Unique ID   coreshow all attributes
Name swissEduPersonUniqueID
Description A unique identifier for a person, mainly for inter-institutional user identification on personalized services
Vocabulary not applicable, no controlled vocabulary
References none
OID 2.16.756.
LDAP Syntax Directory String
# of values single
Example values
  • 845938727494@ethz.ch
  • 288aac23dbf9e1460c86b1a5a04c6afb75f724ce@uzh.ch


This identifier represents a specific principal in a specific identity system. Values of this attribute MUST be assigned in such a manner that no two values created by distinct identity systems could collide. This identifier is permanent, to the extent that the principal is represented in the issuing identity system. Once assigned, it MUST NOT be reassigned to another principal.

This identifier is scoped and of the form uniqueID@scope.

scope (domain part)

It is equivalent to the registered Internet domain the home organization uses, i.e. the same value as the content of the attribute swissEduPersonHomeOrganization.

uniqueID (local part)

It is an ID uniquely allocated by the home organization for a user they correctly authenticated according to the local authentication policy.
The uniqueID portion MUST be unique within the context of the issuing identity system (no reassignment to another principal) and MUST contain only alphanumeric characters (a-z, A-Z, 0-9). The length of the uniqueID portion MUST be less than or equal to 64 characters.

Deprecated former definition of uniqueID part

Deprecated in March 2017 (PDF document version 1.6) in favor of a definition aligned with the eduPersonUniqueId attribute:
The uniqueID part can contain any characters which can be part of the local part of an e-mail address according to [RFC5322], namely: -._%.


  • One SHOULD NOT expose the Unique ID to end users; especially one SHOULD NOT require a user to provide his Unique ID manually!

  • The uniqueID part MAY be a hash value based on unique information about the user.

  • The minimum length of the local part SHOULD be 6 and the maximum length of the whole value SHOULD be 255 characters.

  • Due to the caseIgnoreMatch matching rule from the LDAP schema one SHOULD only use uppercase OR lowercase characters to avoid potential clashes.

Find the complete list of attribute definitions in one single document: Attribute Specification