Oak LDAP schema and attribute release policy

Attributes and object classes used, where in the directory information tree each type of entry is found and the per-attribute release policy

The Oak LDAP uses standard LDAP schemas in conjunction with some Oxford extensions.  The most important types of entries are included below.

Examples for solving common problems are available in How to use Oak LDAP.

Expand All

Schema terms

DN

Distinguished Name.  This is an LDAP (and X.500) term, and is a name for an entry that uniquely identifies it within the directory information tree.

The DN of the root of the Oak LDAP tree is dc=oak,dc=ox,dc=ac,dc=uk.
DN reference

Many of the entries in the Oak LDAP tree are related to each other.  For example, principals are owned by people, and people are in groups.

A common element of the Oak schema design is that relationships between entries are expressed by having some attribute on one entry whose value is the DN of the other entry.  This is referred to as a "DN reference" in the schema documentation.

Release policy terms

All service providers This means all service providers who register to become Oak data consumers.  Registering to become an Oak data consumer is different from the process of requesting creation of webauth principals.
Associated service providers

A service provider is associated with a person if either of the following two conditions is met:

  • the service provider is registered as providing a service to a unit of which the person is a member
  • the service provider is registered as a university-wide provider

A service provider is associated with a unit if it's registered as providing a service to that unit, or it's registered as a university-wide provider.
Everyone Every authenticated principal.  Anonymous LDAP binds will not be possible.
Compare access The LDAP client is allowed to ask whether a particular attribute on a particular entry has a specific value, which the LDAP client must supply in the query.  The LDAP client receives a yes / no answer.
Search access With search access to an attribute, the LDAP client is able to perform an LDAP search where the search filter involves that attribute.  If a client has search access to an attribute, they also implicitly have compare access.
Read access The LDAP client can read the value of the attribute.  Read access also implies search and compare access.

DN: oakPrimaryPersonID=id,ou=people,dc=oak,dc=ox,dc=ac,dc=uk

Person entries have two object classes defined.  Oxford-specific data is enabled via the oakPerson structural class.  The standard eduPerson auxiliary class is mixed in.  Note that oakPerson also inherits from the standard inetOrgPerson, thereby including a further range of standard person attribute types.

There is one entry here for each person represented in Oak.

Example entry:

dn: oakPrimaryPersonID=1234567890,ou=people,dc=oak,dc=ox,dc=ac,dc=uk
cn: John Doe
dateOfBirth: 197107060000Z
displayName: John Doe
eduPersonAffiliation: member
eduPersonAffiliation: staff
eduPersonOrgDN: dc=ox,dc=ac,dc=uk
eduPersonOrgUnitDN: oakUnitCode=oucs,ou=units,dc=oak,dc=ox,dc=ac,dc=uk
eduPersonOrgUnitDN: oakUnitCode=law,ou=units,dc=oak,dc=ox,dc=ac,dc=uk
eduPersonPrimaryOrgUnitDN: oakUnitCode=oucs,ou=units,dc=oak,dc=ox,dc=ac,dc=uk
givenName: John
mail: john.doe@oucs.ox.ac.uk
memberOf: oakUnitCode=oucs,ou=units,dc=oak,dc=ox,dc=ac,dc=uk
o: University of Oxford
oakAlternativeMail: john.doe@oucs.ox.ac.uk
oakAlternativeMail: john.doe@law.ox.ac.uk
oakCardExpiry: 201102020000Z
oakITSSFor: oakGN=ITSS,oakUnitCode=oucs,ou=units,dc=oak,dc=ox,dc=ac,dc=uk
oakITSSFor: oakGN=ITSS,oakUnitCode=magd,ou=units,dc=oak,dc=ox,dc=ac,dc=uk
oakOSSID: 2823413
oakOxfordSSOUsername: oucs0047
oakOxfordSSOUsername: tom
oakPersonID: 1234567890
oakPersonID: 9876543210
oakPrimaryPersonID: 1234567890
oakPrincipal: krbPrincipalName=oucs0047@OX.AC.UK,cn=OX.AC.UK,cn=KerberosRealms,dc=oak,dc=ox,dc=ac,dc=uk
oakPrincipal: krbPrincipalName=tom@OX.AC.UK,cn=OX.AC.UK,cn=KerberosRealms,dc=oak,dc=ox,dc=ac,dc=uk
oakStatus: staff
oakUniversityBarcode: 1234567
oakUniversityBarcodeCheckCharacter: -
oakUniversityBarcodeFull: 276962801-
oakUniversityCardID: 15021462
objectClass: eduPerson
objectClass: oakPerson
ou: Computing Services
ou: Faculty of Law
sn: Doe

 

Attribute Type Description Release Policy
cn

Common name.

Defined in RFC 4519 section 2.3 and RFC 4519 section 2.18.

