MCommunity Directory Attributes Available Via LDAP

Return to LDAP Access to the MCommunity Directory

Note: The Access column applies to the situation where you are looking at an entry other than your own. Authenticated access to your own entry/profile is the same as it is for you via the web interface to the director, except that not all attributes can be updated via LDAP.

Table of Contents

Names

Attribute Class Access Type Valued* Searching** Description/Sample Text
cn Person Read-only, anonymous access Case-insensitive string Multi-valued. Contains multiple versions of the person's name. If you need a single-valued attribute for a person's name, use displayName. Substring-indexed, searchable cn stands for common name. This attribute contains all the values of a person's name that the university has a record of. Depending on what information is available, it may include a person's birth name, married name(s), and preferred name. If a person has more than one relationship with the university (for example, is a student at Dearborn and a staff member at Ann Arbor), and the data source for each relationship has a slightly different version or spelling of the name, both versions may be listed. This attribute includes the displayName and all Also Known As names.
displayName inetOrgPerson Read-only, anonymous access Case-insensitive string Multi-valued. However, MCommunity only stores one value for this. Substring-indexed, searchable This is the person's complete, current name. This is the name that appears at the top of the person's profile in the web interface to the directory. It is their legal name, or, if they have set one, their preferred name.
givenName inetOrgPerson Read-only, anonymous access Case-insensitive string Multi-valued. However, MCommunity only stores one value for this. Substring-indexed, searchable This is typically the person's first name. It is the name given to them to identify them as an individual (as opposed to their surname, last name, or family name).
sn Person Read-only, anonymous access Case-insensitive string Multi-valued. A person may have multiple sn's because all previous sn's are included. For example, a person may have the sn they were born with plus a married sn. If you need a single-valued version of a person's surname, use umichDisplaySn. Substring-indexed, searchable sn stands for surname. This is typically the person's last name. It is sometimes referred to as the person's family name, the name they share with other members of their family. Note that this includes all previous last names.
umichDisplaySn umichPerson Read-only, administrative access only Case-insensitive string Single-valued Substring-indexed, searchable This is the person's current last name.
umichDisplayMiddle umichPerson Read-only, administrative access only Case-insensitive string Single-valued Substring-indexed, searchable This is the person's current middle name.
umichNameOfRecord umichPerson Read-only, administrative access only Case-insensitive string Single-valued Substring-indexed, searchable This is only populated by certain data sources where it is likely the name was checked against a driver's licence or some other document. It is not populated for sponsored affiliates or alumni.
umichPreferredNameOfRecord umichPerson N/A N/A N/A N/A Do not use this attribute. As of July 2015, it is no longer updated from Wolverine Access. Use displayName instead.
umichRemoveNameOfRecord umichPerson Read-only, administrative access only Boolean Single-valued. This is either true or false. Not indexed When someone asks the ITS Service Center to take their Name of Record out of the directory, this flag is turned on. When this flag is turned on, a person's Name of Record does not appear in the list of Also Known As names.

