Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Ldap import user password enabled not working as expected sadish ravi April 19, 2012 9:18 AM
RE: Ldap import user password enabled not working as expected Jonas Yuan April 20, 2012 6:47 AM
RE: Ldap import user password enabled not working as expected sadish ravi April 20, 2012 11:17 AM
RE: Ldap import user password enabled not working as expected Jonas Yuan April 23, 2012 2:09 PM
RE: Ldap import user password enabled not working as expected Jonas Yuan April 26, 2012 10:48 PM
RE: Ldap import user password enabled not working as expected Salvador Baena May 14, 2012 7:13 AM
RE: Ldap import user password enabled not working as expected Jonas Yuan May 14, 2012 3:27 PM
RE: Ldap import user password enabled not working as expected Manuel Hoyos June 10, 2012 10:48 PM
RE: Ldap import user password enabled not working as expected Jonas Yuan June 11, 2012 11:10 AM
RE: Ldap import user password enabled not working as expected Manuel Hoyos June 11, 2012 10:44 PM
RE: Ldap import user password enabled not working as expected Jonas Yuan June 19, 2012 3:53 PM
RE: Ldap import user password enabled not working as expected Manuel Hoyos June 19, 2012 10:51 PM
RE: Ldap import user password enabled not working as expected Jonas Yuan June 20, 2012 11:56 AM
RE: Ldap import user password enabled not working as expected amit singh July 5, 2012 12:00 AM
RE: Ldap import user password enabled not working as expected Jonas Yuan July 5, 2012 1:33 PM
RE: Ldap import user password enabled not working as expected amit singh July 8, 2012 9:46 PM
RE: Ldap import user password enabled not working as expected Sunil Rai June 26, 2012 6:21 AM
RE: Ldap import user password enabled not working as expected Jonas Yuan June 26, 2012 7:18 AM
RE: Ldap import user password enabled not working as expected Sunil Rai June 26, 2012 11:33 PM
RE: Ldap import user password enabled not working as expected Sunil Rai June 27, 2012 10:57 PM
RE: Ldap import user password enabled not working as expected Jonas Yuan July 2, 2012 3:31 PM
RE: Ldap import user password enabled not working as expected Sunil Rai July 2, 2012 10:33 PM
RE: Ldap import user password enabled not working as expected Jonas Yuan July 5, 2012 1:34 PM
RE: Ldap import user password enabled not working as expected Luca Basile July 6, 2012 1:58 AM
RE: Ldap import user password enabled not working as expected Jonas Yuan July 7, 2012 2:12 PM
RE: Ldap import user password enabled not working as expected Sunil Rai July 8, 2012 10:46 PM
RE: Ldap import user password enabled not working as expected amit singh July 5, 2012 12:03 AM
RE: Ldap import user password enabled not working as expected Jonas Yuan November 26, 2012 8:37 PM
RE: Ldap import user password enabled not working as expected amit singh November 30, 2012 3:50 AM
RE: Ldap import user password enabled not working as expected Jonas Yuan December 5, 2012 6:58 AM
RE: Ldap import user password enabled not working as expected Michal R January 18, 2013 6:54 AM
sadish ravi
Ldap import user password enabled not working as expected
April 19, 2012 9:18 AM
Answer

sadish ravi

Rank: New Member

Posts: 2

Join Date: April 19, 2012

Recent Posts

hi,

I am trying to do auth using LDAP in liferay and i would like to use only ldap as auth and not do a second auth against liferay. Also i do not want to import user passwords to liferay. i am using liferay 6.1 CE

My settings:
 1#
 2# Settings for connecting to LDAP
 3#
 4ldap.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
 5# Enable the below setting for enabling LDAP referral follow
 6#ldap.referral=follow
 7
 8#LDAP connection settings
 9ldap.base.provider.url.0=ldap://localhost:10389
10ldap.base.dn.0=dc=example,dc=com
11ldap.security.principal.0=uid=admin,ou=system
12ldap.security.credentials.0=secret
13
14# enable/disable liferay authentication
15auth.pipeline.enable.liferay.check=false
16# setting the LDAP auth for pipelined authentication
17auth.pipeline.pre=com.liferay.portal.security.auth.LDAPAuth
18
19# Set below property to false to disable ldap auth
20ldap.auth.enabled=true
21ldap.auth.required=true
22ldap.auth.method=bind
23
24# LDAP import properties
25ldap.import.enabled=false
26ldap.import.on.startup=false
27ldap.import.interval=10
28
29# LDAP Export properties
30ldap.export.enabled=false
31ldap.export.group.enabled=false
32
33ldap.auth.search.filter.0=(mail=@email_address@)
34
35# Provide mapping for the 5 mandatory LDAP attributes for liferay to authentiate with LDAP
36# other attributes jobTitle=title, group=groupMembership
37ldap.user.mappings.0=screenName=cn\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn
38ldap.user.custom.mappings.0=screenName=cn\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn
39ldap.group.mappings.0=groupName=cn\ndescription=description\nuser=uniqueMember
40ldap.contact.mappings.0=
41ldap.contact.custom.mappings.0=
42
43# Attributes to skip
44#ldap.user.ignore.attributes=aimSn,comments,facebookId,facebookSn,greeting,icqSn,jabberSn,jobTitle,languageId,msnSn,mySpaceSn,openId,prefixId,reminderQueryAnswer,reminderQueryQuestion,skypeSn,smsSn,suffixId,timeZoneId,twitterSn,ymSn
45
46# Search filters for users and groups. These properties applies only when ldap.import.enabled is True
47ldap.import.user.search.filter.0=(objectClass=inetOrgPerson)
48ldap.import.group.search.filter.0=(objectClass=groupOfUniqueNames)
49
50# password policy
51ldap.password.policy.enabled=true
52# setting this to false will make sure LDAP user password is not imported to the portal
53ldap.import.user.password.enabled=false
54# autogeneate for userpasswords incase of import password property is false
55ldap.import.user.password.autogenerated=false
56ldap.import.user.password.default=test


When i set ldap.import.user.password.enabled=false, then i found in the LDAPAuth class, in authenticate function it checks for (PropsValues.LDAP_IMPORT_USER_PASSWORD_ENABLED) and only if its set to true it does password verification for user, else it skips the block and hence i am able to login with user email and any random passwords and it works.??

Please let me know if there is a fix for this or can i extend the LDAPauth class to fix myself. If so let me know how can that be done??
Jonas Yuan
RE: Ldap import user password enabled not working as expected
April 20, 2012 6:47 AM
Answer

Jonas Yuan

Rank: Liferay Master

Posts: 993

Join Date: April 26, 2007

Recent Posts

This new feature should be available in the 6.1 by default.

No customization is in need. Refer to the blogs post Keeping user password secure with LDAP integration.

Hope that it helps,

Thanks

Jonas Yuan
sadish ravi
RE: Ldap import user password enabled not working as expected
April 20, 2012 11:17 AM
Answer

sadish ravi

Rank: New Member

Posts: 2

Join Date: April 19, 2012

Recent Posts

Hey Jonas,

I have tested it couple of times today. All cases works fine but just that when i set
1ldap.import.user.password.enabled=false
2ldap.import.user.password.autogenerated=false
3ldap.import.user.password.default=password


the liferay is not authenticating the ldap password. I can able to login with email and any password combination and user gets imported to liferay with the default password of 'password' thats set above.

My entire settings
 1terms.of.use.required=false
 2users.reminder.queries.enabled=false
 3
 4#
 5# Settings for connecting to LDAP
 6#
 7ldap.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
 8#ldap.referral=follow
 9
10
11ldap.base.provider.url.0=ldap://localhost:10389
12ldap.base.dn.0=dc=example,dc=com
13ldap.security.principal.0=uid=admin,ou=system
14ldap.security.credentials.0=secret
15
16auth.pipeline.enable.liferay.check=false
17# setting the LDAP auth for pipelined authentication
18auth.pipeline.pre=com.liferay.portal.security.auth.LDAPAuth
19
20
21ldap.auth.enabled=true
22ldap.auth.required=true
23ldap.auth.method= password-compare
24
25ldap.auth.password.encryption.algorithm=MD5
26ldap.auth.password.encryption.algorithm.types=MD5
27
28ldap.import.group.cache.enabled=false
29
30
31ldap.import.enabled=false
32ldap.import.on.startup=false
33ldap.import.interval=10
34
35ldap.export.enabled=false
36ldap.export.group.enabled=false
37
38ldap.auth.search.filter.0=(mail=@email_address@)
39
40
41ldap.user.mappings.0=screenName=cn\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn
42ldap.user.custom.mappings.0=screenName=cn\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn
43ldap.group.mappings.0=groupName=cn\ndescription=description\nuser=uniqueMember
44ldap.contact.mappings.0=
45ldap.contact.custom.mappings.0=
46
47#ldap.user.ignore.attributes=aimSn,comments,facebookId,facebookSn,greeting,icqSn,jabberSn,jobTitle,languageId,msnSn,mySpaceSn,openId,prefixId,reminderQueryAnswer,reminderQueryQuestion,skypeSn,smsSn,suffixId,timeZoneId,twitterSn,ymSn
48
49ldap.import.user.search.filter.0=(objectClass=inetOrgPerson)
50ldap.import.group.search.filter.0=(objectClass=groupOfUniqueNames)
51
52ldap.password.policy.enabled=true
53ldap.import.user.password.enabled=false
54ldap.import.user.password.autogenerated=false
55ldap.import.user.password.default=password



As i sent you a mail, i feel this section of code is what bypassing the password check in case the property is false.
In the class LDAPAuth.java, I could see the below check which calls another authenticate method for ldap password verification is not getting executed
And hence I could able to login with any ldap password just that the account should exist. Also I have turned of liferay auth.

