Groups

You can view and manage security groups that Passwork loads from LDAP in the Groups tab of LDAP settings.

Each group can have one of the following values in the Status field:

User authorization can be restricted. If the restriction is enabled, a user will only be able to log in and register if they belong to one of the activated groups.

The pop-up button allows for a quick view of the users in the group:

Security groups load from LDAP in the following sequence:

If you change the DN group search request or delete a group that was previously used on the LDAP server, deleted groups and groups that were not found will receive a Deleted status when you perform a search again.

On the Groups tab, you can find the settings that Passwork will use when loading a list of security groups from LDAP:

Specify the Distinguished Name (DN) to define which part of the LDAP tree Passwork should use for importing.

Example:

The filter is used to determine what kind of data should be retrieved from the LDAP server.

Example:

Passwork allows you to add an additional DN and query filter in order to retrieve groups from two separate LDAP tree structures.

To add an additional DN and query filter, click the Add DN and Filter button located below the main filter field. This will display fields for entering the data.

Adding additional DN and filters allows you to enhance group search and management capabilities, providing more flexible system configuration. For example, if security groups are located in multiple LDAP trees, adding an extra DN and query filter for each tree helps avoid the time-consuming and resource-intensive process of loading the entire structure.

You can learn more about how filters work and see syntax examples in the section Filters for DN: Features and Examples.

Select an interval from the list to update the LDAP group list, or disable automatic updates. For the automatic group list update to work, background tasks must be configured in Passwork.