribute will have the following controlled vocabulary: expected, ACTIVE, LOCKED, SHELVED, TO BE RELEASED.
Example: accountState: LOCKED

address

Required: Yes
# of values: multi
Indexing: none
Definition: A list of all the addresses, identified by address dn, currently known for this person.
Notes: Special care should be taken to remove addresses as they are determined to be out of date.
Example: address: uuaid=123456,ou=Addresses,dc=vt,dc=edu

authId

Required: No
# of values: multi
Indexing: equality, substring, presence
Definition: The authentication identifier(s).
Notes: May contain uupid and guestId.
Example: authId: dave

bannerName

Required: No
# of values: single
Indexing: none
Alias: legalName
Definition: The banner name of this person.
Notes: This should be the user name of this person in the banner spriden table.
Example: bannerName: John Q. Public

bannerPIDM

Required: No
# of values: multi
Indexing: equality, presence
Definition: The 8 digit Banner PIDM number for this person.
Notes:  
Example: bannerPIDM: 12345678

c

Required: No
# of values: single
Indexing: none
Definition: The two letter country abbreviation.
Notes: This should be the country code associated with the address whose address type office.
Example: c: CA

campus

Required: No
# of values: single
Indexing: none
Definition: The name of the campus this person is currently affiliated with. For instance the campus a student is attending, or the campus at which a staff member works.
Notes: This field will have a controlled vocabulary however it has not yet been determined.
Example: campus: NoVA

cn

Required: Yes
# of values: multi
Indexing: equality, substring
Definition: The person’s full name.
Notes:  
Example: cn: Mary Francis Xavier

classLevel

Required: No
# of values: single
Indexing: none
Definition: The Banner class level.
Notes:  
Example: classLevel: Senior

classLevelCode

Required: No
# of values: single
Indexing: none
Definition: The Banner class level code.
Notes:  
Example: classLevelCode: 40

confidentialFlag

Required: No
# of values: single
Indexing: none
Definition: Whether this person is confidential.
Notes:  
Example: confidentialFlag: true

creationDate

Required: Yes
# of values: single
Indexing: none
Definition: This is the date the person was added to the directory.
Notes: Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500
Example: creationDate: 2001-11-09T15:25:15-0500

dateOfBirth

Required: No
# of values: single
Indexing: none
Definition: A person’s date of birth.
Notes: The date of birth must be in the following format yyyy-mm-dd. Where yyyy is the 4 digit year, mm is the two digit month, and dd is the two digit day.
Example: dateOfBirth: 2001-01-01

degreeType

Required: No
# of values: single
Indexing: none
Definition: The type of degree a student is seeking.
Notes: This attribute will only have a value for people who have an affiliation type of student. This attribute has the following controlled vocabulary: bachelor, masters, doctorate, vetmed.
Example: degreeType: bachelor

department

Required: No
# of values: multi
Indexing: equality, substring, presence
Definition: The home department this person works in on campus.
Notes: Only a person with an affiliation of employee will have an entry in this attribute.
Example: department: Middleware Services

departmentNumber

Required: No
# of values: multi
Indexing: equality, presence
Definition: The numerical identifier for the home department this person works in on campus.
Notes: Only a person with an affiliation of employee will have an entry in this attribute.
Example: departmentNumber: 065602

displayName

Required: No
# of values: single
Indexing: equality, substring, presence
Definition: Preferred name of a person to be used when displaying this person’s name.
Notes:  
Example: displayName: John Smith

eduPersonAffiliation

Required: Yes
# of values: multi
Indexing: equality
Definition: Specifies the person’s relationship(s) to the institution in broad categories such as student, faculty, staff, alum, etc.
Notes:  
Example: eduPersonAffiliation: faculty

eduPersonPrimaryAffiliation

Required: Yes
# of values: single
Indexing: none
Definition: Specifies the person’s PRIMARY relationship to the institution in broad categories such as student, faculty, staff, alum, etc.
Notes:  
Example: eduPersonPrimaryAffiliation: student

eduPersonPrincipalName

Required: No
# of values: single
Indexing: none
Definition: The “NetID” of the person for the purposes of inter-institutional authentication. Should be stored in the form of user@univ.edu, where univ.edu is the name of the local security domain.
Notes: See extensive explanation of this field in the eduPerson specification: http://www.educause.edu/netatedu/groups/pki/eduperson/spec.txt This is NOT the person’s email address.
Example: eduPersonPrincipalName: jsmith@vt.edu

