Foros de discusión
Unable to Update LDAP Password by Liferay
Lokendra Shekhawat, modificado hace 11 años.
Unable to Update LDAP Password by Liferay
New Member Mensajes: 12 Fecha de incorporación: 7/01/13 Mensajes recientes
Hi all,
I am trying to update the LDAP password, when user changes his/her password at Liferay portal either by change password or forgot password. For this i tried following:
1. LDAP enabled = true
2. LDAP Required = True
in the beginning LDAP users were not able to login, then i checked that users were authenticating by screen name, than i changed it to email and LDAP users were able to login successfully..
my First question is that, "Is LDAP required feature does not work with screen name?"
Now that users are able to login, I tried to change one users password by logging in as admin, lets say his old password was "12345" and i changed it to "123456", i got the message password changed successfully. When i tried to login with that user, with the password "123456", authentication got failed, and when i tried with the old password "12345", user logged in successfully. It means that password got updated on LR database, but not at LDAP server.
Then I checked the Export enabled check-box, which suppose to export all the changes to the LDAP. Now when i tried to change the password of a user from admin login its not changing the password and giving me the error "That password is invalid. Please enter in a different password. ". I tried many different passwords but got the same error.
PS: I am using LDAP admin credentials at the LDAP settings under Portal settings -> Authentication.
What i am doing wrong.. Please guide me, i need to change the password at LDAP end when user change the password at liferay portal....
Please advice...
Awaiting your response..
Thank you...
I am trying to update the LDAP password, when user changes his/her password at Liferay portal either by change password or forgot password. For this i tried following:
1. LDAP enabled = true
2. LDAP Required = True
in the beginning LDAP users were not able to login, then i checked that users were authenticating by screen name, than i changed it to email and LDAP users were able to login successfully..
my First question is that, "Is LDAP required feature does not work with screen name?"
Now that users are able to login, I tried to change one users password by logging in as admin, lets say his old password was "12345" and i changed it to "123456", i got the message password changed successfully. When i tried to login with that user, with the password "123456", authentication got failed, and when i tried with the old password "12345", user logged in successfully. It means that password got updated on LR database, but not at LDAP server.
Then I checked the Export enabled check-box, which suppose to export all the changes to the LDAP. Now when i tried to change the password of a user from admin login its not changing the password and giving me the error "That password is invalid. Please enter in a different password. ". I tried many different passwords but got the same error.
PS: I am using LDAP admin credentials at the LDAP settings under Portal settings -> Authentication.
What i am doing wrong.. Please guide me, i need to change the password at LDAP end when user change the password at liferay portal....
Please advice...
Awaiting your response..
Thank you...
Varun Arya, modificado hace 11 años.
RE: Unable to Update LDAP Password by Liferay
New Member Mensajes: 4 Fecha de incorporación: 11/04/13 Mensajes recientes
I am also facing this issue... 
amir keshavarz, modificado hace 10 años.
RE: Unable to Update LDAP Password by Liferay
Junior Member Mensajes: 54 Fecha de incorporación: 9/10/10 Mensajes recientes
Me too. Who can help 
Antoine Comble, modificado hace 10 años.
RE: Unable to Update LDAP Password by Liferay
Regular Member Mensajes: 232 Fecha de incorporación: 7/09/12 Mensajes recientes
Hi all,
I ahd the same problem.
To solve it, i've created a hook of UserLocalService to override updatePassword method.
When a user change his password, with the hook, i get the ldap attributes for the user and i change the password in LDAP.
I don't know if another solution exists but it works for me.
liferay-hook.xml
ExtUserLocalService.java
I've checked the LDAP Required checkbox in Control Panel-> Settings -> Authentication -> LDAP tab.
Hope this help you,
Antoine
I ahd the same problem.
To solve it, i've created a hook of UserLocalService to override updatePassword method.
When a user change his password, with the hook, i get the ldap attributes for the user and i change the password in LDAP.
I don't know if another solution exists but it works for me.
liferay-hook.xml
<!--?xml version="1.0"?-->
<hook>
<portal-properties>portal.properties</portal-properties>
<service>
<service-type>
com.liferay.portal.service.UserLocalService
</service-type>
<service-impl>
com.acomble.test.service.ExtUserLocalService
</service-impl>
</service>
</hook>
ExtUserLocalService.java
...
public class ExtUserLocalService extends UserLocalServiceWrapper {
...
@Override
public User updatePassword(long userId, String password1, String password2, boolean passwordReset)
throws PortalException, SystemException {
final User user = super.updatePassword(userId, password1, password2, passwordReset);
updateUserLDAP(user);
return user;
}
private void updateUserLDAP(final User user) throws SystemException, PortalException {
// Get user DN in LDAP
final SearchResult userLdap = searchUserFullNameInLDAP(user);
if (userLdap != null) {
// Get the LDAP connection attributes
final long companyId = user.getCompanyId();
final String providerURL = PrefsPropsUtil.getString(companyId, "ldap.base.provider.url.0");
final String principal = PrefsPropsUtil.getString(companyId, "ldap.security.principal.0");
final String credentials = PrefsPropsUtil.getString(companyId, "ldap.security.credentials.0");
// final String baseDN = PrefsPropsUtil.getString(user.getCompanyId(), "ldap.base.dn.0");
final String initialContextFactory = PrefsPropsUtil.getString(companyId, "ldap.factory.initial");
// LDAP Context Initialization
final Hashtable<string, string> env = new Hashtable<string, string>();
env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory);
env.put(Context.PROVIDER_URL, providerURL);
env.put(Context.SECURITY_CREDENTIALS, credentials);
env.put(Context.SECURITY_PRINCIPAL, principal);
try {
final DirContext ctx = new InitialDirContext(env);
final List<modificationitem> mods = new ArrayList<modificationitem>();
Attributes userAttributes = userLdap.getAttributes();
// Mot de passe
// setBasicAttribute(userAttributes, mods, 0, "userPassword", user.getPassword());
// Update LDAP attributes
ctx.modifyAttributes(userLdap.getNameInNamespace(), mods.toArray(new ModificationItem[mods.size()]));
ctx.close();
} catch (final NamingException e) {
// Problem with LDAP settings
throw new SystemException(e);
}
}
}
private void setBasicAttribute(Attributes userAttributes, List<modificationitem> mods, int index, String name,
Object value) {
mods.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, mod));
}
private SearchResult searchUserFullNameInLDAP(final User user) throws SystemException {
// Get the LDAP connection attributes
final long companyId = user.getCompanyId();
final String providerURL = PrefsPropsUtil.getString(companyId, "ldap.base.provider.url.0");
final String principal = PrefsPropsUtil.getString(companyId, "ldap.security.principal.0");
final String credentials = PrefsPropsUtil.getString(companyId, "ldap.security.credentials.0");
final String baseDN = PrefsPropsUtil.getString(companyId, "ldap.base.dn.0");
final String initialContextFactory = PrefsPropsUtil.getString(companyId, "ldap.factory.initial");
final Hashtable<string, string> env = new Hashtable<string, string>();
env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory);
env.put(Context.PROVIDER_URL, providerURL);
env.put(Context.SECURITY_PRINCIPAL, principal);
env.put(Context.SECURITY_CREDENTIALS, credentials);
try {
final DirContext ctx = new InitialDirContext(env);
final SearchControls sc = new SearchControls();
sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
final String filter = "(&(cn=" + user.getScreenName() + "))";
final NamingEnumeration results = ctx.search(baseDN, filter, sc);
while (results.hasMore()) {
SearchResult sr = (SearchResult) results.next();
return sr;
}
ctx.close();
} catch (final NamingException e) {
return null;
}
return null;
}
...
}
</string,></string,></modificationitem></modificationitem></modificationitem></string,></string,>I've checked the LDAP Required checkbox in Control Panel-> Settings -> Authentication -> LDAP tab.
Hope this help you,
Antoine
Matteo Gnocchi, modificado hace 10 años.
RE: Unable to Update LDAP Password by Liferay
Junior Member Mensajes: 33 Fecha de incorporación: 6/09/10 Mensajes recientes
Hi Antoine
I tried to follow your suggestions.
I developed and deployed a Hook which implements the updatePassword method of UserLocalService;
But it seems that liferay doesn't call this service properly (I added some log messages in my implementation but I don't see any of them).
