Best practice for LDAP implementation is to use different attributes on individual entries in order to dynamically control group membership.
For example: inetOrgPerson might have
partner: true / false
And then group membership in a partner group is determined by the filter (partner=true), as an ACL
However, Clearspace X doesn't appear to support this. LDAP groups, within the product leverage the groupOfUniqueNames type and expect attibutes like uniquemember to determine who the members are.
Is there a way to leverage these dynamic groups inside Clearspace X, or am I stuck with static groups, which have performance and replication issues associated with them.
I noticed that the LDAP Groups admin set up has a group filter option, but that seems to just filter out which static groups can be used, not allow dynamic groups
You're right: both Clearspace and ClearspaceX don't support dynamic groups. One thing you could do would be to write a custom Group Manager implementation: directions / implementation here: