6.5 Assigning Framework Roles for LDAP Users

LDAP users (Microsoft Active Directory, NetIQ eDirectory, or OpenLDAP) can get administration privileges on PAM framework through their LDAP group membership. To achieve this, map the LDAP groups of the LDAP users to the Framework groups in the PAM Administration Console. Assign the roles configured in the Framework group to the logged-in LDAP users, based on their group membership in the LDAP server.

Configure an Identity Manager Active Directory or LDAP driver with the LDAP group membership entitlements to provision the roles for LDAP users by mapping those LDAP groups in the PAM framework.

For more information on mapping, refer to Step 10 in Modifying a Framework User Group.

NOTE:This feature is not supported for Advanced Authentication users.