LDAP Custom Role Mappings¶
Overview¶
LDAP custom role mapping allows you to apply (in top-down deployments only) customized roles, to LDAP synced and moved users. The default roles are overwritten.
The table describes how LDAP custom role mapping works for LDAP user sync and LDAP user move:
Action |
Description |
|---|---|
LDAP user sync |
|
LDAP user move |
|
Add a LDAP Custom Role Mapping¶
In top-down deployments only, this procedure applies customized roles to LDAP synced and moved users, and overwrites default roles.
Log in as Provider or Reseller administrator.
Set the hierarchy to where the LDAP custom role mapping must be added.
Go to (default menus) LDAP Management > LDAP Custom Role Mappings.
Click Add.
Fill out the fields (all are mandatory):
Field |
Description |
|---|---|
Active Directory Group |
The user’s Active Directory group, derived from ‘memberOf’, from the LDAP Schema. This must be an exact match of the value defined in Active Directory, for example, CN=Administrators,CN=Builtin,DC=test,DC=net. |
Target Role Context |
The hierarchy for which the custom role mapping will be applied. This must match the hierarchy type where the users are synced, or their destination hierarchy when moved. For example, if a user is assigned a ‘CustomerAdmin’ role, and the LDAP user sync is configured at Customer level, then the Target Role Context must be set to Customer. If a user is assigned a ‘SiteAdmin’ role, and is being moved (manually or automatically) using ‘Filter to a Site’, then Target Role Context must be set to Site. |
Target Role |
The role to apply to the user if their Active Directory Group and Target Role Context are matched. This must be a valid role at the user’s destination hierarchy. This can be defined at a specific role or as a macro. For example, if the user is assigned a ‘SiteAdmin’ role, the role can be defined as the exact name of the role or defined as a macro, which allows re-use for any site name e.g. {{macro.SITENAME}}SiteAdmin. |
Click Save.