This attribute type's matching rule makes it case insensitive.

For further discussion refer to cn in the eduPerson specification.

 All service providers can perform read operations.
dateOfBirth

Date of birth.

Locally defined in the schema in an OpenLDAP compatible format.

No general release policy defined.

Access only granted to specific applications on a case by case basis.
displayName

Friendly name used when displaying entries.

Defined in RFC 2798 section 2.3.

This attribute type's matching rule makes it case sensitive.

For further discussion refer to displayName in the eduPerson specification.

All service providers can perform read operations.
 eduPersonAffiliation

Standard attribute type used by many Universities.

Derived from our local status categories as follows:

IT Services code / oakStatus value eduPersonAffiliation value
cardholder affiliate
college member
dept member
leaver none
pgoffer none
postgrad member, student
ret member
senmem member
ugoffer none
undergrad member, student
virtual affiliate
visitor member

The pgoffer and ugoffer oakStatus values are no longer in use.

Due to limited data, we are not currently able to populate all the values that should be there.  For example, many people with senmem or college status are also staff, but we don't yet have the data to add the staff value to the attribute.

For further discussion refer to eduPersonAffiliation in the eduPerson specification.

 All service providers can perform read operations.
eduPersonOrgDN For further discussion refer to eduPersonOrgDN in the eduPerson specification. All service providers can perform read operations.
eduPersonOrgUnitDN For further discussion refer to eduPersonOrgUnitDN in the eduPerson specification. All service providers can perform read operations.
eduPersonPrimaryOrgUnitDN For further discussion refer to eduPersonPrimaryOrgUnitDN in the eduPerson specification. All service providers can perform read operations.
givenName

In around 5% of cases this attribute contains a first name, followed by a space, followed by the initial of a middle name.  This is due to a limitation with current data sources, and may be corrected in future.

Defined in RFC 4519 section 2.12 and RFC 4519 section 2.18.

This attribute type's matching rule makes it case insensitive.

For further discussion refer to givenName in the eduPerson specification.

 All service providers can perform read operations.
mail

The person's preferred mail address.  If there is a requirement to contact the person by email, this address should be used.

Although the LDAP schema allows multiple values, Oak LDAP will contain at most a single value for each person.

This attribute is not unique.  If two people self-register with the same mail address, there will be two person records in Oak LDAP with the same mail attribute.

Defined in RFC 4524 section 2.16.

This attribute type's matching rule makes it case insensitive.

For further discussion refer to mail in the eduPerson specification.

All service providers can perform search operations.

Associated service providers can perform read operations.
o

Defined in RFC 4519 section 2.18 and RFC 4519 section 2.19.

This attribute type's matching rule makes it case insensitive.

For further discussion refer to o in the eduPerson specification.

 All service providers can perform read operations.
oakAlternativeMail

This multivalued attribute contains all email addresses for the person.

Locally defined in the schema in an OpenLDAP compatible format.

This attribute type's matching rule makes it case insensitive.

All service providers can perform search operations.

Associated service providers can perform read operations.
oakCardExpiry

Date of expiry of University Card.

Locally defined in the schema in an OpenLDAP compatible format.

 Associated service providers can perform read operations.
oakITSSFor

DN references to all Unit-scoped ITSS groups to which this person belongs.

Locally defined in the schema in an OpenLDAP compatible format.

For this attribute type's matching rule, some components may be case sensitive and some may be case insensitive.

 All service providers can perform read operations.
oakOSSID

Locally defined in the schema in an OpenLDAP compatible format.

This attribute type's matching rule makes it case sensitive.

All service providers can perform search operations.

Associated service providers can perform read operations.
oakOxfordSSOUsername

This attribute contains the usernames assigned to a person by IT Services Registration for account provisioning purposes.

Locally defined in the schema in an OpenLDAP compatible format.

This attribute type's matching rule makes it case sensitive.

 All service providers can perform read operations.
oakPersonID

This multivalued attribute holds all of a person's Oak IDs.  Service providers should use this attribute when looking up a person by their Oak ID.

A person might have more than one value of this attribute, for example, if the University has two records for the same person which they then merge.

This attribute is unique, no two person entries can have the same value of this attribute.

Locally defined in the schema in an OpenLDAP compatible format.

 All service providers can perform read operations.
oakPrimaryPersonID

An identifier for a person within Oak, used as the LDAP naming attribute on person entries.  By design this avoids encoding any personal information in the distinguished name of a person's entry.

Service providers should not use this attribute to look up a person by their Oak ID, they should use the multivalued oakPersonID instead.

This attribute is unique, no two person entries can have the same value of this attribute.

Locally defined in the schema in an OpenLDAP compatible format.

 All service providers can perform read operations.
oakPrincipal

This multivalued attribute contains DN references to all the Kerberos principals owned by this person.