Infact, when a user try to change its password I don't see any error messages or log informations.
Can you help me?
Thanks!!!!
I tried to follow your suggestions.
I developed and deployed a Hook which implements the updatePassword method of UserLocalService;
But it seems that liferay doesn't call this service properly (I added some log messages in my implementation but I don't see any of them).
Infact, when a user try to change its password I don't see any error messages or log informations.
Can you help me?
Thanks!!!!
Antoine Comble:
Hi all,
I ahd the same problem.
To solve it, i've created a hook of UserLocalService to override updatePassword method.
When a user change his password, with the hook, i get the ldap attributes for the user and i change the password in LDAP.
I don't know if another solution exists but it works for me.
liferay-hook.xml<!--?xml version="1.0"?--> <hook> <portal-properties>portal.properties</portal-properties> <service> <service-type> com.liferay.portal.service.UserLocalService </service-type> <service-impl> com.acomble.test.service.ExtUserLocalService </service-impl> </service> </hook>
ExtUserLocalService.java... public class ExtUserLocalService extends UserLocalServiceWrapper { ... @Override public User updatePassword(long userId, String password1, String password2, boolean passwordReset) throws PortalException, SystemException { final User user = super.updatePassword(userId, password1, password2, passwordReset); updateUserLDAP(user); return user; } private void updateUserLDAP(final User user) throws SystemException, PortalException { // Get user DN in LDAP final SearchResult userLdap = searchUserFullNameInLDAP(user); if (userLdap != null) { // Get the LDAP connection attributes final long companyId = user.getCompanyId(); final String providerURL = PrefsPropsUtil.getString(companyId, "ldap.base.provider.url.0"); final String principal = PrefsPropsUtil.getString(companyId, "ldap.security.principal.0"); final String credentials = PrefsPropsUtil.getString(companyId, "ldap.security.credentials.0"); // final String baseDN = PrefsPropsUtil.getString(user.getCompanyId(), "ldap.base.dn.0"); final String initialContextFactory = PrefsPropsUtil.getString(companyId, "ldap.factory.initial"); // LDAP Context Initialization final Hashtable<string, string> env = new Hashtable<string, string>(); env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory); env.put(Context.PROVIDER_URL, providerURL); env.put(Context.SECURITY_CREDENTIALS, credentials); env.put(Context.SECURITY_PRINCIPAL, principal); try { final DirContext ctx = new InitialDirContext(env); final List<modificationitem> mods = new ArrayList<modificationitem>(); Attributes userAttributes = userLdap.getAttributes(); // Mot de passe // setBasicAttribute(userAttributes, mods, 0, "userPassword", user.getPassword()); // Update LDAP attributes ctx.modifyAttributes(userLdap.getNameInNamespace(), mods.toArray(new ModificationItem[mods.size()])); ctx.close(); } catch (final NamingException e) { // Problem with LDAP settings throw new SystemException(e); } } } private void setBasicAttribute(Attributes userAttributes, List<modificationitem> mods, int index, String name, Object value) { mods.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, mod)); } private SearchResult searchUserFullNameInLDAP(final User user) throws SystemException { // Get the LDAP connection attributes final long companyId = user.getCompanyId(); final String providerURL = PrefsPropsUtil.getString(companyId, "ldap.base.provider.url.0"); final String principal = PrefsPropsUtil.getString(companyId, "ldap.security.principal.0"); final String credentials = PrefsPropsUtil.getString(companyId, "ldap.security.credentials.0"); final String baseDN = PrefsPropsUtil.getString(companyId, "ldap.base.dn.0"); final String initialContextFactory = PrefsPropsUtil.getString(companyId, "ldap.factory.initial"); final Hashtable<string, string> env = new Hashtable<string, string>(); env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory); env.put(Context.PROVIDER_URL, providerURL); env.put(Context.SECURITY_PRINCIPAL, principal); env.put(Context.SECURITY_CREDENTIALS, credentials); try { final DirContext ctx = new InitialDirContext(env); final SearchControls sc = new SearchControls(); sc.setSearchScope(SearchControls.SUBTREE_SCOPE); final String filter = "(&(cn=" + user.getScreenName() + "))"; final NamingEnumeration results = ctx.search(baseDN, filter, sc); while (results.hasMore()) { SearchResult sr = (SearchResult) results.next(); return sr; } ctx.close(); } catch (final NamingException e) { return null; } return null; } ... } </string,></string,></modificationitem></modificationitem></modificationitem></string,></string,>
I've checked the LDAP Required checkbox in Control Panel-> Settings -> Authentication -> LDAP tab.
