Support for LDAP user profile attribute selection

Feature: Support for LDAP user profile attributes selection

We have a need to select a specific operational attribute for use in our user’s profiles. Operational attributes are not automatically selected in LDAP lookups, and require that they be specified explicitly in a query. In our case, we require the entryUUID LDAP attribute from our LDAP user records.

We have implemented this feature and submitted a PR against ad-ldap-connector. Our implementation is more generic that our particular requirement as it allow selecting arbitrary attributes, hooking into the underlying LDAPjs library facility to specify an attribute list.

This feature as implemented could be used to limit the exposure of personal information or provide data transfer efficiency gains for some use cases where a very specific subset of attributes are required. The existing behaviour to bring in defaults (all minus operational attributes) is maintained.

For further context, we then map our required attribute in a custom profileMapper.js to be included in the Auth0 normalised user profile.

Thanks for the detailed feedback request!

1 Like