Vista combinada Visión Plana Vista de árbol
Discusiones [ Anterior | Siguiente ]
toggle
LDAP Authentication not working Bruno Galvao 20 de septiembre de 2011 13:19
RE: LDAP Authentication not working David H Nebinger 21 de septiembre de 2011 7:08
RE: LDAP Authentication not working Bruno Galvao 21 de septiembre de 2011 12:25
RE: LDAP Authentication not working Ronak Patel 21 de septiembre de 2011 14:00
RE: LDAP Authentication not working David H Nebinger 22 de septiembre de 2011 5:38
RE: LDAP Authentication not working Ken Dong 23 de septiembre de 2011 14:55
RE: LDAP Authentication not working David Keith 28 de septiembre de 2011 12:06
RE: LDAP Authentication not working David H Nebinger 28 de septiembre de 2011 13:19
RE: LDAP Authentication not working David Keith 28 de septiembre de 2011 14:08
RE: LDAP Authentication not working David H Nebinger 28 de septiembre de 2011 16:30
RE: LDAP Authentication not working Bruno Galvao 5 de octubre de 2011 10:32
RE: LDAP Authentication not working David Keith 12 de octubre de 2011 11:08
RE: LDAP Authentication not working Bhupesh Nagda 24 de marzo de 2012 4:42
RE: LDAP Authentication not working Bhupesh Nagda 4 de abril de 2012 3:38
RE: LDAP Authentication not working Oliver Dudas 3 de octubre de 2012 5:17
RE: LDAP Authentication not working Jonas Yuan 3 de octubre de 2012 9:00
RE: LDAP Authentication not working Jonas Yuan 26 de noviembre de 2012 20:39
RE: LDAP Authentication not working Jonas Yuan 26 de noviembre de 2012 20:41
RE: LDAP Authentication not working srujana k 19 de septiembre de 2014 7:05
RE: LDAP Authentication not working Ken Dong 23 de septiembre de 2011 15:47
RE: LDAP Authentication not working David Keith 28 de septiembre de 2011 7:18
RE: LDAP Authentication not working Brij Mohan Kataria 17 de junio de 2013 4:51
RE: LDAP Authentication not working Brij Mohan Kataria 17 de junio de 2013 5:24
RE: LDAP Authentication not working Brij Mohan Kataria 17 de junio de 2013 5:25
Bruno Galvao
LDAP Authentication not working
20 de septiembre de 2011 13:19
Respuesta

Bruno Galvao

Ranking: Junior Member

Mensajes: 58

Fecha de incorporación: 26 de agosto de 2011

Mensajes recientes

LDAP Authentication has been enabled.
Test LDAP Connection returns successful.
Test LDAP Users returns with a list of users.
Test LDAP Groups is successful as well.

I sign out of Test@Liferay.com and try logging in as on of the users returned from "Test LDAP Users."
Authentication fails.

Liferay throws authentication fails very quickly as if it did not even check against Active Directory.

Any suggestions? Thanks!
David H Nebinger
RE: LDAP Authentication not working
21 de septiembre de 2011 7:08
Respuesta

David H Nebinger

Community Moderator

Ranking: Liferay Legend

Mensajes: 9260

Fecha de incorporación: 1 de septiembre de 2006

Mensajes recientes

I would try restarting the app container, then reindex all search indices. When you go to the Users control panel page, you should see all of the imported users...
Bruno Galvao
RE: LDAP Authentication not working
21 de septiembre de 2011 12:25
Respuesta

Bruno Galvao

Ranking: Junior Member

Mensajes: 58

Fecha de incorporación: 26 de agosto de 2011

Mensajes recientes

David H Nebinger:
I would try restarting the app container, then reindex all search indices. When you go to the Users control panel page, you should see all of the imported users...