Addresses

Attribute Class Access Type Valued* Searching** Description/Sample Text
postalAddress organizational-Person Read-only, anonymous access Case-insensitive string Multi-valued. However, only a single value is populated. Not indexed LDAP-mapped to umichPostalAddress (which is string type). In other words, if you ask for postalAddress, you get umichPostalAddress.
umichAltAddress umichPerson Read-only, as allowed by specific users Case-insensitive string Multi-valued. However, only a single value is populated. Substring-indexed, searchable User-entered work address. Users can enter an alternate work contact address. This address is stored only in MCommunity and is not sent to Wolverine Access. Lines in the address are separated by dollar signs ($).
umichHomePostalAddress umichPerson Read-only, administrative access only unless user has published this data. Case-insensitive string Multi-valued. However, only a single value is populated. Not indexed Home address from official source (such as Wolverine Access). Lines are separated by dollar signs ($). This is the home address attribute for employees.
Sample:
5987 Street Road $ Ypsilanti MI 48197
umichHomePostalAddressData umichPerson Read-only, administrative access only Case-insensitive string Multi-valued. However, only a single value is populated. Not indexed Packed data for homePostalAddress in keyword-value format.
Sample:
{addr1=5987 Street Road}:​{city=Ypsilanti}:​{state=MI}:​{postal=48197}:​{nationCode=USA}
umichPermanentPostalAddress umichPerson Read-only, administrative access only unless user has published this data. Case-insensitive string Multi-valued. However, only a single value is populated. Not indexed A home address. This is the student permanent home address. Usually, it is the address of the student's parents.
umichPermanentPostalAddressData umichPerson Read-only, administrative access only Case-insensitive string Multi-valued. However, only a single value is populated. Not indexed Packed data for umichPermanentPostalAddress in keyword-value format.
umichPostalAddress umichPerson Read-only, anonymous access Case-insensitive string Multi-valued. However, only a single value is populated. Not indexed Employee official work address from Wolverine Access. (Sponsor System does not populate this even if a work address is entered in the Sponsor System.)
Sample:
MAIS HRMS CPU $ 2019 Ad Svcs $ 1432
umichPostalAddressData umichPerson Read-only, administrative access only Case-insensitive string Multi-valued. However, only a single value is populated. Not indexed Packed data for postalAddress attribute.
Sample:
{addr1=MAIS HRMS CPU}:​{addr2=2019 Ad Svcs}:​{postal=1432}:​{nation=UNITED STATES}:​{nationCode=USA}

Phone Numbers

Attribute Class Access Type Valued* Searching** Description/Sample Text
facsimileTelephoneNumber organizational-Person Read-only, as allowed by specific users Facsimile telephone number Multi-valued Not indexed User-entered fax number. Users enter this in the MCommunity Directory.
homePhone inetOrgPerson Read-only, visible only to administrative access users unless the person has chosen to publish it to all. Telephone number Multi-valued Not indexed This is the home phone number for employees. They can update this number in Wolverine Access.
mobile inetOrgPerson Read-only, as allowed by specific users Telephone number Multi-valued Substring-indexed, searchable Entered by the user in Wolverine Access.
pager inetOrgPerson Read-only, as allowed by specific users Telephone number Multi-valued Substring-indexed, searchable Entered by the user in the MCommunity Directory. (This is not sent back to any other data source; it is stored only in the directory.)
telephoneNumber Person Read-only, anonymous access Telephone number Multi-valued Substring-indexed, searchable U-M work phone number. Can be changed by the employee in Wolverine Access. U-M employees can have up to two U-M phone numbers listed in Wolverine Access.
umichAltPhone umichPerson Read-only, as allowed by specific users Telephone number Multi-valued Not indexed An alternative work phone number entered by the user in the MCommunity Directory. (This is not sent back to any other data source; it is stored only in the directory.)
umichPermanentPhone umichPerson Read-only, visible only to administrative access users unless the person has chosen to publish it. Telephone number Single-valued Not indexed Permanent home phone number for students.

Email

Attribute Class Access Type Valued* Searching** Description/Sample Text
mail umichPerson Read-only, anonymous access Directory string Multi-valued Value-indexed, exact matches only Always uniqname@umich.edu. This is derived from uniqname and is visible to others only if mailForwardingAddress is defined.
mailForwardingAddress umichPerson Writable by administrative access users and by the profile owner. IA5String, maximum length is 256 characters Multi-valued Value-indexed, exact matches only This is set in the directory by U-M email providers when a user's mailbox is set up. Users can also make changes.
messagingURI umichPerson Read-only, as allowed by specific users Case-insensitive string Multi-valued Value-indexed, exact matches only IM handle entered by user into MCommunity Directory. (This is not sent back to any other data source; it is stored only in the directory.)
labeledUri User Read-only, as allowed by specific users Case-insensitive string Multi-valued Not indexed Links to web pages. Users enter this in the MCommunity Directory via the web. They enter a webpage name and URL. This shows up in the Links part of their profile.

