| Release |
1.19 |
| Date |
2018-02-12 |
About this Document
This document is the schema for the first phase of the Enterprise Directory system.
It contains most of the demographic data about a person that will be in the final phase of the Enterprise Directory, with the exception of those attributes which a person will have direct control over as this directory does not allow for writes.
It also contains group and service entry representation.
ED-Auth, ED-Lite, and ED-ID attributes are marked in the objectClass outline sections.
Layout
This document will begin with an outline of the schema used in the ED-LDAP directory which will give the object class and attributes in the class as well as the DIT for the directory. An in-depth description of each attribute will follow the outline.
Indexing
As with databases, LDAP directories provide a mechanism for creating indexes.
Searching on indexed attributes provide far faster results than searching on non-indexed fields.
The two most common types of indexing for LDAP directories are equality and substring.
Those attributes marked as being equality indexed allow exact match searches to be performed against them.
Attributes indexed in a substring manner allow wildcard searches to be performed against them.
If an attribute is marked as having both equality and substring indexes, the equality search will perform better and should be used if possible.
The equality index is used when no wildcard character appears in the string being searched for.
Schema Outline
ObjectClass Outline
objectclass virginiaTechAddress
| superior: |
top |
|
|
|
| required: |
|
|
|
|
| |
|
ED-ID |
ED-Auth |
ED-Lite |
| |
addressType |
✔ |
|
|
| |
uuaid |
✔ |
|
|
| optional: |
|
|
|
|
| |
city |
✔ |
|
|
| |
country |
✔ |
|
|
| |
facsimileTelephoneNumber |
✔ |
|
|
| |
mailStop |
✔ |
|
|
| |
mobile |
✔ |
|
|
| |
pager |
✔ |
|
|
| |
postalCode |
✔ |
|
|
| |
postOfficeBox |
✔ |
|
|
| |
stateOrProvince |
✔ |
|
|
| |
street1 |
✔ |
|
|
| |
street2 |
✔ |
|
|
| |
telephoneNumber |
✔ |
|
|
objectclass virginiaTechPerson
| superior: |
top |
|
|
|
| required: |
|
|
|
|
| |
|
ED-ID |
ED-Auth |
ED-Lite |
| |
cn |
✔ |
|
✔ |
| |
creationDate |
✔ |
|
|
| |
eduPersonAffiliation |
✔ |
✔ |
|
| |
eduPersonPrimaryAffiliation |
✔ |
✔ |
|
| |
gender |
✔ |
|
|
| |
personType |
✔ |
|
|
| |
sn |
✔ |
|
✔ |
| |
uid |
✔ |
✔ |
✔ |
| |
virginiaTechAffiliation |
✔ |
✔ |
|
| optional: |
|
|
|
|
| |
accountCreationDate |
✔ |
|
|
| |
accountExpirationDate |
✔ |
|
|
| |
accountRecoveryMaintenanceDate |
✔ |
|
|
| |
accountShelveDate |
✔ |
|
|
| |
accountState |
✔ |
✔ |
|
| |
address |
✔ |
|
|
| |
authId |
✔ |
✔ |
|
| |
bannerName |
✔ |
|
|
| |
bannerPIDM |
✔ |
|
|
| |
c |
✔ |
|
✔ |
| |
campus |
✔ |
|
|
| |
classLevel |
✔ |
|
|
| |
classLevelCode |
✔ |
|
|
| |
confidentialFlag |
✔ |
|
|
| |
dateOfBirth |
✔ |
|
|
| |
degreeType |
✔ |
|
|
| |
department |
✔ |
|
✔ |
| |
departmentNumber |
✔ |
|
✔ |
| |
displayName |
✔ |
|
✔ |
| |
eduPersonPrincipalName |
✔ |
|
|
| |
employeeOffCampus |
✔ |
|
|
| |
expirationDate |
✔ |
|
|
| |
facsimileTelephoneNumber |
✔ |
|
|
| |
givenName |
✔ |
|
✔ |
| |
groupAddDate |
✔ |
|
|
| |
groupExpireDate |
✔ |
|
|
| |
groupMembership |
✔ |
✔ |
|
| |
groupMembershipUugid |
✔ |
✔ |
|
| |
guestId |
✔ |
✔ |
|
| |
homeFAX |
✔ |
|
|
| |
homeMobile |
✔ |
|
|
| |
homePager |
✔ |
|
|
| |
homePhone |
✔ |
|
|
| |
homePostalAddress |
✔ |
|
|
| |
initials |
✔ |
|
|
| |
instantMessagingID |
✔ |
|
✔ |
| |
jpegPhoto |
✔ |
|
|
| |
l |
✔ |
|
✔ |
| |
labeledURI |
✔ |
|
✔ |
| |
lastEnrollmentTerm |
✔ |
|
|
| |
lastEnrollmentTermCode |
✔ |
|
|
| |
localFAX |
✔ |
|
|
| |
localMobile |
✔ |
|
|
| |
localPager |
✔ |
|
|
| |
localPhone |
✔ |
|
✔ |
| |
localPostalAddress |
✔ |
|
✔ |
| |
mail |
✔ |
|
|
| |
mailAccount |
✔ |
|
|
| |
mailAlias |
✔ |
|
|
| |
mailAuxiliaryAccount |
✔ |
|
|
| |
mailExternalAddress |
✔ |
|
|
| |
mailForwardingAddress |
✔ |
|
|
| |
mailPreferredAddress |
✔ |
|
✔ |
| |
mailStop |
✔ |
|
✔ |
| |
major |
✔ |
|
✔ |
| |
majorCode |
✔ |
|
|
| |
middleName |
✔ |
|
✔ |
| |
mobile |
✔ |
|
|
| |
networkPassword |
✔ |
|
|
| |
nextEnrollmentTerm |
✔ |
|
|
| |
nextEnrollmentTermCode |
✔ |
|
|
| |
pager |
✔ |
|
|
| |
passwordChangeDate |
✔ |
✔ |
|
| |
passwordExpirationDate |
✔ |
✔ |
|
| |
passwordState |
✔ |
✔ |
|
| |
personData |
✔ |
|
✔ |
| |
postalAddress |
✔ |
|
✔ |
| |
postalCode |
✔ |
|
✔ |
| |
postOfficeBox |
✔ |
|
✔ |
| |
preferredLanguage |
✔ |
|
|
| |
publicKey |
✔ |
|
✔ |
| |
responsiblePerson |
✔ |
|
|
| |
st |
✔ |
|
✔ |
| |
street |
✔ |
|
✔ |
| |
studentLevelCode |
✔ |
|
|
| |
suppressEmployeeDisplay |
✔ |
|
|
| |
suppressDisplay |
✔ |
|
|
| |
suppressedAttribute |
✔ |
|
|
| |
telephoneNumber |
✔ |
|
✔ |
| |
title |
✔ |
|
✔ |
| |
udcIdentifier |
✔ |
|
|
| |
undergraduateLevel |
✔ |
|
|
| |
userCertificate |
✔ |
|
✔ |
| |
userPassword |
✔ |
✔ |
|
| |
userSMIMECertificate |
✔ |
|
✔ |
| |
uupid |
✔ |
✔ |
✔ |
| |
virginiaTechID |
✔ |
|
|
objectclass virginiaTechGroup
| superior: |
top |
|
|
|
| required: |
|
|
|
|
| |
|
ED-ID |
ED-Auth |
ED-Lite |
| |
contactPerson |
✔ |
|
|
| |
creationDate |
✔ |
|
|
| |
uid |
✔ |
✔ |
✔ |
| |
uugid |
✔ |
✔ |
✔ |
| optional: |
|
|
|
|
| |
administrator |
✔ |
|
|
| |
displayName |
✔ |
|
✔ |
| |
emailAddress |
✔ |
|
✔ |
| |
expirationDate |
✔ |
|
|
| |
groupData |
✔ |
|
✔ |
| |
groupMembership |
✔ |
✔ |
✔ |
| |
labeledURI |
✔ |
|
✔ |
| |
manager |
✔ |
|
|
| |
member |
✔ |
✔ |
✔ |
| |
suppressDisplay |
✔ |
|
✔ |
| |
suppressMembers |
✔ |
|
✔ |
| |
viewer |
✔ |
|
|
objectclass virginiaTechService
| superior: |
top |
|
|
|
| required: |
|
|
|
|
| |
|
ED-ID |
ED-Auth |
ED-Lite |
| |
accountState |
✔ |
|
|
| |
administrator |
✔ |
|
|
| |
certificate |
✔ |
|
|
| |
contactPerson |
✔ |
|
|
| |
creationDate |
✔ |
|
|
| |
serviceDN |
✔ |
|
|
| |
serviceType |
✔ |
|
|
| |
uid |
✔ |
|
|
| |
uusid |
✔ |
|
|
| optional: |
|
|
|
|
| |
endpointBinding |
✔ |
|
|
| |
endpointProtocol |
✔ |
|
|
| |
endpointURI |
✔ |
|
|
| |
expirationDate |
✔ |
|
|
| |
viewablePersonAttribute |
✔ |
|
|
objectclass virginiaTechEntitlement
| superior: |
top |
|
|
|
| required: |
|
|
|
|
| |
|
ED-ID |
ED-Auth |
ED-Lite |
| |
creationDate |
✔ |
|
|
| |
entitlement |
✔ |
|
|
| |
manager |
✔ |
|
|
| |
uid |
✔ |
|
|
| optional: |
|
|
|
|
| |
entitled |
✔ |
|
|
| |
expirationDate |
✔ |
|
|
| |
sponsor |
✔ |
|
|
| |
viewer |
✔ |
|
|
objectclass virginiaTechOrganization
| superior: |
top |
|
|
|
| required: |
|
|
|
|
| |
|
ED-ID |
ED-Auth |
ED-Lite |
| |
orgCode |
✔ |
|
|
| |
orgTitle |
✔ |
|
|
| |
orgLevel |
✔ |
|
|
| |
orgLevelCode |
✔ |
|
|
| |
uid |
✔ |
|
|
| |
orgStatus |
✔ |
|
|
| optional: |
|
|
|
|
| |
creationDate |
✔ |
|
|
| |
orgEmployee |
✔ |
|
|
| |
orgLevelCode 1 |
✔ |
|
|
| |
orgLevelCode 2 |
✔ |
|
|
| |
orgLevelCode 3 |
✔ |
|
|
| |
orgLevelCode 4 |
✔ |
|
