LDAP Person

ldap_person

The additional LDAP attributes that describe a person.

Attributes

Caption	Name	Type	Description
Cost Center	`cost_center`	String	The cost center associated with the user.
Created Time	`created_time`	Timestamp	The timestamp when the user was created.
Deleted Time	`deleted_time`	Timestamp	The timestamp when the user was deleted. In Active Directory (AD), when a user is deleted they are moved to a temporary container and then removed after 30 days. So, this field can be populated even after a user is deleted for the next 30 days.
Email Addresses	`email_addrs`	Email Address[]	Entity:`EMAIL_ADDRESS` A list of additional email addresses for the user.
Employee ID	`employee_uid`	String	The employee identifier assigned to the user by the organization.
Given Name	`given_name`	String	The given or first name of the user.
Hire Time	`hire_time`	Timestamp	The timestamp when the user was or will be hired by the organization.
Job Title	`job_title`	String	The user's job title.
Labels	`labels`	String[]	The labels associated with the user. For example in AD this could be the `userType`, `employeeType`. For example: `Member, Employee`.
Last Login	`last_login_time`	Timestamp	The last time when the user logged in.
LDAP Common Name	`ldap_cn`	String	The LDAP and X.500 `commonName` attribute, typically the full name of the person. For example, `John Doe`.
LDAP Distinguished Name	`ldap_dn`	String	The X.500 Distinguished Name (DN) is a structured string that uniquely identifies an entry, such as a user, in an X.500 directory service For example, `cn=John Doe,ou=People,dc=example,dc=com`.
Leave Time	`leave_time`	Timestamp	The timestamp when the user left or will be leaving the organization.
Geo Location	`location`	Geo Location[]	Entity:`GEO_LOCATION` The geographical location associated with a user. This is typically the user's usual work location.
Manager	`manager`	User[]	Entity:`USER` The user's manager. This helps in understanding an org hierarchy. This should only ever be populated once in an event. I.e. there should not be a manager's manager in an event.
Modified Time	`modified_time`	Timestamp	The timestamp when the user entry was last modified.
Office Location	`office_location`	String	The primary office location associated with the user. This could be any string and isn't a specific address. For example, `South East Virtual`.
Telephone Number	`phone_number`	String	The telephone number of the user. Corresponds to the LDAP `Telephone-Number` CN.
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
Surname	`surname`	String	The last or family name for the user.
Tags	`tags`	Key:Value object[]	The list of tags; `{key:value}` pairs associated to the user.
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.

Relationships

Inbound Relationships

These objects and events reference LDAP Person in their attributes:

User

Outbound Relationships

LDAP Person references the following objects and events in its attributes:

This page describes ocsf-1.4.0