The presence of this attribute allows service providers to look up a person entry based on the principal name of a user who has authenticated to them via Oxford's single-sign-on system.  Searches using this attribute are expected to be the predominant method by which person entries are looked up.

This attribute is unique, no two person entries can have the same value of this attribute.

Locally defined in the schema in an OpenLDAP compatible format.

For this attribute type's matching rule, some components may be case sensitive and some may be case insensitive

 All service providers can perform read operations.
oakStatus

The status as recorded on the person's University Card.

Locally defined in the schema in an OpenLDAP compatible format.

This attribute type's matching rule makes it case insensitive.

 All service providers can perform read operations.
oakUniversityBarcode

Barcode number on the person's University Card.  Note that this doesn't include the checksum character.

This attribute is unique, no two person entries can have the same value of this attribute.

Locally defined in the schema in an OpenLDAP compatible format.

All service providers can perform search operations.

Associated service providers can perform read operations.
oakUniversityBarcodeCheckCharacter

Checksum character of the barcode on the person's University Card.

Locally defined in the schema in an OpenLDAP compatible format.

 All service providers can perform read operations.
oakUniversityBarcodeFull

Full barcode number on the person's University Card, including checksum character.

This attribute is unique, no two person entries can have the same value of this attribute.

Locally defined in the schema in an OpenLDAP compatible format.

All service providers can perform search operations.

Associated service providers can perform read operations.
oakUniversityCardID

Locally defined in the schema in an OpenLDAP compatible format.

This attribute type's matching rule makes it case sensitive.

All service providers can perform search operations.

Associated service providers can perform read operations.
objectClass

Core LDAP attribute to state the type of the entry.  All person entries have oakPerson and eduPerson set.  Entries for people with additional attributes from Student Systems will also have oakOSSPerson set.

Defined in RFC 2256 section 5.1.

This attribute type's matching rule makes it case insensitive (see also RFC 4512 section 1.4).

 All service providers can perform read operations.
ou

Organisation unit with which this person is associated.  Same data as eduPersonOrgUnitDN, but in a different format.

Defined in RFC 4519 section 2.18 and RFC 4519 section 2.20.

This attribute type's matching rule makes it case insensitive.

For further discussion refer to ou in the eduPerson specification.

 All service providers can perform read operations.
sn

Surname.

Defined in RFC 4519 section 2.32.

For further discussion refer to sn in the eduPerson specification.

 All service providers can perform read operations.

DN: oakUnitCode=code,ou=units,dc=oak,dc=ox,dc=ac,dc=uk

Entries here represent organisational units.  Many of these are organisational units of the University of Oxford, such as departments and colleges.

Example entry

dn: oakUnitCode=oucs,ou=units,dc=oak,dc=ox,dc=ac,dc=uk
cn: Computing Services
displayName: Computing Services
facsimileTelephoneNumber: +44 1865 273275
member: oakPrimaryPersonID=38463,ou=people,dc=oak,dc=ox,dc=ac,dc=uk
member: oakPrimaryPersonID=6075,ou=people,dc=oak,dc=ox,dc=ac,dc=uk
member: oakPrimaryPersonID=21139,ou=people,dc=oak,dc=ox,dc=ac,dc=uk
member: oakPrimaryPersonID=6423,ou=people,dc=oak,dc=ox,dc=ac,dc=uk
oakDivision: acserv
oakSuperUnit: it
oakUnitCode: oucs
oakUnitStatus: department
oakUnitURI: http://www.oucs.ox.ac.uk/
objectClass: oakOrganizationalUnit
ou: Computing Services
postalAddress: 13 Banbury Road, Oxford, OX2 6NN
telephoneNumber: +44 1865 273200

 

Attribute Type Description Release Policy
cn

Defined in RFC 4519 section 2.3 and RFC 4519 section 2.18.

This attribute type's matching rule makes it case insensitive.

 Everyone can perform read operations.
displayName

Defined in RFC 2798 section 2.3.

This attribute type's matching rule makes it case sensitive.

 Everyone can perform read operations.
facsimileTelephoneNumber

Defined in RFC 4519 section 2.10.

 All service providers can perform read operations.
member

Defined in RFC 4519 section 2.17 and RFC 4519 section 2.7.

For this attribute type's matching rule, some components may be case sensitive and some may be case insensitive.

 All service providers can perform read operations.
oakDivision

Locally defined in the schema in an OpenLDAP compatible format.

This attribute type's matching rule makes it case insensitive.

 Everyone can perform read operations.
oakSuperUnit

Locally defined in the schema in an OpenLDAP compatible format.

This attribute type's matching rule makes it case insensitive.

 Everyone can perform read operations.
oakUnitCode

Locally defined in the schema in an OpenLDAP compatible format.