|
| |
orgLevelCode 5 |
✔ |
|
|
| |
orgLevelCode 6 |
✔ |
|
|
Object Classes
Objectclass virginiaTechAddress
addressType
| Required: |
Yes |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The type of the address: home - indicates this is a person’s permanent mailing address. This would be an employee’s home, or a student’s permanent mailing address (most likely their parent or guardian’s address). local - indicates this is a person’s temporary address. This is used for a student’s address while they are actively attending VT (most likely a student’s dorm or apartment address). office - indicates this is a person’s business address. This may be an employee’s office address or a vendor’s business address. meeting – indicates the location where a given group meets. |
| Notes: |
accepted values are home, local, business, meeting. |
| Example: |
addressType: home |
city
| Required: |
Yes |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The city the street or post office box is in. |
| Notes: |
|
| Example: |
city: Blacksburg |
country
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The two letter abbreviation for the country that this address is in. |
| Notes: |
a two-letter ISO 3166 country code. |
| Example: |
country: US |
facsimileTelephoneNumber
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
The facsimile (fax) number for this address. |
| Notes: |
International phone number, as described in E.123[15]. |
| Example: |
facsimileTelephoneNumber: (540) 231-7886 |
mailStop
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This field is used to store internal mail routing information. |
| Notes: |
For VT business addresses this should be the mail code. This is not to be used for P.O. Box information, use postOfficeBox instead. |
| Example: |
mailStop: 0999 |
mobile
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
equality, substring, presence |
| Definition: |
The cellular phone number for this address. |
| Notes: |
|
| Example: |
mobile: (540) 999-9999 |
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
equality, substring, presence |
| Definition: |
The pager number for this address. |
| Notes: |
|
| Example: |
pager: +1 202 555 4321 |
postalCode
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The postal code. |
| Notes: |
|
| Example: |
postalCode: 600 |
postOfficeBox
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
The postal office box by which this address will receive physical postal delivery. |
| Notes: |
|
| Example: |
postOfficeBox: 109260 |
stateOrProvince
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The abbreviated state or province the city is in. |
| Notes: |
For a US address use the two letter state abbreviations. |
| Example: |
stateOrProvince: VA |
street1
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This is the first line of a person’s street address. Normally this would be the house number and road they live on. |
| Notes: |
This field is never to be used for a P.O. Box number or internal mail routing information (like mail codes). Use either postOfficeBox or mailStop, respectively, instead. If a steet1 is not populated postOfficeBox must be. |
| Example: |
street1: 1700 Washington St. |
street2
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This is the second line of a person’s street address. Normally this would be used for apartment numbers. |
| Notes: |
This field is never to be used for a P.O. Box number or internal mail routing information (like mail codes). Use either postOfficeBox or mailStop, respectively, instead. |
| Example: |
street2: Apt. L |
telephoneNumber
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
equality, substring, presence |
| Definition: |
The telephone number(s) associated with this address. |
| Notes: |
International phone number, as described in E.123[15]. |
| Example: |
telephoneNumber: (608) 555-1212 |
uuaid
| Required: |
Yes |
| Cardinality: |
single |
| Indexing: |
equality, presence |
| Definition: |
This is the unique identifier for this address object. |
| Notes: |
|
| Example: |
uuaid: 1018614882726 |
Objectclass virginiaTechPerson
accountCreationDate
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This is the date the person’s account was created |
| Notes: |
Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: |
accountCreationDate: 2003-08-10T06:32:08 |
accountExpirationDate
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This is the date the person’s account will expire. |
| Notes: |
Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: |
accountExpirationDate: 2003-08-10T06:32:08 |
accountRecoveryMaintenanceDate
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This is the last date the person’s account recovery options were maintained |
| Notes: |
Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: |
accountRecoveryMaintenanceDate: 2003-08-10T06:32:08 |
accountShelveDate
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This is the date the person’s account will be moved to a shelved state. |
| Notes: |
Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: |
accountShelveDate: 2003-08-10T06:32:08 |
accountState
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This is the current authentication state of this person’s account. |
| Notes: |
This attribute will have the following controlled vocabulary: expected, ACTIVE, LOCKED, SHELVED, TO BE RELEASED. |
| Example: |
accountState: LOCKED |
address
| Required: |
Yes |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
A list of all the addresses, identified by address dn, currently known for this person. |
| Notes: |
Special care should be taken to remove addresses as they are determined to be out of date. |
| Example: |
address: uuaid=123456,ou=Addresses,dc=vt,dc=edu |
authId
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
equality, substring, presence |
| Definition: |
The authentication identifier(s). |
| Notes: |
May contain uupid and guestId. |
| Example: |
authId: dave |
bannerName
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Alias: |
legalName |
| Definition: |
The banner name of this person. |
| Notes: |
This should be the user name of this person in the banner spriden table. |
| Example: |
bannerName: John Q. Public |
bannerPIDM
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
equality, presence |
| Definition: |
The 8 digit Banner PIDM number for this person. |
| Notes: |
|
| Example: |
bannerPIDM: 12345678 |
c
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The two letter country abbreviation. |
| Notes: |
This should be the country code associated with the address whose address type office. |
| Example: |
c: CA |
campus
