To add or edit a group
Optionally, select Memberships are set by user’s location in the LDAP directory checkbox. If this setting is enabled, when users log in or are identified through SSO, if their user object on the LDAP server is at the location specified in LDAP Location (or under it if appropriate), they are given membership to this user group for the session. This setting is disabled by default.
Local users and other groups also can be made members of the group on the Members view.
If you enable this setting, the LDAP Location field becomes active.
In the LDAP Location field, enter the location in the LDAP directory tree. The location can be given as a path (for example, domain.com/users) or as an LDAP distinguished name.
If LDAP user group mirroring is enabled, then for mirror user groups this field is read-only and displays the location in the LDAP directory of the mirrored group.