This is an old revision of the document!


Configuration of LDAP Directories to be Synchronized

Key Attribute

Every object in a LDAP directory is uniquely identifiable by its distinguished name (DN). To specify a certain LDAP user entry for authentication purposes it is necessary to build up its distinguished name.

Given the example above, the DN for a user entry could be:

<font inherit/Courier New,Courier,monospace;;inherit;;inherit>CN=<userName>,OU=User,DC=pkit,DC=methodpark,DC=de</font>

The value <username> is assumed to be unique in that case. As every user has its own <username> value, it is necessary to set that attribute value for each user respectively before the user can be authenticated.

The key attribute is therefore used to specify a Stages user attribute, whose value will be set in an authentication schema to build up the distinguished name of a LDAP user entry.

Possible values for the key attribute are:

  • username
  • fullname
  • authenicationUsername