RapidIdentity Cloud Directory Schema

RapidIdentity Cloud Metadirectory Schema

The directory schema for RapidIdentity Cloud provides a set of rules that define the data elements to be stored and used by RapidIdentity.

To ensure consistency and continuity between RapidIdentity software releases, Identity Automation maintains a comprehensive change management process for the RapidIdentity Cloud Metadirectory. All proposed changes are reviewed by the Directory Change Control Board on a periodic basis and evaluated based on a myriad of factors including but not limited to the business justification and resulting impact associated with the proposed change.

As an integral component of the RapidIdentity System, proposed changes to the RapidIdentity Cloud Metadirectory are considered to be a new feature or a feature enhancement and submitted as Product Ideas via the Identity Automation Support Community. Idea submissions are evaluated on a periodic basis and approved based product fit, alignment with product strategy and customer and market demand.

People/Accounts

• All account entries must be put directly under ou=Accounts,dc=meta.
• All LDAP entries MUST contain objectClass=idautoPerson , a unique idautoID value and at least one unique idautoPersonUserNameMV value.
• The DN for all accounts must look like idautoID=<idautoID_value>,ou=Accounts,dc=meta .

Core Attributes

Attribute Name	Friendly Name	DataType	Multi-Valued	Unique	Indexes	Description / Constraints	RING Entity::Field/Method
idautoID	ID	UUID	N	Y	eq	Required unique GUID of the account Must not be changed after initial creation	Entity::identity
idautoPersonUserNameMV	Usernames	String	Y	Y	eq, sub	Required unique usernames for the account	User::usernames
givenName	First Name	String	N	N	eq, sub	Person’s first name	User::firstName
sn	Last Name	String	N	N	eq, sub	Person’s last name	User::lastName
displayName	Display Name	String	N	N	eq, sub	Constructed by Connect, generally as “<givenName> <sn>”	User::displayName
mail	Email	String	N	Y	eq, sub	Primary organizational email account Must contain an '@'	User::email
idautoPersonEmailAddresses	Email Addresses	String	Y	Y	eq, sub	Current and past email addresses	User::altEmails
idautoPersonHomeEmail	Personal Email Address	String	N	Y	eq, sub	Personal/Home email address for email to reset forgotten password and use as an auth method	User::resetEmail
idautoDisabled	-	Boolean	N	N	eq	If TRUE, the account is considered DISABLED in RapidIdentity The attribute should be cleared instead of set to FALSE	Entity::active
userPassword	-	Binary	N	N	-	Hashed account password	User::passwordHash
idauto-pwdPrivate	-	Binary	N	N	-	Encrypted password managed by the Identity Automation password filter Automatically managed / Not writeable	N/A
idauto-pwdPrivateTS	-	DateTime	N	N	eq	The date/time in which the idauto-pwdPrivate value was last set Automatically managed / Not writeable	N/A
idautoPersonPhotoURL	Photo URL	String	N	N	-	URL to the person’s profile image	User::imageUrl
mobile	Mobile Numbers	String	Y	N	-	Person’s mobile phone numbers	User::mobileNumbers
manager	Manager	DN	Y	N	eq	DNs of the person’s managers	User::getLinksFrom(),User::linkFrom()
directReports	-	DN	Y	N	eq	DNs of all of the person’s direct reports Automatically managed / Not writeable	User::getLinksTo(),User::linkTo()
idautoPersonEndDate	Expiration Date	Date/Time	N	N	eq	Expiration date for Sponsored Accounts Can be used to store disable date from source systems for non-Sponsored Accounts	User::expirationDate
employeeType	Account Type	String	Y	N	eq	Valid values include: Staff, Student, Sponsored, Parent	User::accountTypes
idautoChallengeSet	-	String	Y	N	-	Stores RapidIdentity challenge question/answer data for the person Existing data MUST NOT be updated by Connect	User::challengeSet.challengeItems
idautoChallengeSetTimestamp	-	Date/Time	N	N	-	Date/time when the person last set up their challenge questions/answers Can be cleared to force the user to do challenge setup again at next login if their Challenge Policy requires it	User::challengeSet.lastModified
idautoRequestAssociations	-	String	Y	N	eq	Contains the IDs of all granted, “bound” Workflow Entitlements for the person Data MUST NOT be updated by Connect Can be read to make policy or other decisions based on current RapidIdentity workflow entitlements	User::requestAssociations
idautoPersonClaimCode	Claim Code	String	N	N	eq	Stores an arbitrary “claim code” used by the out-of-the-box RapidIdentity Claim Policy Uniqueness and other constraints are not enforced by the data store	User::claimCode
idautoPersonClaimFlag	Claimed	Boolean	N	N	-	Set to TRUE by RapidIdentity when an account is successfully claimed Used as a filter term in the out-of-the-box RapidIdentity Claim Policy to ensure that an account may not be claimed more than once The attribute should be cleared instead of set to FALSE	User::isClaimed
memberOf		DN	Y	N		read-only - comes from slapo-memberof overlay	User::getDirectMemberships()(from Operational Attributes)

