The JFrog Platform supports synchronization with Active Directory "Nested Groups".
From Artifactory 7.3, an improved Active Directory "Nested Groups" search is supported, providing performance improvements when working with LDAP.
Prerequisite
This feature requires that Active Directory run on Windows Server 2012 R2 version or later. There are no additional requirements for the Active Directory Windows Server side.
To enable the feature:
Set the Dynamic Strategy with a group setting definition
Set the
msds-memberOfTransitivevalue for the membership attribute.
Mapping Strategy: Dynamic
Group Membership Attribute: msds-memberOfTransitive
Group Name Attribute: cn
Filter: (objectClass=group)
Microsoft provides a unique OID for rule chain matching as part of the search filter syntax, as a result when executing an LDAP Query to the Active Directory using this OID, the Active Directory will return a list of all the groups according to the user's main group membership.
Mapping Strategy: Static
Group Membership Attribute: member:1.2.840.113556.1.4.1941:
Group Name Attribute: cn
Filter: (objectClass=group)
The following displays the settings.
 |