Forums

Home » Liferay Portal » English » 2. Using Liferay » General

Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Linus Sphinx
Can't Auth After 6.0.6 to 6.1.0 And Import User Never Trys
May 25, 2012 2:20 PM
Answer

Linus Sphinx

Rank: Junior Member

Posts: 89

Join Date: August 12, 2010

Recent Posts

So I finally got a 6.0.6 portal to upgrade successfully to liferay-portal-tomcat-6.1.0-ce-ga1-20120106155615760, but once completed only the super user can log in. All users have to update their passwords before they can authenticate. The import from AD no longer updates them. I point it at another database, lportal created with create-mysql.sql and it starts up cleanly but never, repeat never synchronizes or imports any users from AD, using the exact same configuration that's been importing and updating users faithfully for months in 6.0.6. Should load over 6k names but it just does not happen, no error, no indication of it ever even trying in catalina.out. Have it set to import on startup, just sits there. Any ideas? Checked and all the 6.0.6 are still importing just fine, don't think anything has changed in AD, pretty certain of that.
Linus Sphinx
RE: Can't Auth After 6.0.6 to 6.1.0 And Import User Never Trys
May 25, 2012 2:39 PM
Answer

Linus Sphinx

Rank: Junior Member

Posts: 89

Join Date: August 12, 2010

Recent Posts

Spoke too soon, found one error shutting down, wondering if create-mysql.sql may be broken;
21:32:34,715 ERROR [JDBCExceptionReporter:75] Table 'lportal.WSRP_WSRPConsumerPortlet' doesn't exist
using script in here: liferay-portal-sql-6.1.0-ce-ga1-20120106155615760.zip
how could that go wrong.
Hitoshi Ozawa
RE: Can't Auth After 6.0.6 to 6.1.0 And Import User Never Trys
May 26, 2012 5:36 AM
Answer

Hitoshi Ozawa

Rank: Liferay Legend

Posts: 7949

Join Date: March 23, 2010

Recent Posts

That's shouldn't be the cause of the problem. It's just a web service portlet.
Linus Sphinx
RE: Can't Auth After 6.0.6 to 6.1.0 And Import User Never Trys
June 7, 2012 10:15 AM
Answer

Linus Sphinx

Rank: Junior Member

Posts: 89

Join Date: August 12, 2010

Recent Posts

Found and fixed the hash changing, just bad housekeeping on my part, using older database that had not synched for a long time.
Linus Sphinx
RE: Can't Auth After 6.0.6 to 6.1.0 And Import User Never Trys
June 7, 2012 10:14 AM
Answer

Linus Sphinx

Rank: Junior Member

Posts: 89

Join Date: August 12, 2010

Recent Posts

Thank you, it's not importing but it's trying and that's all I ask really. Error message and stacktrace I get every ten minutes, (again, thank you), below. No idea why but at least I have a class and line number, now and that alone makes me want to buy the whole bar a round:

 1
 216:39:54,953 ERROR [PortalLDAPImporterImpl:196] Error importing LDAP users and groups
 3java.lang.NullPointerException
 4        at com.liferay.portal.kernel.io.unsync.UnsyncStringReader.<init>(UnsyncStringReader.java:33)
 5        at com.liferay.portal.kernel.util.PropertiesUtil.load(PropertiesUtil.java:199)
 6        at com.liferay.portal.kernel.util.PropertiesUtil.load(PropertiesUtil.java:192)
 7        at com.liferay.portal.security.ldap.LDAPSettingsUtil.getUserExpandoMappings(LDAPSettingsUtil.java:124)
 8        at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importFromLDAP(PortalLDAPImporterImpl.java:169)
 9        at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importFromLDAP(PortalLDAPImporterImpl.java:128)
10        at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importFromLDAP(PortalLDAPImporterImpl.java:95)
11        at com.liferay.portal.security.ldap.PortalLDAPImporterUtil.importFromLDAP(PortalLDAPImporterUtil.java:30)
12        at com.liferay.portlet.admin.messaging.LDAPImportMessageListener.doReceive(LDAPImportMessageListener.java:28)
13        at com.liferay.portal.kernel.messaging.BaseMessageListener.receive(BaseMessageListener.java:25)
14        at sun.reflect.GeneratedMethodAccessor1052.invoke(Unknown Source)
15        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
16        at java.lang.reflect.Method.invoke(Method.java:597)
17        at com.liferay.portal.kernel.bean.ClassLoaderBeanHandler.invoke(ClassLoaderBeanHandler.java:54)
18        at $Proxy278.receive(Unknown Source)
19        at com.liferay.portal.kernel.scheduler.messaging.SchedulerEventMessageListenerWrapper.receive(SchedulerEventMessageListenerWrapper.java:75)
20        at com.liferay.portal.kernel.messaging.InvokerMessageListener.receive(InvokerMessageListener.java:65)
21        at com.liferay.portal.kernel.messaging.ParallelDestination$1.run(ParallelDestination.java:106)
22        at com.liferay.portal.kernel.concurrent.ThreadPoolExecutor$WorkerTask._runTask(ThreadPoolExecutor.java:669)
23        at com.liferay.portal.kernel.concurrent.ThreadPoolExecutor$WorkerTask.run(ThreadPoolExecutor.java:580)
24        at java.lang.Thread.run(Thread.java:662)


