9
szerkesztés
Módosítások
a
|mandatory=
* [[#niifUniqueId]]
=== niifEduPerson ===
→niifAuthenticatedObject
== Versioning ==
Current version: '''2.13'''
== ObjectClasses =Change log ===* changes in 2.3** extend [[#niifAuthenticatedObject]] with [[#niifValidityStart]] and [[#niifExpireTime]] attributes * changes since 2.1b2** add [[#niifAuthenticatedObject]] and its [[#niifEduroamPassword]] * changes since 2.1b1** updated schema files * changes since 2.0b5** add [[#niifCertificateSHA1Fingerprint]]** add [[#niifEduPersonArchiveCourse]]** add [[#niifEduPersonHeldCourse]]** mark [[#niifCertificateSubjectDN]] as obsolete = Schema files =* Sun DS format: [[Kép:99-niifschema.ldif|NIIF-SunDS.schema]]* OpenLDAP format: [[Kép:NIIF-OpenLDAP.schema|NIIF-OpenLDAP.schema]]* [[Kép:niifAuthentication.ldif]] =ObjectClasses === niifPerson ===
{{LDAPObjectClassDef|name=niifPerson
|parent=inetOrgPerson
|OID=1.3.6.1.4.1.11914.0.0.0
|optional=
* [[#niifPersonPrefix]]
* [[#niifPersonDegree]]
* [[#niifPersonPosition]]
* <strike>[[#niifPrefix]]</strike>* <strike>[[#niifStatus]]</strike>* <strike>[[#niifTitle]]</strike>* <strike>[[#niifCertificateSubjectDN]]</strike>
* [[#niifPersonDateOfBirth]]
* [[#niifPersonActivityStatus]]
* [[#niifPersonIdentityNumber]]
* [[#niifPersonResidentalAddress]]
* [[#niifUniqueId]]
}}
{{LDAPObjectClassDef|name=niifEduPerson
|parent=eduPerson
}}
== niifAuthenticatedObject =={{LDAPObjectClassDef|name=niifAuthenticatedObject|OID=1.3.6.1.4.1.11914.0.0.10|description=An object having extra passwords or time-limited validity|optional=* [[#niifEduroamPassword]]* [[#niifValidityStart]]* [[#niifExpireTime]]}} = Defined attributes = == Attributes of niifPerson ==
=== niifUniqueID ===
|name= niifUniqueID
|OID= 1.3.6.1.4.1.11914.0.1.3
|numOfValuesnumofvalues= single
|availability= organizational
|description= Unique ID of a person.
|description= Prefix of the person's name
|semantics= A name should have only one prefix, multiple entitlements may be listed one after the other in the same value
|numOfValuesnumofvalues=single
|availability=public
|example=Prof. Dr.
|OID= 1.3.6.1.4.1.11914.0.1.166
|description= Scientific degree of the person
|notessemantics= Only the highest degree should be stored.|notes= May be specified in multiple languages by the use of language tags
|availability= public
|example= kandidátus
}}
|description= Position of the person within a department or organization
|example= dékán
|notes= May be specified in multiple languages by the use of language tags. Also see When a person is in relationship with multiple departments or organizations, no exact match between a status and a particular organization can be defined within an entry. To solve this situation, some relation-representing entry may be used, eg. use of the schacPersonalPosition attribute, which defines an URN format for this purpose.
}}
|name= niifCertificateSubjectDN
|OID= 1.3.6.1.4.1.11914.0.1.151
|description= Subject DN of the certificate of the entity. This attribute is '''OBSOLETED''', use [[#niifCertificateSHA1Fingerprint]] instead.|semantics= The value must describe a DN which identifies the certificate subject of the entity. |values= Unlike standard LDAP DN, this value must contain the same number of spaces between DN elements as it is tied in the certificate.|example= cn=Bajnok Kristóf, ou=ITAK, o=Sztaki, c=HU|notes= Although it is possible for an entity to have more than one certificates at the same time, this kind of usage is deprecated.When used, this attribute must be indexed.This attribute may be applied to any kind of entities that can be certified with an X.509 certificate, including persons, servers, network nodes, etc.
}}
{{LDAPAttributeDef
|name= niifCertificateSHA1Fingerprint
|OID= 1.3.6.1.4.1.11914.0.1.168173
|description= Fingerprint of a certificate which belongs to the subject.
|semantics= Multiple fingerprints may be stored in this attribute, if a subject has multiple valid certificates. This attribute uses case insensitive matching rule.
|valuevalues= SHA-1 hash in hexadecimal string format without any separator characters.
|example= fe6d5980e2c02912024054cec114ee53ebeb2e6c
|numofvalues= multi
|useinfederation=[[HREFAttributeSpec#schacDateOfBirth]],[[HREFAttributeSpec#schacYearOfBirth]]
|notes= It's recommended to use the schacDateOfBirth attribute instead, as it has the same syntax and semantics.
|example= 19800316
}}
|numofvalues= single
|availability= organizational
|example= 19980901
}}
|notes= If this date is in the past, niifPersonActivityStatus must be 'inactive', and the user should be locked out.
|availability= organizational
|example= 20030627
}}
|numofvalues= single
|availability= confidential
|example= Kolozsvár
|notes= It's recommended to use the schacPlaceOfBirth attribute instead.
