„NIIFSchema” változatai közötti eltérés
(niifValidityStart és niifExpireTime attribútumok) |
391. sor: | 391. sor: | ||
|notes=SUP userPassword | |notes=SUP userPassword | ||
|syntax=Octet String | |syntax=Octet String | ||
+ | }} | ||
+ | |||
+ | === niifValidityStart === | ||
+ | {{LDAPAttributeDef | ||
+ | |name=niifValidityStart | ||
+ | |OID= | ||
+ | |numofvalues= single | ||
+ | |description=When to enable this account | ||
+ | |syntax=Generalized Time | ||
+ | }} | ||
+ | |||
+ | === niifExpireTime === | ||
+ | {{LDAPAttributeDef | ||
+ | |name=niifExpireTime | ||
+ | |OID= | ||
+ | |numofvalues= single | ||
+ | |description=When to disable this account | ||
+ | |syntax=Generalized Time | ||
}} | }} |
A lap 2020. június 11., 10:14-kori változata
[elrejtés]- 1 NIIF LDAP Schema
- 2 Schema files
- 3 ObjectClasses
- 4 Defined attributes
- 4.1 Attributes of niifPerson
- 4.1.1 niifUniqueID
- 4.1.2 niifPrefix
- 4.1.3 niifPersonPrefix
- 4.1.4 niifStatus
- 4.1.5 niifPersonDegree
- 4.1.6 niifTitle
- 4.1.7 niifPersonPosition
- 4.1.8 niifCertificateSubjectDN
- 4.1.9 niifCertificateSHA1Fingerprint
- 4.1.10 niifPersonDateOfBirth
- 4.1.11 niifPersonActivityStatus
- 4.1.12 niifActiveMemberOf
- 4.1.13 niifPersonJoinDate
- 4.1.14 niifPersonQuitDate
- 4.1.15 niifPersonOrgID
- 4.1.16 niifPersonCityOfBirth
- 4.1.17 niifPersonCountryOfBirth
- 4.1.18 niifPersonMothersName
- 4.1.19 niifPersonIdentityNumber
- 4.1.20 niifPersonResidentialAddress
- 4.2 Attributes of niifEduPerson
- 4.3 Attributes of niifAuthenticatedObject
- 4.1 Attributes of niifPerson
Current version: 2.2
Change log
- changes since 2.1b2
- add #niifAuthenticatedObject and its #niifEduroamPassword
- changes since 2.1b1
- updated schema files
- changes since 2.0b5
- add #niifCertificateSHA1Fingerprint
- add #niifEduPersonArchiveCourse
- add #niifEduPersonHeldCourse
- mark #niifCertificateSubjectDN as obsolete
Schema files
- Sun DS format: Fájl:99-niifschema.ldif
- OpenLDAP format: Fájl:NIIF-OpenLDAP.schema
- Fájl:NiifAuthentication.ldif
niifPerson | |
Parent | inetOrgPerson |
OID | |
Description | - |
Mandatory attributes | - |
Optional attributes |
niifEduPerson | |
Parent | eduPerson |
OID | |
Description | - |
Mandatory attributes | - |
Optional attributes |
niifAuthenticatedObject | |
Parent | - |
OID | |
Description | An object having extra passwords |
Mandatory attributes | - |
Optional attributes |
Defined attributes
Attributes of niifPerson
niifUniqueID | |
OID | |
Description | Unique ID of a person. |
Semantics | <unique-local-ID>@<organization-domain>
The <organization-domain> part equals to the main internet domain of the organization (i.e.: 'sztaki.hu'). The <unique-local-ID> part is a sequence of letters (case insensitive) and numbers. It can be freely chosen by the home organization provided that the ID is unique within the scope of the organization and one and only one ID is assigned to every single person. |
Values | - |
# of values | single
Availabilty | organizational |
Syntax | Directory String
Examples | gmx3f0@bme.hu |
Notes | It is up to the local policy to define how the <unique-local-ID> is generated and how long does it represent a user. However, assigning the same ID to another person (after the first person entry has been removed from the directory) is deprecated.