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The name of the campus this person is currently affiliated with. For instance the campus a student is attending, or the campus at which a staff member works. |
| Notes: |
Current values: Blacksburg, National Capital Region, Western, Valley, Central, Hampton Roads Center, Capital, Other, Virtual, AlumNET |
| Example: |
campus: Blacksburg |
classLevel
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The Banner class level. |
| Notes: |
|
| Example: |
classLevel: Senior |
classLevelCode
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The Banner class level code. |
| Notes: |
|
| Example: |
classLevelCode: 40 |
cn
| Required: |
Yes |
| Cardinality: |
multi |
| Indexing: |
equality, substring |
| Definition: |
The person’s full name. |
| Notes: |
|
| Example: |
cn: Mary Francis Xavier |
confidentialFlag
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
Whether this person is confidential. |
| Notes: |
|
| Example: |
confidentialFlag: true |
creationDate
| Required: |
Yes |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This is the date the person was added to the directory. |
| Notes: |
Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: |
creationDate: 2001-11-09T15:25:15-0500 |
dateOfBirth
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
A person’s date of birth. |
| Notes: |
The date of birth must be in the following format yyyy-mm-dd. Where yyyy is the 4 digit year, mm is the two digit month, and dd is the two digit day. |
| Example: |
dateOfBirth: 2001-01-01 |
degreeType
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The type of degree a student is seeking. |
| Notes: |
This attribute will only have a value for people who have an affiliation type of student. This attribute has the following controlled vocabulary: bachelor, masters, doctorate, vetmed. |
| Example: |
degreeType: bachelor |
department
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
equality, substring, presence |
| Definition: |
The home department this person works in on campus. |
| Notes: |
Only a person with an affiliation of employee will have an entry in this attribute. |
| Example: |
department: Middleware Services |
departmentNumber
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
equality, presence |
| Definition: |
The numerical identifier for the home department this person works in on campus. |
| Notes: |
Only a person with an affiliation of employee will have an entry in this attribute. |
| Example: |
departmentNumber: 065602 |
displayName
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
equality, substring, presence |
| Definition: |
Preferred name of a person to be used when displaying this person’s name. |
| Notes: |
|
| Example: |
displayName: John Smith |
eduPersonAffiliation
| Required: |
Yes |
| Cardinality: |
multi |
| Indexing: |
equality |
| Definition: |
Specifies the person’s relationship(s) to the institution in broad categories such as student, faculty, staff, alum, etc. |
| Notes: |
|
| Example: |
eduPersonAffiliation: faculty |
eduPersonPrimaryAffiliation
| Required: |
Yes |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
Specifies the person’s PRIMARY relationship to the institution in broad categories such as student, faculty, staff, alum, etc. |
| Notes: |
|
| Example: |
eduPersonPrimaryAffiliation: student |
eduPersonPrincipalName
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The “NetID” of the person for the purposes of inter-institutional authentication. Should be stored in the form of user@univ.edu, where univ.edu is the name of the local security domain. |
| Notes: |
See extensive explanation of this field in the eduPerson specification: http://www.educause.edu/netatedu/groups/pki/eduperson/spec.txt This is NOT the person’s email address. |
| Example: |
eduPersonPrincipalName: jsmith@vt.edu |
employeeOffCampus
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
Whether an employee is off campus or not. |
| Notes: |
Will be true or false. |
| Example: |
employeeOffCampus: false |
expirationDate
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This is the date the person is set to expire from the directory. |
| Notes: |
ISO8601 complete data w/ hours, minutes, and seconds Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: |
expirationDate: 2001-11-09T15:25:15-0500 |
facsimileTelephoneNumber
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
A fax number for the person. |
| Notes: |
This should be the fax number associated with the address whose address type is office. |
| Example: |
facsimileTelephoneNumber: (540) 961-4567 |
gender
| Required: |
Yes |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The gender of the person. |
| Notes: |
Will be Male, Female, or Unreported. |
| Example: |
gender: Male |
givenName
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
equality, substring, presence |
| Definition: |
The part of a person’s name which is not their surname nor middle name. |
| Notes: |
|
| Example: |
givenName: Stephen |
groupAddDate
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
This is the date the person was added to a group. |
| Notes: |
The format for this entry is as follows. uugid date, where the uugid is a valid group id, and the date is an ISO8601 date, complete data w/ hours, minutes, and seconds, with a space separating the id and the date. Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: |
groupAddDate: fooGroup 2001-11-09T15:25:15-0500 |
groupExpireDate
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
This is the date the person is to expire from a group. |
| Notes: |
The format for this entry is as follows. uugid date, where the uugid is a valid group id, and the date is an ISO8601 date, complete data w/ hours, minutes, and seconds, with a space separating the id and the date. Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: |
groupExpireDate: fooGroup 2001-11-09T15:25:15-0500 |
groupMembership
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
equality, presence |
| Definition: |
A list of the group DNs this person is a member of. |
| Notes: |
|
| Example: |
groupMembership: uugid=bioclub,ou=Groups,dc=vt,dc=edu |
groupMembershipUugid
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
equality, substring |
| Definition: |
A list of the group uugids this person is a member of. |
| Notes: |
|
| Example: |
groupMembership: bioclub |
guestId
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
equality, subtring, presence |
| Definition: |
The guest identifier for authentication. |
| Notes: |
For guest people. |
| Example: |
guestId: guest |
homeFAX
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
This should be the fax number associated with the address whose address type is home. |
| Notes: |
|
| Example: |
homeFAX: (540) 961-4567 |
homeMobile
