edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
- From: Davide Vaghetti <davide.vaghetti AT garr.it>
- To: Sten Aus <sten.aus AT eenet.ee>, edugain-discuss AT lists.geant.org
- Subject: Re: [eduGAIN-discuss] eduPerson schema in Active Directory
- Date: Thu, 14 Dec 2017 12:19:58 +0100
- Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (1024-bit key) header.d=garr.it
Hello Sten,
as for the approved-by-Microsoft eduPerson schema I think you can have better chances to have a definitive answer asking directly on MACE-Dir list <mace-dir AT internet2.edu>. Please check also the MACE-Dir wiki page:
https://spaces.internet2.edu/display/macedir/MACE-Dir+Working+Group+Space
BTW, I really don't know if the actual eduPerson schema for AD has been vetted by Microsoft or not, though I'm missing the point in having a custom schema "certified" by the vendor of a directory service (unless it changes the TOU, but AFAIK that's not the case for eduPerson).
Consider also that if your IdP is Shibboleth or simpleSAMLphp, you can use filters and scripts to dinamically create attributes like ePPN, ePSA, displayName, you-name-it, without the need to store them in the directory itself.
Cheers,
Davide
On 14/12/2017 10:45, Sten Aus wrote:
Hi
I am Sten from Estonia (TAAT).
I wanted to ask if some of you know (or can ask) how your IdPs handle eduPerson schema in their Active Directory Services? If I understand correctly eduPerson is not supported "out of the box" in AD schema?
As I have one IdP whose main administator does not want to use AD schemas which have not been approved by Windows then there's problems with them from time to time. They tend to miss ePPN attribute for some persons as they need to add this to their extra AD LDS service by another administrator.
Also I wanted to ask if there is a proof that eduPerson schema is/is not approved to Microsoft AD schema? Or can it be added and if it's supported by Microsoft if you manually add it?
If it's not discuss topic, you can reply to me directly, too! :)
Thanks and all the best
Sten Aus
EENet / TAAT
sten.aus AT eenet.ee
--
Davide Vaghetti
Consortium GARR
Tel: +390502213158
Mobile: +393357779542
Skype: daserzw
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- [eduGAIN-discuss] eduPerson schema in Active Directory, Sten Aus, 14-Dec-2017
- Re: [eduGAIN-discuss] eduPerson schema in Active Directory, Davide Vaghetti, 12/14/2017
- Re: [eduGAIN-discuss] eduPerson schema in Active Directory, Peter Schober, 14-Dec-2017
- Re: [eduGAIN-discuss] eduPerson schema in Active Directory, Sten Aus, 14-Dec-2017
- Re: [eduGAIN-discuss] eduPerson schema in Active Directory, Nick Roy, 15-Dec-2017
- Re: [eduGAIN-discuss] eduPerson schema in Active Directory, Sten Aus, 14-Dec-2017
Archive powered by MHonArc 2.6.19.