User groups
User Groups in User Management displays a list of user groups.
User groups can contain references to individual users or references to groups defined on an existing LDAP server.
Users can be assigned to groups during user account configuration, or by creating or editing the groups to add users to it.
The User Groups tab contains the following options:
Create |
Select to create a new user group. |
Edit |
Select to edit the selected user group. |
Delete |
Select to delete the selected user groups. |
Search |
Enter a search term in the search field, then hit |
To create a new user group:
- Go to User Management > User Groups.
- Select Create to create a new user group.
The Create New User Group window opens.
-
Enter the following information:
Name
Name of the group.
Type
Select the type of the group:
Remote
Local User
Members
Select + to add existing members to the user group from the list and select Close, or select Create to create a new user.
See Creating a user.
Use the search bar to look for a user.
Remote Groups
By adding a remote server to the user group, the group will contain all user accounts on that server.
Optionally, a specific user group on the remote server can be included to restrict the scope to that group.
Note: This pane is available only when the Type is Remote.
Select remote groups from the list and select Delete to delete the remote groups.
Select a remote group from the list and select Edit to edit the remote group.
- Click OK.
To create a new remote group:
- In the Create New User Group window, select Create in Remote Groups.
The Remote Groups pane is only available when the Type is Remote.
The Add Group Match window opens.
- In Remote Server dropdown, select LDAP, RADIUS, and SAML servers:
-
If an LDAP server is selected, from the remote users list, select the remote users to import.
At least one LDAP server must be already configured. See LDAP servers.
Hold
ctrl
and click to select multiple users.To narrow down your search, see Column filter.
You can filter your search by Group, or enter a custom filter and select Apply.
Enable Show entries in subtree to list remote users in the subtree.
LDAP filters consist of one or more clauses which can be combined with logical AND/OR operators.
Filter syntax differs depending on the LDAP server software.
See the following examples examples:
Users with given name starting with the letter "h":
(&(objectClass=person)(givenName=h*))
All groups:
(&(objectClass=posixGroup)(cn=*))
- Optionally, if a RADIUS server is selected, select +, and enter group names in Groups.
At least one RADIUS server must be already configured. See RADIUS servers.
- Optionally, if a SAML server is selected, select +, and enter group names in Groups.
At least one SAML server must be already configured.
-
If an LDAP server is selected, from the remote users list, select the remote users to import.
- Click OK to save changes to group match.
Alternatively, use the CLI commands to create a user group. |
CLI configuration to set up an LDAP user group example:
config user group
edit <ldap_group_name>
set member <ldap_server_name>
config match
edit 1
set server-name <ldap_server_name>
set group-name "cn=User,dc=XYA, dc=COM"
next
end
next
end
CLI configuration to set up a RADIUS user group example:
config user group
edit <radius_group_name>
set member <radius_server_name>
next
end