LDAP Group Membership by Organizational Unit

The LDAP Group Membership by Organizational Unit feature provides the ability to set LDAP rules and policies for users located in specific Organizational Units (OUs) on the LDAP server.

When a user logs in, if user groups are configured to grant memberships based on LDAP location, the user is assigned membership in any groups that match their LDAP location.

When a user logs in, if user groups are set to grant memberships based on LDAP location, the user is made a member of any groups that match their LDAP location.

When a user logs in, if user groups are configured to grant memberships based on LDAP location, the user is assigned to any groups that match their LDAP location.

• The location of those local groups in the LDAP tree is learned.
• The location of the user’s local groups is checked against all other local groups. If any other groups have the same LDAP location as that of the user’s membership groups, the user is automatically set as a member of those groups for that login session.

When a user attempts to log in, whether successfully or unsuccessfully, the user’s distinguished name is logged in the event log. This helps with troubleshooting if a user fails to gain membership in the expected groups.