RapidIdentity Cloud Directory Schema
  • 20 Jan 2023
  • 9 Minutes to read
  • Contributors
  • Dark
    Light

RapidIdentity Cloud Directory Schema

  • Dark
    Light

RapidIdentity Cloud Metadirectory Schema

The directory schema for RapidIdentity Cloud provides a set of rules that define the data elements to be stored and used by RapidIdentity.

To ensure consistency and continuity between RapidIdentity software releases, Identity Automation maintains a comprehensive change management process for the RapidIdentity Cloud Metadirectory. All proposed changes are reviewed by the Directory Change Control Board on a periodic basis and evaluated based on a myriad of factors including but not limited to the business justification and resulting impact associated with the proposed change.

As an integral component of the RapidIdentity System, proposed changes to the RapidIdentity Cloud Metadirectory are considered to be a new feature or a feature enhancement and submitted as Product Ideas via the Identity Automation Support Community. Idea submissions are evaluated on a periodic basis and approved based product fit, alignment with product strategy and customer and market demand.

People/Accounts

  • All account entries must be put directly under ou=Accounts,dc=meta.
  • All LDAP entries MUST contain objectClass=idautoPerson , a unique idautoID value and at least one unique idautoPersonUserNameMV value.
  • The DN for all accounts must look like idautoID=<idautoID_value>,ou=Accounts,dc=meta.

Core Attributes

Attribute Name

Friendly Name

Data

Type

Multi-Valued

Unique

Indexes

Description / Constraints

RING Entity::Field/Method

idautoID

ID

UUID

N

Y

eq

  • Required unique GUID of the account
  • Must not be changed after initial creation

Entity::identity

idautoPersonUserNameMV

Usernames

String

Y

Y

eq, sub

  • Required unique usernames for the account

User::usernames

givenName

First Name

String

N

N

eq, sub

  • Person’s first name

User::firstName

sn

Last Name

String

N

N

eq, sub

  • Person’s last name

User::lastName

displayName

Display Name

String

N

N

eq, sub

  • Constructed by Connect, generally as “<givenName><sn>

User::displayName

mail

Email

String

N

Y

eq, sub

  • Primary organizational email account
  • Must contain an '@'

User::email

idautoPersonEmailAddresses 

Email Addresses

String

Y

Y

eq, sub

  • Current and past email addresses

User::altEmails

idautoPersonHomeEmail

Personal Email Address

String

N

Y

eq, sub

  • Personal/Home email address for email to reset forgotten password and use as an auth method

User::resetEmail

idautoDisabled

-

Boolean

N

N

eq

  • If TRUE, the account is considered DISABLED in RapidIdentity
  • The attribute should be cleared instead of set to FALSE

Entity::active

userPassword

-

Binary

N

N

-

  • Hashed account password

User::passwordHash

idauto-pwdPrivate

-

Binary

N

N

-

  • Encrypted password managed by the Identity Automation password filter
  • Automatically managed / Not writeable

N/A

idauto-pwdPrivateTS

-

DateTime

N

N

eq

  • The date/time in which the idauto-pwdPrivate value was last set
  • Automatically managed / Not writeable

N/A

idautoPersonPhotoURL

Photo URL

String

N

N

-

  • URL to the person’s profile image

User::imageUrl

mobile

Mobile Numbers

String

Y

N

-

  • Person’s mobile phone numbers

User::mobileNumbers

manager

Manager

DN

Y

N

eq

  • DNs of the person’s managers

User::getLinksFrom(),

User::linkFrom()

directReports

-

DN

Y

N

eq

  • DNs of all of the person’s direct reports
  • Automatically managed / Not writeable

User::getLinksTo(),

User::linkTo()

idautoPersonEndDate

Expiration Date

Date/Time

N

N

eq

  • Expiration date for Sponsored Accounts
  • Can be used to store disable date from source systems for non-Sponsored Accounts

User::expirationDate

employeeType

Account Type

String

Y

N

eq

  • Valid values include: Staff, Student, Sponsored, Parent

User::accountTypes

idautoChallengeSet

-

String

Y

N

-

  • Stores RapidIdentity challenge question/answer data for the person
  • Existing data MUST NOT be updated by Connect

User::challengeSet.challengeItems

idautoChallengeSetTimestamp

-

Date/Time

N

N

-

  • Date/time when the person last set up their challenge questions/answers
  • Can be cleared to force the user to do challenge setup again at next login if their Challenge Policy requires it

