private static final String AFFILIATION_ATTR   = "eduPersonPrimaryAffiliation";

    /**
     * The "affiliation" field in LDAP tells us whether someone is staff, faculty,
     * a student, or in another role.
     *
     * @param userEntry       The LDAP entry
     */

    public String getUserAccountType(LDAPEntry userEntry) {
        if (userEntry.getAttribute(AFFILIATION_ATTR) != null) {
            String affiliation =
                    userEntry.getAttribute(AFFILIATION_ATTR).getStringValue();
            if ("staff".equals(affiliation)) {
                return "staff";
            }
            if ("faculty".equals(affiliation)) {
                return "faculty";
            }
        }
        return getUserAccountType();
    }