Skip to main content

Add Group Mapper for LDAP Integration

While configuring an LDAP integration, you can add a mapper that will assign LDAP users to user groups in PoolParty.

. Preconditions

  • The user groups you want to map to each other exist on both the PoolParty server and the LDAP server with the same name.

    Add-Group-Mapper-for-LDAP-Integration.png
    Add-Group-Mapper-for-LDAP-Integration2.png

    Note

    Keep in mind that group names in PoolParty cannot contain any white space characters.

  1. In Keycloak, open the LDAP user federation you configured for your LDAP server. For more information, refer to Configure LDAP Integration.

  2. Go to the Mappers tab.

  3. Click Add mapper.

    add-a-mapper.png

    The Add user federation mapper page opens.

  4. Type in the mapper's name.

  5. Select group-ldap-mapper as the mapper type.

  6. Configure the mapper. These are the most important fields:

    1. LDAP Groups DN: must match the base DN for the groups in LDAP (in our case ou=Groups, dc=semantic-web, dc=at).

    2. Group Name LDAP Attribute: must match the group name attribute in LDAP (in our case cn).

    3. Group Object Classes: the object class for groups, usually is groupOfNames.

    4. Membership User LDAP Attribute: must match the LDAP attribute that maps the user's username (in our case uid).

    5. Mode: must be IMPORT.

      Add-Group-Mapper-for-LDAP-Integration3.png

    Tip

    For more information on how to fill in a certain field, hold your pointer over the Help icon in the Keycloak UI.

  7. Confirm with Save.

    After initial synchronization, the LDAP users get created in the PoolParty User Management with corresponding user groups coming from the LDAP server.

In this section: