Versions Compared

Old Version 6

changes.mady.by.user Etan Weintraub (johnshopkins.edu)

Saved on

compared with

New Version 7

changes.mady.by.user Nicole Roy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

For adding eduPerson as an auxiliary class to AD. Please note that it includes the steps to add this auxiliary class to the AD user object.
Original Courtesy Alan Walsh, U. Indiana, 200806 version Courtesy Etan Weintraub, Johns Hopkins

...

# ======================================================================================================================================

...


#

...


#

...

File:

...

...

eduPerson.ldf

...


#

...

Version:

...

201310
#

...


#

...

 This file should be imported with the following command while logged in to the Domain Controller as an Admin User:

...


#

...

...

ldifde -i -f eduPerson.adschema.ldif -v -j <PATH TO LOGFILES>

...


#

...


#

...

 REMEMBER TO SEARCH AND REPLACE DC=X WITH YOUR DC SUFFIX

...


#

...


# =======================================================================================================================================

...

# ==================================================================
...

# 
...
Attributes
...

# ==================================================================
...
dn: CN=eduPersonAffiliation,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: eduPersonAffiliation
...

lDAPDisplayName: eduPersonAffiliation
...

adminDisplayName: eduPersonAffiliation
...

adminDescription: Specifies the person's relationship(s) to the institution, permissible values: faculty, student, staff, alum, member, affiliate, employee
...

attributeID: 1.3.6.1.4.1.5923.1.1.1.1
...

attributeSyntax: 2.5.5.12
...

oMSyntax: 64
...

isSingleValued: FALSE
...

searchFlags: 1
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=eduPersonNickname,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: eduPersonNickname
...

lDAPDisplayName: eduPersonNickname
...

adminDisplayName: eduPersonNickname
...

adminDescription: Person's nickname, or the informal name by which they are accustomed to be hailed
...

attributeID: 1.3.6.1.4.1.5923.1.1.1.2
...

attributeSyntax: 2.5.5.12
...

oMSyntax: 64
...

isSingleValued: FALSE
...

searchFlags: 1
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=eduPersonOrgDN,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: eduPersonOrgDN
...

lDAPDisplayName: eduPersonOrgDN
...

adminDisplayName: eduPersonOrgDN
...

adminDescription: Specifies the person's relationship(s) to the institution, permissible values: faculty, student, staff, alum, member, affiliate, employee
...

attributeID: 1.3.6.1.4.1.5923.1.1.1.3
...

attributeSyntax: 2.5.5.1
...

oMSyntax: 127
...

isSingleValued: TRUE
...

searchFlags: 0
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=eduPersonOrgUnitDN,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: eduPersonOrgUnitDN
...

lDAPDisplayName: eduPersonOrgUnitDN
...

adminDisplayName: eduPersonOrgUnitDN
...

adminDescription: The distinguished name(s) (DN) of the directory entries representing the person's Organizational Unit(s)
...

attributeID: 1.3.6.1.4.1.5923.1.1.1.4
...

attributeSyntax: 2.5.5.1
...

oMSyntax: 127
...

isSingleValued: FALSE
...

searchFlags: 0
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=eduPersonPrimaryAffiliation,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: eduPersonPrimaryAffiliation
...

lDAPDisplayName: eduPersonPrimaryAffiliation
...

adminDisplayName: eduPersonPrimaryAffiliation
...

adminDescription: Specifies the person's PRIMARY relationship to the institution in broad categories such as student, faculty, staff, alum, etc
...

attributeID: 1.3.6.1.4.1.5923.1.1.1.5
...

attributeSyntax: 2.5.5.12
...

oMSyntax: 64
...

isSingleValued: TRUE
...

searchFlags: 1
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=eduPersonPrincipalName,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: eduPersonPrincipalName
...

lDAPDisplayName: eduPersonPrincipalName
...

adminDisplayName: eduPersonPrincipalName
...

adminDescription: The "NetID" of the person for the purposes of inter-institutional authentication. It should be represented in the form "user@scope" where scope defines a local security domain
...

attributeID: 1.3.6.1.4.1.5923.1.1.1.6
...

attributeSyntax: 2.5.5.12
...

oMSyntax: 64
...

isSingleValued: TRUE
...

searchFlags: 1
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=eduPersonEntitlement,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: eduPersonEntitlement
...

lDAPDisplayName: eduPersonEntitlement
...

adminDisplayName: eduPersonEntitlement
...

adminDescription: URI (either URN or URL) that indicates a set of rights to specific resources
...

attributeID: 1.3.6.1.4.1.5923.1.1.1.7
...

attributeSyntax: 2.5.5.12
...

oMSyntax: 64
...

isSingleValued: FALSE
...

searchFlags: 1
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=eduPersonPrimaryOrgUnitDN,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: eduPersonPrimaryOrgUnitDN
...

lDAPDisplayName: eduPersonPrimaryOrgUnitDN
...

adminDisplayName: eduPersonPrimaryOrgUnitDN
...

