The user group (role) and authorization are independent of the LDAP server, and are managed within CySight.
"Operation" and "Customer" users are authorized with the traffic relative to Devices(Router/Switch) and/or Interfaces and/or IP ranges.
To authenticate a user using an LDAP server the CySight administrator must configure using the CySight LDAP configuration panel.
1) Using the add option supply the following:
- ldap server domain name
- user pattern
- protocol ldap or ldaps and corresponding port
- trust store of ldap server public key if ldaps - security ldap
![Image](https://cysight.ai/analyzer/ldap/netflow-auditor-analyzer-ldap-authentication-1.png)
2) Add a user with the option to authenticate using the ldap server. You need to add authorization for each user in CySight.
![Image](https://cysight.ai/analyzer/ldap/netflow-auditor-analyzer-ldap-authentication-2.png)
When logging in the User needs to choose the ldap server authentication option.
![Image](https://cysight.ai/analyzer/ldap/netflow-auditor-analyzer-ldap-authentication-3.png)