=========================================
Configuring Repository to use LDAP groups
=========================================


Repository can be configured to allow synchronizing the membership of
organization groups with groups in an LDAP directory. Owners of an
organization can select a specific LDAP group as the source of group
members.

Once this is enabled, users who sign in to Repository who are members
of the LDAP group automatically are granted the permissions of the
organization group.

To enable LDAP groups, configure the following:

* Authenticated bind to LDAP. Repository needs to perform searches
  against the directory to determine the available groups and the
  membership of those groups.

* A query for Repository to identify the groups in your LDAP directory.
  For more information, see :ref:`tls-group-search`.

If LDAP synchronization is disabled or the LDAP server is unreachable,
the member list at the time is used for the group.

To administer and debug LDAP synchronization, a superuser can
visit::

  http://your.anaconda.repository/admin/ldap

NOTE: Replace ``your.anaconda.repository`` with your Repository IP
address or domain name.