employeeOffCampus

Required: No
# of values: single
Indexing: none
Definition: Whether an employee is off campus or not.
Notes: Will be true or false.
Example: employeeOffCampus: false

expirationDate

Required: No
# of values: single
Indexing: none
Definition: This is the date the person is set to expire from the directory.
Notes: ISO8601 complete data w/ hours, minutes, and seconds Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500
Example: expirationDate: 2001-11-09T15:25:15-0500

facsimileTelephoneNumber

Required: No
# of values: multi
Indexing: none
Definition: A fax number for the person.
Notes: This should be the fax number associated with the address whose address type is office.
Example: facsimileTelephoneNumber: (540) 961-4567

gender

Required: Yes
# of values: single
Indexing: none
Definition: The gender of the person.
Notes: Will be Male, Female, or Unreported.
Example: gender: Male

givenName

Required: No
# of values: multi
Indexing: equality, substring, presence
Definition: The part of a person’s name which is not their surname nor middle name.
Notes: This is commenly a person’s first name. Names which contains hyphens (-) or spaces will be broken up into multiple entries as well as recorded as a single entry. Therefore a person with a given name of “Mary Jane” would have there entries here; “Mary”, “Jane”, and “Mary Jane”.
Example: givenName: Stephen

groupAddDate

Required: No
# of values: multi
Indexing: none
Definition: This is the date the person was added to a group.
Notes: The format for this entry is as follows. uugid date, where the uugid is a valid group id, and the date is an ISO8601 date, complete data w/ hours, minutes, and seconds, with a space separating the id and the date. Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500
Example: groupAddDate: fooGroup 2001-11-09T15:25:15-0500

groupExpireDate

Required: No
# of values: multi
Indexing: none
Definition: This is the date the person is to expire from a group.
Notes: The format for this entry is as follows. uugid date, where the uugid is a valid group id, and the date is an ISO8601 date, complete data w/ hours, minutes, and seconds, with a space separating the id and the date. Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500
Example: groupExpireDate: fooGroup 2001-11-09T15:25:15-0500

groupMembership

Required: No
# of values: multi
Indexing: equality, presence
Definition: A list of the group DNs this person is a member of.
Notes:  
Example: groupMembership: uugid=bioclub,ou=Groups,dc=vt,dc=edu

groupMembershipUugid

Required: No
# of values: multi
Indexing: equality, substring
Definition: A list of the group uugids this person is a member of.
Notes:  
Example: groupMembership: bioclub

guestId

Required: No
# of values: single
Indexing: equality, subtring, presence
Definition: The guest identifier for authentication.
Notes: For guest people.
Example: guestId: guest

homeFAX

Required: No
# of values: multi
Indexing: none
Definition: This should be the fax number associated with the address whose address type is home.
Notes:  
Example: homeFAX: (540) 961-4567

homeMobile

Required: No
# of values: multi
Indexing: none
Definition: The cellular phone number of the person associated with the address whose address type is home.
Notes:  
Example: homeMobile: (540) 999-9999

homePager

Required: No
# of values: multi
Indexing: none
Definition: The pager number or the person associated with the address whose address type is home.
Notes:  
Example: pager: +1 202 555 4321

homePhone

Required: No
# of values: multi
Indexing: none
Definition: The home telephone number associated with a person.
Notes: This should be the phone number associated with the address whose address type is home.
Example: homePhone: (608) 555-1212

homePostalAddress

Required: No
# of values: single
Indexing: none
Definition: This is the home postal address for this person.
Notes: This should be the address associated with the address whose address type is home. Addresses are in standard mailing format with a “$” used to represent a line break.
Example: homePostalAddress: 1234 Main St.$Anytown, CA 12345$US

initials

Required: No
# of values: single
Indexing: none
Definition: The initials of all of an individuals names, except for their surname(s).
Notes:  
Example: initials: f.x.

