I need advice on integrating privacyIDEA with LDAP attributes

Hey privacyIDEA crew! :heart_eyes:

I gearing up to integrate privacyIDEA into our authentication flow, but I’m hitting a snag with custom LDAP attributes. We have some custom fields set up in our LDAP for user management and access control.

No problem authenticating users against LDAP with privacyIDEA, but I’m stuck on how to leverage those custom attributes within privacyIDEA itself. Ideally, I’d like to retrieve and use these attributes to make policy decisions.

Anyone have some pointers on how to configure privacyIDEA to recognize and actually use these custom LDAP attributes?
I also check this : https://community.privacyidea.org/t/how-to-integrate-ldap-on-privacyidea-withmfapaloaltlooker But I have not found any solution. Could you please share any live example and share any helpful resource.

Thanks in advance!

Respected community member :innocent:

You can map any LDAP attribute to any arbitrary privacyIDEA user attribute.

See 5.1. UserIdResolvers — privacyIDEA 3.10dev1 documentation

You could then use user attributes in policies using extended policy conditions. But this is, where it gets really complicated!

https://privacyidea.readthedocs.io/en/latest/policies/conditions.html