8.8. Mapping Roles to LDAP Users

Once User and Group Mapping has been configured, you can start verifying how LDAP users and groups are mapped to roles. If a user is a member of an LDAP group that has a Group ID corresponding to the ID of a role, that user is granted the appropriate permissions in the repository manager. For example, if the LDAP user entry in uid=brian,ou=users,dc=sonatype,dc=com is a member of a groupOfUniqueNames attribute value of admin, when this user logs into the repository manager, he/she will be granted the administrator role if the Group Element Mapping is configured properly. To verify the User Element Mapping and Group Element Mapping, click on Check User Mapping in the LDAP Configuration panel directly below the Group Element Mapping section, Figure 8.8, “Checking the User and Group Mapping in LDAP Configuration” shows the results of this check.


Figure 8.8. Checking the User and Group Mapping in LDAP Configuration

In Figure 8.8, “Checking the User and Group Mapping in LDAP Configuration”, LDAP Integration locates a user with a User ID of "brian" who is a member of the "admin" group. When brian logs in, he will have all of the rights that the admin role has.