Creating an LDAP Username Password Credential Validator instance - PingFederate

Creating an LDAP Username Password Credential Validator instance - PingFederate - 10.0

PingFederate Server

bundle

pingfederate-100

ft:publication_title

PingFederate Server

Product_Version_ce

PingFederate 10.0

category

Product

pf-100

pingfederate

ContentType_ce

Page created: 12 Sep 2019 |

Page updated: 19 Mar 2020

| 2 min read

PingFederate 10.0 Product Software Deployment Method Product documentation Content Type Administrator Audience Configuration User task LDAP Standards, specifications, and protocols

The administrators must authenticate successfully against the first factor; for example, a directory server where the administrator accounts, credentials and group memberships are stored. To fulfill this requirement, you need an LDAP connection from PingFederate to your directory server and an instance of the LDAP Username Password Credential Validator.

Go to the System > Password Credential Validators screen, and then click Create New Instance.
On the Type screen, select LDAP Username Password Credential Validator from the list and provide a name and an ID for it.

On the Instance Configuration screen, select the LDAP datastore and enter information into the required fields.

For more information about each field, refer to the following table:

Field	Description
LDAP Datastore (Required)	The LDAP datastore configured in PingFederate. If you have not yet configured the server to communicate with the LDAP directory server you need, click Manage Data Stores. There is no default selection.
Search Base (Required)	The location in the directory server from which the search begins. This field has no default value.
Search Filter (Required)	The LDAP query to locate a user record. If your use case requires the flexibility of allowing users to identify themselves using different attributes, you may include these attributes in your query. For instance, the following search filter allows users to sign on using either the sAMAccountName or employeeNumber attribute value through the HTML Form Adapter: `(\|(sAMAccountName=${username})(employeeNumber=${username}))` This field has no default value.
Scope of Search	The level of search to be performed in the search base. One Level indicates a search of objects immediately subordinate to the base object, not including the base object itself. Subtree indicates a search of the base object and the entire subtree within the base object distinguished name. The deault selection is Subtree.
Case-Sensitive Matching	The option to enable case-sensitive matching between the LDAP error messages returned from the directory server and the Match Expression values specified on this screen. This check box is selected by default.

On the Extended Contract screen, click Next to skip to the Summary screen.
On the Summary screen, review the configuration, modify as needed, and then save the configuration.