Specify LDAP attributes

By configuring the LDAP Server form and adding the Attributes field, you can specify, and thereby limit, the attributes the LDAP server query returns. This can enhance performance as well as security.

Before you begin

Role required: admin

About this task

By default, the system loads all of the attributes for each object that it has permission to read from your LDAP server. By configuring the LDAP Server form and adding the Attributes field, you can specify, and thereby limit, the attributes the LDAP server query returns. Using this approach for large LDAP imports can greatly improve the speed of those imports.

For best results, define attributes where possible. If there is information that you do not want exposed to the system, exclude the attribute.

If you do not specify LDAP server attributes, user transactions may freeze for extended periods of time when new attributes are added to an LDAP server object because the system will be busy loading data from the new attributes.

Note: To use the manager lookup scripts described in Select or Create a Transform Map for LDAP Data, specify manager and dn (distinguished name) in the Attributes field. Neither attribute is required to be a part of a transform map.
LDAP attributes