Which statement about mapping LDAP Groups to Roles is true? Select all that apply.

The statement that "The LDAP server is only checked on first login" accurately reflects how LDAP integration functions within the context of role mapping in Splunk. Once a user logs in for the first time and roles are assigned based on their LDAP group memberships, subsequent logins do not require the system to recheck the LDAP server for those mappings. This design helps to optimize performance and manage resources effectively as it avoids unnecessary queries to the LDAP server after the initial authentication.

The ability to map LDAP groups to roles involves considerations such as flexibility in role mapping and the handling of user access while ensuring the system remains manageable. Other provided statements do not accurately describe the standard behavior of LDAP group mappings in this context. For example, not all groups need to be mapped, which allows for a more streamlined configuration based on the specific needs of the organization, as well as the fact that mappings can indeed be changed at any time if the need arises, allowing administrators to adjust access as the organization's requirements evolve.