LDAP Authentication with ppolicy

掲示板

8年前に Tobias Liefke によって更新されました。

LDAP Authentication with ppolicy

Junior Member 投稿: 78 参加年月日: 12/11/23 最新の投稿

I've got a problem with the LDAPAuth, when a password policy with "maximum failed login attempts" is used in the LDAP server.
Liferay always authenticates twice, if the user entered a wrong password. This leads to a locked useraccount after half of the allowed login attempts.

Looking into the code: it always tries to "authenticateAgainstPreferredLDAPServer" with the LDAP Server ID of the User and if that fails it tries every configured LDAP server, which includes the preferred LDAP server.

Do I miss something in the configuration?

Tobias

8年前に Andew Jardine によって更新されました。

RE: LDAP Authentication with ppolicy

Liferay Legend 投稿: 2416 参加年月日: 10/12/22 最新の投稿

Hi Tobias,

I can't see any settings to drive that -- you may have found a "bug". I looked at the logic (as you did) and see the same thing. It seems like there should be a check in the "loop over all servers to try to authenticate" that detects if the current server == preferred service, skip it. Two options, assuming it is a bug, that I can think of. Once not so great, you could increase the "max failed" value -- but that won't help if you DS is used by other applications (which it probably is). Alternatively, you could create an EXT plugin and patch the LDAPAuth class adding the logic mentioned above maybe?

8年前に Tobias Liefke によって更新されました。

RE: LDAP Authentication with ppolicy

Junior Member 投稿: 78 参加年月日: 12/11/23 最新の投稿

Hi Andew,

thanks for confirming that.

I've created a bug report: LPS-55343

I know the Ext-Option, I'm always using it for creating patches of found bugs.

I'm currently developing a hook for other LDAP specific modifications - unfortunately I can't change (extend) LDAPAuth in that hook, as it is from portal-impl.