LDAP Interface connection settings

This table lists the values that might be required to connect to the Okta LDAP Interface.

Field Value

Name

The name of the server

Directory Type

The server type

Hostname

<org_subdomain>.ldap.<domain>.com

where <domain> is either oktapreview, okta, or okta-emea.

Port

StartTLS on port 389

or

LDAPS on port 636

Username

uid=<username>,<dc=org_subdomain>,dc=<domain>,dc=com

where <domain> is either oktapreview, okta, or okta-emea

Must have admin permissions, but can be a read-only admin

Password

<password for the admin user>

Base DN

[ou=<users or groups>],<dc=org_subdomain>, dc=<domain> , dc=com

where <domain> is either oktapreview, okta, or okta-emea

Additional User DN ou=users

Additional Group DN

ou=groups

User Object Class inetOrgPerson

User Object Filter

(objectclass=inetOrgPerson)

User Name Attribute uid

User Name RDN Attribute

cn

User First Name Attribute givenName

User Last Name Attribute

sn

User Display Name Attribute

cn

User Email Attribute

mail

Group Object Class groupofUniqueNames
Group Object Filter (objectclass=groupOfUniqueNames)
Group Name Attribute cn

Group Description Attribute

description

Group Members Attribute

uniqueMember

User Membership Attribute

memberOf

memberOf is not an indexed value and its use could result in significantly slower search times

Use the User Membership Attribute

Select to use the user's membership attribute to determine group membership