Authentication / LDAP - explain "Automatic user creation" option as an alternative for imports. closes https://github.com/opnsense/docs/issues/350

3 years ago · 9e91848423
parent 29cc458e28
commit 9e91848423
1 changed files with 14 additions and 0 deletions
--- a/source/manual/how-tos/user-ldap.rst
+++ b/source/manual/how-tos/user-ldap.rst
@ -49,6 +49,9 @@ Enter the following information:
 **Read properties**                                       *Fetch account details after successful login*
 **Synchronize groups**                                    *Enable to Synchronize groups, requires the option above*
 **Limit groups**                                          *Select list of groups that maybe considered during sync**
+ **Automatic user creation**                               *When groups are automatically synchronized,
+                                                           this offers the ability to automatically create the
+                                                           user when it doesn't exist.
 **Match case insensitive**                                *Allow mixed case input when gathering local user settings.*
 ================================ ======================== ===============================================================

@ -85,6 +88,7 @@ Enter the following information:
    in which case :code:`UsEr` equals :code:`user` (our system is case sensitive)


+
 Step 1.1 (optional) Synchronize groups.
 .........................................

@ -145,6 +149,16 @@ Click on the cloud import icon to start importing users.

 A new form will be show with the individual users, select the ones you like to import.

+.. Note::
+
+    The **Automatic user creation** option replaces manual imports in cases where account details can be
+    retrieved from the remote ldap server. Users created with this option should be removed manually from the firewall when
+    they are removed from (one of) the ldap server(s), which is the same as they would be maintained locally on manual imports.
+
+    As of version business edition  :code:`21.10`, the system will automatically query the ldap servers and remove unexisting users.
+    (not available in the community version of OPNsense)
+
+
 Step 5 - Update LDAP user privileges
 ------------------------------------
 Now if you go to :menuselection:`System --> Access --> Users` you will see all users including the