|
|
Information Services@ANU > Computing@ANU > Login and Passwords > LDAP
LDAP
Division of Information LDAP Service
DOI runs an LDAP service to provide authentication for a number of services
such as the Web
Cache, Reverse
Proxy, web servers, file servers and other services. The LDAP server can
also be used by areas of the University to authenticate their own services. The
LDAP service contains all employee, student, affiliate and functional accounts
managed by the ANU identity Manager and OLAMS.
The LDAP service can also be used within mail clients for address lookup.
The basic configuration information required is as follows:
server: ldap.anu.edu.au
port: 389 (this is the default)
search root: o=anu.edu.au
no authentication or SSL required (although both can be used).
How to configure LDAP searching for Outlook 2003
For areas wishing to authenticate users the DN template to be used when
binding is:
uid=<UniID>, ou=People, o=anu.edu.au
For example uid=u1234564, ou=People, o=anu.edu.au
The LDAP server can be used without authentication from ANU IP addresses, but
requires authentication from outside ANU. It will depend on your email program
as to whether that is possible.
For further information contact
doi.helpdesk@anu.edu.au
LDAP data
The data that is used to define an ANU user, and that is made available
through the LDAP service, is sourced from a number of different places. The
PeopleSoft systems of record, for Human Resources data and Student data, supply
a subset of their data to the Online Account Management System (OLAMS). Some
data is supplied through account registration forms available to LITSS to create
Affiliate and Functional accounts.
Some of the data is modifiable through the Identity Manager, the OLAMS, and
some data can only be modified through the system of record which created it.
Telephone data is supplied from the 'Phoneware' telephone system of record.
This document describes the LDAP attributes which may be of interest for
those who wish to use the ldap servers for directory lookup, authentication,
naming service etc.
LDAP Attributes (click the attribute name to view
details)
Attribute Description
|
Attribute Name
|
surname
|
|
LDAP Abbreviation
|
sn
|
|
Description
|
The family name of an individual.
|
|
Allowed Values
|
Character strings
|
|
Multiple Values
|
No
|
|
Data Type
|
Character string
|
|
Update Rules
|
The surname attribute for Staff and Student accounts are sourced from the
Surname value passed from the Peoplesoft system of record. Updates are not
permitted from external systems. All changes must come for the Peoplesoft
system.
The surname attribute for an Affiliate account is created by LITSS during the
account creation process. Updates can be made by LITSS using the OLAMS as
required.
The surname attribute for a Functional account is created from the functional
alias name entered by the LITSS when the account is created using the OLAMS.
|
|
Example Values
|
Noble, Belcher-Walton
|
|
Attribute Name
|
commonName
|
|
LDAP Abbreviation
|
cn
|
|
Description
|
The person's full name as represented by the concatenation of their givenName
attribute and their surname attribute.
|
|
Allowed Values
|
Character strings
|
|
Multiple Values
|
Yes
|
|
Data Type
|
Character string
|
|
Update Rules
|
The "commonName" attribute for Staff and Student accounts is sourced from:
- the concatentation of the "Surname", and "Given Names" attribute values from
the Peoplesoft system of record. Updates are not permitted from external
systems. All changes must come from the Peoplesoft system.
- the person's firstname.lastname@anu.edu.au mail alias value, if they have
one.
The commonName attribute for an Affiliate account is created by LITSS during
the account creation process. Updates can be made by LITSS using the OLAMS as
required.
The commonName attribute for a Functional is created from the functional alias
name entered by the LITSS when the account is created using the OLAMS.
|
|
Example Values
|
Robert Jamison, Leonie Elizabeth Thomas
|
|
Attribute Name
|
telephoneNumber
|
|
LDAP Abbreviation
|
telephoneNumber
|
|
Description
|
This attribute contains a person's telephone number(s).
|
|
Allowed Values
|
Character strings
|
|
Multiple Values
|
Yes
|
|
Data Type
|
Character string
|
|
Update Rules
|
For Student and Functional accounts this attribute is not populated.
