---
title: Configuring directories for account-link storage
description: You can create and configure a directory server to store account linking data.
component: pingfederate
version: 13.1
page_id: pingfederate:administrators_reference_guide:pf_config_directori_account_link_storag
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/pf_config_directori_account_link_storag.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: March 6, 2023
section_ids:
  before-you-begin: Before you begin
  steps: Steps
  example: Example:
  related-links: Related links
---

# Configuring directories for account-link storage

You can create and configure a directory server to store account linking data.

## Before you begin

|   |                                                                                                                                                                                                                                    |
| - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | User accounts for linking must exist in the directory prior to establishing the account link. The Account Linking Service does not add users to the directory server, it only updates `AccountLinkDataAttribute` for a given user. |

## Steps

1. Go to **System > Data & Credential Stores > \[.wintitle]** **Data Stores**\*\* and create a new datastore to connect PingFederate to the directory. For more information, see [Configuring an LDAP connection](help_datasourcetasklet_ldapconfigstate.html).

2. Copy the system ID of the new account-linking datastore.

3. Edit the `<pf_install>/pingfederate/server/default/conf/service-points.conf` file.

   Locate the service-point for the account linking service.

   ```
   # Service/adapter for storage of account linking
   # Supported classes:
   # org.sourceid.saml20.service.impl.AccountLinkingServiceDBImpl : Use this service-point for a database implementation
   # org.sourceid.saml20.service.impl.AccountLinkingServiceLDAPImpl : Use this service-point for an LDAP implementation
   account.linking.service=org.sourceid.saml20.service.impl.AccountLinkingServiceDBImpl
   ```

   Update the `class` value to `org.sourceid.saml20.service.impl.AccountLinkingServiceLDAPImpl`.

4. Edit the `<pf_install>/org.sourceid.saml20.service.impl.AccountLinkingServiceLDAPImpl.xml` file.

   The following example shows the default content of the file.

   ```xml
   <?xml version="1.0" encoding="UTF-8"?>
   <c:config xmlns:c="http://www.sourceid.org/2004/05/config">

      <!-- Data store id -->
      <c:item name="PingFederateDSJNDIName"></c:item>

      <!-- LDAP search base -->
      <c:item name="UserSearchBase"></c:item>

      <!-- LDAP username attribute.  ex: sAMAccountName -->
      <c:item name="UsernameAttribute"></c:item>

      <!-- Attribute on user object to place Account Linking data -->
      <c:item name="AccountLinkDataAttribute"></c:item>

   </c:config>
   ```

   Insert the applicable values between the XML tags as shown in the following table.

   | Item name                  | Element value                                                                                                                                                                                                                                                                                                                                         |
   | -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   | `PingFederateDSJNDIName`   | The system ID of new account-linking datastore.                                                                                                                                                                                                                                                                                                       |
   | `UserSearchBase`           | The location in the directory server from which the search begins.                                                                                                                                                                                                                                                                                    |
   | `UsernameAttribute`        | The attribute that represents the user identifier.                                                                                                                                                                                                                                                                                                    |
   | `AccountLinkDataAttribute` | The attribute to store account linking data.+&#xA;&#xA;The AccountLinkDataAttribute can be any multivalued string attribute on a user object class. We recommend that you extend the LDAP schema with a custom attribute for use here. Learn more about extending the Active Directory schema in Extending the Schema in the Microsoft documentation. |

5. Start or restart PingFederate.

6. If you are running PingFederate in a cluster, go to **System > Server > Cluster Management** and replicate this change to the other runtime servers.

   |   |                                                                                                                                                |
   | - | ---------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | You must also manually apply the changes made in the `service-points.conf` file and then start or restart PingFederate on each runtime server. |

7. In the directory, create equality indexes on the LDAP attribute types you specified for the configuration properties `UsernameAttribute` and `AccountLinkDataAttribute`.

   ### Example:

   For example, you would need to create equality indexes on `sAMAccountName` and `AccountLink` if you had specified the following in step 4:

   ```
   <!-- LDAP username attribute. ex: sAMAccountName -->
   <c:item name="UsernameAttribute">sAMAccountName</c:item>

   <!-- Attribute on user object to place Account Linking data -->
   <c:item name="AccountLinkDataAttribute">AccountLink</c:item>
   ```

## Related links

* [System requirements](../installing_and_uninstalling_pingfederate/pf_system_requirements.html)

* [Configuring an LDAP connection](help_datasourcetasklet_ldapconfigstate.html)