Contents
The Oak LDAP uses standard, widely-used LDAP schemas in conjunction with some Oxford-specific extensions. This document describes the attributes and object classes we are using, and states where in the directory information tree each type of entry is to be found. It also states the per-attribute release policy. Example values of most attributes are given, for illustration.
This document is intended as a reference. For examples of which parts of the schema to use to solve common problems, please see the Recommended Usage section of the main Oak LDAP document.
1.1. Definition of schema terms
dc=oak,dc=ox,dc=ac,dc=uk.
1.2. Definition of release policy terms
A service provider is associated with a unit if it's registered as providing a service to that unit, or it's registered as a university-wide provider.
2. Person Entries at oakPrimaryPersonID=id,ou=people,dc=oak,dc=ox,dc=ac,dc=uk
Person entries have two object classes defined. Oxford-specific data is enabled via the oakPerson structural class. The standard eduPerson auxiliary class is mixed in. Note that oakPerson also inherits from the standard inetOrgPerson, thereby including a further range of standard person attribute types.
There is one entry here for each person represented in Oak.
dn: oakPrimaryPersonID=1234567890,ou=people,dc=oak,dc=ox,dc=ac,dc=uk cn: John Doe dateOfBirth: 197107060000Z displayName: John Doe eduPersonAffiliation: member eduPersonAffiliation: staff eduPersonOrgDN: dc=ox,dc=ac,dc=uk eduPersonOrgUnitDN: oakUnitCode=oucs,ou=units,dc=oak,dc=ox,dc=ac,dc=uk eduPersonOrgUnitDN: oakUnitCode=law,ou=units,dc=oak,dc=ox,dc=ac,dc=uk eduPersonPrimaryOrgUnitDN: oakUnitCode=oucs,ou=units,dc=oak,dc=ox,dc=ac,dc=uk givenName: Tom mail: john.doe@oucs.ox.ac.uk memberOf: oakUnitCode=oucs,ou=units,dc=oak,dc=ox,dc=ac,dc=uk o: University of Oxford oakAlternativeMail: john.doe@oucs.ox.ac.uk oakAlternativeMail: john.doe@law.ox.ac.uk oakCardExpiry: 201102020000Z oakITSSFor: oakGN=ITSS,oakUnitCode=oucs,ou=units,dc=oak,dc=ox,dc=ac,dc=uk oakITSSFor: oakGN=ITSS,oakUnitCode=magd,ou=units,dc=oak,dc=ox,dc=ac,dc=uk oakOSSID: 2823413 oakOxfordSSOUsername: oucs0047 oakOxfordSSOUsername: tom oakPersonID: 1234567890 oakPersonID: 9876543210 oakPrimaryPersonID: 1234567890 oakPrincipal: krbPrincipalName=oucs0047@OX.AC.UK,cn=OX.AC.UK,cn=KerberosRealms,dc=oak,dc=ox,dc=ac,dc=uk oakPrincipal: krbPrincipalName=tom@OX.AC.UK,cn=OX.AC.UK,cn=KerberosRealms,dc=oak,dc=ox,dc=ac,dc=uk oakStatus: staff oakUniversityBarcode: 1234567 oakUniversityBarcodeCheckCharacter: - oakUniversityBarcodeFull: 276962801- oakUniversityCardID: 15021462 objectClass: eduPerson objectClass: oakPerson ou: Computing Services ou: Faculty of Law sn: Doe
This attribute type's matching rule makes it case insensitive.
Please refer to the discussion of cn in the eduPerson specification for further discussion.
cn: John Doe
2.3. dateOfBirth Attribute Type
dateOfBirth: 197107060000Z
2.3.2. OpenLDAP-Compatible Attribute Type Declaration
This is a locally-defined attribute type. Its definition from the schema follows, in an OpenLDAP-Compatible format.
attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.4
NAME 'dateOfBirth'
DESC 'Date of Birth'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
)
2.4. displayName Attribute Type
Friendly name to be used when displaying entries.
This attribute type's matching rule makes it case sensitive.
Please refer to the discussion of displayName in the eduPerson specification for further discussion.
displayName: John Doe
2.5. eduPersonAffiliation Attribute Type
eduPersonAffiliation is a standard attribute type used by many Universities. Here, it is derived from our local status categories as follows:
Unfortunately, due to limited data, we are not currently able to populate all the values for eduPersonAffiliation that should be there. For example, many people with senmem or college status are also staff, but we don't yet have the data to add the staff value to the eduPersonAffiliation attribute for people where this is the case.