Thanks, but I don't want to import the users. I just want to authenticate them against Active Directory when they enter their email address / password on the login page.
Ronak Patel
RE: LDAP Authentication not working
21 de septiembre de 2011 14:00
Respuesta

Ronak Patel

Ranking: New Member

Mensajes: 19

Fecha de incorporación: 20 de enero de 2010

Mensajes recientes

Did you check your authentication filter syntex?

Is it correct?

-
Ronak
David H Nebinger
RE: LDAP Authentication not working
22 de septiembre de 2011 5:38
Respuesta

David H Nebinger

Community Moderator

Ranking: Liferay Legend

Mensajes: 9260

Fecha de incorporación: 1 de septiembre de 2006

Mensajes recientes

Bruno Galvao:
Thanks, but I don't want to import the users. I just want to authenticate them against Active Directory when they enter their email address / password on the login page.


Okay, maybe no one has made this clear. All Liferay users must be in the Liferay database. When the user record is created, it gets the unique primary key value that is then used as a foreign key on other tables.

When you do AD/LDAP integration, you must import the users into the Liferay database. After the users are imported, when signing in AD/LDAP will be used to ensure the credentials are valid, but they must still be defined in the Liferay database...
Ken Dong
RE: LDAP Authentication not working
23 de septiembre de 2011 14:55
Respuesta

Ken Dong

LIFERAY STAFF

Ranking: New Member

Mensajes: 6

Fecha de incorporación: 31 de agosto de 2010

Mensajes recientes

David H Nebinger:
Bruno Galvao:
Thanks, but I don't want to import the users. I just want to authenticate them against Active Directory when they enter their email address / password on the login page.


Okay, maybe no one has made this clear. All Liferay users must be in the Liferay database. When the user record is created, it gets the unique primary key value that is then used as a foreign key on other tables.

When you do AD/LDAP integration, you must import the users into the Liferay database. After the users are imported, when signing in AD/LDAP will be used to ensure the credentials are valid, but they must still be defined in the Liferay database...



I'm pretty sure you can import on demand. You don't need to import the whole ldap database on startup. If you import on demand, when a user goes to sign into Liferay, Liferay will check it's database first, and if that user does not exist, it will go through and pull it from the Ldap database.

You can set this through the control panel as well as in your portal-ext.properties. Of course you can only set it in one or the other as the control panel overwrites the portal-ext.properties.
Ken Dong
RE: LDAP Authentication not working
23 de septiembre de 2011 15:47
Respuesta

Ken Dong

LIFERAY STAFF

Ranking: New Member

Mensajes: 6

Fecha de incorporación: 31 de agosto de 2010

Mensajes recientes

Bruno Galvao:
LDAP Authentication has been enabled.
Test LDAP Connection returns successful.
Test LDAP Users returns with a list of users.
Test LDAP Groups is successful as well.

I sign out of Test@Liferay.com and try logging in as on of the users returned from "Test LDAP Users."
Authentication fails.

Liferay throws authentication fails very quickly as if it did not even check against Active Directory.

Any suggestions? Thanks!



Are you logging in via email or by screen name? Try setting it up to login by screen name.
David Keith
RE: LDAP Authentication not working
28 de septiembre de 2011 7:18
Respuesta

David Keith

Ranking: New Member

Mensajes: 13

Fecha de incorporación: 6 de enero de 2011

Mensajes recientes

Make sure you have LDAP Import on startup toggled on. (Control Panel settings Authentication LDAP)
Check the Users_ table in you DB schema for the presence of imported LDAP content.
This allows you to determine what's been imported without logging into liferay.
Alternatively, you can check the Users portlet in the Control Panel (logged in as an admin).

Liferay does not actually check against Active directory, it imports the data to a Liferay DB table (actually, several of them)
User_, Group_ being the most important.
David Keith
RE: LDAP Authentication not working
28 de septiembre de 2011 12:06
Respuesta

David Keith

Ranking: New Member

Mensajes: 13

Fecha de incorporación: 6 de enero de 2011

Mensajes recientes

Hmmm, I'm not sure about this.
The import seems to be an all or nothing thing.
I have not been able to get import on demand to work.