This attribute type's matching rule makes it case sensitive.

 Everyone can perform read operations.
oakUnitStatus

Status of the Unit.

Possible values are:

Value Details
college The unit is a college of the collegiate University of Oxford
department

The unit is a department of the University of Oxford

 

If this attribute is not present, nothing from the above list is being asserted by Oak LDAP.  New possible values may be added for this attribute in future.

Locally defined in the schema in an OpenLDAP compatible format

 Everyone can perform read operations.
oakUnitURI

Locally defined in the schema in an OpenLDAP compatible format.

This attribute type's matching rule makes it case sensitive.

 Everyone can perform read operations.
objectClass

Defined in RFC 2256 section 5.1.

This attribute type's matching rule makes it case insensitive (see also RFC 4512 section 1.4).

 Everyone can perform read operations.
ou

Defined in RFC 4519 section 2.20 and RFC 4519 section 2.18.

This attribute type's matching rule makes it case insensitive.

 Everyone can perform read operations.
postalAddress

Defined in RFC 4519 section 2.23.

This attribute type's matching rule makes it case insensitive.

 All service providers can perform read operations.
telephoneNumber

Defined in RFC 4519 section 2.35.

 All service providers can perform read operations.

 

DN: krbPrincipalName=princname,cn=OX.AC.UK,cn=KerberosRealms,dc=oak,dc=ox,dc=ac,dc=uk

Example entry

dn: krbPrincipalName=oucs0047@OX.AC.UK,cn=OX.AC.UK,cn=KerberosRealms,dc=oak,dc=ox,dc=ac,dc=uk
displayName: oucs0047
krbPrincipalName: oucs0047@OX.AC.UK
oakPerson: oakPrimaryPersonID=38463,ou=people,dc=oak,dc=ox,dc=ac,dc=uk
objectClass: krbPrincipalAux
objectClass: oakPrincipal

 

Attribute type Description
displayName

The part of the principal name before the realm.  Previously called the Oxford Username.

Defined in RFC 2798 section 2.3.

This attribute type's matching rule makes it case sensitive.
krbPrincipalName

The full name of the principal, including the realm.
oakPerson

DN reference to the Oak LDAP entry of the person who owns this principal.

Locally defined in the schema in an OpenLDAP compatible format.
objectClass

Defined in RFC 2256 section 5.1.

This attribute type's matching rule (see also RFC 4512 section-1.4 ) makes it case insensitive.

 

DN: oakGN=ITSS,ou=oucscentral,dc=oak,dc=ox,dc=ac,dc=uk

Contains all registered ITSS staff from across the University

 

DN: oakGN=Primary ITSS,ou=oucscentral,dc=oak,dc=ox,dc=ac,dc=uk

Contains all registered Primary ITSS staff from across the University

 

A group represents any grouping of people.  The exact meaning of a group depends on its position in the DIT.

 

Attribute type Description Example
displayName

A name for the group that an application can display when referring to the group.

Defined in RFC 2798 section 2.3.

This attribute type's matching rule makes it case sensitive.

 
displayName: Primary ITSS
member

This multi-valued attribute holds DN references to all members of the group.

Defined in RFC 4519 section 2.7 and RFC 4519 section 2.17.

For this attribute type's matching rule, some components may be case sensitive and some may be case insensitive.

 
member: oakPrimaryPersonID=6075,ou=people,dc=oak,dc=ox,dc=ac,dc=uk
member: oakPrimaryPersonID=6423,ou=people,dc=oak,dc=ox,dc=ac,dc=uk
member: oakPrimaryPersonID=38463,ou=people,dc=oak,dc=ox,dc=ac,dc=uk

 

# $HeadURL: https://cfg.oucs.ox.ac.uk/svn/gssapi/rb3/sources/etc/ldap/schema/oak.sch... $
# $LastChangedRevision: 46369 $
# $LastChangedDate: 2014-11-03 13:05:47 +0000 (Mon, 03 Nov 2014) $
# $LastChangedBy: dom@OX.AC.UK $
#
# If you are including this file, you will also need to include
#
# core.schema, for organizationalPerson
# inetorgperson.schema, for inetOrgPerson
# cosine.schema, for the personalTitle attribute type

# 1.3.6.1.4.1.11023.1.1.7 is reserved for Oak, see
# <https://staff.oucs.ox.ac.uk/techdocs/ldap/oids.xml>.

objectIdentifier oakRoot               1.3.6.1.4.1.11023.1.1.7

objectIdentifier oakThisVersion        1.3.6.1.4.1.11023.1.1.7.2

objectIdentifier oakAttributeTypes     1.3.6.1.4.1.11023.1.1.7.2.1
objectIdentifier oakObjectClasses      1.3.6.1.4.1.11023.1.1.7.2.2

objectIdentifier syntaxDN              1.3.6.1.4.1.1466.115.121.1.12
objectIdentifier syntaxDirectoryString 1.3.6.1.4.1.1466.115.121.1.15
objectIdentifier syntaxGeneralizedTime 1.3.6.1.4.1.1466.115.121.1.24
objectIdentifier syntaxIA5String       1.3.6.1.4.1.1466.115.121.1.26
objectIdentifier syntaxInteger         1.3.6.1.4.1.1466.115.121.1.27

