After setting up your LDAP connection, you then need to configure directory service groups and ensure users can log in to SaltStack Config.

Enabling groups and users

To configure directory service groups:

  1. In the Authentication workspace, select the required LDAP configuration.
  2. Select the Groups tab to see a list of groups retrieved from your LDAP configuration.
    Note: If you’re retrieving a large number of groups, the page might take up to a minute to load.
  3. Select the groups you want to enable in SaltStack Config.
  4. Select the Users tab to see a list of users retrieved from your LDAP configuration.
    Note: If you’re retrieving a large number of users, the page might take up to a minute to load.
  5. Select the users you want to enable in SaltStack Config.
    Note: Any users included in enabled groups are already selected and can’t be deselected.
    directory-service-users-enabled-group
  6. Click Save.

    You can now define Role-Based Access Control (RBAC) settings for the selected groups. However, the Roles workspace allows you to manage settings for individual users included in the selected groups only after the user’s first login. For more information, see Authentication process.

    For more on RBAC in SaltStack Config, see Roles and permissions.

Removing groups

To remove access for an entire group:

  1. In the Authentication workspace, select the required LDAP configuration.
  2. Select the Groups tab to see a list of groups included in the connection. Enabled groups are selected.
  3. Deselect groups you want to remove from SaltStack Config and click Save.

    Users included in the deselected groups can no longer log in to SaltStack Config.

    Note: Any groups you remove from your LDAP configuration are archived. Even though they're inactive and users can’t log in, they’re still visible in the Roles workspace. For more information, see Authentication process. For more on managing roles, see Roles and permissions.

Removing users

To remove access and archive specific users:

  1. In the Authentication workspace, select the LDAP configuration.
  2. Select the Users tab to see a list of users included in the connection. Enabled users are selected.
  3. Deselect users you want to remove from SaltStack Config and click Save.
    Note: You can’t deselect individual members of an enabled group. For more information, see Enabling groups and users.Any users you remove from your Directory Service connection are archived. Even though they’re inactive and can’t log in, they’re still visible in the Roles workspace if the user has previously logged in.For more information, see Authentication process.