Shibboleth Identity Provider attribute mapping

Mapping the local user schema to the Edugate schema can be a trivial or complex task depending on the complexity of the local schema and how close or dissimilar both schemas are.

Simple maps

LDAP directories that use the inetOrgPerson and Person schemas will provide a simple mapping for some of the Edugate's schema attributes. For example, the common LDAP attributes, givenName, sn and mail can be simply mapped to the equivalent Edugate attributes as they are both from the same parent schemas (inetOrgPerson and Person).

Complex maps

The eduPersonPrincipalName, eduPersonTargetedID, eduPersonScopedAffiliation and eduPersonEntitlement attributes can be more complex to map as they not found in many organisations local schema. As an example, consider the ficticious institution 'University of Mullingar' (, if the campus durectory at UM used the inetOrgPerson attribute employeeType to denote a users role at UM (having values of STU for students and STF for staff), this would need to be mapped into the eduPersonScopedAffiliation value and staff@um.ierespectivly. This may be further complicated if UM treats postgraduate students studying for a Research Postgraduate Degree as staff, while postgraduates on taught programmes as students, and the employeeType value PGRAD offers no distinction between either type of postgraduate.

Example complex mappings