How to change artifactory admin default password through command line - artifactory

i have installed latest version of Artifactory Pro (5.8.3) on Centos7. The default admin credentials are admin/password. i want to change the password through command-line but unable to do so.
Does any one has any inputs how to do this?
Following troubleshootings i tried:
jfrog rt c rt-server-1 --url=http://domain/artifactory --user=admin --password=password ...
nothing happens , when i try to use a new password i get 401: unauthorize error
jfrog guide tells to generate security.xml and add the hash code of the new password but security.xml does not get generated even after following all their steps.
also tried to use curl commands but no use.
If any one has gone through similar issue please share your findings. let me know if you need more info.know on case

JFrog CLI currently does not support changing of a user's password. the CLI config method you were using simply lets you configure your server and credentials to be used by other CLI command later.
What you can do is use a simple curl command to invoke the change password API as described here.
specifically, in your example changing the Admin's password to "NewPassword" will be something like:
curl -X POST -u admin:password -H "Content-type: application/json" -d '{ "userName" : "admin", "oldPassword" : "password", "newPassword1" : "NewPassword", "newPassword2" : "NewPassword" }' http://yourartifactory:8081/artifactory/api/security/users/authorization/changePassword

Related

How to import system backup to Artifactory using JFrog cli

I've run Artifactory using Docker.
Downloaded JFrog cli inside the container and configured it.
So ./jfrog rt ping returns
OK
Is there a way to perform system level export/import using JFrog cli?
Succeeded to perform it using web ui. Couldn't find information on how to perform system level export/import in the documentation.
Edit
Succeeded to perform export using REST API:
curl -u admin:pass -X POST -H "Content-Type: application/json" --data #/tmp/export-settings.json http://localhost:8081/artifactory/api/export/system
You can invoke the same REST API using JFrog CLI's curl command as shown below. This way, you don't need to provide the URL and credentials. JFrog CLI's config storage will be used. You can manage this storage using the jfrog rt c command.
If you have multiple Artifactory severs configured, and you don't want to use the default server, the jfrog rt curl command also accepts the --server-id option, with the pre configured Artifactory server ID as the valve.
jfrog rt curl -X POST -H "Content-Type: application/json" --data #/tmp/export-settings.json api/export/system
This feature is currently not supported by the CLI.
Feel free to create a feature request.

Automating removing user groups

I'm trying to automate removing the users groups in Artifactory for users who leave the company.
I'm retrieving their user JSON details, then modifying the JSON by deleting the groups section. So far so good. But when I upload the updated JSON the groups are not removed from that user in Artifactory.
I'm using the following command to upload the updated JSON:
curl -u <username>:<password> -XPUT "<server name>/artifactory/api/security/users/<user>" -H "Content-Type: application/json" -T user.json
I'm not getting an error when executing the command, but nothing is updated for that user.
Any ideas what I'm doing wrong here?
As per the Artifactory REST API wiki you should use a POST method to update a User's groups, so as an example - To update a user (u1) and delete his groups I would use:
curl -u<an_admin_user>:<a_password> -XPOST http://<rt_server>:<port>/artifactory/api/security/users/u1 -T /path/to/file/Update_U1_Groups.json
where the JSON file would look like:
{
"name" : "u1",
"groups" : []
}

How do i use ldapmodify for the first time when i do not know any user or password for authentication?

I am unable to apply changes using ldapmodify for the first time after installing openldap on my rhel7 server.
I have installed openldap from the scratch. Now i want to modify the olcDatabase={2}hdb.ldif to put my own olcSuffix,olcRootDN and olcRootPW.
I have generated the encrypted password with ldappasswd and put that along with other two parameters to .ldif file.
Now when, i try to apply these changes to my ldap setup using following command
ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif
i get the error as
ldap_sasl_interactive_bind_s: Local error (-2)
further if i wish to use -D to bind with the default user -D "cn=Manager,dc=my-domain,dc=com" it needs a password. i do not know what username password combination i should use to run my first ever ldapmodify on this newly installed openldap.
Your help is much appreciated.
Best regards,
Amit Joshi
You're hitting an OpenLDAP bug (see ITS#8998).
The solution is to either
unset option SASL_NOCANON in ldap.conf or
specify the full path in the LDAPI URI (with URL-quoting of slashes).
The first option might be easier but might affect binding with SASL/GSSAPI (Kerberos).

