Datamodell
MetaVault database skjema
Identity Store Table
Table contains a digital identity (defined by a UH-ID) and its association with one or more unique identifiers. Unique identifiers can be a National ID, a temporary National ID, an employee number scoped for an institution, a student number scoped for an institution, an EPPN, and SO number, or a combination of attributes such as legal last name, passport number, country, and institutional affiliation.
Field | Data Type | Field Length | Nullable | Pri Key | Source: master_employee and master_student processing |
---|---|---|---|---|---|
uhid | varchar | 36 | No | X | Randomly generated GUID |
identifier | varchar | 200 | No | X | identifier type + “:” + identifier value |
uhida | varchar | 36 | Yes | Only used when identities are merged Former uhid |
Persons table
Table contains master information for all persons.
Field | Data Type | Field Length | Nullable |
---|---|---|---|
id | varchar | 50 | No |
uhid | varchar | 36 | No |
uhun | varchar | 9 | No |
status | char | 1 | No |
eppn | varchar | 36 | Yes |
employee_no | varchar | 45 | Yes |
first_name | varchar | 254 | Yes |
last_name | varchar | 254 | Yes |
fnr | varchar | 12 | Yes |
alternate_identification | varchar | 100 | Yes |
birthdate | varchar | 10 | Yes |
classification_group | varchar | 5 | Yes |
classification_subgroup | varchar | 5 | Yes |
start_date | varchar | 10 | Yes |
end_date | varchar | 10 | Yes |
end_reason | varchar | 254 | Yes |
main_position | varchar | 12 | Yes |
main_position_percent | varchar | 6 | Yes |
main_organization | varchar | 12 | Yes |
secondary_positions | varchar | 500 | Yes |
external_id | varchar | 254 | Yes |
varchar | 254 | Yes | |
telephone | varchar | 100 | Yes |
personal_mobile | varchar | 30 | Yes |
personal_mobile_foreign | varchar | 30 | Yes |
personal_postal_code | varchar | 20 | Yes |
personal_city | varchar | 50 | Yes |
personal_state | varchar | 50 | Yes |
personal_email | varchar | 100 | Yes |
passport_number | varchar | 50 | Yes |
dead | bit | Yes | |
hard_match_conflicts | varchar | 4000 | Yes |
soft_match_conflicts | varchar | 4000 | Yes |
updated_date | date | Yes | |
extension_sent | date | Yes | |
extended_to | date | Yes | |
fs_pin | varchar | 12 | Yes |
source_institution | varchar | 10 | No |
source_system | varchar | 3 | No |
source_id | varchar | 50 | No |
created_at | datetime | No | |
updated_at | datetime | No | |
process_id | varchar | 100 | Yes |
processed_at | datetime | Yes |
SAP Tables
Tables contain SAP information for orgs and positions. The load tables are populated directly using API calls to SAP/IntArk. The master tables are processed using data in the load tables.
- SAP Load Tables
employees_load
orgs_load
positions_load
- SAP Master Tables
master_orgs
master_positions
organization
SAP master_orgs
Field | Data Type | Field Length | Nullable | Pri Key | Source Table: orgs_load |
---|---|---|---|---|---|
id | varchar | 100 | No | X | source_institution + “:” + source_system + “:orgs:” + id |
managed_by | varchar | 100 | No | X | source_institution + “:” + source_system + “:employee:” + managerEmployeeNos |
short_name | varchar | 45 | No | shortName | |
name | varchar | 45 | No | name | |
parent_id | varchar | 45 | Yes | source_institution + “:” + source_system + “:orgs:” + parentId | |
status | varchar | 1 | No | “A” | |
street | varchar | 100 | Yes | N/A | |
city | varchar | 100 | Yes | N/A | |
state | varchar | 45 | Yes | N/A | |
postal_code | varchar | 45 | Yes | N/A | |
country | varchar | 45 | Yes | N/A | |
costcenter | varchar | 45 | Yes | costcenter | |
source_institution | varchar | 45 | No | source_institution | |
