Screen-friendly page
Printer-friendly pageLDAP Server Schema at UIUC
This page contains information about the Urbana-Champaign campus LDAP server schema.
This page lists the schema used on UIUC's LDAP server (ldap.uiuc.edu) and their relationships to ED fields.
Levels of availability
There are three different levels of availability for the information in these fields. These levels include:
Public: This information is available to all users, on-campus or off-campus, who use either ldap.uiuc.edu or ldap-campus.uiuc.edu as their data source.
Campus-only: This information is available to users who make queries from an on-campus IP address and who query the ldap-campus.uiuc.edu server. It is not available to off-campus non-VPN users or to ldap.uiuc.edu users. (Off campus users who securely connect through the campus VPN and query the ldap-campus.uiuc.edu server are treated as on-campus users.)
Restricted: This information is only available to individuals who have a specific business need for it and who have been granted access by the CITES Identity Management team. This information is available via a secure LDAPS connection to ldap-campus.uiuc.edu. Customers who used to bind to ldap.uiuc.edu for this protected information should now use ldap-campus.uiuc.edu instead.
Individuals in need of restricted information should contact cites-idmanagement@uiuc.edu to explain their business need and be granted access.
User-added schema ordered by attribute name
The italicized text below refers to that specific ED field.
| Field | Field data | Availability | Description |
|---|---|---|---|
| Objectclass: eduPerson |
OID: 1.3.6.1.4.1.5923.1.1.2 Superior: inetOrgPerson |
Public | Added to all 'people' entries to allow for eduPerson attributes |
| Objectclass: uiucEduPerson | OID: 1.3.6.1.4.1.11483.2.1 Superior: eduperson |
Public | Added to all 'people' entries to allow for uiucEdu attributes |
| eduPersonAffiliation | OID: 1.3.6.1.4.1.5923.1.1.1.1 eduPerson per Internet2 and EDUCAUSE |
Public | Populated based on type |
| eduPersonNickname | OID: 1.3.6.1.4.1.5923.1.1.1.2 eduPerson per Internet2 and EDUCAUSE |
Public | Populated based on nickname |
| eduPersonOrgDN single value enforced |
OID: 1.3.6.1.4.1.592 | Public | DN of object representing the campus as a whole |
| eduPersonOrgUnitDN | OID: 1.3.6.1.4.1.5923.1.1.1.4 eduPerson per Internet2 and EDUCAUSE |
Public | Not yet populated |
| eduPersonPrimaryAffiliation single value enforced |
OID: 1.3.6.1.4.1.5923.1.1.1.5 eduPerson per Internet2 and EDUCAUSE |
Public | Populated based on eduPersonAffiliation values |
| eduPersonPrincipalName single value enforced |
OID: 1.3.6.1.4.1.5923.1.1.1.6 eduPerson per Internet2 and EDUCAUSE |
Public | netid@uiuc.edu |
| generationQualifier | OID: 2.5.4.44 RFC 2256 defined attribute to hold a name suffix (e.g. III, Jr) (not contained in standard supplied objectclasses, so added to uiucEduPerson) |
Public | name_suffix (cased) |
| uiucEduCCSOdeny single value enforced |
OID: 1.3.6.1.4.1.11483.1.2 CITES internal |
Restricted | CCSO-deny |
| uiucEduCCSOuid single value enforced |
OID: 1.3.6.1.4.1.11483.1.1 CITES UID |
Restricted [deprecated] | CCSO-uid |
uiucEduCurriculum [DEPRECATED] |
OID: 1.3.6.1.4.1.11483.1.3 University curriculum as an abbreviation and digit indicating college and year in program |
Campus-only [deprecated] | curriculum (uppercased) |
uiucEduCurriculumCode [DEPRECATED; replaced by uiucEduStudentProgramCode] |