instantMessagingID

Required: No
# of values: multi
Indexing: equality, presence
Definition: This is a list of a person’s instant messaging Ids.
Notes: The format for this field is serviceId:userid where userId is a person’s id on a given messaging service, and serviceId is the id of the service. See the “Instant Messaging Service ID List” on the Middleware website for a complete list of possible service IDs.
Example: instantMessagingID: yahoo:jsmith

jpegPhoto

Required: No
# of values: single
Indexing: none
Definition: An image of this person in the JPEG File Interchange Format [JFIF].
Notes:  
Example: none

l

Required: No
# of values: single
Indexing: none
Definition: The name of a locality, such as a city, county or other geographic region.
Notes: This should be populated with the city information in the address object whose address type is office.
Example: l: Blacksburg

labeledURI

Required: No
# of values: multi
Indexing: none
Definition: Webpage(s) associated with the person.
Notes: The format for this attribute is “label:url”, where the label describes the link and the url is the URL of the link.
Example: labeledURI: homepage:http:***filebox.vt.edu/users/jsmith

lastEnrollmentTerm

Required: No
# of values: single
Indexing: none
Definition: Human readable form of the last academic term a student was enrolled in.
Notes: Only people with an affiliation of student will have a value in this attribute.
Example: lastEnrollmentTerm: Fall Semester 2004

lastEnrollmentTermCode

Required: No
# of values: single
Indexing: none
Definition: The last academic term a student was enrolled in.
Notes: Only people with an affiliation of student will have a value in this attribute. The values in this attribute are of the following syntax YYYYMM where YYYY is the 4 digit year this person last attended class and MM is the 2 digit month that term start.
Example: lastEnrollmentTermCode: 200101

localFAX

Required: No
# of values: multi
Indexing: none
Definition: A fax number for the person.
Notes: This should be the fax number associated with the address whose address type is local.
Example: localFAX: (540) 961-4567

localMobile

Required: No
# of values: multi
Indexing: none
Definition: The cellular phone number of the person associated with the address whose address type is local.
Notes:  
Example: homeMobile: (540) 999-9999

localPager

Required: No
# of values: multi
Indexing: none
Definition: A person’s page number associated with the address whose address type is local.
Notes:  
Example: pager: +1 202 555 4321

localPhone

Required: No
# of values: multi
Indexing: equality, substring, presence
Definition: The local phone number of this person.
Notes: This should be the phone number associated with the address whose address type is local.
Example: localPhone: 5402312345

localPostalAddress

Required: No
# of values: single
Indexing: none
Definition: This is the local postal address for this person.
Notes: This should be the address associated with the address whose address type is local. Addresses are in standard mailing format with a “$” used to represent a line break.
Example: localPostalAddress: 411 Slusher Hall$Blacksburg, VA 24060$US

mail

Required: No
# of values: multi
Indexing: equality, substring, presence
Definition: These are the e-mail address(es), last known in some cases, of a person.
Notes: This includes a person’s POP email address, POP email aliases, and Exchange email address(es) for VT affiliated personnel who have them.
Example: mail: jsmith@vt.edu

mailAccount

Required: No
# of values: single
Indexing: none
Definition: This is the name of the person’s email account in the mail system.
Notes:  
Example: mail: jsmith@vt.edu

mailAlias

Required: No
# of values: multi
Indexing: none
Definition: These are the e-mail alias(es) of a person.
Notes:  
Example: mail: john.smith@vt.edu

mailExternalAddress

Required: No
# of values: multi
Indexing: none
Definition: This is a person’s external email address.
Notes:  
Example: mailExternalAddress: user@vcom.vt.edu

mailForwardingAddress

Required: No
# of values: single
Indexing: none
Definition: This is a person’s email forwarding address.
Notes:  
Example: mail: jsmith@gmail.com

mailPreferredAddress

Required: No
# of values: single
Indexing: equality, substring, presence
Definition: This is a person’s preferred email address.
Notes:  
Example: mail: jsmith@vt.edu

mailStop

Required: No
# of values: single
Indexing: none
Definition: This field is used to store internal mail routing information.
Notes: This should be the mailStop associated with the address whose address type is office.
Example: MailStop: 0999

major

Required: No
# of values: multi
Indexing: equality, substring, presence
Definition: The academic major of this person.
Notes: This attribute is only populated if this person has a student affiliation.
Example: major: computer science

majorCode

Required: No
# of values: multi
Indexing: none
Definition: The academic major code of this person.
Notes: This attribute is only populated if this person has a student affiliation.
Example: major: CS

middleName

Required: No
# of values: multi
Indexing: equality, substring, presence
Definition: The middle name(s) of a person.
Notes:  
Example: middleName: Christopher

mobile

Required: No
# of values: multi
Indexing: equality, substring, presence
Definition: The cellular phone number of the person associated with the address whose address type is office.
Notes:  
Example: mobile: (540) 999-9999

networkPassword

Required: No
# of values: single
Indexing: none
Definition: The network password.
Notes:  
Example: networkPassword: networkpassword