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
The cellular phone number of the person associated with the address whose address type is home. |
| Notes: |
|
| Example: |
homeMobile: (540) 999-9999 |
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
The pager number or the person associated with the address whose address type is home. |
| Notes: |
|
| Example: |
pager: +1 202 555 4321 |
homePhone
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
The home telephone number associated with a person. |
| Notes: |
This should be the phone number associated with the address whose address type is home. |
| Example: |
homePhone: (608) 555-1212 |
homePostalAddress
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This is the home postal address for this person. |
| Notes: |
This should be the address associated with the address whose address type is home. Addresses are in standard mailing format with a “$” used to represent a line break. |
| Example: |
homePostalAddress: 1234 Main St.$Anytown, CA 12345$US |
initials
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The initials of all of an individuals names, except for their surname(s). |
| Notes: |
|
| Example: |
initials: f.x. |
instantMessagingID
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
equality, presence |
| Definition: |
This is a list of a person’s instant messaging Ids. |
| Notes: |
The format for this field is serviceId:userid where userId is a person’s id on a given messaging service, and serviceId is the id of the service. See the “Instant Messaging Service ID List” on the Middleware website for a complete list of possible service IDs. |
| Example: |
instantMessagingID: yahoo:jsmith |
jpegPhoto
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
An image of this person in the JPEG File Interchange Format [JFIF]. |
| Notes: |
|
| Example: |
none |
l
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The name of a locality, such as a city, county or other geographic region. |
| Notes: |
This should be populated with the city information in the address object whose address type is office. |
| Example: |
l: Blacksburg |
labeledURI
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
Webpage(s) associated with the person. |
| Notes: |
The format for this attribute is “label:url”, where the label describes the link and the url is the URL of the link. |
| Example: |
labeledURI: homepage:http://filebox.vt.edu/users/jsmith |
lastEnrollmentTerm
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
Human readable form of the last academic term a student was enrolled in. |
| Notes: |
Only people with an affiliation of student will have a value in this attribute. |
| Example: |
lastEnrollmentTerm: Fall Semester 2004 |
lastEnrollmentTermCode
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The last academic term a student was enrolled in. |
| Notes: |
Only people with an affiliation of student will have a value in this attribute. The values in this attribute are of the following syntax YYYYMM where YYYY is the 4 digit year this person last attended class and MM is the 2 digit month that term start. |
| Example: |
lastEnrollmentTermCode: 200101 |
localFAX
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
A fax number for the person. |
| Notes: |
This should be the fax number associated with the address whose address type is local. |
| Example: |
localFAX: (540) 961-4567 |
localMobile
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
The cellular phone number of the person associated with the address whose address type is local. |
| Notes: |
|
| Example: |
homeMobile: (540) 999-9999 |
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
A person’s page number associated with the address whose address type is local. |
| Notes: |
|
| Example: |
pager: +1 202 555 4321 |
localPhone
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
equality, substring, presence |
| Definition: |
The local phone number of this person. |
| Notes: |
This should be the phone number associated with the address whose address type is local. |
| Example: |
localPhone: 5402312345 |
localPostalAddress
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This is the local postal address for this person. |
| Notes: |
This should be the address associated with the address whose address type is local. Addresses are in standard mailing format with a “$” used to represent a line break. |
| Example: |
localPostalAddress: 411 Slusher Hall$Blacksburg, VA 24060$US |
mail
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
equality, substring, presence |
| Definition: |
These are the e-mail address(es). |
| Notes: |
This includes a person’s POP email address, POP email aliases, and Exchange email address(es) for VT affiliated personnel who have them. |
| Example: |
mail: jsmith@vt.edu |
mailAccount
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This is the name of the person’s email account in the mail system. |
| Notes: |
|
| Example: |
mail: jsmith@vt.edu |
mailAlias
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
These are the e-mail alias(es) of a person. |
| Notes: |
|
| Example: |
mail: john.smith@vt.edu |
mailAuxiliaryAccount
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
These are the auxiliary email accounts of a person. |
| Notes: |
|
| Example: |
mail: gae@vt.edu |
mailExternalAddress
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
This is a person’s external email address. |
| Notes: |
|
| Example: |
mailExternalAddress: user@vcom.vt.edu |
mailForwardingAddress
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This is a person’s email forwarding address. |
| Notes: |
|
| Example: |
mail: jsmith@gmail.com |
mailPreferredAddress
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
equality, substring, presence |
| Definition: |
This is a person’s preferred email address. |
| Notes: |
|
| Example: |
mail: jsmith@vt.edu |
mailStop
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This field is used to store internal mail routing information. |
| Notes: |
This should be the mailStop associated with the address whose address type is office. |
| Example: |
MailStop: 0999 |
major
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
equality, substring, presence |
| Definition: |
The academic major of this person. |
| Notes: |
This attribute is only populated if this person has a student affiliation. |
| Example: |
major: computer science |
majorCode
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
The academic major code of this person. |
| Notes: |
This attribute is only populated if this person has a student affiliation. |
| Example: |
major: CS |
middleName
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
equality, substring, presence |
| Definition: |