User::challengeSet.lastModified

idautoRequestAssociations

-

String

Y

N

eq

  • Contains the IDs of all granted, “bound” Workflow Entitlements for the person
  • Data MUST NOT be updated by Connect
  • Can be read to make policy or other decisions based on current RapidIdentity workflow entitlements

User::requestAssociations

idautoPersonClaimCode

Claim Code

String

N

N

eq

  • Stores an arbitrary “claim code” used by the out-of-the-box RapidIdentity Claim Policy
  • Uniqueness and other constraints are not enforced by the data store

User::claimCode

idautoPersonClaimFlag

Claimed

Boolean

N

N

-

  • Set to TRUE by RapidIdentity when an account is successfully claimed
  • Used as a filter term in the out-of-the-box RapidIdentity Claim Policy to ensure that an account may not be claimed more than once
    1. The attribute should be cleared instead of set to FALSE

User::isClaimed

memberOf


DN

Y

N


  • read-only - comes from slapo-memberof overlay

User::getDirectMemberships()

(from Operational Attributes)

Profile Attributes

None of these attributes have a unique constraint.

Attribute Name

Friendly Name

Data Type

Multi-Valued

Indexes

Description / Constraints

RING Entity::Field/Method

l

City

String

Y

eq, sub

  • Person’s cities

User::addresses

st

State

String

Y

eq, sub

  • Person’s states

User::addresses

postalCode

Postal Code

String

Y

-

  • Person’s postal codes

User::addresses

idautoPersonMiddleName

Middle Name

String

N

-

  • Person’s middle name/initial
  • Often used for username/email generation in Connect

User::middleName

idautoPersonOfficePhone

Office Phone

String

N

-

  • Person’s office phone number

User::officePhone

idautoPersonPhoneExtension

Phone Extension

String

N

-

  • Person’s phone extension

User::phoneExtension

idautoPersonHomePhone

Home Phone

String

N

-

  • Person’s home phone number

User::homePhone

idautoPersonBirthdate

Birthdate

Date

N

-

  • Person’s birthdate
  • Format: yyyy-MM-dd
  • Often used for account claiming or help desk identification

User::birthdate

idautoPersonTermDate

Source Termination Date

Last Enroll Date

Date

N

-

  • Account termination date originating from source systems
  • Format: yyyy-MM-dd
  • Often useful for making decisions in Connect

User::terminationDate

idautoPersonEmployeeTypes

Employee Types

String

Y

eq

  • Employee Types beyond what is stored in employeeType
  • Examples: Teacher, Admin, Para
  • Often used for dynamic role membership and other RapidIdentity ACLs

User::accountTypes

idautoPersonDeptCodes

Department Codes

String

Y

eq, sub

  • Codes for all departments in which the person is a member
  • Often used for dynamic role membership and other RapidIdentity ACLs

User::departments

idautoPersonDeptCode

Primary Department Code

String

N

eq, sub

  • Person’s primary department code
  • Often used for dynamic role membership, RapidIdentity ACLs and making decisions in Connect

User::departments

idautoPersonDeptDescrs

Departments

String

Y

eq, sub

  • Descriptions for all departments in which the person is a member
  • Often used for dynamic role membership and other RapidIdentity ACLs
  • Often on display in Delegation Profiles

User::departments

idautoPersonDeptDescr

Department

String

N

eq, sub

  • Person’s primary department description
  • Often used for dynamic role membership and other RapidIdentity ACLs
  • Often on display in Delegation Profiles

User::departments

idautoPersonLocCodes

Location Codes

String

Y

eq, sub

  • Codes for all locations associated with the person
  • Often used for dynamic role membership and other RapidIdentity ACLs

User::locations

idautoPersonLocCode

Primary Location Code

String

N

eq, sub

  • Person’s primary location code
  • Often used for dynamic role membership, RapidIdentity ACLs and making decisions in Connect

User::locations

idautoPersonLocNames

Locations

String

Y

eq, sub

  • Names for all locations associated with the person
  • Often used for dynamic role membership and other RapidIdentity ACLs
  • Often on display in Delegation Profiles

User::locations

idautoPersonLocName

Primary Location

String

N

eq, sub

  • Person’s primary location name
  • Often used for dynamic role membership and other RapidIdentity ACLs
  • Often on display in Delegation Profiles

User::locations

idautoPersonJobCodes

Job Codes

String

Y

eq, sub

  • Codes for all jobs associated with the person
  • Often used for dynamic role membership and other RapidIdentity ACLs

