LDAP Authentication with ppolicy

Fórumok

Tobias Liefke, módosítva 9 év-val korábban

LDAP Authentication with ppolicy

Junior Member Bejegyzések: 78 Csatlakozás dátuma: 2012.11.23. Legújabb bejegyzések

I've got a problem with the LDAPAuth, when a password policy with "maximum failed login attempts" is used in the LDAP server.
Liferay always authenticates twice, if the user entered a wrong password. This leads to a locked useraccount after half of the allowed login attempts.

Looking into the code: it always tries to "authenticateAgainstPreferredLDAPServer" with the LDAP Server ID of the User and if that fails it tries every configured LDAP server, which includes the preferred LDAP server.

Do I miss something in the configuration?

Tobias

Andew Jardine, módosítva 9 év-val korábban

RE: LDAP Authentication with ppolicy

Liferay Legend Bejegyzések: 2416 Csatlakozás dátuma: 2010.12.22. Legújabb bejegyzések

Hi Tobias,

I can't see any settings to drive that -- you may have found a "bug". I looked at the logic (as you did) and see the same thing. It seems like there should be a check in the "loop over all servers to try to authenticate" that detects if the current server == preferred service, skip it. Two options, assuming it is a bug, that I can think of. Once not so great, you could increase the "max failed" value -- but that won't help if you DS is used by other applications (which it probably is). Alternatively, you could create an EXT plugin and patch the LDAPAuth class adding the logic mentioned above maybe?

Tobias Liefke, módosítva 9 év-val korábban

RE: LDAP Authentication with ppolicy

Junior Member Bejegyzések: 78 Csatlakozás dátuma: 2012.11.23. Legújabb bejegyzések

Hi Andew,

thanks for confirming that.

I've created a bug report: LPS-55343

I know the Ext-Option, I'm always using it for creating patches of found bugs.

I'm currently developing a hook for other LDAP specific modifications - unfortunately I can't change (extend) LDAPAuth in that hook, as it is from portal-impl.