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.1
    NAME          'oakInternalID'
    DESC          'Unique identifier, internal to Oak system'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.2
    NAME          'oakPrincipal'
    DESC          'DN of principal entry owned by this person'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.12
    EQUALITY      distinguishedNameMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.3
    NAME          'oakPrimaryPrincipal'
    DESC          'DN of primary principal entry owned by this person'
    SUP           oakPrincipal
    SINGLE-VALUE
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.4
    NAME          'dateOfBirth'
    DESC          'Date of Birth'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.24
    SINGLE-VALUE
    EQUALITY      generalizedTimeMatch
    ORDERING      generalizedTimeOrderingMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.5
    NAME          'oakCardExpiry'
    DESC          'Card Expiry Date'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.24
    SINGLE-VALUE
    EQUALITY      generalizedTimeMatch
    ORDERING      generalizedTimeOrderingMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.6
    NAME          'oakStatus'
    DESC          'Status'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseIgnoreMatch
    SUBSTR        caseIgnoreSubstringsMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.7
    NAME          'oakUniversityBarcode'
    DESC          'University Barcode'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.27
    SINGLE-VALUE
    EQUALITY      integerMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.8
    NAME          'oakUniversityBarcodeCheckCharacter'
    DESC          'University Barcode Check Character'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.26{1}
    SINGLE-VALUE
    EQUALITY      caseIgnoreIA5Match
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.9
    NAME          'oakUniversityBarcodeFull'
    DESC          'University Barcode Including Check Character'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.26
    SINGLE-VALUE
    EQUALITY      caseIgnoreIA5Match
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.10
    NAME          'oakAlternativeMail'
    DESC          'RFC822 Mailbox'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.26{256}
    EQUALITY      caseIgnoreIA5Match
    SUBSTR        caseIgnoreIA5SubstringsMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.11
    NAME          'memberOf'
    DESC          'DN of group of which this person is a member'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.12
    EQUALITY      distinguishedNameMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.12
    NAME          'oakPerson'
    DESC          'DN of person who owns this principal'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.12
    SINGLE-VALUE
    EQUALITY      distinguishedNameMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.13
    NAME          'oakRole'
    DESC          'name of role'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.14
    NAME          'oakMailDomain'
    DESC          'mail domain'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.26
    EQUALITY      caseIgnoreIA5Match
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.15
    NAME          'oakPreferredMailDomain'
    DESC          'preferred mail domain'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.26
    SINGLE-VALUE
    EQUALITY      caseIgnoreIA5Match
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.16
    NAME          'oakSuperUnit'
    DESC          'Oxford Super Unit'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    SINGLE-VALUE
    EQUALITY      caseIgnoreMatch
    SUBSTR        caseIgnoreSubstringsMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.17
    NAME          'oakDivision'
    DESC          'Oxford Division'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    SINGLE-VALUE
    EQUALITY      caseIgnoreMatch
    SUBSTR        caseIgnoreSubstringsMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.18
    NAME          'oakUnitURI'
    DESC          'Uniform Resource Identifier'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.19
    NAME          'oakITSSFor'
    DESC          'DN of Unit'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.12
    EQUALITY      distinguishedNameMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.20
    NAME          'oakPrimaryITSSFor'
    DESC          'DN of Unit'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.12
    EQUALITY      distinguishedNameMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.21
    NAME          'oakGN'
    DESC          'Group Name'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.22
    NAME          'oakAccessGroup'
    DESC          'Internal Access Group Name (Private)'
    SUP           oakGN
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.23
    NAME          'oakUnitCode'
    DESC          'Unit Code'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.24
    NAME          'oakPrimaryPersonID'
    DESC          'Unique person identifier'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.25
    NAME          'oakPersonID'
    DESC          'Multivalued person identifier to handle merged records'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.26
    NAME          'oakOSSCurrentYear'
    DESC          'Current academic year.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.27
    EQUALITY      integerMatch
    ORDERING      integerOrderingMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.27
    NAME          'oakOSSFinalist'
    DESC          'True if the student is a finalist.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.7
    EQUALITY      booleanMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.28
    NAME          'oakGender'
    DESC          'Gender.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.29
    NAME          'oakOSSID'
    DESC          'Unique identifier for people with a record in the Oxford Student System.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.30
    NAME          'oakOSSProgramAttempt'
    DESC          'Program attempt status, as held by OSS.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.31
    NAME          'oakOSSStartYear'
    DESC          'Year in which this student started this program.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.27
    EQUALITY      integerMatch
    ORDERING      integerOrderingMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.32
    NAME          'oakOSSYearOfStudy'
    DESC          'Year of study for this student on this program.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.27
    EQUALITY      integerMatch
    ORDERING      integerOrderingMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.33
    NAME          'oakOSSCourse'
    DESC          'Course-related groups of which this person is a member.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.12
    EQUALITY      distinguishedNameMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.34
    NAME          'oakUniversityCardID'
    DESC          'Unique identifier from the University Card database.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.35
    NAME          'oakOSSCourseType'
    DESC          'Course type.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.36
    NAME          'oakOSSCourseCode'
    DESC          'Course code.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
    SUBSTR        caseIgnoreSubstringsMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.37
    NAME          'oakOSSCourseDegree'
    DESC          'Degree type.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.38