adminDescription: The distinguished name (DN) of the directory entry representing the person's primary Organizational Unit(s)
...

attributeID: 1.3.6.1.4.1.5923.1.1.1.8
...

attributeSyntax: 2.5.5.1
...

oMSyntax: 127
...

isSingleValued: TRUE
...

searchFlags: 0
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=eduPersonScopedAffiliation,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: eduPersonScopedAffiliation
...

lDAPDisplayName: eduPersonScopedAffiliation
...

adminDisplayName: eduPersonScopedAffiliation
...

adminDescription: Specifies the person's affiliation (see eduPersonAffiliation) within a particular security domain, the values consist of a left (affiliation) and right component (security domain) separated by an "@" sign
...

attributeID: 1.3.6.1.4.1.5923.1.1.1.9
...

attributeSyntax: 2.5.5.12
...

oMSyntax: 64
...

isSingleValued: FALSE
...

searchFlags: 1
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=eduPersonTargetedID,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: eduPersonTargetedID
...

lDAPDisplayName: eduPersonTargetedID
...

adminDisplayName: eduPersonTargetedID
...

adminDescription:
...
 a tuple consisting of an opaque identifier for the principal, a name for the source of the identifier, and a name for the intended audience of the identifiere
attributeID: 1.3.6.1.4.1.5923.1.1.1.10
...

attributeSyntax: 2.5.5.12
...

oMSyntax: 64
...

isSingleValued: FALSE
...

searchFlags: 0
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=eduPersonAssurance,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: eduPersonAssurance
...

lDAPDisplayName: eduPersonAssurance
...

adminDisplayName: eduPersonAssurance
...

adminDescription: Set of URIs that assert compliance with specific standards for identity assurance.
...

attributeID: 1.3.6.1.4.1.5923.1.1.1.11
...

attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: FALSE
searchFlags: 0
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
dn: CN=eduPersonPrincipalNamePrior,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
cn: eduPersonPrincipalName
lDAPDisplayName: eduPersonPrincipalName
adminDisplayName: eduPersonPrincipalName
adminDescription: The Previous "NetID" of the person for the purposes of inter-institutional authentication. It should be represented in the form "user@scope" where scope defines a local security domain
attributeID: 1.3.6.1.4.1.5923.1.1.1.12
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
searchFlags: 1
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
dn: CN=eduPersonUniqueID,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
cn: eduPersonTargetedID
lDAPDisplayName: eduPersonTargetedID
adminDisplayName: eduPersonTargetedID
adminDescription: A long-lived, non re-assignable, omnidirectional identifier unique to each individual.
attributeID: 1.3.6.1.4.1.5923.1.1.1.13
attributeSyntax: 2.5.5.12
...

oMSyntax: 64
...

isSingleValued: FALSE
...

searchFlags: 0
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn:
...

changetype: modify
...

add: schemaUpdateNow
...

schemaUpdateNow: 1
...

-
...

# ==================================================================
...

#
...
 Object classes
...

# ==================================================================
...
dn: CN=eduPerson,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: classSchema
...

cn: eduPerson
...

lDAPDisplayName: eduPerson
...

adminDisplayName: eduPerson
...

adminDescription: Consists of a set of data elements or attributes about individuals within higher education
...

governsID: 1.3.6.1.4.1.5923.1.1.2
...

objectClassCategory: 3
...

subclassOf: top
...

rdnAttId: cn
...

mayContain: 1.3.6.1.4.1.5923.1.1.1.1
...

mayContain: 1.3.6.1.4.1.5923.1.1.1.2
...

mayContain: 1.3.6.1.4.1.5923.1.1.1.3
...

mayContain: 1.3.6.1.4.1.5923.1.1.1.4
...

mayContain: 1.3.6.1.4.1.5923.1.1.1.5
...

mayContain: 1.3.6.1.4.1.5923.1.1.1.6
...

mayContain: 1.3.6.1.4.1.5923.1.1.1.7
...

mayContain: 1.3.6.1.4.1.5923.1.1.1.8
...

mayContain: 1.3.6.1.4.1.5923.1.1.1.9
...

mayContain: 1.3.6.1.4.1.5923.1.1.1.10
...

mayContain: 1.3.6.1.4.1.5923.1.1.1.11
...

mayContain: 1.3.6.1.4.1.5923.1.1.1.12
mayContain: 1.3.6.1.4.1.5923.1.1.1.13
defaultObjectCategory: CN=eduPerson,cn=Schema,cn=Configuration,dc=X
...

systemOnly: FALSE
...
dn:
...

changetype: modify
...

add: schemaUpdateNow
...

schemaUpdateNow: 1
...

-
...
dn: CN=User,CN=Schema,CN=Configuration,DC=X
...

changetype: modify
...

add: auxiliaryClass
...

auxiliaryClass: eduPerson
...

-
...
dn:
...

changetype: modify
...

add: schemaUpdateNow
...

schemaUpdateNow: 1
...

-
...