LDAPAuthentication

With group synchronization, a user's AD groups are regularly retrieved from AD (the first time they log in each day and then about once an hour) and matched to the groups assigned in the wiki. If a group assigned in the wiki is not in the list of AD groups, the user is removed from it - and vice versa.

If, for example, you create and authorize a "Wiki_Editor" group in the wiki, a group with the exact same name must also be created in AD and the users must be added accordingly. In this case, you no longer need to assign groups in the wiki's user management. This happens automatically through the existence of the group alone.

If it is not possible to create the group in AD and you are dependent on the user administration to assign the groups, we have to put the corresponding group in the configuration of the wiki on the list of "locally managed groups".

Therefore, there are two options:

1. You create the group in AD and assign the users there. Then, you create them in the wiki via the group management and authorize them via the rights management. In this case you only need the support of your internal IT and no assistance from us.

2. You only create the group via the group administration, assign rights via the rights administration and assign the users to the groups manually via the user administration. In this case, we have to put the group on the list of "locally administered groups". We need server access for this and you are responsible for the assignment yourself. Of course, we can also provide instructions for your IT that describe what needs to be done in this case. In this case you would not need our support.