When do the groups associated with an LDAP user get updated in Artifactory?

LDAP user authentication requests using Encrypted password or plain text password will update the LDAP group association changes from the LDAP server. LDAP user authentication requests using API key will not update the groups as the authentication is internal to Artifactory. Please note that the LDAP groups of a user are only updated when the user successfully authenticates to LDAP server via Artifactory using encrypted password(generated in Artifactory from user profile page) or LDAP password.

There is a caching mechanism for LDAP groups in Artifactory, so it will take 5 minutes before the user requests will start to fail after they have been removed from a group in upstream LDAP server and the change has been updated in Artifactory. Below is the property that sets the caching time:

artifactory.security.authentication.cache.idleTimeSecs=300

This property can be updated in $ARTIFACTORY_HOME/etc/artifactory.system.properties and it will require a restart of the Artifactory server to take effect.