This wiki is deprecated. All eduPerson and eduOrg activities have been moved to REFEDS: https://refeds.org/specifications



# ======================================================================================================================================
#
# File: eduPerson.ldf
# Version: 201310-20170503
# 
# This file should be imported with the following command while logged in to the Domain Controller as an Admin User:
# ldifde -i -f eduPerson.adschema.ldif -v -j <PATH TO LOGFILES>
#
# REMEMBER TO SEARCH AND REPLACE DC=X WITH YOUR DC SUFFIX
#
# =======================================================================================================================================
# ==================================================================
# Attributes
# ==================================================================
dn: CN=eduPersonAffiliation,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
cn: eduPersonAffiliation
lDAPDisplayName: eduPersonAffiliation
adminDisplayName: eduPersonAffiliation
adminDescription: Specifies the person's relationship(s) to the institution, permissible values: faculty, student, staff, alum, member, affiliate, employee
attributeID: 1.3.6.1.4.1.5923.1.1.1.1
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: FALSE
searchFlags: 1
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
dn: CN=eduPersonNickname,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
cn: eduPersonNickname
lDAPDisplayName: eduPersonNickname
adminDisplayName: eduPersonNickname
adminDescription: Person's nickname, or the informal name by which they are accustomed to be hailed
attributeID: 1.3.6.1.4.1.5923.1.1.1.2
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: FALSE
searchFlags: 1
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
dn: CN=eduPersonOrgDN,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
cn: eduPersonOrgDN
lDAPDisplayName: eduPersonOrgDN
adminDisplayName: eduPersonOrgDN
adminDescription: Specifies the person's relationship(s) to the institution, permissible values: faculty, student, staff, alum, member, affiliate, employee
attributeID: 1.3.6.1.4.1.5923.1.1.1.3
attributeSyntax: 2.5.5.1
oMSyntax: 127
isSingleValued: TRUE
searchFlags: 0
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
dn: CN=eduPersonOrgUnitDN,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
cn: eduPersonOrgUnitDN
lDAPDisplayName: eduPersonOrgUnitDN
adminDisplayName: eduPersonOrgUnitDN
adminDescription: The distinguished name(s) (DN) of the directory entries representing the person's Organizational Unit(s)
attributeID: 1.3.6.1.4.1.5923.1.1.1.4
attributeSyntax: 2.5.5.1
oMSyntax: 127
isSingleValued: FALSE
searchFlags: 0
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
dn: CN=eduPersonPrimaryAffiliation,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
cn: eduPersonPrimaryAffiliation
lDAPDisplayName: eduPersonPrimaryAffiliation
adminDisplayName: eduPersonPrimaryAffiliation
adminDescription: Specifies the person's PRIMARY relationship to the institution in broad categories such as student, faculty, staff, alum, etc
attributeID: 1.3.6.1.4.1.5923.1.1.1.5
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
searchFlags: 1
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
dn: CN=eduPersonPrincipalName,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
cn: eduPersonPrincipalName
lDAPDisplayName: eduPersonPrincipalName
adminDisplayName: eduPersonPrincipalName
adminDescription: The "NetID" of the person for the purposes of inter-institutional authentication. It should be represented in the form "user@scope" where scope defines a local security domain
attributeID: 1.3.6.1.4.1.5923.1.1.1.6
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
searchFlags: 1
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
dn: CN=eduPersonEntitlement,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
cn: eduPersonEntitlement
lDAPDisplayName: eduPersonEntitlement
adminDisplayName: eduPersonEntitlement
adminDescription: URI (either URN or URL) that indicates a set of rights to specific resources
attributeID: 1.3.6.1.4.1.5923.1.1.1.7
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: FALSE
searchFlags: 1
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
dn: CN=eduPersonPrimaryOrgUnitDN,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
cn: eduPersonPrimaryOrgUnitDN
lDAPDisplayName: eduPersonPrimaryOrgUnitDN
adminDisplayName: eduPersonPrimaryOrgUnitDN
adminDescription: The distinguished name (DN) of the directory entry representing the person's primary Organizational Unit(s)
attributeID: 1.3.6.1.4.1.5923.1.1.1.8
attributeSyntax: 2.5.5.1
oMSyntax: 127
isSingleValued: TRUE
searchFlags: 0
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
dn: CN=eduPersonScopedAffiliation,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
cn: eduPersonScopedAffiliation
lDAPDisplayName: eduPersonScopedAffiliation
adminDisplayName: eduPersonScopedAffiliation
adminDescription: Specifies the person's affiliation (see eduPersonAffiliation) within a particular security domain, the values consist of a left (affiliation) and right component (security domain) separated by an "@" sign
attributeID: 1.3.6.1.4.1.5923.1.1.1.9
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: FALSE
searchFlags: 1
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
dn: CN=eduPersonTargetedID,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
cn: eduPersonTargetedID
lDAPDisplayName: eduPersonTargetedID
adminDisplayName: eduPersonTargetedID
adminDescription: a tuple consisting of an opaque identifier for the principal, a name for the source of the identifier, and a name for the intended audience of the identifiere
attributeID: 1.3.6.1.4.1.5923.1.1.1.10
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: FALSE
searchFlags: 0
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
dn: CN=eduPersonAssurance,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
cn: eduPersonAssurance
lDAPDisplayName: eduPersonAssurance
adminDisplayName: eduPersonAssurance
adminDescription: Set of URIs that assert compliance with specific standards for identity assurance.
attributeID: 1.3.6.1.4.1.5923.1.1.1.11
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: FALSE
searchFlags: 0
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
dn: CN=eduPersonPrincipalNamePrior,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
cn: eduPersonPrincipalNamePrior
lDAPDisplayName: eduPersonPrincipalNamePrior
adminDisplayName: eduPersonPrincipalNamePrior
adminDescription: The Previous "NetID" of the person for the purposes of inter-institutional authentication. It should be represented in the form "user@scope" where scope defines a local security domain
attributeID: 1.3.6.1.4.1.5923.1.1.1.12
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: FALSE
searchFlags: 1
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
dn: CN=eduPersonUniqueID,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
cn: eduPersonUniqueID
lDAPDisplayName: eduPersonUniqueID
adminDisplayName: eduPersonUniqueID
adminDescription: A long-lived, non re-assignable, omnidirectional identifier unique to each individual.
attributeID: 1.3.6.1.4.1.5923.1.1.1.13
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
searchFlags: 0
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
dn: CN=eduPersonOrcid,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
cn: eduPersonOrcid
lDAPDisplayName: eduPersonOrcid
adminDisplayName: eduPersonOrcid
adminDescription: ORCID iDs are persistent digital identifiers for individual researchers to unambiguously and definitively link them with their scholarly work products. ORCID iDs are assigned, managed and maintained by the ORCID organization.
attributeID: 1.3.6.1.4.1.5923.1.1.1.16
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
searchFlags: 0
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-

# ==================================================================
# Object classes
# ==================================================================
dn: CN=eduPerson,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: classSchema
cn: eduPerson
lDAPDisplayName: eduPerson
adminDisplayName: eduPerson
adminDescription: Consists of a set of data elements or attributes about individuals within higher education
governsID: 1.3.6.1.4.1.5923.1.1.2
objectClassCategory: 3
subclassOf: top
rdnAttId: cn
mayContain: 1.3.6.1.4.1.5923.1.1.1.1
mayContain: 1.3.6.1.4.1.5923.1.1.1.2
mayContain: 1.3.6.1.4.1.5923.1.1.1.3
mayContain: 1.3.6.1.4.1.5923.1.1.1.4
mayContain: 1.3.6.1.4.1.5923.1.1.1.5
mayContain: 1.3.6.1.4.1.5923.1.1.1.6
mayContain: 1.3.6.1.4.1.5923.1.1.1.7
mayContain: 1.3.6.1.4.1.5923.1.1.1.8
mayContain: 1.3.6.1.4.1.5923.1.1.1.9
mayContain: 1.3.6.1.4.1.5923.1.1.1.10
mayContain: 1.3.6.1.4.1.5923.1.1.1.11
mayContain: 1.3.6.1.4.1.5923.1.1.1.12
mayContain: 1.3.6.1.4.1.5923.1.1.1.13
mayContain: 1.3.6.1.4.1.5923.1.1.1.16

defaultObjectCategory: CN=eduPerson,cn=Schema,cn=Configuration,dc=X
systemOnly: FALSE
dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=User,CN=Schema,CN=Configuration,DC=X
changetype: modify
add: auxiliaryClass
auxiliaryClass: eduPerson
-
dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
  • No labels

6 Comments

  1. David Bantz (alaska.edu)

    Updated 2017-05-03 to add eduPersonOrcid and correct single/multi values for ePUID and ePPNP to match definitions at 
    http://software.internet2.edu/eduperson/internet2-mace-dir-eduperson-201602.html

  2. James Babb (internet2.edu)

    FYI, it looks like that when copying out of confluence, the extra lines between each dn are removed, which cause the import to fail.  If you are having trouble importing this in to your AD, double check that your file has a blank line in between each dn like in the original on this page. 

    1. Jon Miner

      I suspect it's a Confluence formatting oddity.  It's a series of <pre>object</pre>, which will render to display with spaces between them, but don't actually.  I blame the Confluence upgrade.  I don't have edit access or I would take a stab at fixing it (I have a corrected LDIF)...  But in the meantime, maybe we could attach the correct LDIF to the page for download?

      1. Nicole Roy

        I agree - I'd say we should remove the LDIF from the rendered wiki and just upload it as an attachment and link to the attachment.

  3. Geoffrey Duke

    Atlassian has BitBucket; is that available to I2? The LDIF files could be in a Git repository, which seems more appropriate than a wiki page.

  4. Nicole Roy

    This is no longer relevant, as all care and feeding of eduPerson and eduOrg have moved to REFEDS.