Administrator

Skipping LDAP Role Lookups (SkipRoleLookup)

When configuring an LDAP provider, use the SkipRoleLookup configuration option to grant the user all the roles retrieved using the UserRoleMembershipAttributes property from the LDAP user entry without looking up all the roles defined in the role search base.

Context

Setting SkipRoleLookup to true grants all the roles retrieved using the UserRoleMembershipAttributes property from the LDAP user entry. The user roles are not cross-referenced with the roles retrieved from the role search base using the role search filter.

This eliminates the need to look up all the roles defined in the role search base and match the role filter as roles are retrieved. If the list of roles granted to the authenticated user is to be restricted to the roles defined in the role search base, set SkipRoleLookup to false.