source_system | varchar | 45 | No | source_system | |
source_id | varchar | 45 | No | id | |
inserted_at | datetime | No | System date | ||
updated_at | datetime | No | System date | ||
processed_at | datetime | Yes | System date | ||
process_id | varchar | 45 | Yes | Internal process ID |
SAP master_positions
Field | Data Type | Field Length | Nullable | Pri Key | Source Table: positions_load |
---|---|---|---|---|---|
id | varchar | 45 | No | X | source_institution + “:” + source_system + “:positions:” + id |
held_by | varchar | 45 | No | X | source_institution + “:” + source_system + “:employee:” + held_by |
held_from | date | Yes | held_from | ||
held_until | date | Yes | held_until | ||
status | varchar | 1 | No | _calculated – “A” | |
job_code | varchar | 12 | Yes | job_code | |
title | varchar | 50 | Yes | title | |
organization | varchar | 33 | No | source_institution + “:” + source_system + “:orgs:” + organization | |
yrk | varchar | 10 | Yes | yrk | |
position_group | varchar | 50 | Yes | postion_group | |
position_group_id | varchar | 12 | Yes | postion_group_id | |
source_institution | varchar | 45 | No | source_institution | |
source_system | varchar | 45 | No | source_system | |
source_id | varchar | 45 | No | id + “:” held_by | |
inserted_at | datetime | No | System date | ||
updated_at | datetime | No | System date | ||
processed_at | datetime | Yes | System date | ||
process_id | varchar | 45 | Yes | Internal process ID |
FS Tables
Tables contain FS information for assessment times, countries, languages, semester, student assessments, student teachers, study levels, study programs, study rights, and topics. The load tables are populated directly using API calls to FS/IntArk. The master tables are processed using data in the load tables.
- FS Load tables
assessmenttimes_load
countries_load
languages_load
roles_load
semester_load
studentassessments_load
students_load
studentteaching_load
studylevels_load
studyprograms_load
studyrights_load
teaching_load
teachingactivity_load
topics_load
- FS Master Tables
master_assessmenttimes
master_countries
master_languages
master_roles
master_semester
master_studentassessments
master_studentteacher
master_studylevels
master_studyprograms
master_studyrights
master_teaching
master_teachingactivity
master_topics
OrgReg Table
The orgreg_load table contains a list of organizations from the orgreg API endpoint.
saf | Data Type | Field Length | Nullable | Pri Key | API Source: orgreg |
---|---|---|---|---|---|
source_institution | varchar | 5 | No | X | static – Action Set ‘institution’ parameter |
source_system | varchar | 10 | No | X | static – ‘OrgReg’ |
external_key_source_system | varchar | 45 | No | X | externalKeys.sourceSystem |
external_key_type | varchar | 45 | No | X | externalKeys.Type |
external_key_value | varchar | 45 | No | X | externalKeys.Value |
source_id | varchar | 20 | No | X | ouId |
note | varchar | 200 | Yes | note | |
english_name | varchar | 200 | Yes | englishName | |
valid_from | date | Yes | validFrom | ||
norwegian_homepage | varchar | 100 | Yes | norwegianHomepage | |
norwegian_name | varchar | 100 | Yes | norwegianName | |
varchar | 45 | Yes | |||
acronym | varchar | 45 | Yes | acronym | |
english_homepage | varchar | 45 | Yes | englishHomepage | |
postal_code | varchar | 45 | Yes | postalAddress.postalCode | |
country | varchar | 45 | Yes | postalAddress.country | |
state | varchar | 45 | Yes | postalAddress.stateOrProvinceName | |
city | varchar | 45 | Yes | postalAddress.city | |
fax | varchar | 45 | Yes | fax | |
visit_street | varchar | 100 | Yes | visitAddress.street | |
visit_city | varchar | 45 | Yes | visitAddress.city | |
