Ticket 49248 - update eduPerson to 201602

Bug Description:  Update the eduPerson schema (commonly used by
high education institutes) to match the 201602 release found:
http://software.internet2.edu/eduperson/internet2-mace-dir-eduperson-201602.html

Fix Description:  Update the schema, and add a test asserting the
values work as expected.

https://pagure.io/389-ds-base/issue/49248

Author: wibrown

Review by: mreynolds (Thanks!)

dirsrvtests/tests/suites/schema/test_eduperson.py

@@ -0,0 +1,74 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2017 Red Hat, Inc.
+# All rights reserved.
+#
+# License: GPL (version 3 or any later version).
+# See LICENSE for details.
+# --- END COPYRIGHT BLOCK ---
+#
+
+
+import os
+import logging
+import pytest
+import ldap
+
+from lib389.idm.user import UserAccounts
+from lib389.topologies import topology_st as topology
+from lib389._constants import DEFAULT_SUFFIX
+
+DEBUGGING = os.getenv('DEBUGGING', False)
+
+if DEBUGGING is not False:
+    DEBUGGING = True
+
+if DEBUGGING:
+    logging.getLogger(__name__).setLevel(logging.DEBUG)
+else:
+    logging.getLogger(__name__).setLevel(logging.INFO)
+
+log = logging.getLogger(__name__)
+
+
+def test_account_locking(topology):
+    """
+    Test the eduperson schema works
+    """
+    if DEBUGGING:
+        # Add debugging steps(if any)...
+        pass
+
+    users = UserAccounts(topology.standalone, DEFAULT_SUFFIX)
+
+    user_properties = {
+        'uid': 'testuser',
+        'cn' : 'testuser',
+        'sn' : 'user',
+        'uidNumber' : '1000',
+        'gidNumber' : '2000',
+        'homeDirectory' : '/home/testuser',
+    }
+    testuser = users.create(properties=user_properties)
+
+    # Extend the user with eduPerson
+    testuser.add('objectClass', 'eduPerson')
+
+    # now add eduPerson attrs
+    testuser.add('eduPersonAffiliation', 'value') # From 2002
+    testuser.add('eduPersonNickName', 'value') # From 2002
+    testuser.add('eduPersonOrgDN', 'ou=People,%s' % DEFAULT_SUFFIX) # From 2002
+    testuser.add('eduPersonOrgUnitDN', 'ou=People,%s' % DEFAULT_SUFFIX) # From 2002
+    testuser.add('eduPersonPrimaryAffiliation', 'value') # From 2002
+    testuser.add('eduPersonPrincipalName', 'value') # From 2002
+    testuser.add('eduPersonEntitlement', 'value') # From 2002
+    testuser.add('eduPersonPrimaryOrgUnitDN', 'ou=People,%s' % DEFAULT_SUFFIX) # From 2002
+    testuser.add('eduPersonScopedAffiliation', 'value') # From 2003
+    testuser.add('eduPersonTargetedID', 'value') # From 2003
+    testuser.add('eduPersonAssurance', 'value') # From 2008
+    testuser.add('eduPersonPrincipalNamePrior', 'value') # From 2012
+    testuser.add('eduPersonUniqueId', 'value') # From 2013
+    testuser.add('eduPersonOrcid', 'value') # From 2016
+
+    log.info('Test PASSED')
+
+

ldap/schema/60eduperson.ldif

@@ -1,4 +1,6 @@
 # 60eduperson.ldif - See http://middleware.internet2.edu/eduperson/
+# This is the 201602 version of the eduperson schema.
+# http://software.internet2.edu/eduperson/internet2-mace-dir-eduperson-201602.html
 ################################################################################
 #
 dn: cn=schema
@@ -83,6 +85,7 @@ attributeTypes: (
   NAME 'eduPersonPrimaryOrgUnitDN'
   DESC 'Primary Organizational Unit'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+  SINGLE-VALUE
   X-ORIGIN 'http://middleware.internet2.edu/eduperson/'
   )
 #
@@ -98,11 +101,67 @@ attributeTypes: (
 #
 ################################################################################
 #
+attributeTypes:(
+  1.3.6.1.4.1.5923.1.1.1.10
+  NAME 'eduPersonTargetedID'
+  DESC 'eduPerson per Internet2 and EDUCAUSE'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  X-ORIGIN 'http://middleware.internet2.edu/eduperson/'
+  )
+#
+################################################################################
+#
+attributeTypes:(
+  1.3.6.1.4.1.5923.1.1.1.11
+  NAME 'eduPersonAssurance'
+  DESC 'eduPerson per Internet2 and EDUCAUSE'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  X-ORIGIN 'http://middleware.internet2.edu/eduperson/'
+  )
+#
+################################################################################
+#
+attributeTypes:(
+  1.3.6.1.4.1.5923.1.1.1.12
+  NAME 'eduPersonPrincipalNamePrior'
+  DESC 'eduPersonPrincipalNamePrior per Internet2'
+  EQUALITY caseIgnoreMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  X-ORIGIN 'http://middleware.internet2.edu/eduperson/'
+  )
+#
+################################################################################
+#
+attributeTypes:(
+  1.3.6.1.4.1.5923.1.1.1.13
+  NAME 'eduPersonUniqueId'
+  DESC 'eduPersonUniqueId per Internet2'
+  EQUALITY caseIgnoreMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  SINGLE-VALUE
+  X-ORIGIN 'http://middleware.internet2.edu/eduperson/'
+  )
+#
+################################################################################
+#
+attributeTypes:(
+  1.3.6.1.4.1.5923.1.1.1.16
+  NAME 'eduPersonOrcid'
+  DESC 'ORCID researcher identifiers belonging to the principal'
+  EQUALITY caseIgnoreMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  X-ORIGIN 'http://middleware.internet2.edu/eduperson/'
+  )
+#
+################################################################################
+#
 objectClasses: (
   1.3.6.1.4.1.5923.1.1.2
   NAME 'eduPerson'
   AUXILIARY
-  MAY ( eduPersonAffiliation $ eduPersonNickName $ eduPersonOrgDN $ eduPersonOrgUnitDN $ eduPersonPrimaryAffiliation $ eduPersonPrincipalName $ eduPersonEntitlement $eduPersonPrimaryOrgUnitDN $ eduPersonScopedAffiliation )
+  MAY ( eduPersonAffiliation $ eduPersonNickName $ eduPersonOrgDN $ eduPersonOrgUnitDN $ eduPersonPrimaryAffiliation $ eduPersonPrincipalName $ eduPersonEntitlement $eduPersonPrimaryOrgUnitDN $ eduPersonScopedAffiliation $ eduPersonTargetedID $ eduPersonAssurance $ eduPersonPrincipalNamePrior $ eduPersonUniqueId $ eduPersonOrcid)
   X-ORIGIN 'http://middleware.internet2.edu/eduperson/'
   )
 #