Create an LDAP Sync Group within AD
Due to the limitation of utilizing LDAP Filters to target groups, and the inability to target nested Entra ID groups for the Enterprise Application, a dedicated group will be created. (I’ll explain further later on)
1. Create a new AD group
- Use a naming convention that signifies it’s used for ‘LDAP’
2. Add all users and groups that are assigned to the Entra Enterprise Application to this new LDAP AD group
- Going forward, any new groups added to the Entra Enterprise App must be added to this AD group as well to facilitate authentication via Linux PAM.
