RapidIdentity Cloud Directory Schema

idautoID

ID

UUID

N

Y

eq

• Required unique GUID of the account

• Must not be changed after initial creation

idautoPersonUserNameMV

Usernames

String

Y

Y

eq, sub

• Required unique usernames for the account

givenName

First Name

String

N

N

eq, sub

• Person’s first name

sn

Last Name

String

N

N

eq, sub

• Person’s last name

displayName

Display Name

String

N

N

eq, sub

• Constructed by Connect, generally as “<givenName> <sn>”

mail

Email

String

N

Y

eq, sub

• Primary organizational email account

• Must contain an '@'

idautoPersonEmailAddresses 

Email Addresses

String

Y

N

eq, sub

• Current and past email addresses

idautoPersonHomeEmail

Personal Email Address

String

N

N

eq, sub

• Personal/Home email address for email to reset forgotten password and use as an auth method

idautoDisabled

-

Boolean

N

N

eq

• If TRUE, the account is considered DISABLED in RapidIdentity

• The attribute should be cleared instead of set to FALSE

userPassword

-

Binary

N

N

-

• Hashed account password

idauto-pwdPrivate

-

Binary

N

N

-

• Encrypted password managed by the Identity Automation password filter

• Automatically managed / Not writeable

idauto-pwdPrivateTS

-

DateTime

N

N

eq

• The date/time in which the idauto-pwdPrivate value was last set

• Automatically managed / Not writeable

idautoPersonPhotoURL

Photo URL

String

N

N

-

• URL to the person’s profile image

mobile

Mobile Numbers

String

Y

N

-

• Person’s mobile phone numbers

manager

Manager

DN

Y

N

eq

• DNs of the person’s managers

directReports

-

DN

Y

N

eq

• DNs of all of the person’s direct reports

• Automatically managed / Not writeable

idautoPersonEndDate

Expiration Date

DateTime

N

N

eq

• Expiration date for Sponsored Accounts

• Can be used to store disable date from source systems for non-Sponsored Student Accounts

employeeType

Role

String

Y

N

eq

• Valid values include: staff, student, teacher, sponsored, parent

• ID Hub only supports polices on staff, student, teacher

• RapidIdentity calls this Account Type

idautoChallengeSet

-

String

Y

N

-

• Stores RapidIdentity challenge question/answer data for the person

• Existing data MUST NOT be updated by Connect

idautoChallengeSetTimestamp

-

DateTime

N

N

-

• Date/time when the person last set up their challenge questions/answers

• Can be cleared to force the user to do challenge setup again at next login if their Challenge Policy requires it

idautoRequestAssociations

-

String

Y

N

eq

• Contains the IDs of all granted, “bound” Workflow Entitlements for the person

• Data MUST NOT be updated by Connect

• Can be read to make policy or other decisions based on current RapidIdentity workflow entitlements

idautoPersonClaimCode

Claim Code

String

N

N

eq

• Stores an arbitrary “claim code” used by the out-of-the-box RapidIdentity Claim Policy

• Has an attribute constraint enforcing a minimum of 8 characters (Introduced in schema version 2025-02-19-000)

• Uniqueness and other constraints are not enforced by the data store

idautoPersonClaimFlag

Claimed

Boolean

N

N

-

• Set to TRUE by RapidIdentity when an account is successfully claimed

• Used as a filter term in the out-of-the-box RapidIdentity Claim Policy to ensure that an account may not be claimed more than once

  • The attribute should be cleared instead of set to FALSE

memberOf

DN

Y

N

• read-only - comes from slapo-memberof overlay

l

City

String

Y

eq, sub

• Person’s cities

st

State

String

Y

eq, sub

• Person’s states

idautoPersonCountry

Country

String

Y

-

• Person’s countries

Note: Introduced in amazon-ricloud-2022-12-21

idautoPersonStreetAddress

Street Address

String

Y

-

• Person’s street addresses

Note: Introduced in amazon-ricloud-2022-12-21

postalCode

Postal Code

String

Y

-

• Person’s postal codes

idautoPersonMiddleName

Middle Name

String

N

-

• Person’s middle name/initial

• Often used for username/email generation in Connect

idautoPersonOfficePhone

Office Phone

String

N

-

• Person’s office phone number

idautoPersonPhoneExtension

Phone Extension

String

N

-

• Person’s phone extension

idautoPersonHomePhone

Home Phone

String

N

-

• Person’s home phone number

idautoPersonBirthdate

Birthdate

Date

N

-

• Person’s birthdate

• Format: yyyy-MM-dd

• Often used for account claiming or help desk identification

idautoPersonTermDate

Source Termination DateLast Enroll Date

Date

N

-

• Account termination date originating from source systems (for Students)