The middle name(s) of a person. |
| Notes: |
|
| Example: |
middleName: Christopher |
mobile
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
equality, substring, presence |
| Definition: |
The cellular phone number of the person associated with the address whose address type is office. |
| Notes: |
|
| Example: |
mobile: (540) 999-9999 |
networkPassword
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The network password. |
| Notes: |
|
| Example: |
networkPassword: networkpassword |
nextEnrollmentTerm
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The human readable form of the next academic term a student is enrolled in. |
| Notes: |
Only people with an affiliation of student will have a value in this attribute. |
| Example: |
nextEnrollmentTerm: Fall Semster 2004 |
nextEnrollmentTermCode
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The next academic term a student is enrolled in. |
| Notes: |
Only people with an affiliation of student will have a value in this attribute. The values in this attribute are of the following syntax YYYYMM where YYYY is the 4 digit year this person last attended class and MM is the 2 digit month that term start. |
| Example: |
nextEnrollmentTermCode: 200409 |
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
equality, substring, presence |
| Definition: |
A person’s page number associated with the address whose address type is office. |
| Notes: |
|
| Example: |
pager: +1 202 555 4321 |
passwordChangeDate
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This is the date the password was changed. |
| Note: |
|
| Example: |
passwordChangeDate: 2016-04-05T10:33:07 |
passwordExpirationDate
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This is the date the password will expire |
| Note: |
|
| Example: |
passwordExpirationDate: 2016-04-05T10:33:07 |
passwordState
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
Indicates the current state of a person’s password, which may be either active or expired. |
| Note: |
|
| Example: |
passwordState: active |
personData
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
This field allows additional information about a person to be stored. |
| Note: |
The format for this attribute is “label:data”, where the label describes the data. |
| Example: |
personData: sport:rugby |
personType
| Required: |
Yes |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This is the type of person. |
| Notes: |
A person may be of type ‘Virginia Tech’, ‘Sponsored’, or ‘Guest’. |
| Example: |
personType: Virginia Tech |
postalAddress
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The address of a person. |
| Notes: |
This address should correspond to a person’s address represented by the address object whose type is office. Addresses are in standard mailing format with a “$” used to represent a line break. |
| Example: |
postalAddress: P.O. Box 333$Sometown, WH 99999 |
postalCode
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
The postal code of the person. |
| Notes: |
ZIP code in USA, postal code for other countries. This should be populated with the postalCode information in the address object whose address type is office. |
| Example: |
postalCode: 54321-1234 |
postOfficeBox
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
The postal office box by which this person will receive physical postal delivery. |
| Notes: |
This should be populated with the postOfficeBox information in the address object whose address type is office. |
| Example: |
postOfficeBox: 109260 |
preferredLanguage
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The preffered written or spoken language of the person. |
| Notes: |
|
| Example: |
preferredLanguage: Esperanto |
publicKey
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
A user’s public key. |
| Notes: |
May be their PGP key or some other key. |
| Example: |
none |
responsiblePerson
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
equality, presence |
| Definition: |
This is the DN of the person who is responsible for this person’s inclusion in the directory and their access to services. |
| Notes: |
This should be used for special case inclusion of people in the directory. This inclusion should be relatively temporary. It is suggested that the expiration date be explicitly set if this field is used. If the person responsible for this person is removed from this directory, responsiblePerson should be set to another valid DN or this person should be removed from the directory. |
| Example: |
responsiblePerson: uid=1234565,ou=people,dc=vt,dc=edu |
sn
| Required: |
Yes |
| Cardinality: |
multi |
| Indexing: |
equality, substring |
| Definition: |
Surname, family name, or last name. |
| Notes: |
|
| Example: |
sn: Carson |
st
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
The name of the state or province a person lives in. Use two letter state abbreviations for US addresses. |
| Notes: |
This should be populated with the stateOrProvince information in the address object whose address type is office. |
| Example: |
st: VA |
street
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
The physical address of the person. |
| Notes: |
This should be populated with the street1 information in the address object whose address type is office. |
| Example: |
street: 303 Mulberry St. |
studentLevelCode
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The current student level code. |
| Notes: |
Allowed values: 00 (Not declared), 76 (Prior to 76), AL (AlumNet/NonCredit), AQ (Associate, Quarter System), AS (Associate), GQ (Graduate, Qtr System), GR (Graduate), MD (Medicine), PQ (Professional, Qtr System), PR (Professional), UG (Undergraduate), UQ (Undergraduate, Qtr System) |
| Example: |
studentLevelCode: UG |
suppressDisplay
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
Whether this person’s entire record should be suppressed from public view. |
| Notes: |
|
| Example: |
suppressDisplay: true |
suppressEmployeeDisplay
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
Whether this employee is suppressed. |
| Notes: |
|
| Example: |
suppressEmployeeDisplay: true |
suppressedAttribute
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
The user attributes a person wants to suppress from public display. |
| Notes: |
|
| Example: |
suppressedAttribute: cn |
telephoneNumber
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
equality, substring, presence |
| Definition: |
Office/campus phone number. |
| Notes: |
This should be populated with the phone number that corresponds to the person’s address whose type is office. |
| Example: |
telephoneNumber: +1 212 555 1234 ext. 123 |
title
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The working title of this person. |
| Notes: |
|