Profile Attributes

None of these attributes have a unique constraint.

Attribute Name	Friendly Name	Data Type	Multi-Valued	Indexes	Description / Constraints	RING Entity::Field/Method
l	City	String	Y	eq, sub	Person’s cities	User::addresses
st	State	String	Y	eq, sub	Person’s states	User::addresses
idautoPersonCountry	Country	String	Y	-	Person’s countries Note: Introduced in amazon-ricloud-2022-12-21	User::addresses
idautoPersonStreetAddress	Street Address	String	Y	-	Person’s street addresses Note: Introduced in amazon-ricloud-2022-12-21	User:addresses
postalCode	Postal Code	String	Y	-	Person’s postal codes	User::addresses
idautoPersonMiddleName	Middle Name	String	N	-	Person’s middle name/initial Often used for username/email generation in Connect	User::middleName
idautoPersonOfficePhone	Office Phone	String	N	-	Person’s office phone number	User::officePhone
idautoPersonPhoneExtension	Phone Extension	String	N	-	Person’s phone extension	User::phoneExtension
idautoPersonHomePhone	Home Phone	String	N	-	Person’s home phone number	User::homePhone
idautoPersonBirthdate	Birthdate	Date	N	-	Person’s birthdate Format: yyyy-MM-dd Often used for account claiming or help desk identification	User::birthdate
idautoPersonTermDate	Source Termination DateLast Enroll Date	Date	N	-	Account termination date originating from source systems Format: yyyy-MM-dd Often useful for making decisions in Connect	User::terminationDate
idautoPersonGraduationDate	Graduation Date	Date	N	-	This is used to store graduation date, as institutions typically allow students to access their data beyond their graduation Note: Introduced in amazon-ricloud-2022-12-21	User::graduationDate
idautoPersonEmployeeTypes	Employee Types	String	Y	eq	Employee Types beyond what is stored in employeeType Examples: Teacher, Admin, Para Often used for dynamic role membership and other RapidIdentity ACLs	User::accountTypes
idautoPersonDeptCodes	Department Codes	String	Y	eq, sub	Codes for all departments in which the person is a member Often used for dynamic role membership and other RapidIdentity ACLs	User::departments
idautoPersonDeptCode	Primary Department Code	String	N	eq, sub	Person’s primary department code Often used for dynamic role membership, RapidIdentity ACLs and making decisions in Connect	User::departments
idautoPersonDeptDescrs	Departments	String	Y	eq, sub	Descriptions for all departments in which the person is a member Often used for dynamic role membership and other RapidIdentity ACLs Often on display in Delegation Profiles	User::departments
idautoPersonDeptDescr	Department	String	N	eq, sub	Person’s primary department description Often used for dynamic role membership and other RapidIdentity ACLs Often on display in Delegation Profiles	User::departments
idautoPersonLocCodes	Location Codes	String	Y	eq, sub	Codes for all locations associated with the person Often used for dynamic role membership and other RapidIdentity ACLs	User::locations
idautoPersonLocCode	Primary Location Code	String	N	eq, sub	Person’s primary location code Often used for dynamic role membership, RapidIdentity ACLs and making decisions in Connect	User::locations
idautoPersonLocNames	Locations	String	Y	eq, sub	Names for all locations associated with the person Often used for dynamic role membership and other RapidIdentity ACLs Often on display in Delegation Profiles	User::locations
idautoPersonLocName	Primary Location	String	N	eq, sub	Person’s primary location name Often used for dynamic role membership and other RapidIdentity ACLs Often on display in Delegation Profiles	User::locations
idautoPersonJobCodes	Job Codes	String	Y	eq, sub	Codes for all jobs associated with the person Often used for dynamic role membership and other RapidIdentity ACLs	User::jobs
idautoPersonJobCode	Job Code	String	N	eq, sub	Person’s primary job code Often used for dynamic role membership, RapidIdentity ACLs and making decisions in Connect	User::jobs
idautoPersonJobTitles	Job Titles	String	Y	eq, sub	Titles for all jobs associated with the person Often used for dynamic role membership and other RapidIdentity ACLs Often on display in Delegation Profiles	User::jobs
idautoPersonJobTitle	Job Title	String	N	eq, sub	Person’s primary job title Often used for dynamic role membership and other RapidIdentity ACLs Often on display in Delegation Profiles	User::jobs
idautoPersonAffiliations	Affiliations	String	Y	eq,sub	Used to store granular affiliations, such as Faculty, Staff, Emeritus, Retiree, Student Applicant, Student Admitted, Student Enrolled, Student Graduated, etc. Note: Introduced in amazon-ricloud-2022-12-21	User:affiliations
idautoPersonAffiliation	Primary Affiliation	String	N	eq,sub	Used to store primary affiliation associated with user Note: Introduced in amazon-ricloud-2022-12-21	User:affiliations
idautoPersonGender	Gender	String	N	-	Person’s gender Note: Introduced in amazon-ricloud-2022-12-21	User::gender
idautoPersonPronouns	Pronouns	String	Y	-	Person’s pronouns Note: Introduced in amazon-ricloud-2022-12-21	User::pronouns