For Staff accounts this attribute is populated from the Phoneware system. See
Making Changes to the ANU Online
Staff Directory to update this attribute.
For Affiliate accounts this attribute is populated from telephone data from the
OLAMS Affiliate account creation form. It may be modified through the OLAMS.
|
|
Example Values
|
6125 1234
51234
|
|
Attribute Name
|
userPassword
|
|
LDAP Abbreviation
|
userPassword
|
|
Description
|
Password for user account.
|
|
Allowed Values
|
Encrypted string.
|
|
Multiple Values
|
No
|
|
Data Type
|
Character string
|
|
Update Rules
|
For Student accounts the inital password is set to the PAC they are issued
with when they enrol for the first time. This attribute may be changed by the
account owner through the ANU Identity
Manager or their designated LITSS through the OLAMS.
|
|
Attribute Name
|
organizationalUnitName
|
|
LDAP Abbreviation
|
ou
|
|
Description
|
This attribute contains the ANU organizational unit with which a person is
associated. It is calculated as the concatenation of the 'Department
Description' and the 'School Description' fields from the Peoplesoft system of
record for Human Resources data.
This attribute is not populated for Affiliate, Student or Functional accounts.
|
|
Allowed Values
|
Character string
|
|
Multiple Values
|
Yes
|
|
Data Type
|
Character string
|
|
Update Rules
|
This attribute can only be modified in the Peoplesoft system of record for
Human Resources.
|
|
Example Values
|
Graduate School Scholarships,Graduate School
Student Admissions,Student Academic Services
Biochemistry/Molecular Biology,Faculty of Science
|
|
|
|
Attribute Name
|
displayName
|
|
LDAP Abbreviation
|
displayName
|
|
Description
|
The preferred name of a person to be used when displaying their entry.
|
|
Allowed Values
|
Character string
|
|
Multiple Values
|
No
|
|
Data Type
|
Character string
|
|
Update Rules
|
For Staff, Student and Affiliate accounts this attribute is calculated as the
concatentation of "givenName" and "surname" attributes.
For a Functional account this attribute is set to the value of the "uid"
attribute. This attribute can be modified on Identify Manager.
This attribute may be changed by the account owner through
ANU Identity Manager.
|
|
Example Values
|
Francis Beatrice Riley, John Palmer, f1234
|
|
|
|
Attribute Name
|
givenName
|
|
LDAP Abbreviation
|
givenName
|
|
Description
|
Given names of an individual.
|
|
Allowed Values
|
Character string
|
|
Multiple Values
|
No
|
|
Data Type
|
Character string
|
|
Update Rules
|
The givenName attribute for Staff and Student accounts is sourced from the
Peoplesoft system of record. Updates are not permitted from external systems.
All changes must come from the Peoplesoft system.
The givenName attribute for an Affiliate account is created by LITSS during the
account creation process. Updates can be made by LITSS using the OLAMS as
required.
The givenName attribute is not populated for functional accounts.
|
|
Example Values
|
Julie Clare, Douglas James
|
|
|
|
Attribute Name
|
initials
|
|
LDAP Abbreviation
|
initials
|
|
Description
|
The initials of the person's name.
|
|
Allowed Values
|
Character strings
|
|
Multiple Values
|
No
|
|
Data Type
|
Character string
|
|
Update Rules
|
The initials attribute for Staff and Student accounts is a sourced from the
Peoplesoft system of record. Updates are not permitted from external systems.
All changes must come for the Peoplesoft system.
The initials attribute is not populated for affiliate and functional
accounts.
|
|
Example Values
|
PC, BFG
|
|
|
|
Attribute Name
|
mail, rfc822mailbox
|
|
LDAP Abbreviation
|
mail
|
|
Description
|
Holds an Internet email address for the person.
