Versions Compared

Old Version 6

changes.mady.by.user Etan Weintraub (johnshopkins.edu)

Saved on

compared with

New Version Current

changes.mady.by.user Nicole Roy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Warning

This wiki is deprecated. All eduPerson and eduOrg activities have been moved to REFEDS: https://refeds.org/specifications



# =

For adding eduPerson as an auxiliary class to AD. Please note that it includes the steps to add this auxiliary class to the AD user object.
Original Courtesy Alan Walsh, U. Indiana, 200806 version Courtesy Etan Weintraub, Johns Hopkins

...

=====================================================================================================================================

...


#

...


#

...

File:

...

 eduPerson.ldf

...


#

...

Version:

...

201310-20170503
#

...


#

...

This file should be imported with the following command while logged in to the Domain Controller as an Admin User:

...


#

...

...

ldifde -i -f eduPerson.adschema.ldif -v -j <PATH TO LOGFILES>

...


#

...


#

...

 REMEMBER TO SEARCH AND REPLACE DC=X WITH YOUR DC SUFFIX

...


#

...


# =======================================================================================================================================

...

# ==================================================================
...

# 
...
Attributes
...

# ==================================================================
...
dn: CN=eduPersonAffiliation,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: eduPersonAffiliation
...

lDAPDisplayName: eduPersonAffiliation
...

adminDisplayName: eduPersonAffiliation
...

adminDescription: Specifies the person's relationship(s) to the institution, permissible values: faculty, student, staff, alum, member, affiliate, employee
...

attributeID: 1.3.6.1.4.1.5923.1.1.1.1
...

attributeSyntax: 2.5.5.12
...

oMSyntax: 64
...

isSingleValued: FALSE
...

searchFlags: 1
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=eduPersonNickname,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: eduPersonNickname
...

lDAPDisplayName: eduPersonNickname
...

adminDisplayName: eduPersonNickname
...

adminDescription: Person's nickname, or the informal name by which they are accustomed to be hailed
...

attributeID: 1.3.6.1.4.1.5923.1.1.1.2
...

attributeSyntax: 2.5.5.12
...

oMSyntax: 64
...

isSingleValued: FALSE
...

searchFlags: 1
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=eduPersonOrgDN,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: eduPersonOrgDN
...

lDAPDisplayName: eduPersonOrgDN
...

adminDisplayName: eduPersonOrgDN
...

adminDescription: Specifies the person's relationship(s) to the institution, permissible values: faculty, student, staff, alum, member, affiliate, employee
...

attributeID: 1.3.6.1.4.1.5923.1.1.1.3
...

attributeSyntax: 2.5.5.1
...

oMSyntax: 127
...

isSingleValued: TRUE
...

searchFlags: 0
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=eduPersonOrgUnitDN,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: eduPersonOrgUnitDN
...

lDAPDisplayName: eduPersonOrgUnitDN
...

adminDisplayName: eduPersonOrgUnitDN
...

adminDescription: The distinguished name(s) (DN) of the directory entries representing the person's Organizational Unit(s)
...

attributeID: 1.3.6.1.4.1.5923.1.1.1.4
...

attributeSyntax: 2.5.5.1
...

oMSyntax: 127
...

isSingleValued: FALSE
...

searchFlags: 0
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=eduPersonPrimaryAffiliation,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: eduPersonPrimaryAffiliation
...

lDAPDisplayName: eduPersonPrimaryAffiliation
...

adminDisplayName: eduPersonPrimaryAffiliation
...

adminDescription: Specifies the person's PRIMARY relationship to the institution in broad categories such as student, faculty, staff, alum, etc
...

attributeID: 1.3.6.1.4.1.5923.1.1.1.5
...

attributeSyntax: 2.5.5.12
...

oMSyntax: 64
...

isSingleValued: TRUE
...

searchFlags: 1
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=eduPersonPrincipalName,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: eduPersonPrincipalName
...

lDAPDisplayName: eduPersonPrincipalName
...

adminDisplayName: eduPersonPrincipalName
...

adminDescription: The "NetID" of the person for the purposes of inter-institutional authentication. It should be represented in the form "user@scope" where scope defines a local security domain
...

attributeID: 1.3.6.1.4.1.5923.1.1.1.6
...

attributeSyntax: 2.5.5.12
...

oMSyntax: 64
...

isSingleValued: TRUE
...

searchFlags: 1
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=eduPersonEntitlement,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: eduPersonEntitlement
...

lDAPDisplayName: eduPersonEntitlement
...

adminDisplayName: eduPersonEntitlement
...

adminDescription: URI (either URN or URL) that indicates a set of rights to specific resources
...

attributeID: 1.3.6.1.4.1.5923.1.1.1.7
...

attributeSyntax: 2.5.5.12
...

oMSyntax: 64
...

isSingleValued: FALSE
...

searchFlags: 1
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=eduPersonPrimaryOrgUnitDN,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: eduPersonPrimaryOrgUnitDN
...

lDAPDisplayName: eduPersonPrimaryOrgUnitDN
...

adminDisplayName: eduPersonPrimaryOrgUnitDN
...

adminDescription: The distinguished name (DN) of the directory entry representing the person's primary Organizational Unit(s)
...

attributeID: 1.3.6.1.4.1.5923.1.1.1.8
...

attributeSyntax: 2.5.5.1
...

oMSyntax: 127
...

isSingleValued: TRUE
...

searchFlags: 0
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=eduPersonScopedAffiliation,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: eduPersonScopedAffiliation
...

