Associating an LDAP group

You can associate LDAP users or groups, that have been defined in an existing Active Directory or LDAP directory, to console operators or roles.

To add such a group, perform the following steps:

  1. Ensure that the needed Active Directory or LDAP directory is added to the BigFix environment.
  2. Create a role to accept your new group by selecting Tools > Create Role or right click in the work area and then select Create Role.
    This window displays the Create Role panel where you have to specify the name of the role.
    Enter a name for your group and click OK.
  3. The Role panel appears.
    This window displays the Role panel where the LDAP groups tab is selected.
    Click the LDAP Groups tab.
  4. Select the LDAP group that you want to assign to this role and click Assign LDAP Group.
  5. To save the changes click Save Changes.

When you assign an LDAP group to a role, any user from that group can then log in to the console. Only those users who actually log in will be provisioned with accounts and thus end up in the list of operators. This avoids the creation of unnecessary accounts. Operators are granted the highest privileges resulting from the sum of all their roles and permissions. For instance, if a user has access to computer set A and sites X from role 1, and computer set B and sites Y from role 2, they will have permissions for Sites X and Y across both computer sets A and B.