| » About NACS |
Saturday July 5th, 2008 |
|
|
| » About NACS |
Saturday July 5th, 2008 |
|
|
|
Summary: LDAP usage information and notes about the change to the field names for directory information in LDAP in order to comply with internet naming standards.
IMPORTANT: The LDAP schema has changed. Any automated clients querying LDAP must be updated to use the new schema! See the table below for schema translations.
The current LDAP URL is ldap://ldap.service.uci.edu or ldap://ucildapv3.service.uci.edu.
"ou=University of California Irvine,o=University of California, c=US" -- this has not changed in the new version.
"uid=XXXXXXX,ou=University of California Irvine,o=University of California, c=US" where XXXXXXX = the ucinetid of the object -- this has not changed in the new version.
The new version of LDAP supports TLS. LDAP using SSL (ldaps) is not supported. In order to use TLS, the client must connect to the ldap server on the unsecure port 389 and issue the command startTLS. Security will then be negotiated. Most LDAP clients support this. The certificate is self signed, and can be authenticated with the Certificate Authority cert found here: Certificate. The certificate will change once the system is renamed to ldap.service.uci.edu. Some clients may require the certificate.
The data in UCI's ldap directory is separated into public and private zones. Normal users cannot get access to the private data, which holds information such as birthday and student ID. If you would like to apply for access to private information, email nacs@uci.edu.
Currently, a directory entry's affiliation with UCI is in the uciAffiliation attribute. This is a multi-valued attribute, so an entry could have two or more affiliations. For example, if a person was both a student and staff, they would have the 'student','employee' and 'staff' affiliation (staff as opposed to faculty). The current affiliations are: student, employee, staff, faculty, guest, retiree, group, and former_student.
The following table shows the current PH (UCI Directory) schema on the left, and the LDAP schemas on the right. The table also shows which PH fields in LDAP will be publicly viewable. The newest version of LDAP has been designed so that all of the PH data will be in LDAP. Some names and formats have also changed with the new schema. These changes have taken place in an attempt to make our LDAP directory more standards compliant. See below for a color key and more notes on changes.
| PH Field Name | Old LDAP Name | New LDAP Field Name(s) | Aliases | Public | Format Changes |
|---|---|---|---|---|---|
| activated_on | activatedOn | X | |||
| adddate | addDate | ||||
| alias | uid,ucinetid,sn,eduPersonPrincipalName | uid,ucinetid,eduPersonPrincipalName | X | ||
| answer | answer | ||||
| b_day | bDay | bDay in dateTime format | |||
| callsign | callsign | X | |||
| campus_id | campusId | campusId | X | ||
| curriculum | curriculum | X | |||
| delete_date | deleteDate | X | |||
| department | department | department | X | ||
| department_code | depCode | departmentNumber | depCode | X | |
| department_code2 | depCode | departmentNumber | depCode | X | |
| department2 | department | department | X | ||
| dept_phone | deptPhone | X | |||
| mailForwardingAddress | mailDeliveryPoint | mailForwardingAddress | X | ||
| email_address | X | ||||
| emailname | emailName | X | |||
| employee_id | employeeId | employeeNumber | employeeId | ||
| emptime | empTime | ||||
| ext | ext | ext | X | ||
| fax_number | fax-number | facsimileTelephoneNumber | fax,fax-number,faxNumber | X | facsimileTelephoneNumber in phone format |
| flags | flags | ||||
| guest_expiration | guestExpiration | X | guestExpiration in dateTime format | ||
| guest_id | guestId | guestId | |||
| guest_reason | guestReason | X | |||
| guest_sponsor | guestSponsor | X | |||
| hero | hero | X | |||
| home_address | homePostalAddress,street | streetAddress | |||
| home_city | l | localityName | |||
| home_page_url | home-page-url | homePageUrl | home-page-url | X | |
| home_phone | homePhone | homeTelephoneNumber | |||
| home_state | st | ||||
| home_zip | homeZip | ||||
| hours | hours | X | |||
| id | altId | ||||
| last_first_name | sn,lastFirstName | X | sn only has last name | ||
| N / A | lastRefresh | X | last refresh of data in record in ldap | ||
| lastreset | lastReset | X | lastReset in dateTime format | ||
| lka | lka | X | |||
| mail_address | mailAddress | ||||
| mailcode | mailcode | postalCode,mailcode | X | postalCode has 92697 added | |
| major | major | major | X | ||
| name | cn,givenName,sn | displayName,cn,givenName,sn | X | givenName only has first name | |
| nickname | cn | cn,nickName | X | ||
| office_address | address | postalAddress | X | ||
| office_address2 | address | postalAddress | X | ||
| other_info | otherInfo | X | |||
| payroll_title | payrollTitle | ||||
| phone | telephoneNumber | telephoneNumber | phone | X | standard phone number format |
| picture_url | picture-url | pictureUrl | picture-url | X | |
| printed | printed | X | |||
| project | project | X | |||
| question | question | ||||
| receive_printed | receivePrinted | X | |||
| release_personal | releasePersonal | releasePersonal | X | ||
| rewrite | rewrite | X | |||
| searchname | searchName | ||||
| stu_email_release | stuEmailRelease | stuEmailRelease | |||
| student_address | studentAddress | X | |||
| student_id | studentId | studentId | |||
| student_id2 | studentId | ||||
| student_level | studentLevel | X | |||
| student_phone | studentPhone | X | studentPhone in phone number format | ||
| summer_id | studentId | ||||
| title | title | title | X | ||
| title2 | title | title | X | ||
| type | eduPersonAffiliation,uciAffiliation | userClass,type,eduPersonAffiliation,uciAffiliation | X | ||
| UCSA | ucsa | X | |||
| udir_id | ucnetid | ucnetId | |||
| unex_id | studentId | ||||
| lastRefresh | X | last refresh of data in the ldap record | |||
| methodOfIssuance | X | method id was issued | |||
| levelOfAssurance | X | 1-5 scale of how straong authentication is | |||
| suspect | X | flag for suspected duplicate identities | |||
| titleCode | primary payroll title code | ||||
| facultyLevel | X | Full,Associate or Assistant if primary title code is faculty | |||
| facultyLevel | X | Full,Associate or Assistant if primary title code is faculty | |||
| phhash | MD5 hash of ph record, useful for detecting changes to PH data |
| Color Key |
|---|
| No Changes to schema since previous LDAP version |
| Changes Made |
| New PH field in LDAP |
A number of aliases for attributes have been incorporated into the schema for legacy support.
