LDAP Attributes

RFC 2251 defines LDAP v3, wherein attributes of an object are identified by a short name and an OID (object identifier). It is permissible for organisations with their own Private Enterprise OID to create attributes for their own purposes by assigning an OID from their Private Enterprise OID namespace.

The University has its own Private Enterprise OID, and hence can allocate its own LDAP attributes in directories it administers.

Contact

For more information, please contact urn-admin@strath.ac.uk.

Registrations

The following registrations have been made for LDAP attributes with OIDs in the arc 1.3.6.1.4.1.7577.

Most are probably a string type.

Represents the Active Directory LDAP attribute "isMemberOf", which contains a set of groups the user is a member of, used in Shibboleth.
University of Strathclyde LDAP attributes
Value Type Name Syntax Values Status Directory Description Comments
.10.1.1.1 class strathPerson - - - dir0 -  
.10.1.2.1 attr personId - - inactive dir0 An identifier for a person. See strathAcUkPersonId instead.
.10.1.2.10 attr strathAcUkPersonID - - active DS + dir0 The PersonID allocated by HR.  
.10.1.2.11 attr strathAcUkRegistrationNumber - - active DS + dir0 The Registration Number from Student Registry. Only applies to student accounts. Non-existent for other types of account.
.10.1.2.12 attr strathAcUkTest2 - - disused test DS -  
.10.1.2.13 attr strathAcUkAccountCategory string, single-valued 'staff-primary'
'staff-secondary'
'undergraduate'
'postgraduate'
'postgraduate-research'
'pre-registered'
'visitor(non-student)'
'class/conference'
'external-student'
'limited-access'
'it-access'
'completed-student'
'other'
active DS The category this account is assigned. Perhaps should be considered able to be multi-valued. These enumerations should really have been URNs, but we missed the boat with that one.
.10.1.2.14 attr strathAcUkPrimaryIPAddress - - active DS The "primary" IP address of an Active Directory Computer object.  
.10.1.2.15 attr strathAcUkIPAddress - - active DS All IP addresses of an Active Directory Computer object.  
.10.1.2.16 attr strathAcUkLibraryNumber - - active? DS The Library Number of a University person. Not sure this is actually populated for anyone.
.10.1.2.17 attr strathAcUkFaculty unicode string - not yet implemented DS The Faculty or other high-level organisational division to which a University person belongs. UNDER DISCUSSION
.10.1.2.18 attr strathAcUkEntitlements unicode string urn:mace:ac.uk:strath.ac.uk:dir:entitlement:dreamspark not yet implemented DS The set of URNs representing entitlements to services that this account may have. UNDER DISCUSSION
.10.1.2.19 attr strathAcUkADIsMemberOf unicode string as for the AD LDAP "isMemberOf" attribute active Shibboleth Represents the Active Directory LDAP attribute "isMemberOf", which contains a set of groups the user is a member of, used in Shibboleth.
.10.1.2.20 attr strathAcUkSyncWithAAD unicode string, single-valued 'y' or 'n' (and potentially other future values) active DS Indicate whether a user object will be synced to Azure AD
  1. dir0 is the LDAP directory once used by Pegasus and Cool/Mail
  2. DS is the production Active Directory ("DS") service
  3. ADtest2k was the 'test' Active Directory service

As examples:

  1. A new Active Directory class would have the OID 1.3.6.1.4.1.7577.10.1.1. followed by the integer number;
  2. A new Active Directory attributes would have the OID 1.3.6.1.4.1.7577.10.1.2. followed by the integer number.