The docs aren't very helpful on this, I'm afraid (I'm submitting feedback).

All it says is that an Administrator cannot define users/roles, that is done at the LDAP server.
But then it doesn't tell you how to configure things on the LDAP Server to adjust this?


Users are only created upon login to ZR5. You can't apparently "browse" the LDAP directory for a list of users ahead of time and assign rights (why not, I don't know, but that should be a basic feature, IMO since ZRS had it).

So, what I need to do is somehow configure ZR5 so that:
If you login, and are a member of a specific LDAP group, you are a ZR5 Administrator
If you login, and are a member of a DIFFERENT LDAP Group, you are a ZR5 User