OID: 1.3.6.1.4.1.11483.1.4 Campus/college/curriculum code - students |
Campus-only [deprecated] | curriculum_code |
| uiucEduEmployeeType | OID: 1.3.6.1.4.1.11483.1.5 Employee type |
Public | Not yet populated |
| uiucEduFirstName single value enforced |
OID: 1.3.6.1.4.1.11483.1.39 Official firstname |
Public | populated with first_name |
| uiucEduHomeAddress | OID: 1.3.6.1.4.1.11483.1.6 Official home postal address - staff |
Campus-only | home_address (cased address) |
| uiucEduHomeDeptCode single value enforced |
OID: 1.3.6.1.4.1.11483.1.7 Home campus/college/department code - staff |
Campus-only | home_dept_code |
| uiucEduHomeDeptName single value enforced |
OID: 1.3.6.1.4.1.11483.1.8 Home department/unit name - staff |
Public | department (cased) |
| uiucEduHomePhone | OID: 1.3.6.1.4.1.11483.1.9 Official home telephone number - staff |
Campus-only | home_phone (international format) |
| uiucEduLastName single value enforced |
OID: 1.3.6.1.4.1.11483.1.38 Official lastname |
Public | Populated with last_name |
uiucEduLocalAddress [DEPRECATED; replaced by uiucEduMailingAddress] |
OID: 1.3.6.1.4.1.11483.1.11 Official local postal address - students |
Campus-only [deprecated] | local_address (cased address) |
uiucEduLocalPhone [DEPRECATED; replaced by uiucEduMailingAddressPhone] |
OID: 1.3.6.1.4.1.11483.1.12 Official local phone number - students |
Campus-only [deprecated] | local_phone (international format) |
| uiucEduMailingAddress | OID: 1.3.6.1.4.1.11483.1.43 UI-Integrate mailing address - students |
Campus-only | mailing_address (cased address) |
| uiucEduMailingAddressPhone | OID: 1.3.6.1.4.1.11483.1.44 UI-Integrate phone associated with mailing address - students |
Campus-only | mailing_address_phone (international format) |
| uiucEduMiddleName single value enforced |
OID: 1.3.6.1.4.1.11483.1.13 Official user middle name |
Public | Populated with middle_name |
| uiucEduModifiedFromPh single value enforced |
OID: 1.3.6.1.4.1.11483.1.37 Ph extract file last modified from |
Restricted | Unix 'time value' associated with LDIF update |
| uiucEduNetID | OID: 1.3.6.1.4.1.11483.1.14 Campus NetID/alias |
Public | alias (i.e. NetID) |
| uiucEduOfficeAddress | OID: 1.3.6.1.4.1.11483.1.16 Official office postal address - staff |
Public | office_address (cased address) |
| uiucEduOfficePhone | OID: 1.3.6.1.4.1.11483.1.15 Official office phone number |
Public | office_phone (international format) |
| uiucEduOtherAddress | OID: 1.3.6.1.4.1.11483.1.17 User-specified address information |
Public | other_address |
| uiucEduOtherFax | OID: 1.3.6.1.4.1.11483.1.18 User-specified fax information |
Public | fax |
| uiucEduOtherInformation | OID: 1.3.6.1.4.1.11483.1.19 User-specified additional information |
Public | other |
| uiucEduOtherPhone | OID: 1.3.6.1.4.1.11483.1.20 User-specified phone information |
Public | other_phone |
| uiucEduPermanentAddress | OID: 1.3.6.1.4.1.11483.1.21 Official permanent postal address - students |
Campus-only | permanent_address (cased address) |
| uiucEduPermanentPhone | OID: 1.3.6.1.4.1.11483.1.22 Official permanent phone number - students |
Campus-only | permanent_phone (international format) |
| uiucEduPersonalPublicKey | OID: 1.3.6.1.4.1.11483.1.23 User-specified public-key information |
Public | public_key |
| uiucEduPhCreateDate | OID: 1.3.6.1.4.1.11483.1.24 Month/year corresponding ED entry created |
Campus-only | created (ED date format) |
| uiucEduPhInactiveDate | OID: 1.3.6.1.4.1.11483.1.25 Month and year ED noticed the person left the University |
Public | left_uiuc (ED date format) |
| uiucEduPhProxy | OID: 1.3.6.1.4.1.11483.1.26 NetID/alias of other users who can modify entry in ED |
Campus-only | proxy |
| uiucEduPhTerminateDate | OID: 1.3.6.1.4.1.11483.1.27 Month and year entry deemed to expire in ED |
Campus-only | terminate (ED date format) |
| uiucEduPreviousNetID | OID: 1.3.6.1.4.1.11483.1.28 Previous NetID(s) held by this person prior to current NetID |
Public | callsign (plus/minus) |
| uiucEduRegistryID single value enforced |
OID: 1.3.6.1.4.1.11483.1.29 Unique generated ID number for this entry |
Public | Generated unique key for this entry that is never changed or re-used |
| uiucEduSource | OID: 1.3.6.1.4.1.11483.1.30 Data sources for entry in ED |
Campus-only | source (each token as separate value) |
| uiucEduStudentLevelCode | OID: 1.3.6.1.4.1.11483.1.42 Undergrad/grad/professional code |
Campus-only | student_level_code |
| uiucEduStudentProgramCode | OID: 1.3.6.1.4.1.11483.1.40 Campus/college/degree identifier string |
Campus-only | student_program_code |
| uiucEduStudentProgramName | OID: 1.3.6.1.4.1.11483.1.41 Descriptive text corresponding to uiucEduStudentProgramCode |
Campus-only | student_program_name |
| uiucEduSuppress single value enforced |
OID: 1.3.6.1.4.1.11483.1.31 Flag indicating if entry officially suppressed by owner |
Restricted | suppress ('y' if suppress not null) |
| uiucEduText | OID: 1.3.6.1.4.1.11483.1.32 Textual description for unit/phone entries |
Public | text (note: unit/phone entries not being brought over into LDAP yet) |
| uiucEduType | OID: 1.3.6.1.4.1.11483.1.34 Type tags for entry from ED |
Public | type (each token as separate value; 'person', 'phone' removed) |
| uiucEduUIN |
OID: 1.3.6.1.4.1.11483.1.10 University identification number (Icard number) |
Restricted | icard |
| uiucEduUserEmailAddr | OID: 1.3.6.1.4.1.11483.1.35 User-specified email delivery address |
Public | |
| uiucEduUserUrl | OID: 1.3.6.1.4.1.11483.1.36 User-specified home page url |
Public | www |
User-added schema ordered by OID
| Field | Field data | Availability | Description |
|---|---|---|---|
| 1.3.6.1.4.1.5923.1.1.1.1 | eduPersonAffiliation | Public | eduPerson per Internet2 and EDUCAUSE |
| 1.3.6.1.4.1.5923.1.1.1.2 | eduPersonNickname | Public | eduPerson per Internet2 and EDUCAUSE |
| 1.3.6.1.4.1.5923.1.1.1.3 | eduPersonOrgDN single value enforced |
Public | eduPerson per Internet2 and EDUCAUSE |
| 1.3.6.1.4.1.5923.1.1.1.4 | eduPersonOrgUnitDN | Public | eduPerson per Internet2 and EDUCAUSE |
| 1.3.6.1.4.1.5923.1.1.1.5 | eduPersonPrimaryAffiliation single value enforced |
Public | eduPerson per Internet2 and EDUCAUSE |
| 1.3.6.1.4.1.5923.1.1.1.6 | eduPersonPrincipalName single value enforced |
Public | eduPerson per Internet2 and EDUCAUSE |
| Objectclass: 1.3.6.1.4.1.5923.1.1.2 | eduPerson | Public | Superior: inetOrgPerson |
| 1.3.6.1.4.1.11483.1.1 | uiucEduCCSOuid single value enforced |
Restricted [deprecated] | CITES UID |
| 1.3.6.1.4.1.11483.1.2 | uiucEduCCSOdeny single value enforced |
Restricted | CITES internal |
| 1.3.6.1.4.1.11483.1.3 | uiucEduCurriculum [DEPRECATED] | Public [deprecated] | University curriculum as an abbreviation and digit indicating college and year in program |
| 1.3.6.1.4.1.11483.1.4 | uiucEduCurriculumCode [DEPRECATED; replaced by uiucEduStudentProgramCode] | Campus-only [deprecated] | Campus/college/curriculum code - students |
