Foros de discusión

RE: User password change exporting to LDAP (AD)?

Josh Bonczkowski, modificado hace 13 años.

User password change exporting to LDAP (AD)?

Junior Member Mensajes: 59 Fecha de incorporación: 8/06/10 Mensajes recientes
I am currently using Liferay 6.0.2 for my tests. Later this week or early next, I'll be able to test with Liferay 6.0.5.

I have my LDAP (Active Directory) source configured within Liferay for authentication. When users log in, Liferay authenticates against LDAP. I configured LDAP using the secure LDAP port so that AD will accept changes for passwords (unicodePwd attribute).

When I go to the user details control panel and change a password, this results in the userPassword attribute being updated within LDAP and it now contains the plaintext password that was just set. Is Liferay properly configured to update the unicodePwd attribute with the properly formatted password for Active Directory?

To try and work around this, I have been trying to extend the UpdatePasswordAction class in Liferay. I believe this is called when a user submits a new password through the control panel. The code to update the password in AD isn't that hard since I have already worked that out previously. I defined my new action class in the com.liferay.portal.action package within the ext-impl/src/ directory. In ext-web/docroot/WEB-INF/, I updated struts-config-ext.xml to include the new mapping for this one action.


<action path="/portal/update_password" type="com.liferay.portal.action.MyUpdatePasswordAction">
  <forward name="portal.update_password" path="portal.update_password" />
</action>


Unfortunately, it does not appear that my code is being executed, so I am not able to force the password to be set through the unicodePwd attribute using this method at this time.


Suggestions? Thoughts?
Josh Bonczkowski, modificado hace 13 años.

RE: User password change exporting to LDAP (AD)?

Junior Member Mensajes: 59 Fecha de incorporación: 8/06/10 Mensajes recientes
I just remembers the LDAP mappings in portal-ext.properties. I changed the ldap.user.mappings entry to map password=unicodePwd (was previously userPassword). A quick restart of my application server (tomcat) and tried to change my password through the control panel. The password was not updated. Just to make sure, I ran that test a few times.

Perhaps that setting is not taking effect. It appears that the userPassword attribute is still being updated within LDAP to the plaintext password that I changed to in the control panel. Is there a way to check the current settings? Is it read from the file then stored in the DB?
Josh Bonczkowski, modificado hace 13 años.

RE: User password change exporting to LDAP (AD)?

Junior Member Mensajes: 59 Fecha de incorporación: 8/06/10 Mensajes recientes
I believe I found at least part of my own answer.

com.liferay.portal.action.UpdatePasswordAction is not used to change a users password from the control panel.

com.liferay.portlet.myaccount.action.EditUserAction is used to change a users password from the control panel. I was able transform my extension of UpdatePasswordAction to an extension of EditUserAction to push the new users password to Active Directory.

There is a second EditUserAction in com.liferay.portlet.enterpriseadmin.action. This is the base class for the one in the myaccount.action package. Does anyone know how this one is used? It is used for when an administrator edits a user? I'll play with it a bit this morning to see if I need to override this as well.


I still have no idea if changing portlet-ext.properties and modifying the ldap.user.mappings property to have 'password=unicodePwd' will work. For some reason, that property is still not being used by my server even after multiple reboots. I have cleared the tomcat cache directory (work/Catalina/localhost/*) to see if that would matter as well. Somewhere, there appears to be a cached value where 'password=userPassword' and I have yet to find it to force the proper change. Getting help on this would be beneficial as well.
Josh Bonczkowski, modificado hace 13 años.

RE: User password change exporting to LDAP (AD)?

Junior Member Mensajes: 59 Fecha de incorporación: 8/06/10 Mensajes recientes
It appears that I do need to extend com.liferay.portlet.enterpriseadmin.action.EditUserAction as well. And it is used in 7 different actions (in Liferay 6.0.2).
thumbnail
Samuel Liu, modificado hace 13 años.

RE: User password change exporting to LDAP (AD)?

Expert Mensajes: 301 Fecha de incorporación: 27/05/10 Mensajes recientes
Hi Josh,

I would recommend switching to 6.0.5 before getting this to work. From what I understand, 6.0.5 and 6.0.2 differ a bit in terms of LDAP configuration.

I don't know LDAP well enough to answer your other questions, but this is just a recommendation emoticon I also have the settings that makes LDAP work for our test servers, so you can refer to them if you get stuck.

Warm regards,
Sam
Josh Bonczkowski, modificado hace 13 años.

RE: User password change exporting to LDAP (AD)?

Junior Member Mensajes: 59 Fecha de incorporación: 8/06/10 Mensajes recientes
Thanks Sam.

I have been planning on upgrading my test environment to 6.0.5 next week. But that might just happen today or tomorrow.

I figured out my issue with changing the ldap.user.mappings property in portal-ext.properties. This value is only used when creating a new LDAP configuration. Once the configuration is created, I have to update it using the Liferay UI for editing an LDAP configuration.

Changing the associate of Liferay password to AD unicodePwd (again, in 6.0.2) does not work either. When using a secure connection (only way AD will allow password changes), the AD server throws an LDAP error code 53, problem 5003 (WILL_NOT_PERFORM). I am not at all surprised to see this as the password has to be specifically formatted for AD.

I'll give 6.0.5 a try soon and see how it fares out of the box.
thumbnail
Alan Robertson, modificado hace 13 años.

RE: User password change exporting to LDAP (AD)?

New Member Mensajes: 19 Fecha de incorporación: 5/11/10 Mensajes recientes
Josh, were you able to get this working? I'm trying to use Liferay 6.0.5 to change passwords in Active Directory and It's not working for me.
Ryan Ward, modificado hace 13 años.

RE: User password change exporting to LDAP (AD)?

New Member Mensajes: 18 Fecha de incorporación: 12/02/10 Mensajes recientes
I'm also interested in this answer. I'm unable to set AD passwords from within Liferay, I just get plain text storage of the password in the userPassword attribute in AD.
Fezrul fizree, modificado hace 13 años.

RE: User password change exporting to LDAP (AD)?

New Member Mensajes: 5 Fecha de incorporación: 14/03/11 Mensajes recientes
hi there, i have a question, i need to bind AD with liferay using LDAP option in portal setting authentication. My problem is, In AD, there is no userPassword attribute for user,

How i'm suppose to mapping password attribute?

my AD have 3400++ user and i dont see any attribute userPassword on it, only have pwdLastSet attribute witch is nothing to do with user password.
William Liu, modificado hace 12 años.

RE: User password change exporting to LDAP (AD)?

New Member Mensaje: 1 Fecha de incorporación: 22/06/11 Mensajes recientes
I am currently using Liferay 6.0.6 and having the same issue.

I have LDAPS connection and password fields mapped to unicodePwd, and when I change password i got the exception below.

[LDAP: error code 53 - 0000001F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0 ]

Anyone got it working here? Thanks!
thumbnail
Sandip Patel, modificado hace 11 años.

RE: User password change exporting to LDAP (AD)?

Regular Member Mensajes: 205 Fecha de incorporación: 5/01/11 Mensajes recientes
Hi,
I am currently facing issue like:::
i have map Liferay User password field to unicodePwd of LDAP (AD). When i am creating user in Liferay it will give error as below.

Caused by: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'cn=testone,OU=Users,OU=Radisson Edwardian,DC=rbehtest,DC=ed-mstest,DC=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3160)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)


If i am map Liferay user password field to userPassword of LDAP (AD) then it successfully create user in LDAP.

Please help me.. Do I need to change any code for this ??