Map custom LDAP user and group attributes to the EAA directory

In your native directory, identify the custom groups and object classes, then configure them in the EAA Management Portal.

When you use the EAA IdP between your LDAP environment and service provider for SAML and SaaS applications, you can map both the EAA default and custom attributes to the LDAP directory for both groups and users. This is also known as OpenLDAP custom schema support.

How to

  1. Identify the custom group and custom object class for the user and group in your native LDAP directory server.
  2. Return to EAA Management Portal.
  3. Open the Directory in EAA. From the top menu bar click Identity > Directories.
  4. Navigate to the Directory you want to configure with a custom LDAP group or user attribute and click the Configure (gear) icon > Show additional attributes > User attributes or Group attributes.
  5. For Group attributes,
    1. In the Group object classes field, enter the LDAP custom group name. For example, <YourCustomGroupName>
    2. In the Search filter field, enter the group object class as objectClass=<YourCustomGroupName>).
    User attribute mapping of Search filter and Group object classes in EAA
    User attribute mapping of Search filter and Group object classes in the LDAP
  6. For User attributes,
    1. In the User object classes field, enter the LDAP custom user name. For example, <YourCustomUserName>
    2. In the Search filter field, enter the group object class as (objectClass=<YourCustomUserName>).
  7. Return to the directory card and sync the changes to the directory in EAA.
    1. From the top menu bar click Identity > Directories.
    2. Navigate to the Directory you modified and click the Sync icon.
  8. Verify the custom user or group changes are in effect. Click the Users or Groups icon.
    Custom group within an EAA directory
    The directory’s Users or Groups page appears.