User::jobs

idautoPersonJobCode

Job Code

String

N

eq, sub

  • Person’s primary job code
  • Often used for dynamic role membership, RapidIdentity ACLs and making decisions in Connect

User::jobs

idautoPersonJobTitles

Job Titles

String

Y

eq, sub

  • Titles for all jobs associated with the person
  • Often used for dynamic role membership and other RapidIdentity ACLs
  • Often on display in Delegation Profiles

User::jobs

idautoPersonJobTitle

Job Title

String

N

eq, sub

  • Person’s primary job title
  • Often used for dynamic role membership and other RapidIdentity ACLs
  • Often on display in Delegation Profiles

User::jobs

Education Attributes

None of these attributes have unique constraints

Attribute Name

Friendly Name

Data

Type

Multi-Valued

Indexes

Description / Constraints

idautoPersonTeachers

Teachers

DN

Y

eq

  • DNs of all teachers associated with a Student person

idautoPersonStudents

-

DN

Y

eq

  • DNs of all students associated with a Teacher person
  • Automatically managed / Not writeable

idautoPersonGradeLevel

Grade Level

String

Y

eq

idautoPersonSchoolCodes

School Codes

String

Y

eq

  • Codes for all schools associated with the person
  • Used by Insights/Analytics
  • Often used for dynamic role membership and other RapidIdentity ACLs

idautoPersonSchoolNames

School Names

String

Y

eq, sub

  • Names of all schools associated with the person
  • Often used for dynamic role membership and other RapidIdentity ACLs
  • Often on display in Delegation Profiles

Special Attributes

None of these attributes are multi-valued or have unique constraints

Attribute Name

Friendly Name

Data

Type

Indexes

Description / Constraints

RING Entity::Field/Method

idautoPersonStatusOverride

Override Source Status

Boolean

eq

  • If TRUE then the account's idautoDisabled value should not be changed automatically from source system data
  • The attribute should be cleared instead of set to FALSE

User::overrideStatus

idautoPersonRenameUsername

Rename Username

String

-

  • The new username which will be assigned to the account on the rename date
  • Any value populated here should also be populated in the idautoPersonUserNameMV attribute to “reserve” it

User::renameUsername

idautoPersonRenameFlagDate

Rename Date

Date

eq

  • The date which the account will be renamed
  • Set by Connect to n days in the future where n is specified by some customer-defined policy
  • Format: yyyy-MM-dd

User::renameFlagDate

idautoPersonActivationDate

Activation Date

Date

-

  • The date which the account should be automatically enabled
  • Used by Connect in cases where an account needs to be created now but not enabled until a specific date
  • Format: yyyy-MM-dd

User::activationDate

idautoPersonSourceStatus

Source System Status

String

-

  • Contains arbitrary status value from source system (e.g. HR)
  • Connect will use this as a basis for automatic RapidIdentity status changes

User::externalIDs

idautoPersonToSystem1

Sync Person to System 1

Boolean

-

  • Indicates whether Connect should sync the account to “System 1”

User::externalIDs

idautoPersonToSystem2

Sync Person to System 2

Boolean

-

  • Indicates whether Connect should sync the account to “System 2”

User::externalIDs

idautoPersonToSystem3

Sync Person to System 3

Boolean

-

  • Indicates whether Connect should sync the account to “System 3”

User::externalIDs

idautoPersonToSystem4

Sync Person to System 4

Boolean

-

  • Indicates whether Connect should sync the account to “System 4”

User::externalIDs

idautoPersonToSystem5

Sync Person to System 5

Boolean

-

  • Indicates whether Connect should sync the account to “System 5”

User::externalIDs

idautoPersonSafeIdCompromisedDate

Account Compromised Date

Date

eq

  • Indicates when a user’s account was marked as compromised via the SafeID feature

Introduced in version amazon-ricloud-2022-03-01

User::compromisedDate

Other IDs

All of these attributes have a unique constraint

Attribute Name

Friendly Name

Data

Type

Multi-Valued

Indexes

Description / Constraints

RING Entity::Field/Method

idautoPersonHRID

Employee ID

String

N

eq,sub

  • Meant to hold the unique identifier from the “HR System”

Substring index added in version: amazon-ricloud-2022-03-01

User::externalIDs

idautoPersonStuID

Student ID

String

N

eq,sub

  • Meant to hold the unique identifier from the “Student Information System”