It is recommended to import the user ID into <unique-local-ID> from a comprehensive user database (like Neptun and ETR at Hungarian Universities) if such a database exists. |
Use in federation | - |
niifPrefix | |
OID | |
Description | OBSOLETED, use #niifPersonPrefix |
Semantics | - |
Values | - |
# of values | multi
Availabilty | - |
Syntax | Directory String
Examples | - |
Notes | - |
Use in federation | - |
niifPersonPrefix | |
OID | |
Description | Prefix of the person's name |
Semantics | A name should have only one prefix, multiple entitlements may be listed one after the other in the same value |
Values | - |
# of values | single
Availabilty | public |
Syntax | Directory String
Examples | Prof. Dr. |
Notes | - |
Use in federation | HREFAttributeSpec#schacPersonalTitle |
niifStatus | |
OID | |
Description | OBSOLETED, use #niifPersonDegree |
Semantics | - |
Values | - |
# of values | multi
Availabilty | - |
Syntax | Directory String
Examples | - |
Notes | - |
Use in federation | - |
niifPersonDegree | |
OID | |
Description | Scientific degree of the person |
Semantics | Only the highest degree should be stored. |
Values | - |
# of values | multi
Availabilty | public |
Syntax | Directory String
Examples | kandidátus |
Notes | May be specified in multiple languages by the use of language tags |
Use in federation | - |
niifTitle | |
OID | |
Description | OBSOLETED, use #niifPersonPosition |
Semantics | - |
Values | - |
# of values | multi
Availabilty | - |
Syntax | Directory String
Examples | - |
Notes | - |
Use in federation | - |
niifPersonPosition | |
OID | |
Description | Position of the person within a department or organization |
Semantics | - |
Values | - |
# of values | multi
Availabilty | - |
Syntax | Directory String
Examples | dékán |
Notes | May be specified in multiple languages by the use of language tags.
When a person is in relationship with multiple departments or organizations, no exact match between a status and a particular organization can be defined within an entry. To solve this situation, some relation-representing entry may be used, eg. use of the schacPersonalPosition attribute, which defines an URN format for this purpose. |
Use in federation | - |
niifCertificateSubjectDN | |
OID | |
Description | Subject DN of the certificate of the entity. This attribute is OBSOLETED, use #niifCertificateSHA1Fingerprint instead. |
Semantics | The value must describe a DN which identifies the certificate subject of the entity. |
Values | Unlike standard LDAP DN, this value must contain the same number of spaces between DN elements as it is tied in the certificate. |
# of values | multi
Availabilty | - |
Syntax | Directory String
Examples | cn=Bajnok Kristóf, ou=ITAK, o=Sztaki, c=HU |
Notes | Although it is possible for an entity to have more than one certificates at the same time, this kind of usage is deprecated.
When used, this attribute must be indexed. This attribute may be applied to any kind of entities that can be certified with an X.509 certificate, including persons, servers, network nodes, etc. |
Use in federation | - |
niifCertificateSHA1Fingerprint | |
OID | |
Description | Fingerprint of a certificate which belongs to the subject. |
Semantics | Multiple fingerprints may be stored in this attribute, if a subject has multiple valid certificates. This attribute uses case insensitive matching rule. |
Values | SHA-1 hash in hexadecimal string format without any separator characters. |
# of values | multi
Availabilty | - |
Syntax | IA5String
Examples | fe6d5980e2c02912024054cec114ee53ebeb2e6c |
Notes | - |
Use in federation | - |
niifPersonDateOfBirth | |
OID | |
Description | Date of birth of the person |
Semantics | - |
Values | YYYYMMDD date format according to RFC 3339 'full-date' format |
# of values | single
Availabilty | confidential |
Syntax | Directory String
Examples | 19800316 |
Notes | It's recommended to use the schacDateOfBirth attribute instead, as it has the same syntax and semantics. |
Use in federation | HREFAttributeSpec#schacDateOfBirth,HREFAttributeSpec#schacYearOfBirth |
niifPersonActivityStatus | |
OID | |
Description | Activity status |
Semantics | Describes whether the person is an active employee/student of the home organization |
Values | One of the term 'active' or 'inactive' |
# of values | single
Availabilty | organizational |
Syntax | Directory String
Examples | - |
Notes | - |
Use in federation | - |
niifActiveMemberOf | |
OID | |
Description | DN of a group entry to which the entity currently belongs. |
Semantics | - |
Values | - |
# of values | multi
Availabilty | - |
Syntax | Directory String
