I watched yesterday's webcast about LDAP integration. Due to some audio problems and limited time I wasn't able to get an exact answer for my question.
Let's say I integrate DevTest with the existing LDAP. In the LDAP I create groups that map to the DevTest roles and I put the LDAP users into the corresponding LDAP groups.
With this setup every LDAP user is in the appropriate LDAP group. And every LDAP group is mapped to a DevTest role. And every DevTest role has appropriate DevTest permissions.
So, I do NOT want to give inidividual permissions in DevTest to single users because this would scatter permission definitions in LDAP and DevTest.
I understood in the webcast that I nevertheless need to add the users (by activating "autoAddUsers" or by creating them). Is this correct? Because with the setup described I actually don't need the users in DevTest. Authentication and authorisation is done on group level.
Thanks for clarifying