2.2.15. eduPersonIdentifierOID: 1.3.6.1.4.1.5923.1.1.1.17

RFC4512 definition 

( 1.3.6.1.4.1.5923.1.1.1.17

          NAME 'eduPersonIdentifier'

          DESC 'eduPersonIdentifier per Internet2'

          EQUALITY caseIgnoreMatch

          SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )

Application utility class: standard; # of values: multi

Definition

An identifier for a person, where the type of identifier is prefixed and encapsulated in curly braces. Types must be as defined here. All types are multi-valued, and -- in order to provide value to being stored in a directory – persistent.

TypeDescriptionReassignable?
badgeAn identifier used for physical access control (ie: encoded on an access card)Yes
enterpriseAn organization wide identifier, typically used for system-to-system communication and typically unknown to the userNo
eppneduPersonPrincipalName, as described in this documentYes
epuideduPersonUniqueId, as described in this documentNo
networkAn identifier used for logging into network-accessible services, such as a NetIDYes
x-*For local use 

Example applications for which this attribute would be useful

Cross-referencing different types of identifiers (eg: what a user logged in with, vs more persistent identifiers used by an application to key records)

Example (LDIF Fragment)

eduPersonIdentifier: {eppn}foo@university.edu

eduPersonIdentifier: {eppn}foo2@new-university.edu

eduPersonIdentifier: {enterprise}V135792468

Syntax: directoryString; In general Unicode characters are allowed. In LDAP, this data type implies UTF-8 encoding, and such characters are permitted. However, to reduce the risk of application errors, it is recommended that values contain only characters that could occur in account or login user names. While the UTF-8 encoding will often be appropriate, the specific encoding depends on the technology involved, and may not be limited to UTF-8 when more than LDAP is involved.

Indexing: pres, eq