Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Document: refeds-eduPerson-202001

REFEDS Schema Board

Released: 09 January 2020

Copyright © 2019 by Internet2 and/or the respective authors

Comments to:


eduPerson Object Class Specification (202001)

Status of this document

The (202001) version of the eduPerson object class specification is described in this document. This version is appropriate for adoption in a production enterprise directory service environment.

0. Table of Contents

1. eduPerson (202001)Introduction
1.1. General Remarks
1.2. Identifier Concepts
1.3. eduPerson (202001)Scope
2. eduPerson (202001)Object Class and Attributes
2.1. eduPerson Object Class Definition
2.2. eduPerson Attribute Definitions
2.2.1. eduPerson (202001) eduPersonAffiliation
2.2.2. eduPerson (202001) eduPersonEntitlement
2.2.3. eduPerson (202001) eduPersonNickname 
2.2.4. eduPerson (202001)eduPersonOrgDN
2.2.5. eduPerson (202001)eduPersonOrgUnitDN 
2.2.6. eduPerson (202001)eduPersonPrimaryAffiliation
2.2.7. eduPerson (202001)eduPersonPrimaryOrgUnitDN
2.2.8. eduPerson (202001) eduPersonPrincipalName
2.2.9. eduPerson (202001)eduPersonPrincipalNamePrior
2.2.10. eduPerson (202001) eduPersonScopedAffiliation
2.2.11. eduPerson (202001) eduPersonTargetedID
2.2.12. eduPerson (202001) eduPersonAssurance
2.2.13.  eduPerson (202001)eduPersonUniqueId
2.2.14.  eduPerson (202001) eduPersonOrcid
3. Comments on Other Common Person Attributes
3.1. eduPerson (202001) audio
3.2. eduPerson (202001)cn (commonName)
3.3. eduPerson (202001) description
3.4. eduPerson (202001) displayName
3.5. eduPerson (202001)facsimileTelephoneNumber
3.6. eduPerson (202001)givenName
3.7. eduPerson (202001) homePhone
3.8. eduPerson (202001)homePostalAddress
3.9. eduPerson (202001)initials

3.10. eduPerson (202001)jpegPhoto
3.11. l (localityName)
3.12. eduPerson (202001) labeledURI
3.13. eduPerson (202001) mail 
3.14. eduPerson (202001) manager
3.15. eduPerson (202001) mobile 
3.16. o (organizationName)
3.17. eduPerson ou (202001) (organizationalUnitName)
3.18. eduPerson (202001) pager
3.19. eduPerson (202001) postalAddress
3.20. eduPerson (202001) postalCode
3.21. eduPerson (202001)postOfficeBox
3.22. eduPerson (202001)preferredLanguage
3.23. eduPerson (202001)seeAlso
3.24. eduPerson sn (202001) (surname)
3.25. eduPerson st (202001) (stateOrProvinceName)
3.26. eduPerson (202001) street
3.27. eduPerson (202001)telephoneNumber
3.28. eduPerson (202001) title
3.29. eduPerson (202001) uid
3.30. eduPerson (202001)uniqueIdentifier
3.31. eduPerson (202001)userCertificate
3.32. eduPerson (202001) userPassword
3.33. eduPerson (202001)userSMIMECertificate
3.34. eduPerson (202001)x500uniqueIdentifier
4. eduPerson (202001)Change Log

5. eduPerson (202001)References
6. eduPerson (202001)Acknowledgments



General Remarks


The eduPersonPrincipalName, eduPersonPrincipalNamePrior, eduPersonScopedAffiliation, and eduPersonUniqueId attribute definitions found below make use of the concept of scope. The meaning of scope is specific to the attribute to which it is attached and can vary from one attribute to another.


eduPerson Object Class and Attributes
eduPerson Object Class and Attributes
eduPerson Object Class and Attributes

eduPerson Object Class Definition

All eduPerson-defined attribute names are prefaced with "eduPerson." The eduPerson auxiliary object class contains all of them as "MAY" attributes:

        NAME 'eduPerson'
        MAY ( eduPersonAffiliation $  
                    eduPersonNickname $
                    eduPersonOrgDN $
                    eduPersonOrgUnitDN $
                    eduPersonPrimaryAffiliation $
                    eduPersonPrincipalName $
                    eduPersonEntitlement $
                    eduPersonPrimaryOrgUnitDN $
                    eduPersonScopedAffiliation $
                    eduPersonTargetedID $
                    eduPersonAssurance $
                    eduPersonPrincipalNamePrior $
                    eduPersonUniqueId )
                    eduPersonOrcid )


eduPerson Attribute Definitions

Attributes in the following section were newly defined for eduPerson. Each entry specifies the version in which the attribute was first defined.


Avoid. X500UniqueIdentifier syntax is specified as bit string, and that is not likely to be a good fit for many of the institutional attribute value choices, especially as part of the DN.


Change Log
Change Log
Change Log

This section lists changes that have been made from version to version of eduPerson.


  • 1. Document Status and Introductory sections have been added.

  • 2. Attention called to the change of the eduPerson object class from structural to auxiliary

  • 3. Subsection headings for empty fields deleted..

  • 4. Indexing recommendations for the eduPerson attributes has been improved and corrected in many cases.

  • 5. The syntax notes for the eight eduPerson attributes have been corrected and they now match the LDIF file. DirectoryString is used for five eduPerson attributes. The other three contain distinguished names, so they use distinguishedName syntax.

  • 6. RFC2252 style definitions have been included for the eduPerson object class itself and for each of the eduPerson attributes.

  • 7. Two new attributes are defined: eduPersonEntitlement and eduPersonPrimaryOrgUnitDN.

  • 8. The notes on the c (country) attribute have been deleted since c is not contained in any of the referenced object classes.

  • 9. Notes have been added for several additional attributes from the standard person object classes. These include audio, manager, title, uniqueIdentifier and x500UniqueIdentifier.

  • 10. Notes on userCertificate and userSMIMECertificate have been rewritten. 

  • 11. Clarifying text added in sections 1.3 and 2.2.8





MACE members and others who contributed many hours to the definition of this object class include Rob Banz, Tom Barton, Brendan Bellina, Scott Cantor, Steven Carmody, Michael Gettes, Paul Hill, Ken Klingenstein, RL "Bob" Morgan (RIP), Todd Piket, David Wasley, Ann West, Ignacio Coupeau, Leif Johannson, Hallvard Furuseth, Diego Lopez, Roland Hedberg, Ingrid Melve, Alistair Young, Peter Gietz, Mark Jones, Nathan Dors, Tom Scavo, Lynn McRae, Chad La Joie, Katheryn Strojny, Kathryn Huxtable, Digant Kasundra, Gabriel Sroka, Jon Saperia, David Bantz, Mikael Linden, Marlena Erdos, Peter Schober and others. The editor of the MACE-Dir working group, Keith Hazelton, would like to thank them and the many others who helped bring this effort to completion. This version also had the benefit of comments from several of the NMI Testbed institutions. Three that deserve special mention are Georgia State University, the University of Alabama at Birmingham and the University of Michigan. Special thanks to Internet2 staff members for their invaluable assistance over the years, Ben Chinowsky, Renee Frost, Lisa Hogeboom, Nate Klingenstein, Steve Olshansky, Jessica Bibbee, Ellen Vaughan and Emily Eisbruch.