• Format: yyyy-MM-dd

• Often useful for making decisions in Connect

idautoPersonGraduationDate

Graduation Date

Date

N

-

• This is used to store graduation date, as institutions typically allow students to access their data beyond their graduation

Note: Introduced in amazon-ricloud-2022-12-21

idautoPersonEmployeeTypes

Employee Types

String

Y

eq

• Employee Types beyond what is stored in employeeType

• Examples: Teacher, Admin, Para

• Often used for dynamic role membership and other RapidIdentity ACLs

idautoPersonDeptCodes

Department Codes

String

Y

eq, sub

• Codes for all departments in which the person is a member

• Often used for dynamic role membership and other RapidIdentity ACLs

idautoPersonDeptCode

Primary Department Code

String

N

eq, sub

• Person’s primary department code

• Often used for dynamic role membership, RapidIdentity ACLs and making decisions in Connect

idautoPersonDeptDescrs

Departments

String

Y

eq, sub

• Descriptions for all departments in which the person is a member

• Often used for dynamic role membership and other RapidIdentity ACLs

• Often on display in Delegation Profiles

idautoPersonDeptDescr

Department

String

N

eq, sub

• Person’s primary department description

• Often used for dynamic role membership and other RapidIdentity ACLs

• Often on display in Delegation Profiles

idautoPersonLocCodes

Location Codes

String

Y

eq, sub

• Codes for all locations associated with the person

• Often used for dynamic role membership and other RapidIdentity ACLs

idautoPersonLocCode

Primary Location Code

String

N

eq, sub

• Person’s primary location code

• Often used for dynamic role membership, RapidIdentity ACLs and making decisions in Connect

idautoPersonLocNames

Locations

String

Y

eq, sub

• Names for all locations associated with the person

• Often used for dynamic role membership and other RapidIdentity ACLs

• Often on display in Delegation Profiles

idautoPersonLocName

Primary Location

String

N

eq, sub

• Person’s primary location name

• Often used for dynamic role membership and other RapidIdentity ACLs

• Often on display in Delegation Profiles

idautoPersonJobCodes

Job Codes

String

Y

eq, sub

• Codes for all jobs associated with the person

• Often used for dynamic role membership and other RapidIdentity ACLs

idautoPersonJobCode

Job Code

String

N

eq, sub

• Person’s primary job code

• Often used for dynamic role membership, RapidIdentity ACLs and making decisions in Connect

idautoPersonJobTitles

Job Titles

String

Y

eq, sub

• Titles for all jobs associated with the person

• Often used for dynamic role membership and other RapidIdentity ACLs

• Often on display in Delegation Profiles

idautoPersonJobTitle

Job Title

String

N

eq, sub

• Person’s primary job title

• Often used for dynamic role membership and other RapidIdentity ACLs

• Often on display in Delegation Profiles

idautoPersonAffiliations

Affiliations

String

Y

eq,sub

• Used to store granular affiliations, such as Faculty, Staff, Emeritus, Retiree, Student Applicant, Student Admitted, Student Enrolled, Student Graduated, etc.

Note: Introduced in amazon-ricloud-2022-12-21

idautoPersonAffiliation

Primary Affiliation

String

N

eq,sub

• Used to store primary affiliation associated with user

Note: Introduced in amazon-ricloud-2022-12-21

idautoPersonGender

Gender

String

N

-

• Person’s gender

Note: Introduced in amazon-ricloud-2022-12-21

idautoPersonPronouns

Pronouns

String

Y

-

• Person’s pronouns

Note: Introduced in amazon-ricloud-2022-12-21

idautoPersonProfileUrl

Profile Url

String

N

-

• Person's Profile URL for Online directory, contact cards, brings up bio page

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonADProfilePath

AD Profile Path

String

N

-

• Person’s Active Directory Home Directory

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonBadgeIDs

Badge IDs

String

Y

-

• Person’s Associated Proximity Badge IDs

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonEnrollDate

Student Enrollment Date

Date

N

eq

• Student Person’s Enrollment Date

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonStartDate

Student Start Date

DateTime

N

eq

• Student Person’s Start Date

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonStaffStartDate

Staff Start Date

DateTime

N

eq

• Staff Person’s Start Date (specifically for employees)

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonStaffEndDate

Staff End Date

DateTime

N

eq

• Staff Person’s End Date (specifically for employees)