It will contain a firstname.lastname@anu.edu.au alias if the user has one,
otherwise it will contain the uXXXXXXX@anu.edu.au where uXXXXXXX is the value of
the person's uid attribute.
|
|
Allowed Values
|
firstname.lastname@anu.edu.au
litss_specified_string@anu.edu.au
uXXXXXXX@anu.edu.au where X is an integer
aXXXXXX where X is an integer
fXXXX@anu.edu.au where X is an integer
|
|
Multiple Values
|
No
|
|
Data Type
|
Character string
|
|
Update Rules
|
The mail attribute for Staff and Student accounts defaults to
uXXXXXXX@anu.edu.au. A firstname.lastname alias may be created by a LITSS where
appropriate.
The mail attribute for Affiliate accounts defaults to aXXXXXX@anu.edu.au. A
firstname.lastname alias may be created by a LITSS where appropriate.
The mail attribute for Functional accounts defaults to fXXXX@anu.edu.au. An
alias may be created by a LITSS where appropriate.
|
|
Example Values
|
brent.williams@anu.edu.au, it.security@anu.edu.au, u1234567@anu.edu.au,
a123456@anu.edu.au, f1234@anu.edu.au.
|
|
|
|
Attribute Name
|
uid, userid
|
|
LDAP Abbreviation
|
uid
|
|
Description
|
The user account name for a person.
It will contain:
uXXXXXXX for a Staff or Student account
aXXXXXX for an Affiliate account
fXXXX for a functional account. (where X is an integer)
|
|
Allowed Values
|
Character strings
|
|
Multiple Values
|
No
|
|
Data Type
|
Character string
|
|
Update Rules
|
The uid attribute for Staff and Student accounts is created by prepending the
letter "u" onto the Employee ID or Student ID sourced from the Peoplesoft system
of record. Updates are not permitted.
The uid attribute for Affiliate and Functional accounts are generated by the
OLAMS at the time the account is created. Updates are not permitted.
The uid attribute for all categories of accounts are persistent and are not
recycled.
|
|
Example Values
|
u1234567, a123456, f1234
|
|
|
|
|
Attribute Name
|
affiliation
|
|
LDAP Abbreviation
|
affiliation
|
|
Description
|
The affiliation attribute reflects the type of association the account holder
has with the ANU. It is assigned based on the origin of the data.
If the account data is sourced from the Peoplesoft system of record for Human
Resources, the affiliation is assigned as Staff.
If the account data is sourced from the Peoplesoft system of record for
Students, the affiliation is assigned as Student.
If the account data is sourced from the OLAMS affiliate account form the
affiliation is assigned as Affiliate.
If the account data is sourced from the OLAMS functional account form the
affiliation is assigned as Functional. Those users who are nominated as Local IT
Support Staff (LITSS) for their areas are assigned the affiliation of LITSS.
|
|
Allowed Values
|
staff
student
affiliate
functional
litss
|
|
Multiple Values
|
Yes
|
|
Data Type
|
String
|
|
Update Rules
|
The affiliation of LITSS maybe modified through the OLAMS. All other
affiliations can only be modified through the systems of record.
|
|
Example Values
|
Staff, Student, Affiliate, Functional, LITSS
|
|
Attribute Name
|
ANUCourseSession
|
|
LDAP Abbreviation
|
ANUCourseSession
|
|
Description
|
This attribute contains the course unit name and session information for an
account. It is populated with the "course", "term", and "class" fields from the
PeopleSoft system of record for Students.
|
|
Allowed Values
|
Character strings, in the format Unit_Code,Semester_Number Year, Class_Code.
|
|
Multiple Values
|
Yes
|
|
Data Type
|
Character string
|
|
Update Rules
|
This field can only be modified in the PeopleSoft system of record for
students.
|
|
Example Values
|
ANCH2009,Sem 1 2007,6398
GREK2104,Sem 1 2007,6403
LATN2103,Sem 1 2007,6408
|
|
Attribute Name
|
ANUStaffType
|
|
LDAP Abbreviation
|
ANUStaffType
|
|
Description
|
This attribute contains the employment category for Staff accounts. The data
is from the PeopleSoft system of record for Human Resources.
