Overview of Directory Services
Directory services is a shared information infrastructure that provides a comprehensive picture of an individual's relationship with the university by merging identification and role information from all systems of record on campus. This infrastructure is the foundation of campus identity management, authentication, and authorization.
Enterprise Directory
The Enterprise Directory is used to manage NetID accounts and email aliases for:
- personnel with an active, close affiliation to the university (People Branch);
- former students (Affiliates Branch);
- guests and parents (Sponsored Affiliates Branch); and
- organizations and roles (Roles Branch).
Access to the Enterprise Directory
Access to the Enterprise Directory identity data is avaliable via web services or Shibboleth. For information on obtaining access, please see Accessing Identity Data.
Enterprise Directory People Branch
The Enterprise People branch is used to manage NetID accounts for all employees, students and other personnel with an active, close association with the university. People in this branch are allowed to have a customized login ID.
Summary of Attributes
Below is a list of all attributes populated in the People branch with a link to particulars for each attribute. An summary of attribute population as a function of a person's affiliation is provided in the Attribute Population Matrix (pdf).
- General person attributes
- General person attributes: Identifiers, access-related attributes, general information
- Unique Identifier (uid)
- Universally Unique Identifier (tamuEduPersonUUID)
- Universal Identification Number (tamuEduPersonUIN)
- Higher Ed Unique Identifier (eduPersonUniqueId)
- TAMU BannerID (tamuEduPersonBannerId)
- TAMU CompassID (tamuEduPersonCompassID)
- NetID (tamuEduPersonNetID)
- Higher Ed NetID (eduPersonPrincipalName)
- ORCID Identifier (eduPersonOrcid)
- Privacy Flags (tamuEduSuppress)
- User Password (userPassword)
- General person attributes: General personal and organizational identification
Role-based Affiliations:- TAMU Role-Based Affiliations (tamuEduPersonAffiliation)
- Higher Ed Affiliations (eduPersonAffiliation)
- Higher Ed Primary Affiliation (eduPersonPrimaryAffiliation)
- TAMU Scoped Affiliations (tamuEduPersonScopedAffiliation)
- Higher Ed Scoped Affiliations (eduPersonScopedAffiliation)
Course-based Affiliations:- Course Affiliation URNs (eduCourseOffering)
- Scoped Course Affiliations (eduCourseMember)
- General person attributes: Resource Authorization
- Resource Entitlement URNs (eduPersonEntitlement)
- General person attributes: Names
- Common Name (cn)
- Last Name (sn)
- First Name (givenName)
- Display Name (displayName)
- Official Name (tamuEduPersonOfficialName)
- General person attributes: Electronic Mail
- Primary/Published Email Address (mail)
- Primary and Alternate Email Aliases (mailLocalAddress)
- Email Destination (mailRoutingAddress)
- All Texas A&M Email Aliases (tamuEduLocalMailAddresses)
- @email.tamu.edu Email Alias (tamuEduNeoLocalAddress)
- Texas A&M GoogleApps Account UID (tamuEduGoogleAppsId)
- General person attributes: Physical Mail
- Employee Work Address (postalAddress)
- Employee/Affiliate Campus Mail Stop (mailStop)
- Employee Work City (localityName)
- Employee Work State (stateOrProvinceName)
- Employee Work Zip Code (postalCode)
- Employee Work County (countyName)
- General person attributes: Telecommunication
- Student Local Phone (tamuEduPersonLocalPhone)
- Employee Home Phone (homePhone)
- Employee/Affiliate Public Office Telephone Number (telephoneNumber)
- General person attributes: General
- Home Page URL (personalURI)
- General person attributes: Identifiers, access-related attributes, general information
- Student-related attributes
- Major Codes (tamuEduPersonMajor)
- Primary Major Code (tamuEduPersonPrimaryMajor)
- Primary Major (tamuEduPersonPrimaryMajorName)
- Classification Code (tamuEduPersonClassification)
- Classification (tamuEduPersonClassificationName)