visit_country | varchar | 45 | Yes | visitAddress.country | |
visit_postal_code | varchar | 45 | Yes | visitAddress.postalCode | |
phone | varchar | 45 | Yes | phone.countryCode + phone.number | |
predecessors | varchar | 45 | Yes | predecessors | |
inserted_on | datetime | No | System date | ||
updated_on | datetime | No | System date | ||
processed_on | datetime | Yes | System date | ||
process_id | varchar | 45 | Yes | Internal process ID |
Metadirectory Core
Attribute name | Description | Source |
---|---|---|
sAMAccountName | Uhun | |
@dn | “cn=” + sAMAccountName + “,OU=People,OU=Accounts,DC=meta,DC=local” | |
displayName | first name + “ “ + last name | |
userPrincipalName | sAMAccountName + “@meta.local” | |
idautoPersonAlternateId | uhun | |
givenName | First name | |
idautoId | uhid | |
idautoPersonOtherId | uhid | |
Sn | Last name | |
idautoPersonNationalID | NIN or Passport Number | |
idautoPersonBirthdate | Birthdate | |
idautoPersonAffiliations | See description below | SAF/FS |
idautoPersonAffiliations (scoped) | See description below | SAF/FS |
idautoPersonSchoolIDs | Multivalue list of all SAP/Employee ID's associated with the person (prefixed to indicate institution of origin) | SAP |
idautoPersonWorkAddress1 | User's Work Address | SAP |
idautoPersonHomeCellphone | User's Cell/Mobile Phone Number | SAP |
idautoPersonHomeEmail | User's Private Email Address | SAP |
idautoPersonHomePostalCode | User's Home Postal Code | SAP |
idautoPersonHomeCity | User's Home Region/County (landsdeler) | SAP |
idautoPersonHomeState | User's Home Region/County (landsdeler) | SAP |
idautoPersonManagerID | UniqueID of the user's manager | SAP |
Manager | DN of the user's manager (Used to identify a users Leder in Portal for workflow purposes only) | SAP |
idautoPersonEntryDate | Oldest held-by date on a position | SAP |
idautoPersonLastDateWorked | Oldest held-until date on a position unless user currently holds a position. | SAP |
idautoPersonFacSchoolCodes | Multivalued Stedkode tuple including: Cost Center Code (orgKostnadssted), Cost Center Short Name (orgKortnavn), Cost Center Long Name (navn), English Name (engelsknavn), and Stedkode (first 6 digits of cost center code) | SAP |
employeeID | SAP | |
idautoPersonSchoolCodes | Multivalue list of all Student Numbers associated with the person. | FS |
idautoPersonStuSchoolCodes | Multivalue list of all FS ID's associated with the person | FS |
idautoPersonWorkAddress1 | User's Work Address | FS |
idautoPersonHomeCellphone | User's Cell/Mobile Phone Number | FS |
idautoPersonHomeEmail | User's Private Email Address | FS |
idautoPersonEnrollDate | Oldest held-by date on a study right, student teaching, or assessment, scoped | FS |
idautoPersonLastEnrollDate | Oldest held-until date on a study right, student teaching, or assessment, unless user currently holds one, scoped. | FS |
idautoPersonCourses | Study program codes | FS |
idautoPersonPrimaryParent | User’s home institution. Calculated based on first school person is associated with chronologically | FS |
idautoPersonSchoolCode | Student Number from user's Home Institution | FS |
idautoPersonStuSchoolCode | FS ID Number from user's Home Institution | FS |
User's Email Address from Home Institution | Derived | |
idautoPersonDeprovisionDate | Used for tracking when an account was disabled in AD by RI | Derived |
idautoPersonDSSSystemUpdates | Date Connect last updated the object | Derived |
idautoPersonClaimFlag | Indicates whether an account has been claimed or not. Populated via the user account claiming process. | Claim |
idautoPersonClaimDate | Indicates the date when an account was claimed. Populated via the user account claiming process. | Claim |