Please refer to the discussion of eduPersonAffiliation in the eduPerson specification for further discussion.
eduPersonAffiliation: member eduPersonAffiliation: staff
2.6. eduPersonOrgDN Attribute Type
Please refer to the discussion of eduPersonOrgDN in the eduPerson specification for further discussion.
eduPersonOrgDN: dc=ox,dc=ac,dc=uk
2.7. eduPersonOrgUnitDN Attribute Type
Please refer to the discussion of eduPersonOrgUnitDN in the eduPerson specification for further discussion.
eduPersonOrgUnitDN: oakUnitCode=oucs,ou=units,dc=oak,dc=ox,dc=ac,dc=uk eduPersonOrgUnitDN: oakUnitCode=law,ou=units,dc=oak,dc=ox,dc=ac,dc=uk
2.8. eduPersonPrimaryOrgUnitDN Attribute Type
Please refer to the discussion of eduPersonPrimaryOrgUnitDN in the eduPerson specification for further discussion.
eduPersonPrimaryOrgUnitDN: oakUnitCode=oucs,ou=units,dc=oak,dc=ox,dc=ac,dc=uk
Although we provide good given name data for most people in the directory, in some cases this attribute contains a first name, followed by a space, followed by the initial of a middle name. This defect currently affects around 5% of person records. This is due to a limitation with current data sources, and may be corrected in future.
This attribute type's matching rule makes it case insensitive.
Please refer to the discussion of givenName in the eduPerson specification for further discussion.
givenName: Tom
This contains the person's preferred mail address. If there is a
requirement to contact the person by email, this address should be
used. Although the LDAP schema allows multiple values for this
attribute, in Oak LDAP it will only ever contain at most a single
value for each person. It is not unique. If two people self-register
with IT Services with the same mail address, there will be two
person records in Oak LDAP with the same mail attribute.
This attribute type's matching rule makes it case insensitive.
Please refer to the discussion of mail in the eduPerson specification for further discussion.
mail: john.doe@oucs.ox.ac.uk
This attribute type's matching rule makes it case insensitive.
Please refer to the discussion of o in the eduPerson specification for further discussion.
o: University of Oxford
2.12. oakAlternativeMail Attribute Type
This multivalued attribute contains all email addresses for the person.
This attribute type's matching rule makes it case insensitive.
oakAlternativeMail: john.doe@oucs.ox.ac.uk oakAlternativeMail: john.doe@law.ox.ac.uk
2.12.2. OpenLDAP-Compatible Attribute Type Declaration
This is a locally-defined attribute type. Its definition from the schema follows, in an OpenLDAP-Compatible format.
attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.10
NAME 'oakAlternativeMail'
DESC 'RFC822 Mailbox'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
)
2.13. oakCardExpiry Attribute Type
Date of expiry of University Card
oakCardExpiry: 201102020000Z
2.13.2. OpenLDAP-Compatible Attribute Type Declaration
This is a locally-defined attribute type. Its definition from the schema follows, in an OpenLDAP-Compatible format.
attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.5
NAME 'oakCardExpiry'
DESC 'Card Expiry Date'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
)
2.14. oakITSSFor Attribute Type
DN references to all Unit-scoped ITSS groups to which this person belongs.
Because this attribute type holds a distinguished name (matching rule), some components may be case sensitive and some may be case insensitive.
oakITSSFor: oakGN=ITSS,oakUnitCode=oucs,ou=units,dc=oak,dc=ox,dc=ac,dc=uk oakITSSFor: oakGN=ITSS,oakUnitCode=magd,ou=units,dc=oak,dc=ox,dc=ac,dc=uk
2.14.2. OpenLDAP-Compatible Attribute Type Declaration
This is a locally-defined attribute type. Its definition from the schema follows, in an OpenLDAP-Compatible format.
attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.19
NAME 'oakITSSFor'
DESC 'DN of Unit'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
EQUALITY distinguishedNameMatch
)
This attribute type's matching rule makes it case sensitive.
oakOSSID: 2823413
2.15.2. OpenLDAP-Compatible Attribute Type Declaration
This is a locally-defined attribute type. Its definition from the schema follows, in an OpenLDAP-Compatible format.
attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.29
NAME 'oakOSSID'
DESC 'Unique identifier for people with a record in the Oxford Student System.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
EQUALITY caseExactMatch
)
2.16. oakOxfordSSOUsername Attribute Type
This attribute contains the username(s) assigned to a person by IT Services Registration for account provisioning purposes.