| Example: |
title: Executive Assitant |
udcIdentifier
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The Banner UDC Identifier. |
| Notes: |
|
| Example: |
udcIdentifier: 00000000000000000000000000000001 |
uid
| Required: |
Yes |
| Cardinality: |
single |
| Indexing: |
equality |
| Definition: |
A unique numerical value representing this person. This value is non-revocable and non-reusable. This value should be used when looking up authorization information. |
| Notes: |
|
| Example: |
uid: 1125486 |
undergraduateLevel
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
equality, presence |
| Definition: |
The current grade level of an undergraduate student. |
| Notes: |
Only a person will only have a value in this attribute if they have an affiliaiton type of student and a degree type of bachelor. This attribute has the following controlled vocabulary: freshmen, sophomore, junior, senior. |
| Example: |
undergraduateLevel: junior |
userCertificate
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
A user’s X.509 certificate. |
| Notes: |
RFC 2256 states that this attribute is to be stored and requested in the binary form, as ‘userCertificate;binary’. |
| Example: |
|
userPassword
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
A user’s hashed password |
| Notes: |
|
| Example: |
userPassword: {sha}X5/DBrWPOQQaI |
userSMIMECertificate
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
An X.509 certificate specifically for use in S/MIME applications (see RFCs 2632, 2633 and 2634). |
| Notes: |
|
| Example: |
none |
uupid
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
equality, substring, presence |
| Definition: |
Universally unique personal identifier; replaces current PID. |
| Notes: |
UUPIDs will only be issued to people and only one UUPID will be issued to a person. UUPIDs are revocable and reusable; as such they should NOT be the basis for any authorization decision. Instead use the UID. |
| Example: |
uupid: john_smith |
virginiaTechAffiliation
| Required: |
Yes |
| Cardinality: |
multi |
| Indexing: |
equality |
| Alias: |
vtAffiliation |
| Definition: |
Specifies the person’s relationship to Virginia Tech in terms of one or more of the following values: VCOM-ALUM, VCOM-AFFILIATE, VCOM-ACTIVE-MEMBER, VCOM-EMPLOYEE-FORMER, VCOM-EMPLOYEE-RETIREE, VCOM-FACULTY, VCOM-STUDENT-ENROLLED, VCOM-EMPLOYEE, VCOM-STUDENT-FORMER, VCOM-STAFF, VT-ALUM, VT-ALUM-CONSTITUENT, VT-ALUM-FRIEND, VT-ALUM-PARENT, VT-ACTIVE-MEMBER, VT-AFFILIATE-LCI, VT-AFFILIATE-LCI-FORMER, VT-AFFILIATE-TEMPORARY, VT-EMPLOYEE, VT-EMPLOYEE-EMERITUS, VT-EMPLOYEE-FORMER, VT-EMPLOYEE-LEAVE, VT-EMPLOYEE-NON-STATE, VT-EMPLOYEE-PREHIRE, VT-EMPLOYEE-PREHIRE-FORMER, VT-EMPLOYEE-RETIREE, VT-EMPLOYEE-STATE, VT-EMPLOYEE-TEMPORARY, VT-EMPLOYEE-VOLUNTEER, VT-EMPLOYEE-WAGE, VT-FACULTY, VT-GUEST, VT-RESEARCH-PI, VT-RESEARCH-CO-PI, VT-STUDENT, VT-STUDENT-ENROLLED, VT-STUDENT-FUTURE, VT-STUDENT-NEW-ADMIT, VT-STUDENT-RECENT, VT-STAFF, VT-STUDENT-WAGE, VTC-ALUM, VTC-ACTIVE-MEMBER, VTC-EMPLOYEE, VTC-EMPLOYEE-FORMER, VTC-FACULTY, VTC-STUDENT-ENROLLED, VTC-STAFF |
| Notes: |
This attribute should be used instead of eduPersonAffiliation. |
| Example: |
virginiaTechAffiliation: VT-EMPLOYEE, VT-EMPLOYEE-STATE, VT-FACULTY |
virginiaTechID
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
equality, presence |
| Definition: |
This is the 9 digit Virginia Tech ID number from Banner, sometimes known as the Banner ID number. |
| Notes: |
|
| Example: |
virginiaTechID: 123456789 |
Objectclass virginiaTechGroup
administrator
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
equality, presence |
| Definition: |
These are the DNs of the people who may administer this group. |
| Notes: |
|
| Example: |
administrator: uid=987654,ou=People,dc=vt,dc=edu |
| Required: |
Yes |
| Cardinality: |
multi |
| Indexing: |
equality, presence |
| Definition: |
This is the DN of the person who should receive any correspondence for the group. |
| Notes: |
This is the person that will be contacted for administrative purposes (such a group renewal announcements). If a group email address isn’t specified this person will also get the daily correspondence for this group. |
| Example: |
contactPerson: uid=1234567,ou=People,dc=vt,dc=edu |
creationDate
| Required: |
Yes |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This is the date the group was added to the directory. |
| Notes: |
Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: |
creationDate: 2001-11-09T15:25:15-0500 |
displayName
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This represents the human readable name of a group and will be displayed in place of, or along side of, the group’s uugid. |
| Notes: |
This name is not guaranteed to be unique. |
| Example: |
displayName: Karate Club |
emailAddress
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This is the email address that everyday correspondence to the group should be sent to. |
| Notes: |
If no email address is specified email correspondence will be sent to the contact person’s email address. |
| Example: |
emailAddress: karate_club@vt.edu |
expirationDate
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This is the date the group is set to expire from the directory. |
| Notes: |
Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: |
expirationDate: 2001-11-09T15:25:15-0500 |
groupData
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
This field allows a group to store additional information about the group, which may be displayed along with other group information. |
| Notes: |
Some information that may be included here is a telephone number, an address, other websites, etc. Valid XHTML may be included to added emphasis to certain items. |
| Example: |
groupData: Meets on Thursdays from 5-7 |
groupMembership
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
equality, presence |
| Definition: |
A list of the group DNs this group is a member of. |
| Notes: |
|
| Example: |
groupMembership: uugid=bioclub,ou=Groups,dc=vt,dc=edu |
labeledURI
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
Webpage(s) associated with the group. |
| Notes: |
The format for this attribute is “label:url”, where the label describes the link and the url is the URL of the link. |
| Example: |
labeledURI: homepage:http://filebox.vt.edu/karate_club |
manager
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
A list of the DNs who are managers of this group. |
| Notes: |
|
| Example: |
manager: uid=1234567,ou=people,dc=vt,dc=edu |
member
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
equality, presence |
| Definition: |
A list of the DNs who are members of this group. May include person and/or group DNs. |
| Notes: |
|
| Example: |
member: uid=1234567,ou=people,dc=vt,dc=edu |