Education Attributes

None of these attributes have unique constraints

Attribute Name	Friendly Name	DataType	Multi-Valued	Indexes	Description / Constraints
idautoPersonTeachers	Teachers	DN	Y	eq	DNs of all teachers associated with a Student person
idautoPersonStudents	-	DN	Y	eq	DNs of all students associated with a Teacher person Automatically managed / Not writeable
idautoPersonGradeLevel	Grade Level	String	Y	eq	Student grade level Valid values: https://ceds.ed.gov/CEDSElementDetails.aspx?TermId=7100 In the rare case where an individual Student is associated with multiple grade levels, the policy for working out the discrepancy will be implemented in Connect Was made multi-valued in: amazon-ricloud-2022-11-22
idautoPersonSchoolCodes	School Codes	String	Y	eq	Codes for all schools associated with the person Used by Insights/Analytics Often used for dynamic role membership and other RapidIdentity ACLs
idautoPersonSchoolNames	School Names	String	Y	eq, sub	Names of all schools associated with the person Often used for dynamic role membership and other RapidIdentity ACLs Often on display in Delegation Profiles
idautoPersonActivityCodes	Activity Codes	String	Y	-	Activity codes are used in determining permissions based on organizational attachment. For students, they are course related values, for employees they are related to positions and / or functions within the organization. Note: Introduced in amazon-ricloud-2022-12-21

