Hi, Valsaraj. > But when I added ou field, it didn't appear in result What do you mean by "added" here? Did you just add this attribute on CR's configuration pages? Are you sure this attribute exists in your instance? Please check the "Attributes" page (click the "Show all" button there). Could you also please provide screenshots showing all your curent CR's configuration, as well as settings for that attribute (if you'll find out it's indeed exists)? Best regards, Alex.

Hi, The attribute named ou is added in CR's Source attribute* field. This is showing in my source instance as plain text value. I checked "Attributes" page show all, it's not listed there. When I tried to add new attribute named ou, it is showing 'Warning: Specified attribute name alredy exists in LDAP schema. Are you going to use it?'. Thanks!

What you see on the "Attributes" page is attributes' metadata, mostly. It's a separate thing from attribute's actual presence in the LDAP schema. `ou` attribute is indeed present in schema and is used for different system-scope purposes. I don't think it's a good idea to use it for the sake of storing/issuing users' data in SSO flow. I would recommend you to either use some existing attribute with similar purpose (check their descriptions on the "Attribute" page; you also may need to make it "Active" before using it), or to create a custom attribute with any name you like. Then you could map `ou` from backend to this attribute on the CR pages.

Hi, I created a custom attribute with name testou by clicking add attribute link in attributes page. It then appeared as active with ox-<id>. Then I mapped ou with testou. But it didn't shown in search result and log shown this message: Failed to find attribute 'ou' metadata Thanks!

This is sort of messy, but it is possible. As ou already exists in the LDAP schema, you're going to have to do some surgery to get it to work. 1. add ou into the gluuperson objectclass in `101-ox.ldif` 2. Manually create the ldif under `ou=attributes,o=(org-inum),o=gluu` You can copy an single entry in `/opt/opendj/ldif/` give it a new inum, and use `ldapmodify` to load it. Something like `/opt/opendj/bin/ldapmodify -h localhost -p 1636 -Z -X -D "cn=directory manager" -j ~/.pw -a -f "ou.ldif"` where you write the DM password (same as admin password) in `~/.pw` and remove it when you're done. Keep that ldif handy, and remember to make a similar `101-ox.ldif` every time you update. Alternately you can make another person objectclass...