Directory Services

Enterprise Directory People Branch

The Enterprise People branch is used to manage NetID accounts for all employees, students and other personnel with an active, close association with the university. People in this branch are allowed to have a customized login ID.

Summary of Attributes

Below is a list of all attributes populated in the People branch with a link to particulars for each attribute. An summary of attribute population as a function of a person's affiliation is provided in the Attribute Population Matrix (pdf).

1. General person attributes
   • General person attributes: Identifiers, access-related attributes, general information
     • Unique Identifier (uid)
     • Universally Unique Identifier (tamuEduPersonUUID)
     • Universal Identification Number (tamuEduPersonUIN)
     • Higher Ed Unique Identifier (eduPersonUniqueId)
     • TAMU BannerID (tamuEduPersonBannerId)
     • TAMU CompassID (tamuEduPersonCompassID)
     • NetID (tamuEduPersonNetID)
     • Higher Ed NetID (eduPersonPrincipalName)
     • ORCID Identifier (eduPersonOrcid)
     • Privacy Flags (tamuEduSuppress)
     • User Password (userPassword)
     
     
   • General person attributes: General personal and organizational identification
     Role-based Affiliations:
     • TAMU Role-Based Affiliations (tamuEduPersonAffiliation)
     • Higher Ed Affiliations (eduPersonAffiliation)
     • Higher Ed Primary Affiliation (eduPersonPrimaryAffiliation)
     Role@Location Affiliations:
     • TAMU Scoped Affiliations (tamuEduPersonScopedAffiliation)
     • Higher Ed Scoped Affiliations (eduPersonScopedAffiliation)
     
     Course-based Affiliations:
     • Course Affiliation URNs (eduCourseOffering)
     Role@Course Affiliations:
     • Scoped Course Affiliations (eduCourseMember)
     
     
   • General person attributes: Resource Authorization
     • Resource Entitlement URNs (eduPersonEntitlement)
     
     
   • General person attributes: Names
     • Common Name (cn)
     • Last Name (sn)
     • First Name (givenName)
     • Display Name (displayName)
     • Official Name (tamuEduPersonOfficialName)
     
     
   • General person attributes: Electronic Mail
     • Primary/Published Email Address (mail)
     • Primary and Alternate Email Aliases (mailLocalAddress)
     • Email Destination (mailRoutingAddress)
     • All Texas A&M Email Aliases (tamuEduLocalMailAddresses)
     • @email.tamu.edu Email Alias (tamuEduNeoLocalAddress)
     • Texas A&M GoogleApps Account UID (tamuEduGoogleAppsId)
     
     
   • General person attributes: Physical Mail
     • Employee Work Address (postalAddress)
     • Employee/Affiliate Campus Mail Stop (mailStop)
     • Employee Work City (localityName)
     • Employee Work State (stateOrProvinceName)
     • Employee Work Zip Code (postalCode)
     • Employee Work County (countyName)
     
     
   • General person attributes: Telecommunication
     • Student Local Phone (tamuEduPersonLocalPhone)
     • Employee Home Phone (homePhone)
     • Employee/Affiliate Public Office Telephone Number (telephoneNumber)
     
     
   • General person attributes: General
     • Home Page URL (personalURI)
     
     
2. Student-related attributes
   • Major Codes (tamuEduPersonMajor)
   • Primary Major Code (tamuEduPersonPrimaryMajor)
   • Primary Major (tamuEduPersonPrimaryMajorName)
   • Classification Code (tamuEduPersonClassification)
   • Classification (tamuEduPersonClassificationName)
   • Texas A&M Degrees Awarded (tamuDegreeAwarded)
   
   
3. Employment-related attributes
   • System Member
     • Employee/Affiliate System Member Codes (tamuEduPersonMember)
     • Employee/Affiliate Primary System Member Code (tamuEduPersonPrimaryMember)
     • Employee/Affiliate Primary System Member (tamuEduPersonPrimaryMemberName)
   • Department
     • Employee/Affiliate Primary Department (tamuEduPersonDepartmentName)
     • Employee AdLoc Code (tamuEduPersonAdLoc)
     • Employee EmpLoc Code (tamuEduPersonEmpLoc)
   • Position
     • Employee/Affiliate Official Title (title)
     • Employee Title Code (tamuEduPersonTitleCode)
     • Employee Supervisor UIN (tamuEduPersonSupervisorUIN)
     • Employee/Affiliate Honorific Title (tamuEduPersonHonorific)
   
