Versions Compared

Old Version 3

changes.mady.by.user Etan Weintraub (johnshopkins.edu)

Saved on

compared with

New Version Current

changes.mady.by.user Nicole Roy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Warning

This wiki is deprecated. All eduPerson and eduOrg activities have been moved to REFEDS: https://refeds.org/specifications



# ==

For adding eduPerson as an auxiliary class to AD. Please note that it includes the steps to add this auxiliary class to the AD user object.
Courtesy Alan Walsh, U. Indiana

...

====================================================================================================================================

...


#

...


#

...

 File:

...

...

eduPerson.ldf

...


#

...

 Version:

...

201310-20170503
#

...


#

...

 This file should be imported with the following command

...

 while logged in

...

to

...

the

...

Domain

...

Controller as an Admin User:
# ldifde -i -f eduPerson.adschema.ldif -v -j <PATH TO LOGFILES>
#
# REMEMBER TO SEARCH AND REPLACE DC=X WITH YOUR DC SUFFIX
#
# =======================================================================================================================================

...

# ==================================================================
...

# 
...
Attributes
...

# ==================================================================
dn: CN=eduPersonAffiliation,CN=Schema,CN=
...
Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
cn: eduPersonAffiliation
lDAPDisplayName: eduPersonAffiliation
adminDisplayName: eduPersonAffiliation
adminDescription: Specifies the person's relationship(s) to the institution, permissible values: faculty, student, staff, alum, member, affiliate, employee
attributeID: 1.3.6.1.4.1.5923.1.1.1.1
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: FALSE
searchFlags: 1
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
dn: CN=eduPersonNickname,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
cn: eduPersonNickname
lDAPDisplayName: eduPersonNickname
adminDisplayName: eduPersonNickname
adminDescription: Person's nickname, or the informal name by which they are accustomed to be hailed
attributeID: 1.3.6.1.4.1.5923.1.1.1.2
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: FALSE
searchFlags: 1
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
dn: CN=eduPersonOrgDN,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
cn: eduPersonOrgDN
lDAPDisplayName: eduPersonOrgDN
adminDisplayName: eduPersonOrgDN
adminDescription: Specifies the person's relationship(s) to the institution, permissible values: faculty, student, staff, alum, member, affiliate, employee
attributeID: 1.3.6.1.4.1.5923.1.1.1.3
attributeSyntax: 2.5.5.1
oMSyntax: 127
isSingleValued: TRUE
searchFlags: 0
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
dn: CN=eduPersonOrgUnitDN,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
cn: eduPersonOrgUnitDN
lDAPDisplayName: eduPersonOrgUnitDN
adminDisplayName: eduPersonOrgUnitDN
adminDescription: The distinguished name(s) (DN) of the directory entries representing the person's Organizational Unit(s)
attributeID: 1.3.6.1.4.1.5923.1.1.1.4
attributeSyntax: 2.5.5.1
oMSyntax: 127
isSingleValued: FALSE
searchFlags: 0
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
dn: CN=eduPersonPrimaryAffiliation,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: 
...
eduPersonPrimaryAffiliation
lDAPDisplayName: 
...
eduPersonPrimaryAffiliation
adminDisplayName: 
...
eduPersonPrimaryAffiliation
adminDescription: Specifies the person's PRIMARY relationship
...
 to the institution
...
 in broad categories such as student, faculty, staff, alum, 
...
etc
attributeID: 1.3.6.1.4.1.5923.1.1.1.
...
5
attributeSyntax: 2.5.5.12
...

oMSyntax: 64
...

isSingleValued: 
...
TRUE
searchFlags: 1
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=
...
eduPersonPrincipalName,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: 
...
eduPersonPrincipalName
lDAPDisplayName: 
...
eduPersonPrincipalName
adminDisplayName: 
...
eduPersonPrincipalName
adminDescription:
...
 The "NetID" of the person for the purposes of inter-institutional authentication. It should be represented in the form "user@scope" where scope defines a local security domain
attributeID: 1.3.6.1.4.1.5923.1.1.1.
...
6
attributeSyntax: 2.5.5.12
...

oMSyntax: 64
isSingleValued: TRUE
searchFlags: 1
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=
...
eduPersonEntitlement,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: 
...
eduPersonEntitlement
lDAPDisplayName: 
...
eduPersonEntitlement
adminDisplayName: 
...
eduPersonEntitlement
adminDescription: 
...
URI (either URN or URL) that indicates a set of rights to specific resources
attributeID: 1.3.6.1.4.1.5923.1.1.1.
...
7
attributeSyntax: 2.5.5.
...
12
oMSyntax: 64
isSingleValued: FALSE
searchFlags: 1
showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=
...
eduPersonPrimaryOrgUnitDN,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: 
...
eduPersonPrimaryOrgUnitDN
lDAPDisplayName: 
...
eduPersonPrimaryOrgUnitDN
adminDisplayName: 
...
eduPersonPrimaryOrgUnitDN
adminDescription: The distinguished name
...
 (DN) of the directory 
...
entry representing the person's primary Organizational Unit(s)
...

attributeID: 1.3.6.1.4.1.5923.1.1.1.
...
8
attributeSyntax: 2.5.5.1
...

oMSyntax: 127
...

isSingleValued: 
...
TRUE
searchFlags: 0
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=
...
eduPersonScopedAffiliation,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: 
...
eduPersonScopedAffiliation
lDAPDisplayName: 
...
eduPersonScopedAffiliation
adminDisplayName: 
...
eduPersonScopedAffiliation
adminDescription: Specifies the person's
...
 affiliation (see eduPersonAffiliation) within a particular security domain, the values consist of a left (affiliation) and right component (security domain) separated by an "@" sign
attributeID: 1.3.6.1.4.1.5923.1.1.1.
...
9
attributeSyntax: 2.5.5.12
...