Also, if I first import the full LDAP active directory, then disable LDAP import, I am unable to login using existing (in LP Demoticon account info.
This last issue sounds like a bug in LP 6.0 EE SP2.

Here's a specific example:
I setup LDAP to import (set import interval to 8 hours in portal-ext.properties via ldap.import.interval=480)
I confirm that all active directory data has been properly imported by checking User_ and Group_ tables in liferay DB or by checking Users in control panel.
I login as davidkeith@lathamint.com (signon set to use email address) and my LDAP password.
I disable LDAP import and log out.
I try to login as Davidkeith@lathamint.com using my LDAP password.
Authentication fails and I am unable to login
I re-enable LDAP import and I am once again able to login using davidkeith@lathamint.com and LDAP password.

If the account info is already imported in liferay's User_ table, why should I still need LDAP import enabled?
Has the behavior change in the SP2 update.

Can someone confirm this behavior for me please?
I will log an issue in JIRA if this is indeed a bug.

Thanks in advance for any help anyone can provide.
David H Nebinger
RE: LDAP Authentication not working
28 de septiembre de 2011 13:19
Respuesta

David H Nebinger

Community Moderator

Ranking: Liferay Legend

Mensajes: 9260

Fecha de incorporación: 1 de septiembre de 2006

Mensajes recientes

If the account info is already imported in liferay's User_ table, why should I still need LDAP import enabled?


It will rebind to ldap using the credentials to ensure the account is still valid...

I don't think this is a bug; we want to do ldap authentication and part of that authentication includes ensuring the credentials are correct.

Otherwise LR imports you today but you are disabled in LDAP tonight; when you hit the box tomorrow w/o the LDAP bind, it would let you log in even though you should not be able to...
David Keith
RE: LDAP Authentication not working
28 de septiembre de 2011 14:08
Respuesta

David Keith

Ranking: New Member

Mensajes: 13

Fecha de incorporación: 6 de enero de 2011

Mensajes recientes

Thanks David,

I'm thinking that if I wanted to use the imported LDAP data without validating against LDAP, I'd have to disable the import and uncheck the enabled and required options as well.
In my original case I did not uncheck these options, only disabled the import.

I will try this tomorrow in my development environment before any of my developers begin using the site.

In general I do not plan on ever disabling the LDAP import, except for maybe in temporary cases like an LDAP server upgrade or maintenance window.
For this particular case, it was temporarily disabled in a non production Liferay instance for some development reasons and I just happened to notice that I could no longer login as anyone but omniuser.

-David
David H Nebinger
RE: LDAP Authentication not working
28 de septiembre de 2011 16:30
Respuesta

David H Nebinger

Community Moderator

Ranking: Liferay Legend

Mensajes: 9260

Fecha de incorporación: 1 de septiembre de 2006

Mensajes recientes

David Keith:
For this particular case, it was temporarily disabled in a non production Liferay instance for some development reasons and I just happened to notice that I could no longer login as anyone but omniuser.


Omniusers do not have to pass LDAP auth, even when enabled. Keep that in mind for the future...
Bruno Galvao
RE: LDAP Authentication not working
5 de octubre de 2011 10:32
Respuesta

Bruno Galvao

Ranking: Junior Member

Mensajes: 58

Fecha de incorporación: 26 de agosto de 2011

Mensajes recientes

LDAP is not working for me.
Below is my portal-ext.properties, please let me know if you see something I should add/remove/modify:

