The Group Settings tab lets you define the LDAP groups that you want to pull into Identity and Access Manager.

All supported DevTest releases.

N/A

As per the documentation:

The Group Settings tab lets you define the LDAP groups that you want to pull into Identity and Access Manager.

Follow these steps:

1. Click the Group Settings tab.
2. Enter the details for your LDAP group attributes and classes.
3. Click Save to save your changes.
4. Click Sync LDAP Groups To Identity and Access Manager to make these LDAP groups available for role mapping in IAM.

For step 4, only do this if you did not import your ldap-mappings.xml file into IAM.

When the import of the ldap-mappings.xml file into IAM is done, it will bring in only the groups defined in the file, so there should be no need to do a Sync.

If doing a Sync, then it will bring ALL of the groups based on the LDAP group settings and then there is no way to remove the ones not needed.  This could be a very large list and may be cumbersome to search through the list to do role mappings. So, when defining the groups for the first time in IAM, and there is no role values defined in the ldap-mappings.xml file, it is suggested to define the groups needed under one or more of the roles in the file before importing into IAM.

If wanting to Sync but only bring in certain groups, set an LDAP Filter in the Group Settings for each Provider:

(CN=User_CADevTest_*) 

For multiple filters:

(|(CN=User_CADevTest_*) (CN=User_CADevTest_Prod*) )

or

(&(CN=User_CADevTest_*) (CN=User_CADevTest_Prod*) )

Then when doing a Sync LDAP Groups to Identity and Access Manager on those group with that prefix were imported in.
 

In the future if too many groups were pulled in before putting in a filter, delete all the unneeded groups by doing the following:

To remove unwanted groups, put in the Filter then set "Drop non-existing groups during sync" to ON.  

Save.  

Then Sync LDAP Groups to Identity and Access Manager again.