In order to successfully import an LDAP group PAM requires that a field containing a unique identifier be used. Sometimes this is the default field. In cases where the default field is not unique you may specify another in the LDAP configuration on the 3rd Party page. Two that are commonly used are the UserPrincipalName and the sAMAcountName. You must check with your Active Directory administrator to be sure which field contains the unique data. Below you can see a screen capture showing these fields in a user record in an Active Directory. The sAMAccountName is highlighted, as it will be used in this example.
Once the unique field is known you specify it in the Unique Attribute field. This will then be what users will specify when logging into PAM with LDAP authentication, along with the LDAP user’s password as it appears in the Active Directory.