Class names in the stacktrace may point to my settings or properties, mapping maybe, here is my slightly altered portal-ext.properties. Please have a look and see if you can spot my error, I must be doing something really stupid in there, would really appreciate a sanity check on these, thanks.

  1
  2liferay.home=/usr/local/liferay-portal-6.1.0-ce-ga1
  3setup.wizard.enabled=false
  4
  5schema.run.enabled=true
  6schema.run.minimal=false
  7
  8redirect.url.security.mode=domain-names
  9redirect.url.domains.allowed=pr.wizz.org,wizz.org,np.wizz.org
 10redirect.url.ips.allowed=
 11
 12web.server.http.port=-1
 13web.server.https.port=-1
 14web.server.protocol=http
 15
 16session.timeout=5
 17session.timeout.auto.extend=true
 18
 19field.enable.com.liferay.portal.model.Contact.male=false
 20field.enable.com.liferay.portal.model.Contact.birthday=false
 21field.enable.com.liferay.portal.model.Organization.status=false
 22
 23layout.user.private.layouts.enabled=false
 24layout.user.private.layouts.modifiable=false
 25layout.user.private.layouts.auto.create=false
 26
 27layout.user.public.layouts.enabled=true
 28layout.user.public.layouts.modifiable=true
 29layout.user.public.layouts.auto.create=false
 30
 31layout.remember.maximized.window.state=false
 32layout.user.private.layouts.power.user.required=true
 33layout.user.public.layouts.power.user.required=true
 34
 35open.id.auth.enabled=false
 36terms.of.use.required=false
 37company.security.send.password.reset.link=false
 38company.security.send.password=true
 39company.security.strangers=false
 40company.security.auth.type=screenName
 41company.security.auth.requires.https=false
 42
 43users.reminder.queries.enabled=false
 44users.reminder.queries.required=false
 45users.reminder.queries.custom.question.enabled=false
 46
 47com.liferay.portal.upload.UploadServletRequestImpl.max.size=2147483648
 48dl.file.max.size=2147483648
 49dl.file.indexing.max.size=104857600
 50dl.file.rank.enabled=false
 51dl.comparable.file.extensions=.css,.doc,.js,.htm,.html,.odt,.rtf,.sxw,.txt,.xml
 52
 53openoffice.server.enabled=false
 54openoffice.server.host=127.0.0.1
 55openoffice.server.port=8100
 56openoffice.cache.enabled=false
 57
 58admin.email.from.name=Portal
 59admin.email.from.address=portal@wizz.org
 60admin.default.role.names=User
 61
 62jdbc.default.driverClassName=com.mysql.jdbc.Driver
 63jdbc.default.url=jdbc:mysql://dbms/lportal?useUnicode=true&characterEncoding=UTF-8&useFastDateParsing=false
 64jdbc.default.username=dbadmin
 65jdbc.default.password=assword
 66jdbc.default.jndi.name=jdbc/LiferayPool
 67
 68ldap.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
 69ldap.password.policy.enabled=false
 70ldap.base.provider.url=ldap://actdir.ad.wizz.org:389
 71ldap.base.dn=OU=UserAccounts,DC=ad,DC=wizz,DC=org
 72ldap.security.principal=ADMIN
 73ldap.security.credentials=ASSWORD
 74ldap.auth.method=bind
 75ldap.auth.enabled=true
 76ldap.auth.required=false
 77ldap.auth.password.encryption.algorithm.types=MD5,SHA
 78ldap.auth.search.filter=(SAMAccountName=@screen_name@)
 79ldap.user.default.object.classes=top,Person,inetOrgPerson,organizationalPerson
 80ldap.user.mappings=screenName=SAMAccountName\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn\ngroup=memberOf
 81ldap.group.mappings=groupName=cn\ndescription=description\nuser=member
 82ldap.import.enabled=true
 83ldap.import.on.startup=true
 84ldap.import.interval=10
 85ldap.import.method=user
 86ldap.import.user.search.filter=(&(objectCategory=Person)(SAMAccountName=*))
 87ldap.import.group.search.filter=(objectCategory=Group)
 88ldap.export.enabled=false
 89
 90mail.session.mail.transport.protocol=smtp
 91mail.session.mail.smtp.auth=false
 92mail.session.mail.smtp.host=mailhost.wizz.org
 93mail.session.mail.smtp.password=
 94mail.session.mail.smtp.port=25
 95mail.session.mail.smtp.user=
 96
 97jcifs.smb.client.soTimeout=35000
 98
 99ntlm.auth.enabled=true
100ntlm.auth.domain.controller=13.20.17.14
101ntlm.auth.domain=WIZZ
102auto.login.hooks=com.liferay.portal.security.auth.CASAutoLogin,com.liferay.portal.security.auth.NtlmAutoLogin,com.liferay.portal.security.auth.OpenIdAutoLogin,com.liferay.portal.security.auth.OpenSSOAutoLogin,com.liferay.portal.security.auth.ParameterAutoLogin