Examples | - |
Notes | As a special case, this attribute may be used to keep a record of a student's active major(s), but it's recommended to use #niifEduPersonMajor instead. |
Use in federation | - |
niifPersonJoinDate | |
OID | |
Description | Date of joining to the organization |
Semantics | Date of joining to the organization. For students it may represent the first date of enrollment. |
Values | YYYYMMDD date format according to RFC 3339 'full-date' format |
# of values | single
Availabilty | organizational |
Syntax | Integer
Examples | 19980901 |
Notes | - |
Use in federation | - |
niifPersonQuitDate | |
OID | |
Description | Date of leaving the organization |
Semantics | - |
Values | YYYYMMDD date format according to RFC 3339 'full-date' format. |
# of values | single
Availabilty | organizational |
Syntax | Integer
Examples | 20030627 |
Notes | If this date is in the past, niifPersonActivityStatus must be 'inactive', and the user should be locked out. |
Use in federation | - |
niifPersonOrgID | |
OID | |
Description | Organizational ID of a person |
Semantics | ID of a person in a comprehensive organizational user database if such a database exists. This ID shall be unique within the organization.
It is strongly recommended to use the <unique-local-ID> part of the niifUniqueID as a value for niifPersonOrgID. |
Values | For integration with niifUniqueID, value must not contain the '@' mark. |
# of values | single
Availabilty | - |
Syntax | Directory String
Examples | - |
Notes | It is recommended to import the user ID into <unique-local-ID> from a comprehensive user database (like Neptun and ETR at Hungarian Universities) if such a database exists.
This attribute is for facilitating the use of user ID's in intra-organizational applications in cases when standard uid attribute can not be applied for some reason. |
Use in federation | - |
niifPersonCityOfBirth | |
OID | |
Description | The city or settlement where the person was born |
Semantics | Name of the city or settlement where the person was born. If the place of birth is outside the borders of Hungary, the name may be given in Hungarian. |
Values | - |
# of values | single
Availabilty | confidential |
Syntax | Directory String
Examples | Kolozsvár |
Notes | It's recommended to use the schacPlaceOfBirth attribute instead. |
Use in federation | - |
niifPersonCountryOfBirth | |
OID | |
Description | The country where the person was born |
Semantics | Name of the country where the person was born. If the place of birth is outside the borders of Hungary, the name must be given in Hungarian. |
Values | - |
# of values | single
Availabilty | confidential |
Syntax | Directory String
Examples | Románia |
Notes | It's recommended to use the schacPlaceOfBirth attribute instead. |
Use in federation | - |
niifPersonMothersName | |
OID | |
Description | Name of the mother of the person |
Semantics | Maiden name of the mother of the person. |
Values | - |
# of values | single
Availabilty | confidential |
Syntax | Directory String
Examples | - |
Notes | - |
Use in federation | - |
niifPersonIdentityNumber | |
OID | |
Description | Number of the Identity Card |
Semantics | Number of the Identity Card of the person or Passport Number for those who are non-Hungarian citizens |
Values | - |
# of values | single
Availabilty | confidential |
Syntax | Directory String
Examples | 329906AA |
Notes | Every Hungarian citizen by the age of 14 receives an Identity Card. For foreigners, Passport Number should be used. This number should never be made public.
Format of the code may vary as numbering scheme has been changed in the recent years. It's recommended to use the URN-formatted schacPersonalUniqueID attribute instead. |
Use in federation | - |
niifPersonResidentialAddress | |
OID | |
Description | Home address of the person |
Semantics | Permanent home address of the person. The postal code, the name of the city, street and apartment number shall be included. |
Values | - |
# of values | single
Availabilty | confidential |
Syntax | Directory String
Examples | 1234 Budapest, Harap u. 3. |
Notes | - |
Use in federation | - |
Attributes of niifEduPerson
niifEduPersonFaculty | |
OID | |
Description | Faculty of the person |
Semantics | Full name of the faculty the person belongs to. List of accredited faculties can be found here (in institutional order): http://www.mab.hu/doc/akkrint040106.doc (in Hungarian) |
Values | - |
# of values | multi
Availabilty | organizational |
Syntax | Directory String
Examples | Villamosmérnöki és Informatikai Kar |
Notes | Local directory policy may mark this attribute as mandatory.
