Map LDAP groups to roles

Describes how to map LDAP authorization groups to Redis Enterprise roles using the Cluster Manager UI.

Redis Enterprise Software uses a role-based mechanism to enable LDAP authentication and authorization.

Once LDAP is enabled, you need to map LDAP groups to Redis Enterprise access control roles.

Map LDAP groups to roles

To map LDAP groups to access control roles in the Cluster Manager UI:

  1. Select Access Control > LDAP > Mapping.

    You can map LDAP roles when LDAP configuration is not enabled, but they won't have any effect until you configure and enable LDAP.
    Enable LDAP mappings Panel
  2. Select the + Add LDAP Mapping button to create a new mapping and then enter the following details:

    Setting Description
    Name A descriptive, unique name for the mapping
    Distinguished Name The distinguished name of the LDAP group to be mapped.
    Example: cn=admins,ou=groups,dc=example,dc=com
    Role The Redis Software access control role defined for this group
    Email (Optional) An address to receive alerts
    Alerts Selections identifying the desired alerts.
    Enable LDAP mappings Panel
  3. When finished, select the Save button.

Create a mapping for each LDAP group used to authenticate and/or authorize access to Redis Enterprise Software resources.

The scope of the authorization depends on the access control role:

  • If the role authorizes admin management, LDAP users are authorized as cluster management administrators.

  • If the role authorizes database access, LDAP users are authorized to use the database to the limits specified in the role.

  • To authorize LDAP users to specific databases, update the database access control lists (ACLs) to include the mapped LDAP role.

More info

Back to top ↑