NIIFSchema

Innen: KIFÜ Wiki

NIIF LDAP Schema

Versioning

Current version: 2.2

Change log

  • changes since 2.1b1
    • updated schema files

Schema files

ObjectClasses

niifPerson

niifPerson
Parent inetOrgPerson
OID 1.3.6.1.4.1.11914.0.0.0
Description -
Mandatory attributes -
Optional attributes


niifEduPerson

niifEduPerson
Parent eduPerson
OID 1.3.6.1.4.1.11914.0.0.9
Description -
Mandatory attributes -
Optional attributes


niifAuthenticatedObject

niifAuthenticatedObject
Parent -
OID 1.3.6.1.4.1.11914.0.0.10
Description An object having extra passwords
Mandatory attributes -
Optional attributes


Defined attributes

Attributes of niifPerson

niifUniqueID

niifUniqueID
OID 1.3.6.1.4.1.11914.0.1.3
Description Unique ID of a person.
Semantics <unique-local-ID>@<organization-domain>

The <organization-domain> part equals to the main internet domain of the organization (i.e.: 'sztaki.hu'). The <unique-local-ID> part is a sequence of letters (case insensitive) and numbers. It can be freely chosen by the home organization provided that the ID is unique within the scope of the organization and one and only one ID is assigned to every single person.

Values -
# of values single
Availabilty organizational
Syntax Directory String
Examples gmx3f0@bme.hu
Notes It is up to the local policy to define how the <unique-local-ID> is generated and how long does it represent a user. However, assigning the same ID to another person (after the first person entry has been removed from the directory) is deprecated.

It is recommended to import the user ID into <unique-local-ID> from a comprehensive user database (like Neptun and ETR at Hungarian Universities) if such a database exists.

Use in federation -


niifPrefix

niifPrefix
OID 1.3.6.1.4.1.11914.0.1.0
Description OBSOLETED, use #niifPersonPrefix
Semantics -
Values -
# of values multi
Availabilty -
Syntax Directory String
Examples -
Notes -
Use in federation -


niifPersonPrefix

niifPersonPrefix
OID 1.3.6.1.4.1.11914.0.1.165
Description Prefix of the person's name
Semantics A name should have only one prefix, multiple entitlements may be listed one after the other in the same value
Values -
# of values single
Availabilty public
Syntax Directory String
Examples Prof. Dr.
Notes -
Use in federation HREFAttributeSpec#schacPersonalTitle


niifStatus

niifStatus
OID 1.3.6.1.4.1.11914.0.1.1
Description OBSOLETED, use #niifPersonDegree
Semantics -
Values -
# of values multi
Availabilty -
Syntax Directory String
Examples -
Notes -
Use in federation -


niifPersonDegree

niifPersonDegree
OID 1.3.6.1.4.1.11914.0.1.166
Description Scientific degree of the person
Semantics Only the highest degree should be stored.
Values -
# of values multi
Availabilty public
Syntax Directory String
Examples kandidátus
Notes May be specified in multiple languages by the use of language tags
Use in federation -


niifTitle

niifTitle
OID 1.3.6.1.4.1.11914.0.1.2
Description OBSOLETED, use #niifPersonPosition
Semantics -
Values -
# of values multi
Availabilty -
Syntax Directory String
Examples -
Notes -
Use in federation -


niifPersonPosition

niifPersonPosition
OID 1.3.6.1.4.1.11914.0.1.167
Description Position of the person within a department or organization
Semantics -
Values -
# of values multi
Availabilty -
Syntax Directory String
Examples dékán
Notes May be specified in multiple languages by the use of language tags.

When a person is in relationship with multiple departments or organizations, no exact match between a status and a particular organization can be defined within an entry. To solve this situation, some relation-representing entry may be used, eg. use of the schacPersonalPosition attribute, which defines an URN format for this purpose.

Use in federation -


niifCertificateSubjectDN

niifCertificateSubjectDN
OID 1.3.6.1.4.1.11914.0.1.151
Description Subject DN of the certificate of the entity. This attribute is OBSOLETED, use #niifCertificateSHA1Fingerprint instead.
Semantics The value must describe a DN which identifies the certificate subject of the entity.
Values Unlike standard LDAP DN, this value must contain the same number of spaces between DN elements as it is tied in the certificate.
# of values multi
Availabilty -
Syntax Directory String
Examples cn=Bajnok Kristóf, ou=ITAK, o=Sztaki, c=HU
Notes Although it is possible for an entity to have more than one certificates at the same time, this kind of usage is deprecated.

When used, this attribute must be indexed. This attribute may be applied to any kind of entities that can be certified with an X.509 certificate, including persons, servers, network nodes, etc.

Use in federation -


niifCertificateSHA1Fingerprint

niifCertificateSHA1Fingerprint
OID 1.3.6.1.4.1.11914.0.1.173
Description Fingerprint of a certificate which belongs to the subject.
Semantics Multiple fingerprints may be stored in this attribute, if a subject has multiple valid certificates. This attribute uses case insensitive matching rule.
Values SHA-1 hash in hexadecimal string format without any separator characters.
# of values multi
Availabilty -
Syntax IA5String
Examples fe6d5980e2c02912024054cec114ee53ebeb2e6c
Notes -
Use in federation -


niifPersonDateOfBirth

niifPersonDateOfBirth
OID 1.3.6.1.4.1.11914.0.1.152
Description Date of birth of the person
Semantics -
Values YYYYMMDD date format according to RFC 3339 'full-date' format
# of values single
Availabilty confidential
Syntax Directory String
Examples 19800316
Notes It's recommended to use the schacDateOfBirth attribute instead, as it has the same syntax and semantics.
Use in federation HREFAttributeSpec#schacDateOfBirth,HREFAttributeSpec#schacYearOfBirth


niifPersonActivityStatus

niifPersonActivityStatus
OID 1.3.6.1.4.1.11914.0.1.153
Description Activity status
Semantics Describes whether the person is an active employee/student of the home organization
Values One of the term 'active' or 'inactive'
# of values single
Availabilty organizational
Syntax Directory String
Examples -
Notes -
Use in federation -


niifActiveMemberOf

niifActiveMemberOf
OID 1.3.6.1.4.1.11914.0.1.168
Description DN of a group entry to which the entity currently belongs.
Semantics -
Values -
# of values multi
Availabilty -
Syntax Directory String
Examples -
Notes As a special case, this attribute may be used to keep a record of a student's active major(s), but it's recommended to use #niifEduPersonMajor instead.
Use in federation -


niifPersonJoinDate

niifPersonJoinDate
OID 1.3.6.1.4.1.11914.0.1.169
Description Date of joining to the organization
Semantics Date of joining to the organization. For students it may represent the first date of enrollment.
Values YYYYMMDD date format according to RFC 3339 'full-date' format
# of values single
Availabilty organizational
Syntax Integer
Examples 19980901
Notes -
Use in federation -


niifPersonQuitDate

niifPersonQuitDate
OID 1.3.6.1.4.1.11914.0.1.170
Description Date of leaving the organization
Semantics -
Values YYYYMMDD date format according to RFC 3339 'full-date' format.
# of values single
Availabilty organizational
Syntax Integer
Examples 20030627
Notes If this date is in the past, niifPersonActivityStatus must be 'inactive', and the user should be locked out.
Use in federation -


niifPersonOrgID

niifPersonOrgID
OID 1.3.6.1.4.1.11914.0.1.154
Description Organizational ID of a person
Semantics ID of a person in a comprehensive organizational user database if such a database exists. This ID shall be unique within the organization.

It is strongly recommended to use the <unique-local-ID> part of the niifUniqueID as a value for niifPersonOrgID.

Values For integration with niifUniqueID, value must not contain the '@' mark.
# of values single
Availabilty -
Syntax Directory String
Examples -
Notes It is recommended to import the user ID into <unique-local-ID> from a comprehensive user database (like Neptun and ETR at Hungarian Universities) if such a database exists.

This attribute is for facilitating the use of user ID's in intra-organizational applications in cases when standard uid attribute can not be applied for some reason.

Use in federation -


niifPersonCityOfBirth

niifPersonCityOfBirth
OID 1.3.6.1.4.1.11914.0.1.155
Description The city or settlement where the person was born
Semantics Name of the city or settlement where the person was born. If the place of birth is outside the borders of Hungary, the name may be given in Hungarian.
Values -
# of values single
Availabilty confidential
Syntax Directory String
Examples Kolozsvár
Notes It's recommended to use the schacPlaceOfBirth attribute instead.
Use in federation -


niifPersonCountryOfBirth

niifPersonCountryOfBirth
OID 1.3.6.1.4.1.11914.0.1.156
Description The country where the person was born
Semantics Name of the country where the person was born. If the place of birth is outside the borders of Hungary, the name must be given in Hungarian.
Values -
# of values single
Availabilty confidential
Syntax Directory String
Examples Románia
Notes It's recommended to use the schacPlaceOfBirth attribute instead.
Use in federation -


niifPersonMothersName

niifPersonMothersName
OID 1.3.6.1.4.1.11914.0.1.157
Description Name of the mother of the person
Semantics Maiden name of the mother of the person.
Values -
# of values single
Availabilty confidential
Syntax Directory String
Examples -
Notes -
Use in federation -


niifPersonIdentityNumber

niifPersonIdentityNumber
OID 1.3.6.1.4.1.11914.0.1.158
Description Number of the Identity Card
Semantics Number of the Identity Card of the person or Passport Number for those who are non-Hungarian citizens
Values -
# of values single
Availabilty confidential
Syntax Directory String
Examples 329906AA
Notes Every Hungarian citizen by the age of 14 receives an Identity Card. For foreigners, Passport Number should be used. This number should never be made public.

