LDAP Person
ldap_person
The additional LDAP attributes that describe a person.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Cost Center | cost_center |
String | The cost center associated with the user. |
| Created Time | created_time |
Timestamp | The timestamp when the user was created. |
| Deleted Time | deleted_time |
Timestamp | The timestamp when the user was deleted. In Active Directory (AD), when a user is deleted they are moved to a temporary container and then removed after 30 days. So, this field can be populated even after a user is deleted for the next 30 days. |
| Email Addresses | email_addrs |
Email Address[] |
Entity:EMAIL_ADDRESSA list of additional email addresses for the user. |
| Employee ID | employee_uid |
String | The employee identifier assigned to the user by the organization. |
| Given Name | given_name |
String | The given or first name of the user. |
| Hire Time | hire_time |
Timestamp | The timestamp when the user was or will be hired by the organization. |
| Job Title | job_title |
String | The user's job title. |
| Labels | labels |
String[] |
The labels associated with the user. For example in AD this could be the userType, employeeType. For example: Member, Employee.
|
| Last Login | last_login_time |
Timestamp | The last time when the user logged in. |
| LDAP Common Name | ldap_cn |
String |
The LDAP and X.500 commonName attribute, typically the full name of the person. For example, John Doe.
|
| LDAP Distinguished Name | ldap_dn |
String |
The X.500 Distinguished Name (DN) is a structured string that uniquely identifies an entry, such as a user, in an X.500 directory service For example, cn=John Doe,ou=People,dc=example,dc=com.
|
| Leave Time | leave_time |
Timestamp | The timestamp when the user left or will be leaving the organization. |
| Geo Location | location |
Geo Location[] |
Entity:GEO_LOCATIONThe geographical location associated with a user. This is typically the user's usual work location. |
| Manager | manager |
User[] |
Entity:USERThe user's manager. This helps in understanding an org hierarchy. This should only ever be populated once in an event. I.e. there should not be a manager's manager in an event. |
| Modified Time | modified_time |
Timestamp | The timestamp when the user entry was last modified. |
| Office Location | office_location |
String |
The primary office location associated with the user. This could be any string and isn't a specific address. For example, South East Virtual.
|
| Telephone Number | phone_number |
String |
The telephone number of the user. Corresponds to the LDAP Telephone-Number CN.
|
| Raw Data | raw_data |
JSON |
Group:contextThe event data as received from the event source. |
| Record ID | record_id |
String |
Group:primaryUnique identifier for the object |
| Surname | surname |
String | The last or family name for the user. |
| Tags | tags |
Key:Value object[] |
The list of tags; {key:value} pairs associated to the user.
|
| Unmapped | unmapped |
Unmapped[] | Data from the source that was not mapped into the schema. |
Relationships
Inbound Relationships
These objects and events reference LDAP Person in their attributes:
Outbound Relationships
LDAP Person references the following objects and events in its attributes:
This page describes ocsf-1.4.0
Updated 10 days ago