Define Directory Service Groups Properties

If the Allow LDAP Users to login to the system or Allow LDAP Users to be imported check boxes are selected on the Users page, then the Groups page option is shown on the Map Object window.

The group information is used to associate LDAP Users with a CSM Security Group.

For options with Browse, select the Browse button to verify the object is available, even if the group name is known. If the object is not there, Users should ask an LDAP administrator if a security setting is preventing it from being shown.

To define the LDAP Groups:

  1. Open the Map Active Directory Object window.
  2. Select the Groups page.
  3. Define the Groups properties.
    Name of Group Object The name of the directory service object that holds group information. In directory services, this is called Group. Select the Browse button to see the list of objects available.
    Location of Group Membership

    The standard has two options that Users can be associated with a group. Many vendors allow both methods.

    • The User object holds the name of the group.
    • The Group object holds a list of group members (Users).

    If both options are available, select User object holds name of group member. LDAP authentication is faster if this method is used.

    Start of Group Searches

    The Wizard button maps directory services fields to CSM Business Object Fields. If directory service fields change in the future, use the Add, Edit, and Delete buttons to modify the field mappings.

    For more information about how to use filters and run the wizard, refer to User Mapping Wizard.

    Name of Active Directory User Class Specify the ObjectClass attribute of Users.
    Field that Holds User ID After the Wizard is run, select the field that holds the User ID for each directory service User. This is used for synchronization when Users are re-imported.
    Start of User Searches

    Provide the path where group searches should start. The same path entered for Search Start (on the General page) can be used.

    Although LDAP searches can be slow, pick the LDAP directory that contains all groups and enter that path. Select the Test button to confirm the directory is correct.

    Test Select Add to provide additional criteria that are applied to LDAP objects when an import is done.