 1protected int authenticate(long companyId, long ldapServerId, String emailAddress,
 2                  String screenName, long userId, String password)
 3.....
 4....
 5........
 6if (PropsValues.LDAP_IMPORT_USER_PASSWORD_ENABLED) {
 7                              ldapAuthResult = authenticate(
 8                                    ldapContext, companyId, attributes, fullUserDN,
 9                                    password);
10
11                              // Process LDAP failure codes
12
13                              String errorMessage = ldapAuthResult.getErrorMessage();
14
15                              if (errorMessage != null) {
16                                    if (errorMessage.indexOf(PrefsPropsUtil.getString(
17                                                companyId, PropsKeys.LDAP_ERROR_USER_LOCKOUT))
18                                                      != -1) {
19
20                                          throw new UserLockoutException();
21                                    }
22                                    else if (errorMessage.indexOf(PrefsPropsUtil.getString(
23                                          companyId, PropsKeys.LDAP_ERROR_PASSWORD_EXPIRED))
24                                                != -1) {
25
26                                          throw new PasswordExpiredException();
27                                    }
28                              }
29
30                              if (!ldapAuthResult.isAuthenticated() &&
31                                    PropsValues.LDAP_IMPORT_USER_PASSWORD_ENABLED) {
32
33                                    return FAILURE;
34                              }
35                        }....


thank you

Sadish
Jonas Yuan
RE: Ldap import user password enabled not working as expected
April 23, 2012 2:09 PM
Answer

Jonas Yuan

Rank: Liferay Master

Posts: 993

Join Date: April 26, 2007

Recent Posts

Hi sadish

It seems there is a bug related to this new feature.

Could you please grant LDAP access? Thus I may be able to narrow down the bug and generate a fix.

Thanks

Jonas Yuan
Jonas Yuan
RE: Ldap import user password enabled not working as expected
April 26, 2012 10:48 PM
Answer

Jonas Yuan

Rank: Liferay Master

Posts: 993

Join Date: April 26, 2007

Recent Posts

Hi Sadish,

There is a bug related to the feature (Keeping user password secure with LDAP integration) in 6.1. Fortunately I have generated fix patch. With the following settings and the fix patch, the feature works as expected

1ldap.import.user.password.enabled=false
2
3ldap.import.user.password.autogenerated=false
4
5ldap.import.user.password.default=test


Drop email if you still need this feature and fix patch.

The fix patch for 6.0 is also available.

Thanks

Jonas Yuan
Salvador Baena
RE: Ldap import user password enabled not working as expected
May 14, 2012 7:13 AM
Answer

Salvador Baena

Rank: New Member

Posts: 11

Join Date: May 10, 2012

Recent Posts

Hi Jonas,

I'm using version 6.1 and I have the same problem.
Could you tell me where to download the fix patch and how to install it

Thank you very much
Best Regards
Jonas Yuan
RE: Ldap import user password enabled not working as expected
May 14, 2012 3:27 PM
Answer

Jonas Yuan

Rank: Liferay Master

Posts: 993

Join Date: April 26, 2007

Recent Posts

Hi Salvador,

You may drop email to jonasliferay@gmail.com. I could send you the patch by email.

Thanks

Jonas Yuan
Manuel Hoyos
RE: Ldap import user password enabled not working as expected
June 10, 2012 10:48 PM
Answer

Manuel Hoyos

Rank: Junior Member

Posts: 49

Join Date: June 10, 2012

Recent Posts

Hi Jonas,

I have same problem but i'm working in liferay 5.0.2. is posible fix it?

Thanks
Jonas Yuan
RE: Ldap import user password enabled not working as expected
June 11, 2012 11:10 AM
Answer

Jonas Yuan

Rank: Liferay Master

Posts: 993

Join Date: April 26, 2007

Recent Posts

Hi Manuel Hoyos

yes, it is possible.

Is there any reason that you did not use 6.1 CE?