- Texas A&M Degrees Awarded (tamuDegreeAwarded)
- Employment-related attributes
- System Member
- Employee/Affiliate System Member Codes (tamuEduPersonMember)
- Employee/Affiliate Primary System Member Code (tamuEduPersonPrimaryMember)
- Employee/Affiliate Primary System Member (tamuEduPersonPrimaryMemberName)
- Department
- Employee/Affiliate Primary Department (tamuEduPersonDepartmentName)
- Employee AdLoc Code (tamuEduPersonAdLoc)
- Employee EmpLoc Code (tamuEduPersonEmpLoc)
- Position
- Employee/Affiliate Official Title (title)
- Employee Title Code (tamuEduPersonTitleCode)
- Employee Supervisor UIN (tamuEduPersonSupervisorUIN)
- Employee/Affiliate Honorific Title (tamuEduPersonHonorific)
- System Member
- Entry management attributes (attributes for identity, reconciliation,
selection, and directory build)
- Object Classes Assigned to Entry (objectClass)
- Date of Birth (birthDate)
- Data Source (tamuEduDataFeed)
- Account Status (tamuStatus)
- Account Password Policy (tamuEduPersonPasswordPolicy)
- Account Identity Assurance Compliance Details (tamuEduPersonAssurance)
- Account Proxy (tamuProxyRDN)
- List of Account Proxy Holders (tamuProxyHolder)
- List of Account Proxy Targets (tamuProxyTarget)
- Account Activation Date (tamuSignTimestamp)
- Consolidated List of Identifiers (searchMailbox)
- Administrative Account Identifiers (tamuEduPersonAdminID)
- System of Record Affiliation End Date (tamuLastSeenTimestamp)
- Account Contact Email Address (tamuEduContactMail)
- Manual Addition Expiration (tamuManualAddExpire)
- Manual Addition Sponsor (tamuManualAddRDN)
- Manual Addition Sponsoring Department (tamuEduSponsorDepartmentName)
Entry Structure
The ldap entry for an individual is composed of standard LDAP objectclasses and of custom objectclasses specific to Texas A&M University.

Every entry in the People branch is assigned the following object classes:
- top
- person
- organizationalPerson
- inetOrgPerson
- inetLocalMailRecipient
- tamuEduAuthN
- tamuPerson
- eduPerson
- tamuEduPerson
- eduCourse
Enterprise Directory Affiliates Branch
The Enterprise Affiliates branch is used to manage NetID accounts for former students who have not attended Texas A&M in the past two years and are no longer eligible for the majority of campus resources. People in this branch use their UIN as the login ID.
Summary of Attributes
- General person attributes
- General person attributes: Identifiers, access-related attributes, general information
- Unique Identifier (uid)
- Universally Unique Identifier (tamuEduPersonUUID)
- Universal Identification Number (tamuEduPersonUIN)
- TAMU BannerID (tamuEduPersonBannerId)
- NetID (tamuEduPersonNetID)
- User Password (userPassword)
- General person attributes: General personal and organizational identification
Role-based Affiliations:- TAMU Role-Based Affiliations (tamuEduPersonAffiliation)
- TAMU Scoped Affiliations (tamuEduPersonScopedAffiliation)
- General person attributes: Names
- Common Name (cn)
- Last Name (sn)
- First Name (givenName)
- Official Name (tamuEduPersonOfficialName)
- General person attributes: Electronic Mail
- Current Email Address (mail)
- General person attributes: Physical Mail
- Current Home Address (homePostalAddress)
- General person attributes: Telecommunication
- Current Phone (homePhone)
- General person attributes: Identifiers, access-related attributes, general information
- Student-related attributes
- Former Primary Major Code (tamuEduPersonPrimaryMajor)
- Texas A&M Degrees Awarded (tamuDegreeAwarded)
- Entry management attributes (attributes for identity, reconciliation,
selection, and directory build)
- Object Classes Assigned to Entry (objectClass)
- Date of Birth (birthDate)
- Account Status (tamuStatus)
- Account Activation Date (tamuSignTimestamp)
- Student Last Enrolled Date (tamuLastEnrolledTimeStamp)
Entry Structure
The ldap entry for an individual is composed of standard LDAP objectclasses and of custom objectclasses specific to Texas A&M University.

