In VCF Automation, LDAP group synchronization fails. User accounts import successfully, but groups are not visible and cannot be added under Access Control.

VCF Automation 9.x

This issue occurs because incorrect LDAP attribute mappings are configured for both users and groups in VCF Automation. These misaligned mappings prevent the system from correctly linking users to their groups during synchronization.

Update the LDAP attribute mappings in VCF-A as follows:

1. User Attributes:

Group membership identifier: dn

Group back link: isMemberOf

2. Group Attributes:

Group membership identifier: dn

Group back link identifier: entryDN

3. After applying the corrected mappings:

Re-import the LDAP groups.

Perform a synchronization.

Verify that users are properly associated with their groups under Access Control.

These mappings were validated using a replicated OpenLDAP environment. After correction, group synchronization, group visibility, and user-group associations function normally within VCF Automation .