Adding groups from an LDAP directory

Before you begin

If you have system administrator privileges, you can add or edit a group and you can configure the group to include all Publications. If you have Publication Management and Permission Management rights, you can add or edit a group and can determine Publication Scope for any Publications in which you have these rights.

About this task

You can add or edit a Content Manager group from an LDAP directory. To add a group from an LDAP directory, the Content Manager must be configured to read the external directory. Refer to Configuring LDAP for more information.

When you add a group, you can also specify:

  • what the Publication scope of the group is
  • whether this group is a member of another group

To add a group from an external directory:

Procedure

  1. In the Content Manager Explorer, navigate to System Administration > Access Management > Group Management.
  2. Click Group Management.
  3. Click the New Group button on the toolbar. A New Group window appears.
  4. On the General tab, type the name and description of the group.
  5. Select the Publications in which this group can be used.
  6. Click the Members tab.
  7. In the Directory Services pane, click the Add button.
  8. A search dialog appears that enables you to search for an existing group.
  9. Fill in the following fields:
    • Description—enter the name of your choice
    • Directory Service name—enter the Directory Service name
    • Search Type—enter SubTree or group
    • Search Group DN—same DN as identified in the Directory Services configuration, refer to Directory Services for details.
  10. Click Test, then click OK. If everything is in order, a list of all the LDAP user accounts within the tree-node is displayed.
  11. Click Save and Close to add the users.

Results

The Content Manager creates a group:
  • You can add rights and permissions in the Publications that are included in the scope of this group.
  • You can grant users group membership to this group. For more information, see Configuring a user.

If an LDAP group has been identified and group Sync is set to "on", the Content Manager can now authenticate the users from the LDAP group. For more information about Group Sync, refer to the Directory Services.