Visibility

Attribute Class Access Type Valued* Searching** Description/Sample Text
ferpa umichPerson Read-only, visible only to administrative access users Directory string Single-valued Not indexed Students may request non-disclosure of directory information through the Registrar's Office for their campus. When they do, this flag is set. (FERPA stands for Federal Educational Rights and Privacy Act.)
hideCN umichPerson Read-only, visible only to administrative access users Boolean Single-valued Not indexed Hides all name parts. This flag is on when ferpa is on. The exception is if a student is also an employee; then name parts are displayed as part of employee information. Only the student information is hidden.
umichPrivate umichPerson Read-only, visible only to administrative access users Boolean Single-valued Not indexed When this flag is set to True," all parts of the person't entry are hidden except their uniqname. People must contact the ITS Service Center to get this turned on and off.

UMICH Institutional Roles

Attribute Class Access Type Valued* Searching** Description/Sample Text
umichInstRoles umichPerson Read-only, visible only to administrative access users Case-insensitive string Multi-valued Substring-indexed, searchable The person's current institutional role(s). These are the possible roles:
  • StudentAA, StudentDBRN, and StudentFLNT (continuing and incoming students regardless of enrollment; includes detached study);
  • EnrolledStudentAA, EnrolledStudentDBRN, EnrolledStudentFLNT (enrolled in at least one credit hour for ""current"" term; next term information is used during gap between terms)
  • AlumniAA, AlumniDBRN, AlumniFLNT (any person who has completed at least one semester in a degree-granting program)
  • FacultyAA, FacultyDBRN, FacultyFLNT (defined as academic, instructional, and research appointments; includes emeritus faculty)
  • RegularStaffAA, RegularStaffDBRN, RegularStaffFLNT (current appointment with a status of active, suspended, short-work break, leave, or paid leave);
  • TemporaryStaffAA, TemporaryStaffDBRN, TemporaryStaffFLNT (current appointment with a status of active, suspended, short-work break, leave, or paid leave)
  • Retiree (retired from any U-M campus, regardless of other appointments that may still be active)
  • SponsoredAffiliateAA, SponsoredAffiliateDBRN, SponsoredAffiliateFLNT (has at least one departmental sponsorship).

     

AA=Ann Arbor, DBRN=Dearborn, FLNT=Flint

Alumni

Attribute Class Access Type Valued* Searching** Description/Sample Text
umichAlumStatus umichPerson Read-only, visible only to administrative access users Case-insensitive string Multi-valued. However, only one value is populated. Not indexed Sample:
{campus=UM_DEARBORN}:​{degSchool=DB-Arts/Sci/Letters}:​{classYr =1994}:​{aggDegree=AB 1994 DASL}

Student

Attribute Class Access Type Valued* Searching** Description/Sample Text
umichAAAcadProgram umichPerson Read-only, visible only to administrative access users Case-insensitive string Multi-valued Not indexed Sample:
{acadCareer=PMED}:​{acadProg=01610}:​{acadPlan=7950}:​{campus=A}:​{progStatu=AC}:​{admitTerm=0850}:​{admitTermBegDt=1993-09-09}:​{expGradTerm=}:​{degrChkoutStat=}:​{acadCareerDescr=Medical}:​{acadPlanDegree=}:​{acadPlanDescr=Resident}:​{acadPlanField=7950}:​{acadPlanFieldDescr=Resident}:​{acadPlanType=MAJ}:​{acadPlanTypedDescr=Major}:​{acadGroup=MED}:​{acadGroupDescr=Medicine}: {acadProgDescr=Post Graduate Medicine}
umichAATermStatus umichPerson Read-only, visible only to administrative access users Case-insensitive string Multi-valued Substring-indexed, searchable Sample:
{acadCareer=GRAC}:​{termCode=1710}:​{acadLevelProj=25}:​{acadLevelDescription=Graduate Pre-Candidate}:​{formOfStudy=ENRL}:​{termBeginDt=2008- 09-02}:​{termEndDt=2008-12-09}:​{regStatus=NRGS}:​{acadCareerDescr=Rackham}:​{termDescr=Fall 2008}:​{acadYear=2009}
umichDbrnCurrentTermStatus umichPerson Read-only, visible only to administrative access users Case-insensitive string Multi-valued Substring-indexed, searchable Contains all umichDbrnTermStatus values for the current term.
umichDbrnTermStatus umichPerson Read-only, visible only to administrative access users Case-insensitive string Multi-valued Substring-indexed, searchable Sample:
{academicYear=2008}:​{academicPeriod=200820}:​{academicPeriodDesc=Winter 2008}:​{programLevel=RA}:​{programLevelDesc=Rackham}:​{primaryProgram=Y}:​{studentStatus=AS}:​{college=CA}:​{collegeDesc=Coll of Arts,Sciences&Letters}:​{degree=MALS}:​{degreeDesc=Master of Arts Liberal Studies}:​{program=MALS-LIBS}:​{programDesc=MALS-Liberal Studies}:​{major=LIBS}:​{majorDesc=Liberal Studies}:​{classStanding=GR}:​{classStandingDesc=Graduate}:​{registered=Y}
umichFlntCurrentTermStatus umichPerson Read-only, visible only to administrative access users Case-insensitive string Multi-valued Substring-indexed, searchable Sample:
{termBeginDt=2010-05-10}:​{termEndDt=2010-08-27}:​{regStatus=NRGS}:​{termCd=SP 2010}:​{degCand=N}
umichFlntTermStatus umichPerson Read-only, visible only to administrative access users Case-insensitive string Multi-valued Substring-indexed, searchable Term status for Flint students.

