英文:
Artifactory - Unable to add LDAP settings using either YAML config or API
问题
使用YAML:我正在尝试使用YAML配置来为Artifactory JCR添加LDAP设置。根据以下建议,我尝试使用107.63.7版本的Helm图表(应用程序版本7.63.7):从Artifactory版本7.63及更高版本开始,您可以使用Access配置引导YAML来设置身份验证提供程序配置,详细信息请参阅此页面:此链接。在检查upstream Helm图表时,我找不到任何关于access.security.bootstrap.yml的提及。这让我想知道Helm图表是否与最新的更改保持同步。我想尝试将LDAP设置块附加到以下密钥,尽管我看到copy-system-configurations容器将内容复制到/var/opt/jfrog/artifactory/etc/access/access.config.patch.yml,但LDAP无法工作。这是一个问题。
stringData:
access.config.patch.yml: |
security:
tls: false
ldapSettings:
...
...
使用API:由于上述方法不起作用,我回退到了7.59.11版本,之后我找到了此链接并尝试了POST命令,但始终出现相同的错误。
$ curl -s -u admin:cmVm...已编辑...MjIz -X POST https://jcr.my.domain.com/access/api/v1/ldap/settings -H "Content-Type: application/json" -T ldap.json
{"errors":[{"code":"UNAUTHORIZED","message":"HTTP 401 Unauthorized","detail":"Request has failed. Due to incorrect username/password or locked user."}]}
还尝试了这种形式,但结果相同:
$ curl -s -u admin:cmVm...已编辑...MjIz -X POST https://jcr.my.domain.com/access/api/v1/ldap/settings -H "Content-Type: application/json" -d @ldap.json
还有几件事我想提一下:
- 我正在使用
Identity Token作为管理员用户的凭证 - 属性
Lock User After Exceeding Max Failed Login Attempts已禁用。
我更愿意使用文档建议的最新版本方法,即使用access.security.bootstrap.yml,而不是运行API命令,但我将感激任何帮助。如果我能知道如何使这两种方法都起作用,那就更好了。
英文:
Using YAML: I am trying to use the YAML configuration to add LDAP setting for Artifactory JCR. Tried using the helm chart version 107.63.7 (App ver.7.63.7) based on the following suggestion "Alternatively, from Artifactory version 7.63 and forward, you can use the Access Configuration Bootstrap YAML to set up authentication provider configuration" from this page. Checking the upstream helm chart, I could not find any mention of access.security.bootstrap.yml. This made me think whether the helm chart is up-to-date with the latest changes. I instead thought of appending the LDAP settings block to the following secret and although I could see the copy-system-configurations container copying the stuff to /var/opt/jfrog/artifactory/etc/access/access.config.patch.yml but LDAP didn't work. This is one issue.
stringData:
access.config.patch.yml: |
security:
tls: false
ldapSettings:
...
...
Using API: Since above didn't work, I reverted to version 7.59.11 after I came across this link and tried the POST command but that always keep throwing the same error.
$ curl -s -u admin:cmVm...redacted...MjIz -X POST https://jcr.my.domain.com/access/api/v1/ldap/settings -H "Content-Type: application/json" -T ldap.json
{"errors":[{"code":"UNAUTHORIZED","message":"HTTP 401 Unauthorized","detail":"Request has failed. Due to incorrect username/password or locked user."}]}
Also tried this form but same result:
$ curl -s -u admin:cmVm...redacted...MjIz -X POST https://jcr.my.domain.com/access/api/v1/ldap/settings -H "Content-Type: application/json" -d @ldap.json
Few things I would like to mention:
- I am using
Identity Tokenfor admin user - Property
Lock User After Exceeding Max Failed Login Attemptsis disabled.
I would preferably like to use the method that the docs suggest for the latest version i.e., using the access.security.bootstrap.yml instead of running the API command but any help will be appreciated. Even better if I get to know how to get both the methods working.
答案1
得分: 1
我迅速测试了REST API,它完全正常工作。
以Admin身份登录 > 右上角 > 编辑个人资料 > 输入密码 > 创建身份令牌
现在使用上述令牌运行以下命令
curl -H "Authorization: Bearer XXXXXXXXXX" "http://myartifactory.jfrog.io/access/api/v1/ldap/settings" -t editldap.json
其中我的editldap.son如下所示。
{
"key": "ldap1",
"enabled": true,
"ldap_url": "ldap://somehost",
"user_dn_pattern": "uid={0}",
"search": {
"search_filter": null,
"search_base": null,
"search_sub_tree": false,
"manager_dn": null,
"manager_password": null
},
"auto_create_user": true,
"email_attribute": "email",
"ldap_poisoning_protection": false,
"allow_user_to_access_profile": false,
"paging_support_enabled": true
}
我认为你传递方式不正确。尝试使用这个片段。
英文:
As it was handy, I quickly tested the REST API and it is working perfectly fine.
Logged in as Admin > Right side top corner > Edit profile > Passed the password > Create Identity Token
Now ran the below command with the above token
curl -H "Authorization: Bearer XXXXXXXXXX" "http://myartifactory.jfrog.io/access/api/v1/ldap/settings" -t editldap.json
where my editldap.son as below.
{
"key": "ldap1",
"enabled": true,
"ldap_url": "ldap://somehost",
"user_dn_pattern": "uid={0}",
"search": {
"search_filter": null,
"search_base": null,
"search_sub_tree": false,
"manager_dn": null,
"manager_password": null
},
"auto_create_user": true,
"email_attribute": "email",
"ldap_poisoning_protection": false,
"allow_user_to_access_profile": false,
"paging_support_enabled": true
}
I think the way you are passing is wrong. Give a try with this snippet.
答案2
得分: 0
使用“身份令牌”,以下是最终适用于我的语法:
curl -H "Authorization: Bearer xyZd...SUpx" "https://<my-artifactory>/access/api/v1/ldap/settings" -d @ldap.json -H 'Content-Type: application/json'
英文:
Using Identity Token, this is the syntax that finally worked for me:
curl -H "Authorization: Bearer xyZd...SUpx" "https://<my-artifactory>/access/api/v1/ldap/settings" -d @ldap.json -H 'Content-Type: application/json'
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论