If a user belongs to multiple LDAP groups that are configured for automatic registration, Avaya Aura® Device Services must choose which settings to use. There might be the following use cases:

• User belongs to multiple LDAP groups with different names.

• User belongs to multiple LDAP groups with the same name. This might occur if the same user is configured on multiple LDAP servers.

User belongs to multiple LDAP groups with different names

Avaya Aura® Device Services sorts all LDAP groups that use the automatic registration functionality in case insensitive ascending alphabetical order and assigns a unique priority number to each LDAP group based on this order. If you have multiple LDAP servers in your deployment, Avaya Aura® Device Services sorts all groups in all servers. If a user belongs to multiple LDAP groups, Avaya Aura® Device Services uses the group settings with the highest priority for that user.

For example, Avaya Aura® Device Services might assign priorities as follows:

If a user belongs to cn=OtherGroup and cn=adminGroup groups, Avaya Aura® Device Services will use settings configured for the cn=adminGroup group.

User belongs to LDAP groups with the same name

An enterprise user can be configured on multiple LDAP servers. If the user is a member of groups that have the same name on these servers, Avaya Aura® Device Services determines which settings to use based on the provenance priority configured for each LDAP server on the LDAP Configuration page on the Avaya Aura® Device Services administration portal.

For example, the user johndoe@aads.example.com is configured on two LDAP servers: Open LDAP and Active Directory 2016. This user is a member of the cn=adminGroup group on both servers. If the provenance priority is 3 for the OpenLDAP server and 2 for the Active Directory server, then Avaya Aura® Device Services uses settings configured for the cn=adminGroup on Active Directory.