The Group mapping feature is used to map LDAP/Active Directory groups to Ad Astra roles. When a user is authenticated, their group membership information is used to determine appropriate permissions.
Adding LDAP Groups
- Open the LDAP configuration page under the Settings tab.
- Click Add LDAP Group.
- Provide the LDAP administrator user name and password.
The admin user specified here should have permission to search the entire LDAP or Active Directory structure or results may be inconsistent.
- Enter Fully Qualified Path for the search.
- Enter the name filter for the search.
- This field automatically adds wild cards for a partial name search.
- Click Find LDAP Group.
- A list of matching groups is returned.
- Select a group from the list.
- Click the Save LDAP Group
- A list of all Ad Astra roles is returned.
- Place a check in the boxes next to the role(s) to which the LDAP group should be mapped.
- Click Save to add the group-to-role association to the list.
- Repeat as needed.
- You may expand individual groups on the list page to review the association.