Sometimes in Active Directory, and some other LDAP deployments, a user is given group membership by placing an attribute on the user's entry, for example memberOf. This role mapping grants the same role as above for these cases:
1.Set the Search Base DN field to the user's entry: ${dn}.
2.Set the Search Filter: (memberOf=CN=administrators,OU=groups,DC=example,DC=com).
3.Set the Scope to Base level.
4.Set the Role to Server Admin.
Users who have the title of manager are in the Device Admin role
In this scenario, use an attribute called title on the user object to determine whether they are in the Device Admin role.
1.Set the Search Base DN field to the user's entry: ${dn}.
2.Set the Search Filter: (title=manager).
3.Set the Scope to Base level.
4.Set the Role to Device Admin.
5.Click Next Step to test your settings.
Grant a specific user the Server Admin role
There might be situations where a specific user is not in a group, but needs to be in a role. This can be done by creating search criteria that matches true only for that user.
1.Set the Search Base DN field to the user's entry: ${dn}.
2.Set the Search Filter: (sAMAccountName=jdoe).
3.Set the Scope to Base level.
4.Set the Role to Server Admin.
Grant the User role to everyone who is able to authenticate
If you want everyone who is able to log in to have at least the User role, do the following:
1.Set the Search Base DN field to the user's entry: ${dn}.
2.Set the Search Filter: (objectclass=*).
3.Set the Scope to Base level.
4.Set the Role to User.
Test LDAP settings
This section provides information on testing your connection, user mapping, and role mappings configuration.
Type the name of a user into the User field, for example jdoe, and then click Test.
The results of the test display in a
Results should be similar to the following: setup: 0 seconds.
Connection succeeded. Endpoint: ldaps://ldap.example.com:389
bind: 0 seconds.
Using search to resolve user. Base: ou=people,dc=example,dc=com Scope:
Adding and editing LDAP providers 29