1. Overview of the Feide LDAP structure#

1.1. Object-classes#

The structural requirements that Feide sets for the organization’s LDAP-catalogue are based on «norEdu* Object Class Specification».

In addition to the specification, this document defines mandatory and recommended attributes for organizations in lower education from the norEdu*-specification.

The LDAP-catalogue with user-data located at the organizations is organized in a tree-structure. Within this structure lies nodes which are a collection of attributes and related data for:

  • persons

  • organization (school-owner)

  • organizational units (schools)

norEdu*-specification defines three important object classes:

  • norEduPerson

  • norEduOrg

  • norEduOrgUnit

Each object class defines a set of attributes. Multiple object classes used in combination can yield a larger set of attributes, which results in all the information about a person, organization or organizational unit.

For instance, a node with person-information will have attributes from the object classes norEduPerson, schac, eduPerson and inetOrgPerson. inetOrgPerson will use attributes from the object classes person, organizationalPerson and top. For more about object classes «norEdu* Object Class Specification».

The two attributes (eduPersonOrgDN and eduPersonOrgUnitDN) describes which school owner and which schools a person is affiliated to. These attributes contains a unique pointer to nodes within the catalogue tree which contains information for school owner and schools. eduPersonPrimaryOrgUnitDN describes which school the person has their main affiliation to. The different nodes for person, organization and organizational units and the relational connections for these are shown below in Figure 1.

1.2. Attributes#

When a user log in to a service through Feide, the service receives data describing user authentication and a collection of information elements that belongs to this user. Which information elements that the service receives are limited through an agreement with Feide and the service. In Feide we use the term attributes for the different information elements.

In general, it is recommended to put as much information in the Feide catalogue as possible, and within the norEdu*-specification you can find attributes for many different information elements. Quite a lot of the services request an increasingly number of types for the information elements, and the organizations that places large amounts of information in the Feide catalogue will be able to utilize the different services connected to Feide more effectively.

In the customer portal, the host organizations can view which attributes a service receives. The host organization is responsible for the agreement between organization and service which describes the data processing details which regulates how the service uses the organization’s information.

To make it easier for the host organizations and the services, Feide has chosen to classify attributes within three categories:

  • Mandatory – Shall be placed within Feide catalogue

  • Recommended – Recommended to be placed within Feide catalogue

  • Optional – These are all optional and it is up to the organization itself to decide if it want to add these to the Feide catalogue

Mandatory and recommended attributes are attributes that the services expects to be delivered today. Despite this classification, Feide will encourage the host organizations to place as much information as possible within the Feide catalogue. A quick overview of mandatory, recommended and optional attributes can be found within this document.

Figure showing person, organization and organizational unit within the Feide catalogue

Figure 1: The different object classes within the Feide catalogue: person, organization and organizational unit. The arrows show how specific attributes in the person node points to the organization and organizational units that the person belongs to.#