nextEnrollmentTerm

Required: No
# of values: single
Indexing: none
Definition: The next academic term a student is enrolled in.
Notes: Only people with an affiliation of student will have a value in this attribute. The values in this attribute are of the following syntax YYYYMM where YYYY is the 4 digit year this person last attended class and MM is the 2 digit month that term start.
Example: nextEnrollmentTerm: 200301

nextEnrollmentTermCode

Required: No
# of values: single
Indexing: none
Definition: The human readable form of the next academic term a student is enrolled in.
Notes: Only people with an affiliation of student will have a value in this attribute.
Example: nextEnrollmentTerm: Fall Semester 2004

pager

Required: No
# of values: multi
Indexing: equality, substring, presence
Definition: A person’s page number associated with the address whose address type is office.
Notes:  
Example: pager: +1 202 555 4321

passwordChangeDate

Required: No
# of values: single
Indexing: none
Definition: This is the date the password was changed.
Note:  
Example: passwordChangeDate: 2016-04-05T10:33:07

passwordExpirationDate

Required: No
# of values: single
Indexing: none
Definition: This is the date the password will expire
Note:  
Example: passwordExpirationDate: 2016-04-05T10:33:07

passwordState

Required: No
# of values: single
Indexing: none
Definition: Indicates the current state of a person’s password, which may be either active or expired.
Note:  
Example: passwordState: active

personData

Required: No
# of values: multi
Indexing: none
Definition: This field allows additional information about a person to be stored.
Note: The format for this attribute is “label:data”, where the label describes the data.
Example: personData: sport:rugby

personType

Required: Yes
# of values: single
Indexing: none
Definition: This is the type of person.
Notes: A person may be of type ‘permanent’ or ‘revokable’ depending on how loosely affilated they are with the university.
Example: personType: PRM

postalAddress

Required: No
# of values: single
Indexing: none
Definition: The address of a person.
Notes: This address should correspond to a person’s address represented by the address object whose type is office. Addresses are in standard mailing format with a “$” used to represent a line break.
Example: postalAddress: P.O. Box 333$Sometown, WH 99999

postalCode

Required: No
# of values: multi
Indexing: none
Definition: The postal code of the person.
Notes: ZIP code in USA, postal code for other countries. This should be populated with the postalCode information in the address object whose address type is office.
Example: postalCode: 54321-1234

postOfficeBox

Required: No
# of values: multi
Indexing: none
Definition: The postal office box by which this person will receive physical postal delivery.
Notes: This should be populated with the postOfficeBox information in the address object whose address type is office.
Example: postOfficeBox: 109260

preferredLanguage

Required: No
# of values: single
Indexing: none
Definition: The preffered written or spoken language of the person.
Notes:  
Example: preferredLanguage: Esperanto

publicKey

Required: No
# of values: single
Indexing: none
Definition: A user’s public key.
Notes: May be their PGP key or some other key.
Example: none

responsiblePerson

Required: No
# of values: single
Indexing: equality, presence
Definition: This is the DN of the person who is responsible for this person’s inclusion in the directory and their access to services.
Notes: This should be used for special case inclusion of people in the directory. This inclusion should be relatively temporary. It is suggested that the expiration date be explicitly set if this field is used. If the person responsible for this person is removed from this directory, responsiblePerson should be set to another valid DN or this person should be removed from the directory.
Example: responsiblePerson: uid=1234565,ou=people,dc=vt,dc=edu

sn

Required: Yes
# of values: multi
Indexing: equality, substring
Definition: Surname, family name, or last name.
Notes: If the person has a multi-part surname (whether hyphenated or not), store each component as a separate value in this multi-valued attribute. That yields the best results for the broadest range of clients doing name searches.
Example: sn: Carson

st

Required: No
# of values: multi
Indexing: none
Definition: The name of the state or province a person lives in. Use two letter state abbreviations for US addresses.
Notes: This should be populated with the stateOrProvince information in the address object whose address type is office.
Example: st: VA

street

Required: No
# of values: multi
Indexing: none
Definition: The physical address of the person.
Notes: This should be populated with the street1 information in the address object whose address type is office.
Example: street: 303 Mulberry St.