This attribute type's matching rule makes it case sensitive.
oakOxfordSSOUsername: oucs0047 oakOxfordSSOUsername: tom
2.16.2. OpenLDAP-Compatible Attribute Type Declaration
This is a locally-defined attribute type. Its definition from the schema follows, in an OpenLDAP-Compatible format.
attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.47
NAME 'oakOxfordSSOUsername'
DESC 'Username for provisioning as managed by IT Services registration'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
)
2.17. oakPersonID Attribute Type
This multivalued attribute holds all of a person's Oak IDs. When looking up a person by their Oak ID, service providers should use this attribute. A person might have more than one value of this attribute, for example, if the University has two records for the same person which they then merge. This attribute is unique in that no two person entries can have the same value of this attribute.
oakPersonID: 1234567890 oakPersonID: 9876543210
2.17.2. OpenLDAP-Compatible Attribute Type Declaration
This is a locally-defined attribute type. Its definition from the schema follows, in an OpenLDAP-Compatible format.
attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.25
NAME 'oakPersonID'
DESC 'Multivalued person identifier to handle merged records'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
EQUALITY caseExactMatch
)
2.18. oakPrimaryPersonID Attribute Type
This is an identifier for a person within Oak. It's used as the LDAP naming attribute on person entries. By design this avoids encoding any personal information in the distinguished name of a person's entry. Service providers who wish to look up a person by their Oak ID should not use this attribute; they should use the multivalued oakPersonID instead. This attribute is unique in that no two person entries can have the same value of this attribute.
oakPrimaryPersonID: 1234567890
2.18.2. OpenLDAP-Compatible Attribute Type Declaration
This is a locally-defined attribute type. Its definition from the schema follows, in an OpenLDAP-Compatible format.
attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.24
NAME 'oakPrimaryPersonID'
DESC 'Unique person identifier'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
EQUALITY caseExactMatch
)
2.19. oakPrincipal Attribute Type
This multivalued attribute contains DN references to all the Kerberos principals owned by this person. The presence of this attribute allows Service Providers to look up a person entry based on the principal name of a user who has authenticated to them via Oxford's single-sign-on system. Searches using this attribute are expected to be the predominant method by which person entries are looked up. This attribute is unique in that no two person entries can have the same value of this attribute.
Because this attribute type holds a distinguished name (matching rule), some components may be case sensitive and some may be case insensitive.
oakPrincipal: krbPrincipalName=oucs0047@OX.AC.UK,cn=OX.AC.UK,cn=KerberosRealms,dc=oak,dc=ox,dc=ac,dc=uk oakPrincipal: krbPrincipalName=tom@OX.AC.UK,cn=OX.AC.UK,cn=KerberosRealms,dc=oak,dc=ox,dc=ac,dc=uk
2.19.2. OpenLDAP-Compatible Attribute Type Declaration
This is a locally-defined attribute type. Its definition from the schema follows, in an OpenLDAP-Compatible format.
attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.2
NAME 'oakPrincipal'
DESC 'DN of principal entry owned by this person'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
EQUALITY distinguishedNameMatch
)
2.20. oakStatus Attribute Type
This is the status as recorded on the person's University Card. See Registration's explanatory page for details.
This attribute type's matching rule makes it case insensitive.
oakStatus: staff
2.20.2. OpenLDAP-Compatible Attribute Type Declaration
This is a locally-defined attribute type. Its definition from the schema follows, in an OpenLDAP-Compatible format.
attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.6
NAME 'oakStatus'
DESC 'Status'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
)
2.21. oakUniversityBarcode Attribute Type
Barcode number on the person's University Card. Note that this doesn't include the checksum character. This attribute is unique in that no two person entries can have the same value of this attribute.
oakUniversityBarcode: 1234567
2.21.2. OpenLDAP-Compatible Attribute Type Declaration
This is a locally-defined attribute type. Its definition from the schema follows, in an OpenLDAP-Compatible format.
attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.7
NAME 'oakUniversityBarcode'
DESC 'University Barcode'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
EQUALITY integerMatch
)
2.22. oakUniversityBarcodeCheckCharacter Attribute Type
Checksum character of the barcode on the person's University Card.
oakUniversityBarcodeCheckCharacter: -
2.22.2. OpenLDAP-Compatible Attribute Type Declaration
This is a locally-defined attribute type. Its definition from the schema follows, in an OpenLDAP-Compatible format.
attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.8
NAME 'oakUniversityBarcodeCheckCharacter'
DESC 'University Barcode Check Character'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1}
SINGLE-VALUE
EQUALITY caseIgnoreIA5Match
)
2.23. oakUniversityBarcodeFull Attribute Type
Full barcode number on the person's University Card, including checksum character. This attribute is unique in that no two person entries can have the same value of this attribute.
