Show Table of Contents
3.5.3. Using LDAP Group and Role Mappings
3.5.3.1. About LDAP Groups and Subscription Asset Manager Roles
Subscription Asset Manager can optionally use LDAP for group and role configuration, as well. Access controls in Subscription Asset Manager are applied through roles. When LDAP groups are enabled, then an LDAP group is mapped directly to a Subscription Asset Manager role, almost like a member of the role.
The role membership is then essentially maintained in the LDAP directory. Whenever a user is added to a group, that user is automatically a member of any Subscription Asset Manager role to which the LDAP group belongs. Likewise, when that user is removed from the group, it no longer belongs to the Subscription Asset Manager role. This allows for more dynamic role management, since it incorporates groups rules on the LDAP server.
Using LDAP groups in roles works in tangent with LDAP authentication. It is possible to use LDAP authentication (users) without using LDAP groups. However, using LDAP groups requires also using LDAP users.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.