Employ

Attribute Class Access Type Valued* Searching** Description/Sample Text
umichHR umichPerson Read-only, visible only to administrative access users Case-insensitive string Multi-valued Substring-indexed, searchable Sample:
{jobCategory=Staff}:​{campus=UM_ANN-ARBOR}:​{deptId=500100}:​{deptGroup=LIFE_SCIENCES_INST}:​{deptDescription=Life Sciences Institute-Admin}:​{deptGroupDescription=Life Sciences Institute}:​{deptVPArea=PRVST_EXC_VP_ACA_AFF}:​{jobcode=037200}:​{jobFamily=41}:​{emplStatus=A}:​{regTemp=T}:​{supervisorId=}:​{tenure Status=NA}

Sponsorship

Attribute Class Access Type Valued* Searching** Description/Sample Text
umichSponsorshipDetail umichPerson Read-only, visible only to administrative access users Case-insensitive string Multi-valued Substring-indexed, searchable Sample:
{campus=UM_ANN-ARBOR}:​{deptId=176000}:​{deptGroup=COLLEGE_OF_LSA}:​{deptDescription=LSA Asian Languages & Cultures}:​{deptGroupDescription=College of Lit, Science & Arts}:​{deptVPArea=PRVST_EXC_VP_ACA_AFF}:​{umichSponsorAdmin=uniqname}:​{umichSponsorRequestor=uniqname}:​{umichSponsorReason=Researcher}:​{umichSponsorStartDate=07/11/2012}:​{umichSponsorEndDate=05/11/2013}:​{umichSponsorshipCn=030-0500-20120711080408308-903}

Google

Attribute Class Access Type Valued* Searching** Description/Sample Text
umichGoogleRestrictBase umichPerson Read-only, visible only to administrative access users Boolean Single-valued Not indexed The base (default) value for whether a person should be restricted from Google Mail and Calendar based solely on their institutional role(s) and unit affiliations. If TRUE, the person's role and affiliation indicate they should be restricted and not have Google Mail and Calendar.
umichGoogleRestricted umichPerson Read-only, visible only to administrative access users Boolean Single-valued Not indexed Indicates whether the person actually is restricted. If TRUE, the person is restricted and does not have Google Mail and Calendar.
umichGoogleRestrictOveride umichPerson Read-only, visible only to administrative access users Boolean Single-valued Not indexed Used to record an override of the value in umichGoogleRestricted and the history of that override. Includes current state,(Restricted, Override Removed, or Allowed), who created the override, and the date the override was created.
Sample:
umichGoogleRestrictOverride: {state=Restricted}:​{dn=uid=mmmonfor,ou=People,dc=umich,dc=edu}:​{changeDate=2012-02-28 12:00}
umichGoogleStatus umichPerson Read-only, visible only to administrative access users Case-insensitive string Multi-valued Not indexed A text field for use by the Google UMICH team in managing exceptions. For example, NOMOVE is used here as a temporary value during phased migrations of units to Google Mail and Calendar, and OLDALUM is used to indicate alumni who graduated before December 2011 and are therefore not eligible to use Google Apps UMICH. Other values may be used in the future.

