Centaur DIT and Schema Information
Directory Information Tree (DIT)
The basename of the DIT is o=unimelb. [After decades of use no world-wide X.500 directory structure has emerged so it is pointless to attempt to fit in with one so a short, easy to remeber and type name has been chosen.] It would have been possible to use the domain component (dc=unimelb,dc=edu,dc=au) style of basename, but this would have been inconvenient when using command line tools and could have possibly led to a misunderstanding and incorrect inference of the basename and a link to the DNS. [as mentioned there is no world-wide X.500 directory from which basenames can be determined or infered.]
The document information tree (DIT) for the centaur implementation is presented below:
o=unimelb
*
|
|
+------* ou=people
| |
| |---------* uid=aaa
| | ..
| |---------* uid=username
| | ..
| +---------* uid=zzz
|
|
+------* ou=alumni
|
|---------* cn=aaa-alumni
| ..
|---------* cn=username-alumni
| ..
+---------* cn=zzz-alumni
ObjectClass and Attribute Definitions
o=unimelb
This is the base of the centaur DIT. All other directory structure sits below this level.
Objectclasses:
Attributes:
- o : “unimelb”
- description : “The University of Melbourne“
ou=people,o=unimelb
This branch contains all identities that are centrally managed by the University. This includes all staff members fed from the Themis HR system and all students from the Merlin/StudentOne system.
Objectclasses:
Attributes
- ou : “people”
- description : “People”
uid=username,ou=people,o=unimelb
These are the individual people entries containing attributes that relate to each person.
Objectclasses:
- person
- inetOrgPerson
- auEduPerson
Attributes:
| Attribute Name |
ObjectClass |
Visibility |
Values |
| uid |
inetOrgPerson |
anon |
central default user name |
| commonName |
person |
anon |
full name in mixed case |
| surname |
person |
anon |
surname in mixed case |
| telephoneNumber |
person |
|
not yet integrated into centaur |
| userPassword |
person |
|
SHA1 encrypted copy of the user’s central mail password |
| departmentNumber |
inetOrgPerson |
|
multi-valued list of user’s department numbers |
| employeeNumber |
inetOrgPerson |
|
employee number set for staff only |
| employeeType |
inetOrgPerson |
|
“FT” / “FFT” / “PT” / “VIS” / “HON” / “CAS” |
| givenName |
inetOrgPerson |
anon |
user's full given names |
| mail |
inetOrgPerson |
anon |
central e-mail address if it exists |
| displayName |
inetOrgPerson |
|
full name in mixed case (same as “cn” attribute) |
| auEduPersonSalutation |
auEduPerson |
|
salutation; “Mrs”, “Mr”, etc |
| auEduPersonExpiryDate |
auEduPerson |
|
date user left the feed or null if still current |
| auEduPersonId |
auEduPerson |
|
employee number for staff, student id for students |
| auEduPersonType |
auEduPerson |
anon |
“staff”, “student”, “others” |
| auEduPersonSubType |
auEduPerson |
|
for students only, “undergrad” or “postgrad” |
| auEduPersonEmailAddress |
auEduPerson |
|
same as “mail” attribute |
| auEduPersonLibraryBarCodeNumber |
auEduPerson |
|
for students only, library bar code |
To gain access to attributes other than those marked "anon" you first need to bind as the user (or you will need to arrange for special application priviledges).
Notes on people naming conventions
The commonName and displayName attributes are determined as follows:
<givenName> <surname>
or if surname_first_flag is set:
<surname> <givenName>
The givenName attribute can be changed in the Themis HR and Merlin systems byproviding a preferred name setting. The givenName attribute as well as the commonName and displayName attributes will all use the preferred name setting rather than any official given names.
ou=alumni,o=unimelb
This branch is controlled by the alumni office and contains entries for alumni that have accounts on the AWC system.
Objectclasses:
Attributes
- ou : “alumni”
- description : “alumni managed by Advance (AWC)”
cn=username,ou=alumni,o=unimelb
Objectclasses:
Attributes:
| Attribute Name |
ObjectClass |
Visibility |
Values |
| commonName |
person |
anon |
full name in mixed case |
| surname |
person |
anon |
surname in mixed case |
| userPassword |
person |
|
SHA1 encrypted copy of the user’s central mail password |
| givenName |
inetOrgPerson |
anon |
user's full given names |
| displayName |
inetOrgPerson |
|
full name in mixed case (same as “cn” attribute) |
|
top of page
