为什么Artifactory在每个npm安装请求上都对用户进行身份验证?

时间:2019-03-06 14:44:06

标签: npm ldap npm-install artifactory

我们使用Artifactory来存储本地npm工件,并还缓存远程npm注册表。 要使用npm针对Artifactory进行身份验证(使用AD帐户),我们使用Artifactory的“设置我的页面”中提出的基本身份验证。例如:

_auth = < username >:< password >
email = youremail@email.com
always-auth = true

这一切都可以正常工作,但是存在一个问题,即Artifactory对下载的每个软件包都对用户进行身份验证。然后artifactory.log日志如下所示(请注意,已编辑输出):

Trying to authenticate user 'user1' via ldap.
Attempting to bind as cn=user1,ou=someou,ou=ou1,ou=ou2,ou=ou3,dc=internal,dc=comp,dc=int
Retrieving attributes...
'user1' authenticated successfully by ldap server.
Loading LDAP groups
Finished Loading LDAP groups
Trying to authenticate user 'user1' via ldap.
Trying to authenticate user 'user1' via ldap.
Trying to authenticate user 'user1' via ldap.
Trying to authenticate user 'user1' via ldap.
Trying to authenticate user 'user1' via ldap.
Trying to authenticate user 'user1' via ldap.
Trying to authenticate user 'user1' via ldap.
Trying to authenticate user 'user1' via ldap.
Trying to authenticate user 'user1' via ldap.
Trying to authenticate user 'user1' via ldap.
Trying to authenticate user 'user1' via ldap.
Attempting to bind as cn=user1,ou=someou,ou=ou1,ou=ou2,ou=ou3,dc=internal,dc=comp,dc=int
...

正如我提到的,身份验证有效,并且也下载了工件,但是对每个工件的这种恒定身份验证有时会导致LDAP服务器超时:

Failed to authenticate user 'user1' using ldap.
org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: LDAP response read timed out, timeout used:10000ms.
    at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:217)
    at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:285)
    at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:119)
    at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:138)
    at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:791)
    ...

这将导致当时下载的工件无法下载,从而导致构建失败。

所以,我的问题是为什么会发生这种情况,并且有一种避免这种情况的方法,因为它每次运行构建作业时都会给LDAP服务器增加负载?

1 个答案:

答案 0 :(得分:0)

由于对包裹的每个请求都是单独的请求,而不是可以识别的一项长期交易的一部分,因此Artifactory必须对用户进行身份验证。考虑以下情况:同一用户正在从多个主机发送请求,您如何确保它具有正确的凭据?

话虽如此,Artifactory具有缓存机制,可缓存有关针对外部系统(例如LDAP)的REST API请求的身份验证数据。您可以通过设置artifactory.security.authentication.cache.idleTimeSecs Artifactory系统属性来调整此高速缓存,以减少发送到LDAP服务器的请求数量。
有关更多信息,请查看Managing Security with LDAP

相关问题
最新问题