Foros de discusión
LDAP will export everything except the passwords, Liferay 6.2.0 ce m2
Yannis Arg, modificado hace 11 años.
LDAP will export everything except the passwords, Liferay 6.2.0 ce m2
New Member Mensajes: 5 Fecha de incorporación: 18/12/12 Mensajes recientes
Hi everyone,
I'm working about 6 months with Liferay, but this is my first post here. You see I've been struggling to get an existing Liferay Portal, to authenticate with LDAP service.
My goal is to have the users creating and editing their accounts though the Portal, but authenticate though a fully synchronized LDAP server.
I've gone through the admin/control panel/portal settings/authentication/LDAP and checked every option:
-enabled
-required
-Import Enabled
-Import on Startup Enabled
-Export Enabled
-Use LDAP Password Policy
I believe I've set correctly and tested successfully the LDAP Server parameters (URL, ports, user and Group domains, etc). As long as import/export works on most cases, I don't have any reason to believe otherwise.
Also, I've edited portal-ext.properties adding :
ldap.auth.enabled=true
ldap.auth.required=true
ldap.auth.method=bind
ldap.export.enabled=true
So far, it's working as 99% expected :
-Each time a user tries to log in from Liferay Portal with an account that exists only in LDAP, he/she will be added in Liferay Users too (import seems to work)
-For the Users that existed in Liferay Users before the LDAP integration, when they log in for the first time after the integration, they will be added to LDAP too (so export works too). Their User Groups are also added correctly to the LDAP. User's Passwords are exported correctly.
-When I change a user's password on the LDAP server, the Liferay User can only log in using the new password ( 'required' seems to work as expected too)
-If I update the User's profile (name, last name etc) from the Portal/Manage my Account, the LDAP's account is also updated (so auto - export and LDAP binding seems to work again)
But whenever I update a user's password through the Portal, the LDAP password will not get updated. For this attribute, the export will not work ? Practically, I can change user passwords only on the LDAP server directly. So what am I missing ?
Is this a normal behavior and I have to customize something ? Or could it be a bug ?
- I updated from 6.1.0 ce ga1 to 6.2.0 ce m2, only because I couldn't enable export without crashing (see LPS-25781). After enabling the export, I wouldn't log in even with an omniAdmin account. The upgrade seems to have issued that problem
- The LDAP server is an Apache DS, not sure on the version
- I'm checking the LDAP server through JXplorer
Regards and Thanks in advance
Yannis
I'm working about 6 months with Liferay, but this is my first post here. You see I've been struggling to get an existing Liferay Portal, to authenticate with LDAP service.
My goal is to have the users creating and editing their accounts though the Portal, but authenticate though a fully synchronized LDAP server.
I've gone through the admin/control panel/portal settings/authentication/LDAP and checked every option:
-enabled
-required
-Import Enabled
-Import on Startup Enabled
-Export Enabled
-Use LDAP Password Policy
I believe I've set correctly and tested successfully the LDAP Server parameters (URL, ports, user and Group domains, etc). As long as import/export works on most cases, I don't have any reason to believe otherwise.
Also, I've edited portal-ext.properties adding :
ldap.auth.enabled=true
ldap.auth.required=true
ldap.auth.method=bind
ldap.export.enabled=true
So far, it's working as 99% expected :
-Each time a user tries to log in from Liferay Portal with an account that exists only in LDAP, he/she will be added in Liferay Users too (import seems to work)
-For the Users that existed in Liferay Users before the LDAP integration, when they log in for the first time after the integration, they will be added to LDAP too (so export works too). Their User Groups are also added correctly to the LDAP. User's Passwords are exported correctly.
-When I change a user's password on the LDAP server, the Liferay User can only log in using the new password ( 'required' seems to work as expected too)
-If I update the User's profile (name, last name etc) from the Portal/Manage my Account, the LDAP's account is also updated (so auto - export and LDAP binding seems to work again)
But whenever I update a user's password through the Portal, the LDAP password will not get updated. For this attribute, the export will not work ? Practically, I can change user passwords only on the LDAP server directly. So what am I missing ?
Is this a normal behavior and I have to customize something ? Or could it be a bug ?
- I updated from 6.1.0 ce ga1 to 6.2.0 ce m2, only because I couldn't enable export without crashing (see LPS-25781). After enabling the export, I wouldn't log in even with an omniAdmin account. The upgrade seems to have issued that problem
- The LDAP server is an Apache DS, not sure on the version
- I'm checking the LDAP server through JXplorer
Regards and Thanks in advance
Yannis
Yannis Arg, modificado hace 11 años.
RE: LDAP will export everything except the passwords, Liferay 6.2.0 ce m2
New Member Mensajes: 5 Fecha de incorporación: 18/12/12 Mensajes recientes
Never mind, I managed to make it work. I had to add these properties to portal-ext.properties
ldap.auth.password.encryption.algorithm=SHA
ldap.auth.method=password-compare
ldap.auth.password.encryption.algorithm=SHA
ldap.auth.method=password-compare
Maxi Pecero, modificado hace 11 años.
RE: LDAP will export everything except the passwords, Liferay 6.2.0 ce m2
New Member Mensajes: 2 Fecha de incorporación: 5/11/10 Mensajes recientes
Thank you Yannis. It´s helpful for me.
Regards,
Maxi.
Regards,
Maxi.