Information Technology Services: University of Hawaii

General:
  • Overview
  • Unison1
  • Unison2

Current Specs:
  • Unison1 Commands
  • Data Transfers

Proposed Specs:
  • Information Model
    • Object Classes
    > Attributes
  • Functional Model
    • Commands
  • Security Model

Project:
  • Project Team
  • Project Status
  • Change Log

Search UH Metadirectory
 

UH Metadirectory Attributes

All UH metadirectory attributes have the exact same name as their LDAP counterparts. This document is an alphabetical reference for all metadirectory attributes. Please refer to the UH Metadirectory Information Model to understand the object classes that are defined using these attributes.

Alphabetical List


eduPersonAffiliation

Also known as classification. It is a role that a person plays at an organization. It is the same attribute defined by Internet2's eduPerson schema. The allowed values for the University of Hawaii are:

Incarnations:

Metadirectory XML Tag <eduPersonAffiliation>
LDAP Attribute eduPersonAffiliation
Database Column EDUPERSONAFFILIATION

Format: Only the following values are allowed:

Metadirectory LDAP Database Description
f faculty f Faculty
s staff s Staff
u student u Undergraduate student
g student* g Graduate student
e emeritus e Emeritus faculty
b staff* b Other staff, such as RCUH, EWC, and JABSOM
Do we really need to distinguish between regular UH staff and other type of UH staff? This information could be ascertained from eduPersonOrgDN and/or uhDataOrigin
a student* a Affiliated student (such as those participating in NICE)
Do we really need to distinguish between regular UH students and other type of UH students? This information could be ascertained from eduPersonOrgDN and/or uhDataOrigin
o other o Other, guest for example

*LDAP currently does not differentiate between graduate and undergraduate students, nor between regular and "other" type of staff, faculty or students. The UH Metadirectory does differentiate between the aforementioned subcategories.

Obsolete:

This eduPersonAffiliation attribute replaces the classification concept defined by UH Directory Services Synchronization Specifications. From now on, the word "classifications" refers to eduPersonAffiliation as defined here. There are two important changes:
  • Removed "t - test data only" as a classification because it does not tells us how a person is affiliated with the University. It only tells us whether the person is real or not, and that's an entirely different property.

    Furthermore, the whole point about testing is to make sure that processes work correctly in real-life situations or situations that mimic real life. There is no "test" classification in real life. For example, we want to test that expirations of affiliations are computed properly for faculty (should not not expire until explicitly terminated) or for students (expires if student does not register by the next required semester). What process are we trying to test with a person who is classified as a "test"? It makes more sense to have a separate attribute that denotes whether a person is real or fictitious and assign a real classifications to the fictitious person.

  • The use of "p - preliminary" is ambiguous. Is it a preliminary username or a preliminary person? If it's a preliminary person, is it a prospective student, prospective faculty or a prospective staff? Again, this information would be better modeled by using a separate attribute for uhOrgAffiliation that tells us whether the affiliation is preliminary or final (and there would be a start and end date for the affiliation, whether preliminary or final). Design note: need to add this concept to uhOrgAffiliation object class

Design note: Need to discuss use of admitted, accepted, registered, and enrolled (paid) functions. Should they be classification changes instead of functions?

Please refer to the uhOrgAffiliation object class to understand the model used to describe affiliations.

top


eduPersonNickname

Definition: An authorized person can set this attribute with a bona fide nickname that could be searched on or displayed. This is usually done for individuals who are often known by their nickname as opposed to their legal first name. It is the same attribute defined by Internet2's eduPerson schema.

Incarnations:

Metadirectory XML Tag <eduPersonNickname>
LDAP Attribute eduPersonNickname
Database Column EDUPERSONNICKNAME

Format: Any officially verified nickname. Format is same as <uhOfficialGivenName>.

Example: Chuck is the nickname for Charles Smith

top


eduPersonOrgDN

Definition: An organization with ties to the University. It is the organization that a person belongs to; in more general terms, it is the organization that a person is affiliated with. Note that there is no information about the relationship between the organizations entered into this attribute (no hierarchy of college, department, and group). This is the same attribute defined by Internet2's eduPerson schema.