| 1.3.6.1.4.1.11483.1.5 | uiucEduEmployeeType | Public | Employee type |
| 1.3.6.1.4.1.11483.1.6 | uiucEduHomeAddress | Campus-only | Official home postal address - staff |
| 1.3.6.1.4.1.11483.1.7 | uiucEduHomeDeptCode single value enforced |
Campus-only | Home campus/college/department code - staff |
| 1.3.6.1.4.1.11483.1.8 | uiucEduHomeDeptName single value enforced |
Public | Home department/unit name - staff |
| 1.3.6.1.4.1.11483.1.9 | uiucEduHomePhone | Campus-only | Official home telephone number - staff |
| 1.3.6.1.4.1.11483.1.10 | uiucEduUIN |
Restricted | University identification number (Icard number) |
| 1.3.6.1.4.1.11483.1.11 | uiucEduLocalAddress [DEPRECATED; replaced by uiucEduMailingAddress] | Campus-only [deprecated] | Official local postal address - students |
| 1.3.6.1.4.1.11483.1.12 | uiucEduLocalPhone [DEPRECATED; replaced by uiucEduMailingAddressPhone] | Campus-only [deprecated] | Official local phone number - students |
| 1.3.6.1.4.1.11483.1.13 | uiucEduMiddleName single value enforced |
Public | Official user middle name |
| 1.3.6.1.4.1.11483.1.14 | uiucEduNetID | Public | Campus NetID/alias |
| 1.3.6.1.4.1.11483.1.15 | uiucEduOfficePhone | Public | Official office phone number |
| 1.3.6.1.4.1.11483.1.16 | uiucEduOfficeAddress | Public | Official office postal address - staff |
| 1.3.6.1.4.1.11483.1.17 | uiucEduOtherAddress | Public | User-specified address information |
| 1.3.6.1.4.1.11483.1.18 | uiucEduOtherFax | Public | User-specified fax information |
| 1.3.6.1.4.1.11483.1.19 | uiucEduOtherInformation | Public | User-specified additional information |
| 1.3.6.1.4.1.11483.1.20 | uiucEduOtherPhone | Public | User-specified phone information |
| 1.3.6.1.4.1.11483.1.21 | uiucEduPermanentAddress | Campus-only | Official permanent postal address - students |
| 1.3.6.1.4.1.11483.1.22 | uiucEduPermanentPhone | Campus-only | Official permanent phone number - students |
| 1.3.6.1.4.1.11483.1.23 | uiucEduPersonalPublicKey | Public | User-specified public-key information |
| 1.3.6.1.4.1.11483.1.24 | uiucEduPhCreateDate | Campus-only | Month/year corresponding ED entry created |
| 1.3.6.1.4.1.11483.1.25 | uiucEduPhInactiveDate | Public | Month and year ED noticed the person left the University |
| 1.3.6.1.4.1.11483.1.26 | uiucEduPhProxy | Campus-only | NetID/alias of other users who can modify entry in ED |
| 1.3.6.1.4.1.11483.1.27 | uiucEduPhTerminateDate | Campus-only | Month and year entry deemed to expire in ED |
| 1.3.6.1.4.1.11483.1.28 | uiucEduPreviousNetID | Public | Previous NetID held by this person prior to current NetID |
| 1.3.6.1.4.1.11483.1.29 | uiucEduRegistryID single value enforced |
Public | Unique generated ID number for this entry |
| 1.3.6.1.4.1.11483.1.30 | uiucEduSource | Campus-only | Data sources for entry in ED |
| 1.3.6.1.4.1.11483.1.31 | uiucEduSuppress single value enforced |
Restricted | Flag indicating if entry officially suppressed by owner |
| 1.3.6.1.4.1.11483.1.32 | uiucEduText | Public | Textual description for unit/phone entries |
| 1.3.6.1.4.1.11483.1.34 | uiucEduType | Public | Type tags for entry from ED |
| 1.3.6.1.4.1.11483.1.35 | uiucEduUserEmailAddr | Public | User-specified email delivery address |
| 1.3.6.1.4.1.11483.1.36 | uiucEduUserUrl | Public | User-specified home page url |
| 1.3.6.1.4.1.11483.1.37 | uiucEduModifiedFromPh single value enforced |
Restricted | ED extract file last modified from |
| 1.3.6.1.4.1.11483.1.38 | uiucEduLastName single value enforced |
