6.2. Data model
Users, school classes and schools each have been extended by the following attributes:
ucsschoolRecordUID saves the entryUUID of the object on source system (school authority).
ucsschoolSourceUID saves the name of the school authority.
idBrokerPseudonym0001 - idBrokerPseudonym0030 save service provider specific pseudonyms.
6.2.1. Mapping LDAP / UDM / UCS@school attributes
As written in ID Broker components the Self-disclosure API and the Provisioning API use the Kelvin REST API to access user / group data.
The Kelvin REST API exposes the UCS@school library models in its API and uses the UDM REST API to access the IDMs LDAP database.
The UCS@school library, the UDM REST API and OpenLDAP target different scenarios / layers and thus have different data models and use slightly different names for the same attributes.
Below are tables that should help navigate the different data layers.
6.2.1.1. Users
Table 6.2 Users mapping of LDAP attribute → UDM property → UCS@school attribute
LDAP attribute |
UDM property |
UCS@school attribute |
Example |
|---|
uid
|
username
|
name
|
demo_student
|
entryUUID
|
|
|
4e2d101a-b843-48d0-81d3-68a74940adc7
|
givenName
|
firstname
|
firstname
|
Alice
|
mailPrimaryAddress
|
mailPrimaryAddress
|
email
|
first.last\@example.com
|
sn
|
lastname
|
lastname
|
Bauer
|
ucsschoolRole
|
ucsschoolRole
|
ucsschool_role
|
student:school:DEMOSCHOOL
|
ucsschoolRecordUID
|
ucsschoolRecordUID
|
|
4e2d101a-b843-48d0-81d3-68a74940adc7
|
ucsschoolSourceUID
|
ucsschoolSourceUID
|
|
school authority name
|
idBrokerPseudonym00XX
|
idBrokerPseudonym00XX
|
|
4e2d101a-b843-48d0-81d3-68a74940adc7
|
6.2.1.2. Groups
Table 6.3 Groups mapping of LDAP attribute → UDM property → UCS@school attribute
LDAP attribute |
UDM property |
UCS@school attribute |
Example |
|---|
cn
|
name
|
name
|
DEMOSCHOOL-Democlass
|
description
|
description
|
|
Math work group
|
ucsschoolRole
|
ucsschoolRole
|
ucsschool_role
|
school_class:school:DEMOSCHOOL
|
uniqueMember
|
users
|
users
|
['uid=demo_student,cn=schueler,cn=...', 'uid=demo_teacher,...']
|
ucsschoolRecordUID
|
ucsschoolRecordUID
|
|
4e2d101a-b843-48d0-81d3-68a74940adc7
|
ucsschoolSourceUID
|
ucsschoolSourceUID
|
|
school authority name
|
idBrokerPseudonym00XX
|
idBrokerPseudonym00XX
|
|
4e2d101a-b843-48d0-81d3-68a74940adc7
|
6.2.1.3. Schools
Table 6.4 Schools mapping of LDAP attribute → UDM property → UCS@school attribute
LDAP attribute |
UDM property |
UCS@school attribute |
Example |
|---|
ou
|
name
|
name
|
DEMOSCHOOL
|
displayName
|
displayName
|
display_name
|
Demo School
|
ucsschoolRole
|
ucsschoolRole
|
ucsschool_role
|
school:school:DEMOSCHOOL
|
ucsschoolRecordUID
|
ucsschoolRecordUID
|
|
4e2d101a-b843-48d0-81d3-68a74940adc7
|
ucsschoolSourceUID
|
ucsschoolSourceUID
|
|
school authority name
|
idBrokerPseudonym00XX
|
idBrokerPseudonym00XX
|
|
4e2d101a-b843-48d0-81d3-68a74940adc7
|
