Reputation: 8107
Artifactory - Unable to add LDAP settings using either YAML config or API
Using YAML: I am trying to use the YAML configuration to add LDAP setting for Artifactory JCR. Tried using the helm chart version 107.63.7 (App ver.7.63.7) based on the following suggestion "Alternatively, from Artifactory version 7.63 and forward, you can use the Access Configuration Bootstrap YAML to set up authentication provider configuration" from this page. Checking the upstream helm chart, I could not find any mention of access.security.bootstrap.yml. This made me think whether the helm chart is up-to-date with the latest changes. I instead thought of appending the LDAP settings block to the following secret and although I could see the copy-system-configurations container copying the stuff to /var/opt/jfrog/artifactory/etc/access/access.config.patch.yml but LDAP didn't work. This is one issue.
stringData:
access.config.patch.yml: |
security:
tls: false
ldapSettings:
...
...
Using API: Since above didn't work, I reverted to version 7.59.11 after I came across this link and tried the POST command but that always keep throwing the same error.
$ curl -s -u admin:cmVm...redacted...MjIz -X POST https://jcr.my.domain.com/access/api/v1/ldap/settings -H "Content-Type: application/json" -T ldap.json
{"errors":[{"code":"UNAUTHORIZED","message":"HTTP 401 Unauthorized","detail":"Request has failed. Due to incorrect username/password or locked user."}]}
Also tried this form but same result:
$ curl -s -u admin:cmVm...redacted...MjIz -X POST https://jcr.my.domain.com/access/api/v1/ldap/settings -H "Content-Type: application/json" -d @ldap.json
Few things I would like to mention:
- I am using
Identity Tokenfor admin user - Property
Lock User After Exceeding Max Failed Login Attemptsis disabled.
I would preferably like to use the method that the docs suggest for the latest version i.e., using the access.security.bootstrap.yml instead of running the API command but any help will be appreciated. Even better if I get to know how to get both the methods working.
Upvotes: 0
Views: 723
Answers (2)
Reputation: 8107
Using Identity Token, this is the syntax that finally worked for me:
curl -H "Authorization: Bearer xyZd...SUpx" "https://<my-artifactory>/access/api/v1/ldap/settings" -d @ldap.json -H 'Content-Type: application/json'
Upvotes: 0
Reputation: 579
As it was handy, I quickly tested the REST API and it is working perfectly fine. Logged in as Admin > Right side top corner > Edit profile > Passed the password > Create Identity Token
Now ran the below command with the above token
curl -H "Authorization: Bearer XXXXXXXXXX" "http://myartifactory.jfrog.io/access/api/v1/ldap/settings" -t editldap.json
where my editldap.son as below.
{
"key": "ldap1",
"enabled": true,
"ldap_url": "ldap://somehost",
"user_dn_pattern": "uid={0}",
"search": {
"search_filter": null,
"search_base": null,
"search_sub_tree": false,
"manager_dn": null,
"manager_password": null
},
"auto_create_user": true,
"email_attribute": "email",
"ldap_poisoning_protection": false,
"allow_user_to_access_profile": false,
"paging_support_enabled": true
}
I think the way you are passing is wrong. Give a try with this snippet.
Upvotes: 1
Related Questions
- not able to set replication for "docker" repository on replica server
- JFrog Artifactory is not connecting to postgresql in AWS eks after pod restart. We are using Postgresql as an external database
- JFrog Container Registry 7.3.2 won't work with Active Directory
- JFrog Container Registry Problems with LDAP