Feature: Support for LDAP user profile attributes selection
We have a need to select a specific operational attribute for use in our user’s profiles. Operational attributes are not automatically selected in LDAP lookups, and require that they be specified explicitly in a query. In our case, we require the
entryUUID LDAP attribute from our LDAP user records.
We have implemented this feature and submitted a PR against ad-ldap-connector. Our implementation is more generic that our particular requirement as it allow selecting arbitrary attributes, hooking into the underlying LDAPjs library facility to specify an attribute list.
This feature as implemented could be used to limit the exposure of personal information or provide data transfer efficiency gains for some use cases where a very specific subset of attributes are required. The existing behaviour to bring in defaults (all minus operational attributes) is maintained.
For further context, we then map our required attribute in a custom
profileMapper.js to be included in the Auth0 normalised user profile.