Directory Attribute Schema

Please visit Sun's website for Standard LDAP Schema.

These sections below describe the custom CalNet Directory attribute schema for "people" entries and provide resources to help you find the information you need.

LDAP People Data

Information about a person is stored in LDAP in a standard person entry and in sub-entries.

Please see the LDAP People Entry Structure for sample entries and information about specific attributes used in the LDAP People OU.

LDAP Attributes Data Types

Syntax and OID

Definition

Binary 
1.3.6.1.4.1.1466.115.121.1.5

Indicates that values for this attribute are treated as binary data, and cannot be matched.

Boolean 
1.3.6.1.4.1.1466.115.121.1.7

Indicates that this attribute has one of only two values: true or false.

CountryString 
1.3.6.1.4.1.1466.115.121.1.11

Indicates that values for this attribute are limited to exactly two printable string characters, representing the ISO code of a country for example fr.

DN 
1.3.6.1.4.1.1466.115.121.1.12

Indicates that values for this attribute are DNs (distinguished names).

DirectoryString 
1.3.6.1.4.1.1466.115.121.1.15

Indicates that values for this attribute are UTF-8 encoded characters, and are treated as case insensitive.

GeneralizedTime 
1.3.6.1.4.1.1466.115.121.1.24

Indicates that values for this attribute are encoded as printable strings. The time zone must be specified. It is strongly recommended to use GMT. 
Format: YYYYMMDDHHMMSSZ (Z signifies GMT)

IA5String 
1.3.6.1.4.1.1466.115.121.1.26

Indicates that values for this attribute must contain only ASCII characters, and are treated as case sensitive.

Integer 
1.3.6.1.4.1.1466.115.121.1.27

Indicates that valid values for this attribute are numbers.

OctetString 
1.3.6.1.4.1.1466.115.121.1.40

Same behavior as binary.

PostalAddress 
1.3.6.1.4.1.1466.115.121.1.41

Indicates that values for this attribute are encoded as dstring[$ dstring]* where each dstring component is encoded as a value with DirectoryString syntax. Backslashes and dollar characters within dstring must be quoted, so that they will not be mistaken for line delimiters. Many servers limit the postal address to 6 lines of up to thirty characters. For example: 1234 Main St.$Anytown, TX 12345$USA

TelephoneNumber 
1.3.6.1.4.1.1466.115.121.1.50

Indicates that values for this attribute are in the form of telephone numbers. It is recommended to use telephone numbers in international form.

URI 
1.3.6.1.4.1.4401.1.1.1

Indicates that the values for this attribute are in the form of a URL, introduced by a string such as *

http://*

, *

https://*

ftpLDAP. The URI has the same behavior as IA5String. See RFC 2396.

LDAP Index Types

Type

Definition

approx

approximate; allows for phonetic or 'sounds-like' searching

eq

equality; returns every entry containing specific value

pres

presence; returns every entry containing the indexed attribute

sub

substring; returns every entry containing the specified substring

Single-Valued and Multi-Valued Attributes

By default, most attributes are multi-valued. This means that a single LDAP entry can contain the same attribute more than once with different values in each instance. For example, the cntelephoneNumber andobjectClass attributes are multi-valued and can have more than one value. Attributes that are single-valued will only appear once in an LDAP entry and are noted as such. For example, uid attribute can have only one possible value.

Additional Notes

'Flag' attributes (e.g., berkeleyedutestidflag) will return a value of 'true' or 'false'