Thanks

Jonas Yuan
Manuel Hoyos
RE: Ldap import user password enabled not working as expected
June 11, 2012 10:44 PM
Answer

Manuel Hoyos

Rank: Junior Member

Posts: 49

Join Date: June 10, 2012

Recent Posts

For now, our corporative intranet is under version 5.0.2. The change is in progress, but hoped fix the problem in this version.

Thanks
Jonas Yuan
RE: Ldap import user password enabled not working as expected
June 19, 2012 3:53 PM
Answer

Jonas Yuan

Rank: Liferay Master

Posts: 993

Join Date: April 26, 2007

Recent Posts

It is possible to generate a fix patch for 5.0.2. But it requires special care.

Is it urgent for you?

Thanks

Jonas Yuan
Manuel Hoyos
RE: Ldap import user password enabled not working as expected
June 19, 2012 10:51 PM
Answer

Manuel Hoyos

Rank: Junior Member

Posts: 49

Join Date: June 10, 2012

Recent Posts

Thanks for the reply,

it is urgent to know the answer, to assess their cost and the risk apply it.

Thanks again and best regards
Jonas Yuan
RE: Ldap import user password enabled not working as expected
June 20, 2012 11:56 AM
Answer

Jonas Yuan

Rank: Liferay Master

Posts: 993

Join Date: April 26, 2007

Recent Posts

Hi Manuel,

Could you please drop an email to jonasliferay@gmail.com?

Hope that a fix patch could be available in urgent base.

Thanks

Jonas Yuan
Sunil Rai
RE: Ldap import user password enabled not working as expected
June 26, 2012 6:21 AM
Answer

Sunil Rai

Rank: Junior Member

Posts: 43

Join Date: January 31, 2012

Recent Posts

Jonas Yuan:
Hi Sadish,

There is a bug related to the feature (Keeping user password secure with LDAP integration) in 6.1. Fortunately I have generated fix patch. With the following settings and the fix patch, the feature works as expected

1ldap.import.user.password.enabled=false
2
3ldap.import.user.password.autogenerated=false
4
5ldap.import.user.password.default=test


Drop email if you still need this feature and fix patch.

The fix patch for 6.0 is also available.

Thanks

Jonas Yuan


Hi Jonas,

After upgrading to Liferay 6.1.0 CE I am facing problem with LDAP. After disabling the LDAP option only user is able to Login but before upgrade LDAP is working fine on Liferay 5.2.3 CE. Due you think the mentioned patch will help for this?
Jonas Yuan
RE: Ldap import user password enabled not working as expected
June 26, 2012 7:18 AM
Answer

Jonas Yuan

Rank: Liferay Master

Posts: 993

Join Date: April 26, 2007

Recent Posts

Hi Sunil,

Yes, the same feature could be downgraded to 5.2 version. It will require special care.

Thanks,

Jonas
Sunil Rai
RE: Ldap import user password enabled not working as expected
June 26, 2012 11:33 PM
Answer

Sunil Rai

Rank: Junior Member

Posts: 43

Join Date: January 31, 2012

Recent Posts

Hi Jonas,

I have sent you mail on your gmail ID "jonasliferay@gmail.com" regarding the mentioned patch. Please provide me the same.

Regards,
Sunil Rai
Sunil Rai
RE: Ldap import user password enabled not working as expected
June 27, 2012 10:57 PM
Answer

Sunil Rai

Rank: Junior Member

Posts: 43

Join Date: January 31, 2012

Recent Posts

Jonas Yuan:
Hi Sunil,

Yes, the same feature could be downgraded to 5.2 version. It will require special care.

Thanks,

Jonas


Hi Jonas,

It is difficult to be depended on forum if you have deadline. Anyway I have cancelled the plan to upgrade to Liferay 6.1.0 CE.
Unfortunately the forum is not active even though the solution is available.
Jonas Yuan
RE: Ldap import user password enabled not working as expected
July 2, 2012 3:31 PM
Answer

Jonas Yuan

Rank: Liferay Master

Posts: 993

Join Date: April 26, 2007

Recent Posts

Hi Sunil,

Sorry that I did not get chance to build the fix patch for 5.2.3.

Is this urgent for you?

Thanks

Jonas Yuan
Sunil Rai
RE: Ldap import user password enabled not working as expected
July 2, 2012 10:33 PM
Answer

Sunil Rai

Rank: Junior Member

Posts: 43

Join Date: January 31, 2012

Recent Posts

Hi Jonas,

Thanks for the update but yes it is urgent otherwise there is no other solution than stick with Liferay 5.2.3 CE emoticon
Let me know if you need any further details from my side.

