Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
John Larson
Is it possible to limit users inported from LDAP using screen name?
July 23, 2012 3:17 PM
Answer

John Larson

Rank: New Member

Posts: 15

Join Date: June 28, 2012

Recent Posts

Hi All,

I have LDAP configured and authenticating and I can do a batch import of user.

I don't want to import all users from LDAP so I am trying an import search filter similar to the authentication search filter like this:
(&(uid=@screen_name@)(objectClass=inetOrgPerson))

No users are imported using this search filter where the desired effect is to only import the given user logging in.

Has anyone done something similar before? I've searched around quite extensively and not had much luck finding a solution. Thanks.
Jignesh Vachhani
RE: Is it possible to limit users inported from LDAP using screen name?
July 23, 2012 10:15 PM
Answer

Jignesh Vachhani

Rank: Liferay Master

Posts: 780

Join Date: March 10, 2008

Recent Posts

Hi John,

There would be some console error in server back end .
Could you please post error log here which will give more idea.
Amit Doshi
RE: Is it possible to limit users inported from LDAP using screen name?
July 24, 2012 1:02 AM
Answer

Amit Doshi

Rank: Liferay Master

Posts: 547

Join Date: December 29, 2010

Recent Posts

Hi John,

In Authentication Search filter, you can put (uid=@screen_name@) and in Import Search Filter you can mention (&(objectClass=person)(uid=*)).

And also make sure User Authentication should be done with Screen Name.

Hope it helps.

Thanks & Regards,
Amit Doshi
John Larson
RE: Is it possible to limit users inported from LDAP using screen name?
July 24, 2012 1:51 PM
Answer

John Larson

Rank: New Member

Posts: 15

Join Date: June 28, 2012

Recent Posts

Jignesh Vachhani:
Hi John,

There would be some console error in server back end .
Could you please post error log here which will give more idea.



Hi Jignesh,

I think I found the error in my Liefray log but it isn't too descriptive. Null pointer exception, source of which is LDAP Importer looking for my guess is an empty name since the variable I am trying to pass via the control panel configuration is empty. See below.

114:43:53,347 ERROR [LDAPAuth:321] Problem accessing LDAP server
2java.lang.NullPointerException
3        at com.liferay.portal.security.ldap.PortalLDAPUtil.getNameInNamespace(PortalLDAPUtil.java:381)
4        at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importGroups(PortalLDAPImporterImpl.java:766)
5        at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importLDAPUser(PortalLDAPImporterImpl.java:226)
6        at com.liferay.portal.security.ldap.PortalLDAPImporterUtil.importLDAPUser(PortalLDAPImporterUtil.java:48)
7        at ...
Amit Doshi
RE: Is it possible to limit users inported from LDAP using screen name?
July 25, 2012 3:45 AM
Answer

Amit Doshi

Rank: Liferay Master

Posts: 547

Join Date: December 29, 2010

Recent Posts

Hi John,

Can you please share your configuration with LDAP?

That will help us in order to solve your error.

Thanks & Regards,
Amit Doshi
Jignesh Vachhani
RE: Is it possible to limit users inported from LDAP using screen name?
July 25, 2012 3:49 AM
Answer

Jignesh Vachhani

Rank: Liferay Master

Posts: 780

Join Date: March 10, 2008

Recent Posts

Provide more log details which would help us to find exact problem
John Larson
RE: Is it possible to limit users inported from LDAP using screen name?
July 25, 2012 10:12 AM
Answer

John Larson

Rank: New Member

Posts: 15

Join Date: June 28, 2012

Recent Posts

Jignesh - can you be more specific about the details you are looking for? As the log file is extensive there is a lot of information contained there that would distract from the actual error so I am hesitant to include more info then the LDAP import functions that are resulting in the error. For now here is a longer excerpt of the stack trace:
 114:43:53,347 ERROR [LDAPAuth:321] Problem accessing LDAP server
 2java.lang.NullPointerException
 3        at com.liferay.portal.security.ldap.PortalLDAPUtil.getNameInNamespace(PortalLDAPUtil.java:381)
 4        at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importGroups(PortalLDAPImporterImpl.java:766)
 5        at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importLDAPUser(PortalLDAPImporterImpl.java:226)
 6        at com.liferay.portal.security.ldap.PortalLDAPImporterUtil.importLDAPUser(PortalLDAPImporterUtil.java:48)
 7        at com.liferay.portal.security.auth.LDAPAuth.authenticate(LDAPAuth.java:292)
 8        at com.liferay.portal.security.auth.LDAPAuth.authenticate(LDAPAuth.java:355)
 9        at com.liferay.portal.security.auth.LDAPAuth.authenticateByScreenName(LDAPAuth.java:90)
10        at com.liferay.portal.security.auth.AuthPipeline._authenticate(AuthPipeline.java:228)
11        at com.liferay.portal.security.auth.AuthPipeline.authenticateByScreenName(AuthPipeline.java:49)
12        at com.liferay.portal.service.impl.UserLocalServiceImpl.authenticate(UserLocalServiceImpl.java:4892)
13        at com.liferay.portal.service.impl.UserLocalServiceImpl.authenticateByScreenName(UserLocalServiceImpl.java:890)
14        at sun.reflect.GeneratedMethodAccessor1250.invoke(Unknown Source)
15        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
16        at java.lang.reflect.Method.invoke(Method.java:597)
17        at com.liferay.portal.spring.aop.ServiceBeanMethodInvocation.proceed(ServiceBeanMethodInvocation.java:112)
18        at com.liferay.portal.spring.transaction.TransactionInterceptor.invoke(TransactionInterceptor.java:71)
19        at com.liferay.portal.spring.aop.ServiceBeanMethodInvocation.proceed(ServiceBeanMethodInvocation.java:108)
20        at com.liferay.portal.spring.aop.ServiceBeanAopProxy.invoke(ServiceBeanAopProxy.java:211)
21        at $Proxy98.authenticateByScreenName(Unknown Source)
22        at com.liferay.portal.service.UserLocalServiceUtil.authenticateByScreenName(UserLocalServiceUtil.java:607)
23        at com.liferay.portlet.login.util.LoginUtil.getAuthenticatedUserId(LoginUtil.java:160)
24        at com.liferay.portlet.login.util.LoginUtil.login(LoginUtil.java:243)
25        at com.liferay.portlet.login.action.LoginAction.login(LoginAction.java:189)
26        at com.liferay.portlet.login.action.LoginAction.processAction(LoginAction.java:88)
27        at com.liferay.portal.struts.PortletRequestProcessor.process(PortletRequestProcessor.java:175)
28        at com.liferay.portlet.StrutsPortlet.processAction(StrutsPortlet.java:190)
29        at com.liferay.portlet.FilterChainImpl.doFilter(FilterChainImpl.java:70)
30        at ...


Amit - I have successfully configured LDAP and tested the batch user import for all users contained in LDAP. The only changed setting is the user import search filter as follows:
Original
1ldap.import.user.search.filter.0=(&(mail=*)(cn=*)(givenName=*)(sn=*)(objectClass=topsappoc)(objectClass=topsuseroc))

Reduced Import
1ldap.import.user.search.filter.0=(&[color=#fd0000](uid=@screen_name@)[/color](mail=*)(cn=*)(givenName=*)(sn=*)(objectClass=topsappoc)(objectClass=topsuseroc))