lDAPDisplayName: eduPersonScopedAffiliation
...

adminDisplayName: eduPersonScopedAffiliation
...

adminDescription: Specifies the person's affiliation (see eduPersonAffiliation) within a particular security domain, the values consist of a left (affiliation) and right component (security domain) separated by an "@" sign
...

attributeID: 1.3.6.1.4.1.5923.1.1.1.9
...

attributeSyntax: 2.5.5.12
...

oMSyntax: 64
...

isSingleValued: FALSE
...

searchFlags: 1
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=eduPersonTargetedID,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: eduPersonTargetedID
...

lDAPDisplayName: eduPersonTargetedID
...

adminDisplayName: eduPersonTargetedID
...

adminDescription: 
...
a 
...
tuple 
...
consisting of an opaque identifier for the principal, a name for the source of the identifier, and a name for the intended audience of the identifiere
attributeID: 1.3.6.1.4.1.5923.1.1.1.10
...

attributeSyntax: 2.5.5.12
...

oMSyntax: 64
...

isSingleValued: FALSE
...

searchFlags: 0
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn: CN=eduPersonAssurance,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: top
...

objectClass: attributeSchema
...

cn: eduPersonAssurance
...

lDAPDisplayName: eduPersonAssurance
...

adminDisplayName: eduPersonAssurance
...

adminDescription: Set of URIs that assert compliance with specific standards for identity assurance.
...

attributeID: 1.3.6.1.4.1.5923.1.1.1.11
...

attributeSyntax: 2.5.5.12
...

oMSyntax: 64
...

isSingleValued: FALSE
...

searchFlags: 0
...

showInAdvancedViewOnly: TRUE
...

systemOnly: FALSE
...
dn:
...
 CN=eduPersonPrincipalNamePrior,CN=Schema,CN=Configuration,DC=X
changetype: 
...
ntdsschemaadd
objectClass: 
...
top
objectClass: attributeSchema
cn: eduPersonPrincipalNamePrior
lDAPDisplayName: eduPersonPrincipalNamePrior
adminDisplayName: eduPersonPrincipalNamePrior
adminDescription: The Previous "NetID" of the person for the purposes of inter-institutional authentication. It should be represented in the form "user@scope" where scope defines a local security domain
attributeID: 1.3.6.1.4.1.5923.1.1.1.12
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: FALSE
searchFlags: 1
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
dn: CN=eduPersonUniqueID,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
cn: eduPersonUniqueID
lDAPDisplayName: eduPersonUniqueID
adminDisplayName: eduPersonUniqueID
adminDescription: A long-lived, non re-assignable, omnidirectional identifier unique to each individual.
attributeID: 1.3.6.1.4.1.5923.1.1.1.13
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
searchFlags: 0
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
dn: CN=eduPersonOrcid,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
cn: eduPersonOrcid
lDAPDisplayName: eduPersonOrcid
adminDisplayName: eduPersonOrcid
adminDescription: ORCID iDs are persistent digital identifiers for individual researchers to unambiguously and definitively link them with their scholarly work products. ORCID iDs are assigned, managed and maintained by the ORCID organization.
attributeID: 1.3.6.1.4.1.5923.1.1.1.16
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
searchFlags: 0
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-

# ==================================================================
...

#
...
 Object classes
...

# ==================================================================
...
dn: CN=eduPerson,CN=Schema,CN=Configuration,DC=X
...

changetype: ntdsschemaadd
...

objectClass: classSchema
...

cn: eduPerson
...

lDAPDisplayName: eduPerson
...

adminDisplayName: eduPerson
...

adminDescription: Consists of a set of data elements
...
 or attributes about individuals within higher education
governsID: 1.3.6.1.4.1.5923.1.1.2
objectClassCategory: 3
subclassOf: top
rdnAttId: cn
mayContain: 1.3.6.1.4.1.5923.1.1.1.1
mayContain: 1.3.6.1.4.1.5923.1.1.1.2
mayContain: 1.3.6.1.4.1.5923.1.1.1.
...
3
mayContain: 1.3.6.1.4.1.5923.1.1.1.
...
4
mayContain: 1.3.6.1.4.1.5923.1.1.1.
...
5
mayContain: 1.3.6.1.4.1.5923.1.1.1.
...
6
mayContain: 1.3.6.1.4.1.5923.1.1.1.
...
7
mayContain: 1.3.6.1.4.1.5923.1.1.1.
...
8
mayContain: 1.3.6.1.4.1.5923.1.1.1.
...
9
mayContain: 1.3.6.1.4.1.5923.1.1.1.
...
10
mayContain: 1.3.6.1.4.1.5923.1.1.1.
...
11
mayContain: 1.3.6.1.4.1.5923.1.1.1.
...
12
mayContain: 1.3.6.1.4.1.5923.1.1.1.
...
13
mayContain: 1.3.6.1.4.1.5923.1.1.1.
...
16

defaultObjectCategory: CN=eduPerson,cn=Schema,cn=Configuration,dc=X
...

systemOnly: FALSE
...
dn:
...

changetype: modify
...

add: schemaUpdateNow
...

schemaUpdateNow: 1
...

-
...
dn: CN=User,CN=Schema,CN=Configuration,DC=X
...

changetype: modify
...

add: auxiliaryClass
...

auxiliaryClass: eduPerson
...

-
...
dn:
...

changetype: modify
...

add: schemaUpdateNow
...

schemaUpdateNow: 1
...

-
...