Skip to content

LDAP identity provider

Limit user attributes requested from LDAP

This feature allows you to limit number of user attributes that will be requested from LDAP when user logs in. Lowering that number can help with increasing performance.

To configure it please visit the page and login to the Onegini IdP admin console. Select Config menu option and navigate to Identity Providers tab. Click the + button to create a new Identity Provider configuration and select LDAP.

  1. Scroll down to Attributes configuration.
  2. By clicking on add new attribute you can add an additional attribute that will be fetched from LDAP.
  3. Click Save at the bottom of the page when all of the desired attributes are added.

When adding attributes configuration remember that you can only use specified attributes in Attribute mappings, Custom attribute mapping and Exclude unmapped attributes that could be send to SP sections located below. If no user attributes are specified all attributes will be fetched allowing you to add any mapping.

A limitation of the LDAP Identity Provider

The LDAP identity provider is a special identity provider for which a user can enter the credentials on the standard login form.

We have a known limitation in combination with another type of external identity provider and migration during sign up enabled. This will work as follows: When a user logs in with the other external identity provider, they end up on the migration page. On this page, they can use their LDAP credentials. After submitting the LDAP credentials, we have 2 scenarios: 1. The user is known (the LDAP credentials are already linked to an existing CIM account). In this scenario, the external identity provider will be linked to the existing account. 2. The user is unknown (the LDAP credentials are not used before). In this scenario, the signup for LDAP triggers. On completion, only the LDAP account will be linked.