Configure Primary Group / posixGroup in LDAP/AD¶

If you are using an LDAP/AD UserSync connector, you can configure the primary group or posixGroup support.

Setup¶

Go to the Privacera Manager host and navigate to the Privacera Manager installation directory:

Bash
cd ~/privacera/privacera-manager
vi config/custom-vars/vars.privacera-usersync.ldap.yml

Add or update the following variables based on desired configuration:

YAML
LDAP_OBJECT_USER_CLASS: "posixUser"
LDAP_OBJECT_GROUP_CLASS: "posixGroup"

LDAP_ATTRIBUTE_PRIMARY_GROUP: "gidNumber"
LDAP_ATTRIBUTE_GROUP_MEMBER: "memberUid"
LDAP_ATTRIBUTE_GROUP_MAPPING: "uid"

This configuration will allow UserSync to sync the primary group of a user from the gidNumber attribute of the user object and the group members from the memberUid attribute of the group object.

Restart Privacera Services¶

Bash
cd ~/privacera/privacera-manager
./privacera-manager.sh setup
./pm_with_helm.sh upgrade 

Prev topic: Advanced Configuration

Configure Primary Group / posixGroup in LDAP/AD¶

Setup¶

Restart Privacera Services¶

Comments