Substring index added in version: amazon-ricloud-2022-03-01

User::externalIDs

idautoPersonPayrollID

Payroll ID

String

N

eq

  • Meant to hold the unique identifier from the “Payroll System”

User::externalIDs

idautoPersonSystem1ID

System 1 ID

String

N

eq

  • Meant to hold the unique identifier from “System 1”

User::externalIDs

idautoPersonSystem2ID

System 2 ID

String

N

eq

  • Meant to hold the unique identifier from “System 2”

User::externalIDs

idautoPersonSystem3ID

System 3 ID

String

N

eq

  • Meant to hold the unique identifier from “System 3”

User::externalIDs

idautoPersonSystem4ID

System 4 ID

String

N

eq

  • Meant to hold the unique identifier from “System 4”

User::externalIDs

idautoPersonSystem5ID

System 5 ID

String

N

eq

  • Meant to hold the unique identifier from “System 5”

User::externalIDs

idautoPersonStateID

State ID

String

N

eq

  • Meant to hold the unique identifier from “State” (Education)

User::externalIDs

idautoPersonDistrictID

District ID

String

N

eq

  • Meant to hold the unique identifier from “District” (Education)

User::externalIDs

idautoPersonSchoolID

School ID

String

N

eq

  • Meant to hold the unique identifier from “School” (Education)

User::externalIDs

idautoPersonSAMAccountName

AD Username

String

N

eq

  • Meant to hold the account’s current sAMAccountName value from AD
  • Maximum length: 20

User::externalIDs

idautoPersonPrevSAMAccountNames

Previous AD Usernames

String

Y

eq

  • Meant to hold the account’s current and all previous sAMAccountName values from AD
  • Maximum length: 20

