Configuring LDAP relative DN and object class
When a user submits a registration request, PingFederate formulates the distinguished name (DN) of the user by prefixing the relative distinguished name (RDN) to the base DN defined in the LDAP configuration and then asks PingDirectory to create a new account based on the selected object class.
Steps
-
Optional: Click View List of Available LDAP Attributes to determine which LDAP attributes can be used to construct the RDN pattern.
-
In the Relative DN Pattern field, enter a valid pattern.
The pattern is as follows.
[.parmname]
attribute1=value1…,
[.parmname]
attributeN=valueN]
If you want to use the ${entryUUID} variable to guarantee the uniqueness of the relative DNs for all users, you must use it with the entryUUID
LDAP attribute, such as in the following example.
entryUUID=${entryUUID}
-
From the Object Class list, select the primary objectClass value used when creating a new local identity profile; for example, inetOrgPerson.
-
Optional: From the Auxiliary Object Class Name list, select an objectClass that contains additional required attributes that are not available in the primary objectClass, and click Add. You can add multiple object classes as needed.
For example, if you require the placeOfBirth attribute for a user’s profile, you can add the naturalPerson root object class to the Auxiliary Object Class Name list. Doing this requires that you have done the following:
-
Added placeOfBirth as a field on the Fields tab when configuring the local identity profile.
-
Added the naturalPerson root object class and placeOfBirth attribute on the LDAP Configuration tab when configuring the datastore.
-
-
Click Next.