One of our users has usecase like this: "Our application was originally designed to use DN as unique identifier (not just UID) to locate User across multiple instance of Open LDAPs.
But with keycloak how do I get the DN so that User attribute has the DN. So that after authentication I would be able to extract the DN from access token."

So I wonder that it may be nice if LDAPIdentityStore has possibility to return also DN of user in some attribute. Maybe LDAPMappingConfigurationBuilder can have method like: dnAttribute(String)
and if it's used, the attribute (either property if it's available on the particular IdentityType object or just attribute) will be filled with the DN of user after LDAP search?