Description: This is an informational article designed to list and describe the LDAP Schemas supported in the CSU System. The LDAP Directory (Lightweight Directory Access Protocol) is administered by CSU's IAM (Identity and Access Management) team in the CSU Division of IT. This article is designed for a technical audience to be able to optimize use of directory attributes for the populations that use their applications and services. Applicable to: CSU System: Fort Collins, Pueblo, Spur Staff (IT Professionals) Definitions: LDAP: Lightweight Directory Access Protocol. In CSU's Identity and Access Management, refers to the protected directory that stores descriptive attribute data for all CSU user identities (>100,000 records). Schema: An LDAP schema defines the structure and rules for how data is stored and organized in an LDAP directory, specifying object classes, attributes, and their relationships. CSU supports some standard schemas (inetOrgPerson, eduPerson) and its own custom schema (colostateEduPerson). urn:oid: value Globally unique object identifier (OID) used in attribute definitions to ensure interoperability across all schemas. Schemas inetOrgPerson Widely used as a general-purpose schema for storing person-related information, such as basic identifying information and contact details. Attribute Name urn:oid: value Description Example (CSU staff) Example (CSUP affiliate) cn urn:oid:2.5.4.3 Deborah Rodriguez-Sanders Nicholas Farthington III displayName urn:oid:2.16.840.1.113730.3.1.241 Debbie Rodriguez Nick Farthington givenName urn:oid:2.5.4.42 Legal First Name Deborah Nicholas ou urn:oid:2.5.4.11 Affiliated Department(s) 1010 Cybersecurity and Privacy P241 Biology mail urn:oid:0.9.2342.19200300.100.1.3 .@domain.edu debbie.rodriguez@colostate.edu nick.farthington@csupueblo.edu sn urn:oid:2.5.4.4 Legal Last Name Rodriguez-Sanders Farthington III uid urn:oid:0.9.2342.19200300.100.1.1 NetID debbiers C876543210 eduPerson Extension of the inetOrgPerson schema, commonly used in academic institutions to standardize attributes related to users in educational environments. Attribute Name urn:oid: value Description Example (CSU staff) Example (CSUP affiliate) eduPersonAffiliation urn:oid:1.3.6.1.4.1.5923.1.1.1.1 CSU System Affiliation type(s) employee library-walk-in member staff student affiliate eduPersonAssurance urn:oid:1.3.6.1.4.1.5923.1.1.1.11 --not currently populated-- eduPersonEntitlement urn:oid:1.3.6.1.4.1.5923.1.1.1.7 Specialized, authorized access points configured through Grouper https://colostate.edu/netid/svc_acct/claweb https://colostate.edu/netid/svc_acct/helpcla https://colostate.edu/kuali/financials/user https://colostate.edu/linkedinlearning-csu https://colostate.edu/netid/serviceaccount/requester https://csu.beyondtrustcloud.com/CLA_Rep https://colostate.edu/duo https://colostate.edu/kuali/research/user https://colostate.edu/duo eduPersonNickname urn:oid:1.3.6.1.4.1.5923.1.1.1.2 Preferred First Name Debbie Nick eduPersonOrgDN urn:oid:1.3.6.1.4.1.5923.1.1.1.3 distinguished name (DN) of the directory entry of user's primary campus o=Colorado State University,dc=colostate,dc=edu o=Colorado State University Pueblo,dc=csupueblo,dc=edu eduPersonOrgUnitDN urn:oid:1.3.6.1.4.1.5923.1.1.1.4 --not currently populated-- eduPersonPrimaryAffiliation urn:oid:1.3.6.1.4.1.5923.1.1.1.5 Primary CSU System Affiliation type staff affiliate eduPersonPrimaryOrgUnitDN urn:oid:1.3.6.1.4.1.5923.1.1.1.8 distinguished name (DN) of the directory entry of user's primary affiliated department ou=1010,ou=Cybersecurity and Privacy,o=Colorado State University,dc=colostate,dc=edu ou=P241,ou=Biology,o=Colorado State University Pueblo,dc=csupueblo,dc=edu eduPersonPrincipalName urn:oid:1.3.6.1.4.1.5923.1.1.1.6 @domain.edu debbiers@colostate.edu C876543210@csupueblo.edu stored in LDAP OR C876543210@colostate.edu through SSO*** eduPersonScopedAffiliation urn:oid:1.3.6.1.4.1.5923.1.1.1.9 @domain.edu employee@colostate.edu library-walk-in@colostate.edu member@colostate.edu staff@colostate.edu student@colostate.edu affiliate@csupueblo.edu stored in LDAP OR affiliate@colostate.edu through SSO*** eduPersonTargetedID urn:oid:1.3.6.1.4.1.5923.1.1.1.10 persistent, opaque identifier that is unique per user and per authenticating system in SSO ***eduPersonPrincipalName and eduPersonScopedAffiliation are scoped to @colostate.edu for all authenticating users, regardless of primary campus, when authenticating through the Shibboleth Identity Provider for Single Sign-On. colostateEduPerson Custom schema created by CSU maintaining additional attributes necessary to support enterprise functions. Attribute Name urn:oid: value Description Example (CSU staff) Example (CSUP affiliate) colostateEduPersonAdvanceID urn:oid:1.3.6.1.4.1.8482.1.1.8 --not currently populated-- colostateEduPersonAriesID urn:oid:1.3.6.1.4.1.8482.1.1.5 PIDM 11234567 11765432 colostateEduPersonAssociateID urn:oid:1.3.6.1.4.1.8482.1.1.7 --not currently populated-- colostateEduPersonCSUID urn:oid:1.3.6.1.4.1.8482.1.1.1 CSU ID # 812345678 876543210 colostateEduPersonEID urn:oid:1.3.6.1.4.1.8482.1.1.2 NetID debbiers C876543210 colostateEduPersonEIDAccountType urn:oid:1.3.6.1.4.1.8482.1.1.4 Indicates if record belongs to a user (P) or service account (S)**** P P colostateEduPersonEIDIRID urn:oid:1.3.6.1.4.1.8482.1.1.3 Legacy "Int Ref Id eID" (value is not populated for new records created after NetID merge) 1480000 1480001 colostateEduPersonExternalID urn:oid:1.3.6.1.4.1.8482.1.1.10 Identifier for external applications GIDM10123456 123456789123456789123@google.com colostateEduPersonHRID urn:oid:1.3.6.1.4.1.8482.1.1.6 CSU Employee Number 234567 colostateEduPersonPrivacy urn:oid:1.3.6.1.4.1.8482.1.1.11 --not currently populated-- ***Service Accounts are not provisioned LDAP records by default. For questions, please contact IAM iamhelp@colostate.edu Future Planning Future additions planned for schema tables in this resource: Syntax Immutable (Y/N) Required/Optional Allowed Values Plans for future attribute additions CSU Federation vs non-standard release policy