roles: ea, cad

If the identity provider is LDAP, a subset of LDAP provider attributes can be used as the mapping attribute placeholder value.

The placeholder value must use the following syntax:

${providerAttributes.<LDAP attribute name>}

When you create a new LDAP identity provider entity, the POST request automatically maps the PingOne username attribute to the LDAP username attribute. The username attribute is the core mapping attribute; the default LDAP attribute value is uid.

The POST /environments/{environmentId}/identityProviders operation adds a new identity provider resource to the specified environment.

When the type property value is set to LDAP, LDAP’s gateway, authenticationBehavior, and searchBaseDN property values are required in the request body.

LDAP identity provider settings data model

Property Description
gateway A string that specifies the LDAP gateway. This is a required property.
authenticationBehavior A string that specifies the authentication behavior. Options are NO_MIGRATION and MIGRATE_PASSWORD. This is a required property.
searchBaseDN A string that specifies the base DN used to search for users by LDAP Gateways. The value must be a valid LDAP DN. This is a required property.

LDAP core attributes

Property Description
username A string that specifies the core LDAP attribute. The default value is ${uid} and the default update value is EMPTY_ONLY.