Thanks,
Sunil Rai
amit singh
RE: Ldap import user password enabled not working as expected
July 5, 2012 12:00 AM
Answer

amit singh

Rank: New Member

Posts: 12

Join Date: February 7, 2012

Recent Posts

Hi Jonas ,

I am also facing similar problem for 6.1 CE.
Can you please send me the fix patch for this bug.

I have already requested you from my email id eramitsingh1985@gmail.com, please revert on the same.

Thanks,
Amit Singh
amit singh
RE: Ldap import user password enabled not working as expected
July 5, 2012 12:03 AM
Answer

amit singh

Rank: New Member

Posts: 12

Join Date: February 7, 2012

Recent Posts

Hi Sadish,

Does your problem with Liferay - LDAP integration got resolved using the patch provided by Jonas ?
I am also facing the similar issue with Liferay 6.1 CE.

Has this patch not applied to WAR bundle available on Liferay download website page ?


Thanks,
Amit Singh
Jonas Yuan
RE: Ldap import user password enabled not working as expected
July 5, 2012 1:33 PM
Answer

Jonas Yuan

Rank: Liferay Master

Posts: 993

Join Date: April 26, 2007

Recent Posts

Hi Amit,

You should receive the patch.

It would be nice that you could share your testing results here.

Thanks

Jonas Yuan
Jonas Yuan
RE: Ldap import user password enabled not working as expected
July 5, 2012 1:34 PM
Answer

Jonas Yuan

Rank: Liferay Master

Posts: 993

Join Date: April 26, 2007

Recent Posts

Hi Sunil,

Good luck to use the fix patch.

Thanks

Jonas Yuan
Luca Basile
RE: Ldap import user password enabled not working as expected
July 6, 2012 1:58 AM
Answer

Luca Basile

Rank: New Member

Posts: 2

Join Date: July 4, 2012

Recent Posts

Hi everyone,

i'm stuck with the same problem.Where can i get this patch?Do i need to follow some specific steps to obtain it?

Thanks in advance,

Cheers.
Jonas Yuan
RE: Ldap import user password enabled not working as expected
July 7, 2012 2:12 PM
Answer

Jonas Yuan

Rank: Liferay Master

Posts: 993

Join Date: April 26, 2007

Recent Posts

Hi Luca,

Which version are you using?

You may drop an email to jonasliferay@gmail.com for the fix patch.

Thanks

Jonas Yuan
amit singh
RE: Ldap import user password enabled not working as expected
July 8, 2012 9:46 PM
Answer

amit singh

Rank: New Member

Posts: 12

Join Date: February 7, 2012

Recent Posts

Hi Jonas,

Applying this patch on 6.1.X Code Base resulted in LDAP authentication working fine as required however User is also able to login with the password stored in Liferay database even when Required is enabled using Control panel for liferay.

Still the problem remains same !!

Regards,
Amit
Sunil Rai
RE: Ldap import user password enabled not working as expected
July 8, 2012 10:46 PM
Answer

Sunil Rai

Rank: Junior Member

Posts: 43

Join Date: January 31, 2012

Recent Posts

Jonas Yuan:
Hi Sunil,

Good luck to use the fix patch.

Thanks

Jonas Yuan


Thanks a lot Jonas. emoticon
I will try to implement this and I will share my experience with you soon.

Regards,
Sunil
Jonas Yuan
RE: Ldap import user password enabled not working as expected
November 26, 2012 8:37 PM
Answer

Jonas Yuan

Rank: Liferay Master

Posts: 993

Join Date: April 26, 2007

Recent Posts

Hi Amit,

The fix patch for 6.1 GA2 CE is ready.

Please drop an email to jonasliferay@gmail.com for the fix.

Thanks

Jonas Yuan
amit singh
RE: Ldap import user password enabled not working as expected
November 30, 2012 3:50 AM
Answer

amit singh

Rank: New Member

Posts: 12

Join Date: February 7, 2012

Recent Posts

Hi Jonas,

Does this patch applies to liferay-portal-6.1.1-ce-ga2 ?

Thanks,
Amit
Jonas Yuan
RE: Ldap import user password enabled not working as expected
December 5, 2012 6:58 AM
Answer

Jonas Yuan

Rank: Liferay Master

Posts: 993

Join Date: April 26, 2007

Recent Posts

Hi Amit,

As you mentioned in Google Talk, please share your test results.

Thanks

Jonas Yuan
Michal R
RE: Ldap import user password enabled not working as expected
January 18, 2013 6:54 AM
Answer

Michal R

Rank: New Member

Posts: 23

Join Date: May 28, 2012

Recent Posts

Jonas,
why not raise a liferay jira issue, fix the bug there and distribute it via standard means (i.e. versioning system) to everybody?