 1
 2ldap.import.enabled=true
 3ldap.import.on.startup=true
 4ldap.import.method=user
 5ldap.base.provider.url=ldap://yyy.aaa.zzz:389
 6ldap.security.principal=yyy\bruno galvao
 7ldap.security.credentials=myPass
 8ldap.users.dn=OU=ITS,OU=XXX,OU=YYY Users,DC=yyy,DC=aaa,DC=zzz
 9ldap.user.mappings=screenName=employeeID\npassword=userPassword\nemailAddress=mail\nfullName=cn\nfirstName=givenName\nlastName=sn\njobTitle=title\ngroup=memberOf
10ldap.auth.search.filter=(mail=@email_address@)
11ldap.import.user.search.filter=(objectClass=User)
David Keith
RE: LDAP Authentication not working
12 de octubre de 2011 11:08
Respuesta

David Keith

Ranking: New Member

Mensajes: 13

Fecha de incorporación: 6 de enero de 2011

Mensajes recientes

Hi Bruno,

Can you verify if the import has been performed successfully?

Login to your LP database and use your Liferay schema.
do a select * or a select count(*) from the User_ table.

If you don't see all of your LDAP users there, this is your problem.

Remember, LDAP users MUST be in the local Liferay database as well as being present in your LDAP repository.

Hope this helps,

-David
Bhupesh Nagda
RE: LDAP Authentication not working
24 de marzo de 2012 4:42
Respuesta

Bhupesh Nagda

Ranking: New Member

Mensajes: 4

Fecha de incorporación: 16 de marzo de 2012

Mensajes recientes

Hi,
I have a unique issue while authenticating the AD users in Liferay, they would be able to login for any password(text or number or special character) including their original password.
I am using Liferay 6.0.6 CE with MySQL database...Also the users are being imported in the User_ table which I cross checked.
I have added the patch provided by jonus => 'lps9000-ldap-ce6010-portal-impl-jdk5.jar' and it worked well with HSQL database, users were authenticating with their original password only.
I dont know where exactly is the issue,is it with MySQL?? emoticon can anyone please help??

==> portal-ext.properties


# MySQL
#jdbc.default.jndi.name=jdbc/LiferayPool
jdbc.default.driverClassName=com.mysql.jdbc.Driver
jdbc.default.url=jdbc:mysql://localhost:3306/lportal?useUnicode=true&characterEncoding=UTF-8&useFastDateParsing=false
jdbc.default.username=root
jdbc.default.password=YES
schema.run.enabled=true
schema.run.minimal=true
plugin.repositories.trusted=http://plugins.liferay.com/official
users.reminder.queries.enabled=false
users.reminder.queries.custom.question.enabled=false
ldap.import.user.password.enabled=true
Bhupesh Nagda
RE: LDAP Authentication not working
4 de abril de 2012 3:38
Respuesta

Bhupesh Nagda

Ranking: New Member

Mensajes: 4

Fecha de incorporación: 16 de marzo de 2012

Mensajes recientes

Can anyone here please help me??
Oliver Dudas
RE: LDAP Authentication not working
3 de octubre de 2012 5:17
Respuesta

Oliver Dudas

Ranking: New Member

Mensajes: 1

Fecha de incorporación: 29 de marzo de 2012

Mensajes recientes

Hi, same problem here.

Liferay 6.0.5 CE
Oracle DB
Same patch

I'm able to login for any password emoticon
Jonas Yuan
RE: LDAP Authentication not working
3 de octubre de 2012 9:00
Respuesta

Jonas Yuan

Ranking: Liferay Master

Mensajes: 993

Fecha de incorporación: 26 de abril de 2007

Mensajes recientes

@Bhupesh @Oliver,

Let me verify the same patch in MySQL and Oracle DB.

Thanks to report the issue.

Jonas Yuan
Bruno Galvao
RE: LDAP Authentication not working
16 de noviembre de 2012 7:33
Respuesta

Bruno Galvao

Ranking: Junior Member

Mensajes: 58

Fecha de incorporación: 26 de agosto de 2011

Mensajes recientes

Dhiraj Minocha:
Hi Bruno,

I am also experiencing the same problem with my Ldap configuration.
In control panel the two checkboxes "import enabled" and "import on startup enabled" are ticked.
I have even checked the data base table User_ and I dont find my ldap users imported there.

Please help me with this.

