Google+
ITS and UVa logos for printed output

LDAP (Lightweight Directory Access Protocol)

Public LDAP Information for UVA Developers

LDAP/Active Directory Attribute Changes (June 25, 2018)

As part of the rollout of the new Identity & Access Management System at UVA, some public and private LDAP and Eservices Active Directory (AD) changes will go into effect on Monday, June 25, 2018. Learn more »

Accessing the UVA Public LDAP Service

  • Servers: Do not use Public LDAP, please use Private LDAP
  • Client Software
    • If access is from off-Grounds, you must use the VPN. No access restrictions to UVA community while on the UVA network.
    • LDAP Server Name: ldap.virginia.edu
    • Search base (or Search root): o=University of Virginia,c=US

LDAP Field Names

LDAP uses a standard schema to describe informational fields. The following table describes the various fields available through LDAP, as well a giving a brief description of each field.

Please note: As part of the rollout of the new Identity & Access Management System at UVA, some public LDAP changes will go into effect on Monday, June 25, 2018 (full details). In the list of attributes below, these will be marked as "Modified", "Deprecated", or "New." Also, please see the Additional Attribute Notes below.

The list of attributes available on the public LDAP servers includes:

LDAP field
If there is an asterisk (*) before an attribute name please see the Additional Attributes Notes below; the asterisk is not part of the attribute name.
Description
uvaPersonIAMAffiliation
New 6/25/18
Official IAM Role(s) held by user
*  displayname
Modified 6/25/18
Full name of the user.
uid The user’s University computing ID. The system generates the ID from the user’s initials plus a digit followed by one or two random letters, such as mst3k. This attribute is not indicative of an active email account.
UnixUid A unique numerical ID that UNIX-based systems use in addition to your computing ID for your account.
*  description A form of affiliation (Legacy Attribute).
ou The department in which the user works or the primary school of attendance for students. ou means Organizational Unit to the LDAP server. Because of the size of some schools, such as the College of Arts and Sciences, the LDAP database subdivides students into pseudo-subdepartments based upon the discipline mnemonic and the first letter of the user’s last name. For example, a student with the last name of Jones in the School of Engineering would have a department name of School of Engineering-jseas.
telephoneNumber University office telephone number as received from the HR source system. This field can contain up to two telephone numbers.
OfficeFax
facsimileTelephoneNumber
Fax number for the user as received from the HR source system. LDAP carries this information twice because some clients look in the officefax field for this information while others look in the facsimileTelephoneNumber field.
pager User’s pager number as received from the HR source system.
mobile Cellular or other type of mobile phone number as received from the HR source system.
homephone
Deprecated 6/25/18
Home telephone number for University faculty and staff.
mail
mailForwardingAddress
The mailForwardingAddress field in LDAP contains the account and machine name that the user specified for this service. Members of the University community can use the Email Address Management System to manage their UVA email addresses, including directing where their UVA email messages should be delivered.
mailAlternateAddress System-wide aliases usually appear in the form of aliasname@virginia.edu or alias@email.virginia.edu (e.g. mturner@virginia.edu or mturner@email.virginia.edu.) Members of the University community can use the Email Address Management System to manage their UVA email addresses, including requesting email aliases.
postalAddress
Deprecated 6/25/18
The official University address for a particular department. This address is for internal mail (Messenger Mail) and for external (U.S.) mail. Replaced with physicalDeliveryOfficeName.
physicalDeliveryOfficeName A University building or a U.S. mail address at which the user can receive printed mail as received from our HR system(s).
roomNumber
Deprecated 6/25/18
The room number in a particular building in which the user works.
*  cn
Modified 6/25/18
This field contains the user’s name and University computing ID.
objectclass An LDAP internal field that describes the type of entry.
title Title information from the University HR system for faculty and for staff.
*  sn
Modified 6/25/18
A field containing just the user’s surname.
*  givenName
Modified 6/25/18
A field containing just the user’s first name.
*  initials
Modified 6/25/18
A field containing just the user’s middle name.
*  generationQualifier
Modified 6/25/18
A field containing just the user’s name suffix (e.g. Jr.).
jpegPhoto
Deprecated 6/25/18
A binary jpeg file which contains a photo uploaded by the user.
PreferredEmailAddress The user's email address.
AOLInstMessHandle
Deprecated 6/25/18
The America OnLine Instant Messenger handle for this user.
MSNInstMessHandle
Deprecated 6/25/18
The Microsoft Network (MSN) Instant Messenger handle for this user.
labeledUri
Deprecated 6/25/18
The URL of this user’s home page.
userCertificate The public key for a user’s UVA Standard Assurance personal digital certificate.
*  eduPersonAffiliation Relationship to University. (Legacy attribute)
eduPersonOrgDN University of Virginia
eduPersonOrgUnitDn Department ORG
* eduPersonPrimaryAffiliation Primary relationship to University. (Legacy attribute)
eduPersonPrincipleName computingID@virginia.edu
* eduPersonScopedAffiliation Relationship to University. (Legacy attribute)
uvaDisplayDepartment Department Name as provided by the HR source system.

Additional Attribute Notes (June 25, 2018)

Name

cn, displayName, sn, givenName, initials, generationQualifier

The user now has the ability to modify the First, Middle, Last, and Suffix name values in Identity & Access Management. If the user has modified these values, they will appear in the appropriate field in this directory. If the user has not modified these values, they are representative of the values as sent from the source system for that record.

eduPersonPrimaryAffiliation, eduPersonScopedAffiliation, eduPersonAffiliation

Legacy primary user affiliation (legacy university role trumping logic) will continue to be maintained temporarily, with a deprecation date announced to ITS, LSPs, owners of bind accounts, Focus Group, Steering Committee, others at a future date. For the most accurate role(s) information, please use the uvaPersonaIAMAffiliation attribute.

Role Information

description

While this field will continue to be available, it may not represent the true multiple affiliations that someone may possess. For the most accurate role(s) information, please use uvaPersonIAMAffiliation attribute.

  Page Updated: Tuesday 2018-06-19 12:08:12 EDT