Note before syncing your group to LDAP: please be aware that when you sync a group to LDAP, everyone with a privileged bind can see group membership. If you prefer to keep your group membership confidential, do not sync to LDAP.
To sync your group to LDAP using the CalGroups application, do the following:
- Go to your CalGroups group page.
- On the top right, click on “More Actions”.
- Select “Edit Provisioning Info”.
- You will see “Sync to LDAP”.
- Setting this to "yes" will add the group name to berkeleyEduIsMemberOf attribute of the group members in LDAP*. Any changes to the local group will continue to be pushed to LDAP.
- Setting this to "no" will remove the group name from berkeleyEduIsMemberOf attribute of the members.
- By default, groups larger than 350 members will not be provisioned.
As of March 17, 2017, we will only sync to the berkeleyEduIsMemberOf attribute and will remove the actual LDAP groups from ou=campus groups. That part of the name, however, will still remain in the group paths listed in berkeleyEduIsMemberOf. Since we will be removing the actual groups, the virtual attribute, isMemberOf, will no longer be accurate and should not be used. Going forward, you should only use berkeleyEduIsMemberOf.