Artifactory to support Active Directory group nested search with an Active Directory constructed attribute:
As per the link above, the single prerequisite is that the feature requires Windows Server 2012 R2 version and above.
Nothing needs to be enabled from the AD/Windows Server side.
- It appears the maximum number of groups that can be retrieved when using this search is 4500 - however, when a user has this number of groups he cannot even be able to do an (LDAP) login, even outside/unrelated to the Artifactory authentication.
- This improves on the Group Membership Attribute search: member: 1.2.840.1135220.127.116.111: search, which can demonstrate slowness of calculating the nested group structure for complex LDAP trees
To enable the feature:
Use Dynamic Strategy under a group setting definition, and use the msds-memberOfTransitive value as the membership attribute.