Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-15394

Failed LDAP authentication removes user's groups


    • Type: Bug
    • Status: Resolved
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 5.6.2
    • Fix Version/s: 5.10.4
    • Component/s: LDAP, Security
    • Labels:
    • Sprint:
      Leap 28, Leap 29


      Failed LDAP authentication removes user's groups.

      The problem:

      A common scenario is for LDAP users to use their API keys instead of their username/passwords. Since permissions are usually associated with groups and those groups are associated with LDAP groups, losing these LDAP groups renders the API key useless (since it will never attempt to reauthenticate and get the group again due to RTFACT-13669).

      To reproduce:

      1. Setup an Artifactory instance with LDAP and LDAP group settings (allow create internal user and access profile)
      2. Import a group from the LDAP groups
      3. Log in with a user that has the group we imported in step 2
      4. Verify in Artifactory that the user from #3 has the group associated from #2
      5. Assign a permission to the group from #2 that is not available to the user otherwise
      6. Run a REST call that makes use of the permission using the API KEY - verify that it works
      7. Attempt to log in as the user again but with the wrong password
      8. Notice the user loses his group associated and rerunning the REST call will always fail (due to RTFACT-13669) until the user logs in again using the correct username/password


          Issue Links



              • Assignee:
                nadavy Nadav Yogev
                arturoa Arturo Aparicio
                Assigned QA:
                Shay Bagants
              • Votes:
                7 Vote for this issue
                13 Start watching this issue


                • Created: