You are the Security Admin in your company. You want to synchronize all security groups that have an email address from your LDAP directory in Cloud IAM.
D mentions using the group object class attribute, but I don't want to make assumptions about my LDAP directory structure. A is the way to go, no doubt.
Option C looks like it could work, but I don't want to deal with the hassle of a management tool. I'll stick with the Google Cloud Directory Sync in A.
Option A seems like the most straightforward approach to synchronize the security groups with email addresses from the LDAP directory. One-way sync should be sufficient for this use case.
I think option C is the best choice. Using a management tool to sync based on email address attribute and creating a group in the Google domain will automatically assign Google Cloud IAM roles.
I disagree, I believe the answer is B. We need to configure Google Cloud Directory Sync for bidirectional sync to ensure all security groups with email addresses are synchronized.
I think the answer is A. We should configure Google Cloud Directory Sync to sync security groups using LDAP search rules that have 'user email address' as the attribute for one-way sync.
upvoted 0 times
...
Log in to Pass4Success
Sign in:
Report Comment
Is the comment made by USERNAME spam or abusive?
Commenting
In order to participate in the comments you need to be logged-in.
You can sign-up or
login
Eric
Shayne
6 days agoChuck
13 days agoNobuko
14 days agoTitus
23 days agoArthur
25 days agoDevora
1 months ago