Create a Group Using LDAP Queries and Filters

Prerequisites: Create LDAP queries. See Create an LDAP Query.

Instead of mapping an existing LDAP group to your AAA Server group, you can query your LDAP directory using LDAP group names and filters, such as "Job Title". For example, in our LDAP directory, there is one IT Manager per OU (Americas, EMEA, Asia).

You can create a new AAA Server group containing these members from different OUs, using LDAP queries and filters (based on fields such as "Job Title") for which you enter data for all members.

Important: LDAP users must belong to only one AAA Server group.
  1. In the left of the AAA Server Administration Console, right-click on Groups, and then select New Group.
  2. Enter the Name and select an LDAP query (for the OU from which you selected members for your LDAP group).
    In our example, "People" is the Organization Unit that contains the units named Americas, EMEA, and Asia.

  3. Click OK.


  4. In the Group / Gate Assignment portion of the screen, click Add.


  5. Select a Gate from the drop-down list.
  6. Select the authorization (AZ) and accounting (AC) profiles and click OK.
  7. Click Save to apply the group/gate assignment.