   
4. Entry management attributes (attributes for identity, reconciliation, selection, and directory build)
   • Object Classes Assigned to Entry (objectClass)
   • Date of Birth (birthDate)
   • Data Source (tamuEduDataFeed)
   • Account Status (tamuStatus)
   • Account Password Policy (tamuEduPersonPasswordPolicy)
   • Account Identity Assurance Compliance Details (tamuEduPersonAssurance)
   • Account Proxy (tamuProxyRDN)
   • List of Account Proxy Holders (tamuProxyHolder)
   • List of Account Proxy Targets (tamuProxyTarget)
   • Account Activation Date (tamuSignTimestamp)
   • Consolidated List of Identifiers (searchMailbox)
   • Administrative Account Identifiers (tamuEduPersonAdminID)
   • System of Record Affiliation End Date (tamuLastSeenTimestamp)
   • Account Contact Email Address (tamuEduContactMail)
   • Manual Addition Expiration (tamuManualAddExpire)
   • Manual Addition Sponsor (tamuManualAddRDN)
   • Manual Addition Sponsoring Department (tamuEduSponsorDepartmentName)

Entry Structure

The ldap entry for an individual is composed of standard LDAP objectclasses and of custom objectclasses specific to Texas A&M University.

Every entry in the People branch is assigned the following object classes:

• top
• person
• organizationalPerson
• inetOrgPerson
• inetLocalMailRecipient
• tamuEduAuthN
• tamuPerson
• eduPerson
• tamuEduPerson
• eduCourse

Enterprise Directory Affiliates Branch

The Enterprise Affiliates branch is used to manage NetID accounts for former students who have not attended Texas A&M in the past two years and are no longer eligible for the majority of campus resources. People in this branch use their UIN as the login ID.

Summary of Attributes

1. General person attributes
   • General person attributes: Identifiers, access-related attributes, general information
     • Unique Identifier (uid)
     • Universally Unique Identifier (tamuEduPersonUUID)
     • Universal Identification Number (tamuEduPersonUIN)
     • TAMU BannerID (tamuEduPersonBannerId)
     • NetID (tamuEduPersonNetID)
     • User Password (userPassword)
     
     
   • General person attributes: General personal and organizational identification
     Role-based Affiliations:
     • TAMU Role-Based Affiliations (tamuEduPersonAffiliation)
     Role@Location Affiliations:
     • TAMU Scoped Affiliations (tamuEduPersonScopedAffiliation)
     
     
   • General person attributes: Names
     • Common Name (cn)
     • Last Name (sn)
     • First Name (givenName)
     • Official Name (tamuEduPersonOfficialName)
     
     
   • General person attributes: Electronic Mail
     • Current Email Address (mail)
     
     
   • General person attributes: Physical Mail
     • Current Home Address (homePostalAddress)
     
     
   • General person attributes: Telecommunication
     • Current Phone (homePhone)
     
     
2. Student-related attributes
   • Former Primary Major Code (tamuEduPersonPrimaryMajor)
   • Texas A&M Degrees Awarded (tamuDegreeAwarded)
   
   
3. Entry management attributes (attributes for identity, reconciliation, selection, and directory build)
   • Object Classes Assigned to Entry (objectClass)
   • Date of Birth (birthDate)
   • Account Status (tamuStatus)
   • Account Activation Date (tamuSignTimestamp)
   • Student Last Enrolled Date (tamuLastEnrolledTimeStamp)

Entry Structure

The ldap entry for an individual is composed of standard LDAP objectclasses and of custom objectclasses specific to Texas A&M University.

Every entry in the Affiliates branch is assigned the following object classes:

• top
• person
• organizationalPerson
• inetOrgPerson
• tamuEduAuthN
• tamuPerson
• tamuEduPerson

Enterprise Directory Sponsored Affiliates Branch

The Enterprise Sponsored Affiliates branch is used to manage NetID accounts for parents of Texas A&M University students. People in this branch are allowed to have a customized login ID.

