Page History

...

Attribute	Object Class	Data Model	Multiple Values Exported?	Attribute Options Supported	Introduced
cn	person, posixAccount	cm_names	Only the primary name attached to the CO Person is exported	lang	v0.8
cn	groupOfNames	cm_co_groups name			v0.8.2
description	groupOfNames	cm_co_groups description			v0.8.2
displayName	inetOrgPerson	cm_names		lang	v2.0.0
eduPersonAffiliation	eduPerson	cm_co_person_roles affiliation (possibly mapped via cm_co_extended_types)		role	v0.8
eduPersonEntitlement	eduPerson	cm_co_services (according to member cm_co_groups)			v2.0.0
eduPersonNickname	eduPerson	cm_names		lang	v2.0.0
eduPersonOrcid	eduPerson	cm_identifiers identifier where type is `orcid`			v2.0.0
eduPersonPrincipalName	eduPerson	cm_identifiers identifier			v0.8
eduPersonPrincipalNamePrior	eduPerson	cm_identifiers identifier			v2.0.0
eduPersonScopedAffiliation	eduPerson	cm_co_person_roles affiliation (possibly mapped via cm_co_extended_types, with scope appended)		role	v2.0.0
eduPersonUniqueId	eduPerson	cm_identifiers identifier (with scope appended)			v2.0.0
employeeNumber	inetOrgPerson	cm_identifiers identifier			v0.8
employeeType While not deprecated, as of v3.2.0 the use of voPersonAffiliation is recommended instead	inetOrgPerson	cm_co_person_roles affiliation		role	v0.9.2
facsimileTelephoneNumber	organizationalPerson	cm_telephone_numbers		role	v0.8
gecos	posixAccount	cm_names			v0.9
gidNumber	posixAccount	cm_identifiers identifier where type is `gidNumber`			v0.9
givenName	inetOrgPerson	cm_names given	Only the primary name attached to the CO Person is exported	lang	v0.8
hasMember	eduMember	cm_identifiers identifier			v0.8.2
homeDirectory	posixAccount	cm_identifiers identifier where type is `homeDirectory`			v0.9
isMemberOf	eduMember	cm_co_groups name (where cm_co_group_members member is true)			v0.8
l	organizationalPerson	cm_addresses locality		lang, role	v0.8
labeledURI	inetOrgPerson	cm_urls url and description (if set)			v3.1.0
loginShell	posixAccount	Currently hard coded			v0.9
mail	inetOrgPerson	cm_email_addresses mail		role	v0.8
member	groupOfNames	cm_co_ldap_provisioner_dns DN			v0.8.2
mobile	inetOrgPerson	cm_telephone_numbers		role	v0.8
o	inetOrgPerson	cm_co_person_roles o		role	v0.8
ou	organizationalPerson	cm_co_person_roles ou		role	v0.8
owner	groupOfNames	cm_co_ldap_provisioner_dns DN			v0.8.2
postalCode	organizationalPerson	cm_addresses postal_code		lang, role	v0.8
pwdAccountLockedTime	n/a (see pwdPolicy)	cm_co_people status (set when status is Expired or Suspended)			v2.0.0
roomNumber	inetOrgPerson	cm_addresses room		lang, role	v0.9.4
sshPublicKey	ldapPublicKey	cm_ssh_keys			v0.9
sn	person	cm_names family	Only the primary name attached to the CO Person is exported	lang	v0.8
st	organizationalPerson	cm_addresses state		lang, role	v0.8
street	organizationalPerson	cm_addresses street		lang, role	v0.8
telephoneNumber	organizationalPerson	cm_telephone_numbers		role	v0.8
title	organizationalPerson	cm_co_person_roles title		role	v0.8
uid	inetOrgPerson, posixAccount	cm_identifiers identifier			v0.8
uidNumber	posixAccount	cm_identifiers identifier where type is `uidNumber`			v0.9
userPassword	person	cm_passwords password where type is `CRYPT`, if Password Authenticator Plugin is enabled			v3.1.0
voPersonAffiliation	voPerson	cm_co_person_roles affiliation		role	v3.2.0
voPersonApplicationUID	voPerson	cm_identifiers identifier If attribute options are enabled, see note below		app	v3.2.0
voPersonAuthorName	voPerson	cm_names		lang	v3.2.0
voPersonCertificateDN	voPerson	cm_certificates subject_dn		scope	v3.2.0
voPersonCertificateIssuerDN	voPerson	cm_certificates issuer_dn		scope	v3.2.0
voPersonExternalID	voPerson	cm_identifiers identifier			v3.2.0
voPersonID	voPerson	cm_identifiers identifier			v3.2.0
voPersonPolicyAgreement	voPerson	cm_co_t_and_c_agreements		time	v3.2.0
voPersonSoRID	voPerson	cm_identifiers identifier			v3.2.0
voPersonStatus	voPerson	cm_co_people status If attribute options are enabled, cm_co_person_roles status	Only if attribute options are enabled	role	v3.2.0

...

Note
`posixAccount` support is experimental and subject to change in a future release (CO-866). Note the `posixAccount` Object Class requires cn, uid, uidNumber, gidNumber, and homeDirectory, but the LdapProvisioner does not necessarily enforce this in the configuration.

Info
For `ldapPublicKey` integration with OpenSSH, you may find this discussion helpful. Also note that recent releases of OpenSSH include a script that queries LDAP for authorized keys.

...

Space shortcuts

Page tree

Versions Compared

Old Version 49

New Version 50

Key