As of PingFederate 7.3, the integrated LDAP Username Password Credential Validator (PCV) can return additional attribute values upon successful validation. If you have previously deployed the LDAPExtendedAttributesPCV-<version>.jar file from the PingID integration kit and created an instance of the LDAP PCV with Extended Attributes, migrate to the integrated LDAP Username PCV.

  1. Create an instance of the integrated LDAP Username PCV.
    1. On the System > Password Credential Validators screen, click Create New Instance.
    2. On the Type screen, enter the required information and select LDAP Username Password Credential Validator from the list.
    3. On the Instance Configuration screen, select an LDAP datastore from the list, enter a search base and a search filter, and select the scope of the search.
      Tip:

      You may reuse the information from the existing LDAP PCV with Extended Attributes instance.

    4. On the Extended Contract screen, enter memberOf under Extend the Contract and click Add.
    5. On the Summary screen, review the setup and click Done.
    6. On the Manage Credential Validator Instances screen, click Save.
  2. In configuration where the LDAP PCV with Extended Attributes instance is used, replace it with the newly created LDAP Username Password Credential Validator instance.

    For example, if you have created an instance of the PingID PCV (with integrated RADIUS server) instance and have selected an instance of the LDAP PCV with Extended Attributes as one of the delegate PCVs, remove the selection and add the newly created LDAP Username Password Credential Validator instance to the list.

  3. When the LDAP PCV with Extended Attributes instance is no longer in-use, delete it from the System > Password Credential Validators screen.
  4. Remove the LDAPExtendedAttributesPCV-<version>.jar file from the <pf_install>/pingfederate/server/default/deploy directory on all PingFederate servers.
  5. Restart PingFederate on all PingFederate servers.