...
OID | Syntax | values | relevance |
2.5.4.3 | DirectoryString | multi | MUST |
Shibboleth 1.x name: urn:mace:dir:attribute-def:cn | |||
SAML 2.0 name: urn:oid:2.5.4.3 | |||
(eduPerson201310) One of the two required attributes in the person object class (the other is sn).
...
OID | Syntax | values | relevance | |
2.5.4.13 | DirectoryString | Multi | May | Shibboleth 1.x name: urn:mace:dir:attribute-def:description|
SAML 2.0 name: urn:oid:2.5.4.13 | ||||
(eduPerson201310) Open-ended; whatever the person or the directory manager puts here.
...
OID | Syntax | values | relevance | |
2.16.840.1.113730.3.1.241 | DirectoryString | Single | MUST | Shibboleth 1.x name: urn:mace:dir:attribute-def:displayName|
SAML 2.0 name: urn:oid:2.16.840.1.113730.3.1.241 | ||||
(eduPerson201310) The name(s) that should appear in white-pages-like applications for this person.
...
OID | Syntax | values | relevance |
2.16.840.1.113730.3.1.3 | DirectoryString | Single | May |
Shibboleth 1.x name: urn:mace:dir:attribute-def:employeeNumber | |||
SAML 2.0 name: urn:oid:2.16.840.1.113730.3.1.3 | |||
Locally unique.
Examples:
employeeNumber: 1054Locally unique.
Examples:
employeeNumber: 1054facsimileTelephoneNumber
(RFC 2256 RFC 4519) The 'facsimileTelephoneNumber' attribute type contains telephone numbers (and, optionally, the parameters) for facsimile terminals. Each telephone number is one value of this multi-valued attribute.
OID | Syntax | values | relevance | |
2.5.4.23 | FacsimileTelephoneNumber | Multi | May | Shibboleth 1.x name: urn:mace:dir:attribute-def:facsimileTelephoneNumber|
SAML 2.0 name: urn:oid:2.5.4.23 | ||||
(eduPerson201310) Attribute values should comply with the ITU Recommendation E.123 [E.123]: i.e., "+44 71 123 4567."
...
OID | Syntax | values | relevance | |
2.5.4.42 | DirectoryString | Multi | MUST | Shibboleth 1.x name: urn:mace:dir:attribute-def:givenName|
SAML 2.0 name: urn:oid:2.5.4.42 | ||||
As from version 2.2 of the schema, in Haka, the givenName attribute type is interpretated as defined in RFC 2256 with special complements below.
...
OID | Syntax | values | relevance |
0.9.2342.19200300.100.1.20 | TelephoneNumber | Multi | May |
Shibboleth 1.x name: urn:mace:dir:attribute-def:homePhone | |||
SAML 2.0 name: urn:oid:0.9.2342.19200300.100.1.20 | |||
Examples:
Examples:
homePhone: +358 homePhone: +358 3 317 7059
homePostalAddress
...
OID | Syntax | values | relevance |
0.9.2342.19200300.100.1.39 | PostalAddress | Multi | May |
Shibboleth 1.x name: urn:mace:dir:attribute-def:homePostalAddress | |||
SAML 2.0 name: urn:oid:0.9.2342.19200300.100.1.39 | |||
$ is used as a line separator
...
OID | Syntax | values | relevance |
0.9.2342.19200300.100.1.60 | JPEG | Multi | May |
SAML 2.0 name: urn:oid:0.9.2342.19200300.100.1.60 | |||
l / localityName
(RFC 2256 / RFC 4519) The 'l' ('localityName' in X.500) attribute type contains names of a locality or place, such as a city, county, or other geographic region. Each name is one value of this multi-valued attribute."This attribute contains the name of a locality, such as a city, county or other geographic region (localityName).
OID | Syntax | values | relevance |
2.5.4.7 | DirectoryString | Multi | May |
Shibboleth 1.x name: urn:mace:dir:attribute-def:l | |||
Examples:
l: Viikki
labeledURI
...
OID | Syntax | values | relevance |
1.3.6.1.4.1.250.1.57 | DirectoryString | Multi | May |
Shibboleth 1.x name: urn:mace:dir:attribute-def:labeledURI | |||
(eduPerson201310) Good candidate for a self-maintained attribute. Note, however, that the vocabulary for the label portion of the value is not standardized.
...
OID | Syntax | values | relevance | |
0.9.2342.19200300.100.1.3 | IA5String | Multi | SHOULD | Shibboleth 1.x name: urn:mace:dir:attribute-def:mail|
SAML 2.0 name: urn:oid:0.9.2342.19200300.100.1.3 | ||||
(eduPerson201310) Preferred address for the "to:" field of email to be sent to this person. Usually of the form localid@univ.edu. Though multi-valued, there is often only one value.
...
(RFC 4524) The 'mobile' (mobileTelephoneNumber) attribute specifies mobile telephone numbers (e.g., "+1 775 555 6789") associated with a person (or entity). (RFC1274) The Mobile Telephone Number attribute type specifies a mobile telephone number associated with a person. Attribute values should follow the agreed format for international telephone numbers: i.e., "+44 71 123 4567".123 4567".
OID | Syntax | values | relevance |
0 | |||
OID | Syntax | values | relevance |
0.9.2342.19200300.100.1.41 | TelephoneNumber | Multi | May |
Shibboleth 1.x name: urn:mace:dir:attribute-def:mobile | |||
.9.2342.19200300.100.1.41 | TelephoneNumber | Multi | May |
(eduPerson201310) cellular or mobile phone number. Attribute values should comply with the ITU Recommendation E.123 [E.123]: i.e., "+44 71 123 4567."
