Guardium®
Insights SaaS allows you to populate groups by
importing members from an LDAP connection. This topic describes how to do this.
Before you begin
By default, you must be assigned the
Administrator
role to be able to manage groups.
Important: If you have policy
rules that use groups as rule conditions, modifying the groups by adding or removing members will
result in reactivation of group members.
To open the Groups page, select Groups in the main menu. Open this menu by clicking the main menu icon ())
About this task
This topic describes how to import groups from an
existing LDAP connection. You can import these groups when working with an individual group (after you have opened it).
Procedure
- In the Groups page, determine which group you want to import to and then click on the
group or select its checkbox and click Open.
- In the Members
tab, click .
- In the Import from LDAP wizard page, select the LDAP connection that
you want to import from.
- If your LDAP requires authentication, you will be prompted to provide the bind password
again.
- Select the import approach:
- Import from LDAP on regular schedule: To import the group members on
a regular basis, choose this radio button. When this is selected, the group synchronization takes
place according to the Group synchronization schedule that you set in the
Tenant settings.
- Import once and decouple: Choose this if you want to import the group
members only once.
- Click Next.
- In the Specify filter criteria page:
- Set the search filter scope. To search only the root of the LDAP server, select
One level. To search subdirectories, select
Sub-tree.
- Search filter: Enter the search filter string. For example, to
search for people with email addresses that begin with the letter
V
, enter
(&(objectclass=person)(emailAddress=V*))
. To learn more about LDAP group member
import filter options, see this
topic.
- Set the Attribute to import as the group member. For example,
you can set the
emailAddress
as the group member.
Note: If you are importing to a tuple group, specify the attributes to import for each of the
connection fields.
- To add a prefix to imported values, select the Add prefix to imported
values checkbox. Then select the type of prefix to add.
- If you specify Wildcard, the values will be prefixed with
*
.
- If you specify String, the values will be prefixed with the string that
you specify in the String to add as prefix field.
- If you specify Advanced (bind values), you can select the group that
contains bind values for the filter.
- Click Next.
- The Preview and import page provides a sample of the group members
that will be imported. It also allows you to refine the group import as follows:
- Maximum group members to import: Specify a number between 1 and
1,000,000 as the maximum number of group members to import.
- If you want the import to be appended to the existing members in the group, select
Append members from LDAP to the existing group members. If you want the
import to replace all existing members in the group, select Clear the group and replace
with the contents from the LDAP import.
- Click Import to import the members to the group.