}}
|numofvalues= single
|availability= confidential
|example= Románia
|notes= It's recommended to use the schacPlaceOfBirth attribute instead.
}}
|numofvalues= single
|availability= confidential
|example= 329906AA
|notes= Every Hungarian citizen by the age of 14 receives an Identity Card. For foreigners, Passport Number should be used. This number should never be made public.
Format of the code may vary as numbering scheme has been changed in the recent years.
|numofvalues= single
|availability= confidential
|example= 1234 Budapest, Harap u. 3.
}}
== Attributes of niifEduPerson ==
=== niifEduPersonFaculty ===
|name= niifEduPersonFaculty
|OID= 1.3.6.1.4.1.11914.0.1.160
|description= Faculty of the person
|semantics= Full name of the faculty the person belongs to. List of accredited faculties can be found here (in institutional order): http://www.mab.hu/doc/akkrint040106.doc (in Hungarian)
|availability= organizational
|example= Villamosmérnöki és Informatikai Kar
|notes= Local directory policy may mark this attribute as mandatory.
It is recommended if an LDAP entry has niifEduPersonFaculty attribute set, it should also have an eduPersonFacultyDN attribute pointing to the entry of the faculty.
}}
{{LDAPAttributeDef|name=niifEduPersonFacultyDN
|OID=1.3.6.1.4.1.11914.0.1.161
|description= Pointer to the faculty of the person
|semantics= DN of the faculty the person belongs to. It is recommended that faculties are placed under the ou=Units branch under the root suffix of the organization.
|syntax= DN
|availability= organizational
|example= ou=VIK,ou=Units,o=BME,c=HU
|notes= This attribute has a meaning only if the person participates in education (eduPersonAffiliation=student or faculty)
Local directory policy may mark this attribute as mandatory.
}}
|name= niifEduPersonMajor
|OID= 1.3.6.1.4.1.11914.0.1.162
|description= Major(s) of the student
|semantics= Majors are defined at http://www.mab.hu/listak2.html (in Hungarian)
|availability= organizational
|example= műszaki informatikai
|notes= This attribute has a meaning only if the person is a student (eduPersonAffiliation=student)
Local directory policy may mark this attribute as mandatory for students.
}}
|name= niifEduPersonAcademicYear
|OID= 1.3.6.1.4.1.11914.0.1.163
|description= Current academic year of the student. This attribute is '''DEPRECATED'''.
|values= Integer numbers from 1 to the number of years required for graduation
|availability= confidential
|notes= This attribute has a meaning only if the person is a student (eduPersonAffiliation = student)
It is unclear that if a student has more than one majors, the number of which should be stored in this attribute and how a connection between major and year can be set up. As the concept of academic year gets lesser important (and not well-defined), depending on the value of this attribute is deprecated.
}}
{{LDAPAttributeDef|name=niifEduPersonAttendedCourse
|OID=1.3.6.1.4.1.11914.0.1.164
|description= Code of the courses the student attends to in the current semester
|values= Course codes defined in the student calendar.
|example=
* BMEVIMM1234
* BMEVIMA3214
|notes= This attribute has a meaning only if the person is a student (eduPersonAffiliation = student), and the values should be taken from the student calendar.
}}
{{LDAPAttributeDef
|name= niifEduPersonArchiveCourse
|OID= 1.3.6.1.4.1.11914.0.1.165171|description= Code of the courses the student have ever attended|values= Course codes defined in the student calendar.|notes= This attribute has a meaning only if the person is a student (eduPersonAffiliation = student), and the values should be taken from the student calendar.}} === niifEduPersonHeldCourse ==={{LDAPAttributeDef|name= niifEduPersonHeldCourse|OID= 1.3.6.1.4.1.11914.0.1.172|description= Code of the courses which are associated with the faculty member or professor in the current semester.|values= Course codes defined in the student calendar.|notes= This attribute has a meaning only if the person is a faculty (eduPersonAffiliation = faculty), the values should be taken from the student calendar.For authorization decision reasons, courses from previous semester(s) might appear in this attribute if the local policy needs these additional values.}} == Attributes of niifAuthenticatedObject == === niifEduroamPassword ==={{LDAPAttributeDef|name=niifEduroamPassword|OID=1.3.6.1.4.1.11914.0.1.4|description=Clear text password for eduroam authentication|notes=SUP userPassword|syntax=Octet String
}}
=== niifEduPersonArchiveCourse niifValidityStart ===
{{LDAPAttributeDef
|name= niifEduPersonArchiveCourseniifValidityStart|OID= 1.3.6.1.4.1.11914.0.1.1665|numofvalues= single|description=When to enable this account|syntax=Generalized Time
}}
=== niifEduPersonHeldCourse niifExpireTime ===
{{LDAPAttributeDef
|name= niifEduPersonHeldCourseniifExpireTime|OID= 1.3.6.1.4.1.11914.0.1.1676|numofvalues= single|description=When to disable this account|syntax=Generalized Time
}}