Ident (Identification Numbers)

Attribute Class Access Type Valued* Searching** Description/Sample Text
entityid umichPerson Read-only, visible only to administrative access users Numeric string Single-valued Value-indexed, exact matches only This is the U-M ID number. It is usually called UMID. It is sometimes also called emplid or entity ID.
uid inetOrgPerson Read-only, anonymous access Case-insensitive string Multi-valued: However, only one value is populated. Value-indexed, exact matches only uniqname
umichDirectoryID umichPerson Read-only, visible only to administrative access users Case-insensitive string Single-valued Not indexed Unique identifier for a person entry in the MCommunity Directory.
umichScholarId umichPerson Read-only Case-insensitive string Multi-valued Not indexed ORCID iDs are identification numbers used for research publications, grant submissions, and more. See Professional Information (ORCID) for details.

General

Attribute Class Access Type Valued* Searching** Description/Sample Text
associatedDomain umichPerson Read-only, visible only to administrative access users Case-insensitive string Multi-valued Substring-indexed, searchable This is entered by administrative staff for users. Entering an associated domain (such as engin.umich.edu) allows the user to receive mail sent to that domain at his or her @umich.edu address. Use of this attribute is infrequent. If you have not made administrative changes to this attribute before and wish to start doing so, please contact the ITS Service Center first.
description umichPerson Read-only, as allowed by specific users Case-insensitive string Multi-valued Substring-indexed, searchable Mapped to umichDescription.
disabledDomain umichPerson Read-only, visible only to administrative access users Case-insensitive string Multi-valued Not indexed This attribute is used to allow a user to override associatedDomain set by administrator. If a user uses the web interface to go to the Settings page for his or her profile and uncheck a box by a domain listed under the "Email Aliases" heading, that domain is put in the disabledDomain attribute.
drink umichPerson Read-only, as allowed by specific users Case-insensitive string Multi-valued Not indexed This is text that the user enters in the MCommunity Directory. The user can list a favorite drink.
notice umichPerson Read-only, as allowed by specific users Case-insensitive string Multi-valued Not indexed This is text that the user enters in the MCommunity Directory. They might indicate the best way to contact them, who their administrative assistant is, or any other sort of notice that they want.
onvacation umichPerson Read-only, as allowed by specific users Boolean Single valued. This is either true or false Not indexed With the vacation notice turned on, when someone sends you email, they will receive an automatic response letting them know you are unavailable. In the web user interface, this is called the Away Message.
ou organizational-Person Read-only, anonymous access Case-insensitive string Multi-valued Substring-indexed, searchable University affiliations. In the web interface, these show up in a person's profile under the "Affiliations" heading.
proxy umichPerson Read-only, visible only to administrative access users Distinguished-name Multi-valued Value-indexed, exact matches only The user can designate one or more people to be proxies—people who can make changes to their individual entry in the directory. Proxies are entered as uniqnames.
RealtimeBlocklist umichPerson Read-only, visible only to administrative access users Boolean Single-valued. This is either on or off. Not indexed This indicates whether the person is signed up to use the Do Not Spam List to reduce spam in their incoming mail.
seeAlso Person Read-only, as allowed by specific users Distinguished-name Multi-valued Not indexed Users can list relevant email groups or individuals in their directory entry by entering their names or uniqnames, one per line, in this attribute.
umichAccessComplianceExpiry umichPerson Read-only, administrative access only Date and time Single-valued Not indexed The date the person last attested to the Institutional Data Access and Compliance Agreement. Users are expected to complete online training and attest to the agreement before gaining access to certain systems. For access to some systems, users must attest to the agreement annually.
umichDescription umichPerson Read-only, as allowed by specific users Case-insensitive string Multi-valued Substring-indexed, searchable This is text entered by the user in the MCommunity Directory. In the directory, it is displayed in a field named About Me. Users can enter whatever text they want. LDAP-mapped to the description attribute. That is, if you search for description, you'll get the results for umichDescription.
umichServiceEntitlement umichPerson Read-only, administrative access only Case-insensitive string Multi-valued Value-indexed, exact matches only Used to denote access to certain services, such as printing in Campus Computing Sites. Can be applied to people and groups.
Sample:
{"system":box",​"changeDate":"20140313170412Z",​"foreignKey":"213202259",​"eligibility":"yesDelay",​"status":"active",​"action":""}
umichTitle umichPerson Read-only, anonymous access Case-insensitive string Multi-valued Substring-indexed, searchable Employee long title for faculty and staff. For students, this is an affiliation-like string; the student's title is "student."
umichTraining umichPerson Read-only, visible only to administrative access users Case-insensitive string Multi-valued Not indexed This is used to indicate whether a sponsorship administrator has completed the required Access and Compliance online training.
vacationmessage umichPerson Read-only, as allowed by specific users Case-insensitive string Single-valued Not indexed Text entered by the user for a message to be sent to those who send mail to the user when onvacation is turned on.

