Mapping LDAP security groups with roles in Passwork
You can configure synchronization between LDAP security groups and roles in Passwork. You can associate one or more roles to each group. When you add a user to such a group, Passwork will automatically assign the selected roles to the user.
To set up synchronization, go to the LDAP settings and set up integration with your LDAP or AD server. Then in the tab Group and role mapping you will see the list of your groups and you can link them to the roles.
Algorithm for synchronizing groups and roles:
- Take the selected LDAP groups and form a DN request to download users from them
- Load users from LDAP and process them one by one
- If you do not have the user in Passwork, then skip him from processing or create a new one (depending on the settings)
- If the user is found in Passwork, obtain the list of user groups from the LDAP
- Find all the roles associated with the groups
- Clean the list of the user's current roles and apply the list
💡 Passwork skips roles that were manually assigned to the user
Synchronization can be done manually from the Group and role mapping tab, or set to run automatically on a schedule.
No additional settings are required. Synchronization works with Passwork background tasks. Learn more about how background tasks work.
You need to set up PHP scripts to run on a schedule (Cron or Windows Scheduler). Learn more about how to do this:
💡 Update your Passwork to use the built-in background task engine