The JFrog Platform Deployment (JPD) supports the following ways of mapping groups to LDAP schemas:
Static: Group objects are aware of their members, however, the users are not aware of the groups they belong to.
Each group object such as
groupOfUniqueNamesholds its respective member attributes, typically
uniqueMember, which is a user DN.
Dynamic: User objects are aware of what groups they belong to, but the group objects are not aware of their members.
Each user object contains a custom attribute, such as
group, that holds the group DNs or group names of which the user is a member.
Hierarchy: The user's DN is indicative of the groups the user belongs to by using group names as part of user DN hierarchy.
Each user DN contains a list of
ou's or custom attributes that make up the group association.
user1belongs to two groups:
When using OpenLDAP, you can't apply the Dynamic strategy because the
memberOf attribute is not defined by default (
memberOf is an overlay), so JPD would not be able to fetch it from the LDAP server.