From Zoom, we can, not just pull the user accounts from the LDAP server but also groups, and the association of the users to those groups. Any group that is marked as a member of the filter group configured in Zoom will automatically get pulled to Zoom, and be created as a child-role under the MASTER_LDAP_ROLE in Zoom. After pulling, the admins will have to configure the projects and permissions as seen fit. By default, the pulled roles will be assigned to all projects and their permission level is set to the lowest (NONE).
If there are users who are members of the filter group, as well as other groups that have been pulled into Zoom, they will be mapped to the corresponding roles inside Zoom as well.
Once so pulled, the roles continue to live in the Zoom paradigm until they are removed from the membership of the filter group on the LDAP server itself. Following the first time pull, and the subsequent configuring of the required project / permission details, no further intervention is need on the Zoom server side for associating the new users to this group. As long as the new users are made members of the corresponding group on the LDAP side, the same mapping will get reflected on the Zoom side as well.