Format of the code may vary as numbering scheme has been changed in the recent years. It's recommended to use the URN-formatted schacPersonalUniqueID attribute instead.

Use in federation -


niifPersonResidentialAddress

niifPersonResidentialAddress
OID 1.3.6.1.4.1.11914.0.1.159
Description Home address of the person
Semantics Permanent home address of the person. The postal code, the name of the city, street and apartment number shall be included.
Values -
# of values single
Availabilty confidential
Syntax Directory String
Examples 1234 Budapest, Harap u. 3.
Notes -
Use in federation -


Attributes of niifEduPerson

niifEduPersonFaculty

niifEduPersonFaculty
OID 1.3.6.1.4.1.11914.0.1.160
Description Faculty of the person
Semantics Full name of the faculty the person belongs to. List of accredited faculties can be found here (in institutional order): http://www.mab.hu/doc/akkrint040106.doc (in Hungarian)
Values -
# of values multi
Availabilty organizational
Syntax Directory String
Examples Villamosmérnöki és Informatikai Kar
Notes Local directory policy may mark this attribute as mandatory.

It is recommended if an LDAP entry has niifEduPersonFaculty attribute set, it should also have an eduPersonFacultyDN attribute pointing to the entry of the faculty.

Use in federation -


niifEduPersonFacultyDN

niifEduPersonFacultyDN
OID 1.3.6.1.4.1.11914.0.1.161
Description Pointer to the faculty of the person
Semantics DN of the faculty the person belongs to. It is recommended that faculties are placed under the ou=Units branch under the root suffix of the organization.
Values -
# of values multi
Availabilty organizational
Syntax DN
Examples ou=VIK,ou=Units,o=BME,c=HU
Notes This attribute has a meaning only if the person participates in education (eduPersonAffiliation=student or faculty)

Local directory policy may mark this attribute as mandatory.

Use in federation -


niifEduPersonMajor

niifEduPersonMajor
OID 1.3.6.1.4.1.11914.0.1.162
Description Major(s) of the student
Semantics Majors are defined at http://www.mab.hu/listak2.html (in Hungarian)
Values -
# of values multi
Availabilty organizational
Syntax Directory String
Examples műszaki informatikai
Notes This attribute has a meaning only if the person is a student (eduPersonAffiliation=student)

Local directory policy may mark this attribute as mandatory for students.

Use in federation -


niifEduPersonAcademicYear

niifEduPersonAcademicYear
OID 1.3.6.1.4.1.11914.0.1.163
Description Current academic year of the student. This attribute is DEPRECATED.
Semantics -
Values Integer numbers from 1 to the number of years required for graduation
# of values multi
Availabilty confidential
Syntax Directory String
Examples -
Notes This attribute has a meaning only if the person is a student (eduPersonAffiliation = student)

It is unclear that if a student has more than one majors, the number of which should be stored in this attribute and how a connection between major and year can be set up. As the concept of academic year gets lesser important (and not well-defined), depending on the value of this attribute is deprecated.

Use in federation -


niifEduPersonAttendedCourse

niifEduPersonAttendedCourse
OID 1.3.6.1.4.1.11914.0.1.164
Description Code of the courses the student attends to in the current semester
Semantics -
Values Course codes defined in the student calendar.
# of values multi
Availabilty -
Syntax Directory String
Examples * BMEVIMM1234
  • BMEVIMA3214
Notes This attribute has a meaning only if the person is a student (eduPersonAffiliation = student), and the values should be taken from the student calendar.
Use in federation -


niifEduPersonArchiveCourse

niifEduPersonArchiveCourse
OID 1.3.6.1.4.1.11914.0.1.171
Description Code of the courses the student have ever attended
Semantics -
Values Course codes defined in the student calendar.
# of values multi
Availabilty -
Syntax Directory String
Examples -
Notes This attribute has a meaning only if the person is a student (eduPersonAffiliation = student), and the values should be taken from the student calendar.
Use in federation -


niifEduPersonHeldCourse

niifEduPersonHeldCourse
OID 1.3.6.1.4.1.11914.0.1.172
Description Code of the courses which are associated with the faculty member or professor in the current semester.
Semantics -
Values Course codes defined in the student calendar.
# of values multi
Availabilty -
Syntax Directory String
Examples -
Notes This attribute has a meaning only if the person is a faculty (eduPersonAffiliation = faculty), the values should be taken from the student calendar.

For authorization decision reasons, courses from previous semester(s) might appear in this attribute if the local policy needs these additional values.

Use in federation -


Attributes of niifAuthenticatedObject

niifEduroamPassword

niifEduroamPassword
OID 1.3.6.1.4.1.11914.0.1.4
Description Clear text password for eduroam authentication
Semantics -
Values -
# of values multi
Availabilty -
Syntax Octet String
Examples -
Notes SUP userPassword
Use in federation -