Every entry in the Affiliates branch is assigned the following object classes:
- top
- person
- organizationalPerson
- inetOrgPerson
- tamuEduAuthN
- tamuPerson
- tamuEduPerson
Enterprise Directory Sponsored Affiliates Branch
The Enterprise Sponsored Affiliates branch is used to manage NetID accounts for parents of Texas A&M University students. People in this branch are allowed to have a customized login ID.
Summary of Attributes
- General person attributes
- General person attributes: Identifiers, access-related attributes, general information
- Unique Identifier (uid)
- Universal Identification Number (tamuEduPersonUIN)
- NetID (tamuEduPersonNetID)
- User Password (userPassword)
- General person attributes: General personal and organizational identification
Role-based Affiliations:- TAMU Role-Based Affiliations (tamuEduPersonAffiliation)
- TAMU Scoped Affiliations (tamuEduPersonScopedAffiliation)
- General person attributes: Resource Authorization
- Resource Entitlement URNs (eduPersonEntitlement)
- General person attributes: Names
- Common Name (cn)
- Last Name (sn)
- First Name (givenName)
- Official Name (tamuEduPersonOfficialName)
- General person attributes: Electronic Mail
- Current Email Address (mail)
- General person attributes: Physical Mail
- Current Home Address (homePostalAddress)
- General person attributes: Telecommunication
- Current Phone (homePhone)
- General person attributes: Identifiers, access-related attributes, general information
- Entry management attributes (attributes for identity, reconciliation,
selection, and directory build)
- Object Classes Assigned to Entry (objectClass)
- Date of Birth (birthDate)
- Account Status (tamuStatus)
- Account Activation Date (tamuSignTimestamp)
- Consolidated List of Identifiers (searchMailbox)
- Proxy Holder's Preferred Account UIN (tamuProxyHolderUIN)
- Proxy Target's UIN (tamuProxyTargetUIN)
- List of Account Proxy Targets (tamuProxyTarget)
- Account Sponsor (tamuEduGuestSponsorRDN)
- Business Need for Account (tamuEduGuestReason)
- Account Management Policy (tamuEduGuestAccountPolicy)
- Account Request URN (tamuEduGuestClientID)
- Requested Guest Account NetID (tamuEduGuestRequestedNetID)
- Date of Account Request (tamuEduGuestTimestamp)
- Account Activation Period Start Date (tamuEduGuestStart)
- Account Activation Period End Date (tamuEduGuestTokenExpire)
- Account Expiration Date (tamuEduGuestExpire)
Entry Structure
The ldap entry for an individual is composed of standard LDAP objectclasses and of custom objectclasses specific to Texas A&M University.

Every entry in the Sponsored Affiliates branch is assigned the following object classes:
- top
- person
- organizationalPerson
- inetOrgPerson
- tamuEduAuthN
- tamuPerson
- eduPerson
- tamuEduPerson
- tamuEduGuest
Enterprise Directory Roles Branch
The Enterprise Roles branch is used to manage email aliases and directory entries for Texas A&M University roles and organizations.
Summary of Attributes
- General role/organization attributes
- General attributes: Identifiers, access-related attributes, general information
- Unique Identifier (uid)
- General attributes: Names
- Common Name (cn)
- Official Name (tamuOfficialName)
- General attributes: Electronic Mail
- Primary/Published Email Address (mail)
- Primary and Alternate Email Aliases (mailLocalAddress)
- Email Destination (mailRoutingAddress)
- General attributes: General
- Home Page URL (personalURI)
- General attributes: Identifiers, access-related attributes, general information
- Entry management attributes (attributes for identity, reconciliation,
selection, and directory build)
- Object Classes Assigned to Entry (objectClass)
- Consolidated List of Identifiers (searchMailbox)
- Account Proxy (tamuProxyRDN)
- Sponsoring Department (tamuEduSponsorDepartmentName)
Entry Structure
The ldap entry for an individual role or organization is composed of standard LDAP objectclasses and of custom objectclasses specific to Texas A&M University.