studentLevelCode

Required: No
# of values: single
Indexing: none
Definition: The current student level code.
Notes:  
Example: studentLevelCode: UG

suppressEmployeeDisplay

Required: No
# of values: single
Indexing: none
Definition: Whether this employee is suppressed.
Notes:  
Example: suppressEmployeeDisplay: true

suppressDisplay

Required: No
# of values: single
Indexing: none
Definition: Whether this person’s entire record should be suppressed from public view.
Notes:  
Example: suppressDisplay: true

suppressedAttribute

Required: No
# of values: multi
Indexing: none
Definition: The user attributes a person wants to suppress from public display.
Notes:  
Example: suppressedAttribute: cn

telephoneNumber

Required: No
# of values: multi
Indexing: equality, substring, presence
Definition: Office/campus phone number.
Notes: This should be populated with the phone number that corresponds to the person’s address whose type is office.
Example: telephoneNumber: +1 212 555 1234 ext. 123

title

Required: No
# of values: single
Indexing: none
Definition: The working title of this person.
Notes:  
Example: title: Executive Assitant

udcIdentifier

Required: No
# of values: single
Indexing: none
Definition: The Sun Gard UDC Identifier.
Notes:  
Example: udcIdentifier: 00000000000000000000000000000001

uid

Required: Yes
# of values: single
Indexing: equality
Definition: A unique numerical value representing this person. This value is non-revocable and non-reusable. This value should be used when looking up authorization information.
Notes:  
Example: uid: 1125486

undergraduateLevel

Required: No
# of values: single
Indexing: equality, presence
Definition: The current grade level of an undergraduate student.
Notes: Only a person will only have a value in this attribute if they have an affiliaiton type of student and a degree type of bachelor. This attribute has the following controlled vocabulary: freshmen, sophomore, junior, senior.
Example: undergraduateLevel: junior

userCertificate

Required: No
# of values: single
Indexing: none
Definition: A user’s X.509 certificate.
Notes: RFC 2256 states that this attribute is to be stored and requested in the binary form, as ‘userCertificate;binary’.
Example:  

userPassword

Required: No
# of values: single
Indexing: none
Definition: A user’s hashed password
Notes:  
Example: userPassword: {sha}X5/DBrWPOQQaI

userSMIMECertificate

Required: No
# of values: single
Indexing: none
Definition: An X.509 certificate specifically for use in S/MIME applications (see RFCs 2632, 2633 and 2634).
Notes:  
Example: none

uupid

Required: No
# of values: single
Indexing: equality, substring, presence
Definition: Universally unique personal identifier; replaces current PID.
Notes: UUPIDs will only be issued to people and only one UUPID will be issued to a person. UUPIDs are revocable and reusable; as such they should NOT be the basis for any authorization decision. Instead use the UID.
Example: uupid: john_smith

virginiaTechAffiliation

Required: Yes
# of values: multi
Indexing: equality
Alias: vtAffiliation
Definition: Specifies the person’s relationship(s) to Virginia Tech in specific categories such as VT-STUDENT, VT-FACULTY, VT-STAFF, VT-ALUM, etc.
Notes: This attribute should be used instead of eduPersonAffiliation.
Example: virginiaTechAffiliation: VT-FACULTY

virginiaTechID

Required: No
# of values: single
Indexing: equality, presence
Definition: This is the 9 digit Virginia Tech ID number from Banner, sometimes known as the Banner ID number.
Notes:  
Example: virginiaTechID: 123456789

Objectclass virginiaTechGroup

administrator

Required: No
# of values: multi
Indexing: equality, presence
Definition: These are the DNs of the people who may administer this group.
Notes:  
Example: administrator: uid=987654,ou=People,dc=vt,dc=edu

contactPerson

Required: Yes
# of values: multi
Indexing: equality, presence
Definition: This is the DN of the person who should receive any correspondence for the group.
Notes: This is the person that will be contacted for administrative purposes (such a group renewal announcements). If a group email address isn’t specified this person will also get the daily correspondence for this group.
Example: contactPerson: uid=1234567,ou=People,dc=vt,dc=edu

creationDate

Required: Yes
# of values: single
Indexing: none
Definition: This is the date the group was added to the directory.
Notes: Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500
Example: creationDate: 2001-11-09T15:25:15-0500

displayName

Required: No
# of values: single
Indexing: none
Definition: This represents the human readable name of a group and will be displayed in place of, or along side of, the group’s uugid.
Notes: This name is not guaranteed to be unique.
Example: displayName: Karate Club

emailAddress

Required: No
# of values: single
Indexing: none
Definition: This is the email address that everyday correspondence to the group should be sent to.
Notes: If no email address is specified email correspondence will be sent to the contact person’s email address.
Example: emailAddress: karate_club@vt.edu

expirationDate

Required: No
# of values: single
Indexing: none
Definition: This is the date the group is set to expire from the directory.
Notes: Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500
Example: expirationDate: 2001-11-09T15:25:15-0500