idautoPersonClaimCode | Claim | |
idautoPersonStatusOverride | Status Override Flag | Manual |
idautoPersonDoNotDeprovision | Boolean to prevent disablement process from being executed | Manual |
idautoPersonLockoutFromSystem1 | Flag to prevent action sets from recreating/re-enabling an immediate termination account | Manual |
idautoPersonAffiliations
Employee Separated Employee Student Separated Student
idautoPersonAffiliations (scoped)
AdministrativeTechnicalStaff
dfo:stillinger/{id}->stillingskat -> "stillingskatBetegn": "Administrativt personale"
dfo:stillinger/{id}->stillingskat -> "stillingskatBetegn": "Drifts- og teknisk pers./andre tilsatte"
Create: Immediately Access: On SD
Faculty
dfo:stillinger/{id}->stillingskat -> "stillingskatBetegn": "Undervisnings- og forsknings personale"
Create: Immediately Access: On SD
HourlyPaid
dfo:stillinger/{id}-> stillingskat
dfo: ansatte/{id}-> medarbeiderundergruppe -> timelønnet
Create: Immediately Access: On SD
Separated Employee
Has an End Date associated with the position, and had no other active roles or study rights
On EndDate EOD
Deceased
DFØ API: dead Flag = true
Immediately
Delete Employee
Disable Date + 180d
Student
Case 1, All bullet points are true:
- Studierett = true
- studieretter/{id} -> .privatist = false
- studieretter/{id} -> .aktivStudent = true
Case 2, all bullet points are true:
- Undervisningsmelding = true
- studentundervisning/{id} ->.opptatt = true ('J')
Immediately on active right of study, up to 65 days prior to start date
Private Candidate
Case 1, all bullet points are true:
- Studierett = true
- studieretter/{id} -> .privatist = true
- studieretter/{id} -> .aktivStudent = true
Case 2, all bullet points are true:
- Eksamensmelding = true
- studentundervisning/{id} ->.opptatt = false ('N')
- No active studierett with Privatist = false"
Immediately on active study right for current semester up to 65 days prior to semester start date (there is a function in the API that will allow you to convert a semester name into a start and end date)
Leave of Absence
fsapi:Studieretter -> studentstatus -> PERMISJON = TRUE
idautoPersonLeaveFlag = True"
Separated Students
They will have an end date in their study right that is equal to or earlier than today
No Grace Period
fsapi:studieretter -> studentstatus
(if studentstatus = FULLFØRT or UTGÅTT or SLUTTET or UNDERKJENT --> give grace flag
if studentstatus = IKKE AKTIV or OVERGANG or TRUKKET or UTESTENGT or INNDRATT --> no grace flag)
idautoPersonLeaveFlag = FALSE
Immediately
Deceased
dead = y
Immediately
Delete Student
Disable Date + 180d
Long Term Guest - Emeritus:
dfø:ansatte/{id} -> .medarbeidergruppe = 9
dfø:ansatte/{id} -> .medarbeiderundergruppe = [93]
Create: Immediately Access: On SD
Long Term Guest - Visiting Researcher
dfø:ansatte/{id} -> .medarbeiderundergruppe = [94]
Create: Immediately Access: On SD
Long term Guest - Consultant
dfø:ansatte/{id} -> .medarbeiderundergruppe = [95]
Portal directory
Attribute | Display name | Description | Type | Example | Mullti valued |
---|---|---|---|---|---|
displayName | Display Name | Preferred Name if present, legal if not | String | Micky Mouse | |
employeeNumber | Employee Number | Employee number. | String | 30202 | |
givenName | First Name | User’s first name. | String | Micky | |
idautoID | UHID | UHID (Automatically Generated GUID) | String | 3ddf4822-77ed-4c27-909e-7c826ca10423 | |
idautoPersonAffiliations | Affiliations | Multivalued field containing all birthright roles associated with the person | String | [Employee, Student] | ✓ |
idautoPersonAltUserName | FEIDE ID | Username with suffix | String | laols0070@uib.no | |
