This information is deprecated. It has been moved to the REFEDS Schema Board wiki: https://wiki.refeds.org/display/STAN/eduPerson
# # eduPerson Objectclass 200806 (30 June 2008) # # See http://www.educause.edu/eduperson for background and usage # # eduPerson is an effort of Internet2 and EDUCAUSE # # # Upgrade note: When modifying objectclass eduPerson -- # we first must delete the objectclass # and then re-add -- make sure all replicas # are functioning. Try to do this during # an inactive period of services if possible. # # 1.3.6.1.4.1.5923 is the toplevel OID for this work # .1 = MACE related work # .1.1 = eduPerson # .1.1.1 = attributes # .1.1.2 = objectclass # .1.1.3 = syntax (probably never used) # .1.2 = eduOrg # .1.2.1 = attributes # .1.2.2 = objectclass # .1.2.3 = syntax (probably never used) # # CHANGELOG # # Jul 20, 2000 (gettes@georgetown.edu) Original version # Aug 17, 2000 (gettes@georgetown.edu) Added EPPNEphemeral # also cleanup and initial documentation # Jan 22, 2001 (gettes@georgetown.edu) Removed EPPNEphemeral # EPPNephemeral not part of 1.0 # moved all OIDs below 5923.1 # Apr 29, 2002 Added EQUALITY specs for attrs (Rob Banz) # (gettes) Added EPEntitlement & EPPrimaryOrgUnitDN # (gettes) Expanded OID space to include eduOrg # Oct 23, 2002 (gettes) tabs go to spaces # Fixed EQUALITY lines with trailing space # Nov 9, 2011 (dgersic@niu.edu) Updated to 200806 # Updated comments. # Commented out delete attributes needed only for upgrades # so as to make new installations of this schema easier. # # # USAGE: # # This LDIF file makes modifications to the cn=schema tree # which should modify the user portion of the schema of your # directory (if that concept exists). The LDIF is constructed # to perform this modification in one update. Should any portion # fail, then the entire update will fail and no change should be # made. The first part of the LDIF is to delete any attributes # that may have already been defined so that they can be readded # in the next section. Same methodology applies to the objectclasses # which follows. # # This file contains lines with trailing spaces so that continuation # of lines work properly. Please make sure this is respected or you # may have difficulty in applying the LDIF. # dn: cn=schema changetype: modify # # if you need to change the definition of an attribute, # then first delete and re-add in one step # # if this is not the first time you are adding the eduPerson # objectclass using this LDIF file, then you should uncomment # out the delete attributetypes modifications. # # "eduPerson" attributes # # <-- Begin Uncomment Deletes # delete: attributetypes # attributetypes: ( 1.3.6.1.4.1.5923.1.1.1.1 NAME 'eduPersonAffiliation' ) # attributetypes: ( 1.3.6.1.4.1.5923.1.1.1.2 NAME 'eduPersonNickname' ) # attributetypes: ( 1.3.6.1.4.1.5923.1.1.1.3 NAME 'eduPersonOrgDN' ) # attributetypes: ( 1.3.6.1.4.1.5923.1.1.1.4 NAME 'eduPersonOrgUnitDN' ) # attributetypes: ( 1.3.6.1.4.1.5923.1.1.1.5 NAME 'eduPersonPrimaryAffiliation' ) # attributetypes: ( 1.3.6.1.4.1.5923.1.1.1.6 NAME 'eduPersonPrincipalName' ) # attributetypes: ( 1.3.6.1.4.1.5923.1.1.1.7 NAME 'eduPersonEntitlement' ) # attributetypes: ( 1.3.6.1.4.1.5923.1.1.1.8 NAME 'eduPersonPrimaryOrgUnitDN' ) # - # <-- End Uncomment Deletes # # re-add the attributes -- in case there is a change of definition # # # "eduPerson" attributes # add: attributetypes attributetypes: ( 1.3.6.1.4.1.5923.1.1.1.1 NAME 'eduPersonAffiliation' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributetypes: ( 1.3.6.1.4.1.5923.1.1.1.2 NAME 'eduPersonNickname' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributetypes: ( 1.3.6.1.4.1.5923.1.1.1.3 NAME 'eduPersonOrgDN' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY distinguishedNameMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.5923.1.1.1.4 NAME 'eduPersonOrgUnitDN' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY distinguishedNameMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) attributetypes: ( 1.3.6.1.4.1.5923.1.1.1.5 NAME 'eduPersonPrimaryAffiliation' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.5923.1.1.1.6 NAME 'eduPersonPrincipalName' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.5923.1.1.1.7 NAME 'eduPersonEntitlement' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseExactMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributetypes: ( 1.3.6.1.4.1.5923.1.1.1.8 NAME 'eduPersonPrimaryOrgUnitDN' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY distinguishedNameMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE) attributetypes: ( 1.3.6.1.4.1.5923.1.1.1.9 NAME 'eduPersonScopedAffiliation' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributetypes: ( 1.3.6.1.4.1.5923.1.1.1.10 NAME 'eduPersonTargetedID' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributetypes: ( 1.3.6.1.4.1.5923.1.1.1.11 NAME 'eduPersonAssurance' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) - # # eduPerson objectclass definition # can only be done after attributes established # # if this is not the first time you are adding the eduPerson # objectclass using this LDIF file, then you should uncomment # out the delete objectclasses modification. # # <-- Begin Uncomment Deletes # delete: objectclasses # objectclasses: ( 1.3.6.1.4.1.5923.1.1.2 # NAME 'eduPerson' # ) # - # <-- End Uncomment Deletes # # now re-add the objectclass properly defined. # add: objectclasses objectclasses: ( 1.3.6.1.4.1.5923.1.1.2 NAME 'eduPerson' DESC 'eduPerson per Internet2 and EDUCAUSE' AUXILIARY MAY ( eduPersonAffiliation $ eduPersonNickname $ eduPersonOrgDN $ eduPersonOrgUnitDN $ eduPersonPrimaryAffiliation $ eduPersonPrincipalName $ eduPersonEntitlement $ eduPersonPrimaryOrgUnitDN $ eduPersonScopedAffiliation $ eduPersonTargetedID $ eduPersonAssurance )) - # # end of LDIF #
1 Comment
E. Stuart Hicks
This appears to be missing eduPersonScopedAffiliation. To add, include the following lines:
In the delete section, add:
attributetypes: ( 1.3.6.1.4.1.5923.1.1.1.9 NAME 'eduPersonScopedAffiliation' )
In the add section, add:
attributetypes: ( 1.3.6.1.4.1.5923.1.1.1.9
NAME 'eduPersonScopedAffiliation'
DESC 'eduPerson per Internet2 and EDUCAUSE'
EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE)
Finally, change the objectclasses definition at the bottom to read:
objectclasses: ( 1.3.6.1.4.1.5923.1.1.2
NAME 'eduPerson'
AUXILIARY
MAY ( eduPersonAffiliation $ eduPersonNickname $
eduPersonOrgDN $ eduPersonOrgUnitDN $
eduPersonPrimaryAffiliation $ eduPersonPrincipalName $
eduPersonEntitlement $ eduPersonPrimaryOrgUnitDN $
eduPersonScopedAffiliation
))
Please note that I haven't actually tested this as I added it via iManager so I didn't need to remove & readd the schema. Otherwise, my existing users would have had their existing eduPerson data purged.