When a user submits a registration request, PingFederate formulates the distinguished
name (DN) of the user by prefixing the relative distinguished name (RDN) to the base DN
defined in the LDAP configuration and then asks PingDirectory to create a new account based on
the selected object class.
- Optional:
Click View List of Available LDAP Attributes to determine
which LDAP attributes can be used to construct the RDN pattern.
-
In the Relative DN Pattern field, enter a valid
pattern.
The pattern is as follows.
attribute1=value1[,
...,
attributeN=valueN]
If you want to use the ${entryUUID} variable to guarantee the
uniqueness of the relative DNs for all users, you must use it with the
entryUUID LDAP attribute, such as in the following example.
entryUUID=${entryUUID}
-
From the Object Class list, select the primary objectClass
value used when creating a new local identity profile; for example,
inetOrgPerson.
- Optional:
From the Auxiliary Object Class Name list, select an
objectClass that contains additional required attributes that are not available in
the primary objectClass, and click Add. You can add multiple
object classes as needed.
For example, if you require the placeOfBirth attribute for a user's profile, you
can add the naturalPerson root object class to the
Auxiliary Object Class
Name list. Doing this requires that you have done the following:
- Added placeOfBirth as a field on the Fields tab when
configuring the local identity profile.
- Added the naturalPerson root object class and placeOfBirth attribute on the
LDAP Configuration tab when configuring the
datastore.
-
Click Next.