I'm running JFrog Artifactory 7.104 and am attempting to configure authentication against Active Directory (via LDAP). The LDAP Settings work fine, however the LDAP group settings do not return a result.
Configuration (baseDN obfuscated for obvious reasons):
URL: ldap://ad.example.com
Email Attribute: mail
Search Filter: sAMAccountname={0}
Search Base: OU=Users,DC=ad,DC=example,DC=com|OU=Partners,DC=ad,DC=example,DC=com
Manager DN: CN=ldapbind,OU=Admin,DC=ad,DC=example,DC=com
I can successfully make a test connection and have authenticated as an LDAP user with the above. The LDAP Group settings however do not ever propogate. I followed the example given at https://jfrog.com/screencast/configure-artifactory-with-ldap/ and have even attempted settings as per https://jfrog.com/help/r/jfrog-platform-administration-documentation/support-for-nested-entra-id-groups
First configuration attempt:
Mapping Strategy: static
Group Member Attribute: member
Group Name Attrubute: cn
Description Attribute: description
Filter: (objectClass=group)
Search Base: DC=ad,DC=example,DC=com
Search Subtree: True
Modified config:
Mapping Strategy: dynamic
Group Member Attribute: member:1.2.840.113556.1.4.1941:
Group Name Attrubute: cn
Description Attribute: description
Filter: (objectClass=group)
Search Base: DC=ad,DC=example,DC=com (Also tried null value)
Search Subtree: True
I even verified my settings at the server via ldapsearch and was able to return desired objects using the search base values using the same credentials configured in the application.
The actual base DN I want to use is OU=jfrog,OU=Groups,DC=ad,DC=example,DC=com that will contain groups mapped to the application. These groups will contain both individuals and groups of individuals.
After enabling debug logging I found that the issue isn't with LDAP, rather that the OSS version of JFrog doesn't support JFrog groups:
Search Ldap groups only supported for Pro license