LDAP Group to Local Group Custom Mappings
In the "AD Users" section of "Authentication", there is both User and Group Custom mappings, which is relieves a ton of administrative burden by allowing one to map an active directory group to a local group (or multiple) for a user. This means any changes to groups can be done in the Active Directory level and easy automated.
The "LDAP Users" section or "Authentication" only has Custom User mapping, which requires the administrator to one by one map users to groups, which adds a large administrative burden as the administration is no longer done by the identity management system (openLDAP/ActiveDirectory..etc). This is especially an issue user folder assignments change in bulk in a department setting, as per Cerberus support, there isn't really any way of automating the assignment through the API.
I've found an imperfect solution, by creating multiple directory bindings with LDAP filters for each group, but it becomes and issue when a user is part of multiple bound groups, where in the "AD Users" section, I believe that user would get access to the multiple mapped folders provided by the custom group mapping.
-
Hello Daniel,
We actually have a running enhancement request around this feature, so I am going to pass on your comments to the ticket, but thank you very much for taking the time to submit this request! The more folks interested in certain features, the better for our Product teams' review.
0 -
Connor Woolfolk That's great news! This will immensely reduce the administrative burden! I could see this feature really causing business adoption to grow substantially as this really allows companies to take advantage of existing automation workflows.
0
Please sign in to leave a comment.
Comments
2 comments