skip to main content

Directory Services Attribute

Higher Ed NetID (eduPersonPrincipalName)

Attribute details

LDAP eduPersonPrincipalName attribute properties, usage and population rules
Definition: The "NetID" (account login identifier) for inter-institutional authentication.

This can be thought of as the account login scoped to the Identity Provider. For everyone in the directory, it is 'tamuEduPersonNetID@tamu.edu'.

This value is also the Kerberos principal for the account holder.

This is a human-friendly identifier selected by the account holder. NetIDs are revokable (account holders are allowed to switch to a different NetID) and reassignable (6 months after the NetID is released by an account holder, it may be claimed by a different account holder).

Due to these characteristics, a Service Provider wishing to link a Texas A&M NetID account holder to an internal account should use a persistent identifier such as eduPersonUniqueId or eduPersonTargetedID instead of eduPersonPrincipalName.
Attribute Name: 'eduPersonPrincipalName'
OID: 1.3.6.1.4.1.5923.1.1.1.6
URN: urn:oid:1.3.6.1.4.1.5923.1.1.1.6
Multiple Values: Single-valued
Format: Directory String
The values consist of a left and right component separated by an "@" sign. The left component is the entry's tamuEduPersonNetID value. The right component identifies the domain or scope. For all entries in the Texas A&M NetID Identity Management System this is "tamu.edu".
Search Syntax: EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
Controlled Vocabulary: not applicable
Source: If NetID has not been activated, this attribute is not present, i.e. contains no value.
If NetID has been activated, the attribute value is NetID@tamu.edu

Directory-specific details

LDAP eduPersonPrincipalName attribute properties that are dependent on directory branch or object class configuration
  Enterprise Directory
People Branch
Directory URL: ldap.tamu.edu
Object Class: eduPerson
Required: no
Indexing: Presence (pres): Improves searches for entries that contain the indexed attribute.
Equality (eq): Improves searches for entries that contain an attribute that is set to a specific value.
Access: Access to Enterprise Directory restricted.
Usage: Federated applications
Example(s): joe-college@tamu.edu