When ldap.ini [LDAPSettings] LDAPCreateMissingGroups=disabled, the LDAP login handler will try to match LDAP user groups with existing eZ Publish user groups according to the LDAP settings. It will not create user groups in eZ Publish.

When no match is found, it will instead assign the user to the default group given by site.ini [UserSettings] DefaultUserPlacement - normally the "Members" group. This is undesirable when the LDAP server has groups that are not relevant in eZ Publish. It would be better to have a setting that is a list of group names to ignore when matching.

The feature is equally useful when ldap.ini [LDAPSettings] LDAPCreateMissingGroups=enabled. In this case, groups on the ignore list would not be created.