Skip to end of metadata
Go to start of metadata

Summary

The UW Person Directory Service provides standard, read-only LDAP access to a person's online UW identification, affiliations, and contact information.

Overview

The Person Directory contains person data obtained from institutional sources such as the Person Registry, Workday, SDB and Advance databases. Basic identification and affiliation data is available for all UW members and affiliates. Additional data is available for UW employees, students, and alumni. Data is searchable by official UW identifiers. Access requires registration and is restricted to authorized applications.  New applications are strongly encouraged to use PWS instead of the Person Directory Service.

LDAP Server Description

The Person Directory is described in the following table:

Name

UW Person Directory Service

Hosts

eds.u.washington.edu (production)
eds-eval.u.washington.edu (dev/testing)

Ports

389 (standard LDAP port)
636 (LDAP over SSL port)

Protocol

LDAPv3

Bind

All binds require authentication.
See: LDAP Authentication Methods

Base

dc=washington,dc=edu

Data

ou=People,dc=personregistry

Updates

All data is updated at least nightly

Timeouts

5 minute idle timeout

Search

Results constrained to 500 matches

Search Keys

Search by common UW identifiers, e.g.
• UW NetID, UW RegistryID, UID
• Student System Key, Student ID Number
• Employee ID
• Advance ID Number

Attributes

• Person Attribute summary (below)
Person Directory Attribute Reference (detailed)

Schema

Person Directory Schema
Person Directory Example Entry

LDAP Client Technologies

Any LDAP client that supports one the required authentication methods can be used to retrieve data from the Person Directory.

See also: LDAP Client Guidelines.

Access

As an institutional resource the Person Directory is subject to UW policies regarding information access, use, and protection. Access to the Person Directory is provided to UW applications in support of business and academic functions, not directly to end-users. Registration of client applications is required. A request for access must include information about the client application to ensure that access policies are appropriately applied. This includes:

  • The application's function and its responsible parties.
  • The application's required attributes. As described below, attributes are organized into sets to simplify access management.
  • Provisions in the application to ensure that sensitive data is handled appropriately.

In addition, other information (such as client software type) is requested so our support team can better assist directory customers.

For client authentication the Person Directory requires SSL client certificates issued by the UW Services CA. Access is controlled based on the DNS name in the client certificate. The DNS name in this certificate is included in the registration request.

It is preferable to use a DNS name that represents the application itself. In particular if a client application is running on a replicated cluster, registration should be done once using the DNS name of the application rather than separately for each cluster host system (the certificate and private key can be copied to each of the cluster members). See Managing DNS Names For Infrastructure Services Access.

Person Attribute Sets

Attribute sets are defined based on data source and sensitivity. Refer to the Person Directory Attribute Reference for a short description of individual attributes.

Attribute Set

Attribute classes (Attribute names)

Basic

  • Entry metadata (distinguishedName, objectClass, etc.)
  • RegistryID (uwRegID, serialNumber, uwPriorRegID)
  • UW NetID (uwNetID, uwPriorNetID)
  • Test (uwTest)
  • Name (sn, cn, uwPersonRegisteredName, uwPersonRegisteredSurname, uwPersonRegisteredFirstMiddle, displayName)
  • Affiliation (eduPersonAffiliation)
  • Basic Directory Listing Preference (uwWPPublish)
  • Unix User Identifier (UID) (uidNumber)

Student

  • Student ID Number (uwStudentID)
  • Student System Key (uwStudentSystemKey)
  • Student Name (uwSWPName)
  • Student Contact Data (uwSWPPhone, uwSWPEmail)
  • Student Directory Listing Preference (uwSWPPublish)
  • Student Class Code (uwSWPClass)
  • Student Departments (uwSWPDept1-3)

Employee

  • Employee ID (uwEmployeeID)
  • Employee Appointment Data (uwEmployeeHomeDepartment, uwEmployeeMailStop)
  • Employee Name (uwEWPName)
  • Employee Directory Listing Preference (uwEWPPublish)
  • Employee Campus Contact Data (uwEWPPhone1-2, uwEWPEmail1-2, uwEWPDept1-2, uwEWPTitle1-2, uwEWPAddr1-2, uwEWPName, uwEWPVoicemail, uwEWPTouchDial, uwEWPFacsimile)
    Note: Employee Contact Data Limitations describes the source and quality of these attributes.

Alumni

  • Advance ID Number (uwDevelopmentID)

Contact Us

We welcome questions and discussion concerning the Person Directory and the nature of its data. Discussion helps clarify the ways the directory can be used and also helps define directions for future development. Please contact us at iam-support@uw.edu.

  • No labels