Special Attributes

None of these attributes are multi-valued or have unique constraints

Attribute Name	Friendly Name	DataType	Indexes	Description / Constraints	RING Entity::Field/Method
idautoPersonStatusOverride	Override Source Status	Boolean	eq	If TRUE then the account's idautoDisabled value should not be changed automatically from source system data The attribute should be cleared instead of set to FALSE	User::overrideStatus
idautoPersonStatusOverrideReason	Override Source Status Reason	String	-	When a status override is applied to an account, this free text attribute can be used to note the reasoning for future re-evaluation Note: Introduced in amazon-ricloud-2022-12-21	User::overrideStatus
idautoPersonStatusOverrideExpiration	Override Source Status Expiration	Date	-	Used to apply a long-term status override automatic expiration date, if it is known when an account is overridden when the override should automatically expire. This would allow a simple actionset to revoke the status override on the specified date. Note: Introduced in amazon-ricloud-2022-12-21	User::overrideStatus
idautoPersonRenameUsername	Rename Username	String	-	The new username which will be assigned to the account on the rename date Any value populated here should also be populated in the idautoPersonUserNameMV attribute to “reserve” it	User::renameUsername
idautoPersonRenameFlagDate	Rename Date	Date	eq	The date which the account will be renamed Set by Connect to n days in the future where n is specified by some customer-defined policy Format: yyyy-MM-dd	User::renameFlagDate
idautoPersonActivationDate	Activation Date	Date	-	The date which the account should be automatically enabled Used by Connect in cases where an account needs to be created now but not enabled until a specific date Format: yyyy-MM-dd	User::activationDate
idautoPersonSourceStatus	Source System Status	String	-	Contains arbitrary status value from source system (e.g. HR) Connect will use this as a basis for automatic RapidIdentity status changes	User::externalIDs
idautoPersonToSystem1	Sync Person to System 1	Boolean	-	Indicates whether Connect should sync the account to “System 1”	User::externalIDs
idautoPersonToSystem2	Sync Person to System 2	Boolean	-	Indicates whether Connect should sync the account to “System 2”	User::externalIDs
idautoPersonToSystem3	Sync Person to System 3	Boolean	-	Indicates whether Connect should sync the account to “System 3”	User::externalIDs
idautoPersonToSystem4	Sync Person to System 4	Boolean	-	Indicates whether Connect should sync the account to “System 4”	User::externalIDs
idautoPersonToSystem5	Sync Person to System 5	Boolean	-	Indicates whether Connect should sync the account to “System 5”	User::externalIDs
idautoPersonSafeIdCompromisedDate	Account Compromised Date	Date	pres	Indicates when a user’s account was marked as compromised via the SafeID feature Introduced in version amazon-ricloud-2022-03-01 Equality index changed to Presence index in version amazon-ricloud-2022-07-11	User::compromisedDate

Other IDs

All of these attributes have a unique constraint.

Attribute Name	Friendly Name	DataType	Multi-Valued	Indexes	Description / Constraints	RING Entity::Field/Method
idautoPersonHRID	Employee ID	String	N	eq,sub	Meant to hold the unique identifier from the “HR System” Substring index added in version: amazon-ricloud-2022-03-01	User::externalIDs
idautoPersonStuID	Student ID	String	N	eq,sub	Meant to hold the unique identifier from the “Student Information System” Substring index added in version: amazon-ricloud-2022-03-01	User::externalIDs
idautoPersonPayrollID	Payroll ID	String	N	eq	Meant to hold the unique identifier from the “Payroll System”	User::externalIDs
idautoPersonSystem1ID	System 1 ID	String	N	eq	Meant to hold the unique identifier from “System 1”	User::externalIDs
idautoPersonSystem2ID	System 2 ID	String	N	eq	Meant to hold the unique identifier from “System 2”	User::externalIDs
idautoPersonSystem3ID	System 3 ID	String	N	eq	Meant to hold the unique identifier from “System 3”	User::externalIDs
idautoPersonSystem4ID	System 4 ID	String	N	eq	Meant to hold the unique identifier from “System 4”	User::externalIDs
idautoPersonSystem5ID	System 5 ID	String	N	eq	Meant to hold the unique identifier from “System 5”	User::externalIDs
idautoPersonStateID	State ID	String	N	eq	Meant to hold the unique identifier from “State” (Education)	User::externalIDs
idautoPersonDistrictID	District ID	String	N	eq	Meant to hold the unique identifier from “District” (Education)	User::externalIDs
idautoPersonSchoolID	School ID	String	N	eq	Meant to hold the unique identifier from “School” (Education)	User::externalIDs
idautoPersonSAMAccountName	AD Username	String	N	eq	Meant to hold the account’s current sAMAccountName value from AD Maximum length: 20	User::externalIDs
idautoPersonPrevSAMAccountNames	Previous AD Usernames	String	Y	eq	Meant to hold the account’s current and all previous sAMAccountName values from AD Maximum length: 20	User::externalIDs
idautoPersonPreferredLastName	Preferred Last Name	String	N		The last name the user wants or has elected to be known by Introduced in version: amazon-ricloud-2023-04-21	User::externalIDs
idautoPersonPreferredName	Preferred Name	String	N		The name the user wants or has elected to be known by Introduced in version: amazon-ricloud-2023-04-21	User::externalIDs

