LDAP Interface connection settings

The following table lists the values that might be required to connect to the Okta LDAP Interface.

Key Value
Host Name

<org_subdomain>.ldap.<domain>.com

where <domain> is either oktapreview, okta, or okta-emea.

Port

StartTLS on port 389

or

LDAPS on port 636.

Base DN

[<ou=users or groups>],<dc=org_subdomain>, dc=<domain> , dc=com

where <domain> is either oktapreview, okta, or okta-emea.

User ID/Bind DN

uid=<username>,<dc=org_subdomain>,dc=<domain>,dc=com

where <domain> is either oktapreview, okta, or okta-emea.

Note: Must be an admin but can be a Read-only admin.

Password

<password for the admin user>

Additional User DN ou=Users
User Object class inetOrgPerson
User Name Attribute uid
User Password Attribute Okta does not expose passwords.
Group Object Class groupofUniqueNames
Group Object Filter
Group Members Attribute uniqueMember
User Members Attribute

memberOf

Note: memberOf is not an indexed value. Using memberOf will result in significantly slower search times.