Hope this help you,
Antoine
Antoine Comble, modificado hace 10 años.
RE: Unable to Update LDAP Password by Liferay
Regular Member Mensajes: 232 Fecha de incorporación: 7/09/12 Mensajes recientes
Could you attach your project to this thread ?
Have you added some logs in updatePassword overwritten method ? If true, any logs are displayed ?
It exists another updatePassword method in UserLocalServiceImpl service.
Could you try to override this and put the code i gave you in previous thread ?
Antoine
Have you added some logs in updatePassword overwritten method ? If true, any logs are displayed ?
It exists another updatePassword method in UserLocalServiceImpl service.
Could you try to override this and put the code i gave you in previous thread ?
Antoine
Matteo Gnocchi, modificado hace 10 años.
RE: Unable to Update LDAP Password by Liferay
Junior Member Mensajes: 33 Fecha de incorporación: 6/09/10 Mensajes recientes
I've already implemented both the two updatePassword methods.
Regarding the code; I can't see even the log messages added in this method:
@Override
public User updatePassword(long userId, String password1, String password2, boolean passwordReset)
throws PortalException, SystemException {
System.out.println("Call Update Password");
final User user = super.updatePassword(userId, password1, password2, passwordReset);
System.out.println("Call LDAP Update Password");
updateUserLDAP(user);
System.out.println("End LDAP Update Password");
return user;
}
For testing the Hook, I've added my own implementation of getUserById method and in that case I've seen the log messages.
I've tried to change my LDAP password from My Account Section and Users and OrganizationsSection in Control Panel and it doesn't work.
Regarding the code; I can't see even the log messages added in this method:
@Override
public User updatePassword(long userId, String password1, String password2, boolean passwordReset)
throws PortalException, SystemException {
System.out.println("Call Update Password");
final User user = super.updatePassword(userId, password1, password2, passwordReset);
System.out.println("Call LDAP Update Password");
updateUserLDAP(user);
System.out.println("End LDAP Update Password");
return user;
}
For testing the Hook, I've added my own implementation of getUserById method and in that case I've seen the log messages.
I've tried to change my LDAP password from My Account Section and Users and OrganizationsSection in Control Panel and it doesn't work.
Antoine Comble:
Could you attach your project to this thread ?
Have you added some logs in updatePassword overwritten method ? If true, any logs are displayed ?
It exists another updatePassword method in UserLocalServiceImpl service.
Could you try to override this and put the code i gave you in previous thread ?
Antoine
Lokendra Shekhawat, modificado hace 10 años.
RE: Unable to Update LDAP Password by Liferay (Respuesta)
New Member Mensajes: 12 Fecha de incorporación: 7/01/13 Mensajes recientes
Dear all,
OpenDJ doesn't allow preencrypted passwords and I have found the solution.
There are two solutions:
Solution 1:
1). Create the account of Liferay Admin user to the OpenDJ LDAP server, make sure that screen name and email id's are same as LR.
2). Go to Portal Settings -> Authentication -> LDAP and Check "Enabled", "Required", "Import Enabled", " Import on Startup Enabled" and "Export Enabled".
3) Add following line to portal-ext and restart:
ldap.auth.password.encryption.algorithm=
ldap.auth.method=bind
Advantage: OpenDJ encrypts the password as it sees fit, which is the recommended configuration
Disadvantage: If you use ldap, not ldaps, the password is sent plain text to the ldap server.
Solution 2:
1). Create the account of Liferay Admin user to the OpenDJ LDAP server, make sure that screen name and email id's are same as LR.
2). Go to Portal Settings -> Authentication -> LDAP and Check "Enabled", "Required", "Import Enabled", " Import on Startup Enabled" and "Export Enabled".