Summary of Attributes

1. General person attributes
   • General person attributes: Identifiers, access-related attributes, general information
     • Unique Identifier (uid)
     • Universal Identification Number (tamuEduPersonUIN)
     • NetID (tamuEduPersonNetID)
     • User Password (userPassword)
     
     
   • General person attributes: General personal and organizational identification
     Role-based Affiliations:
     • TAMU Role-Based Affiliations (tamuEduPersonAffiliation)
     Role@Location Affiliations:
     • TAMU Scoped Affiliations (tamuEduPersonScopedAffiliation)
     
     
   • General person attributes: Resource Authorization
     • Resource Entitlement URNs (eduPersonEntitlement)
     
     
   • General person attributes: Names
     • Common Name (cn)
     • Last Name (sn)
     • First Name (givenName)
     • Official Name (tamuEduPersonOfficialName)
     
     
   • General person attributes: Electronic Mail
     • Current Email Address (mail)
     
     
   • General person attributes: Physical Mail
     • Current Home Address (homePostalAddress)
     
     
   • General person attributes: Telecommunication
     • Current Phone (homePhone)
     
     
2. Entry management attributes (attributes for identity, reconciliation, selection, and directory build)
   • Object Classes Assigned to Entry (objectClass)
   • Date of Birth (birthDate)
   • Account Status (tamuStatus)
   • Account Activation Date (tamuSignTimestamp)
   • Consolidated List of Identifiers (searchMailbox)
   • Proxy Holder's Preferred Account UIN (tamuProxyHolderUIN)
   • Proxy Target's UIN (tamuProxyTargetUIN)
   • List of Account Proxy Targets (tamuProxyTarget)
   • Account Sponsor (tamuEduGuestSponsorRDN)
   • Business Need for Account (tamuEduGuestReason)
   • Account Management Policy (tamuEduGuestAccountPolicy)
   • Account Request URN (tamuEduGuestClientID)
   • Requested Guest Account NetID (tamuEduGuestRequestedNetID)
   • Date of Account Request (tamuEduGuestTimestamp)
   • Account Activation Period Start Date (tamuEduGuestStart)
   • Account Activation Period End Date (tamuEduGuestTokenExpire)
   • Account Expiration Date (tamuEduGuestExpire)

Entry Structure

The ldap entry for an individual is composed of standard LDAP objectclasses and of custom objectclasses specific to Texas A&M University.

Every entry in the Sponsored Affiliates branch is assigned the following object classes:

• top
• person
• organizationalPerson
• inetOrgPerson
• tamuEduAuthN
• tamuPerson
• eduPerson
• tamuEduPerson
• tamuEduGuest

Enterprise Directory Roles Branch

The Enterprise Roles branch is used to manage email aliases and directory entries for Texas A&M University roles and organizations.

Summary of Attributes

1. General role/organization attributes
   • General attributes: Identifiers, access-related attributes, general information
     • Unique Identifier (uid)
     
     
   • General attributes: Names
     • Common Name (cn)
     • Official Name (tamuOfficialName)
     
     
   • General attributes: Electronic Mail
     • Primary/Published Email Address (mail)
     • Primary and Alternate Email Aliases (mailLocalAddress)
     • Email Destination (mailRoutingAddress)
     
     
   • General attributes: General
     • Home Page URL (personalURI)
     
     
2. Entry management attributes (attributes for identity, reconciliation, selection, and directory build)
   • Object Classes Assigned to Entry (objectClass)
   • Consolidated List of Identifiers (searchMailbox)
   • Account Proxy (tamuProxyRDN)
   • Sponsoring Department (tamuEduSponsorDepartmentName)

Entry Structure

The ldap entry for an individual role or organization is composed of standard LDAP objectclasses and of custom objectclasses specific to Texas A&M University.