posixAccount

Attribute Class Access Type Valued* Searching** Description/Sample Text
gidNumber posixAccount Read-only, anonymous access Integer Single-valued Not indexed Contains an integer value that uniquely identifies the user's default group in an administrative domain. In MCommunity, this is set to 10 for all users.
homeDirectory posixAccount Read-only, anonymous access Case-exact string Single-valued Not indexed The home directory for the account.
loginShell posixAccount Read-only, anonymous access Case-exact string Single-valued Not indexed Contains the path to the login shell.
uidNumber posixAccount Read-only, anonymous access Integer Single-valued Not indexed Contains an integer that uniquely identifies a user in an administrative domain. In MCommunity, this is centrally maintained.

Group

Attribute Class Access Type Valued* Searching** Description/Sample Text
cn Group Read-only, anonymous access Case-insensitive string Multi-valued Not indexed Name of the group. This attribute also includes all Also Known As names (aliases) for the group.
description rfc822MailGroup Read-only, anonymous access Case-insensitive string Multi-valued Not indexed User-entered text providing information about the group such as what it is used for and who is in it. LDAP mapped to umichDescription.
errorsTo rfc822MailGroup Read-only, anonymous access. Write access with administrative access. Distinguished-name Multi-valued Value-indexed, exact matches only The person (or several people) to receive error messages concerning mail sent to the group. (Enter full names or uniqnames.) For example, if mail sent to someone in the group bounces, the message reporting the bounced mail will be sent to the person(s) listed in errorsTo.
MCommunity will notify this group if there are errors processing changes to the group via the LDAP Tree.
facsimileTelephoneNumber rfc822MailGroup Read-only, anonymous access Facsimilie telephone number Multi-valued Not indexed Owner-entered fax number for the group.
gidNumber posixGroup Read-only, anonymous access Integer Single-valued Value-indexed, exact matches only Contains an integer that uniquely identifies a group in an administrative domain. In MCommunity, this is centrally maintained.
groupMember Group Read-only, anonymous access except where umichPrivate is "True." Additional read and write access with administrative access. Distinguished-name Multi-valued Value-indexed, exact matches only Members of the group that are groups (not people). Use this attribute to add/remove university groups to/from the group.
When searching, groupMember will return all direct members and members of groupMember (nested members). Basically, it returns all members of the fully expanded group. Duplicate values are possible because a group can be a member of multiple groups.
joinable rfc822MailGroup Read-only, anonymous access Boolean Single-valued Not indexed If a group is joinable, anyone who can log in to the directory can join it. Otherwise, members must be added by the owner.
labeledUri rfc822MailGroup Read-only, anonymous access Case-insensitive string Multi-valued substring OR value Via the web interface, users can enter links to relevant websites. Users enter a name for the website plus the URL. This then shows up in the Links section of the group profile.
member Group Read-only, anonymous access except where umichPrivate is "True." Additional read and write access with administrative access. Distinguished-name Multi-valued Value-indexed, exact matches only Members of the group that are people (not groups). Use this attribute to add/remove members that are listed by either uniqname or email address to/from the group. These are considered "direct" members of the group.
When searching, members will return all direct members and members of groupMember (nested members). Duplicate values are possible because a user can be a member of multiple groups that are in groupMember.
membersonly rfc822MailGroup Read-only, anonymous access Boolean Single-valued Not indexed A members-only group is one that only the members of the group can send mail to. The group owner can turn this on or off.
