The LDAP Groups Add-on allows you to synchronize your LDAP groups with Artifactory and leverage your existing organizational structure for managing group-based permissions.
Unlike many LDAP integrations, LDAP groups in Artifactory use super-fast caching, and has support for both Static, Dynamic and Hierarchical mapping strategies. Powerful management is accomplished with multiple switchable LDAP settings and visual feedback about the up-to-date status of groups and users coming from LDAP.
LDAP groups synchronization works by instructing Artifactory about the external groups authenticated users belong to. Once logged-in, you are automatically associated with your LDAP groups and inherit group-based permission managed in Artifactory.
LDAP Groups settings are available under the Admin tab and then
To use LDAP groups you must first set up an LDAP server for authentication from the LDAP Settings screen. You must also alert Artifactory about the correct LDAP group settings to use with your existing LDAP schema.
Group Synchronization Strategies
Artifactory supports three ways of mapping groups to LDAP schemas:
Synchronizing LDAP Groups with Artifactory
Once you have configured how groups should be retrieved from your LDAP server, you can verify your set up by clicking the
You are now ready to synchronize/import groups into Artifactory. The groups table allows you to select which groups to import and displays the sync-state for each group:
A group can either be completely new or already existing in Artifactory. If a group already exists in Artifactory it can become outdated (for example, if the group DN has changed) - this is indicated in the table so you can select to re-import it.
Once a group is imported (synced) a new external LDAP group is created in Artifactory with the name of the group.
Once you have imported LDAP groups, you can Manage Permissions on them as with regular Artifactory groups. Users association to these groups is external and controlled strictly by LDAP.
Watch the Screencast