suppressDisplay
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
Whether this group’s entire record should be suppressed from public view. |
| Notes: |
|
| Example: |
suppressDisplay: true |
suppressMembers
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
Whether this group’s membership should be suppressed from public view. |
| Notes: |
|
| Example: |
suppressMembers: true |
uid
| Required: |
Yes |
| Cardinality: |
single |
| Indexing: |
equality |
| Definition: |
The unique indentifier for this group. Corresponds to the sequence number in the Registry. |
| Notes: |
|
| Example: |
uid: 1 |
uugid
| Required: |
Yes |
| Cardinality: |
single |
| Indexing: |
equality, substring, presence |
| Definition: |
This Universally Unique Group Identifier is the unique identifier of a group within the directory. |
| Notes: |
|
| Example: |
|
viewer
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
The DNs that may view this group and its membership. |
| Notes: |
|
| Example: |
user: uusid=exampleService,ou=Services,dc=vt,dc=edu |
Objectclass virginiaTechService
accountState
| Required: |
Yes |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The current state of this service account. |
| Notes: |
May be one of two values: active or inactive. |
| Example: |
accountState: active |
administrator
| Required: |
Yes |
| Cardinality: |
multi |
| Indexing: |
equality, presence |
| Definition: |
A list of people DNs that may administer a service. |
| Notes: |
Administrators may add or remove authorized users from a service. |
| Example: |
administrator: uid=1254884,ou=People,dc=vt,dc=edu |
| Required: |
Yes |
| Cardinality: |
single |
| Indexing: |
equality, presence |
| Definition: |
This is the DN of the person who is ultimately responsible for this service. |
| Notes: |
|
| Example: |
contactPerson: uid=987654,ou=People,dc=vt,dc=edu |
creationDate
| Required: |
Yes |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This is the date the service was added to the directory. |
| Notes: |
Time is 24 hour based. Format is yyyy-mm-ddThh:mmTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: |
creationDate: 2001-11-09T15:25:15-0500 |
certificate
| Required: |
Yes |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
The public certificate of the service |
| Notes: |
|
| Example: |
|
endpointBinding
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
The endpoint binding. |
| Notes: |
|
| Example: |
endpointBinding: POST |
endpointProtocol
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
The endpoint protocol. |
| Notes: |
|
| Example: |
endpointProtocol: SAML |
endpointURI
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
The endpoint URI. |
| Notes: |
|
| Example: |
endpointURI: https://foo.com/bar |
expirationDate
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This is the date the service is set to expire from the directory. |
| Notes: |
Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: |
expirationDate: 2001-11-09T15:25:15-0500 |
serviceDN
| Required: |
Yes |
| Cardinality: |
multi |
| Indexing: |
equality |
| Definition: |
The DN of the service certificate |
| Notes: |
The serviceDN must map to the certificate that did TLS client authentication to ED-LDAP for the service to have any privileges other than anonymous access. |
| Example: |
cn=ED-ID Service,ou=1,ou=Middleware-Client,o=Virginia Polytechnic Institute and State University,l=Blacksburg,st=Virginia,c=US,dc=vt,dc=edu |
serviceType
| Required: |
Yes |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This is the service type of the service. |
| Notes: |
Personal services may view any non-suppressed person attribute as well as any suppressed attribute in it’s view access control list (vACL) for the authenticated user originating the request, and may only display that information to that authenticated user. In other words a personal service will show you any of your suppressed attributes in its vACL, but only to you. Private services may view any non-suppressed person attribute as well as any suppressed attribute in its vACL for any person, however it may not make this information publicly viewable. |
| Example: |
serviceType: personal |
uid
| Required: |
Yes |
| Cardinality: |
single |
| Indexing: |
equality |
| Definition: |
The unique indentifier for this service. Corresponds to the sequence number in the Registry. |
| Notes: |
|
| Example: |
uid: 1 |
uusid
| Required: |
Yes |
| Cardinality: |
single |
| Indexing: |
equality, substring, presence |
| Definition: |
This Universally Unique Service Id is the unique identifier of a service within the directory. |
| Notes: |
|
| Example: |
uusid: filebox |
viewablePersonAttribute
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
equality, presence |
| Definition: |
This is a list of virginiaTechPerson attributes that this service may view. |
| Notes: |
This list in used in conjunction with the service type to determine what usersuppressed fields a service can view. |
| Example: |
viewablePersonAttribute: mail |
Objectclass virginiaTechEntitlement
creationDate
| Required: |
Yes |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This is the date the entitlement was added to the directory. |
| Notes: |
Time is 24 hour based. Format is yyyy-mm-ddThh:mmTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: |
creationDate: 2001-11-09T15:25:15-0500 |
entitled
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
A DN that represents the entry with this virginiaTechEntitlement. |
| Notes: |
Only people can currently have entitlements. In the future, this may be expanded to include services and groups. |
| Example: |
entitled: uid=1152120,ou=People,dc=vt,dc=edu |
entitlement
| Required: |
Yes |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
A string that identifies the virginiaTechEntitlement |
| Notes: |
May coexist with eduPersonEntitlement in the future. |
| Example: |
entitlement: middleware:dat:person:create |
expirationDate
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The date this virginiaTechEntitlement will expire. |
| Notes: |
Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is -0500 |
| Example: |
expirationDate: 2001-11-09T15:25:15-0500 |
manager
| Required: |
Yes |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
The DN of the service that manages this virginaTechEntitlement. |
| Notes: |
Though this will initially only contain service DNs, it may contain people or group DNs in the future. This attribute is defined as multi-valued in RFC1274 (used by inetOrgPerson), but it should always contain one value. This will be enforced through replication. |
| Example: |
manager: uusid=service-manager,ou=Services,dc=vt,dc=edu |
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The DN that is sponsoring this virginiaTechEntitlement. |
