Search code examples
jfrog-container-registry

Artifactory - Unable to add LDAP settings using either YAML config or API

Using YAML: I am trying to use the YAML configuration to add LDAP setting for Artifactory JCR. Tried using the helm chart version 107.63.7 (App ver.7.63.7) based on the following suggestion "Alternatively, from Artifactory version 7.63 and forward, you can use the Access Configuration Bootstrap YAML to set up authentication provider configuration" from this page. Checking the upstream helm chart, I could not find any mention of access.security.bootstrap.yml. This made me think whether the helm chart is up-to-date with the latest changes. I instead thought of appending the LDAP settings block to the following secret and although I could see the copy-system-configurations container copying the stuff to /var/opt/jfrog/artifactory/etc/access/access.config.patch.yml but LDAP didn't work. This is one issue.

stringData:
  access.config.patch.yml: |
    security:
      tls: false
      ldapSettings:
      ...
      ...

Using API: Since above didn't work, I reverted to version 7.59.11 after I came across this link and tried the POST command but that always keep throwing the same error.

$ curl -s -u admin:cmVm...redacted...MjIz -X POST https://jcr.my.domain.com/access/api/v1/ldap/settings -H "Content-Type: application/json" -T ldap.json
{"errors":[{"code":"UNAUTHORIZED","message":"HTTP 401 Unauthorized","detail":"Request has failed. Due to incorrect username/password or locked user."}]}

Also tried this form but same result:

$ curl -s -u admin:cmVm...redacted...MjIz -X POST https://jcr.my.domain.com/access/api/v1/ldap/settings -H "Content-Type: application/json" -d @ldap.json

Few things I would like to mention:

  • I am using Identity Token for admin user
  • Property Lock User After Exceeding Max Failed Login Attempts is disabled.

I would preferably like to use the method that the docs suggest for the latest version i.e., using the access.security.bootstrap.yml instead of running the API command but any help will be appreciated. Even better if I get to know how to get both the methods working.

Solution

  • Using Identity Token, this is the syntax that finally worked for me:

    curl -H "Authorization: Bearer xyZd...SUpx" "https://<my-artifactory>/access/api/v1/ldap/settings" -d @ldap.json -H 'Content-Type: application/json'