Incarnations:

Metadirectory XML Tag <eduPersonOrgDN>
LDAP Attribute eduPersonOrgDN
Database Column EDUPERSONORGDN

Format: Only the following values are allowed:

Metadirectory, LDAP and Database Description
ccc UH Community Colleges, Chancellor's Office
cspa Clinical Studies Program Affiliates Psychology Dept
emba Executive MBA Program, including JEMBA
ewc East-West Center
hawcc Hawaii CC
hcc Honolulu CC
hrsa Health Resources and Administration
jabsom John A Burns School of Medicine
kauaicc Kauai CC
kcc Kapiolani CC
lcc Leeward CC
mauicc Maui CC
other guest and other organizations, usually temporarily assigned
outreach Outreach College
psaf Population Studies Affiliate Faculty Population Studies Program
rcuh RCUH
tahr Agricultural Development in the American Pacific (ADAP) Project
uhh UH Hilo
uhm UH Manoa
uhs University Lab School
uhsystem UH System
uhwh UH West Hawaii
uhwo UH West Oahu
wcc Windward CC
Note: if a valid organization should be listed here, please contact metadirectory-l-request@hawaii.edu

Obsolete:

This eduPersonOrgDN attribute is the same as ORG as defined by the UH Directory Services Synchronization Specifications. From now on, the word "organization" refers to eduPersonOrgDN as defined here.

We no longer support the free-form entry of organization names that Unison1 allowed. Such entries should be cleaned out when converting from Unison1 to the UH Metadirectory. Only the allowed values listed above should be used from now on.

top


uhAffEnd

Definition: The date and time in which a particular uhOrgAffiliation ends. In other words, the date and time at which this particular University relationship should be deemed obsolete unless that same relationship reappears in subsequent data deliveries.

Please refer to the uhOrgAffiliation object class to understand the model used to describe affiliations.

Incarnations:

Metadirectory XML Tag <uhAffEnd>
LDAP Attribute (not applicable, entry exists in LDAP only if affiliation is current)
Database Column ENDDATE (in UHORGAFFILIATIONS table)
Design note: rename to UHAFFEND?

Format: YYYYMMDDTHHMMSS (Follows ISO 8061 specifications, so this means our time zone)

Example: 19840315T234530 represents March 15, 1984 at 11:45:30 PM, local time

top


uhAffID

Definition: A string that uniquely identifies an uhOrgAffiliation entry. Note that an affiliation is also uniquely identified by the following combination:

uhUuid + uhDataOrigin + eduPersonOrgDN + eduPersonAffiliation

Please refer to the uhOrgAffiliation object class to understand the model used to describe affiliations.

Incarnations:

Metadirectory XML Tag <uhAffID>
LDAP Attribute (not applicable)
Database Column KEY (in UHORGAFFILIATIONS table)
Design note: rename to UHAFFID?

Format: A positive number no longer than 15 digits

Example: 234523

top


uhAffStart

Definition: The date and time in which a particular uhOrgAffiliation begins. Sometimes, an affiliation started so long ago that the actual start date is unknown. In those cases, a best guess may be entered. This attribute is required mainly because we need to know whether an affiliation already started or is in the future.

Please refer to the uhOrgAffiliation object class to understand the model used to describe affiliations.

Incarnations:

Metadirectory XML Tag <uhAffStart>
LDAP Attribute (not applicable, entry exists in LDAP only if affiliation is current)
Database Column STARTDATE (in UHORGAFFILIATIONS table)
Design note: rename to UHAFFSTART?

Format: YYYYMMDDTHHMMSS (Follows ISO 8061 specifications, so this means our time zone)

Example: 19830315T234530 represents March 15, 1983 at 11:45:30 PM, local time

top


uhAllowedService

Definition: A service that a person is allowed to use.

Please refer to the uhPermission object class to understand the model used to allow/disallow services to a person.

Incarnations:

Metadirectory XML Tag <uhAllowedService>
LDAP Attribute uhAllowedService
Database Column (Design note: not defined yet)

Format: Only the following values are allowed:

Metadirectory, LDAP and Database Description
all Special value meaning all services
none Special value meaning no services
email Use of a personal username@hawaii.edu email address
modem pool Use the ITS modem pool
wireless Use the UH ITS wireless network
email forwarding Forward username@hawaii.edu email to another email address
request username Request an ITS username
request misc username Request a miscellaneous ITS username (e.g. a group account, a departmental account, etc.)