It is recommended if an LDAP entry has niifEduPersonFaculty attribute set, it should also have an eduPersonFacultyDN attribute pointing to the entry of the faculty. |
Use in federation | - |
niifEduPersonFacultyDN | |
OID | |
Description | Pointer to the faculty of the person |
Semantics | DN of the faculty the person belongs to. It is recommended that faculties are placed under the ou=Units branch under the root suffix of the organization. |
Values | - |
# of values | multi
Availabilty | organizational |
Syntax | DN
Examples | ou=VIK,ou=Units,o=BME,c=HU |
Notes | This attribute has a meaning only if the person participates in education (eduPersonAffiliation=student or faculty)
Local directory policy may mark this attribute as mandatory. |
Use in federation | - |
niifEduPersonMajor | |
OID | |
Description | Major(s) of the student |
Semantics | Majors are defined at http://www.mab.hu/listak2.html (in Hungarian) |
Values | - |
# of values | multi
Availabilty | organizational |
Syntax | Directory String
Examples | műszaki informatikai |
Notes | This attribute has a meaning only if the person is a student (eduPersonAffiliation=student)
Local directory policy may mark this attribute as mandatory for students. |
Use in federation | - |
niifEduPersonAcademicYear | |
OID | |
Description | Current academic year of the student. This attribute is DEPRECATED. |
Semantics | - |
Values | Integer numbers from 1 to the number of years required for graduation |
# of values | multi
Availabilty | confidential |
Syntax | Directory String
Examples | - |
Notes | This attribute has a meaning only if the person is a student (eduPersonAffiliation = student)
It is unclear that if a student has more than one majors, the number of which should be stored in this attribute and how a connection between major and year can be set up. As the concept of academic year gets lesser important (and not well-defined), depending on the value of this attribute is deprecated. |
Use in federation | - |
niifEduPersonAttendedCourse | |
OID | |
Description | Code of the courses the student attends to in the current semester |
Semantics | - |
Values | Course codes defined in the student calendar. |
# of values | multi
Availabilty | - |
Syntax | Directory String
Examples | * BMEVIMM1234
Notes | This attribute has a meaning only if the person is a student (eduPersonAffiliation = student), and the values should be taken from the student calendar. |
Use in federation | - |
niifEduPersonArchiveCourse | |
OID | |
Description | Code of the courses the student have ever attended |
Semantics | - |
Values | Course codes defined in the student calendar. |
# of values | multi
Availabilty | - |
Syntax | Directory String
Examples | - |
Notes | This attribute has a meaning only if the person is a student (eduPersonAffiliation = student), and the values should be taken from the student calendar. |
Use in federation | - |
niifEduPersonHeldCourse | |
OID | |
Description | Code of the courses which are associated with the faculty member or professor in the current semester. |
Semantics | - |
Values | Course codes defined in the student calendar. |
# of values | multi
Availabilty | - |
Syntax | Directory String
Examples | - |
Notes | This attribute has a meaning only if the person is a faculty (eduPersonAffiliation = faculty), the values should be taken from the student calendar.
For authorization decision reasons, courses from previous semester(s) might appear in this attribute if the local policy needs these additional values. |
Use in federation | - |
Attributes of niifAuthenticatedObject
niifEduroamPassword | |
OID | |
Description | Clear text password for eduroam authentication |
Semantics | - |
Values | - |
# of values | multi
Availabilty | - |
Syntax | Octet String
Examples | - |
Notes | SUP userPassword |
Use in federation | - |
niifValidityStart | |
OID | |
Description | When to enable this account |
Semantics | - |
Values | - |
# of values | single
Availabilty | - |
Syntax | Generalized Time
Examples | - |
Notes | - |
Use in federation | - |
niifExpireTime | |
OID | |
Description | When to disable this account |
Semantics | - |
Values | - |
# of values | single
Availabilty | - |
Syntax | Generalized Time
Examples | - |
Notes | - |
Use in federation | - |