groupData

Required: No
# of values: multi
Indexing: none
Definition: This field allows a group to store additional information about the group, which may be displayed along with other group information.
Notes: Some information that may be included here is a telephone number, an address, other websites, etc. Valid XHTML may be included to added emphasis to certain items.
Example: groupData: Meets on Thursdays from 5-7

groupMembership

Required: No
# of values: multi
Indexing: equality, presence
Definition: A list of the group DNs this group is a member of.
Notes:  
Example: groupMembership: uugid=bioclub,ou=Groups,dc=vt,dc=edu

labeledURI

Required: No
# of values: multi
Indexing: none
Definition: Webpage(s) associated with the group.
Notes: The format for this attribute is “label:url”, where the label describes the link and the url is the URL of the link.
Example: labeledURI: homepage:http:***filebox.vt.edu/karate_club

manager

Required: No
# of values: multi
Indexing: none
Definition: A list of the DNs who are managers of this group.
Notes:  
Example: manager: uid=1234567,ou=people,dc=vt,dc=edu

member===

Required: No
# of values: multi
Indexing: equality, presence
Definition: A list of the DNs who are members of this group. May include person and/or group DNs.
Notes:  
Example: member: uid=1234567,ou=people,dc=vt,dc=edu

suppressDisplay

Required: No
# of values: single
Indexing: none
Definition: Whether this group’s entire record should be suppressed from public view.
Notes:  
Example: suppressDisplay: true

suppressMembers

Required: No
# of values: single
Indexing: none
Definition: Whether this group’s membership should be suppressed from public view.
Notes:  
Example: suppressMembers: true

uid

Required: Yes
# of values: single
Indexing: equality
Definition: The unique indentifier for this group. Corresponds to the sequence number in the Registry.
Notes:  
Example: uid: 1

uugid

Required: Yes
# of values: single
Indexing: equality, substring, presence
Definition: This Universally Unique Group Identifier is the unique identifier of a group within the directory.
Notes:  
Example:  

viewer

Required: No
# of values: multi
Indexing: none
Definition: The DNs that may view this group and its membership.
Notes:  
Example: user: uusid=exampleService,ou=Services,dc=vt,dc=edu

Objectclass virginiaTechService

accountState

Required: Yes
# of values: single
Indexing: none
Definition: The current state of this service account.
Notes: May be one of two values: active or inactive.
Example: accountState: active

administrator

Required: Yes
# of values: multi
Indexing: equality, presence
Definition: A list of people DNs that may administer a service.
Notes: Administrators may add or remove authorized users from a service.
Example: administrator: uid=1254884,ou=People,dc=vt,dc=edu

contactPerson

Required: Yes
# of values: single
Indexing: equality, presence
Definition: This is the DN of the person who is ultimately responsible for this service.
Notes:  
Example: contactPerson: uid=987654,ou=People,dc=vt,dc=edu

creationDate

Required: Yes
# of values: single
Indexing: none
Definition: This is the date the service was added to the directory.
Notes: Time is 24 hour based. Format is yyyy-mm-ddThh:mmTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500
Example: creationDate: 2001-11-09T15:25:15-0500

certificate

Required: Yes
# of values: multi
Indexing: none
Definition: The public certificate of the service
Notes:  
Example:  

expirationDate

Required: No
# of values: single
Indexing: none
Definition: This is the date the service is set to expire from the directory.
Notes: Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500
Example: expirationDate: 2001-11-09T15:25:15-0500

serviceDN

Required: Yes
# of values: multi
Indexing: equality
Definition: The DN of the service certificate
Notes: The serviceDN must map to the certificate that did TLS client authentication to ED-LDAP for the service to have any privileges other than anonymous access.
Example: cn=ED-ID Service,ou=1,ou=Middleware-Client,o=Virginia Polytechnic Institute and State University,l=Blacksburg,st=Virginia,c=US,dc=vt,dc=edu

serviceType

Required: Yes
# of values: single
Indexing: none
Definition: This is the service type of the service.
Notes: Personal services may view any non-suppressed person attribute as well as any suppressed attribute in it’s view access control list (vACL) for the authenticated user originating the request, and may only display that information to that authenticated user. In other words a personal service will show you any of your suppressed attributes in its vACL, but only to you. Private services may view any non-suppressed person attribute as well as any suppressed attribute in its vACL for any person, however it may not make this information publicly viewable.
Example: serviceType: personal

uid

Required: Yes
# of values: single
Indexing: equality
Definition: The unique indentifier for this service. Corresponds to the sequence number in the Registry.
Notes:  
Example: uid: 1

uusid

Required: Yes
# of values: single
Indexing: equality, substring, presence
Definition: This Universally Unique Service Id is the unique identifier of a service within the directory.
Notes:  
Example: uusid: filebox

viewablePersonAttribute

Required: No
# of values: multi
Indexing: equality, presence
Definition: This is a list of virginiaTechPerson attributes that this service may view.
Notes: This list in used in conjunction with the service type to determine what usersuppressed fields a service can view.
Example: viewablePersonAttribute: mail