Design note: These values need some work; they are in all likelihood incomplete and the actual values may change depending on whether it's a Metadirectory, LDAP or Database value

top


uhApprovedBy

Definition: The uhUuid of the person who approves something.

Incarnations:

Metadirectory XML Tag <uhApprovedBy>
LDAP Attribute  
Database Column APPROVEDBY

top


uhDOBDay

uhDOBMonth

uhDOBYear

Definition: The day, month, and year respectively in which the person was born. Note that LDAP combines all three as one attribute named uhDOB. The metadirectory treats each uhDOB component separately because regulations may restrict the use of a complete date of birth.

Incarnations:

Metadirectory XML Tag <uhDOBYear> <uhDOBMonth> <uhDOBDay>
LDAP Attribute uhDOB
Database Column UHDOBYEAR UHDOBMONTH UHDOBDAY

Format: uhDOBYear is not abbreviated (e.g. 1984 is expected as 1984, not as 84); uhDOBMonth is 1 through 12, and uhDOBDay is 1 through 31 depending on the month and whether it's a leap year.

In LDAP, the format for uhDOB is mm/dd/yyyy.

Example:
<uhDOBYear>1984</uhDOBYear>
<uhDOBMonth>3</uhDOBMonth>
<uhDOBDay>15</uhDOBDay>

Obsolete:

These attributes represent date of birth components and supersede DOB as defined by the UH Directory Services Synchronization Specifications.

top


uhDataOrigin

Definition:Who provided data for a person.

Many of its allowed values are also in <eduPersonOrgDN> This is because the organization that provided the data for a person is often the same organization that the person is affiliated with. For example, KCC is the source of data for its own students (uhDataOrigin=kcc, eduPersonOrgDN=kcc).

It is also perfectly normal for uhDataOrigin and eduPersonOrgDN to be different. For example, PeopleSoft is the source of data for a KCC faculty member (uhDataOrigin=hris, eduPersonOrgDN=kcc).

Another way to think about the difference is:

  • eduPersonOrgDN = where this person goes to work or study
  • uhDataOrigin = who told us that this person works or studies there

Incarnations:

Metadirectory XML Tag <uhDataOrigin>
LDAP Attribute (attribute crossed out from LDAP schema, not needed in LDAP)
Database Column UHDATAORIGIN

Format: Only the following values are allowed:

Metadirectory, LDAP and Database Data Delivery Frequency Description
care semester? CARE Program
cspa semester Clinical Affiliates, Department of Psychology, UH
emba semester Executive MBA Program, including JEMBA
ewc yearly East-West Center
hawcc semester Hawaii Community College
hcc semester Honolulu Community College
help quarterly HELP Program
hris ad hoc + monthly terminations UH Faculty, Staff & Other Employees
isis-abroad* semester UHM Students (Study Abroad)
isis-leave* semester UHM Students (On Leave)
isis-grad-leave* semester UHM Grad Students (On Leave)
isis-nse* semester UHM Students (NSE)
isis-oversea* semester UHM Students (Oversea)
isis semester UHM Students
jabsom yearly JABSOM
kauaicc semester Kauai Community College
kcc semester Kapiolani Community College
law semester LAW
lcc semester Leeward Community College
mauicc semester Maui Community College
outreach ad hoc OUTREACH
rcuh bimonthly RCUH
scopis Design note: not in production SCOPIS Application
study-abroad semester Study Abroad Program (is this a superset or the same as isis-abroad?)
uhh semester UH Hilo
uhs ad hoc University Laboratory School
uhwo semester UH West Oahu
unison ad hoc The UH metadirectory can also be updated by various campus representatives
wcc semester Windward Community College
emeritus ad hoc UH Emeriti Faculty

*These variations of isis might be better modeled via a classification (eduPersonAffiliation) change

Please refer to the uhOrgAffiliation object class to understand the crucial role that uhDataOrigin and data delivery frequency play in determining someone's affiliation with the University.

Obsolete:

This uhDataOrigin attribute replaces DATAORIGIN as defined by the UH Directory Services Synchronization Specifications.

top


uhDisallowedService

Definition: A service that a person is not allowed to use.

Please refer to the uhPermission object class to understand the model used to allow/disallow services to a person.