moderator rfc822MailGroup Read-only, anonymous access except where umichPrivate is "True." Additional read and write access with administrative access. Case-insensitive string Multi-valued Value-indexed, exact matches only Owners who wish their group to be moderated add moderators' email addresses to this attribute. Full email addresses (not uniqnames) must be used. Groups can have multiple moderators. Mail sent to the group goes to the moderator to be sent on to the group or not.
notice rfc822MailGroup Read-only, anonymous access Case-insensitive string Single-valued Not indexed Text entered by the owner that serves as some sort of notice regarding the group.
owner Group Read-only, anonymous access except where umichPrivate is "True." Additional read and write access with administrative access. Distinguished-name Multi-valued Value-indexed, exact matches only The person(s) with rights to make changes to the group. The person who creates the group is an owner by default. Owners are listed as uniqnames. In MCommunity, a group can own a group. In that case, the members of the owning group have owner priviliges.
permittedGroup rfc822MailGroup Read-only if authorized Distinguished-name Multi-valued Not indexed The permitted groups feature applies only to a group designated as members-only that is itself a member of another group. Using this feature allows mail sent to the permitted group to reach the members-only group. An owner can enter groupnames for this attribute.
postalAddress rfc822MailGroup Read-only, anonymous access Case-insensitive string Multi-valued Not indexed Owner-entered mailing address for the group.
RealtimeBlockList rfc822MailGroup Read-only, anonymous access. Write access with administrative access. Boolean Single-valued Not indexed When this is turned on, the Do Not Spam List is used for mail sent to the group. This reduces the spam that group members receive. The default is for it to be on at group creation.
requestsTo rfc822MailGroup Read-only, anonymous access. Write access with administrative access. Distinguished Name Multi-valued Value-indexed, exact matches only It is an Internet standard for people to be able to send mail to the administrator of an email group by sending email to groupname-request, where the group's name is substituted for groupname and the full email address is used. In this attribute, owners, list the person(s), by full name or uniqname), who should receive these messages.
rfc822ErrorsTo rfc822MailGroup Write access if authorized Case-insensitive string Multi-valued Not indexed This is where the owner can list email addresses of people to receive notices of messages to group members that bounce. People with uniqnames who want to receive errors are listed in the errorsTo attribute.
rfc822RequestsTo rfc822MailGroup Read-only, anonymous access. Write access with administrative access. Case-insensitive string Multi-valued Not indexed This is where the owner can list email addresses of people to receive messages sent to groupname-request@umich.edu (where the group's name is substituted for groupname). People with uniqnames who want to receive these messages are listed in requestsTo.
rfc822mail rfc822MailGroup Read-only, anonymous access. Write access with administrative access. Case-insensitive string Multi-valued Value-indexed, exact matches only Non-university members of the group. Intended for email addresses of people who do not have uniqnames. These are listed as full email addresses.
seeAlso Group Read-only, anonymous access Distinguished-name Multi-valued Not indexed The owner can list related email groups or individuals in the group's directory entry by entering their names or uniqnames, one per line.
supressNoEmailError rfc822MailGroup Read-only, anonymous access Boolean Single-valued Not indexed Set by the owner. If True, then "no email address" errors will be suppressed. That is, if mail is sent to the group and one or more university group members do not have mail forwarding addresses in their entries (which means they would not receive the mail sent to the group), the person(s) listed in the Errors To fields will not receive an error message alerting them to that fact. If False (or neither True nor False is selected), then error messages will be sent in the above situation.
telephoneNumber rfc822MailGroup Read-only, anonymous access Telephone number Multi-valued Substring-indexed, searchable Owner-entered telephone number for the group.
