Combination View Flat View Tree View
Threads [ Previous | Next ]
M. Garcia
CAS : error on importing new LDAP user (CASAutoLogin.java)
May 22, 2012 9:25 AM
Answer

M. Garcia

Rank: Regular Member

Posts: 107

Join Date: May 17, 2011

Recent Posts

Hello,

We have a Liferay 6.0.6 using CAS and LDAP (ApacheDS).
It used to work, but we now have an error we didn't have and I can't understand.

Steps :
- create a new user in the LDAP
- click "open session" on liferay
- fill the authentication form with the new user information and validate

What happens :
- user is authenticated by the CAS server
- import of the new user from LDAP to Liferay fails

- user goes back to <URL>/web/guest/home but not authenticated by Liferay
- Tomcat logs :
 1>
 22012-05-22 16:04:27,272 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-52-KGLZ9BwfCvnLyvbW9B7L-cas] for service [http://<URL>/c/portal/login] for user [newuser@xxx.com]>
 32012-05-22 16:04:27,272 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
 4=============================================================
 5WHO: newuser@xxx.com
 6WHAT: ST-52-KGLZ9BwfCvnLyvbW9B7L-cas for http://<URL>/c/portal/login
 7ACTION: SERVICE_TICKET_CREATED
 8APPLICATION: CAS
 9WHEN: Tue May 22 16:04:27 GMT 2012
10CLIENT IP ADDRESS: 10.84.33.55
11SERVER IP ADDRESS: 10.85.44.69
12=============================================================
13
14>
15May 22, 2012 4:04:27 PM org.apache.tomcat.util.http.Parameters processParameters
16WARNING: Parameters: Invalid chunk '' ignored.
172012-05-22 16:04:27,342 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
18=============================================================
19WHO: audit:unknown
20WHAT: ST-52-KGLZ9BwfCvnLyvbW9B7L-cas
21ACTION: SERVICE_TICKET_VALIDATED
22APPLICATION: CAS
23WHEN: Tue May 22 16:04:27 GMT 2012
24CLIENT IP ADDRESS: 10.85.44.69
25SERVER IP ADDRESS: 10.85.44.69
26=============================================================
27
28>
2916:04:27,356 WARN  [CASAutoLogin:218] Problem accessing LDAP server null
3016:04:27,356 ERROR [CASAutoLogin:131] com.liferay.portal.NoSuchUserException: No User exists with the key {companyId=10132, emailAddress=newuser@xxx.com}


So it seems Liferay can't reach the LDAP ( [CASAutoLogin:218] Problem accessing LDAP server null), however the CAS did authenticate the user (SERVICE_TICKET_CREATED and SERVICE_TICKET_VALIDATED logs).
But if I go into the control panel -> Portal settings -> Authentication -> LDAP and test the parameters (with buttons "Test LDAP Connection" and "Test LDAP Users"), it works (I can see the list of users in the LDAP, including newuser@xxx.com).

The LDAP parameters were specified directly in the control panel, never in portal-ext.properties.

It used to work so I don't know what changed.
It works well with users previously imported from LDAP when this case used to work).

How can I know which LDAP credentials/parameters is this CASAutoLogin class using, as they seem to be somehow different of the one used by control panel test buttons ?

Any hint on this will be really appreciated !
Thanks a lot