Use these instructions to initiate ways to specify methods for PingFederate to search for particular user data.
On the LDAP Directory Search window, specify the branch of your directory hierarchy where you want PingFederate to look up user data. For more information about each field, refer to the following table.
Field | Description |
---|---|
Base DN |
The base distinguished name (DN) of the tree structure in which the search begins. This field is optional if records are located at the root of the directory. |
Search Scope |
The node depth of the query. Select Subtree (the default value), One level or Object. |
Root Object Class |
The object class containing the desired attributes. |
Attributes |
A list of attributes based on the selected Root Object Class value. |
Option (optional) |
The attribute option for the selected attribute. |
Example
Suppose you want to map the sn Active Directory (AD) user attribute
into an OpenID Connect policy. The users for this use case reside under a specific
container on your directory server, OU=West, DC=example, DC=com
.
On the LDAP Directory Search window, enter OU=West,
DC=example, DC=com
as the base DN, keep the default Search
Scope value (Subtree), select <Show
All Attributes> from the Root Object Class
list, select the sn
AD user attribute, and click Add
Attribute.