    NAME          'oakOSSCourseAbbreviation'
    DESC          'Course abbreviation.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
    SUBSTR        caseIgnoreSubstringsMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.39
    NAME          'oakOSSCourseLength'
    DESC          'Course length in months.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.27
    EQUALITY      integerMatch
    ORDERING      integerOrderingMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.40
    NAME          'oakOSSUnitCode'
    DESC          'Unit code as assigned by OSS.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.41
    NAME          'oakOSSCourseStatus'
    DESC          'Course status.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.42
    NAME          'oakOSSCourseShortName'
    DESC          'Course short name.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
    SUBSTR        caseIgnoreSubstringsMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.43
    NAME          'oakOSSUnitName'
    DESC          'Name of unit providing course, as assigned by OSS.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
    SUBSTR        caseIgnoreSubstringsMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.44
    NAME          'oakOSSCourseLongName'
    DESC          'Course full name.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
    SUBSTR        caseIgnoreSubstringsMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.45
    NAME          'oakWeblearnGroupName'
    DESC          'Old style weblearn courses group name.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
    SUBSTR        caseIgnoreSubstringsMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.46
    NAME          'oakOUCSProvisionedUsername'
    DESC          'Username for provisioning as managed by OUCS registration -- Experimental.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
    SUBSTR        caseExactSubstringsMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.47
    NAME          'oakOxfordSSOUsername'
    DESC          'Username for provisioning as managed by IT Services registration'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
    SUBSTR        caseExactSubstringsMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.48
    NAME          'oakssousername'
    DESC          'Username for provisioning as managed by OUCS registration.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
    SUBSTR        caseExactSubstringsMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.49
    NAME          'oakpersonalprincipal'
    DESC          'DN reference to personal (not project) principals owned by this person.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.12
    EQUALITY      distinguishedNameMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.50
    NAME          'oakprincipalispersonal'
    DESC          'Is this principal a personal (not project) principal.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.7
    EQUALITY      booleanMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.51
    NAME          'oakUnitStatus'
    DESC          'Unit Status'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseIgnoreMatch
    SUBSTR        caseIgnoreSubstringsMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.52
    NAME          'oakSITSCourse'
    DESC          'SITS Course-related groups of which this person is a member.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.12
    EQUALITY      distinguishedNameMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.53
    NAME          'oakSITSCourseStatus'
    DESC          'Descriptive course status, held by SITS'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
    SUBSTR        caseIgnoreSubstringsMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.54
    NAME          'oakSITSCourseStatusCode'
    DESC          'Short course status code, held by SITS'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.55
    NAME          'oakSITSCurrentYear'
    DESC          'Current academic year.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.27
    EQUALITY      integerMatch
    ORDERING      integerOrderingMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.56
    NAME          'oakSITSFinalist'
    DESC          'True if the student is a finalist.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.7
    EQUALITY      booleanMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.57
    NAME          'oakSITSID'
    DESC          'Unique identifier for people with a record in the Student System Programme.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.58
    NAME          'oakSITSStartYear'
    DESC          'Year in which this student started this program.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.27
    EQUALITY      integerMatch
    ORDERING      integerOrderingMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.59
    NAME          'oakSITSYearOfStudy'
    DESC          'Year of study for this student on this program.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.27
    EQUALITY      integerMatch
    ORDERING      integerOrderingMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.60
    NAME          'oakSITSProgrammeCode'
    DESC          'SITS Programme Code.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
    SUBSTR        caseIgnoreSubstringsMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.61
    NAME          'oakSITSProgrammeName'
    DESC          'SITS Full programme name.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
    SUBSTR        caseIgnoreSubstringsMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.62
    NAME          'oakSITSProgrammeShortName'
    DESC          'SITS Short programme name.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
    SUBSTR        caseIgnoreSubstringsMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.63
    NAME          'oakSITSProgrammeType'
    DESC          'Programme Type (UGRAD etc.).'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.64
    NAME          'oakSITSRouteCode'
    DESC          'SITS Route code.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
    SUBSTR        caseIgnoreSubstringsMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.65
    NAME          'oakSITSRouteLength'
    DESC          'Course length in years.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.27
    EQUALITY      integerMatch
    ORDERING      integerOrderingMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.66
    NAME          'oakSITSRouteName'
    DESC          'SITS Route name.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
    SUBSTR        caseIgnoreSubstringsMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.67
    NAME          'oakSITSRouteShortName'
    DESC          'SITS Route short name.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
    SUBSTR        caseIgnoreSubstringsMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.68
    NAME          'oakSITSRouteTitle'
    DESC          'SITS Route full name.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
    SUBSTR        caseIgnoreSubstringsMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.69
    NAME          'oakSITSRouteAdminDept'
    DESC          'Name of unit providing course, as defined by SITS'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.15
    EQUALITY      caseExactMatch
    SUBSTR        caseIgnoreSubstringsMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.70
    NAME          'oakSITSCandidateNumber'
    DESC          'Additional unique identifier for use with Weblearn and Coursework Anonymisation.'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.27
    SINGLE-VALUE
    EQUALITY      integerMatch
 )

attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.71
    NAME          'oakSITSRoomFacilityCode'
    DESC          'Specific Learning Difficulty'
    SYNTAX        1.3.6.1.4.1.1466.115.121.1.26{1}
    SINGLE-VALUE
    EQUALITY      caseIgnoreIA5Match
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.1
    NAME        'oakObject'
    DESC        'University of Oxford LDAP Directory Object'
    SUP         top
    ABSTRACT
    MUST        displayName
    MAY         cn
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.2
    NAME        'oakPersonAbs'
    DESC        'University of Oxford Person -- Abstract Class'
    SUP         oakObject
    ABSTRACT
    MUST        oakPrimaryPersonID
    MAY         ( oakPersonID $ memberOf $ personalTitle $ dateOfBirth $ oakPrincipal $ oakPrimaryPrincipal $ oakCardExpiry $ oakStatus $ oakAlternativeMail $ oakUniversityBarcode $ oakUniversityBarcodeCheckCharacter $ oakUniversityBarcodeFull $ oakITSSFor $ oakPrimaryITSSFor $ oakGender $ oakOSSID $ oakSITSID $ oakUniversityCardID $ oakOUCSProvisionedUsername $ oakOxfordSSOUsername $ oakpersonalprincipal $ oakssousername )
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.3
    NAME        'oakPerson'
    DESC        'University of Oxford Person'
    SUP         ( inetOrgPerson $ oakPersonAbs )
    STRUCTURAL
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.4
    NAME        'oakPrincipalAbs'
    DESC        'University of Oxford Account Principal -- Abstract Class'
    SUP         oakObject
    ABSTRACT
    MAY         ( oakPerson $ mail $ oakprincipalispersonal )
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.5
    NAME        'oakPrincipal'
    DESC        'University of Oxford Account Principal'
    SUP         oakPrincipalAbs
    STRUCTURAL
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.6
    NAME        'oakGroupAbs'
    DESC        'University of Oxford Group -- Abstract Class'
    SUP         oakObject
    ABSTRACT
    MAY         ( oakGN $ member $ oakRole )
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.7
    NAME        'oakGroup'
    DESC        'University of Oxford Group'
    SUP         oakGroupAbs
    STRUCTURAL
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.8
    NAME        'oakOrganizationalUnitAbs'
    DESC        'University of Oxford Organizational Unit -- Abstract Class'
    SUP         oakObject
    ABSTRACT
    MAY         ( oakUnitCode $ oakMailDomain $ oakPreferredMailDomain $ oakSuperUnit $ oakDivision $ oakUnitStatus $ oakUnitURI $ mail $ cn )
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.9
    NAME        'oakOrganizationalUnit'
    DESC        'University of Oxford Organizational Unit'
    SUP         ( organizationalUnit $ oakOrganizationalUnitAbs $ oakGroupAbs )
    STRUCTURAL
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.10
    NAME        'oakRealmAbs'
    DESC        'Authentication Realm -- Abstract Class'
    SUP         oakObject
    ABSTRACT
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.11
    NAME        'oakRealm'
    DESC        'Authentication Realm'
    SUP         oakRealmAbs
    AUXILIARY
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.12
    NAME        'oakAccessGroup'
    DESC        'OpenLDAP Internal Access Control Related Group'
    SUP         oakObject
    STRUCTURAL
    MAY         ( oakAccessGroup $ member )
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.13
    NAME        'oakStructuralClass'
    DESC        'Oak structural class'
    SUP         top
    STRUCTURAL
    MAY         cn
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.14
    NAME        'oakInternalPrincipalAbs'
    DESC        'University of Oxford principal internal to LDAP -- Abstract Class'
    SUP         oakPrincipalAbs
    ABSTRACT
    MAY         userPassword
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.15
    NAME        'oakInternalPrincipal'
    DESC        'University of Oxford principal internal to LDAP'
    SUP         oakInternalPrincipalAbs
