--- title: Configuring LDAP base DN and attributes description: Configure the datastore to search for a user's authentication starting with the base distinguished name (DN) and attributes within the LDAP directory. component: pingfederate version: 13.1 page_id: pingfederate:administrators_reference_guide:pf_configuring_ldap_base_dn_attributes canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/pf_configuring_ldap_base_dn_attributes.html llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md revdate: July 10, 2024 section_ids: about-this-task: About this task steps: Steps result: Result: result-2: Result: related-links: Related links --- # Configuring LDAP base DN and attributes Configure the datastore to search for a user's authentication starting with the base distinguished name (DN) and attributes within the LDAP directory. ## About this task On the **LDAP Configuration** tab, specify the branch of your directory hierarchy where you want PingFederate to store customer identities. Then, select the object class and the attributes to be associated with local identity fields. | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Later you will associate the local identity profile with an HTML Form Adapter instance and apply the profile in an identity provider (IdP) authentication policy as part of the customer IAM configuration. If your use case requires registration or profile management, the policy engine must look up the users as they access the registration page or the profile management page. The scope of this search begins at the base DN defined here.For this reason, the base DN here should match the value of the **Search Base** field defined in the LDAP Username Password Credential Validator instance used by the associated HTML Form Adapter instance. | For more information about each field, refer to the following table. | Field | Description | | ----------------- | ------------------------------------------------------------------------------------------------ | | Base DN | The base distinguished name of the tree structure where PingFederate stores customer identities. | | Root Object Class | The object class containing the desired attributes. | | Attributes | A list of attributes based on the selected **Root Object Class** value. | ## Steps 1. Go to **Authentication > Policies > Local Identity Profiles**. 2. On the **Data Store Configuration** tab, click **Configure Data Store**. ### Result: This will open a **Data Store** window. 3. On the **LDAP Configuration** tab, enter the applicable fields. 4. In the **User DN** field, specify a base DN. | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | You can reference attribute values in the form of `${attributeName:-defaultValue}`. The default value is optional. When specified, it is used at runtime if the attribute value is not available. Do not use `${` and `}` in the default value. | 5. (Optional) Click **View Local Identity Fields** to determine which attributes from the directory server should be added to the local identity profile. 6. From the **LDAP Configuration** tab, click **Advanced**. ### Result: This will open the **LDAP Binary Attributes** tab. 7. On the **LDAP Binary Attributes** tab, add attributes. 1. Enter a name in the **Binary Attribute Name**. 2. Click **Add**. 3. Select a root object class, select an applicable attribute, and then click **Add Attribute**. Repeat this step to add more attributes as needed. 8. Click **Done**. Click **Save**. ## Related links * [Setting up PingDirectory for customer identities](pf_setting_up_pd_for_customer_identit.html)