Every entry in the Roles branch is assigned the following object classes:

• top
• organizationalRole
• intetLocalMailRecipient
• tamuRoleOrOrg

Attribute details term definitions

This table formats the attribute description information

Definition:	An explanation of the exact meaning of the attribute. For attributes that are not unique to the Texas A&M LDAP directory, the definition is an explanation of the meaning of the attribute in the Texas A&M directory.
Attribute Name:	Name of the attribute. More that one name can be associated with an attribute.
OID:	Object identifier for the attribute. The object identifier is composed of a string of dotted numbers that uniquely identifies the attribute worldwide. The Internet Assigned Numbers Authority (IANA) governs the assignment of OIDs.
URN:	Uniform resource name for the attribute. The uniform resource name has the syntax urn:NID:NSS where NID is the namespace identifier, and NSS is the namespace specific string. The namespace identifier determines the syntactic interpretation of the namespace specific string.
Multiple Values:	Denotes whether or not the attribute is allowed to store more than one value.
Format:	The encoding rules used for storing and transmitting values of the attribute type. The number enclosed by the curly braces specifies the minimum recommended maximum length of the attribute's value that a server should support.
Search Syntax:	The grammatical rules and structural patterns governing searches on attribute values.
Controlled Vocabulary:	A listing of allowed values. For attributes that have a controlled vocabulary, the definitions of the values will be provided as well.
Source:	Rules governing population of the attribute.

Directory-specific details term definitions

This table defines attribute properties that are dependent on directory branch or object class configuration

Directory URL:	Directory server URL.
Object Class:	The object class that the attribute is associated with. It is possible for an attribute to belong to multiple object classes.
Required:	Denotes whether or not an attribute must be present in an entry. In this case, "present" means "possesses at least one value". It is the object classes that specify whether or not attributes are required or optional. For attributes associated with multiple object classes, they may be optional for one and required by another.
Indexing:	Attributes may be indexed to optimize searches, similar to the indexes used by a relational database management system. LDAP supports four types of indexes. However, not all attributes support all four index types. Each index type corresponds to one of the matching rules defined in the directory schema. approx (approximate) Indexes the information for an approximate, or phonetic, match of an attribute value. eq (equality) Indexes the information necessary to perform an exact match of an attribute value. The match may be case-sensitive or whitespace-sensitive, depending on the matching rules defined in the attribute syntax. pres (presence) Indexes the information necessary to determine if an attribute has any value at all. If an attribute does not possess a value, then the attribute is not present in the directory entry. sub (substring) Indexes the information necessary to perform a simple substring match on attribute values.
Access:	Denotes who has access to what. Access control List (ACL) terminology for these parameters: Who * Matches any connected user, including anonymous connection self The DN of the currently connected user, assuming he has been successfully authenticated by a previous bind request. anonymous Nonauthenticated user connections users Authenticated user connections regular expression matches a DN or SASL identity Access levels (Higher levels possess all the capabilities of the lower levels.) write Access to update attribute values (e.g., Change this telephoneNumber to 555-2345). read Access to read search results (e.g., Show me all the entries with a telephoneNumber of 555*). search Access to apply search filters (e.g., Are there any entries with a telephoneNumber of 555*). compare Access to compare attributes (e.g., Is your telephoneNumber 555-1234?) auth Access to bind (authenticate). none No access. What The What defines the entry and attributes to which the ACL should apply. It is composed of three basic parts, all of which are optional. If none of these components are present, a single asterisk is used as a placeholder to include everything. A regular expression defining the DN of the proposed target of the ACL. The actual syntax is dn.targetstyle=regex, in which targetstyle is one of base, subtree, one, or children, and regex is a regular expression representing a DN. The targetstyle, which defaults to subtree, is used to broaden or narrow the scope of the ACL. If, for example, the targetstyle is set to one the ACL applies only to children immediately below the defined DN. Very rarely does this setting need to be changed from its default. The regex follows normal regular expression rules, with the addition that the DN must be in normalized form. An LDAP search filter that conforms to RFC 2254. The syntax for specifying a filter is filter=ldapFilter. A comma-separated list of attribute names taking the form attrs=attributeList. If this item is not present, the ACL applies to all attributes held by the entry that matches the DN regular expression pattern.
Usage:	Example(s) of known uses of the attribute values.
Example(s):	Example(s) of values for the attribute. To make the example more helpful, the values are representative of a full-time staff person taking a class.