Public | Official lastname |
| 1.3.6.1.4.1.11483.1.39 | uiucEduFirstName single value enforced |
Public | Official firstname |
| 1.3.6.1.4.1.11483.1.40 | uiucEduStudentProgramCode |
Campus-only | Campus/college/degree identifier string |
| 1.3.6.1.4.1.11483.1.41 | uiucEduStudentProgramName |
Campus-only | Descriptive text corresponding to uiucEduStudentProgramCode |
| 1.3.6.1.4.1.11483.1.42 | uiucEduStudentLevelCode |
Campus-only | Undergrad/grad/professional code |
| 1.3.6.1.4.1.11483.1.43 | uiucEduMailingAddress | Campus-only | UI-Integrate mailing address - students |
| 1.3.6.1.4.1.11483.1.44 | uiucEduMailingAddressPhone | Campus-only | UI-Integrate phone associated with mailing address - students |
| Objectclass: 1.3.6.1.4.1.11483.2.1 | uiucEduPerson | Public | Superior: eduperson |
'Standard' schema elements ordered by attribute name
The italicized text below refers to specific ED fields.
| Objectclasses: | top, person, organizationalPerson, inetOrgPerson | Availability | Added to all 'people' entries to allow for various standard attributes |
| cn | OID: 2.5.4.3 Standard common name, RFC 2256 |
Public | Populated with all useful lookup forms of name |
| displayName single value enforced |
OID: 2.16.840.1.113730.3.1.241 preferred name of a person to be used when displaying entries, RFC 2798 |
Public | Populated with full name (essentially the pretty_name) |
| generationQualifier | OID: 2.5.4.44, RFC 2256 See above in user-added section |
Public | See above in user-added section |
| givenName | OID: 2.5.4.42 Standard firstname, RFC 2256 |
Public | Populated with first_name |
| labeledUri | OID: 1.3.6.1.4.1.250.1.57 Uniform Resource Identifier with optional label, RFC 2079 |
Public | If user has a www field, populate with ED redirect url (www.illinois.edu/ph/www/NetID) |
| OID: 0.9.2342.19200300.100.1.3 rfc822mailbox, RFC 1274 |
Public | Populated in form 'mailid@(uiuc|uillinois).edu' | |
| ou | OID: 2.5.4.11 Organizational unit name, RFC 2256 |
Public | Populated with department (see uiucEduHomeDeptName) if that exists |
| postalAddress | OID: 2.5.4.16 Standard postal address, RFC 2256 |
Public | address (cased address) |
| sn | OID: 2.5.4.4 Standard lastname (surname), RFC 2256 |
Public | Populated with last_name |
| telephoneNumber | OID: 2.5.4.20 Standard telephone number, RFC 2256 |
Public | phone (international format) |
| title | OID: 2.5.4.12 title(s), RFC 2256 |
Public | title (each title as separate value; cased) |
| uid | OID: 0.9.2342.19200300.100.1.1 userid, RFC 1274 |
Public | NetID |
How Various Fields are Populated
The following notes on how various LDAP attributes are populated from ED are linked from the tables above.
-
Affiliation based on type: The eduPersonAffiliation (and the related eduPersonPrimaryAffiliation attribute) has a controlled vocabulary defined by the eduPerson specification: faculty, student, staff, alum, member, affiliate, employee.
The ED type field tokens are mapped into these affiliation values as follows:
ED type value eduPersonAffiliation values staff staff, employee, member student, extramural student, member retired, unihigh, special member allied, iei affiliate extrahelp employee The eduPersonPrimaryAffiliation attribute is intended to represent the primary role of the individual. The first value in the following list that occurs in the eduPersonAffiliation attribute is chosen as the primary affiliation: faculty, staff, student, member, employee, affiliate.
