Setting
Description
User Object Class
This is the name of the class used for the LDAP user object. Example:
user
User Object Filter
The filter to use when searching user objects. Example:
(&(objectCategory=Person)(sAMAccountName=*))
More examples can be found in our knowledge base. See How to write LDAP search filters.
User Name Attribute
The attribute field to use when loading the username. Examples:
cnsAMAccountName
NB: In Active Directory, the 'sAMAccountName' is the 'User Logon Name (pre-Windows 2000)' field. The User Logon Name field is referenced by 'cn'.
User Name RDN Attribute
The RDN (relative distinguished name) to use when loading the username. The DN for each LDAP entry is composed of two parts: the RDN and the location within the LDAP directory where the record resides. The RDN is the portion of your DN that is not related to the directory tree structure. Example:
cn
User First Name Attribute
The attribute field to use when loading the user's first name. Example:
givenName
User Last Name Attribute
The attribute field to use when loading the user's last name. Example:
sn
User Display Name Attribute
The attribute field to use when loading the user's full name. Example:
displayName
User Email Attribute
The attribute field to use when loading the user's email address. Example:
mail
User Password Attribute
The attribute field to use when loading a user's password. Example:
unicodePwd
The attribute used as a unique immutable identifier for user objects. This is used to track username changes and is optional. If this attribute is not set (or is set to an invalid value), user renames will not be detected — they will be interpreted as a user deletion then a new user addition.
This should normally point to a UUID value. Standards-compliant LDAP servers will implement this as 'entryUUID' according to RFC 4530. This setting exists because it is known under different names on some servers, e.g. 'objectGUID' in Microsoft Active Directory.