Configuration of LDAP Directories to be Synchronized

Key Attribute

Every object in a LDAP directory is uniquely identifiable by its distinguished name (DN). To specify a certain LDAP user entry for authentication purposes it is necessary to build up its distinguished name.

Given the example above, the DN for a user entry could be:


The value <username> is assumed to be unique in that case. As every user has its own <username> value, it is necessary to set that attribute value for each user respectively before the user can be authenticated.

The key attribute is therefore used to specify a Stages user attribute, whose value will be set in an authentication schema to build up the distinguished name of a LDAP user entry.

Possible values for the key attribute are:

  • username
  • fullname
  • authenicationUsername

NOTE: If the key attribute is set to “authenticationUsername“, then the value is used directly to authenticate a user and it is not set in the authentication schema. The login name directly corresponds to the distinguished name of the LDAP entry. The values of these user attributes are stated when a new user gets created in Stages