LDAP Interface connection settings

This table lists the values that might be required to connect to the Okta LDAP Interface.

Field Value

Name

The name of the server

Directory Type

The server type
Hostname <org_subdomain>.ldap.<domain>.com, where <domain> is either oktapreview, okta, or okta-emea.
Port StartTLS on port 389

Or

LDAPS on port 636

Username uid=<username>,<dc=org_subdomain>,dc=<domain>,dc=com, where <domain> is either oktapreview, okta, or okta-emea

Must have admin permissions, but can be a read-only admin

Password <password for the admin user>
Base DN [ou=<users or groups>],<dc=org_subdomain>, dc=<domain>, dc=com , where <domain> is either oktapreview, okta, okta-emea, or okta-gov.com
Additional User DN ou=users

Additional Group DN

ou=groups
User Object Class inetOrgPerson

User Object Filter

(objectclass=inetOrgPerson)
User Name Attribute uid

User Name RDN Attribute

cn
User First Name Attribute givenName

User Last Name Attribute

sn

User Display Name Attribute

cn

User Email Attribute

mail
Group Object Class groupofUniqueNames
Group Object Filter (objectclass=groupOfUniqueNames)
Group Name Attribute cn

Group Description Attribute

description

Group Members Attribute

uniqueMember
User Membership Attribute memberOf

Note that memberOf is not an indexed value and its use could result in significantly slower search times

Use the User Membership Attribute

Select to use the user's membership attribute to determine group membership