Artifactory: upload with api key (not password)

How would you upload an artifact to artifactory without using a password?
If I create a new user specific for uploads, that user by default doesn't git the 'upload' permission unless they are an administrator.
To upload with credentials
curl -u admin:'correct-horse-battery-staple' -T foo.zip
To upload with an api key
curl --header 'X-JFrog-Art-Api: 1234567890' -T foo.zip
Alternativly you can use the syntax <username:apikey>
curl -u admin:1234567890 -T foo.zip
https://www.jfrog.com/confluence/display/RTF/Artifactory+REST+API
You can create the api key on the user profile page.
See the various authentication options, including authentication using API key, in the JFrog CLI for Artifactory documentation page:
https://www.jfrog.com/confluence/display/CLI/CLI+for+JFrog+Artifactory
If you want to use .pypirc you can just put:
[distutils]
index-servers = local
[local]
repository: https://artifactory-url/repo
username: <username>
password: <api-key>
Then you can upload using python setup.py bdist_wheel upload -r local.
Though my user is an admin at the moment so it answers only the API key part of the question.
If you're looking at a nuget artifact, here's the one line CLI command below.
nuget push <your-package-name.nupkg> -source <artifactory-repo-url>/nuget-local/ -ApiKey <your-user-name>:<apikey>
It's buried in the jfrog documentation. I would think uploading other artifacts would follow a similar pattern.

How do use ngrok in conjunction with Google Oauth?

I recently installed Ngrok in order to test my localhost meteor App on my phone.
I am successful in accessing the meteor app via a tunnel by ngrok.
However when I try to login using I get this error message:
The login process shows the following error message:
400. That’s an error.
Error: redirect_uri_mismatch
Application: AppName
You can email the developer of this application at: my#emailadress.com
The redirect URI in the request, http://localhost:7123/_oauth/google,
does not match the ones authorized for the OAuth client.
Updating the Authorized JavaScript origins & redirect URIs to the Ngrok forwarding addresses, doesn't have an effect.
How do I correctly use ngrok in conjuction with Google Oauth?
Any help would be greatly appreciated
Use ngrok and change the Root URL to the one supplied by ngrok.
ROOT_URL=http:XXXXXXXX.ngrok.io meteor to start meteor.
It's trying to use http://localhost:7123/_oauth/google instead of a more ngrok-like url that could be, for example: https://fd4fdbbb.ngrok.io/_oauth/google
You can check the parameters that you are using to run the app and the environment variables too.
For example, I typically use
ServiceConfiguration.configurations.upsert(
{ service: 'facebook' },
{
$set: {
appId: process.env.facebookConsumerKey,
secret: process.env.facebookConsumerSecret,
loginStyle: 'popup'
}
}
);
And run meteor using a bash script that looks like:
#!/bin/bash
export NVM_DIR="$HOME/.nvm" [ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh" # This loads nvm
nvm install 4.4.7
IP_ADDRESS=`ifconfig | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1' | grep -v '10.0.0.1'` echo "Starting app on: $IP_ADDRESS:3000"
# NODE_DEBUG=request \
# facebookOAuthRedirectURL=http://$IP_ADDRESS:3000/_oauth/facebook \
facebookAppName="BlahApp - local dev" \
facebookConsumerKey=12345 \
facebookConsumerSecret=xxxxxx \
facebookOAuthRedirectURL=http://$IP_ADDRESS:3000/_oauth/facebook \
MONGO_URL=mongodb://$IP_ADDRESS:27017/staging-blah-app \
ROOT_URL=http://$IP_ADDRESS:3000 \
BIND_IP=$IP_ADDRESS \
MOBILE_DDP_URL=http://$IP_ADDRESS \
MOBILE_ROOT_URL=http://$IP_ADDRESS \
meteor --port $IP_ADDRESS:3000 --settings development-settings.json
So you can, instead of using googleOAuthRedirectURL=http://$IP_ADDRESS:3000/_oauth/google could use https://fd4fdbbb.ngrok.io/_oauth/google
The issue was that the environment variable were not read by meteor, and even though it was overwritten on the client side, somehow the server connected to google with a wrong callback url.
Now for the solution... I started by ensuring that the settings in the google service configuration were reset by running this in the terminal after killing the app:
meteor reset
In a separate terminal, I then started ngrok to generate a tunnel link:
./ngrok http 7123
Yielding the tunnel link:
http://adba9b9f.ngrok.io/
In a separate terminal I start my app by assigning it to "port 7123" and setting "http://adba9b9f.ngrok.io" as the absoluteUrl like this:
ROOT_URL=http://adba9b9f.ngrok.io meteor --port 7123
To confirm that this command has been carried out, I typed this into the browser console
Meteor.absoluteUrl()
The response:
"http://adba9b9f.ngrok.io"
Indicates that the Meteor.absoluteUrl() command was successful.
Next, I accessed my app via the "http://adba9b9f.ngrok.io" tunnel and clicked on the "Configure google button", where GLADLY noticed that the Authorized JavaScript origins were preset to:
http://adba9b9f.ngrok.io and
Authorized redirect URIs preset to: http://adba9b9f.ngrok.io/_oauth/google
I then filled in the Client ID and Client Secret part with details from the google credentials, and updated the google credentials with the details from the configure google button details and saved.
Am happy to say... Everything works desirably now.

Resources