-
The nickname attribute: The eduPersonNickname attribute is populated based on
the ED nickname field. These same values are also used to generate
alternate givenName and cn values (see "Value
generation for name-related attributes" below).
Note that the following rules are currently in place for generating values for eduPersonNickname from nickname:
- nickname is converted into pure ascii and broken into 'tokens' (by whitespace and other separators). If the token is longer than nine characters, has anything other than alphanumeric characters, or is a common word (e.g., 'and', 'are'), it is discarded.
- If the token is the same as a previous nickname or firstname(s) of the person, it is discarded.
- Only up to the first four valid nicknames (based on the preceding rules) are used.
In addition, as things are currently written, if the user has a two-word or longer firstname, each individual part of that will end up as additional values for eduPersonNickname.
-
Value generation for name-related
attributes: A variety of representations of a person's name
are generated as values for several of the attributes in order to make
this LDAP directory as useful as possible from an address book perspective.
Common email clients, such as Outlook/Outlook Express, and Netscape,
do address book lookups against an LDAP directory by constructing queries
involving the standard name-related LDAP attributes (e.g., cn, givenName, and sn) unless the user does an advanced search
or modifies the client's preferences. And, these clients have different
defaults in how they specify 'wildcarding' in the query. Thus, generating
multiple values of these standard name attributes helps increase the
likelihood of finding someone.
In order to improve the appearance of the name fields in displays, there are 'capitalization heuristics' that attempt to do the best job of guessing which letters should be capitalized. For those relatively few entries in ED that do not have 'name component fields' (e.g., last_name, first_name) specified, there are heuristics that guess the first and last names from the name field. Any Latin1 characters are 'folded' into the ascii equivalent.
In order to provide applications an easy way to determine the 'most official' form of the name, there are several name attibutes that have a single value. The displayName attribute contains an equivalent to the pretty_name. And, the attributes uiucEduFirstName, uiucEduMiddleName, uiucEduLastName, and generationQualifier (name_suffix) contain the name components.
The givenName attribute contains the first name and any nicknames generated according to the rules above. If the first name consists of multiple words, each is an additional value for givenName. The sn attribute contains the last name and, if the last name contains multiple words, an additional value for each. The cn attribute contains the full name and most of the various combinations of givenName and sn attribute values, in both "first last" and "last, first" order.
-
Value generation for address-related
attributes: The various official institutional address fields
in ED all have a corresponding attribute in the directory, with the
standard LDAP attribute postalAddress being populated from address.
As for the name values above, heuristics are used to capitalize these
addresses and, in a few cases, attempt to 'normalize' them. This includes
folding Latin1 characters into ascii.
Each of these addresses is stored according to the formatting rules for a postalAddress attribute (i.e., a dollar sign $ character is used to separate the lines of the address). Any $ character actually occurring in an address is appropriately escaped (\24) (i.e., the '6.27. Postal Address' syntax rules from RFC2252 are observed.)
-
Value generation for phone-related
attributes: The various official institutional phone fields
in ED all have a corresponding attribute in the directory, with the
standard LDAP attribute telephoneNumber being populated from phone. All the official phone values are reformatted into the
international form as described in E.123 and recommended by RFC2252
and eduPerson. This generally has the form "+1 ddd ddd dddd".
-
Value generation for ED
date attributes: Several of the ED date-related fields (e.g., left_uiuc, created) have a corresponding attribute in
the directory. In ED, these dates generally are in the format 'M/YYYY.'
Dates in this format are changed to the format 'YYYYMM' to make them
more useful for value range comparisons.
- Value generation for uiucEduPreviousNetID: The uiucEduPreviousNetID attribute is populated based on the ED callsign field. Each distinct value (word) in the callsign that appears to be a previous NetID becomes a value for uiucEduPreviousNetID. Any value that contains capital letters or letters following a digit is assumed to be a ham radio callsign and is ignored.