The surname is one of the standard LDAP attributes defined in RFC 2256 that UCLA Enterprisee Directory adpots. According to RFC 2256, sn, also known as X.500 surname, "contains the family name of a person." In the context of UCLA ED, this is the last name of the person represented by the identity entry in the UCLA Enterprise Directory.

Data Flow

The Enterprise Directory retrieves LAST_NAME_PERSON from the UID system via the Campus Data Warehouse (CDW) in real-time manner. For each person, the UID system contains names recorded at 4 different university systems. They are Student Record System (SRS), Student Information System (SIS), Payroll Personnel System (PPS), and University Extension System (UNEX). Names from these systems are flagged in APP_ID field accordingly as SR0, SI0, PP0, and UNX. The Enterprise Directory select the name to populate cn base on the following logic:

  • a. If a person currently has student affiliation (flagged as "SRSAffiliated" in uclaPersonDirectoryListAffiliation), select the name in the order below no matter what other affiliation this person has:
    • 1. SR0 name
    • 2. SI0 name
    • 3. PP0 name
    • 4. UNX name
  • b. Else, if a person currently has employee affiliation (flagged as "PPSAffiliated" in uclaPersonDirectoryListAffiliation), select the name in the order below:
    • 1. PP0 name
    • 2. SR0 name
    • 3. SI0 name
    • 4. UNX name
  • c. Else, meaning a person does not have either student of employee affiliation, go with the same order of step a.
  • Note: If the name selected is found with APP_USAGE_STATUS <> 'A', an error message will be logged but the name still goes in ED.

For entries created by [uclaASUCLAID], the attribute is updated by name values in ASUCLA employee filed FTP'd daily. See [uclaASUCLAID] for detail.
For entries created without [uclaUniversityID] or [uclaASUCLAID]; the attribute is updated by UCLA Logon System via web service call in real time manner.

Source System

UID system managed by Financial Aid and Shared Systems, Student Applications, IT Services.
UCLA Logon System managed by Network Engineering & Operations, IT Services.
ASUCLA payroll system managed by ASUCLA.

Access Permission

For students, contact data owner UCLA Registrar's Office.
For employees, contact data owner UCLA Payroll Office.
For ASUCLA employees, contact data owner ASUCLA payroll office.


This is the usage of this attribute in the attribute-map.xml file. For more information about Mapping the attribute please visit Shibboleth wiki.

<Attribute name="urn:oid:" id="SHIBSN"/>

1 Comment

  1. Should this be urn:mace:dir:attribute-def:sn?