idautoPersonAlternateID | Username | Username | String | laols0070 | |
idautoPersonAppRoles1 | OrgEra Affiliations | Multivalued list of top-level affiliations used for app AuthZ | String | [uib:employee:MN-SEKR.MN, uib:studieadministrivt ansatt:MN-SEKR.MN] | |
idautoPersonAppRoles2 | OrgEra Assigned Entitlements | OrgEra Assigned Entitlements | String | [active directory, ldap, framework, lenel, ms office 365] | ✓ |
idautoPersonAppRoles5 | Provisioned Entitlements | Entitlements that have been provisioned to the user. | String | [lenel, apex] | ✓ |
idautoPersonAppRoles6 | Requestable Entitlements | Entitlements that have been requested by the user | String | [topdesk:operator, topdeskoperatorgroup:4c28c38f-c1aa-4685-a5d6-dad78923f241] | ✓ |
idautoPersonAppRoles7 | Target IDs | User identifiers for synced target systems. | String | [topdeskoperator:0f24b366-35d4-4891-98d5-b4a372c099ec, topdesk:d03b615b-5a86-47a4-a06d-45925c5431a6] | ✓ |
idautoPersonBadgeID | Employee Lenel Card Number | Employee Lenel Access Card Number | String | 12345 | |
idautoPersonBarcodeNumber | Student Lenel Card Number | Student Lenel Access Card Number | String | 12345 | |
idautoPersonBirthDate | Birthdate | User's Date of Birth | String | 30.01.1980 | |
idautoPersonClaimCode | Claim Code | Claim Code with date it was assigned | String | 11f08c1d-c265-45d7-89d2-7a371f5629c5 | 20210413 |
idautoPersonClaimFlag | Account Claimed | Indicates whether or not the account has been claimed | Boolean | TRUE | |
idautoPersonCourses | Course Enrollments | List of course enrollment with enrollment type | String | studentteacher:BIO201 | ✓ |
idautoPersonCriterias1Desc | Hard Match Conflicts | Hard Match Conflicting username | Multi-Lined String | perut4623 | |
idautoPersonCriterias2Desc | Soft Match Conflicts | Soft Match Conflicting username | Multi-Lined String | perut4623 | |
idautoPersonDeprovisionDate | Deprovision Date | Used for tracking when an account was disabled in AD by RI | String | 31.03.2021 | |
idautoPersonDeptCodes | OrgEra Roles | String | Example Value Employees: 1011 | 2310 104 | |
idautoPersonEmailAddresses | Email Aliases | Email aliases | elmik7024@uib.no | ✓ | |
idautoPersonEmplClasses | Employee Classifications | Employee Classifications | String | Administrativt personale | ✓ |
idautoPersonEmplTypes | Org Tuple | Multivalued Stedkode tuple | String | 0012240000 | MN-IFT |
idautoPersonEnrollDate | Enrollment Date | Student Enrollment Date | String | 31.07.2020 | |
idautoPersonFacDeptCodes | Department Codes | Employee Department Codes | String | PRMEDISIN | ✓ |
idautoPersonFacSchoolCodes | Student Tuple | String | 0012600000 | MN-BIO | |
idautoPersonHireDate | Hire Date | Employee Hire Date | String | 31.07.2021 | |
idautoPersonHomeCellphone | Personal Phone | Cell Phone | String | 4741234568 | |
idautoPersonHomeDirectory | Home Directory | Path to user’s home directory | String | ||
idautoPersonHomeEmail | Personal Email | Personal Email Address | Email Single-Valued | micky@hotmail.com | |
idautoPersonJobTitles | Title | Job Titles | String | 1113 Prosjektleder | ✓ |
idautoPersonLastDateWorked | Last WorkDate | Employee Last Date Worked | String | 31.07.2021 | |
idautoPersonLastEnrollDate | Last Enroll Date | Last Enroll Date | String | 31.07.2021 | |
idautoPersonLocCodesJobCodes | OrgEra Org Path | Org Tuple | String | uib | MED |
idautoPersonMailNotificationDate | Claim Notification Date | Date claim account email sent | String | 31.07.2021 | |
idautoPersonManagerID | Manager UHID | UniqueID of the user's manager | String | 4c28c38f-c1aa-4685-a5d6-dad78923f241 | |
idautoPersonNationalID | NIN / Passport | National ID Number or Passport Number | String | 5095103105 | |
