Restore team LDAP instructions (#37175)

lecoursen · web-flow · commit 3227dba98b45 · 2023-05-23T13:51:57.000Z
diff --git a/content/organizations/organizing-members-into-teams/adding-organization-members-to-a-team.md b/content/organizations/organizing-members-into-teams/adding-organization-members-to-a-team.md
@@ -24,6 +24,12 @@ shortTitle: Add members to a team
 
 {% data reusables.organizations.team-synchronization %}
 
+{% ifversion ghes %}
+
+## Adding organization members to a team
+
+{% endif %}
+
 {% data reusables.profile.access_org %}
 {% data reusables.user-settings.access_org %}
 {% data reusables.organizations.specific_team %}
@@ -34,7 +40,16 @@ shortTitle: Add members to a team
 
 {% ifversion fpt or ghec %}{% data reusables.organizations.cancel_org_invite %}{% endif %}
 
+{% ifversion ghes %}
+
+## Mapping teams to LDAP groups (for instances using LDAP Sync for user authentication)
+
+A team that's [synced to an LDAP group](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap#enabling-ldap-sync) is indicated with a special LDAP badge. The member list for an LDAP synced team can only be managed from the LDAP group it's mapped to.
+
+To add a new member to a team synced to an LDAP group, add the user as a member of the LDAP group, or contact your LDAP administrator.
+
+{% endif %}
+
 ## Further reading
 
-- "[AUTOTITLE](/organizations/organizing-members-into-teams/about-teams)"
 - "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository)"
diff --git a/content/organizations/organizing-members-into-teams/creating-a-team.md b/content/organizations/organizing-members-into-teams/creating-a-team.md
@@ -22,6 +22,12 @@ Only organization owners and maintainers of a parent team can create a new child
 
 {% data reusables.organizations.team-synchronization %}
 
+{% ifversion ghes %}
+
+## Creating a team
+
+{% endif %}
+
 {% data reusables.profile.access_org %}
 {% data reusables.user-settings.access_org %}
 {% data reusables.organizations.new_team %}
@@ -38,8 +44,34 @@ Only organization owners and maintainers of a parent team can create a new child
 {% data reusables.organizations.create_team %}
 1. Optionally, [give the team access to organization repositories](/organizations/managing-user-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository).
 
-## Further reading
+{% ifversion ghes %}
+
+## Creating teams with LDAP Sync enabled
+
+Instances using LDAP for user authentication can use LDAP Sync to manage a team's members. Setting the group's **Distinguished Name** (DN) in the **LDAP group** field will map a team to an LDAP group on your LDAP server. If you use LDAP Sync to manage a team's members, you won't be able to manage your team within {% data variables.location.product_location %}. The mapped team will sync its members in the background and periodically at the interval configured when LDAP Sync is enabled. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap#enabling-ldap-sync)."
+
+You must be a site admin and an organization owner to create a team with LDAP sync enabled.
+
+{% data reusables.enterprise_user_management.ldap-sync-nested-teams %}
+
+{% warning %}
+
+**Notes:**
+- LDAP Sync only manages the team's member list. You must manage the team's repositories and permissions from within {% data variables.product.prodname_ghe_server %}.
+- If an LDAP group mapping to a DN is removed, such as if the LDAP group is deleted, then every member is removed from the synced {% data variables.product.prodname_ghe_server %} team. To fix this, map the team to a new DN, add the team members back, and [manually sync the mapping](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap#manually-syncing-ldap-accounts).
+- When LDAP Sync is enabled, if a person is removed from a repository, they will lose access but their forks will not be deleted. If the person is added to a team with access to the original organization repository within three months, their access to the forks will be automatically restored on the next sync.
+
+{% endwarning %}
 
-- "[AUTOTITLE](/organizations/organizing-members-into-teams/about-teams)"
-- "[AUTOTITLE](/organizations/organizing-members-into-teams/changing-team-visibility)"
-- "[AUTOTITLE](/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy)"
+1. Ensure that [LDAP Sync is enabled](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap#enabling-ldap-sync).
+{% data reusables.profile.access_org %}
+{% data reusables.user-settings.access_org %}
+{% data reusables.organizations.new_team %}
+{% data reusables.organizations.team_name %}
+6. Under "LDAP group", search for an LDAP group's DN to map the team to. If you don't know the DN, type the LDAP group's name. {% data variables.product.prodname_ghe_server %} will search for and autocomplete any matches.
+{% data reusables.organizations.team_description %}
+{% data reusables.organizations.team_visibility %}
+{% data reusables.organizations.create-team-choose-parent %}
+{% data reusables.organizations.create_team %}
+
+{% endif %}