Incarnations:

Metadirectory XML Tag <uhDisallowedService>
LDAP Attribute uhDisallowedService
Database Column (Design note: not defined yet; need to rework EXCEPTIONS table)

Format: Same as uhDisallowedService

top


uhMatchConfidenceOfDOB

Definition: This is not an attribute per se; the metadirectory includes it as an attribute for entries that matched a search criteria. The higher the percentage number, the more confident we are that the date of birth specified by the search matches the date of birth associated with this entry.

Incarnations:

Metadirectory XML Tag <uhMatchConfidenceOfDOB>
LDAP Attribute (Not applicable)
Database Column (Not applicable)

Format: Only the following values are allowed:

Metadirectory Description
0 Search specified a date of birth, matched entry has a date of birth, and they are not the same
1 Search included date of birth as an optional criterion, but the matched entry did not have a date of birth; quality of date of birth match is inconclusive
2 Search did not include date of birth as a criterion, and the matched entry has a date of birth; quality of date of birth match is inconclusive
100 100% confident of match. Search specified a date of birth, matched entry has a date of birth, and they are the same

Design note: we should also account for partial matches and typos. For example, looking for a John Smith born on 10/15/1982 returns a John Smith born on 10/16/1982. This date of birth match does not deserve a value of 0 just because they are not the same date. It's off by one digit, so a value like 90% would be more appropriate.

top


uhMatchConfidenceOfName

Definition: This is not an attribute per se; the metadirectory includes it as an attribute for entries that matched a search criteria. The higher the percentage number, the more confident we are that the names specified by the search matches the names associated with this entry.

Incarnations:

Metadirectory XML Tag <uhMatchConfidenceOfName>
LDAP Attribute (Not applicable)
Database Column (Not applicable)

Format: An integer from 0 to 100 where 0 means that the searched and returned names absolutely do not match, and 100 means the most confidence that the searched and returned names are the same.

top


uhMatchConfidenceOfSSN

Definition: This is not an attribute per se; the metadirectory includes it as an attribute for entries that matched a search criteria. The higher the percentage number, the more confident we are that the Social Security Number specified by the search matches the Social Security Number associated with this entry.

Incarnations:

Metadirectory XML Tag <uhMatchConfidenceOfSSN>
LDAP Attribute (Not applicable)
Database Column (Not applicable)

Format: Only the following values are allowed:

Metadirectory Description
0 Search specified a SSN, matched entry has a SSN, and they are not the same
1 Search included SSN as an optional criterion, but the matched entry did not have a SSN; quality of SSN match is inconclusive
2 Search did not include SSN as a criterion, and the matched entry has a SSN; quality of SSN match is inconclusive
100 100% confident of match. Search specified a SSN, matched entry has a SSN, and they are the same

Design note: we should also account for partial matches and typos. For example, looking for a John Smith whose SSN is 123-45-6789 returns a John Smith whose SSN is 123-46-6789. This SSN match does not deserve a value of 0 just because they are not the same SSN. It's off by one digit, so a value like 90% would be more appropriate.

top


uhNameSubstrings

Definition: This is not an attribute per se; it is useful for searching by name where the actual name components are either not important or unclear. Instead of search specifically for first, middle and last name, this attribute allows us to search for any person whose name contains all the substrings specified in this special attribute.

Incarnations:

Metadirectory XML Tag <uhNameSubstrings>
LDAP Attribute (Not applicable)
Database Column (Not applicable)

Format: Substrings must be separated by a space; each substring must have only letters.

Example: <uhNameSubstrings>John Smith</uhNameSubstrings> will allow us to search for people whose name includes both substrings: John Walters-Smith, Johnny G. Smith, and Smithers Johnson.

Design note: Do we use LDAP's wildcard characters to make name substring searches more useful? Is the search case sensitive? These issues should be resolved as we refine the metadirectory's search command.

top


uhOfficialGivenName

uhOfficialMiddleName

uhOfficialNameSuffix

uhOfficialSurname

Definition: The person's legal first, middle, generation and last names, respectively. Middle initials are acceptable if the full middle name is unavailable. uhOfficialNameSuffix refers to generation names such as III and Jr.

These attributes cannot be self-modified. A person must go to an "authoritative" source such as the Admissions Office or their Personnel Officer to change any of this information.

