Managing User Accounts Via LDAP → Mapping LDAP and SBM User Information → Creating Groups for Users Automatically Added from LDAP
When a user successfully authenticates against LDAP and is automatically added to your system (via the Auto Add User feature), SBM can also establish group membership for the new user. If the user’s LDAP groups already exists in SBM, he or she will be added to those groups. If the groups are not in SBM yet, they can be created using the options described below.
You must manually grant privileges or role assignments to any group that is created in SBM as the result of a new user who is automatically added from LDAP (if you want that group to eventually have its own set of privileges). For example, if you have an LDAP group that needs to have certain privileges to a particular project in SBM, once the group is created, you must grant that group privileges to the project.
By examining a set of specified attributes and the containers within those attributes, SBM can help ease the group management process for newly-added users. This section describes the operations on the User Map tab of the LDAP Setup & Tools dialog that are related to automatically creating groups.
Select the LDAP user attribute or attributes that should be examined by SBM for potential user groups. For example, if you select memberOf as the attribute, SBM will only use the containers in the memberOf attribute as possible groups for the new user. Each memberOf LDAP attribute on the user's LDAP account will be examined. You can select more than one attribute and move each of them into the Group Attributes field by clicking the right arrow.
For example, if you want to create groups based off the parameters in both the memberOf and productTeam attributes, you would select:
memberOf productTeam
In LDAP, user "Joe" might have the following values for these attributes:
memberOf: CN=Domain Admins,DN=Users,DC=Acme,DC=com memberOf: CN=Managers,DN=Users,DC=Acme,DC=com productTeam: OU=DevTeam,DC=Acme,DC=com
In this field, you can enter the particular parameters you want SBM to process when attempting to create new groups. In effect, this field acts as an additional filter on the Group Attributes you specify. For example, you might only want the CNs and OUs of each attribute examined. In that case, you would enter:
CN,OU
Domain Admins Managers DevTeam
Copyright © 2001–2019 Micro Focus or one of its affiliates. All rights reserved.