LDAP Group to Local Group Custom Mappings
In the "AD Users" section of "Authentication", there is both User and Group Custom mappings, which is relieves a ton of administrative burden by allowing one to map an active directory group to a local group (or multiple) for a user. This means any changes to groups can be done in the Active Directory level and easy automated.
The "LDAP Users" section or "Authentication" only has Custom User mapping, which requires the administrator to one by one map users to groups, which adds a large administrative burden as the administration is no longer done by the identity management system (openLDAP/ActiveDirectory..etc). This is especially an issue user folder assignments change in bulk in a department setting, as per Cerberus support, there isn't really any way of automating the assignment through the API.
I've found an imperfect solution, by creating multiple directory bindings with LDAP filters for each group, but it becomes and issue when a user is part of multiple bound groups, where in the "AD Users" section, I believe that user would get access to the multiple mapped folders provided by the custom group mapping.
-
Hello Daniel,
We actually have a running enhancement request around this feature, so I am going to pass on your comments to the ticket, but thank you very much for taking the time to submit this request! The more folks interested in certain features, the better for our Product teams' review.
1 -
Connor Woolfolk That's great news! This will immensely reduce the administrative burden! I could see this feature really causing business adoption to grow substantially as this really allows companies to take advantage of existing automation workflows.
0 -
@Connor Woolfolk I'm curious, was there any sort of response on this issue after a year? Any updates on whether or not this feature will be something we'll be seeing in further versions of the product?
0 -
Daniel Gilloch Hello Daniel!
Thanks for checking in! I went and checked out the enhancement, and it currently seems like it has not been able to fit onto our road map quite yet, but our Product team is still tracking it. Development cycles can be long, challenging and change from day to day, month to month, quarter to quarter. But we will be sure to reach out if this makes it into a release.
0 -
Any updates on mapping an LDAP group to a local group? It's becoming a need and we've found alternatives that can accommodate this feature. It's unfortunate, because we've really liked the support and product otherwise.
0 -
Hello Daniel,
Unfortunately, this feature has not made it on our roadmap quite yet, there ended up being unforeseen complications that led to it being pushed back. I do apologize for the frustration here, but I have raised this with our product team once again.
0
Please sign in to leave a comment.
Comments
6 comments