This article shows how to find the attributes Okta expects for the User Object Class used in an LDAP integration.

• Directories
• LDAP Domain
• Required Attributes

The value entered for the User Object Class of an LDAP domain's integration settings will determine the list of attributes Okta will expect for each user object.
 

1. Navigate to the LDAP integration in Okta and select Provisioning > Integration.

2. Scroll to the bottom of the Integration page, enter the full username of an LDAP user, and click Test Configuration.

3. Navigate to the LDAP Agent server and open the most recently modified log file, which is located at C:\Program Files\Okta\Okta LDAP Agent\logs.
4. Scroll to the bottom of the log file and search for the most recent string that starts with: Filter=(&(objectclass=
5. The next line will contain a list of attributes similar to the text below. The comma-separated list after Attributes= is the list of required attributes Okta expects for the objectclass shown at the beginning of the filter. 
6. Either ensure the schema contains these attributes or consider a different object class.

Filter=(&(objectclass=user)(objectguid=\73\74\E4\87\5F\9E\D2\4C\A7\3B\6B\AE\23\32\81\9C)) Scope=SUB Attributes={givenName,lastName,distinguishedName,uid,mail,preferredLanguage,telephoneNumber,l,postalCode,employeeID,cn,title,employeeNumber,physicalDeliveryOfficeName,postalAddress,manager,mobile,streetAddress,departmentNumber,st,objectClass,distinguishedname,objectguid,msds-useraccountdisabled,distinguishedname,modifyTimeStamp}
 

Related References

• Configure LDAP integration settings