oMSyntax: 64
...

isSingleValued: 
...
FALSE
searchFlags: 1
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=
...
eduPersonTargetedID,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: 
...
eduPersonTargetedID
lDAPDisplayName: 
...
eduPersonTargetedID
adminDisplayName: 
...
eduPersonTargetedID
adminDescription: a 
...
tuple 
...
consisting of an 
...
opaque 
...
identifier for the 
...
principal, 
...
a 
...
name for the source of the identifier, and a name for the intended audience of the identifiere
attributeID: 1.3.6.1.4.1.5923.1.1.1.
...
10
attributeSyntax: 2.5.5.12
...

oMSyntax: 64
isSingleValued: FALSE
searchFlags: 0
showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=
...
eduPersonAssurance,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: 
...
eduPersonAssurance
lDAPDisplayName: 
...
eduPersonAssurance
adminDisplayName: 
...
eduPersonAssurance
adminDescription: 
...
Set 
...
of URIs that 
...
assert 
...
compliance 
...
with 
...
specific 
...
standards 
...
for 
...
identity assurance.
attributeID: 1.3.6.1.4.1.5923.1.1.1.
...
11
attributeSyntax: 2.5.5.12
...

oMSyntax: 64
...

isSingleValued: FALSE
...

searchFlags: 
...
0
showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=
...
eduPersonPrincipalNamePrior,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
cn: eduPersonPrincipalNamePrior
lDAPDisplayName: eduPersonPrincipalNamePrior
adminDisplayName: eduPersonPrincipalNamePrior
adminDescription: The Previous "NetID" of the person for the purposes of inter-institutional authentication. It should be represented in the form "user@scope" where scope defines a local security domain
attributeID: 1.3.6.1.4.1.5923.1.1.1.12
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: FALSE
searchFlags: 1
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
dn: CN=eduPersonUniqueID,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
cn: eduPersonUniqueID
lDAPDisplayName: eduPersonUniqueID
adminDisplayName: eduPersonUniqueID
adminDescription: A long-lived, non re-assignable, omnidirectional identifier unique to each individual.
attributeID: 1.3.6.1.4.1.5923.1.1.1.
...
13
attributeSyntax: 2.5.5.12
...

oMSyntax: 64
...

isSingleValued: 
...
TRUE
searchFlags: 
...
0
showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=
...
eduPersonOrcid,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: 
...
eduPersonOrcid
lDAPDisplayName: 
...
eduPersonOrcid
adminDisplayName: 
...
eduPersonOrcid
adminDescription: ORCID iDs are persistent digital identifiers for individual researchers to unambiguously and definitively link them with their scholarly work products. ORCID iDs are assigned, managed and maintained by the ORCID organization.
attributeID: 1.3.6.1.4.1.5923.1.1.1.
...
16
attributeSyntax: 2.5.5.12
...

oMSyntax: 64
...

isSingleValued: 
...
TRUE
searchFlags: 0
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn:
...

changetype: modify
...

add: schemaUpdateNow
...

schemaUpdateNow: 1
...

-
...

# ==================================================================
...

#
...
 Object classes
...

# ==================================================================
...
dn: CN=eduPerson,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: classSchema
...

cn: eduPerson
...

lDAPDisplayName: eduPerson
...

adminDisplayName: eduPerson
...

adminDescription: Consists of a set of data elements or attributes about individuals 
...
within higher education
governsID: 1.3.6.1.4.1.5923.1.1.2
objectClassCategory: 3
subclassOf: top
rdnAttId: cn
mayContain: 1.3.6.1.4.1.5923.1.1.1.1
mayContain: 1.3.6.1.4.1.5923.1.1.1.2
mayContain: 1.3.6.1.4.1.5923.1.1.
...
1.3
mayContain: 
...
1.
...
3.6.
...
1.4.1.5923.1.1.1.4
mayContain: 1.3.6.1.4.1.5923.1.1.1.
...
5
mayContain: 
...
1.3.6.1.4.1.5923.1.1.1.
...
6
mayContain: 1.3.6.1.4.1.5923.1.1.1.
...
7
mayContain: 1.3.6.1.4.1.5923.1.1.1
...
.8
mayContain: 1.3.6.1.4.1.5923.1.1.1.
...
9
mayContain: 
...
1.3.6.1.4.1.5923.1.1.1.
...
10
mayContain: 
...
1.3.6.1.4.1.5923.1.1.1.
...
11
mayContain: 1.3.6.1.4.1.5923.1.1.1.
...
12
mayContain: 1.3.6.1.4.1.5923
...
.1.1
...
.1.13
mayContain: 
...
1.3.6.1.4.1.5923.1.1.1.
...
16

defaultObjectCategory: 
...
CN=eduPerson,cn=Schema,cn=Configuration,dc=X
...

systemOnly: FALSE
...
dn:
...

changetype: modify
...

add: schemaUpdateNow
...

schemaUpdateNow: 1
...

-
...
dn: CN=User,CN=Schema,CN=Configuration,DC=X
...

changetype: modify
...

add: auxiliaryClass
...

auxiliaryClass: eduPerson
...

-
...
dn:
...

changetype: modify
...

add: schemaUpdateNow
...

schemaUpdateNow: 1
...

-
...