: This will happen only in case the user is part of several external groups, and some of them are with admin permissions and some aren't
: This affects all external authentication providers, not only LDAP
LDAP users linked to LDAP Groups configured as admin ("Admin Privileges" option is enabled in the group configuration) does not have admin privileges although these groups and users marked as "Admin" in Artifactory.
Steps to reproduce:
- Install Artifactory latest version (currently 6.8.3)
- Install an LDAP server
- Create groups which aggregate user(s) in LDAP
- Configure Artifactory with LDAP
- Import LDAP groups
- Configure in Artifactory an LDAP group with admin privileges (enable "Admin Privileges" option in the groups configuration)
- Log in with an LDAP user which is a member of the group from #6
- notice the user does not have admin privileges (Admin Tab is grayed out)
In addition, note that the above functionality works in previous versions (below 6.8.0), therefore the Admin privileges of LDAP users which linked to LDAP groups as described above will be lost by upgrading from version below 6.8.0 to versions 6.8.0 and above.
Tested from version 5.8.9 to 6.8.2
And from version 6.7.2 to 6.8.3
Screenshots attached for reference:
- Two screenshots logged in as Artifactory internal Admin user to view the LDAP group and LDAP user permissions as presented in Artifactory.
- screenshot which shows the LDAP user logged in without admin privileges
As a workaround, you can update the user to be an 'admin' regardless of the groups he is member of. In order to do so:
1. Get the user by running:
This is an example of the response:
2. Send a POST to update the user to be an admin by setting it to true, for example:
See above that the "admin" is set to "true"