LDAP - Configure profile fields


Active Directory (AD) is a database that stores information about users and LDAP is a protocol that allows you to talk to it.

  • A user profile field in your AD will have an attribute name.
  • A user profile field in claromentis will have a key. 
  • Mapping an AD attribute to a Claromentis key ensures the information from the AD field will populate the Claromentis field upon the next sync.
  • This will work for every user that you are bringing across from your AD into Claromentis.

Please note: Attribute names may not relate to the field information itself. Sometimes the attribute is named logically i.e. "surname" corresponds to a users last name but in other instances the attribute name is unrelated i.e. "init_2" corresponds to a users interests. The name is arbitrary so concern need only be about knowing what user information the attribute name represents.

We have created an LDAP tool in Claromentis for you to use to make mapping fields and the subsequent sync as painless as possible.

  • This article will follow on from the the "Setting up the LDAP tool" guide.
  • It is recommended to read that article first before following along with this one.


LDAP Tool In Claromentis

You will have already set up your connection using the tool when following the previous guide. 

  • To access the tool again head to Applications > Admin > Sysadmin > LDAP

Image 1 -  Landing page of the LDAP tool


Click on the pencil Icon shown in Image 1 in order to begin editing the connection

  • Section 3 of the tool is where AD attributes can be mapped to Claromentis fields, as shown in Image 2.
  • The attributes that are currently set up to run on the next sync will always appear in section 3.
  • After the initial set up, this table will be populated by default fields that are mandatory and cannot be removed.
    • These include: first name, surname, email and telephone number.
  • However at any time, you can use the LDAP tool to edit fields and configure new ones to run on the next sync that do not include the default.

In Image 2, it is shown that information relating to users interests has been set up to sync from the AD attribute "Initials" to the claromentis field "Interests" using the key {m}user_interest"

  • In this way the data has been mapped (or tied) between these fields.
  • It is important to realise that if there is information in your AD you wish to sync to Claromentis, you may have to create an appropriate field in Claromentis if one does not already exist.
    • For example your AD may store the extension number of users.
    • Claromentis does not have a corresponding user profile field for an extension number.
    • Therefore in order to map the AD information a field for "extension" has to be created in Claromentis first.
    • When a field is created in Claromentis it's key is generated automatically.
    • We have created a video guide on how to create a new field in Claromentis here.

Image 2 - Section 3 of the LDAP tool


Configuring Profile fields

To set up a new user profile field to bring across from AD, we first need to update the table of Section 3 to reflect all the fields that are currently syncing.

  • To do this, we need to "fetch attributes" from a user profile in the Intranet that has been synced from AD already.
  • This will generate a list of attributes that are currently being synced and allow extra fields to be mapped.

Navigate to  Admin > People

  • Click on a user profile that has been brought across from your AD.
  • There will be a "External ID" field on their profile, as shown in Image 3.
  • Copy this information as we need this to fetch attributes to populate the table and be able to tie to Claromentis fields.
  • Once you have copied the data in the field return to the 3rd section of the LDAP tool.

Image 3 - External ID shown in a user's profile that has been synced from AD


Paste the External ID into the "Example User - DN" field.

  • Click the "fetch attributes" button.
  • The table below will now update with all the fields that have been mapped together and are sending information across when a sync is run.

As shown in Image 4, the last row of the table will be two drop down fields.

  • This is where you select the attribute from AD and map it to the Claromentis key.
  • On the left of the table is the "LDAP attribute" column, this denotes the AD field attribute.
  • On the right is the "claromentis metadata" column which corresponds to the keys for Claromentis fields.


Image 4 - The last row of the table is where new fields can be added and mapped for the next sync


In Image 5 both lists available to choose attributes and keys from are shown.

  • In this way you can ensure the attribute you wish to sync has been mapped to the appropriate Claromentis field key.
  • In this example the title of a user (e.g. Mr, Mrs, Ms etc) has the AD attribute of "title" as shown in the left list.
  • The corresponding field in Claromentis, where we want the AD information to populate, has a key of "{m}title" as shown in the list on the right.
  • Once you have selected your attribute and Claromentis key for each column, click the purple "add" button.

Image 5 - Correctly mapping the AD attribute to the corresponding Claromentis key.


As shown in Image 6, my selection has been applied and a new row containing the information for "Title" has appeared.

  • Underneath this row the drop down menus remain, so you can add multiple AD attributes and map them accordingly in one instance.
  • Once you had added as many attributes as required, click "save".
  • Now your changes have been applied and if you enter back into Section 3 of the tool you will see all the rows you added have remained.

When the next sync is run (whether manual or under your schedule) all information from the AD attributes in the table will populate the Claromentis fields you have mapped them to. 

Image 6 - AD attribute has been mapped to Claromentis field and added to the table.

Created on 18 March 2019 by Hannah Door. Last modified on 17 April 2019

Was this helpful?