Steps to map LDAP Group in SPNS 9
LDAP authentication is configured and enabled
Step 1: Define the LDAP field or attribute that contains the group names
- Log on to SPNS 9 web interface as admin account and go to Administration->Settings
- In the Settings tab, expand Authentication settings -> LDAP settings.
- Choose the LDAP field or attribute (typically memberOf) containing the group names you want to map to SPNS 9 server, and add it to the Search attributes Example below shows using LDAP field/attribute memberOf.
With the example shown above with LDAP field/attribute memberOf added to the Search attributes list, the SPNS 9 server will pull the names from the LDAP field/attribute memberOf when a user logs in. But it is not mapped to SPNS 9 server yet. You will not see the LDAP groups being populated in SPNS 9 yet at this point.
Step 2: Mapping the LDAP Groups to SPNS 9 server
- From the Search attributes section, add the LDAP field/attribute you chose for group mapping to the Mapping of groups section as shown below.
- Press the Save button at the top of the page and restart the systran-ses-console service for the change to take effect.
- Have a user log into SPNS 9 server with LDAP credentials.
- As an admin on SPNS 9 server, go to Administration->Groups. You should now see the LDAP groups from the LDAP’s memberOf field/attribute being populated.
Step 3: Filter groups
By default, SPNS 9 will retrieve all groups attached to the user. You can reduce the list by either whitelisting or blacklisting groups based on their names. For instance, to include, only groups containing the string "SYSTRAN":
Note: settings are applied after restarting Console service.