"Look up LDAP Groups" is not persistent


I created a new group to map it to an existing LDAP group. Checking “Look up LDAP Groups” option presents a field to input a user to look up. I’ve set everything up and “retrieve” doesn’t return any error. Once the group is saved, and edited again, the “Look up LDAP Groups” option is unchecked.
Is this an expected behavior? I get an error saying “unable to match user’s group membership to an EVM role”.
How should I map LDAP groups?

Thank you in advance!

@Joe_Vlcek @abellotti Do you know?

“Look up LDAP Groups” is used to help create the group. Don’t enter the group name manually but instead, after clicking the “retrieve” button, select a group from the newly populated dropdown and select a “Role” and a “Tenant” to associate with the group. Then click the “Save” button

Additionally, these two blog posts should help:

Especially this section on ManageIQ Groups and Roles

1 Like

Thank you very much! This helped a lot understanding how it works.

Apparently, “Get Groups from Home Forest” was unchecked in authentication settings.
Enabling that and creating groups properly did the job.