| Notes: |
Initially this will be a person DN, but in the future it may contain service or group DNs. |
| Example: |
sponsor: uid=1152120,ou=People,dc=vt,dc=edu |
uid
| Required: |
Yes |
| Cardinality: |
single |
| Indexing: |
equality |
| Definition: |
The unique identifier for this virginiaTechEntitlement. Corresponds to VTENTITLEMENTS.VTENTITLEMENT_SEQNO in the Registry. |
| Notes: |
Not to be confused with a person, group, or service uid. |
| Example: |
uid: 1 |
viewer
| Required: |
No |
| Cardinality: |
multi |
| Indexing: |
none |
| Definition: |
The DNs that may view this virginiaTechEntitlement. |
| Notes: |
Similar to a group’s viewer. |
| Example: |
viewer: uusid=viewer-service,ou=Services,dc=vt,dc=edu |
Objectclass virginiaTechOrganization
orgCode
| Required |
Yes |
| Cardinality: |
single |
| Indexing: |
equality |
| Definition: |
The organization code. |
| Example: |
orgCode: 066103 |
orgTitle
| Required |
Yes |
| Cardinality: |
single |
| Indexing: |
equality, substring |
| Definition: |
The human readable organization title. |
| Example: |
orgTitle: Middleware & Identity Apps |
orgLevel
| Required |
Yes |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
The numeric level of this organization. |
| Example: |
orgLevel: 6 |
orgLevelCode
| Required |
Yes |
| Cardinality: |
multi |
| Indexing: |
equality |
| Definition: |
An organization level code. |
| Example: |
orgLevelCode: 066103 |
orgStatus
| Required |
Yes |
| Cardinality: |
single |
| Indexing: |
equality |
| Definition: |
The organization status. |
| Example: |
orgStatus: A |
orgEmployee
| Required |
Yes |
| Cardinality: |
single |
| Indexing: |
equality |
| Definition: |
The DNs of the employees in this organization. |
| Example: |
orgEmployee: uid=1152120,ou=People,dc=vt,dc=edu |
orgLevelCode[1-6]
| Required |
Yes |
| Cardinality: |
multi |
| Indexing: |
equality |
| Definition: |
The organization level code with the level number. |
| Example: |
orgLevelCode6: 066103 |
uid
| Required: |
Yes |
| Cardinality: |
single |
| Indexing: |
equality |
| Definition: |
The unique indentifier. |
| Notes: |
|
| Example: |
uid: 1 |
creationDate
| Required: |
No |
| Cardinality: |
single |
| Indexing: |
none |
| Definition: |
This is the date the organization was added to the directory. |
| Notes: |
Time is 24 hour based. Format is yyyy-mm-ddThh:mm:ssTZD TZD = Time Zone Designator. For the Eastern Time zone this is –0500 |
| Example: |
creationDate: 2001-11-09T15:25:15-0500 |
Change Log
1.0 -> 1.1
- Added type “meeting” to the addressType attribute of the address object class
- Added memberOf attribute to virginiaTechPerson object class
- Added groupType attribute to group object class
1.1 -> 1.2
- Renamed address, group, and service objectclasses to virginiaTechAddress, virginiaTechGroup, virginiaTechService respectively
- Removed alternateID, userOfService, serviceExpirationDate, serviceAddDate, and groupVisibility from person object
- Added bannerPIDM, chapSecret, departmentNumber, previousVirginiaTechID, and virginiaTechID attributes to person
- Renamed memberOf attribute in person object to isMemberOf
- Renamed currentState to accountState to bring schema inline with ED-Auth schema
- Renamed responsibleID attribute in person object to responsiblePerson
- Removed groupType attribute from groups
- Added allowedServices attribute to groups
- Removed user and viewableGroup attributes from service
- Added contactPerson attribute to services
- Renamed credential attribute on services to certificate
1.2 -> 1.3
- Added legalName, majorCode, mailPreferredAddress, mailForwardingAddress, localPhone, localPostalAddress, mailStop, and title attributes
- Changed the definitions of homePhone and homePostalAddress such that they only contain home address data
- Changed the definitions of c, facsimileTelephoneNumber, l, postalAddress, postalCode, postalOfficeBox, st, street, and telephoneNumber such that they only contain business address data
- Moved address, c, homepostalAddress, postalAddress, and postalCode from required attributes to optional attributes
- Changed address definition to refer to address dn.
1.3 -> 1.4
- Added mailAlias
- Added mailAccount
- Added lastEnrollmentTermCode
- Changed lastEnrollmentTerm to be the human readable form of lastEnrollmentTermCode
- Added nextEnrollmentTermCode
- Changed nextEnrollmentTerm to be the human readable form of nextEnrollmentTermCode
- In addresses, changed the definition of country so that it is no longer a required attribute
1.4 -> 1.5
- Added suppressDisplay attribute for people
- Moved administrator from required to optional for services
- Renamed isMemberOf attribute in person object to groupMembership
- Finalized group schema
- Updated documentation for attributes that claim to contain UIDs, they really contain DNs
1.5 -> 1.6
- Removed amateurRadioCallsign
- Removed unixUid
- Removed previousVirginiaTechID
- Added personData
- accountState, passwordState, userPassword, and uupid are no longer required attributes for virginiaTechPerson
1.6 -> 1.7
- Added homeFAX, homeMobile, homePager, localFAX, localMobile, and localPager
- Made localPhone multi-value
- Renamed facsimileNumber to facsimileTelephoneNumber in virginiaTechAddress
- Added personType
- Made city and postalCode optional in virginiaTechAddress
1.7 -> 1.8
- Added accountCreationDate, accountExpirationDate, accountShelveDate, classLevel, classLevelCode to virginiaTechPerson
- Made uid a required attribute for virginiaTechService and virginiaTechGroup
- Added manager and suppressMembers to virginiaTechGroup
1.8 -> 1.9
- Add virginiaTechEntitlement objectclass.
- Remove joinability and leaveability from virginiaTechGroup.
- Add suppressEmployeeDisplay to virginiaTechPerson.
- Make contactPerson multi-valued.
- Add serviceDN to virginiaTechService.
- Make certificate multi-valued.
- Add authId and guestId.
1.9 -> 1.10
- Add required attribute gender to virginiaTechPerson.
- Add optional attribute employeeOffCampus to virginiaTechPerson.
1.10 -> 1.11
- Change legalName to bannerName. Keep legalName as an alias to bannerName.
- Add udcIdentifier.
1.12 -> 1.13
1.13 -> 1.14
- Add confidentialFlag.
- Add accountRecoveryMaintenanceDate
1.14 -> 1.15
- Add virginiaTechAffiliation
- Note preference of using vtAffiliation instead of eduPersonAffilation.
1.15 -> 1.16
- Replace chapSecret with networkPassword.
1.16 -> 1.17
- Add passwordExpirationDate.
1.17 -> 1.18
- Add groupMembershipUugid.
- Add virginiaTechOrganization:
- orgCode
- orgTitle
- orgLevel
- orgLevelCode
- orgStatus
- orgEmployee
- orgLevelCode1
- orgLevelCode2
- orgLevelCode3
- orgLevelCode4
- orgLevelCode5
- orgLevelCode6
- Add passwordChangeDate.
1.18 -> 1.19
- Add mailAuxiliaryAccount.