Objectclass virginiaTechEntitlement

creationDate

Required: Yes
# of values: single
Indexing: none
Definition: This is the date the entitlement was added to the directory.
Notes: Time is 24 hour based. Format is yyyy-mm-ddThh:mmTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500
Example: creationDate: 2001-11-09T15:25:15-0500

entitled

Required: No
# of values: multi
Indexing: none
Definition: A DN that represents the entry with this virginiaTechEntitlement.
Notes: Only people can currently have entitlements. In the future, this may be expanded to include services and groups.
Example: entitled: uid=1152120,ou=People,dc=vt,dc=edu

entitlement

Required: Yes
# of values: single
Indexing: none
Definition: A string that identifies the virginiaTechEntitlement
Notes: May coexist with eduPersonEntitlement in the future.
Example: entitlement: middleware:dat:person:create

expirationDate

Required: No
# of values: single
Indexing: none
Definition: The date this virginiaTechEntitlement will expire.
Notes: Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is -0500
Example: expirationDate: 2001-11-09T15:25:15-0500

manager

Required: Yes
# of values: multi
Indexing: none
Definition: The DN of the service that manages this virginaTechEntitlement.
Notes: Though this will initially only contain service DNs, it may contain people or group DNs in the future. This attribute is defined as multi-valued in RFC1274 (used by inetOrgPerson), but it should always contain one value. This will be enforced through replication.
Example: manager: uusid=service-manager,ou=Services,dc=vt,dc=edu
Required: No
# of values: single
Indexing: none
Definition: The DN that is sponsoring this virginiaTechEntitlement.
Notes: Initially this will be a person DN, but in the future it may contain service or group DNs.
Example: sponsor: uid=1152120,ou=People,dc=vt,dc=edu

uid

Required: Yes
# of values: single
Indexing: equality
Definition: The unique identifier for this virginiaTechEntitlement. Corresponds to VTENTITLEMENTS.VTENTITLEMENT_SEQNO in the Registry.
Notes: Not to be confused with a person, group, or service uid.
Example: uid: 1

viewer

Required: No
# of values: multi
Indexing: none
Definition: The DNs that may view this virginiaTechEntitlement.
Notes: Similar to a group’s viewer.
Example: viewer: uusid=viewer-service,ou=Services,dc=vt,dc=edu

Objectclass virginiaTechOrganization

orgCode

Required Yes
# of values: single
Indexing: equality
Definition: The organization code.
Example: orgCode: 066103

orgTitle

Required Yes
# of values: single
Indexing: equality, substring
Definition: The human readable organization title.
Example: orgTitle: Middleware & Identity Apps

orgLevel

Required Yes
# of values: single
Indexing: none
Definition: The numeric level of this organization.
Example: orgLevel: 6

orgLevelCode

Required Yes
# of values: multi
Indexing: equality
Definition: An organization level code.
Example: orgLevelCode: 066103

orgStatus

Required Yes
# of values: single
Indexing: equality
Definition: The organization status.
Example: orgStatus: A

orgEmployee

Required Yes
# of values: single
Indexing: equality
Definition: The DNs of the employees in this organization.
Example: orgEmployee: uid=1152120,ou=People,dc=vt,dc=edu

orgLevelCode[1-6]

Required Yes
# of values: multi
Indexing: equality
Definition: The organization level code with the level number.
Example: orgLevelCode6: 066103

uid

Required: Yes
# of values: single
Indexing: equality
Definition: The unique indentifier.
Notes:  
Example: uid: 1

creationDate

Required: No
# of values: single
Indexing: none
Definition: This is the date the organization was added to the directory.
Notes: Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500
Example: creationDate: 2001-11-09T15:25:15-0500

Change Log

1.0 -> 1.1

  • Added type “meeting” to the addressType attribute of the address object class
  • Added memberOf attribute to virginiaTechPerson object class
  • Added groupType attribute to group object class

