Skip to Content

Use LDAP Group for Role Owner approver assignment


I am looking for some input on how to get my AD LDAP Groups (DL or Global) to populate in the "Distribution List Name" field for "owner Assignment: New" when allowing access to approve Roles/Controls/FFID.

We have this option in 5.3 but the system users the portal which pulls in the LDAP groups and we assign the pcd:portal role for them to that group.

In 10.X we need to synch LDAP to pull those groups in and this is where I am stuck.

I have successfully synch LDAP and use it to find my users in the provision process and populate all of my access request required fields correctly. (i.e manager, employee ID, position, etc....)

I cannot find any groups in that search screen.

When I run Tcode LDAP and do a search on the object class=group (I can even search on the binary object class for DL's) all of the groups are displayed in that search so I am seeing them in the LDAP connection.

any insight would be helpful.



ldap-group.jpg (93.7 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Dec 07, 2017 at 11:43 PM

    If not LDAP group how about using the Owner Group option?

    I created a SUGR group for each type of owner assignment and added users to that group.

    When I try to load my roles through the role import group it is still no recognizing the users in the SUGR group either.

    Does this functionality even work?

    Add comment
    10|10000 characters needed characters exceeded