|
|
Allowed Values
|
Academic Staff
General Staff
Casual General Staff
Casual Academic Staff
Academic Visitor
Other
Scholars
External
|
|
Multiple Values
|
Yes
|
|
Data Type
|
Character string
|
|
Update Rules
|
This field can only be modified in the PeopleSoft the system of record for
Human Resources.
|
|
Example Values
|
Academic Staff
General Staff
Casual General Staff
Casual Academic Staff
Academic Visitor
Other
Scholars
External
|
|
Attribute Name
|
anustudentintensity
|
|
LDAP Abbreviation
|
anustudentintensity
|
|
Description
|
This attribute contains the attendance pattern for Student accounts. It is
populated the "intensity" field from the PeopleSoft system of record for
Students.
|
|
Allowed Values
|
part time
full time
|
|
Multiple Values
|
No
|
|
Data Type
|
Character string
|
|
Update Rules
|
This field can only be modified in the PeopleSoft the system of record for
Students.
|
|
Example Values
|
part time
full time
|
|
Attribute Name
|
ANUStudentStatus
|
|
LDAP Abbreviation
|
ANUStudentStatus
|
|
Description
|
This attribute contains the student category for Student accounts. It is
populated with the "status" field from the PeopleSoft system of record for
Students.
|
|
Allowed Values
|
undergraduate
postgraduate
|
|
Multiple Values
|
Yes
|
|
Data Type
|
Character string
|
|
Update Rules
|
This field can only be modified in the PeopleSoft system of record for
Students.
|
|
Example Values
|
undergraduate
postgraduate
|
|
Attribute Name
|
ANUUnitCode
|
|
LDAP Abbreviation
|
ANUUnitCode
|
|
Description
|
This attribute contains the course units a student is currently enrolled in,
for Student accounts. It is populated with the "course" field from the
PeopleSoft system of record for Students.
|
|
Allowed Values
|
Character string
|
|
Multiple Values
|
Yes
|
|
Data Type
|
Character strings.
|
|
Update Rules
|
This field can only be modified in the PeopleSoft system of record for
Students.
|
|
Example Values
|
SRES2011
BOZO4005F
|
|
Attribute Name
|
ANUWebDailyQuota
|
|
LDAP Abbreviation
|
ANUWebDailyQuota
|
|
Description
|
This attribute contains the daily increment for web quota top up for Staff,
Student and Affiliate accounts. This value is set by the ICCG.
|
|
Allowed Values
|
Integer values. Default is 10M.
|
|
Multiple Values
|
No
|
|
Data Type
|
Integer.
|
|
Update Rules
|
This field can only be modified by OLAMS administrators.
|
|
Example Values
|
10000000
2000000000
|
|
Attribute Name
|
ANUWebMaxQuota
|
|
LDAP Abbreviation
|
ANUWebMaxQuota
|
|
Description
|
This attribute contains the maximum balance for web quota for Staff, Student
and Affiliate accounts. This value is set by the ICCG.
|
|
Allowed Values
|
Integer values. Default is 80M.
|
|
Multiple Values
|
No
|
|
Data Type
|
Integer.
|
|
Update Rules
|
This field can only be modified by OLAMS administrators.
|
|
Example Values
|
80000000
2000000000 (for Academic staff)
|
|
Attribute Name
|
ANUWebTraffic
|
|
LDAP Abbreviation
|
ANUWebTraffic
|
|
Description
|
This attribute contains the current value for web quota balance for Staff,
Student and Affiliate accounts. This is a calculated value.
|
|
Allowed Values
|
Integer values
|
|
Multiple Values
|
No
|
|
Data Type
|
Integer
|
|
Update Rules
|
This field is set to 80M on account creation. Each day the ANUWebDailyQuota
value is added to the remaining balance, up to a maximun of the ANUWebMaxQuota
value.
