LDAP (Lightweight Directory Access Protocol)
Public LDAP Information for UVA Developers
LDAP/Active Directory Attribute Changes (June 25, 2018)
As part of the rollout of the new Identity & Access Management System at UVA, some public and private LDAP and Eservices Active Directory (AD) changes will go into effect on Monday, June 25, 2018. Learn more »
Accessing the UVA Public LDAP Service
- Servers: Do not use Public LDAP, please use Private LDAP
- Client Software
- If access is from off-Grounds, you must use the VPN. No access restrictions to UVA community while on the UVA network.
- LDAP Server Name: ldap.virginia.edu
- Search base (or Search root): o=University of Virginia,c=US
LDAP Field Names
LDAP uses a standard schema to describe informational fields. The following table describes the various fields available through LDAP, as well a giving a brief description of each field.
Please note: As part of the rollout of the new Identity & Access Management System at UVA, some public LDAP changes will go into effect on Monday, June 25, 2018 (full details). In the list of attributes below, these will be marked as "Modified", "Deprecated", or "New." Also, please see the Additional Attribute Notes below.
The list of attributes available on the public LDAP servers includes:
| LDAP field
If there is an asterisk (*) before an attribute name please see the Additional Attributes Notes below; the asterisk is not part of the attribute name.
|Official IAM Role(s) held by user|
|Full name of the user.|
|uid||The user’s University computing ID. The system generates the ID from the user’s initials plus a digit followed by one or two random letters, such as mst3k. This attribute is not indicative of an active email account.|
|UnixUid||A unique numerical ID that UNIX-based systems use in addition to your computing ID for your account.|
|* description||A form of affiliation (Legacy Attribute).|
|ou||The department in which the user works or the primary school of attendance for students. ou means Organizational Unit to the LDAP server. Because of the size of some schools, such as the College of Arts and Sciences, the LDAP database subdivides students into pseudo-subdepartments based upon the discipline mnemonic and the first letter of the user’s last name. For example, a student with the last name of Jones in the School of Engineering would have a department name of School of Engineering-jseas.|
|telephoneNumber||University office telephone number as received from the HR source system. This field can contain up to two telephone numbers.|
|Fax number for the user as received from the HR source system. LDAP carries this information twice because some clients look in the officefax field for this information while others look in the facsimileTelephoneNumber field.|
|pager||User’s pager number as received from the HR source system.|
|mobile||Cellular or other type of mobile phone number as received from the HR source system.|
|Home telephone number for University faculty and staff.|
|The mailForwardingAddress field in LDAP contains the account and machine name that the user specified for this service. Members of the University community can use the Email Address Management System to manage their UVA email addresses, including directing where their UVA email messages should be delivered.|
|mailAlternateAddress||System-wide aliases usually appear in the form of email@example.com or firstname.lastname@example.org (e.g. email@example.com or firstname.lastname@example.org.) Members of the University community can use the Email Address Management System to manage their UVA email addresses, including requesting email aliases.|
|The official University address for a particular department. This address is for internal mail (Messenger Mail) and for external (U.S.) mail. Replaced with physicalDeliveryOfficeName.|
|physicalDeliveryOfficeName||A University building or a U.S. mail address at which the user can receive printed mail as received from our HR system(s).|
|The room number in a particular building in which the user works.|
|This field contains the user’s name and University computing ID.|
|objectclass||An LDAP internal field that describes the type of entry.|
|title||Title information from the University HR system for faculty and for staff.|
|A field containing just the user’s surname.|
|A field containing just the user’s first name.|
|A field containing just the user’s middle name.|
|A field containing just the user’s name suffix (e.g. Jr.).|
|A binary jpeg file which contains a photo uploaded by the user.|
|PreferredEmailAddress||The user's email address.|
|The America OnLine Instant Messenger handle for this user.|
|The Microsoft Network (MSN) Instant Messenger handle for this user.|
|The URL of this user’s home page.|
|userCertificate||The public key for a user’s UVA Standard Assurance personal digital certificate.|
|* eduPersonAffiliation||Relationship to University. (Legacy attribute)|
|eduPersonOrgDN||University of Virginia|
|* eduPersonPrimaryAffiliation||Primary relationship to University. (Legacy attribute)|
|* eduPersonScopedAffiliation||Relationship to University. (Legacy attribute)|
|uvaDisplayDepartment||Department Name as provided by the HR source system.|
Additional Attribute Notes (June 25, 2018)
cn, displayName, sn, givenName, initials, generationQualifier
The user now has the ability to modify the First, Middle, Last, and Suffix name values in Identity & Access Management. If the user has modified these values, they will appear in the appropriate field in this directory. If the user has not modified these values, they are representative of the values as sent from the source system for that record.
eduPersonPrimaryAffiliation, eduPersonScopedAffiliation, eduPersonAffiliation
Legacy primary user affiliation (legacy university role trumping logic) will continue to be maintained temporarily, with a deprecation date announced to ITS, LSPs, owners of bind accounts, Focus Group, Steering Committee, others at a future date. For the most accurate role(s) information, please use the uvaPersonaIAMAffiliation attribute.
While this field will continue to be available, it may not represent the true multiple affiliations that someone may possess. For the most accurate role(s) information, please use uvaPersonIAMAffiliation attribute.