Currently in order to cache external user groups in Artifactory you are required to have 1 of 2 implementations with SSO:
- SSO that has a provider exposing SCIM for reconcilitation of groups
- SSO combined with LDAP configuration plus the LDAP Sync Plugin
Fundamentally if you don't have SCIM as an option you are limited then to the SSO/LDAP/LDAP Sync Plugin configuration. There are arguments to be made that SCIM is less efficient at scale than a properly tuned LDAP system and for many SCIM APIs they are just frontends for a Active Directory server.
This request is to improve the SSO/LDAP/LDAP Sync Plugin configuration which lacks error handling or any SCIM like abilities. Currently if the current configuration times out or fails to trigger the plugin then a user is left without their external group sync.
New Features being asked in the SSO/LDAP/LDAP Sync Plugin configuration:
- add error handling for failed LDAP Sync Plugin queries to a Administrator configurable number of retries
- add ability to run a bulk user sync at a specific time or through manual trigger as lets say a catchup option