oakUniversityBarcodeFull: 276962801-
2.23.2. OpenLDAP-Compatible Attribute Type Declaration
This is a locally-defined attribute type. Its definition from the schema follows, in an OpenLDAP-Compatible format.
attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.9
NAME 'oakUniversityBarcodeFull'
DESC 'University Barcode Including Check Character'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
EQUALITY caseIgnoreIA5Match
)
2.24. oakUniversityCardID Attribute Type
This attribute type's matching rule makes it case sensitive.
oakUniversityCardID: 15021462
2.24.2. OpenLDAP-Compatible Attribute Type Declaration
This is a locally-defined attribute type. Its definition from the schema follows, in an OpenLDAP-Compatible format.
attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.34
NAME 'oakUniversityCardID'
DESC 'Unique identifier from the University Card database.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
EQUALITY caseExactMatch
)
2.25. objectClass Attribute Type
Core LDAP attribute to state the type of the entry. All person entries have oakPerson and eduPerson set. Entries for people with additional attributes from Student Systems will also have oakOSSPerson set.
This attribute type's matching rule (see also RFC 4512 section-1.4 ) makes it case insensitive.
objectClass: eduPerson objectClass: oakPerson
Organisation unit with which this person is associated. Same data as eduPersonOrgUnitDN, but in a different format.
This attribute type's matching rule makes it case insensitive.
Please refer to the discussion of ou in the eduPerson specification for further discussion.
ou: Computing Services ou: Faculty of Law
Please refer to the discussion of sn in the eduPerson specification for further discussion.
sn: Doe
3. Unit Entries at oakUnitCode=code,ou=units,dc=oak,dc=ox,dc=ac,dc=uk
Entries here represent organisational units. Many of these are organisational units of the University of Oxford, such as departments and colleges.
dn: oakUnitCode=oucs,ou=units,dc=oak,dc=ox,dc=ac,dc=uk cn: Computing Services displayName: Computing Services facsimileTelephoneNumber: +44 1865 273275 member: oakPrimaryPersonID=38463,ou=people,dc=oak,dc=ox,dc=ac,dc=uk member: oakPrimaryPersonID=6075,ou=people,dc=oak,dc=ox,dc=ac,dc=uk member: oakPrimaryPersonID=21139,ou=people,dc=oak,dc=ox,dc=ac,dc=uk member: oakPrimaryPersonID=6423,ou=people,dc=oak,dc=ox,dc=ac,dc=uk oakDivision: acserv oakSuperUnit: it oakUnitCode: oucs oakUnitStatus: department oakUnitURI: http://www.oucs.ox.ac.uk/ objectClass: oakOrganizationalUnit ou: Computing Services postalAddress: 13 Banbury Road, Oxford, OX2 6NN telephoneNumber: +44 1865 273200
This attribute type's matching rule makes it case insensitive.
cn: Computing Services
3.3. displayName Attribute Type
This attribute type's matching rule makes it case sensitive.
displayName: Computing Services
3.4. facsimileTelephoneNumber Attribute Type
facsimileTelephoneNumber: +44 1865 273275
Because this attribute type holds a distinguished name (matching rule), some components may be case sensitive and some may be case insensitive.
member: oakPrimaryPersonID=38463,ou=people,dc=oak,dc=ox,dc=ac,dc=uk member: oakPrimaryPersonID=6075,ou=people,dc=oak,dc=ox,dc=ac,dc=uk member: oakPrimaryPersonID=21139,ou=people,dc=oak,dc=ox,dc=ac,dc=uk member: oakPrimaryPersonID=6423,ou=people,dc=oak,dc=ox,dc=ac,dc=uk
3.6. oakDivision Attribute Type
This attribute type's matching rule makes it case insensitive.
oakDivision: acserv
3.6.2. OpenLDAP-Compatible Attribute Type Declaration
This is a locally-defined attribute type. Its definition from the schema follows, in an OpenLDAP-Compatible format.
attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.17
NAME 'oakDivision'
DESC 'Oxford Division'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
)
3.7. oakSuperUnit Attribute Type
This attribute type's matching rule makes it case insensitive.
oakSuperUnit: it
3.7.2. OpenLDAP-Compatible Attribute Type Declaration
This is a locally-defined attribute type. Its definition from the schema follows, in an OpenLDAP-Compatible format.
attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.16
NAME 'oakSuperUnit'
DESC 'Oxford Super Unit'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
)
3.8. oakUnitCode Attribute Type
This attribute type's matching rule makes it case sensitive.
