The JFrog Platform Deployment (JPD) supports the following ways of mapping groups to LDAP schemas:
Static: Group objects are aware of their members, however, the users are not aware of the groups they belong to.
Each group object such as
groupOfNames
orgroupOfUniqueNames
holds its respective member attributes, typicallymember
oruniqueMember
, which is a user DN.
Dynamic: User objects are aware of what groups they belong to, but the group objects are not aware of their members.
Each user object contains a custom attribute, such as
group
, that holds the group DNs or group names of which the user is a member.
Hierarchy: The user's DN is indicative of the groups the user belongs to by using group names as part of user DN hierarchy.
Each user DN contains a list of
ou
's or custom attributes that make up the group association.For example,
uid=user1,ou=developers,ou=uk,dc=jfrog,dc=org
indicates thatuser1
belongs to two groups:uk
anddevelopers
.
Using OpenLDAP
From Artifactory version 7.37.17, the Dynamic strategy is supported.
Prior to Artifactory version 7.37.17, when using OpenLDAP, you can't apply the Dynamic strategy because the memberOf
attribute is not defined by default (memberOf
is an overlay), so JPD would not be able to fetch it from the LDAP server.