Synchronizing Users and Groups

First complete the steps under Setting Up Authentication.
This procedure is an alternative to creating non-superusers manually in the database. The Yellowbrick appliance synchronizes with the users and groups stored in an LDAP directory and creates users and roles with the same credentials. You can synchronize specific users and groups by defining search criteria and filters. Ideally, your organization will have an LDAP group defined that specifically contains the users that need to be synchronized to the Yellowbrick database.

You can also use the sys.ldap_sync SQL function to synchronize users and groups based on your current LDAP configuration. The following procedure explains how to use the SMC, which provides a number of synchronization options.

  1. In the SMC, go to Configure > LDAP > Synchronization.
  2. Select Synchronize Users/Groups.
  3. Fill out the required fields. Some entries are carried over from the authentication procedure.
    Note the following synchronization options:

    See LDAP Synchronization Settings for details.

  4. Set up group and user filters to define which LDAP members to synchronize.

    Use the Expression Builder to simplify the process of searching through multiple LDAP groups; click the + Expression button to the right of the two filter fields. This interface provides building blocks for the notation that is commonly used in LDAP searches.

    For example:

    Tip: Use an LDAP browser to help identify groups and users based on complex distinguished name (DN) strings and other LDAP attributes.
  5. Test the synchronization settings or click Synchronize Now.
    Note: LDAP synchronization failures trigger a system alert. Both the SMC and the ybcli system status command show synchronization status.