|
|
Example Values
|
78048049
48191040
|
|
Attribute Name
|
ANURemoteAccess
|
|
LDAP Abbreviation
|
ANURemoteAccess
|
|
Description
|
The value of this attribute determines whether or not an account is able to
use the wireless network.
|
|
Allowed Values
|
TRUE (default value) FALSE
|
|
Multiple Values
|
No
|
|
Data Type
|
Character String.
|
|
Update Rules
|
This field is set to TRUE on account creation. This field can only be
modified by OLAMS administrators.
|
|
Example Values
|
TRUE
FALSE
|
|
Attribute Name
|
ANUCollegeAffiliation
|
|
LDAP Abbreviation
|
ANUCollegeAffiliation
|
|
Description
|
This attribute specifies the ANU college(s) with which the person is
associated.
|
|
Allowed Values
|
cap
cass
cbe
cecs
cmhs
cos
law
|
|
Multiple Values
|
Yes
|
|
Data Type
|
Character String.
|
|
Update Rules
|
For Staff accounts the OLAMS calculates this field from the data in the
"Department" field from the Peoplesoft system of record for Human Resources. It
can not be modified by external systems.
For Affiliate accounts this is determined by the user area.
This attribute is not populated for Student accounts.
|
|
Example Values
|
cap
cass
cbe
cecs
cmhs
cos
law
|
|
Attribute Name
|
ANUResources
|
|
LDAP Abbreviation
|
ANUResources
|
|
Description
|
The value of this attribute determines whether or not a person is able to
access a particular resource.
|
|
Allowed Values
|
Character string
|
|
Multiple Values
|
Yes
|
|
Data Type
|
Character string
|
|
Update Rules
|
This attribute can only be modified by OLAMS administrators and LITSS.
|
|
Example Values
|
anumail
bohm
leonard
software
web1
www
|
|
Attribute Name
|
gender
|
|
LDAP Abbreviation
|
gender
|
|
Description
|
This attribute specifies the gender of a person. It is sourced from the
"gender" field of the Peoplesoft system of record for Human Resources.
|
|
Allowed Values
|
M
F
U
|
|
Multiple Values
|
No
|
|
Data Type
|
Character string
|
|
Update Rules
|
This attribute is, currently, only populated for ANU staff. It can only be
modified in the Peoplesoft system of record for Human Resources.
|
|
Example Values
|
M
F
U
|
|
Attribute Name
|
personalTitle
|
|
LDAP Abbreviation
|
personalTitle
|
|
Description
|
The personalTitle attribute specifies a personal title for a person.
|
|
Allowed Values
|
Character string
|
|
Multiple Values
|
Yes
|
|
Data Type
|
Character string
|
|
Update Rules
|
For Staff accounts this attribute is populated from the "title" field in the
Peoplesoft system of record for Human Resources. It can not be modified by
external systems.
For Affiliate accounts it may be modified through the OLAMS.
This attribute is not populated for Student accounts.
|
|
Example Values
|
Ms
Mrs
Miss
Mr
Doctor
Professor
Associate Professor
Emeritus Professor
Father
|
|
Attribute Name
|
locality, localityName
|
|
LDAP Abbreviation
|
l
|
|
Description
|
This attribute contains the name of a locality, such as building, or physical
address.
|
|
Allowed Values
|
Character string
|
|
Multiple Values
|
Yes
|
|
Data Type
|
Character string
|
|
Update Rules
|
For Staff accounts this attribute is populated from the Building field from
the Peoplesoft system of record for Human Resources.
This attribute for Staff accounts may only be modified through the system of
record for Human Resources. For Affiliate accounts this attribute is populated
from address data from the OLAMS Affiliate account creation form. It may be
modified through the OLAMS.
This attribute is not populated for Student and Functional accounts.
|
|
Example Values
|
Chancelry Bldg 10C
H C Coombs Bldg
|
|
Attribute Name
|
gidNumber
|
|
LDAP Abbreviation
|
gidNumber
|
|
Description
|
An integer uniquely identifying a group in an administrative domain.
|
|
Allowed Values
|
Integer
|
|
Multiple Values
|
No
|
|
Data Type
|
Integer
|
|
Update Rules
|
This attribute is derived from the account uid.
