On This Page
Importing LDAP Users and Groups
Overview
You can import LDAP users and groups only after you configure an LDAP connection. You can also configure an alternative authentication method so that the user passwords are verified with a separate authentication system.
If a users is configured for different authentication methods based on the user and group configurations, the stronger authentication method is used in the following order of perference: SSO, RADIUS, LDAP.
If your LDAP does not support unique IDs, changing the organizational unit (OU) of a group in LDAP causes the group to be deleted from SecureChange after the LDAP sync. The group members will lose their inherited attributes from the group, such as roles, permissions, and any group-related task and request assignments.
Import LDAP Users and Groups
-
In the New list, select Import from LDAP, and click Add:
-
The LDAP browser appears:
Browse the LDAP tree to display organizational units. You can also search within the selected LDAP tree item.The default authentication method is also shown. You can change the default authentication method in: Settings > Authentication > General
Then, select a user or user group:
To fine-tune search options, click . The search options are:
-
Name matching:
Contains: Returns LDAP entries containing the search string
Starts with: Returns LDAP entries beginning with the search string
Exact match: Returns only exact matches
-
Search depth:
One level: Searches only among LDAP entries directly below the selected LDAP tree item
Subtree: Searches among all entries directly or indirectly below the selected LDAP tree item
- Maximum search resultsper LDAP displayed
For the settings to take effect, you need to Save Settings.
-
- Click Done.
Now you can configure an alternative authentication method for the users and groups, and the roles that determine the user's permissions.