Cluenet LDAP Attributes Table
From ClueWiki
(Redirected from Cluenet LDAP Attributes New)
The default access column needs to be changed, please ignore them, I will get them fixed.
| Attribute | Self-Readable | Self-Writable | Access-Controllable | Default-Access | Description |
|---|---|---|---|---|---|
| clueSshPrivKey | Yes | Yes | No | none | A SSH Private Key. |
| clueSignupInfo | Yes | No | Yes | none | Information from the signup system. |
| url | Yes | Yes | Yes | anon | The user's web site or other personal URL. |
| clueIrcNick | Yes | No | No | anon | User's #clueirc nick. |
| clueVoipUri | Yes | Yes | Yes | anon | A URI indicating a user voip contact information |
| clueGeneralContact | Yes | Yes | Yes | none | General contact information not specified by other types. |
| clueGender | Yes | Yes | Yes | none | Gender of the member |
| clueBirthYear | Yes | Yes | Yes | none | Birth year of member |
| suspendedPassword | Yes | No | No | none | When a user account is suspended, their password is moved to this attribute, which is not a valid location for the password to be checked. . (Blocks login) |
| clueAuthorizedAbility | Yes | No | No | anon | A URI indicating an authorized ability of a user. |
| altEmail | Yes | Yes | Yes | none | Alternate user email, other than the mail attribute. |
| pgpKeyId | Yes | Yes | Yes | none | User PGP Key ID. |
| aimSn | Yes | Yes | Yes | none | AIM Screen Name. |
| xmppUri | Yes | Yes | Yes | none | XMPP or Jabber Contact URI. |
| msnSn | Yes | Yes | Yes | none | MSN Messenger Screen Name. |
| scheduleInfo | Yes | Yes | Yes | none | Information or Link to User Schedule or Availability Information. |
| twitterUser | Yes | Yes | Yes | none | Twitter Username. |
| diggUser | Yes | Yes | Yes | none | Digg.com username. |
| slashdotUser | Yes | Yes | Yes | none | Slashdot username. |
| googlecodeUser | Yes | Yes | Yes | none | GoogleCode username. |
| githubUser | Yes | Yes | Yes | none | GitHub username. |
| freshmeatUser | Yes | Yes | Yes | none | Freshmeat.net username. |
| occupation | Yes | Yes | Yes | none | User's field of work, or employer name. |
| timezone | Yes | Yes | Yes | none | User's physical timezone. |
| school | Yes | Yes | Yes | none | Name of school user attends. |
| skill | Yes | Yes | Yes | anon | A skill or piece of knowledge the user has. |
| wikipediaUser | Yes | Yes | Yes | none | Wikipedia.org username. |
| clueNotes | Yes | Yes | Yes | none | Random assorted notes. |
| uid | Yes | No | No | anon | This is the username of the account. It is set at account creation time and cannot be changed. Distinguished names are based off the uid attribute. |
| uidnumber | Yes | No | No | anon | This is the numeric UID of the account. It is set at account creation time and cannot be changed. |
| gidnumber | Yes | No | No | anon | This is the numeric GID of the account. It is set at account creation time and cannot be changed. |
| gecos | Yes | Yes | No | anon | This corresponds to the gecos (or "real name") field in /etc/passwd. |
| loginShell | Yes | Yes | No | anon | This is the shell that the user is logged in with. It defaults to /bin/bash. |
| homeDirectory | Yes | No | No | This is the home directory for the account. It is set at account creation time and cannot be changed. | |
| userPassword | Yes | No | No | none | This is not actually the password for the user, it is actually a base64 encode of the users Kerberos principle. LDAP auth now uses a pass-through to the Kerberos server for authentication |
| cn | Yes | Yes | Yes | none | This is the user's "Common Name". It should be set to the user's real full name, if the user wants to make this public available. |
| givenName | Yes | Yes | Yes | none | This is the user's "Given Name". It should be set to the user's real first name. |
| sn | Yes | Yes | Yes | none | This is the user's "SurName". It should be set to the user's real last name. |
| c | Yes | Yes | Yes | anon | This is a two letter code representing the user's country of origin. The two letter codes are defined by ISO 3166. |
| Yes | Yes | Yes | none | This is the user's primary email address. | |
| st | Yes | Yes | Yes | none | This is the user's state or province of residence. The full name should be used. |
| l | Yes | Yes | Yes | none | This is the user's "Locality" or city of residence. The full name should be used. |
| telephoneNumber | Yes | Yes | Yes | none | This is the user's telephone number. |
| postalAddress | Yes | Yes | Yes | none | This is the user's street address. |
| mailQuota | Yes | No | No | read | Amount of disk space that a member with mail gets. |
| jpegPhoto | Yes | Yes | Yes | none | A JPEG photo of the member. |
| spokenLanguage | Yes | Yes | Yes | none | Multi-value list spoken languages of the user. |
| authorizedService | Yes | No | No | anon | This attribute is checked by most LDAP authenticated services. If the value of one of the authorizedService entries matches the one the service checks for, then the authorization for that user will succeed. |
| host | Yes | No | No | anon | If a server is set to check for the host attribute, the user will have to have a host entry with the hostname of that server to login. |
| authorizedHostService | Yes | No | Yes | anon | This attribute is checked by a modified version of pam_ldap, and allows for access control for individual services on a specific server. If the server is set to check for it, a user will have to have an entry in the form of "authorizedHostService: HOST:SERVICE" in order to use a service on that server. |
