Considerations for existing customers (LDAP)
If you have already set up users, groups, passwords, policies, and exceptions in the cloud manager and you want to switch to LDAP synchronization, consider the following:
- You can minimize the impact by carefully matching your LDAP group names and membership to the existing setup. Matching LDAP group names and membership to those already in the cloud service allows existing policy selections and settings to be maintained, as well as existing usernames/passwords where applicable.
- You are responsible for avoiding ambiguous configurations, for example, users belonging to multiple groups which are assigned to different policies. It is up to you to set up groups in the LDAP directories in such a way that ambiguities don't occur. (When there are ambiguities, the service selects the closest group-to-policy assignment for each individual user, taking the first group in alphabetical order where there are multiple assignments at the same hierarchical level.)
- Existing users can retain their passwords and whether you manage users through the portal, LDAP synchronization, or both is completely transparent to them.