LDAP attributes


(Robin Shi) #1

Matrix Version: 5.2.7
We have a few LDAP attributes wants to populated into Matrix, but it’s not showing in the ‘user ldap setup’ screen. I have confirmed the attribute can be read from the connector, any clue?
for example: employeeID
many thanks.
Robin


Get additional LDAP/AD user attributes
(Bart Banda) #2

Not sure, hard to say without looking at the LDAP connection details directly and having access to it. Might be a configuration setting needed on the details screen where you enter Bind DN or something. I suggest you lodge a ticket with Squiz Support so that they can look into it further for you.


(Robin Shi) #3

Thanks Bart, i have sent the request to the support.


(Marcus Fong) #4

I believe Matrix reads the list of attributes from the Bind DN service account it uses to connect to the LDAP bridge.

So if the Bind DN account doesn’t have the attribute you want, that attribute won’t appear in Matrix even if other users have it.


(Robin Shi) #5

Hi Marcus,
You are 100% correct. I will chase up with AD admin to add those attributes. You’ve made my day.
Thanks a lot!
Robin


(Robin Shi) #6

Hi Marcus,
I checked with AD admin, these attributes have been there but from the view they are hidden if the value is empty. So it’s not the case.
I will chase up with the support.
Do you know if there is a limit of number of attributes?
Thanks,
Robin


(Marcus Fong) #7

I don’t know of any limit in Matrix, at least none that we’ve ever hit in a project I was involved in.

There is a limit in Windows Active Directory, but it’s very high (5,000 attributes).

I wonder if Matrix is registering the empty attribute - I don’t suppose you could add a dummy value to the attribute on the bind user and see whether that makes a difference, could you?


(Robin Shi) #8

Hi Marcus,
You are right again!
I have tested with the dev environment with another bind DN, it proved your theory. However the bind DN does have empty value because the employeeID is fed from the ILM.
I will discuss with the ILM admin, but anyway, you have solved my problem.
Thanks again!
Robin