Incarnations:

Metadirectory XML Tag <uhOfficialGivenName>
LDAP Attribute uhOfficialGivenName
Database Column UHOFFICIALGIVENNAME

Metadirectory XML Tag <uhOfficialMiddleName>
LDAP Attribute uhOfficialMiddleName
Database Column UHOFFICIALMIDDLENAME

Metadirectory XML Tag <uhOfficialNameSuffix>
LDAP Attribute uhOfficialNameSuffix
Database Column UHOFFICIALNAMESUFFIX

Metadirectory XML Tag <uhOfficialSurname>
LDAP Attribute uhOfficialSurname
Database Column UHOFFICIALSURNAME

 

Format:

Design note: Internally, we might need to store two versions of the above attributes: one that retains the original format which is not suitable for searching, and another that reduces names to just capital letters and spaces for optimum search results.

Design note: What about the short LDAP attributes such as sn, givenName, initials and "compound" attributes such as cn and displayName?

Storage Format A: This format retains the original format of the name including case and punctuation, but it must also be in a valid Data Entry Format.

If the data provider does not track the proper capitalization of names, it should provide the data in all uppercase instead of applying a name capitalization algorithm that may not always be accurate. All-lowercase or all-uppercase entries are saved as all-uppercase. Mixed case entries are saved as is.

  • uhOfficialSurname O'Malley-McCartney is saved exactly like that, with the apostrophe, dash, and the capital "C" in McCartney.
  • uhOfficialSurname mcintosh will be saved as MCINTOSH because it was in all-lowercase, meaning the data provider does not track capitalization.

Storage Format B: This is the format that is optimized for searching. Only capital letters and spaces are kept after converting names to this format. The metadirectory stores names using the following algorithm:

  • Must be in a valid Data Entry Format
  • Names are converted to all uppercase
  • Punctuation that separates names or initials such as periods and commas are converted to white space:
    • uhOfficialSurname Mott-Smith is saved as MOTT SMITH
    • uhOfficialMiddleName K.C. is saved as K C
    • uhOfficialNameSuffix Jr. is saved as JR
  • Punctuation that appears in the middle of a name such as single quotes and backquotes are deleted.
    • uhOfficialSurname O'Malley is saved as OMALLEY
    • uhOfficialMiddleName Billy-Bob Ku`uipo is saved as BILLY BOB KUUIPO
  • White space is converted to a single space character; leading and trailing white space is removed.

Data Entry Format: When sending data updates to the metadirectory, these attributes should only contain upper and lowercase letters, white space, periods, commas, dashes, single quotes and backquotes. Anything else is considered an error.

Search Filter Format: The case and punctuation of names that appear in a search filter are automatically converted to match the format used by Storage Format B.

Search Result Format: This is the format returned by metadirectory searches. For now, it is the same as Storage Format A.

Obsolete:

The uhOfficialGivenName, uhOfficialMiddleName, uhOfficialSurname, and uhOfficialNameSuffix attributes replace FIRSTNAME, MIDDLENAME, LASTNAME and NAMESUFFIX respectively as defined by the UH Directory Services Synchronization Specifications.

top


uhPermID

Definition: A string that uniquely identifies a uhPermission entry.

Please refer to the uhPermission object class to understand the model used to describe services allowed/disallowed.

Format: A positive number no longer than 15 digits

Example: 234523

top


uhPreferredMail

Definition: The email address that a person prefers to make available to others.

Incarnations:

Metadirectory XML Tag <uhPreferredMail>
LDAP Attribute uhPreferredMail
Database Column UHPREFERREDMAIL

Format: Any valid email address

Example: John Smith has a jsmith@hawaii.edu email address but prefers to receive email at john.smith@yahoo.com

top


uhPrivEnd

Definition: The date and time in which a particular uhPrivacySetting is no longer valid.

Please refer to the uhPrivacySetting object class to understand how personal privacy preferences are tracked.

Incarnations:

Metadirectory XML Tag <uhPrivEnd>
LDAP Attribute Design note: need to add this to LDAP?
Database Column Design note: not implemented yet; need to rework EXCEPTIONS table

Format: YYYYMMDDTHHMMSS (Follows ISO 8061 specifications, so this means our time zone)

Example: 19840315T234530 represents March 15, 1984 at 11:45:30 PM, local time

top


uhPrivID

Definition: A string that uniquely identifies a uhPrivacySetting entry.

