Attribute Type |
Description |
Release Policy |
cn |
Common name.
Defined in RFC 4519 section 2.3 and RFC 4519 section 2.18.
This attribute type's matching rule makes it case insensitive.
For further discussion refer to cn in the eduPerson specification.
|
All service providers can perform read operations. |
dateOfBirth |
Date of birth.
Locally defined in the schema in an OpenLDAP compatible format.
|
No general release policy defined.
Access only granted to specific applications on a case by case basis.
|
displayName |
Friendly name used when displaying entries.
Defined in RFC 2798 section 2.3.
This attribute type's matching rule makes it case sensitive.
For further discussion refer to displayName in the eduPerson specification.
|
All service providers can perform read operations.
|
eduPersonAffiliation |
Standard attribute type used by many Universities.
Derived from our local status categories as follows:
IT Services code / oakStatus value |
eduPersonAffiliation value |
cardholder |
affiliate |
college |
member |
dept |
member |
leaver |
none |
pgoffer |
none |
postgrad |
member, student |
ret |
member |
senmem |
member |
ugoffer |
none |
undergrad |
member, student |
virtual |
affiliate |
visitor |
member |
The pgoffer and ugoffer oakStatus values are no longer in use.
Due to limited data, we are not currently able to populate all the values that should be there. For example, many people with senmem or college status are also staff, but we don't yet have the data to add the staff value to the attribute.
For further discussion refer to eduPersonAffiliation in the eduPerson specification.
|
All service providers can perform read operations. |
eduPersonOrgDN |
For further discussion refer to eduPersonOrgDN in the eduPerson specification. |
All service providers can perform read operations. |
eduPersonOrgUnitDN |
For further discussion refer to eduPersonOrgUnitDN in the eduPerson specification. |
All service providers can perform read operations. |
eduPersonPrimaryOrgUnitDN |
For further discussion refer to eduPersonPrimaryOrgUnitDN in the eduPerson specification. |
All service providers can perform read operations. |
givenName |
In around 5% of cases this attribute contains a first name, followed by a space, followed by the initial of a middle name. This is due to a limitation with current data sources, and may be corrected in future.
Defined in RFC 4519 section 2.12 and RFC 4519 section 2.18.
This attribute type's matching rule makes it case insensitive.
For further discussion refer to givenName in the eduPerson specification.
|
All service providers can perform read operations. |
mail |
The person's preferred mail address. If there is a requirement to contact the person by email, this address should be used.
Although the LDAP schema allows multiple values, Oak LDAP will contain at most a single value for each person.
This attribute is not unique. If two people self-register with the same mail address, there will be two person records in Oak LDAP with the same mail attribute.
Defined in RFC 4524 section 2.16.
This attribute type's matching rule makes it case insensitive.
For further discussion refer to mail in the eduPerson specification.
|
All service providers can perform search operations.
Associated service providers can perform read operations.
|
o |
Defined in RFC 4519 section 2.18 and RFC 4519 section 2.19.
This attribute type's matching rule makes it case insensitive.
For further discussion refer to o in the eduPerson specification.
|
All service providers can perform read operations. |
oakAlternativeMail |
This multivalued attribute contains all email addresses for the person.
Locally defined in the schema in an OpenLDAP compatible format.
This attribute type's matching rule makes it case insensitive.
|
All service providers can perform search operations.
Associated service providers can perform read operations.
|
oakCardExpiry |
Date of expiry of University Card.
Locally defined in the schema in an OpenLDAP compatible format.
|
Associated service providers can perform read operations. |
oakITSSFor |
DN references to all Unit-scoped ITSS groups to which this person belongs.
Locally defined in the schema in an OpenLDAP compatible format.
For this attribute type's matching rule, some components may be case sensitive and some may be case insensitive.
|
All service providers can perform read operations. |
oakOSSID |
Locally defined in the schema in an OpenLDAP compatible format.
This attribute type's matching rule makes it case sensitive.
|
All service providers can perform search operations.
Associated service providers can perform read operations.
|
oakOxfordSSOUsername |
This attribute contains the usernames assigned to a person by IT Services Registration for account provisioning purposes.
Locally defined in the schema in an OpenLDAP compatible format.
This attribute type's matching rule makes it case sensitive.
|
All service providers can perform read operations. |
oakPersonID |
This multivalued attribute holds all of a person's Oak IDs. Service providers should use this attribute when looking up a person by their Oak ID.
A person might have more than one value of this attribute, for example, if the University has two records for the same person which they then merge.
This attribute is unique, no two person entries can have the same value of this attribute.
Locally defined in the schema in an OpenLDAP compatible format.
|
All service providers can perform read operations. |
oakPrimaryPersonID |
An identifier for a person within Oak, used as the LDAP naming attribute on person entries. By design this avoids encoding any personal information in the distinguished name of a person's entry.
Service providers should not use this attribute to look up a person by their Oak ID, they should use the multivalued oakPersonID instead.
This attribute is unique, no two person entries can have the same value of this attribute.
Locally defined in the schema in an OpenLDAP compatible format.
|
All service providers can perform read operations. |
oakPrincipal |
This multivalued attribute contains DN references to all the Kerberos principals owned by this person.
The presence of this attribute allows service providers to look up a person entry based on the principal name of a user who has authenticated to them via Oxford's single-sign-on system. Searches using this attribute are expected to be the predominant method by which person entries are looked up.
This attribute is unique, no two person entries can have the same value of this attribute.
Locally defined in the schema in an OpenLDAP compatible format.
For this attribute type's matching rule, some components may be case sensitive and some may be case insensitive
|
All service providers can perform read operations. |
oakStatus |
The status as recorded on the person's University Card.
Locally defined in the schema in an OpenLDAP compatible format.
This attribute type's matching rule makes it case insensitive.
|
All service providers can perform read operations. |
oakUniversityBarcode |
Barcode number on the person's University Card. Note that this doesn't include the checksum character.
This attribute is unique, no two person entries can have the same value of this attribute.
Locally defined in the schema in an OpenLDAP compatible format.
|
All service providers can perform search operations.
Associated service providers can perform read operations.
|
oakUniversityBarcodeCheckCharacter |
Checksum character of the barcode on the person's University Card.
Locally defined in the schema in an OpenLDAP compatible format.
|
All service providers can perform read operations. |
oakUniversityBarcodeFull |
Full barcode number on the person's University Card, including checksum character.
This attribute is unique, no two person entries can have the same value of this attribute.
Locally defined in the schema in an OpenLDAP compatible format.
|
All service providers can perform search operations.
Associated service providers can perform read operations.
|
oakUniversityCardID |
Locally defined in the schema in an OpenLDAP compatible format.
This attribute type's matching rule makes it case sensitive.
|
All service providers can perform search operations.
Associated service providers can perform read operations.
|
objectClass |
Core LDAP attribute to state the type of the entry. All person entries have oakPerson and eduPerson set. Entries for people with additional attributes from Student Systems will also have oakOSSPerson set.
Defined in RFC 2256 section 5.1.
This attribute type's matching rule makes it case insensitive (see also RFC 4512 section 1.4).
|
All service providers can perform read operations. |
ou |
Organisation unit with which this person is associated. Same data as eduPersonOrgUnitDN, but in a different format.
Defined in RFC 4519 section 2.18 and RFC 4519 section 2.20.
This attribute type's matching rule makes it case insensitive.
For further discussion refer to ou in the eduPerson specification.
|
All service providers can perform read operations. |
sn |
Surname.
Defined in RFC 4519 section 2.32.
For further discussion refer to sn in the eduPerson specification.
|
All service providers can perform read operations. |