When you choose to retrieve attribute values from a directory server, you follow this path through the configuration steps.
On the LDAP Directory Search screen you begin to specify the branch of your directory hierarchy where you want PingFederate to look up user data. For more information about each field, refer to the following table:
Field | Description |
---|---|
Base DN | The base distinguished name of the tree structure in which the search begins. This field is optional if records are located at the root of the directory. |
Search Scope | The node depth of the query. Select Subtree (the default value), One level or Object. |
Root Object Class | The object class containing the desired attributes. |
Attributes | A list of attributes based on the selected Root Object Class value. |
Example
Suppose you want to map the sn Active Directory (AD) user
attribute into an OpenID Connect policy. The users for this use case reside under a
specific container on your directory server, OU=West, DC=example,
DC=com
.
On the LDAP Directory Search screen, enter OU=West,
DC=example, DC=com
as the base DN, keep the default Search
Scope value (Subtree), select
<Show All Attributes> from the Root Object
Class list, select the sn
AD user attribute, and
click Add Attribute.