umichDirectGroupMember umichGroup Read-only, anonymous access except where umichPrivate is "True." Additional read access with administrative access. Distinguished-name Multi-valued Value-indexed, exact matches only When searching, umichDirectGroupMember only returns direct members of groupMember. This attribute can be used to determine which groupMember members of a group could be removed.
umichDirectMember umichGroup Read-only, anonymous access except where umichPrivate is "True." Additional read access with administrative access. Distinguished-name Multi-valued Value-indexed, exact matches only When searching, umichDirectMember only returns direct members of the group, that is, people who are listed as individual members of the group. It does not return people who are members of groups that are members if the group. This attribute can be used to determine which members of a group can be removed.
umichDisabledBy umichDisable Read-only if authorized Distinguished-name Single-valued Not indexed The dn of the identity that disabled the group. Generally, this is the the Directory Administrator ID.
umichDisabledMessage umichDisable Read-only if authorized Case-exact string Single-valued Not indexed Standard message that group is disabled and therefore not receiving mail.
umichDisabledTimestamp umichDisable Read-only, anonymous access Case-exact string Single-valued Not indexed The date the group was disabled. Groups are disabled automatically when they reach their expiry date.
umichGroupEmail rfc822MailGroup Read-only, anonymous access Case-insensitive string Single-valued Not indexed The preferred, guaranteed email address for the group. This value is also stored in the cn attribute.
umichEnableAuth umichDisable Read-only if authorized Case-exact string Single-valued Not indexed Indicates who can renew/enable a disabled group. Valid values include owner and admin. The owner can only renew the disabled group if the value is "owner." Directory Administrator action is required to renew when the value is "admin."
umichEntryDisabled umichDisable Read-only, anonymous access Boolean Single-valued Not indexed Attribute indicating disabled groups. If a group is disabled, the value will be "True."
umichExpiryNoticeTimestamp umichExpire Read-only if authorized Case-exact string Multi-valued Not indexed The dates when expiry notices were sent to the group owners via email.
umichExpiryTimestamp umichExpire Read-only, anonymous access Case-exact string Single-valued Not indexed The date the group will become disabled if is not renewed.
umichPrivate umichGroup Read-only, anonymous access Boolean Single-valued Not indexed When this is set to "True," the moderator(s), owner(s), and list of group members is hidden from everyone except the logged-in group owners and members.
umichPurgeTimestamp umichDisable Read-only, anonymous access Case-exact string Single-valued Not indexed The date the group will be purged from the directory if it is not renewed.
umichRenew umichExpire Write access if authorized Boolean Single-valued Not indexed This attribute is updated with a value of "True" to initiate the group renewal process. Once the group has been renewed, this attribute value is removed.
umichServiceEntitlement umichGroup Read-only, administrative access only Case-insensitive string Multi-valued Value-indexed, exact matches only Used to denote access to certain services, such as printing in Campus Computing Sites. Can be applied to people and groups.
Sample:
{"system":"box",​"changeDate":"20140313170412Z",​"foreignKey":"213202259",​"eligibility":"yesDelay",​"status":"active",​"action":""}

Notes

* Attributes are either single-valued or multi-valued. Single-valued attributes are contained all on one line. Multi-valued attributes may contain more than one line.
** The way an attribute is indexed affects what kind of searching you can do on it:

  • Value indexed. You will need to to match the whole value exactly to find it when searching.
  • Substring-indexed. You can use asterisks and search by part of the string (for example, search for *terson to find masterson and wilterson).
  • Not indexed. Searches will take a very long time and may not work at all.

Return to LDAP Access to the MCommunity Directory

Last Updated: 
Friday, September 23, 2016