LDAP identity provider¶
Limit user attributes requested from LDAP¶
This feature allows you to limit number of user attributes that will be requested from LDAP when user logs in. Lowering that number can help with increasing performance.
To configure it please visit the http://idp-core.dev.onegini.me:8082/admin page and login to the Onegini IdP admin console. Select
Config menu option
and navigate to
Identity Providers tab. Click the
+ button to create a new Identity Provider configuration and select LDAP.
- Scroll down to
- By clicking on add new attribute you can add an additional attribute that will be fetched from LDAP.
Saveat the bottom of the page when all of the desired attributes are added.
When adding attributes configuration remember that you can only use specified attributes in Attribute mappings, Custom attribute mapping and
Exclude unmapped attributes that could be send to SP sections located below.
If no user attributes are specified all attributes will be fetched allowing you to add any mapping.
A limitation of the LDAP Identity Provider¶
The LDAP identity provider is a special identity provider for which a user can enter the credentials on the standard login form.
We have a known limitation in combination with another type of external identity provider and
migration during sign up enabled. This will work as follows:
When a user logs in with the other external identity provider, they end up on the migration page. On this page, they can use their LDAP credentials.
After submitting the LDAP credentials, we have 2 scenarios:
1. The user is known (the LDAP credentials are already linked to an existing CIM account). In this scenario, the external identity provider will be linked to the existing account.
2. The user is unknown (the LDAP credentials are not used before). In this scenario, the signup for LDAP triggers. On completion, only the LDAP account will be linked.