    STRUCTURAL
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.16
    NAME        'oakOSSPersonAbs'
    DESC        'Person with a record on the Oxford Student System -- Abstract Class'
    SUP         oakObject
    ABSTRACT
    MAY         ( oakOSSCurrentYear $ oakOSSFinalist $ oakOSSID $ oakOSSProgramAttempt $ oakOSSStartYear $ oakOSSYearOfStudy $ oakOSSCourse )
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.17
    NAME        'oakOSSPerson'
    DESC        'Person with records on the Oxford Student System'
    SUP         oakOSSPersonAbs
    AUXILIARY
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.18
    NAME        'oakOSSCourseAbs'
    DESC        'Course as defined in the Oxford Student System -- Abstract Class'
    SUP         oakObject
    ABSTRACT
    MAY         ( oakOSSCourseType $ oakOSSCourseCode $ oakOSSCourseDegree $ oakOSSCourseAbbreviation $ oakOSSCourseLength $ oakOSSUnitCode $ oakOSSCourseStatus $ oakOSSCourseShortName $ oakOSSUnitName $ oakOSSCourseLongName )
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.19
    NAME        'oakOSSCourse'
    DESC        'Course as defined in the Oxford Student System'
    SUP         oakOSSCourseAbs
    AUXILIARY
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.20
    NAME        'oakWebLearnGroupAbs'
    DESC        'Group with extra attributes for Weblearn -- Abstract Class'
    SUP         oakObject
    ABSTRACT
    MAY         oakWebLearnGroupName
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.21
    NAME        'oakWebLearnGroup'
    DESC        'Group with extra attributes for Weblearn -- Auxiliary Class'
    SUP         oakWebLearnGroupAbs
    AUXILIARY
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.22
    NAME        'oakPersonAux'
    DESC        'University of Oxford Person -- Auxiliary Class'
    SUP         oakPersonAbs
    AUXILIARY
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.23
    NAME        'oakSkelPerson'
    DESC        'University of Oxford Person, Skeleton Record Only'
    SUP         ( oakObject $ oakPersonAbs )
    STRUCTURAL
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.24
    NAME        'oakSITSPersonAbs'
    DESC        'Person with a record in the Student System Programme system -- Abstract Class'
    SUP         oakObject
    ABSTRACT
    MAY         ( oakSITSCourse $ oakSITSCourseStatus $ oakSITSCourseStatusCode $ oakSITSCurrentYear $ oakSITSFinalist $ oakSITSID $ oakSITSStartYear $ oakSITSYearOfStudy $ oakOSSCurrentYear $ oakOSSFinalist $ oakOSSID $ oakOSSProgramAttempt $ oakOSSStartYear $ oakOSSYearOfStudy $ oakOSSCourse $ oakSITSCandidateNumber $ oakSITSRoomFacilityCode )
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.25
    NAME        'oakSITSPerson'
    DESC        'Person with records in the Student System Programme system'
    SUP         oakSITSPersonAbs
    AUXILIARY
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.26
    NAME        'oakSITSCourseAbs'
    DESC        'Course as defined in the Student System Programme system -- Abstract Class'
    SUP         oakObject
    ABSTRACT
    MAY         ( oakSITSProgrammeCode $ oakSITSProgrammeName $ oakSITSProgrammeShortName $ oakSITSProgrammeType $ oakSITSRouteCode $ oakSITSRouteLength $ oakSITSRouteName $ oakSITSRouteShortName $ oakSITSRouteTitle $ oakSITSRouteAdminDept $ oakOSSCourseCode $ oakOSSCourseType $ oakOSSCourseDegree $ oakOSSCourseAbbreviation $ oakOSSCourseLength $ oakOSSUnitCode $ oakOSSCourseStatus $ oakOSSCourseShortName $ oakOSSUnitName $ oakOSSCourseLongName )
 )

objectClass ( 1.3.6.1.4.1.11023.1.1.7.2.2.27
    NAME        'oakSITSCourse'
    DESC        'Course as defined in the Student System Programme system'
    SUP         oakSITSCourseAbs
    AUXILIARY
 )

Date Description
2010-07-16 Add oakUnitStatus attribute and some discussion about organisational units.

Related links

Get support

If you cannot find the solution you need here then we have other ways to get IT support

GET IT SUPPORT