You can view and manage security groups that Passwork loads from LDAP in the 

Each group can have one of the following values in the 

User authorization can be restricted. If the restriction is enabled, a user will only be able to log in and register if they belong to one of the activated groups.

The pop-up button allows for a quick view of the users in the group:

Security groups load from LDAP in the following sequence:

If you change the DN group search request or delete a group that was previously used on the LDAP server, deleted groups and groups that were not found will receive a 

On the Groups tab, you can find the settings that Passwork will use when loading a list of security groups from LDAP:

Specify the Distinguished Name (DN) to define which part of the LDAP tree Passwork should use for importing.

The filter is used to determine what kind of data should be retrieved from the LDAP server.

(|(objectclass=group)(objectclass=organizationalRole)(objectclass=posixGroup))

Passwork allows you to add an additional DN and query filter in order to retrieve groups from two separate LDAP tree structures.

To add an additional DN and query filter, click the 

 button located below the main filter field. This will display fields for entering the data.

Adding additional DN and filters allows you to enhance group search and management capabilities, providing more flexible system configuration. For example, if security groups are located in multiple LDAP trees, adding an extra DN and query filter for each tree helps avoid the time-consuming and resource-intensive process of loading the entire structure.

You can learn more about how filters work and see syntax examples in the section 

Select an interval from the list to update the LDAP group list, or disable automatic updates. For the automatic group list update to work, 

Users

Groups

Synchronization

Technical documentation

Technical requirements

Online installation

Offline installation

Linux

Windows Server

Untitled

Ubuntu

Debian

Alma/Rocky/CentOS

Enabling SWAP file on Linux

Docker

Windows Server (PowerShell)

Manual code updates

Migration from installer to PowerShell

Installation migration

Passwork update

Define encryption mode

Windows Server (installer)

Linux (Git)

Passwork update to version 6.5

Initial data migration

Confirm migration in customer portal

Upgrade PHP to 8.3

Passwork update to version 7

Migration of Passwork database objects

Data migration in the Passwork web interface

Actions after migration

Migration to Passwork 7

Health check

Python connector

CLI utility

Docker container for CLI

API & integrations

Enable сlient-side encryption

Client-side encryption

Web server

Headers

SSL Termination

Passwork server configuration

UI settings

Emergency mode

Advanced settings

Configuring Cron for Linux

Configuring Windows Task Scheduler

Background tasks

Configuring the Event Viewer

Events list from the Activity Log

Recording Activity log to Syslog or Event Viewer

Mailer config

Setting up mail notifications

In case of errors

MongoDB

Updating Passwork components

Mobile applications

Adding a server

Test authorization

LDAPS setup

DN filters

LDAP settings

Configuring SSO with Keycloak

Configuring SSO with AD FS

Configuring SSO with Microsoft Entra ID (Azure AD)

SSO settings

Administration

Examples of creating and restoring MongoDB backups

Examples of authorization settings

Database

Standard installation

Manual installation

Passwork 6

Mapping LDAP security groups with roles in Passwork

Migration to Passwork 6

Passwork 5

How to update Passwork 4→5 version

Debian 10

Windows server 2016/2019

CentOS

Passwork 4

Update to Passwork 4

Passwork 3

Legacy

User manual

Passwork 6.1

Passwork 6.2

Passwork 6.3

Passwork 6.4

Passwork 7.0

Release notes

Help center