ARTIFACTORY: Why are LDAP users unable to access to the user profile after upgrade Artifactory 6.x to 7.x ?

David Shin
2022-10-18 09:33

In Artifactory 6.x, you could encounter a known bug in which an LDAP user was able to access to the user profile although NULL value of updatable_profile column is in access_users_custom_data table.
 

Solution

There are two ways to fix the issue, via a Shell Script or SQL query.

1. Through a shell script, you can run the following to update profileUpdatable value to true.#!/bin/bash
user_list=($(curl -s -u admin:Password1 "http://art7.gcp:8081/artifactory/api/security/users" | jq -r '.[].name'))
for username in "${user_list[@]}"; do
    if ([ $username != "admin" ] && [ $username != "anonymous" ]); then
      user_info=$(curl -s -uadmin:Password1 "http://art7.gcp:8081/artifactory/api/security/users/$username" | jq -r '.profileUpdatable,.realm')
      profile=$(echo $user_info | cut -d ' ' -f1)
      realm=$(echo $user_info | cut -d ' ' -f2)
      echo "$username,profile=$profile,realm=$realm"
      if ([ $profile = "false" ] && [ $realm = "ldap" ]); then
        echo "  Updating $username profile_value false to true "
        echo $(curl -s -uadmin:Password1 -XPOST "http://art7.gcp:8081/artifactory/api/security/users/$username" -H "Content-Type: application/json" -d '{"profileUpdatable":"true"}')
      fi
    fi
Done

2. You can also, alternatively, run both the insert and update queries below.

A. 
UPDATE access_users_custom_data 
SET prop_value = 'true'
WHERE prop_key = 'updatable_profile'
AND (prop_value != 'true' OR prop_value IS NULL)
AND user_id in (SELECT user_id FROM access_users WHERE realm = 'ldap')

B.
INSERT INTO access_users_custom_data (user_id, prop_key, prop_value, prop_sensitive, prop_cluster_local)
SELECT user_id, 'updatable_profile','true',0,0 
FROM access_users 
WHERE user_id NOT IN ( SELECT user_id FROM access_users_custom_data WHERE prop_key='updatable_profile' ) 
AND realm = 'ldap'