Thanks
Dhiraj


Hi Dhiraj,

I ended up having to write an SQL Job to pull in the users into a temporary Liferay table and from there I wrote a .NET program to call the API and add/remove/update users.

I published part of the .NET program on my blog: http://brunopgalvao.wordpress.com/

Best
Bruno
Jonas Yuan
RE: LDAP Authentication not working
26 de noviembre de 2012 20:39
Respuesta

Jonas Yuan

Ranking: Liferay Master

Mensajes: 993

Fecha de incorporación: 26 de abril de 2007

Mensajes recientes

The fix patch for 6.1 GA2 CE is ready.

Please drop an email to jonasliferay@gmail.com for the fix.

Thanks

Jonas Yuan
Jonas Yuan
RE: LDAP Authentication not working
26 de noviembre de 2012 20:41
Respuesta

Jonas Yuan

Ranking: Liferay Master

Mensajes: 993

Fecha de incorporación: 26 de abril de 2007

Mensajes recientes

Hi Oliver,

You may use 6.1 GA2 and the fix patch (see following post).

Thanks

Jonas
Brij Mohan Kataria
RE: LDAP Authentication not working
17 de junio de 2013 4:51
Respuesta

Brij Mohan Kataria

Ranking: New Member

Mensajes: 10

Fecha de incorporación: 20 de mayo de 2013

Mensajes recientes

Dear All,

I have just Create my LDAP connection when i test connection the message is Liferay has successfully connected to the LDAP server. but when i Test LDAP Users the message is No users were found.

I also create user in LDAP server i attach my setting page and LDAP user image please help me.

Thanks in Advance !
Adjunto

Adjunto

archivos adjuntos: Ladap_User.png (39,8k), SettingPage.png (77,2k)
Brij Mohan Kataria
RE: LDAP Authentication not working
17 de junio de 2013 5:24
Respuesta

Brij Mohan Kataria

Ranking: New Member

Mensajes: 10

Fecha de incorporación: 20 de mayo de 2013

Mensajes recientes

LDAP USER DETAILS ::::::::

ObjectClass : inetOrgPerson (structural)
ObjectClass : organizationalPerson (structural)
ObjectClass : person (structural)
ObjectClass : top (abstract)
cn : test
sn : test
uid : test
userPassword : test

Liferay LDAP Setting Page :::

Authentication Search Filter : (&objectCategory=Person)(mail=@email_address@)
Import Search Filter : (objectClass=InetOrgPerson)
Screen Name : test
Password :userPassword
Email Address : mail
Full Name :
First Name : test
Last Name : test
Job Title : title
Portrait :
Group :
UUID:
Brij Mohan Kataria
RE: LDAP Authentication not working
17 de junio de 2013 5:25
Respuesta

Brij Mohan Kataria

Ranking: New Member

Mensajes: 10

Fecha de incorporación: 20 de mayo de 2013

Mensajes recientes

Password :test
srujana k
RE: LDAP Authentication not working
19 de septiembre de 2014 7:05
Respuesta

srujana k

Ranking: New Member

Mensajes: 3

Fecha de incorporación: 6 de mayo de 2014

Mensajes recientes

David H Nebinger:
If the account info is already imported in liferay's User_ table, why should I still need LDAP import enabled?


It will rebind to ldap using the credentials to ensure the account is still valid...

I don't think this is a bug; we want to do ldap authentication and part of that authentication includes ensuring the credentials are correct.

Otherwise LR imports you today but you are disabled in LDAP tonight; when you hit the box tomorrow w/o the LDAP bind, it would let you log in even though you should not be able to...


Hi David,

I'm using Liferay 6.2 CE GA2. I'm facing the same issue on my server.Few users are not able to log in. I tried debugging and found that the api is returning 'DNE' for the users who are not able to login. I've enabled the import, yet facing the same issue. I've restarted the server instance and checked, but nothing much happening.

Any suggestions?


Thank you.