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonStaffAccessTermDate

Staff Access Termination Date

DateTime

N

eq

• Staff Person’s Access Termination Date (specifically for employees)

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonStaffLastDateWorked

Staff Last Date Worked

DateTime

N

eq

• Staff Person’s Final Day of work (specifically for employees)

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonContractStartDate

Contractor Start Date

DateTime

N

eq

• Contractor Person’s Start Date (specifically for contract employees)

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonContractEndDate

Contractor End Date

DateTime

N

eq

• Contractor Person’s End Date (specifically for contract employees)

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonContractAccessTermDate

Contractor Access Termination Date

DateTime

N

eq

• Contractor Person’s Access Termination Date (specifically for contract employees)

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonContractLastDateWorked

Contractor Last Date Worked

DateTime

N

eq

• Contractor Person’s Final Day of work (specifically for contract employees)

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonAllAccessTermDate

All access termination date

DateTime

N

-

• Person’s Complete access termination date (student, staff, contractor)

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonTeachers

Teachers

DN

Y

eq

• DNs of all teachers associated with a Student person

idautoPersonStudents

-

DN

Y

eq

• DNs of all students associated with a Teacher person

• Automatically managed / Not writeable

idautoPersonGradeLevel

Grade Level

String

Y

eq

• Student grade level

• Valid values: https://ceds.ed.gov/CEDSElementDetails.aspx?TermId=7100

• In the rare case where an individual Student is associated with multiple grade levels, the policy for working out the discrepancy will be implemented in Connect

• Was made multi-valued in: amazon-ricloud-2022-11-22

idautoPersonSchoolCodes

School Codes

String

Y

eq

• Codes for all schools associated with the person

• Used by Insights/Analytics

• Often used for dynamic role membership and other RapidIdentity ACLs

idautoPersonSchoolNames

School Names

String

Y

eq, sub

• Names of all schools associated with the person

• Often used for dynamic role membership and other RapidIdentity ACLs

• Often on display in Delegation Profiles

idautoPersonActivityCodes

Activity Codes

String

Y

-

• Activity codes are used in determining permissions based on organizational attachment. For students, they are course related values, for employees they are related to positions and / or functions within the organization.

Note: Introduced in amazon-ricloud-2022-12-21

idautoPersonCourseIDs

Course IDs

String

Y

eq,sub

• Course IDs for students

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonCourseCodes

Course Codes

String

Y

eq,sub

• Course codes for students

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonWorkStreetAddress

Work Street Address

Y

-

• Person’s Work Street Address in a multi-line format

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonWorkCity

Work City

N

-

• Person’s Work City

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonWorkState

Work State

N

-

• Person’s Work State or Region

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonWorkCountry

Work Country

N

-

• Person’s Work Country

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonWorkPostalCode

Work Postal Code

N

-

• Person’s Work Postal Code

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonManagedOrgs

Managed Orgs

Y

-

• Person’s List of organizations being managed (Organization IDs)

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonStatusOverride

Override Source Status

Boolean

eq

• If TRUE then the account's idautoDisabled value should not be changed automatically from source system data

• The attribute should be cleared instead of set to FALSE

idautoPersonStatusOverrideReason

Override Source Status Reason

String

-

• When a status override is applied to an account, this free text attribute can be used to note the reasoning for future re-evaluation

Note: Introduced in amazon-ricloud-2022-12-21

idautoPersonStatusOverrideExpiration

Override Source Status Expiration

DateTime

-

• Used to apply a long-term status override automatic expiration date, if it is known when an account is overridden when the override should automatically expire. This would allow a simple actionset to revoke the status override on the specified date.

Note: Introduced in amazon-ricloud-2022-12-21

idautoPersonRenameUsername

Rename Username

String

-

• The new username which will be assigned to the account on the rename date

• For Connect: Any value populated here should also be populated in the idautoPersonUserNameMV attribute to “reserve” it

• For ID Hub customers, this attribute is managed.

• Will be made multi-valued in: amazon-ricloud-2025-01-23-001

idautoPersonRenameOverride

Override Renames

Boolean

eq

• If TRUE then the account’s username should not be changed automatically from source system data

• The attribute should be cleared instead of set to FALSE

• Will be made available in: amazon-ricloud-2025-01-23-001

idautoPersonRenameFlagDate

Rename Date

Date

eq

• The date which the account will be renamed

• Set by Connect to n days in the future where n is specified by some customer-defined policy

• Format: yyyy-MM-dd

idautoPersonActivationDate

Activation Date

Date

-

• The date which the account should be automatically enabled

• Used by Connect in cases where an account needs to be created now but not enabled until a specific date

• Format: yyyy-MM-dd

idautoPersonSourceStatus

Source System Status

String

-

• Contains arbitrary status value from source system (e.g. HR)

• Connect will use this as a basis for automatic RapidIdentity status changes

idautoPersonToSystem1

Sync Person to System 1

Boolean

-

• Indicates whether Connect should sync the account to “System 1”

idautoPersonToSystem2

Sync Person to System 2

Boolean

-

• Indicates whether Connect should sync the account to “System 2”

idautoPersonToSystem3

Sync Person to System 3

Boolean

-

• Indicates whether Connect should sync the account to “System 3”

idautoPersonToSystem4

Sync Person to System 4

Boolean

-

• Indicates whether Connect should sync the account to “System 4”

idautoPersonToSystem5

Sync Person to System 5

Boolean

-

• Indicates whether Connect should sync the account to “System 5”

idautoPersonSafeIdCompromisedDate

Account Compromised Date

DateTime

pres

• Indicates when a user’s account was marked as compromised via the SafeID feature

Introduced in version amazon-ricloud-2022-03-01 Equality index changed to Presence index in version amazon-ricloud-2022-07-11

idautoPersonPreferredLanguage

Preferred Language

String

-

• Person’s List of organizations being managed (Organization IDs)

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonPreferredLastName

Preferred Last Name

String

N

• The last name the user wants or has elected to be known by

• Introduced in version: amazon-ricloud-2023-04-21

idautoPersonPreferredName

Preferred Name

String

N

• The name the user wants or has elected to be known by

• Introduced in version: amazon-ricloud-2023-04-21

idautoPersonPasswordSet

Password Set

Boolean

N

• Indicates that a user’s password has been set through some operation in RapidIdentity

• Introduced in version: amazon-ricloud-2024-06-21

idautoPersonSponsoredAccountStatus

-

String

N

• Indicates a delayed status result for Sponsored Account operations that are synced via IDHub

• Introduced in version: amazon-riclound-2024-07-16

idautoPersonHRID

Employee ID

String

N

eq,sub

• Meant to hold the unique identifier from the “HR System”

Substring index added in version: amazon-ricloud-2022-03-01

idautoPersonStuID

Student ID

String

N

eq,sub

• Meant to hold the unique identifier from the “Student Information System”

Substring index added in version: amazon-ricloud-2022-03-01

idautoPersonPayrollID

Payroll ID

String

N

eq

• Meant to hold the unique identifier from the “Payroll System”

idautoPersonSystem1ID

System 1 ID

String

N

eq

• Meant to hold the unique identifier from “System 1”

idautoPersonSystem2ID

System 2 ID

String

N

eq

• Meant to hold the unique identifier from “System 2”

idautoPersonSystem3ID

System 3 ID

String

N

eq

• Meant to hold the unique identifier from “System 3”

idautoPersonSystem4ID

System 4 ID

String

N

eq

• Meant to hold the unique identifier from “System 4”

idautoPersonSystem5ID

System 5 ID

String

N

eq

• Meant to hold the unique identifier from “System 5”

idautoPersonStateID

State ID

String

N

eq

• Meant to hold the unique identifier from “State” (Education)

idautoPersonDistrictID

District ID

String

N

eq

• Meant to hold the unique identifier from “District” (Education)

idautoPersonSchoolID

School ID

String

N

eq

• Meant to hold the unique identifier from “School” (Education)

idautoPersonSAMAccountName

AD Username

String

N

eq

• Meant to hold the account’s current sAMAccountName value from AD

• Maximum length: 20

idautoPersonPrevSAMAccountNames

Previous AD Usernames

String

Y

eq

• Meant to hold all of the account’s previous usernames

• Before ID Hub: Meant to hold the account’s current and all previous sAMAccountName values from AD

