Manage Groups

The Group tab provides options to manage groups on LDAP Server.

System default groups are as follows. Please note that you cannot create a group with names reserved for system use.

users: This is the default group for all users.
administrators: This is the administrators group.
Directory Operators: Users belonging to this group will have the permissions to manage LDAP Server.
Directory Consumers: Users belonging to this group will have the read permissions for configurations and users/groups in LDAP Server. A Consumer server must belong to this group in order to replicate data from the Provider server. Members of this group should only be used in Bind DN of the Consumer server and should not belong to any other group. Otherwise, synchronization errors may occur due to incorrect permissions.
Directory Clients: Users belonging to this group will have the read permissions for users/groups in LDAP Server. For security purposes, it is recommended that an LDAP client that wishes to join an LDAP server is given a user in this group.

To create a group, follow the steps below:

Click Create. Specify the following information for the group and then click Next:
- Group name: The name of the group will be stored as the cn attribute in the LDAP database.
- Group description (optional): The description of the group will be stored as the description attribute in the LDAP database.
Click Apply to finish. The distinguished name of the group in the LDAP database is cn=[groupname],cn=groups,cn=[Base_DN]

The naming rule of a group might be different according to the LDAP Server settings.

Select a group and double click on it or click Edit to edit the settings.

Select a group and click Delete to remove the group.

You can add LDAP users or groups to the group you have created, or remove them from the group.

Select the group you want to add users to and click Edit Members.
Click Add.
Select users or groups from the member list, and click OK. (Press and hold Shift or Ctrl while making multiple selections.)
Click Finish to apply the settings.

In the LDAP database, the memberUid and member attribute will be given to LDAP users added to this group. Also, the member attribute will be given to LDAP groups added to this group.
You are not allowed to edit group members for the users group.
A member group cannot be LDAP group itself or the users group.

Select the group from which you want to remove members and click Edit Members.
Select members from the list and click Remove, or right-click the members and click Remove.
Click Delete to confirm and click Finish to apply the settings.

Was this article helpful?