Introduction
With an understanding of common application uses of the directory information collections of attributes have created. These connections are called bundles. The bundles make selecting which data to use from the directory simpler by replacing the task of choosing among several hundred attributes with the choice of a handful of bundles. The pre-defined bundles are not specific to web-based authentication system and can be used by any application accessing the directory. It is strongly recommended that bundles be used, unless an application has special attribultes requirements that not covered by existing bundles.
Bundle access to directory data is, in most cases, not subject to privacy restrictions defined in the directory. As with access to all privacy restricted data in the directory, the access must be approved by the owners of the data (see Directory Usage Policy). To request access to directory data using an attribute bundle visit the Requesting Access. When requesting access multiple bundles can be requested. For example, in addition to basic name information, some applications may need a person's affiliactions, then the applictaions can request to access to both the suNamesAffiliations and suName bundles.
The following attribute bundles have been defined in the Stanford Directory.
- stanfordWho (people_sugal_full)
- The same set of attributes displayed by Stanford Who subject to the same privacy controls as the StanfordWho applications. This means that any attribute with the visibility set to private will not be available. Only those attributes set to "stanford" or "public" will be available. This is exposed as the suGAL* attributes in the suGALperson Object Class.
- suNames
- A set of attributes that allows access to a large set of name data for a person entry in the directory.
- suNamesAffiliations
- A set of attributes that allows access to a large set of name and affiliation data for a person entry in the directory.
- suPhoneAddress
- This bundle is a collection of the telephone number, email address, and postal addresses for entries in the cn=people branch of the directory.
- posixAccount
- The attributes in the posixAccount objectclass and the suPrivilegeGroup attribute. Generally access is filtered by either an individual Workgroup or a Workgroup stem.
- posixGroup
- The attributes in the posixGroup objectclass and the suPrivilegeGroup attribute. Generally access is filtered by either an individual Workgroup or a Workgroup stem.
Public Access to Directory Data
In addition to the data defined by a bundle, all bundles have access to the following set of attributes if each attribute is marked as World Visible.
World visibility read on:
- cn, facsimileTelephoneNumber, generationQualifier, givenName, homePhone, homePostalAddress, labeledURI, mail, mobile, objectclass, o, ou, pager, personalTitle, postalAddress, sn, street, suDisplayAffiliation, suDisplayNameFirst, suDisplayNameMiddle, suDisplayNameLast, suDisplayNamePrefix, suDisplayNameSuffix, suEmailPager, suFacultyAppointment, suFacultyAppointmentShort, suGwAffilAddress1, suGwAffilAddress2, suGwAffilAddress3, suGwAffilAddress4, suGwAffilAddress5, suGwAffilCode1, suGwAffilCode2, suGwAffilCode3, suGwAffilCode4, suGwAffilCode5, suGwAffilFax1, suGwAffilFax2, suGwAffilFax3, suGwAffilFax4, suGwAffilFax5, suGwAffiliation1, suGwAffiliation2, suGwAffiliation3, suGwAffiliation4, suGwAffiliation5, suGwAffilMailCode1, suGwAffilMailCode2, suGwAffilMailCode3, suGwAffilMailCode4, suGwAffilMailCode5, suGwAffilPhone1, suGwAffilPhone2, suGwAffilPhone3, suGwAffilPhone4, suGwAffilPhone5, suLocalAddress, suLocalPhone, suMailAddress, suMailCode, suOtherName, suPermanentPhone, suPermanentAddress, suProfile, suSearchID, suSunetID, suUniqueIdentifier, telephoneNumber, title