• Maximum length: 20 (until amazon-ricloud-2025-01-23-001when the length constraint is dropped)

idautoPersonManagerID

Manager ID

String

N

eq

• Person’s Manager ID

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonNationalID

National ID

String

N

eq

• Person’s National ID

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonExt1

Custom Attribute 1

String

Y

N

eq, sub

• Custom attribute

idautoPersonExt2

Custom Attribute 2

String

Y

N

eq, sub

• Custom attribute

idautoPersonExt3

Custom Attribute 3

String

Y

N

eq, sub

• Custom attribute

idautoPersonExt4

Custom Attribute 4

String

Y

N

eq, sub

• Custom attribute

idautoPersonExt5

Custom Attribute 5

String

Y

N

eq, sub

• Custom attribute

idautoPersonExt6

Custom Attribute 6

String

Y

N

eq, sub

• Custom attribute

idautoPersonExt7

Custom Attribute 7

String

Y

N

eq, sub

• Custom attribute

idautoPersonExt8

Custom Attribute 8

String

Y

N

eq, sub

• Custom attribute

idautoPersonExt9

Custom Attribute 9

String

Y

N

eq, sub

• Custom attribute

idautoPersonExt10

Custom Attribute 10

String

Y

N

eq, sub

• Custom attribute

idautoPersonExt11

Custom Attribute 11

String

Y

N

eq, sub

• Custom attribute

idautoPersonExt12

Custom Attribute 12

String

Y

N

eq, sub

• Custom attribute

idautoPersonExt13

Custom Attribute 13

String

Y

N

eq, sub

• Custom attribute

idautoPersonExt14

Custom Attribute 14

String

Y

N

eq, sub

• Custom attribute

idautoPersonExt15

Custom Attribute 15

String

Y

N

eq, sub

• Custom attribute

idautoPersonExt16

Custom Attribute 16

String

Y

N

eq, sub

• Custom attribute

idautoPersonExt17

Custom Attribute 17

String

Y

N

eq, sub

• Custom attribute

idautoPersonExt18

Custom Attribute 18

String

Y

N

eq, sub

• Custom attribute

idautoPersonExt19

Custom Attribute 19

String

Y

N

eq, sub

• Custom attribute

idautoPersonExt20

Custom Attribute 20

String

Y

N

eq, sub

• Custom attribute

idautoPersonExt21

Custom Attribute 21

String

Y

N

eq, sub

• Custom attribute

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonExt22

Custom Attribute 22

String

Y

N

eq, sub

• Custom attribute

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonExt23

Custom Attribute 23

String

Y

N

eq, sub

• Custom attribute

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonExt24

Custom Attribute 24

String

Y

N

eq, sub

• Custom attribute

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonExt25

Custom Attribute 25

String

Y

N

eq, sub

• Custom attribute

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonExtBool1

Custom Boolean Attribute 1

Boolean

N

N

eq

• Custom Attribute

• The attribute should be cleared instead of set to FALSE

idautoPersonExtBool2

Custom Boolean Attribute 2

Boolean

N

N

eq

• Custom Flag

• The attribute should be cleared instead of set to FALSE

idautoPersonExtBool3

Custom Boolean Attribute 3

Boolean

N

N

eq

• Custom Flag

• The attribute should be cleared instead of set to FALSE

idautoPersonExtBool4

Custom Boolean Attribute 4

Boolean

N

N

eq

• Custom Flag

• The attribute should be cleared instead of set to FALSE

idautoPersonExtBool5

Custom Boolean Attribute 5

Boolean

N

N

eq

• Custom Flag

• The attribute should be cleared instead of set to FALSE

idautoPersonAppRoleFriendlyNames

App Role Friendly Names

String

Y

N

-

• The friendly names for the App roles

Note: Introduced in amazon-ricloud-2023-07-01

idautoPersonAppRoles1

Application 1 Roles

String

Y

N

eq

• Arbitrary role values for “Application 1” (e.g. AWS SAML Roles)

idautoPersonAppRoles2

Application 2 Roles

String

Y

N

eq

• Arbitrary role values for “Application 2” (e.g. AWS SAML Roles)

idautoPersonAppRoles3

Application 3 Roles

String

Y

N

eq

• Arbitrary role values for “Application 3” (e.g. AWS SAML Roles)

idautoPersonAppRoles4

Application 4 Roles

String

Y

N

eq

• Arbitrary role values for “Application 4” (e.g. AWS SAML Roles)

idautoPersonAppRoles5

Application 5 Roles

String

Y

N

eq

• Arbitrary role values for “Application 5” (e.g. AWS SAML Roles)

idautoPersonAppRoles6

Application 6 Roles

String

Y

N

eq

• Arbitrary role values for “Application 6” (e.g. AWS SAML Roles)

idautoPersonAppRoles7

Application 7 Roles

String

Y

N

eq

• Arbitrary role values for “Application 7” (e.g. AWS SAML Roles)

idautoPersonAppRoles8

Application 8 Roles

String

Y

N

eq

• Arbitrary role values for “Application 8” (e.g. AWS SAML Roles)