1.1 -> 1.2

  • Renamed address, group, and service objectclasses to virginiaTechAddress, virginiaTechGroup, virginiaTechService respectively
  • Removed alternateID, userOfService, serviceExpirationDate, serviceAddDate, and groupVisibility from person object
  • Added bannerPIDM, chapSecret, departmentNumber, previousVirginiaTechID, and virginiaTechID attributes to person
  • Renamed memberOf attribute in person object to isMemberOf
  • Renamed currentState to accountState to bring schema inline with ED-Auth schema
  • Renamed responsibleID attribute in person object to responsiblePerson
  • Removed groupType attribute from groups
  • Added allowedServices attribute to groups
  • Removed user and viewableGroup attributes from service
  • Added contactPerson attribute to services
  • Renamed credential attribute on services to certificate

1.2 -> 1.3

  • Added legalName, majorCode, mailPreferredAddress, mailForwardingAddress, localPhone, localPostalAddress, mailStop, and title attributes
  • Changed the definitions of homePhone and homePostalAddress such that they only contain home address data
  • Changed the definitions of c, facsimileTelephoneNumber, l, postalAddress, postalCode, postalOfficeBox, st, street, and telephoneNumber such that they only contain business address data
  • Moved address, c, homepostalAddress, postalAddress, and postalCode from required attributes to optional attributes
  • Changed address definition to refer to address dn.

1.3 -> 1.4

  • Added mailAlias
  • Added mailAccount
  • Added lastEnrollmentTermCode
  • Changed lastEnrollmentTerm to be the human readable form of lastEnrollmentTermCode
  • Added nextEnrollmentTermCode
  • Changed nextEnrollmentTerm to be the human readable form of nextEnrollmentTermCode
  • In addresses, changed the definition of country so that it is no longer a required attribute

1.4 -> 1.5

  • Added suppressDisplay attribute for people
  • Moved administrator from required to optional for services
  • Renamed isMemberOf attribute in person object to groupMembership
  • Finalized group schema
  • Updated documentation for attributes that claim to contain UIDs, they really contain DNs

1.5 -> 1.6

  • Removed amateurRadioCallsign
  • Removed unixUid
  • Removed previousVirginiaTechID
  • Added personData
  • accountState, passwordState, userPassword, and uupid are no longer required attributes for virginiaTechPerson

1.6 -> 1.7

  • Added homeFAX, homeMobile, homePager, localFAX, localMobile, and localPager
  • Made localPhone multi-value
  • Renamed facsimileNumber to facsimileTelephoneNumber in virginiaTechAddress
  • Added personType
  • Made city and postalCode optional in virginiaTechAddress

1.7 -> 1.8

  • Added accountCreationDate, accountExpirationDate, accountShelveDate, classLevel, classLevelCode to virginiaTechPerson
  • Made uid a required attribute for virginiaTechService and virginiaTechGroup
  • Added manager and suppressMembers to virginiaTechGroup

1.8 -> 1.9

  • Add virginiaTechEntitlement objectclass.
  • Remove joinability and leaveability from virginiaTechGroup.
  • Add suppressEmployeeDisplay to virginiaTechPerson.
  • Make contactPerson multi-valued.
  • Add serviceDN to virginiaTechService.
  • Make certificate multi-valued.
  • Add authId and guestId.

1.9 -> 1.10

  • Add required attribute gender to virginiaTechPerson.
  • Add optional attribute employeeOffCampus to virginiaTechPerson.

1.10 -> 1.11

  • Change legalName to bannerName. Keep legalName as an alias to bannerName.
  • Add udcIdentifier.

1.12 -> 1.13

  • Add studentLevelCode.

1.13 -> 1.14

  • Add confidentialFlag.
  • Add accountRecoveryMaintenanceDate

1.14 -> 1.15

  • Add virginiaTechAffiliation
  • Note preference of using vtAffiliation instead of eduPersonAffilation.

1.15 -> 1.16

  • Replace chapSecret with networkPassword.

1.16 -> 1.17

  • Add passwordExpirationDate.

1.17 -> 1.18

  • Add groupMembershipUugid.
  • Add virginiaTechOrganization:
    • orgCode
    • orgTitle
    • orgLevel
    • orgLevelCode
    • orgStatus
    • orgEmployee
    • orgLevelCode1
    • orgLevelCode2
    • orgLevelCode3
    • orgLevelCode4
    • orgLevelCode5
    • orgLevelCode6
  • Add passwordChangeDate.