Extensible

None of these attribute has a unique constraint.

Attribute Name	Friendly Name	DataType	Multi-Valued	Unique	Indexes	Description / Constraints	RING Entity::Field/Method
idautoPersonExt1	Custom Attribute 1	String	Y	N	eq, sub	Custom attribute	Entity::attributes
idautoPersonExt2	Custom Attribute 2	String	Y	N	eq, sub	Custom attribute	Entity::attributes
idautoPersonExt3	Custom Attribute 3	String	Y	N	eq, sub	Custom attribute	Entity::attributes
idautoPersonExt4	Custom Attribute 4	String	Y	N	eq, sub	Custom attribute	Entity::attributes
idautoPersonExt5	Custom Attribute 5	String	Y	N	eq, sub	Custom attribute	Entity::attributes
idautoPersonExt6	Custom Attribute 6	String	Y	N	eq, sub	Custom attribute	Entity::attributes
idautoPersonExt7	Custom Attribute 7	String	Y	N	eq, sub	Custom attribute	Entity::attributes
idautoPersonExt8	Custom Attribute 8	String	Y	N	eq, sub	Custom attribute	Entity::attributes
idautoPersonExt9	Custom Attribute 9	String	Y	N	eq, sub	Custom attribute	Entity::attributes
idautoPersonExt10	Custom Attribute 10	String	Y	N	eq, sub	Custom attribute	Entity::attributes
idautoPersonExt11	Custom Attribute 11	String	Y	N	eq, sub	Custom attribute	Entity::attributes
idautoPersonExt12	Custom Attribute 12	String	Y	N	eq, sub	Custom attribute	Entity::attributes
idautoPersonExt13	Custom Attribute 13	String	Y	N	eq, sub	Custom attribute	Entity::attributes
idautoPersonExt14	Custom Attribute 14	String	Y	N	eq, sub	Custom attribute	Entity::attributes
idautoPersonExt15	Custom Attribute 15	String	Y	N	eq, sub	Custom attribute	Entity::attributes
idautoPersonExt16	Custom Attribute 16	String	Y	N	eq, sub	Custom attribute	Entity::attributes
idautoPersonExt17	Custom Attribute 17	String	Y	N	eq, sub	Custom attribute	Entity::attributes
idautoPersonExt18	Custom Attribute 18	String	Y	N	eq, sub	Custom attribute	Entity::attributes
idautoPersonExt19	Custom Attribute 19	String	Y	N	eq, sub	Custom attribute	Entity::attributes
idautoPersonExt20	Custom Attribute 20	String	Y	N	eq, sub	Custom attribute	Entity::attributes
idautoPersonExtBool1	Custom Boolean Attribute 1	Boolean	N	N	eq	Custom Attribute The attribute should be cleared instead of set to FALSE	Entity::attributes
idautoPersonExtBool2	Custom Boolean Attribute 2	Boolean	N	N	eq	Custom Flag The attribute should be cleared instead of set to FALSE	Entity::attributes
idautoPersonExtBool3	Custom Boolean Attribute 3	Boolean	N	N	eq	Custom Flag The attribute should be cleared instead of set to FALSE	Entity::attributes
idautoPersonExtBool4	Custom Boolean Attribute 4	Boolean	N	N	eq	Custom Flag The attribute should be cleared instead of set to FALSE	Entity::attributes
idautoPersonExtBool5	Custom Boolean Attribute 5	Boolean	N	N	eq	Custom Flag The attribute should be cleared instead of set to FALSE	Entity::attributes
idautoPersonAppRoles1	Application 1 Roles	String	Y	N	eq	Arbitrary role values for “Application 1” (e.g. AWS SAML Roles)	Entity::attributes
idautoPersonAppRoles2	Application 2 Roles	String	Y	N	eq	Arbitrary role values for “Application 2” (e.g. AWS SAML Roles)	Entity::attributes
idautoPersonAppRoles3	Application 3 Roles	String	Y	N	eq	Arbitrary role values for “Application 3” (e.g. AWS SAML Roles)	Entity::attributes
idautoPersonAppRoles4	Application 4 Roles	String	Y	N	eq	Arbitrary role values for “Application 4” (e.g. AWS SAML Roles)	Entity::attributes
idautoPersonAppRoles5	Application 5 Roles	String	Y	N	eq	Arbitrary role values for “Application 5” (e.g. AWS SAML Roles)	Entity::attributes
idautoPersonAppRoles6	Application 6 Roles	String	Y	N	eq	Arbitrary role values for “Application 6” (e.g. AWS SAML Roles)	Entity::attributes
idautoPersonAppRoles7	Application 7 Roles	String	Y	N	eq	Arbitrary role values for “Application 7” (e.g. AWS SAML Roles)	Entity::attributes
idautoPersonAppRoles8	Application 8 Roles	String	Y	N	eq	Arbitrary role values for “Application 8” (e.g. AWS SAML Roles)	Entity::attributes
idautoPersonAppRoles9	Application 9 Roles	String	Y	N	eq	Arbitrary role values for “Application 9” (e.g. AWS SAML Roles)	Entity::attributes
idautoPersonAppRoles10	Application 10 Roles	String	Y	N	eq	Arbitrary role values for “Application 10” (e.g. AWS SAML Roles)	Entity::attributes

Groups

• All account entries must be put directly under ou=Groups,dc=meta.
• All LDAP entries MUST contain objectClass=groupOfNames , objectClass=idautoGroup, a unique idautoID value and a unique cn value.
• The DN for all accounts must look like idautoID=<idautoID value>,ou=Groups,dc=meta

Core Attributes

Attribute Name	Friendly Name	DataType	Multi-Valued	Unique	Indexes	Description / Constraints	RING Entity::Field/Method
idautoID	ID	UUID	N	Y	eq	Required unique GUID of the group Must not be changed after initial creation	Entity::identity
cn	Group Name	String	N	Y	eq, sub	Required unique name of the group	Entity::name
description	Group Description	String	N	N	eq, sub	Optional group description	Entity::description
member	-	DN	Y	N	eq	DNs of all current group members	Group::getDirectMembers()
idautoGroupOwners	-	DN	Y	N	eq	Owners of the group	Group::owners
idautoGroupCoOwners	-	DN	Y	N	eq	Co-owners (membership managers) of the group	Group::coOwners
idautoGroupCoOwnerEditable	-	Boolean	N	N	-	Whether co-owners may edit the group details	Group::coOwnersEditable
idautoGroupIncludeFilter	-	String	N	N	-	Dynamic membership filter	Group::dynamicIncludes
idautoGroupIncludeBaseDN	-	DN	N	N	-	Dynamic membership search base DN Consider this to be deprecated	N/A
idautoGroupExcludeFilter	-	String	N	N	-	Dynamic membership exclusion filter	Group::dynamicExcludes
idautoGroupExcludeBaseDN	-	DN	N	N	-	Dynamic membership exclusion search base DN Consider this to be deprecated	N/A
idautoGroupStaticIncludes	-	DN	Y	N	eq	DNs of all static group members	Group::staticIncludes
idautoGroupStaticExcludes	-	DN	Y	N	eq	DNs of all static group exclusions	Group::staticExcludes
idautoGroupSyncInterval	-	Integer	N	N	-	Automatic sync interval in hours (optional) This attribute it made obsolete in the 2023.05.0 release, which introduces a new paradigm for syncing groups based on a cron expression.	Group::syncIntervalInHours
idautoGroupLastSynced	-	DateTime	N	N	eq	Date/Time when the membership was last synced	Group::lastSyncedOn

