Symantec Privileged Access Management

Tech Tip – Using the LDAP Unique Attribute field in PAM 

04-14-2017 12:39 PM

In order to successfully import an LDAP group PAM requires that a field containing a unique identifier be used.  Sometimes this is the default field.  In cases where the default field is not unique you may specify another in the LDAP configuration on the 3rd Party page.  Two that are commonly used are the UserPrincipalName and the sAMAcountName.  You must check with your Active Directory administrator to be sure which field contains the unique data.  Below you can see a screen capture showing these fields in a user record in an Active Directory.  The sAMAccountName is highlighted, as it will be used in this example.


Once the unique field is known you specify it in the Unique Attribute field.  This will then be what users will specify when logging into PAM with LDAP authentication, along with the LDAP user’s password as it appears in the Active Directory.

0 Favorited
0 Files

Tags and Keywords


04-14-2017 02:00 PM

Thank your for sharing this tip with the community Ed!

Tech Tip – Using the LDAP Unique Attribute field in PAM 

Related Entries and Links

No Related Resource entered.