Every entry in the Roles branch is assigned the following object classes:
- top
- organizationalRole
- intetLocalMailRecipient
- tamuRoleOrOrg
Attribute details term definitions
Definition: | An explanation of the exact meaning of the attribute. For attributes that are not unique to the Texas A&M LDAP directory, the definition is an explanation of the meaning of the attribute in the Texas A&M directory. |
---|---|
Attribute Name: | Name of the attribute. More that one name can be associated with an attribute. |
OID: | Object identifier for the attribute. The object identifier is composed of a string of dotted numbers that uniquely identifies the attribute worldwide. The Internet Assigned Numbers Authority (IANA) governs the assignment of OIDs. |
URN: | Uniform resource name for the attribute. The uniform resource name has the syntax urn:NID:NSS where NID is the namespace identifier, and NSS is the namespace specific string. The namespace identifier determines the syntactic interpretation of the namespace specific string. |
Multiple Values: | Denotes whether or not the attribute is allowed to store more than one value. |
Format: | The encoding rules used for storing and transmitting values of the attribute type. The number enclosed by the curly braces specifies the minimum recommended maximum length of the attribute's value that a server should support. |
Search Syntax: | The grammatical rules and structural patterns governing searches on attribute values. |
Controlled Vocabulary: | A listing of allowed values. For attributes that have a controlled vocabulary, the definitions of the values will be provided as well. |
Source: | Rules governing population of the attribute. |
Directory-specific details term definitions
Directory URL: | Directory server URL. |
---|---|
Object Class: | The object class that the attribute is associated with. It is possible for an attribute to belong to multiple object classes. |
Required: |
Denotes whether or not an attribute must be present in an entry. In this case,
"present" means "possesses at least one value". It is the object classes that specify whether or not attributes are required or optional. For attributes associated with multiple object classes, they may be optional for one and required by another. |
Indexing: |
Attributes may be indexed to optimize searches, similar to the indexes used by a
relational database management system. LDAP supports four types of indexes.
However, not all attributes support all four index types. Each index type
corresponds to one of the matching rules defined in the directory schema. approx (approximate) Indexes the information for an approximate, or phonetic, match of an attribute value. eq (equality) Indexes the information necessary to perform an exact match of an attribute value. The match may be case-sensitive or whitespace-sensitive, depending on the matching rules defined in the attribute syntax. pres (presence) Indexes the information necessary to determine if an attribute has any value at all. If an attribute does not possess a value, then the attribute is not present in the directory entry. sub (substring) Indexes the information necessary to perform a simple substring match on attribute values. |
Access: |
Denotes who has access
to what. Access control List (ACL) terminology for these parameters: Who * Matches any connected user, including anonymous connection self The DN of the currently connected user, assuming he has been successfully authenticated by a previous bind request. anonymous Nonauthenticated user connections users Authenticated user connections regular expression matches a DN or SASL identity Access levels (Higher levels possess all the capabilities of the lower levels.) write Access to update attribute values (e.g., Change this telephoneNumber to 555-2345). read Access to read search results (e.g., Show me all the entries with a telephoneNumber of 555*). search Access to apply search filters (e.g., Are there any entries with a telephoneNumber of 555*). compare Access to compare attributes (e.g., Is your telephoneNumber 555-1234?) auth Access to bind (authenticate). none No access. What The What defines the entry and attributes to which the ACL should apply. It is composed of three basic parts, all of which are optional. If none of these components are present, a single asterisk is used as a placeholder to include everything.
|
Usage: | Example(s) of known uses of the attribute values. |
Example(s): | Example(s) of values for the attribute. To make the example more helpful, the values are representative of a full-time staff person taking a class. |