Managing LDAP users in groups
You can link a SOAR group to an LDAP group, which adds authorized members of the LDAP group to the SOAR group. However, the LDAP group membership is controlled by the Active Directory manager. Any changes to the LDAP group membership are reflected in the SOAR group membership.
The following example creates a group that is linked to an Incident Response Team LDAP group.
If a linked LDAP group contains authorized and unauthorized members, only the authorized members are shown and added to the SOAR group. To be an authorized member, the member must belong to the LDAP group that is authorized in the Organization tab.
If you edit a SOAR group that is linked to an LDAP group, you can remove the users that you explicitly added. However, you cannot remove those LDAP users who are part of the linked group. Instead, you must unlink the LDAP group.
Deleting LDAP users
You cannot delete an LDAP user directly from the SOAR Platform.
To remove an LDAP user, that user must first be removed from Active Directory. After the user is removed, unlink the user by using the resutil resetuser command and then delete the user from the SOAR Platform. If necessary, make sure to reassign any incidents that were assigned to the user.
To view the options for the resetuser
command, enter the following command.
sudo resutil resetuser -help