Map LDAP groups to roles
Describes how to map LDAP authorization groups to Redis Enterprise roles using the Cluster Manager UI.
Redis Enterprise Software uses a role-based mechanism to enable LDAP authentication and authorization.
Once LDAP is enabled, you need to map LDAP groups to Redis Enterprise access control roles.
Map LDAP groups to roles
To map LDAP groups to access control roles in the Cluster Manager UI:
-
Select Access Control > LDAP > Mapping.
Note:You can map LDAP roles when LDAP configuration is not enabled, but they won't have any effect until you configure and enable LDAP.
-
Select the + Add LDAP Mapping button to create a new mapping and then enter the following details:
Setting Description Name A descriptive, unique name for the mapping Distinguished Name The distinguished name of the LDAP group to be mapped.
Example:cn=admins,ou=groups,dc=example,dc=comRole The Redis Software access control role defined for this group Email (Optional) An address to receive alerts Alerts Selections identifying the desired alerts. 
-
When finished, select the Save button.
Create a mapping for each LDAP group used to authenticate and/or authorize access to Redis Enterprise Software resources.
The scope of the authorization depends on the access control role:
-
If the role authorizes admin management, LDAP users are authorized as cluster management administrators.
-
If the role authorizes database access, LDAP users are authorized to use the database to the limits specified in the role.
-
To authorize LDAP users to specific databases, update the database access control lists (ACLs) to include the mapped LDAP role.
More info
- Enable and configure role-based LDAP
- Update database ACLs to authorize LDAP access
- Learn more about Redis Enterprise Software security and practices