idautoPersonOfficePhone | Office Phone | Office Phone Number | String | ########## | |
idautoPersonOtherID | UHID | UH-ID - Unique Identifier | String | 4c28c38f-c1aa-4685-a5d6-dad78923f241 | |
idautoPersonPINCode | PIN Code | Lenel Access Card PIN Code | String | 1234 | |
idautoPersonPositionCode | Positions | SAP Position Code | String | 30002225 | |
idautoPersonPrimaryAffiliation | Primary Affiliation | User’s primary affiliation | String | Employee | |
idautoPersonSchoolCode | Student Number | Student Number | String | 38019 | |
idautoPersonStatusOverride | Status Override | Status Override | String | true | |
idautoPersonWorkAddress1 | Work Address | Work Address | String | Armauer Hansens hus, Haukelandsveien 28, 5020 Bergen, no | |
idautoStatus | Status | Status | String | A | I |
l | Home City | User’s Home City | String | Oslo | |
User’s institution email address | Email Single-Valued | user@uib.no | |||
manager | Manager | DN of User’s Manager | DN | ||
postalCode | Home Postal Code | User's Home Postal Code | String | 1234 | |
sn | Last Name | User’s last name | String | Mouse | |
title | Title | User’s title. | String | 1434 Rådgiver | |
uid | User name | User name | String | laols0070 |
More comments:
- idautoPersonEmplTypes
- Multivalued Stedkode tuple including: Cost Center Code (orgKostnadssted), Cost Center Short Name (orgKortnavn), Cost Center Long Name (navn), English Name (engelsknavn), and Stedkode (first 6 digits of cost center code)
- idautoPersonDeptCodes
- employees: ORG-ERA Tuple including origin, orgid, parent, org, advorg, SKO, YRK, Role
- Students: studentstatus=aktiv|privatist=false|student=true
AD
Feide LDAP
Temporary dump, needs to be updated.
Feide attributes | Feide requirements | Examples from UiB current LDAP | Examples from IA Sprint | Comment | Comments - mkw | STATUS |
---|---|---|---|---|---|---|
2.1.1. cn | REQUIRED | Gisle Aas | prboy8135 | Was mentioned to use username value during demo session on 2021.04.07, Please Confirm expectations- 2021.04.14 - mkw | OPEN - We have received conflicting requirements. During demo it was requested we use username. Please confirm desired format. | |
2.1.2. displayName | REQUIRED | Gisle Aas | Praktisk Bøye | OK | ||
2.1.3. norEduPersonLegalName | REQUIRED | Gisle Aas | Praktisk Bøye | OK | ||
2.1.4. givenName | REQUIRED | Gisle | Praktisk | OK | ||
2.1.5. sn | REQUIRED | Aas | Bøye | OK | ||
2.1.6. eduPersonPrincipalName | REQUIRED | gaa041@uib.no | prboy8135@uib.no | OK | ||
2.1.7. uid | REQUIRED | gaa041 | prboy8135 | OK | ||
2.1.8. norEduPersonNIN | REQUIRED | 01019012345 | 28067900100 | OK | ||
2.1.9. mail | REQUIRED | Gisle.Aas@uib.no | mail is missing in the example output | Direct sync from mail in PortalLDAP, this data point exists now. 2021.04.14 - mkw | FIXED | |
2.1.10. userPassword | REQUIRED | xxx | xxx | OK | ||
2.1.11. eduPersonAffiliation | REQUIRED | employee | staff | member | faculty | employee |
2.2.2. eduPersonOrgUnitDN | RECOMMENDED | ou=221000,ou=organization,dc=uib,dc=no | ou=MN-SEKR,ou=organization,dc=uib,dc=no | The DN need to point to an existing DN refering the organization unit/org. The eduorg is following the eduorg schema .If RI is not populating / updating the orgUnit objects in LDAP, there is no other system that does that, consequently is would have to be done in a manual process. | Adjustment made to fit existing example - 2021.04.17 - mkw | FIXED |
2.2.4. eduPersonPrimaryOrgUnitDN | RECOMMENDED | ou=MN-SEKR,ou=organization,dc=uib,dc=no | Adjustment made to fit existing example - 2021.04.17 - mkw | FIXED | ||