3). Run this command on OpenDJ:
dsconfig -p 4444 -h <host_name> -D "cn=Directory Manager" -w <Directory_Manager_Password> set-password-policy-prop --policy-name "Default Password Policy" --set allow-pre-encoded-passwords:true -X -n
Note: Replace the required information inside <> with the actual value.
4) Add following lines to portal-ext and restart:
ldap.auth.password.encryption.algorithm=SSHA
ldap.auth.method=bind
Disadvantage: This is basically disabling a security feature and disables opendj build-in password policies.
Advantage: Even with ldap protocol password is transmitted encrypted.
Note: Liferay admin user needs to be created on LDAP server, because if you don't create it on LDAP server, admin user will not be able to login to the portal after above configuration.
I have tried both the methods and both are working. Now admin can change the password of any user using liferay's "users and organizations" and users can set their new password using "forgot password". In both the cases LDAP passwords are getting updated.
Cheers......... :-)
OpenDJ doesn't allow preencrypted passwords and I have found the solution.
There are two solutions:
Solution 1:
1). Create the account of Liferay Admin user to the OpenDJ LDAP server, make sure that screen name and email id's are same as LR.
2). Go to Portal Settings -> Authentication -> LDAP and Check "Enabled", "Required", "Import Enabled", " Import on Startup Enabled" and "Export Enabled".
3) Add following line to portal-ext and restart:
ldap.auth.password.encryption.algorithm=
ldap.auth.method=bind
Advantage: OpenDJ encrypts the password as it sees fit, which is the recommended configuration
Disadvantage: If you use ldap, not ldaps, the password is sent plain text to the ldap server.
Solution 2:
1). Create the account of Liferay Admin user to the OpenDJ LDAP server, make sure that screen name and email id's are same as LR.
2). Go to Portal Settings -> Authentication -> LDAP and Check "Enabled", "Required", "Import Enabled", " Import on Startup Enabled" and "Export Enabled".
3). Run this command on OpenDJ:
dsconfig -p 4444 -h <host_name> -D "cn=Directory Manager" -w <Directory_Manager_Password> set-password-policy-prop --policy-name "Default Password Policy" --set allow-pre-encoded-passwords:true -X -n
Note: Replace the required information inside <> with the actual value.
4) Add following lines to portal-ext and restart:
ldap.auth.password.encryption.algorithm=SSHA
ldap.auth.method=bind
Disadvantage: This is basically disabling a security feature and disables opendj build-in password policies.
Advantage: Even with ldap protocol password is transmitted encrypted.
Note: Liferay admin user needs to be created on LDAP server, because if you don't create it on LDAP server, admin user will not be able to login to the portal after above configuration.
I have tried both the methods and both are working. Now admin can change the password of any user using liferay's "users and organizations" and users can set their new password using "forgot password". In both the cases LDAP passwords are getting updated.
Cheers......... :-)
Varun Arya, modificado hace 10 años.
RE: Unable to Update LDAP Password by Liferay
New Member Mensajes: 4 Fecha de incorporación: 11/04/13 Mensajes recientes
Thanks,
It works for me..
It works for me..
Soukaina HAJI, modificado hace 9 años.
RE: Unable to Update LDAP Password by Liferay
Regular Member Mensajes: 195 Fecha de incorporación: 17/06/14 Mensajes recientes
WAW it's work !! thanks a lot Lokendra Shekhawat
Bill Wang, modificado hace 9 años.
RE: Unable to Update LDAP Password by Liferay
New Member Mensaje: 1 Fecha de incorporación: 15/12/09 Mensajes recientes
Yes, that is not works!
because the Action will call updateUser(), rather than updatePassword().
it means customize wrapper's method updateUser() will be called.
then call method of real impl updateUser().
and real implementation will call this.updatePassword() which is real impl's updatePassword(), NOT the wrapper's updatePassword()!!!!
so to make it work, we should override updateUser too. not only updatePassword!
because the Action will call updateUser(), rather than updatePassword().
it means customize wrapper's method updateUser() will be called.
then call method of real impl updateUser().
and real implementation will call this.updatePassword() which is real impl's updatePassword(), NOT the wrapper's updatePassword()!!!!
so to make it work, we should override updateUser too. not only updatePassword!