If I login as superuser, open control panel->portal settings->LDAP it looks ok, doesn't have a default type but otherwise form looks filled in correctly. Click, "Test LDAP Connection", success, no problem, clicking, "Test LDAP Users", gets a list of 20 accounts. So it appears to be chatting away with Active Directory like old friends until it's time to import.
Linus Sphinx
RE: Can't Auth After 6.0.6 to 6.1.0 And Import User Never Trys
June 7, 2012 11:08 AM
Answer

Linus Sphinx

Rank: Junior Member

Posts: 89

Join Date: August 12, 2010

Recent Posts

Noticed the .0 notation in the default portal.properties from portal-impl.jar so I changed the appropriate ones according to a quick. 'grep '\.0' portal.properties | grep ldap', as below.

Still works fine according to all tests including, 'Test LDAP Groups', yet still no love at import.
 1
 2ldap.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
 3ldap.password.policy.enabled=false
 4ldap.auth.method=bind
 5ldap.auth.enabled=true
 6ldap.auth.required=false
 7ldap.auth.password.encryption.algorithm.types=MD5,SHA
 8ldap.import.enabled=true
 9ldap.import.on.startup=true
10ldap.import.interval=10
11ldap.import.method=user
12ldap.export.enabled=false
13
14ldap.base.provider.url.0=ldap://actdir.ad.wizz.org:389
15ldap.base.dn.0=OU=UserAccounts,DC=ad,DC=wizz,DC=org
16ldap.security.principal.0=ADADMIN
17ldap.security.credentials.0=ASSWORD
18ldap.auth.search.filter.0=(SAMAccountName=@screen_name@)
19ldap.user.default.object.classes.0=top,Person,inetOrgPerson,organizationalPerson
20ldap.user.mappings.0=screenName=SAMAccountName\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn\ngroup=memberOf
21ldap.group.mappings.0=groupName=cn\ndescription=description\nuser=member
22ldap.import.user.search.filter.0=(&(objectCategory=Person)(SAMAccountName=*))
23ldap.import.group.search.filter.0=(objectCategory=Group)
Linus Sphinx
RE: Can't Auth After 6.0.6 to 6.1.0 And Import User Never Trys
June 7, 2012 3:00 PM
Answer

Linus Sphinx

Rank: Junior Member

Posts: 89

Join Date: August 12, 2010

Recent Posts

I follow the stack trace, haven' t followed it far enough but I step through about the fourth line and see it fail in
LDAPSettingsUtil [line: 121] - getUserExpandoMappings(long, long)
where it tries to load ldap.user.custom.mappings.0 which doesn't exist since I didn't create one and it's completely commented out in portal-impl!portal.properties with no empty one in there to load.
1
2Properties userExpandoMappings = PropertiesUtil.load( PrefsPropsUtil.getString(companyId, PropsKeys.LDAP_USER_CUSTOM_MAPPINGS + postfix));

with a companyId of 1 and a postfix of ".0" and throws the exception seen.
1
2    #
3    # When importing and exporting users, the portal will use this mapping to
4    # connect LDAP user attributes and portal user's custom attributes.
5    #
6    #ldap.user.custom.mappings.0=