Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-10141

Username collation discrepancy when using LDAP password, encrypted passwords and API Keys

    XMLWordPrintable

    Details

    • Severity:
      High
    • Release Notes:
      Yes

      Description

      Artifactory fails to authenticate a user against an LDAP server when the provided username is in uppercase and the password is encrypted. This is seen when using maven.

      We were able to reproduce this behavior in Artifactory version 4.7.4. In our LDAP server the username was created as "USER1" and when we attempt to login to Artifactory via the web UI the login was successful when we supplied the username as "user1" and also when we tried "USER1".

      Once logged in we copied the encrypted password from the user profile page and when used with maven we noticed that the authentication fails when providing the username as "USER1" which matches the username in LDAP server. But authentication works when providing the username as "user1" with the same encrypted password.

      From the logs when using an encrypted password the authentication fails for "USER1" with an error stating that the user does not exist. When providing a plain text password in the "settings.xml" file we noticed that the authentication is successful irrespective of the case of the username

        Attachments

          Activity

              People

              Assignee:
              tomers Tomer Slutsky
              Reporter:
              nihalc@jfrog.com Nihal Reddy Chinna Choudhary
              Votes:
              7 Vote for this issue
              Watchers:
              10 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: