2.2.15. eduPersonIdentifier; OID: 1.3.6.1.4.1.5923.1.1.1.17
RFC4512 definition
( 1.3.6.1.4.1.5923.1.1.1.17
NAME 'eduPersonIdentifier'
DESC 'eduPersonIdentifier per Internet2'
EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
Application utility class: standard; # of values: multi
Definition
An identifier for a person, where the type of identifier is prefixed and encapsulated in curly braces. Types must be as defined here. All types are multi-valued, and -- in order to provide value to being stored in a directory – persistent.
Type | Description | Reassignable? |
---|---|---|
badge | An identifier used for physical access control (ie: encoded on an access card) | Yes |
enterprise | An organization wide identifier, typically used for system-to-system communication and typically unknown to the user | No |
eppn | eduPersonPrincipalName, as described in this document | Yes |
epuid | eduPersonUniqueId, as described in this document | No |
network | An identifier used for logging into network-accessible services, such as a NetID | Yes |
x-* | For local use |
Example applications for which this attribute would be useful
Cross-referencing different types of identifiers (eg: what a user logged in with, vs more persistent identifiers used by an application to key records)
Example (LDIF Fragment)
eduPersonIdentifier: {eppn}foo@university.edu
eduPersonIdentifier: {eppn}foo2@new-university.edu
eduPersonIdentifier: {enterprise}V135792468
Syntax: directoryString; In general Unicode characters are allowed. In LDAP, this data type implies UTF-8 encoding, and such characters are permitted. However, to reduce the risk of application errors, it is recommended that values contain only characters that could occur in account or login user names. While the UTF-8 encoding will often be appropriate, the specific encoding depends on the technology involved, and may not be limited to UTF-8 when more than LDAP is involved.
Indexing: pres, eq