User::externalIDs

Extensible

None of these attributes have a unique constraint

Attribute Name

Friendly Name

Data

Type

Multi-Valued

Unique

Indexes

Description / Constraints

RING Entity::Field/Method

idautoPersonExt1

Custom Attribute 1

String

Y

N

eq, sub

  • Custom attribute

Entity::attributes

idautoPersonExt2

Custom Attribute 2

String

Y

N

eq, sub

  • Custom attribute

Entity::attributes

idautoPersonExt3

Custom Attribute 3

String

Y

N

eq, sub

  • Custom attribute

Entity::attributes

idautoPersonExt4

Custom Attribute 4

String

Y

N

eq, sub

  • Custom attribute

Entity::attributes

idautoPersonExt5

Custom Attribute 5

String

Y

N

eq, sub

  • Custom attribute

Entity::attributes

idautoPersonExt6

Custom Attribute 6

String

Y

N

eq, sub

  • Custom attribute

Entity::attributes

idautoPersonExt7

Custom Attribute 7

String

Y

N

eq, sub

  • Custom attribute

Entity::attributes

idautoPersonExt8

Custom Attribute 8

String

Y

N

eq, sub

  • Custom attribute

Entity::attributes

idautoPersonExt9

Custom Attribute 9

String

Y

N

eq, sub

  • Custom attribute

Entity::attributes

idautoPersonExt10

Custom Attribute 10

String

Y

N

eq, sub

  • Custom attribute

Entity::attributes

idautoPersonExt11

Custom Attribute 11

String

Y

N

eq, sub

  • Custom attribute

Entity::attributes

idautoPersonExt12

Custom Attribute 12

String

Y

N

eq, sub

  • Custom attribute

Entity::attributes

idautoPersonExt13

Custom Attribute 13

String

Y

N

eq, sub

  • Custom attribute

Entity::attributes

idautoPersonExt14

Custom Attribute 14

String

Y

N

eq, sub

  • Custom attribute

Entity::attributes

idautoPersonExt15

Custom Attribute 15

String

Y

N

eq, sub

  • Custom attribute

Entity::attributes

idautoPersonExt16

Custom Attribute 16

String

Y

N

eq, sub

  • Custom attribute

Entity::attributes

idautoPersonExt17

Custom Attribute 17

String

Y

N

eq, sub

  • Custom attribute

Entity::attributes

idautoPersonExt18

Custom Attribute 18

String

Y

N

eq, sub

  • Custom attribute

Entity::attributes

idautoPersonExt19

Custom Attribute 19

String

Y

N

eq, sub

  • Custom attribute

Entity::attributes

idautoPersonExt20

Custom Attribute 20

String

Y

N

eq, sub

  • Custom attribute

Entity::attributes

idautoPersonExtBool1

Custom Boolean Attribute 1

Boolean

N

N

eq

  • Custom Attribute
  • The attribute should be cleared instead of set to FALSE

Entity::attributes

idautoPersonExtBool2

Custom Boolean Attribute 2

Boolean

N

N

eq

  • Custom Flag
  • The attribute should be cleared instead of set to FALSE

Entity::attributes

idautoPersonExtBool3

Custom Boolean Attribute 3

Boolean

N

N

eq

  • Custom Flag
  • The attribute should be cleared instead of set to FALSE

Entity::attributes

idautoPersonExtBool4

Custom Boolean Attribute 4

Boolean

N

N

eq

  • Custom Flag
  • The attribute should be cleared instead of set to FALSE

Entity::attributes

idautoPersonExtBool5

Custom Boolean Attribute 5

Boolean

N

N

eq

  • Custom Flag
  • The attribute should be cleared instead of set to FALSE

Entity::attributes

idautoPersonAppRoles1

Application 1 Roles

String

Y

N

eq

  • Arbitrary role values for “Application 1” (e.g. AWS SAML Roles)

Entity::attributes

idautoPersonAppRoles2

Application 2 Roles

String

Y

N

eq

  • Arbitrary role values for “Application 2” (e.g. AWS SAML Roles)

Entity::attributes

idautoPersonAppRoles3

Application 3 Roles

String

Y

N

eq

  • Arbitrary role values for “Application 3” (e.g. AWS SAML Roles)

Entity::attributes

idautoPersonAppRoles4

Application 4 Roles

String

Y

N

eq

  • Arbitrary role values for “Application 4” (e.g. AWS SAML Roles)

Entity::attributes

idautoPersonAppRoles5

Application 5 Roles

String

Y

N

eq

  • Arbitrary role values for “Application 5” (e.g. AWS SAML Roles)

Entity::attributes

idautoPersonAppRoles6

Application 6 Roles

String

Y

N

eq

  • Arbitrary role values for “Application 6” (e.g. AWS SAML Roles)

Entity::attributes

idautoPersonAppRoles7

Application 7 Roles

String

Y

N

eq

  • Arbitrary role values for “Application 7” (e.g. AWS SAML Roles)

Entity::attributes

idautoPersonAppRoles8

Application 8 Roles

String

Y

N

eq

  • Arbitrary role values for “Application 8” (e.g. AWS SAML Roles)

Entity::attributes

idautoPersonAppRoles9

Application 9 Roles

String

Y

N

eq

  • Arbitrary role values for “Application 9” (e.g. AWS SAML Roles)

Entity::attributes

idautoPersonAppRoles10

Application 10 Roles

String

Y

N

eq

  • Arbitrary role values for “Application 10” (e.g. AWS SAML Roles)

Entity::attributes

Groups

  • All account entries must be put directly under ou=Groups,dc=meta.
  • All LDAP entries MUST contain objectClass=groupOfNames , objectClass=idautoGroup,  a unique idautoID value and a unique cn value.
  • The DN for all accounts must look like idautoID=<idautoID value>,ou=Groups,dc=meta.

Core Attributes

Attribute Name

Friendly Name

Data

Type

Multi-Valued

Unique

Indexes

Description / Constraints

RING Entity::Field/Method

idautoID

ID

UUID

N

Y

eq

  • Required unique GUID of the group
  • Must not be changed after initial creation

Entity::identity

cn

Group Name

String

N

Y

eq, sub

  • Required unique name of the group

Entity::name

description

Group Description

String

N

N

eq, sub

  • Optional group description

Entity::description

member

-

DN

Y

N

eq

  • DNs of all current group members

Group::getDirectMembers()

idautoGroupOwners

-

DN

Y

N

eq

  • Owners of the group

Group::owners

idautoGroupCoOwners

-

DN

Y

N

eq

  • Co-owners (membership managers) of the group

Group::coOwners

idautoGroupCoOwnerEditable

-

Boolean

N

N

-

  • Whether co-owners may edit the group details

Group::coOwnersEditable

idautoGroupIncludeFilter

-

String

N

N

-

  • Dynamic membership filter

Group::dynamicIncludes

idautoGroupIncludeBaseDN

-

DN

N

N

-

  • Dynamic membership search base DN
  • Consider this to be deprecated

N/A

idautoGroupExcludeFilter

-

String

N

N

-

  • Dynamic membership exclusion filter

Group::dynamicExcludes

idautoGroupExcludeBaseDN

-

DN

N

N

-

  • Dynamic membership exclusion search base DN
  • Consider this to be deprecated

N/A

idautoGroupStaticIncludes

-

DN

Y

N

eq

  • DNs of all static group members

Group::staticIncludes

idautoGroupStaticExcludes

-

DN

Y

N

eq

  • DNs of all static group exclusions

Group::staticExcludes

idautoGroupSyncInterval

-

Integer

N

N

-

  • Automatic sync interval in hours (optional)