If your application specifies attribute names to be returned, the alias system will understand the attribute you are requesting, and return attributes those attributes, however, they will be named with their primary names in the return result.
If, however, your queries does not specify which attributes it wants returned, the attribute names returned will be their new official names. One can also use aliased names in search filters.
For example, the PH field 'phone' is now stored in LDAP as 'telephoneNumber' in accordance with the iNetOrgPerson schema. 'phone' is also now an alias for 'telephoneNumber'. If the attribute 'phone' is requested, the attribute will show up in the response as name 'telephoneNumber'. If a general query of all data occurs without specifying attribute names, the attribute will be returned as 'telephoneNumber'.
While LDAP is not case sensitive, many programming language are. Any query being made to the LDAP server will be case insensitive. However, once an ldap result is being used inside a case sensitive programming language, the language will treat attribute names as case sensitive. This is the case in PHP. PHP will automatically lowercase all attribute names in a result hash to avoid confusion.
| Name | OID | Notes |
|---|---|---|
| uciperson | 2.16.840.1.113916.5.6.2.1 | used for PH type guest, student and person (staff/faculty) -- inherits from iNetOrgPerson and is supplemented by eduPerson |
| uciobject | 2.16.840.1.113916.5.6.2.2 | structural object, used for inheritance only |
| uciforward | 2.16.840.1.113916.5.6.2.3 | used for PH type forward or duplicate |
| ucimaillist | 2.16.840.1.113916.5.6.2.4 | used for PH type list |
| ucigroup | 2.16.840.1.113916.5.6.2.5 | used for PH type group |
| ucidepartment | 2.16.840.1.113916.5.6.2.6 | used for PH type dept |
| ucinetreg | 2.16.840.1.113916.5.6.2.7 | used for PH type netreg |
| Name | OID | Data Type | Single or Multi Valued | Indexed in Database? |
|---|---|---|---|---|
| activatedOn | 2.16.840.1.113916.5.6.1.15 | string | SINGLE-VALUE | |
| addDate | 2.16.840.1.113916.5.6.1.16 | string | SINGLE-VALUE | |
| altId | 2.16.840.1.113916.5.6.1.49 | string | ||
| answer | 2.16.840.1.113916.5.6.1.17 | string | SINGLE-VALUE | |
| bDay | 2.16.840.1.113916.5.6.1.18 | date and time | SINGLE-VALUE | |
| callsign | 2.16.840.1.113916.5.6.1.22 | string | ||
| campusId | 2.16.840.1.113916.5.6.1.8 | string | SINGLE-VALUE | indexed |
| curriculum | 2.16.840.1.113916.5.6.1.19 | string | SINGLE-VALUE | |
| deleteDate | 2.16.840.1.113916.5.6.1.20 | string | SINGLE-VALUE | |
| department | 2.16.840.1.113916.5.6.1.2 | string | indexed | |
| deptPhone | 2.16.840.1.113916.5.6.1.21 | string | ||
| emailName | 2.16.840.1.113916.5.6.1.55 | string | SINGLE-VALUE | indexed |
| empTime | 2.16.840.1.113916.5.6.1.23 | string | ||
| ext | 2.16.840.1.113916.5.6.1.11 | string | indexed | |
| facultyLevel | 2.16.840.1.113916.5.6.1.57 | string | SINGLE-VALUE | |
| flags | 2.16.840.1.113916.5.6.1.24 | string | ||
| guestExpiration | 2.16.840.1.113916.5.6.1.25 | date and time | SINGLE-VALUE | |
| guestId | 2.16.840.1.113916.5.6.1.5 | string | SINGLE-VALUE | indexed |
| guestReason | 2.16.840.1.113916.5.6.1.26 | string | ||
| guestSponsor | 2.16.840.1.113916.5.6.1.27 | string | ||
| hero | 2.16.840.1.113916.5.6.1.28 | string | SINGLE-VALUE | |
| homePageUrl | 2.16.840.1.113916.5.6.1.12 | string | ||