2.1.12. eduPersonOrgDN | REQUIRED | o=Universitetet i Bergen,dc=uib,dc=no | o=Universitetet i Bergen,dc=uib,dc=no | Added OU verification to eduPersonPrimaryOrgUnitDN, disbled in logic OU is not in development LDAP.How to handle when OU is not found/verified? - 2021.04.07 - mkw | OPEN - Is there a default OU that should be used to handle cases when the defined OU is not found? | |
2.1.13. schacHomeOrganization | REQUIRED | uib.no | uib.no | OK | ||
2.1.14. norEduPersonAuthnMethod | REQUIRED | Not in Target Design Workbook, need information how to populate (GA, SMS, etc) 2021.04.17 - mkw | FUTURE | |||
2.1.15. norEduPersonServiceAuthnLevel | REQUIRED | Not in Target Design Workbook, need information how to populate - 2021.04.17 - mkw | FUTURE | |||
Where in LDAP and AD do you want the UH-ID and UH-username? | UH-ID is a new concept that IAM introduces.Conseqently it is not used by any services today, but oviously it needs to be available for any servies to start using it. We can skip UH-ID for go live, but it should be available for inclusion at a later time. It is likely that a separate Feide schema attribute is needed for UH-ID. | Need desitnation LDAP attribute to utilize - 2021.04.17 - mkw | OPEN - we would like an attribure to store UH-ID for more efficient user object matching in the future. | |||
UH-username is a new concept that IAM introduces.Conseqently it is not used by any services today, but oviously it needs to be available for any servies to start using it. We can skip UH-ID for go live, but it should be available for inclusion at a later time. It is likely that a separate Feide schema attribute is needed for UH-username | Need desitnation LDAP attribute to utilize - 2021.04.17 - mkw | FUTURE | ||||
2.2.1. eduPersonEntitlement | RECOMMENDED | eduPersonEntitlements should include a list of text strings that represent what permissions that user has.IAM needs to choose a namespace that we control. The format is URN, and by choosing a URL, we may later create APIs and lookup services. Sugggestion is to prefix all values with:https://iam.sikt.no/We should also populate both entitlements and business roles, and these needs to be separate namespaces. We can use:https://iam.sikt.no/entitlements/https://iam.sikt.no/roles/System entitlements have a single machine readable ID, such as:https://iam.sikt.no/entitlements/feidehttps://iam.sikt.no/entitlements/insperaAccess entitlmenets have a second field specifying more details, such as:https://iam.sikt.no/entitlements/inspera:authorhttps://iam.sikt.no/entitlements/framework:adminBusiness roles should also be populated:https://iam.sikt.no/roles/iam:studadm(for now we start with only the business role. The engagmenet role and org path may be added later) | Not in Target Design Workbook, need information how to populate, unable to acess iam.sikt.no - 2021.04.17 - mkw | OPEN - Need detailed specifications on how to populate this or it will be a FUTURE requirement | ||
2.2.3. eduPersonPrimaryAffiliation | RECOMMENDED | staff | faculty | Use prioritization from Target Applications Requirements | FIXED | |
2.2.5. eduPersonScopedAffiliation | RECOMMENDED | member@uib.no | staff@uib.no | employee@uib.no | faculty@uib.no | employee@uib.no |
2.2.6. eduPersonOrcid | RECOMMENDED | Not in Target Design Workbook, need information how to populate - 2021.04.17 - mkw | FUTURE | |||
2.2.7. mobile | RECOMMENDED | +47 93241450 | +47 10000000 | OK | ||
2.2.8. preferredLanguage | RECOMMENDED | FUTURE | ||||
5.1. norEduOrgAcronym | OPTIONAL | Not in Target Design Workbook, need information how to populate - 2021.04.17 - mkw | FUTURE | |||
5.2. norEduPersonBirthDate | OPTIONAL | 19790628 | OK | |||
5.3. norEduPersonLIN | OPTIONAL | uib.no:ansatt:120100 | OK | |||
5.4. eduOrgIdentityAuthNPolicyURI | OPTIONAL | Not in Target Design Workbook - 2021.04.17 - mkw | FUTURE | |||
5.5. eduOrgHomePageURI | OPTIONAL | Not in Target Design Workbook - 2021.04.17 - mkw | FUTURE | |||
5.6. eduOrgWhitePagesURI | OPTIONAL | Not in Target Design Workbook - 2021.04.17 - mkw | FUTURE | |||
5.7. eduPersonAssurance | OPTIONAL | Not in Target Design Workbook - 2021.04.17 - mkw | FUTURE | |||
5.8. eduPersonNickname | OPTIONAL | Not in Target Design Workbook - 2021.04.17 - mkw | FUTURE | |||
5.9. eduPersonPrincipalNamePrior | OPTIONAL | Should contain a list of prior eppn values, when a "person" changes the eppn. An example is when two acounts is merged. | Not in Target Design WorkbookNot in eduPerson LDAP schema LDIF provided - 2021.04.17 - mkw | OPEN - Attribute not in current schema provided for development. This will be FUTURE unless we receive updated specifications. | ||
5.10. facsimileTelephoneNumber | OPTIONAL | Not in Target Design Workbook, need information how to populate - 2021.04.17 - mkw | FUTURE | |||
5.11. homePhone | OPTIONAL | Not in Target Design Workbook - 2021.04.17 - mkw | FUTURE | |||
5.12. homePostalAddress | OPTIONAL | Not in Target Design Workbook - 2021.04.17 - mkw | FUTURE | |||
5.13. jpegPhoto | OPTIONAL | Not in Target Design Workbook - 2021.04.17 - mkw | FUTURE | |||
5.14. l (localityName) | OPTIONAL | BERGEN | Not in Target Design WorkbookAttribute added 2021.04.07 - mkw | FIXED | ||
5.15. labeledURI | OPTIONAL | Not in Target Design Workbook - 2021.04.17 - mkw | FUTURE | |||
5.16. manager | OPTIONAL | Not in Target Design Workbook - 2021.04.17 - mkw | FUTURE | |||
5.17. postalCode | OPTIONAL | 5008 | Not in Target Design WorkbookAttribute added 2021.04.07 - mkw | FIXED | ||
5.18. postOfficeBox | OPTIONAL | Not in Target Design Workbook - 2021.04.17 - mkw | FUTURE | |||
5.19. street | OPTIONAL | Not in Target Design Workbook - 2021.04.17 - mkw | FUTURE | |||
5.20. title | OPTIONAL | Senioringeniør | Mat-nat fak., sekretariatet, | Should be fetched from the attribute idautoPersonJobTitles in portal directory | Adjustment made to fit existing example - 2021.04.17 - mkw | FIXED |
5.21. userCertificate | OPTIONAL | Not in Target Design Workbook - 2021.04.17 - mkw | FUTURE | |||
5.22. userSMIMECertificate | OPTIONAL | Not in Target Design Workbook - 2021.04.17 - mkw | FUTURE | |||
employeeType | NOT FEIDE | ansatt | ansatt | Elin had some comment about the priority of how to calculate this value. It should be the same as primary affiliation | Using prioritization provided in Target Application Requirements -scw | OK |
shadowMax | NOT FEIDE | 390 | 390 | OK | ||
loginShell | NOT FEIDE | /bin/bash | /bin/bash | OK | ||
uidNumber | NOT FEIDE | 39508 | 123456 | OK | ||
sambaPrimaryGroupSID | NOT FEIDE | S-1-5-21-556026149... | xxx | OK | ||
sambaAcctFlags | NOT FEIDE | xxx | xxx | OK | ||
objectclass | NOT FEIDE | top | person | organizationalPerson | inetOrgPerson | eduPerson |
sambaPasswordHistory | NOT FEIDE | xxx | xxx | OK | ||
departmentNumber | NOT FEIDE | 221000 | 120100 | OK | ||
gidNumber | NOT FEIDE | 4601 | 3600 | OK | ||
gecos | NOT FEIDE | Gisle Aas | Praktisk Bøye | OK | ||
o | NOT FEIDE | Universitetet i Bergen | Universitetet i Bergen | OK | ||
shadowLastChange | NOT FEIDE | 18568 | 1616002056000 | OK | ||
postalAddress | NOT FEIDE | IT-avdelingen $ Kalfarveien 31 $ 5020 BERGEN | MN-SEKR $ $ 5008 BERGEN | Not in Target Design WorkbookAttribute added 2021.04.07 - mkw | FIXED | |
ou | NOT FEIDE | IT-avdelingen | MN-SEKR | OK | ||
employeeNumber | 00102816 | EmployeeNumber | OK | |||
homeDirectory | /usr/test | OK | ||||
sambaSID | xxx | OK |