LDAP Group Definitions

From idenprotect Knowledge Base
Jump to: navigation, search

If you have not made any configuration changes yet, please see How to make configuration changes


idenprotect Core Platform can be used with or without LDAP integration. After the initial installation, LDAP integration is disabled. If LDAP is enabled, idenprotect Core Platform connects idenprotect users' identities to an LDAP directory, such as Microsoft Active Directory.

This article will help you configure your User Synchronization job to store information about user's Group membership. Group membership information can be used to restrict access to Service Providers if you are also using the idenprotect Authentication Portal. If you are looking to store additional user information, see LDAP Extra Parameters

If you do not yet have your connection to LDAP Configured, see LDAP Connection Configuration If you have not yet configured the synchronization jobs, please see LDAP Admin Sync Configuration or LDAP User Sync Configuration

Configuring LDAP Group Definitions

You can specify group definitions in:

  • LDAP Group Definitions under the LDAP section in the idenprotect Core Platform Admin Console Config Tab

LDAP Group Example.PNG

This allows you to create a list of LDAP groups and to map them to a friendlyName in the user database. E.g. you can create a map between "Test Group" and the LDAP group name " CN=Test,OU=Test_Groups,DC=Test,DC=com". With this mapping in place when the sync job runs, any user who are members of CN=Test,OU=Test_Groups,DC=Test,DC=com will have Test Group stored against them. These group definitions can later be used to grant or limit access to Service Providers in Authentication Portal