Group::syncIntervalInHours

idautoGroupLastSynced

-

DateTime

N

N

eq

  • Date/Time when the membership was last synced

Group::lastSyncedOn

Special Attributes

Attribute Name

Friendly Name

Data

Type

Multi-Valued

Unique

Indexes

Description / Constraints

RING Entity::Field/Method

idautoGroupEmailAddress

Group Email Address

String

N

Y

eq, sub

  • Unique email address for “distribution list” groups

Group::email

idautoGroupEmailAliases

Group Email Aliases

String

Y

Y

eq, sub

  • Unique email aliases for “distribution list” groups

Group::emailAliases

idautoGroupToSystem1

Sync Group to System 1

Boolean

N

N

-

  • Flag indicating group should be synced to “System 1”

Group::externalIDs

idautoGroupToSystem2

Sync Group to System 2

Boolean

N

N

-

  • Flag indicating group should be synced to “System 2”

Group::externalIDs

idautoGroupToSystem3

Sync Group to System 3

Boolean

N

N

-

  • Flag indicating group should be synced to “System 3”

Group::externalIDs

idautoGroupToSystem4

Sync Group to System 4

Boolean

N

N

-

  • Flag indicating group should be synced to “System 4”

Group::externalIDs

idautoGroupToSystem5

Sync Group to System 5

Boolean

N

N

-

  • Flag indicating group should be synced to “System 5”

Group::externalIDs

idautoGroupToSystem6

Sync Group to System 6

Boolean

N

N

-

  • Flag indicating group should be synced to “System 6”

Group::externalIDs

idautoGroupToSystem7

Sync Group to System 7

Boolean

N

N

-

  • Flag indicating group should be synced to “System 7”

Group::externalIDs

idautoGroupToSystem8

Sync Group to System 8

Boolean

N

N

-

  • Flag indicating group should be synced to “System 8”

Group::externalIDs

idautoGroupToSystem9

Sync Group to System 9

Boolean

N

N

-

  • Flag indicating group should be synced to “System 9”

Group::externalIDs

idautoGroupToSystem10

Sync Group to System 10

Boolean

N

N

-

  • Flag indicating group should be synced to “System 10”

Group::externalIDs

Extensible

None of these attributes have a unique constraint

Attribute Name

Friendly Name

Data

Type

Multi-Valued

Indexes

Description / Constraints

RING Entity::Field/Method

idautoGroupExt1

Custom Group Attribute 1

String

Y

eq, sub

  • Custom Attribute

Group::attributes

idautoGroupExt2

Custom Group Attribute 1

String

Y

eq, sub

  • Custom Attribute

Group::attributes

idautoGroupExt3

Custom Group Attribute 1

String

Y

eq, sub

  • Custom Attribute

Group::attributes

idautoGroupExt4

Custom Group Attribute 1

String

Y

eq, sub

  • Custom Attribute

Group::attributes

idautoGroupExt5

Custom Group Attribute 1

String

Y

eq, sub

  • Custom Attribute

Group::attributes

Operational

Read-only attributes not associated with any particular class but available on all

Operational Attributes

Attribute Name

Friendly Name

Data

Type

Multi-Valued

Unique

Indexes

Description / Constraints

RING Entity::Field/Method

memberOf


DN

Y

N


  • read-only - comes from slapo-memberof overlay

User::getDirectMemberships(), Group::getDirectMemberships()

entryDN


DN

N

N


  • read-only - the DN name of the object

Entity::name

createTimestamp


Date

N

N


  • read-only - the creation timestamp of the object

Entity::createdOn

modifyTimestamp


Date

N

N


  • read-only - the most recent modification timestamp of the object

Entity::modifiedOn

creatorsName


DN

N

N


  • read-only - the DN of the creator of the object

Entity::createdBy

modifiersName


DN

N

N


  • read-only - the DN of the most recent modifier of the object

Entity::modifiedBy


Was this article helpful?