Please refer to the uhPrivacySetting object class to understand how personal privacy preferences are tracked.

Incarnations:

Metadirectory XML Tag <uhPrivID>
LDAP Attribute (not applicable)
Database Column Design note: not implemented yet; need to rework EXCEPTIONS table

Format: A positive number no longer than 15 digits

Example: 234523

top


uhPrivStart

Definition: The date and time in which a particular uhPrivacySetting starts.

Please refer to the uhPrivacySetting object class to understand how personal privacy preferences are tracked.

Incarnations:

Metadirectory XML Tag <uhPrivStart>
LDAP Attribute Design note: need to add this to LDAP?
Database Column Design note: not implemented yet; need to rework EXCEPTIONS table

Format: YYYYMMDDTHHMMSS (Follows ISO 8061 specifications, so this means our time zone)

Example: 19840315T234530 represents March 15, 1984 at 11:45:30 PM, local time

top


uhPrivType

Definition: What type of privacy setting or what application is this uhPrivacySetting entry applicable for?

Please refer to the uhPrivacySetting object class to understand how personal privacy preferences are tracked.

Incarnations:

Metadirectory XML Tag <uhPrivType>
LDAP Attribute uhRestrict
Database Column PRIVACYTYPE

Format: Only the following values are allowed:

Metadirectory, LDAP and Database Description
uhListed Whether to disclose this information regardless of policy
uhDisplay Design note: What does LDAP use uhNoDisplay for? Does it have value beyond LDAP?
uhPhoto

Do not release or display my picture regardless of policy

Design note: What does LDAP use uhNoPhoto for? Does it have value beyond LDAP?

uhFullProfile Design note: Is this an LDAP-specific setting?

top


uhPrivValue

Definition: Usually a boolean value for the setting defined in uhPrivType

Please refer to the uhPrivacySetting object class to understand how personal privacy preferences are tracked.

Incarnations:

Metadirectory XML Tag <uhPrivValue>
LDAP Attribute uhRestrict
Database Column ALLOW

uhQuestion1

uhQuestion2

uhResponse1

uhResponse2

Definition: Two pairs of questions and answers that people can define and redefine to identify themselves. They are commonly used to change one's forgotten password.

Incarnations:

Metadirectory XML Tag <uhQuestion1>
LDAP Attribute uhQuestion1
Database Column UHQUESTION1

Metadirectory XML Tag <uhQuestion2>
LDAP Attribute uhQuestion2
Database Column UHQUESTION2

Metadirectory XML Tag <uhResponse1>
LDAP Attribute uhResponse1
Database Column UHRESPONSE1

Metadirectory XML Tag <uhResponse2>
LDAP Attribute uhResponse2
Database Column UHRESPONSE2

Format: Answers retain their case sensitivity but leading and trailing white space are removed and multiple white space characters are replaced with a single space.

Only a predefined list of questions are currently allowed. A perhaps outdated list can be found at http://www.hawaii.edu/help/accounts/accountinfo.html

top


uhSSN

Definition: This is the person's Social Security Number. It is normally unique to each person, but not all people have one.

Incarnations:

Metadirectory XML Tag <uhSSN>
LDAP Attribute uhSSN
Database Column UHSSN

Format: 9 digits with the customary dashes after the 3rd and 5th digits (i.e. 123-45-6789).

Note: SSN validation and validation for temporary SSN assignments must follow additional rules, see table below. These additional rules also help prevent the collision of temporary SSN assignments by UH Manoa and the Community Colleges. The following information is from a memo that the Office of Planning and Policy sent to all the UH Admissions Offices regarding the assignment of temporary SSN's for admissions purposes. The memo is dated 04/23/97. More information on Social Security numbers may be found at http://www.ssa.gov/foia/stateweb.html

Entity
(Design note: we should make these uhDataOrigin entries)
Valid Range Begin (inclusive) Valid Range End (inclusive)
Any 001-00-0000 899-99-9999
ITS Testing* 000-00-0001 000-00-0999
ITS Help Desk** 000-01-0001 000-19-9999
hawcc 000-40-0000 000-40-9999
hcc 900-01-0492 900-02-9999
kcc 900-03-0978 900-04-9999
kauaicc 900-05-0066 900-05-9999
lcc 900-06-0688 900-07-9999
mauicc 900-08-0294 900-08-9999
wcc 900-09-0075 900-09-9999
UH Law School 999-10-0000 999-10-9999
JABSOM 999-11-0000 999-11-9999
UH A&R 999-20-9000
999-50-0000
999-29-9999
999-59-9999
UH Hilo 000-20-0000
999-30-0000
000-39-9999
999-49-9999
UH Grad Div 999-60-0000 999-79-9999
CCECS 999-80-0000 999-84-9999
UHWO 999-90-9999 999-99-9999
* The ITS Testing SSNs are for testing purposes only and should not be saved to production directories.
** Under some circumstances the ITS Help Desk creates an account for a student before the student has been assigned a temporary SSN by the registrar.

top


uhUsernameState

Definition: This attribute tells us the current state of a username. See allowed values below.

Incarnations:

Metadirectory XML Tag <uhUsernameState>
LDAP Attribute uhUsernameState
Database Column STATE (under USERNAMES table)

Format: Only the following values are allowed:

Metadirectory, LDAP and Database Description
a Username is active (normal state)
d Username has been deleted
s Username has been suspended
w Username has been requested, confirmed and is just awaiting for actual creation.
r Username has been reserved; it could have been reserved for a specific person or for no one in particular

Design note: This attribute has not been defined for LDAP

top


uhUsernameType

Definition: This attribute what kind of username this is. The most common distinction is between regular personal accounts and shared group accounts. See allowed values below.

Incarnations:

Metadirectory XML Tag <uhUsernameType>
LDAP Attribute uhUsernameType
Database Column USERNAMETYPE

Format: Only the following values are allowed:

Metadirectory, LDAP and Database Description
i Individual username (the usual)
g Misc. username which includes departmental and instructional usernames
t Temporary username; these are very generic looking usernames who are usually assigned for very short periods of time and are often used for short courses. They could be used for almost anything though.
a A mail alias; this is not really a username but since it shares the same namespace as usernames, it is useful to treat mail aliases as a special type of username.
r Username has been reserved; it could have been reserved for a specific person or for no one in particular

Design note: This attribute has not been defined for LDAP

top


uhUuid

Definition: A unique, non-recyclable UH number assigned to each person that passes through UH. It can be verified for typos because the last digit acts as a check digit. This also means that the first seven digits are also unique.

Design note: include algorithm for computing check digit and verifying the validity of a uhUuid

Incarnations:

Metadirectory XML Tag <uhUuid>
LDAP Attribute uhUuid
Database Column UHUUID

Format: 8 digits; no punctuation. No numbers begin with 57 to avoid confusion with Hawaii SSNs.

If masking is used, then insert a dash after every 4 digits. Masking is not used by the metadirectory, LDAP or the database. It is external formatting done at the application level.

Design note: this is not consistent with the dashes we do require with uhSSN, but it's probably not worth changing it to use dashes at the middleware level.

Example: 10001236 is returned by the metadirectory, LDAP and database,but we encourage applications to use 1000-1236 when displaying it on a web page or printing it.

top


uid

Definition: It is the same attribute defined by Internet2's eduPerson schema. It is the username itself, also known as the login, logon or handle. Currently, this attribute represents the ITS Username.

Incarnations:

Metadirectory XML Tag <uid>
LDAP Attribute uid
Database Column USERNAME
(Design note: UID could not be used as an Oracle column name)

Format: The ITS Username is currently restricted to a minimum of 2 and a maximum of 8 alphanumeric characters all lowercase. Underscores are used but they are discouraged and will probably be discontinued.

Example: jsmith is the uid for John Smith

top


userPassword

Definition: It is the same attribute defined by Internet2's eduPerson schema. It is the password that in conjunction with the uid allows access to a computer system, application or service. In our current implementation, this attribute refers to the password for the ITS Username.

Incarnations:

Metadirectory XML Tag <userPassword>
LDAP Attribute userPassword
Database Column USERPASSWORD

Format: Usually 6 to 8 characters long with at least one special character

Example: 1itl#bHN

top


Information Technology Services
Maintained by: Julio Polo
©2002 University of Hawaii
Updated: 2003-05-07 18:00:00




Go to ITS Home Page Go to UHINFO Go to ITS Home Page