For Staff, Student and Affiliate accounts the last digit of the uid is removed
to give the value of the gidNumber attribute.
For Functional accounts 90000 is added to the value of the uid to give the value
of the gidNumber attribute.
|
|
Example Values
|
123456 12345 91234
|
|
|
|
Attribute Name
|
uidNumber
|
|
LDAP Abbreviation
|
uidNumber
|
|
Description
|
An integer uniquely identifying a user in an administrative domain.
|
|
Allowed Values
|
Integer
|
|
Multiple Values
|
No
|
|
Data Type
|
Integer
|
|
Update Rules
|
This attribute is derived from the account uid.
For Staff, Student and Affiliate accounts the last digit of the uid is removed
to give the value of the uidNumber attribute.
For Functional accounts 90000 is added to the value of the uid to give the value
of the uidNumber attribute.
|
|
Example Values
|
123456 12345 91234
|
|
|
|
Attribute Name
|
homeDirectory
|
|
LDAP Abbreviation
|
homeDirectory
|
|
Description
|
The absolute path to the UNIX home directory.
|
|
Allowed Values
|
Character string
|
|
Multiple Values
|
No
|
|
Data Type
|
Character string
|
|
Update Rules
|
This attribute can not be modified. It is derived from the account uid. It is
a concatenation of the string "/home/users" and the account uid.
|
|
Example Values
|
/home/users/u1234567
/home/users/a123456
/home/users/f1234
|
|
|
|
Attribute Name
|
gecos
|
|
LDAP Abbreviation
|
gecos
|
|
Description
|
The Unix GECOS field. It is populated with the person's "commonName"
attribute.
|
|
Allowed Values
|
Character string
|
|
Multiple Values
|
No
|
|
Data Type
|
Character string
|
|
Update Rules
|
This attribute is mapped from the "commonName" attribute. See the update
rules for
Person
commonName.
|
|
Example Values
|
Robert Jamison, Leonie Elizabeth Thomas
|
|
|
|
Attribute Name
|
loginShell
|
|
LDAP Abbreviation
|
loginShell
|
|
Description
|
The path to the login shell.
|
|
Allowed Values
|
Character string
|
|
Multiple Values
|
No
|
|
Data Type
|
Character string
|
|
Update Rules
|
This attribute can only be modified by an Identity Manager administrator. It
is set to the constant "/bin/tcsh".
|
|
Example Values
|
/bin/tcsh
|
|
|
|
Attribute Name
|
apple-mcxsettings
|
|
LDAP Abbreviation
|
apple-mcxsettings
|
|
Description
|
Used to store managed client information.
|
|
Allowed Values
|
Character string
|
|
Multiple Values
|
No
|
|
Data Type
|
Character string
|
|
Update Rules
|
This attribute can only be modified by an Identity Manager administrator. It
is set to a constant.
|
|
|
|
Attribute Name
|
apple-mcxflags
|
|
LDAP Abbreviation
|
apple-mcxflags
|
|
Description
|
Used to store managed client information.
|
|
Allowed Values
|
Character string
|
|
Multiple Values
|
No
|
|
Data Type
|
Character string
|
|
Update Rules
|
This attribute can only be modified by an Identity Manager administrator. It
is set to a constant.
|
|
|
|
Attribute Name
|
apple-user-homeDirectory
|
|
LDAP Abbreviation
|
apple-user-homeDirectory
|
|
Description
|
This attribute may be used as an alternative to the homeDirectory attribute.
|
|
Allowed Values
|
Character string
|
|
Multiple Values
|
No
|
|
Data Type
|
Character string
|
|
Update Rules
|
This attribute can only be modified by an Identity Manager administrator. It
is set to the constant "/Volumes/Pebble/users/uid".
|
|
Example Values
|
/Volumes/Pebble/users/u1234567
|
|
|
