Forums de discussion

  1. Accueil
  2. Portal
  3. LDAP NTLM

LDAP NTLM

Frédéric Aubé, modifié il y a 9 années.

LDAP NTLM

Junior Member Publications: 37 Date d'inscription: 17/07/14 Publications récentes
Hi,

I can't connect to Liferay using NTLM.
I already have configured the LDAP Liferay following a tutorial, it works well and I get my users in the table user_
I log into Liferay by Screen Name, i try only with I.E too

When i enable NTLM i get an error :
09:25:21,358 ERROR [http-bio-8080-exec-5][NtlmFilter:83] java.lang.StringIndexOutOfBoundsException: String index out of range: -1
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
at java.lang.String.substring(Unknown Source)
at com.liferay.portal.security.ntlm.NtlmServiceAccount.setAccount(NtlmServiceAccount.java:50)
at com.liferay.portal.security.ntlm.NtlmServiceAccount.<init>(NtlmServiceAccount.java:26)
at com.liferay.portal.security.ntlm.NtlmManager.setConfiguration(NtlmManager.java:122)
at com.liferay.portal.security.ntlm.NtlmManager.<init>(NtlmManager.java:43)
at com.liferay.portal.servlet.filters.sso.ntlm.NtlmFilter.getNtlmManager(NtlmFilter.java:128)
at com.liferay.portal.servlet.filters.sso.ntlm.NtlmFilter.processFilter(NtlmFilter.java:183)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:169)
at com.liferay.portal.sharepoint.SharepointFilter.processFilter(SharepointFilter.java:88)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:185)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:738)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:165)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:165)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:185)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)


ntlm.auth.enabled=true
ntlm.auth.domain=opac76.fr
ntlm.auth.domain.controller=<IP>
ntlm.auth.domain.controller.name=AD1
ntlm.auth.service.account=<Account login email>
ntlm.auth.service.password=<Password>


Does anyone has had this error but also a solution to it?
thumbnail
Miroslav Ligas, modifié il y a 9 années.

RE: LDAP NTLM

Regular Member Publications: 152 Date d'inscription: 29/07/14 Publications récentes
What version of Liferay do you have?

Make sure that the entries in LDAP have the screen name, email and first name filled. If you missing these Liferay can't create a user in his DB.
Frédéric Aubé, modifié il y a 9 années.

RE: LDAP NTLM

Junior Member Publications: 37 Date d'inscription: 17/07/14 Publications récentes
Liferay Portal Community Edition 6.2 CE GA2 (Newton / Build 6201 / March 20, 2014)
tomcat-7.0.42

Screen Name: sAMAccountName
Email Address: mail
First Name: givenName
Last Name: sn

I think users are properly added in DB.
thumbnail
Miroslav Ligas, modifié il y a 9 années.

RE: LDAP NTLM

Regular Member Publications: 152 Date d'inscription: 29/07/14 Publications récentes
The problem is with your account at AD. You need to use a system account.It's a account with a dollar sign in the name. Liferay checks the name for that. 

_computerName = _account.substring(0, _account.indexOf(StringPool.DOLLAR));	}


I heard that it's a little bit tricky to create this kind of accounts. Google for it or of you have a AD admin at hand he should be able to help.
Frédéric Aubé, modifié il y a 9 années.

RE: LDAP NTLM

Junior Member Publications: 37 Date d'inscription: 17/07/14 Publications récentes
Ok tanks, actually i use an User Account.
I'm gonna try this and let you know the issue.