| homeZip | 2.16.840.1.113916.5.6.1.29 | string | SINGLE-VALUE | |
| hours | 2.16.840.1.113916.5.6.1.30 | string | ||
| lastFirstName | 2.16.840.1.113916.5.6.1.31 | string | indexed | |
| lastRefresh | 2.16.840.1.113916.5.6.1.51 | date and time | SINGLE-VALUE | |
| lastReset | 2.16.840.1.113916.5.6.1.32 | date and time | SINGLE-VALUE | |
| levelOfAssurance | 2.16.840.1.113916.5.6.1.53 | string | SINGLE-VALUE | |
| lka | 2.16.840.1.113916.5.6.1.33 | string | ||
| mailAddress | 2.16.840.1.113916.5.6.1.34 | string | ||
| mailcode | 2.16.840.1.113916.5.6.1.10 | string | SINGLE-VALUE | |
| mailDeliveryPoint | 2.16.840.1.113916.5.6.1.6 | string | SINGLE-VALUE | |
| major | 2.16.840.1.113916.5.6.1.4 | string | ||
| methodOfIssuance | 2.16.840.1.113916.5.6.1.52 | string | SINGLE-VALUE | |
| nickName | 2.16.840.1.113916.5.6.1.50 | string | ||
| otherInfo | 2.16.840.1.113916.5.6.1.35 | string | ||
| payrollTitle | 2.16.840.1.113916.5.6.1.36 | string | ||
| phhash | 2.16.840.1.113916.5.6.1.58 | string | ||
| pictureUrl | 2.16.840.1.113916.5.6.1.7 | string | ||
| printed | 2.16.840.1.113916.5.6.1.37 | string | SINGLE-VALUE | |
| project | 2.16.840.1.113916.5.6.1.38 | string | ||
| question | 2.16.840.1.113916.5.6.1.39 | string | SINGLE-VALUE | |
| receivePrinted | 2.16.840.1.113916.5.6.1.40 | string | SINGLE-VALUE | |
| releasePersonal | 2.16.840.1.113916.5.6.1.13 | string | SINGLE-VALUE | indexed |
| rewrite | 2.16.840.1.113916.5.6.1.41 | string | SINGLE-VALUE | |
| searchName | 2.16.840.1.113916.5.6.1.42 | string | indexed | |
| socialSecurity | 2.16.840.1.113916.5.6.1.43 | string | SINGLE-VALUE | indexed |
| studentAddress | 2.16.840.1.113916.5.6.1.44 | string | SINGLE-VALUE | |
| studentId | 2.16.840.1.113916.5.6.1.3 | string | indexed | |
| studentLevel | 2.16.840.1.113916.5.6.1.45 | string | SINGLE-VALUE | |
| studentPhone | 2.16.840.1.113916.5.6.1.46 | telephone number | SINGLE-VALUE | |
| stuEmailRelease | 2.16.840.1.113916.5.6.1.14 | string | SINGLE-VALUE | indexed |
| suspect | 2.16.840.1.113916.5.6.1.54 | string | SINGLE-VALUE | |
| titleCode | 2.16.840.1.113916.5.6.1.56 | string | ||
| type | 2.16.840.1.113916.5.6.1.48 | string | SINGLE-VALUE | indexed |
| ucinetid | 2.16.840.1.113916.5.6.1.1 | string | SINGLE-VALUE | indexed |
| ucnetId | 2.16.840.1.113916.5.6.1.9 | string | SINGLE-VALUE | indexed |
| ucsa | 2.16.840.1.113916.5.6.1.47 | string | SINGLE-VALUE | |
| uciAffiliation | 2.16.840.1.113916.5.6.1.59 | string | indexed |
UCI also uses a number of attributes from other schemas, most notably iNetOrgPerson (and all of its inherited schema), and eduPerson.
| Attribute Name | Alias | RFC Spec. Number | Indexed in Database? |
|---|---|---|---|
| cn | commonName | 2256 | indexed |
| departmentNumber | 2798 | indexed | |
| displayName | 2798 | ||
| employeeNumber | 2798 | indexed | |
| facsimileTelephoneNumber | fax | 2256 | |
| givenName | gn | 2256 | indexed |
| homePhone | homeTelephoneNumber | 1274 | |
| homePostalAddress | 1274 | ||
| l | localityName | 2256 | |
| rfc822Mailbox | 1274 | indexed | |
| postalAddress | 2256 | ||
| postalCode | 2256 | ||
| sn | surname | 2256 | indexed |
| st | stateOrProvinceName | 2256 | |
| street | streetAddress | 2256 | |
| telephoneNumber | 2256 | indexed | |
| title | 2256 | ||
| uid | userid | 1274 | indexed |
| userClass | 1274 | indexed | |
| userPassword | 2256 2307 |
