Skip to main content
Version: 7.0

Groups

The Groups tab allows you to view the list of security groups that Passwork loads from LDAP.

Groups Tab

The Status field in the list of groups available for authorization can have one of the following values:

  • Bound to N roles - indicates the number of roles mapped to the group on the Synchronization tab.
  • Deleted - indicates groups that were not loaded into Passwork after executing the DN query or were deleted on the LDAP server.
  • An empty Status field means that the group was loaded but no Passwork Group was mapped to it.

User authorization can be restricted. If the restriction is enabled, the user will be able to authorize and register only if they belong to one of the activated groups.

The popup button allows you to quickly view the list of users in the group:

Icon to view users in the Group

Loading security groups from LDAP consists of the following stages:

  1. Authorization on the LDAP server using the user account data entered on the authorization page.
  2. Query to search for groups on the LDAP server using edited or default DN and search filters.
  3. Receiving the result from the query execution and loading groups from the LDAP server into Passwork.

If the DN query for searching groups is changed or a previously used group on the LDAP server is deleted, during the next search the deleted or not found groups will be displayed with the Deleted status.

On the Groups tab, you can apply settings that Passwork will use when loading the list of security groups from LDAP.

Groups Tab Settings

DN for searching groups in AD/LDAP

Specify the Distinguished Name (DN) to set from which LDAP area Passwork should perform the loading.

Example:

ou=LDAP,ou=it,dc=passwork,dc=local

Filter for DN

The filter is used to determine which type of data should be found on the LDAP server.

Example:

(|(objectclass=group)(objectclass=organizationalRole)(objectclass=posixGroup))

Passwork allows adding an additional DN and query filter to retrieve groups from two independent LDAP server tree structures.

To add an additional DN and query filter, click the Add DN and filter button located below the main filter field. As a result, input fields will appear:

Adding additional DN and filter

Adding additional DNs and filters expands the search and group management capabilities, providing more flexible system configuration. For example, if security groups are located in several LDAP trees, adding an additional DN and query filter for each such tree will help avoid long and resource-intensive loading of the entire structure.

You can learn about filter features and syntax examples in the section Filters for DN. Features and examples.

Automatic update of the LDAP group list

Select the interval for updating the LDAP group list from the list, or disable automatic updating. For automatic updating of the group list to work, background tasks must be configured in Passwork.