Test connection using the ldap SSO configuration saved in the account.

Number of seconds after which the authorization should be checked again.

Controls how we resolve conflicting role assignments with LDAP authorization.

When users are authorized through LDAP, their DSM group memberships are determined by their LDAP groups and the external role mappings created in DSM. For example, if the user belongs to 3 LDAP groups A, B and C, and these LDAP groups are mapped to DSM groups G1 and G2 in the following way:

• A -> G1 as "group auditor"
• B -> G1 as "group administrator"
• C -> G2 as "group administrator" Then which role should be assigned to this user in G1?

The answer to this question used to be simple before the introduction of custom user roles in DSM: we took the maximum of the roles. Note that the legacy roles (group admin/auditor) formed a strict "more powerful than" relation, i.e. group administrator is strictly more powerful than group auditor (and same is true for legacy account roles). However, custom user roles do not have that relationship anymore. Moreover, the legacy behavior is not quite square with the role exclusivity rules either since the legacy behavior can also be regarded as assigning multiple exclusive roles in the same group.

After the introduction of custom user roles, we allow a user to have multiple roles in one group as long as none of the roles are marked as exclusive. That rule is easily enforceable in the user Invite API. With LDAP authorization, the group memberships are computed dynamically when the Select Account API is called and it is possible that we run into conflicting role assignments due to user's LDAP group membership and current mappings between external roles (i.e. LDAP groups) and DSM groups.