User defined attributes either not found or have no value

Hello Cornelius,

According to ‘4.3.3. Additional user attributes’, I should be able to add my own Active Directory attributes to be used in i.e. events. I have defined the givenname of a user to be used in a mail that is sent to the user when a token is created, but it always give ‘None’ as givenname, although it is defined in Active Directory. I also tried to add the displayname, but if I use that in the mailtemplate, I get an 500 error during token creation. My configuration for the ldapresolver has the following attributes defined: { “phone” : “telephoneNumber”, “mobile” : “mobile”, “email” : “mail”, “surname” : “sn”, “givenname” : “givenName” }
Is it possible to have my own attributes defined?


Hello there,
After going through your query what I came to know is that you’re encountering issues with user-defined attributes in Active Directory not being recognized or having no value when used in events, despite being properly defined in your configuration.Based on your configuration for the LDAP resolver, it should be possible to define your own attributes. However, it appears that the givenname attribute is returning ‘None’ even though it’s defined in Active Directory. Additionally, using the displayname attribute in the mail template causes a 500 error during token creation.
Here’s a simpler version of what you can do:

  1. Check Attribute Mapping: Make sure the attributes you’re trying to use are correctly mapped in your configuration.
  2. Verify Permissions: Ensure the account you’re using has permission to access those attributes in Active Directory.
  3. Test Attribute Retrieval: Try retrieving the attributes directly from Active Directory to see if they have values.
  4. Review Logs: Check any error messages or logs for clues about what might be going wrong.
  5. Seek Documentation or Support: Look at the documentation for your system or ask for help if needed.

They should be, as it is the default when clicking the ‘Select Active Directory’ button in the LDAP resolver

I can read other attributes, and the access rights are not so specific that they apply on individual attributes, it’s all or nothing

I can read the other attributes like ‘surname’ (what actually maps to ‘sn’), this is correctly displayed in the mail. In Active Directory Users and Computers, the ‘givenName’ also has a value

What logs do you suggest?

I am posting here… :rofl: :grin: :wink:

The documentation says you can use these attributes in the event handler conditions and in the RADIUS protocol.

But: You can not use the attributes in the notification handler template.

Ok, but that still does not explain why the givenname returns ‘None’ for every user, while this attribute is actually filled in Active Directory. According to chapter of the documentation, the givenname is a valid tag.

You are right.

Note, that the userinformation are taken from the token owner.
Is this a pre-event- or a post-event-handler?

At least in the later case you would have to start debugging.

It’s a post-event-handler

Well, the post event handler should work.
You need to get down and dirty into the debug log.