idautoPersonAppRoles9

Application 9 Roles

String

Y

N

eq

• Arbitrary role values for “Application 9” (e.g. AWS SAML Roles)

idautoPersonAppRoles10

Application 10 Roles

String

Y

N

eq

• Arbitrary role values for “Application 10” (e.g. AWS SAML Roles)

idautoID

ID

UUID

N

Y

eq

• Required unique GUID of the group

• Must not be changed after initial creation

cn

Group Name

String

N

Y

eq, sub

• Required unique name of the group

description

Group Description

String

N

N

eq, sub

• Optional group description

member

-

DN

Y

N

eq

• DNs of all current group members

idautoGroupOwners

-

DN

Y

N

eq

• Owners of the group

idautoGroupCoOwners

-

DN

Y

N

eq

• Co-owners (membership managers) of the group

idautoGroupCoOwnerEditable

-

Boolean

N

N

-

• Whether co-owners may edit the group details

idautoGroupIncludeFilter

-

String

N

N

-

• Dynamic membership filter

idautoGroupIncludeBaseDN

-

DN

N

N

-

• Dynamic membership search base DN

• Consider this to be deprecated

idautoGroupExcludeFilter

-

String

N

N

-

• Dynamic membership exclusion filter

idautoGroupExcludeBaseDN

-

DN

N

N

-

• Dynamic membership exclusion search base DN

• Consider this to be deprecated

idautoGroupStaticIncludes

-

DN

Y

N

eq

• DNs of all static group members

idautoGroupStaticExcludes

-

DN

Y

N

eq

• DNs of all static group exclusions

idautoGroupSyncInterval

-

Integer

N

N

-

• Automatic sync interval in hours (optional)

• This attribute it made obsolete in the 2023.05.0 release, which introduces a new paradigm for syncing groups based on a cron expression.

idautoGroupLastSynced

-

DateTime

N

N

eq

• Date/Time when the membership was last synced

idautoGroupEmailAddress

Group Email Address

String

N

Y

eq, sub

• Unique email address for “distribution list” groups

idautoGroupEmailAliases

Group Email Aliases

String

Y

Y

eq, sub

• Unique email aliases for “distribution list” groups

idautoGroupToSystem1

Sync Group to System 1

Boolean

N

N

-

• Flag indicating group should be synced to “System 1”

idautoGroupToSystem2

Sync Group to System 2

Boolean

N

N

-

• Flag indicating group should be synced to “System 2”

idautoGroupToSystem3

Sync Group to System 3

Boolean

N

N

-

• Flag indicating group should be synced to “System 3”

idautoGroupToSystem4

Sync Group to System 4

Boolean

N

N

-

• Flag indicating group should be synced to “System 4”

idautoGroupToSystem5

Sync Group to System 5

Boolean

N

N

-

• Flag indicating group should be synced to “System 5”

idautoGroupToSystem6

Sync Group to System 6

Boolean

N

N

-

• Flag indicating group should be synced to “System 6”

idautoGroupToSystem7

Sync Group to System 7

Boolean

N

N

-

• Flag indicating group should be synced to “System 7”

idautoGroupToSystem8

Sync Group to System 8

Boolean

N

N

-

• Flag indicating group should be synced to “System 8”

idautoGroupToSystem9

Sync Group to System 9

Boolean

N

N

-

• Flag indicating group should be synced to “System 9”

idautoGroupToSystem10

Sync Group to System 10

Boolean

N

N

-

• Flag indicating group should be synced to “System 10”

idautoGroupExt1

Custom Group Attribute 1

String

Y

eq, sub

• Custom Attribute

idautoGroupExt2

Custom Group Attribute 1

String

Y

eq, sub

• Custom Attribute

idautoGroupExt3

Custom Group Attribute 1

String

Y

eq, sub

• Custom Attribute

idautoGroupExt4

Custom Group Attribute 1

String

Y

eq, sub

• Custom Attribute

idautoGroupExt5

Custom Group Attribute 1

String

Y

eq, sub

• Custom Attribute

memberOf

DN

Y

N

• read-only - comes from slapo-memberof overlay

entryDN

DN

N

N

• read-only - the DN name of the object

createTimestamp

DateTime

N

N

• read-only - the creation timestamp of the object

modifyTimestamp

DateTime

N

N

• read-only - the most recent modification timestamp of the object

creatorsName

DN

N

N

• read-only - the DN of the creator of the object

modifiersName

DN

N

N

• read-only - the DN of the most recent modifier of the object