...
OID | Syntax | values | relevance |
2.5.4.10 | DirectoryString | Multi | May |
Shibboleth 1.x name: urn:mace:dir:attribute-def:o | |||
Examples:
o: University of Tampere
...
OID | Syntax | values | relevance |
2.5.4.11 | DirectoryString | Multi | May |
Shibboleth 1.x name: urn:mace:dir:attribute-def:ou | |||
SAML 2.0 name: urn:oid:2.5.4.11 | |||
(eduPerson201310) The designated organizational unit is understood to be part of an organization designated by an OrganizationName [o] attribute. It follows that if an Organizational Unit Name attribute is used in a directory name, it must be associated with an OrganizationName [o] attribute.
...
(eduPerson201310) Campus or office address. inetOrgPerson has a homePostalAddress that complements this attribute. X.520(2000) reads: "The Postal Address attribute type specifies the address information required for the physical postal delivery to an object."
OID | Syntax | values | relevance | |
2.5.4.16 | PostalAddress | Multi | May | |
Shibboleth 1.x name: urn:mace:dir:attribute-def:postalAddress | ||||
relevance | ||||
2. | SAML 2.0 name: urn:oid:2.5.4.16 | PostalAddress | Multi | May |
Examples:
postalAddress: P.O. Box 405$02101 Espoo
...
OID | Syntax | values | relevance |
2.5.4.17 | DirectoryString | Multi | May |
Shibboleth 1.x name: urn:mace:dir:attribute-def:postalCode | |||
(eduPerson201310) ZIP code in USA, postal code for other countries.
...
OID | Syntax | values | relevance |
2.16.840.1.113730.3.1.39 | DirectoryString | Single | May |
Shibboleth 1.x name: urn:mace:dir:attribute-def:preferredLanguage | |||
SAML 2.0 name: urn:oid:2.16.840.1.113730.3.1.39 | |||
(eduPerson201310) See RFC 2068 and ISO 639 for allowable values in this field. Esperanto, for example is EO in ISO 639, and RFC 2068 would allow a value of en-US for US English.
...
(RFC 4519) The 'seeAlso' attribute type contains the distinguished names of objects that are related to the subject object. Each related object name is one value of this multi-valued attribute.
OID | Syntax | values | relevance |
OID | Syntax | values | relevance |
2.5.4.34 | DistinguishedName | Multi | May |
Shibboleth 1.x name: urn:mace:dir:attribute-def:seeAlso | |||
2.5.4.34 | DistinguishedName | Multi | May |
Examples:
seeAlso: cn=Department Chair, ou=physics, o=University of Technology, dc=utech, dc=ac, dc=uk
...
OID | Syntax | values | relevance |
2.5.4.4 | DirectoryString | Multi | MUST |
Shibboleth 1.x name: urn:mace:dir:attribute-def:sn | |||
Object class person requires that the sn is defined.
...
OID | Syntax | values | relevance |
2.5.4.9 | DirectoryString | Multi | May |
Shibboleth 1.x name: urn:mace:dir:attribute-def:street | |||
SAML 2.0 name: urn:oid:2.5.4.9 | |||
Examples:
street: Korkeakoulunkatu 1
...
OID | Syntax | values | relevance |
2.5.4.20 | TelephoneNumber | Multi | May |
Shibboleth 1.x name: urn:mace:dir:attribute-def:telephoneNumber | |||
May | SAML 2.0 name: urn:oid:2.5.4.20|||
title
(RFC 4519) The 'title' attribute type contains the title of a person in their organizational context. Each title is one value of this multi-valued attribute.
OID | Syntax | values | relevance |
2.5.4.12 | DirectoryString | Multi | May |
Shibboleth 1.x name: urn:mace:dir:attribute-def:title | |||
Examples:
Title: professor
...
OID | Syntax | values | relevance | |
0.9.2342.19200300.100.1.1 | DirectoryString | Multi | May | Shibboleth 1.x name: urn:mace:dir:attribute-def:uid|
SAML 2.0 name: urn:oid:0.9.2342.19200300.100.1.1 | ||||
(eduPerson201310) Likely only one value. See the extensive discussion in the "LDAP Recipe" ( https://www.internet2.edu/media/medialibrary/2013/09/09/ldap-recipe.htm).
...
OID | Syntax | values | relevance | |
2.5.4.36 | Certificate | Multi | May | SAML 2.0 name: urn:oid:2.5.4.36
(eduPerson201310) Note that userSMIMECertificate is in binary syntax (1.3.6.1.4.1.1466.115.121.1.5) whereas the userCertificate attribute is in certificate syntax (1.3.6.1.4.1.1466.115.121.1.8).
...
OID | Syntax |
| relevance |
2.5.4.35 | DirectoryString | Multi | May |
|
|
|
|
(eduPerson200312eduPerson200806) The user pw is hidden, and is used in the bind operation in LDAP. The bind operation must be done over SSL to avoid sending clear text passwords over the wire or through the air.
...
OID | Syntax | values | relevance | |
2.16.840.1.113730.3.1.40 | Binary | Multi | May | SAML 2.0 name: urn:oid:2.16.840.1.113730.3.1.40
(RFC 2798) If available, this attribute is preferred over the userCertificate attribute for S/MIME applications. This attribute is to be stored and requested in the binary form, as 'userSMIMECertificate;binary.'
...