Importing LDAP Users and Groups

You can import LDAP users and groups only after you configure an LDAP connection. You can also configure an alternative authentication method so that the user passwords are verified with a separate authentication system.

If a users is configured for different authentication methods based on the user and group configurations, the stronger authentication method is used in the following order of perference: SSO, RADIUS, LDAP.

If your LDAP does not support unique IDs, changing the organizational unit (OU) of a group in LDAP causes the group to be deleted from SecureChange after the LDAP sync. The group members will lose their inherited attributes from the group, such as roles, permissions, and any group-related task and request assignments.

  1. Go to Settings > Users.

  2. In the New list, select Import from LDAP, and click Add:

    Add Users

  3. The LDAP browser appears:

    Browse the LDAP tree to display organizational units. You can also search within the selected LDAP tree item.The default authentication method is also shown. You can change the default authentication method in: Settings > Authentication > General

    Then, select a user or user group:

    select user

    To fine-tune search options, click settings_ar. The search options are:

    LDAP Settings

    • Name matching:

      Contains: Returns LDAP entries containing the search string

      Starts with: Returns LDAP entries beginning with the search string

      Exact match: Returns only exact matches

    • Search depth:

      One level: Searches only among LDAP entries directly below the selected LDAP tree item

      Subtree: Searches among all entries directly or indirectly below the selected LDAP tree item

    • Maximum search resultsper LDAP displayed

    For the settings to take effect, you need to Save Settings.

  4. Click Done.

Now you can configure an alternative authentication method for the users and groups, and the roles that determine the user's permissions.