Special Attributes

Attribute Name	Friendly Name	DataType	Multi-Valued	Unique	Indexes	Description / Constraints	RING Entity::Field/Method
idautoGroupEmailAddress	Group Email Address	String	N	Y	eq, sub	Unique email address for “distribution list” groups	Group::email
idautoGroupEmailAliases	Group Email Aliases	String	Y	Y	eq, sub	Unique email aliases for “distribution list” groups	Group::emailAliases
idautoGroupToSystem1	Sync Group to System 1	Boolean	N	N	-	Flag indicating group should be synced to “System 1”	Group::externalIDs
idautoGroupToSystem2	Sync Group to System 2	Boolean	N	N	-	Flag indicating group should be synced to “System 2”	Group::externalIDs
idautoGroupToSystem3	Sync Group to System 3	Boolean	N	N	-	Flag indicating group should be synced to “System 3”	Group::externalIDs
idautoGroupToSystem4	Sync Group to System 4	Boolean	N	N	-	Flag indicating group should be synced to “System 4”	Group::externalIDs
idautoGroupToSystem5	Sync Group to System 5	Boolean	N	N	-	Flag indicating group should be synced to “System 5”	Group::externalIDs
idautoGroupToSystem6	Sync Group to System 6	Boolean	N	N	-	Flag indicating group should be synced to “System 6”	Group::externalIDs
idautoGroupToSystem7	Sync Group to System 7	Boolean	N	N	-	Flag indicating group should be synced to “System 7”	Group::externalIDs
idautoGroupToSystem8	Sync Group to System 8	Boolean	N	N	-	Flag indicating group should be synced to “System 8”	Group::externalIDs
idautoGroupToSystem9	Sync Group to System 9	Boolean	N	N	-	Flag indicating group should be synced to “System 9”	Group::externalIDs
idautoGroupToSystem10	Sync Group to System 10	Boolean	N	N	-	Flag indicating group should be synced to “System 10”	Group::externalIDs

Extensible

None of these attribute has a unique constraint.

Attribute Name	Friendly Name	DataType	Multi-Valued	Indexes	Description / Constraints	RING Entity::Field/Method
idautoGroupExt1	Custom Group Attribute 1	String	Y	eq, sub	Custom Attribute	Group::attributes
idautoGroupExt2	Custom Group Attribute 1	String	Y	eq, sub	Custom Attribute	Group::attributes
idautoGroupExt3	Custom Group Attribute 1	String	Y	eq, sub	Custom Attribute	Group::attributes
idautoGroupExt4	Custom Group Attribute 1	String	Y	eq, sub	Custom Attribute	Group::attributes
idautoGroupExt5	Custom Group Attribute 1	String	Y	eq, sub	Custom Attribute	Group::attributes

Operational

• Read-only attributes not associated with any particular class but available on all.

Operational Attributes

Attribute Name	Friendly Name	DataType	Multi-Valued	Unique	Indexes	Description / Constraints	RING Entity::Field/Method
memberOf		DN	Y	N		read-only - comes from slapo-memberof overlay	User::getDirectMemberships(), Group::getDirectMemberships()
entryDN		DN	N	N		read-only - the DN name of the object	Entity::name
createTimestamp		Date	N	N		read-only - the creation timestamp of the object	Entity::createdOn
modifyTimestamp		Date	N	N		read-only - the most recent modification timestamp of the object	Entity::modifiedOn
creatorsName		DN	N	N		read-only - the DN of the creator of the object	Entity::createdBy
modifiersName		DN	N	N		read-only - the DN of the most recent modifier of the object	Entity::modifiedBy

Updated on Wed Jun 07 2023 03:36:15 GMT-0400 (Eastern Daylight Time)