oakUnitCode: oucs
3.8.2. OpenLDAP-Compatible Attribute Type Declaration
This is a locally-defined attribute type. Its definition from the schema follows, in an OpenLDAP-Compatible format.
attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.23
NAME 'oakUnitCode'
DESC 'Unit Code'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
EQUALITY caseExactMatch
)
3.9. oakUnitStatus Attribute Type
oakUnitStatus: department
3.9.2. OpenLDAP-Compatible Attribute Type Declaration
This is a locally-defined attribute type. Its definition from the schema follows, in an OpenLDAP-Compatible format.
attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.51
NAME 'oakUnitStatus'
DESC 'Unit Status'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
)
3.10. oakUnitURI Attribute Type
This attribute type's matching rule makes it case sensitive.
oakUnitURI: http://www.oucs.ox.ac.uk/
3.10.2. OpenLDAP-Compatible Attribute Type Declaration
This is a locally-defined attribute type. Its definition from the schema follows, in an OpenLDAP-Compatible format.
attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.18
NAME 'oakUnitURI'
DESC 'Uniform Resource Identifier'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
EQUALITY caseExactMatch
)
3.11. objectClass Attribute Type
This attribute type's matching rule (see also RFC 4512 section-1.4 ) makes it case insensitive.
objectClass: oakOrganizationalUnit
This attribute type's matching rule makes it case insensitive.
ou: Computing Services
3.13. postalAddress Attribute Type
This attribute type's matching rule makes it case insensitive.
postalAddress: 13 Banbury Road, Oxford, OX2 6NN
3.14. telephoneNumber Attribute Type
telephoneNumber: +44 1865 273200
4. Principal Entries at krbPrincipalName=princname,cn=OX.AC.UK,cn=KerberosRealms,dc=oak,dc=ox,dc=ac,dc=uk
dn: krbPrincipalName=oucs0047@OX.AC.UK,cn=OX.AC.UK,cn=KerberosRealms,dc=oak,dc=ox,dc=ac,dc=uk displayName: oucs0047 krbPrincipalName: oucs0047@OX.AC.UK oakPerson: oakPrimaryPersonID=38463,ou=people,dc=oak,dc=ox,dc=ac,dc=uk objectClass: krbPrincipalAux objectClass: oakPrincipal
4.2. displayName Attribute Type
This is the part of the principal name before the realm. This used to be called the Oxford Username.
This attribute type's matching rule makes it case sensitive.
displayName: oucs0047
4.3. krbPrincipalName Attribute Type
The full name of the principal, including the realm.
krbPrincipalName: oucs0047@OX.AC.UK
DN reference to the Oak LDAP entry of the person who owns this principal
oakPerson: oakPrimaryPersonID=38463,ou=people,dc=oak,dc=ox,dc=ac,dc=uk
4.4.2. OpenLDAP-Compatible Attribute Type Declaration
This is a locally-defined attribute type. Its definition from the schema follows, in an OpenLDAP-Compatible format.
attributeType ( 1.3.6.1.4.1.11023.1.1.7.2.1.12
NAME 'oakPerson'
DESC 'DN of person who owns this principal'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE
EQUALITY distinguishedNameMatch
)
4.5. objectClass Attribute Type
This attribute type's matching rule (see also RFC 4512 section-1.4 ) makes it case insensitive.
objectClass: krbPrincipalAux objectClass: oakPrincipal
A group represents any grouping of people. The exact meaning of a group depends on its position in the DIT.
5.1. displayName Attribute Type
A name for the group that an application can display when referring to the group.
This attribute type's matching rule makes it case sensitive.
displayName: Primary ITSS
This multi-valued attribute holds DN references to all members of the group.
Because this attribute type holds a distinguished name (matching rule), some components may be case sensitive and some may be case insensitive.
member: oakPrimaryPersonID=6075,ou=people,dc=oak,dc=ox,dc=ac,dc=uk member: oakPrimaryPersonID=6423,ou=people,dc=oak,dc=ox,dc=ac,dc=uk member: oakPrimaryPersonID=38463,ou=people,dc=oak,dc=ox,dc=ac,dc=uk
6. Group Entry at oakGN=ITSS,ou=oucscentral,dc=oak,dc=ox,dc=ac,dc=uk
This group contains all registered ITSS staff from across the University
7. Group Entry at oakGN=Primary ITSS,ou=oucscentral,dc=oak,dc=ox,dc=ac,dc=uk
This group contains all registered Primary ITSS staff from across the University