In Group Permissions you can set the default group for any user that doesn't have a group set yet. That also means users that have no properties defined in Access Server.
In Access Server, if a user has no properties defined, it just gets assumed default values. Like the default group setting I just mentioned for example. You can also set a default setting to give everyone autologin privileges, for example. That's a little harder to do as it requires a command line blurb to do that. But the idea is simply that if there is nothing specific about a user, it doesn't need to be in User Permissions.
Having said that, what might be useful to you is our post_auth script that, after successful login, can assign a specific group to a user based on that user's group membership in the LDAP server. So if in your LDAP server your LDAP user is part of the LDAP group "Administrators" then you can have the post_auth script recognize this when that LDAP user logs in at your Access Server, and then put that user in an Access Server group like "VPN Admins" or something. You can also rewrite the script very slightly so it always put all users in a particular group, making the default group setting unnecessary, and has the added advantage that this is now a user specific property, so this user will show up in the User Permissions panel after first login.
The post_auth script can be found here:
https://openvpn.net/vpn-server-resource ... p-mapping/