The guidance in this article is applicable when integrating LDAP security in AutoPilot, Navigator, or XRay.
With LDAP integration, it is possible to automatically add users to the domain server. Does the same capability exist for groups?
Yes, a similar ability exists for service update 31.2.1 and higher but the technique is different.
For users, any new users is added automatically when property server.domain.ldap.auto.create is set to true.
For groups, it is not as simple as adding all groups passed from LDAP queries because not all are pertinent. Instead, when LDAP integration is active, the domain uses a special group name to identify which groups will be added. This is an example of a group that will be a model for other groups
The carat ^ is always required followed by a regular expression pattern that will match the groups to automatically add. In this example, any group returned in the LDAP group response that begins with nastel will automatically be added if it does not exist (nastel_admin, nastel_dev, nastel_user) when a user logs in with one of these groups and it is has not previously been added.
Example: Groups in Domain Server before login,
The following is a list of groups that will be added when a user logs in who is in LDAP groups: users, testers, nastel.developer and nastel.tester
The groups users and testers were not added since they did not match the regular expression.
The groups nastel.developer and nastel.tester were added because they did meet it and did not previously exist.
note that the regular expression as used is case sensitive and would not match NASTEL.TEST.
This can greatly simplify the group management in the domain server. However, in order for the groups to be used, each would still need to be individually fully defined in Navigator or XRay. That is, using the example above, nastel.developer and nastel.tester have to exist in order to assign the related rights.