Fórum
6.0.5, LDAP, and UserScreenNameException error
Hugh Martin, modificado 13 Anos atrás.
6.0.5, LDAP, and UserScreenNameException error
Junior Member Postagens: 75 Data de Entrada: 15/06/10 Postagens Recentes
I am trying to get LDAP configured in 6.0.5, but continue to get a UserScreenNameException error. Below are the relevant portal-ext.properties entries, which worked perfectly under 5.2.3. For 6.0.5, I took to LDAP section from the included portal.properties file to make sure that any 6.0.5 changes were included. What is a little unique for us is that I'm importing groups rather than users due to the fact that we're using IBM Domino as our LDAP source. The groups are being imported, but the users are generating the UserScreenNameException error and are not being imported. I've tried both ScreenNameValidator values, but get the same results. At this point, I've done everything I know to do. Any assistance would be appreciated. Thanks.
==================================================
portal-ext.properties LDAP / Auth config
==================================================
## Screen name validator
# Input a class name that implements
# com.liferay.portal.security.auth.ScreenNameValidator. This class will be
# called to validate user screen names.
#
#users.screen.name.validator=com.liferay.portal.security.auth.DefaultScreenNameValidator
users.screen.name.validator=com.liferay.portal.security.auth.LiberalScreenNameValidator
## LDAP
##
#
# Set the values used to connect to a LDAP store.
#
ldap.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.base.provider.url=ldap://<server>:389
ldap.base.dn=
ldap.security.principal=cn=<id>,ou=<ou1>,ou=<ou2>,o=<org>
ldap.security.credentials=<password>
ldap.referral=follow
#
# Settings for com.liferay.portal.security.auth.LDAPAuth can be configured
# from the Admin portlet. It provides out of the box support for Apache
# Directory Server, Microsoft Active Directory Server, Novell eDirectory,
# and OpenLDAP. The default settings are for Apache Directory Server.
#
# The LDAPAuth class must be specified in the property "auth.pipeline.pre"
# to be executed.
#
# Encryption is implemented by com.liferay.util.Encryptor.provider.class in
# system.properties.
#
ldap.auth.enabled=true
ldap.auth.required=false
#
# Set the page size for directory servers that supports paging. This value
# needs to be 1000 or less for Microsoft Active Directory Server.
#
ldap.page.size=1000
#
# Set the number of values to return in each query to a multivalued
# attribute for directory servers that support range retrieval. The range
# size must be 1000 or less for Windows 2000 and 1500 or less for Windows
# Server 2003.
#
ldap.range.size=1000
#
# Set either bind or password-compare for the LDAP authentication method.
# Bind is preferred by most vendors so that you don't have to worry about
# encryption strategies.
#
ldap.auth.method=bind
#ldap.auth.method=password-compare
#
# Set the password encryption to used to compare passwords if the property
# "ldap.auth.method" is set to password-compare.
#
ldap.auth.password.encryption.algorithm=
ldap.auth.password.encryption.algorithm.types=MD5,SHA
#
# Active Directory stores information about the user account as a series of
# bit fields in the UserAccountControl attribute.
#
# If you want to prevent disabled accounts from logging into the portal you
# need to use a search filter similiar to the following:
# (&(objectclass=person)(userprincipalname=@email_address@)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))
#
# See the following links:
# http://support.microsoft.com/kb/305144/
# http://support.microsoft.com/?kbid=269181
#
ldap.auth.search.filter=(mail=@email_address@)
#
# You can write your own class that implements
# com.liferay.portal.security.ldap.AttributesTransformer to transform the
# LDAP attributes before a user or group is imported to the LDAP store.
#
ldap.attrs.transformer.impl=com.liferay.portal.security.ldap.DefaultAttributesTransformer
#
# When importing and exporting users, the portal will use this mapping to
# connect LDAP user attributes and portal contact attributes.
#
# See com.liferay.portal.model.ContactModel for a list of attributes.
#
ldap.contact.mappings=
#
# When importing and exporting users, the portal will use this mapping to
# connect LDAP user attributes and portal contact's custom attributes.
#
ldap.contact.custom.mappings=
#
# When a user is exported to LDAP and the user does not exist, the user will
# be created with the following default object classes.
#
ldap.user.default.object.classes=top,person,inetOrgPerson,organizationalPerson
#
# When importing and exporting users, the portal will use this mapping to
# connect LDAP user attributes and portal user attributes.
#
# See com.liferay.portal.model.UserModel for a list of attributes.
#
ldap.user.mappings=screenName=cn\npassword=userpassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn\njobTitle=title\ngroup=groupMembership
#groupMembership has no effect since Domino user accounts do not include an attribute for group membership
# Instead, you must get a list of users from the groups via an LDAP filter (member attribute)
#
# When importing and exporting users, the portal will use this mapping to
# connect LDAP user attributes and portal user's custom attributes.
#
ldap.user.custom.mappings=
#
# When a group is exported to LDAP and the group does not exist, the group
# will be created with the following default object classes.
#
ldap.group.default.object.classes=top,groupOfUniqueNames,groupOfNames
#
# When importing groups, the portal will use this mapping to connect LDAP
# group attributes and portal user group attributes.
#
ldap.group.mappings=groupName=cn\ndescription=description\nuser=member
#
# Settings for importing users and groups from LDAP to the portal.
#
ldap.import.enabled=true
ldap.import.on.startup=true
ldap.import.interval=10
ldap.import.user.search.filter=(objectClass=inetOrgPerson)
ldap.import.group.search.filter=(&(objectClass=groupOfNames)(cn=HMA*))
#
# Set either user or group for import method. If set to user, the portal
# will import all users and the groups associated with those users. If set
# to group, the portal import all groups and the users associated those
# groups. This value should be set based on how your LDAP server stores
# group membership information.
#
#ldap.import.method=user
ldap.import.method=group
#HMA: Switched to groups to allow the import of users in these groups.
# Note that users not in any groups will not be imported.
#
# Set this to true if the portal should automatically create a role per
# group imported from LDAP. The role will be assigned to the group so that
# users can automatically inherit that role when they are assigned to the
# group.
#
ldap.import.create.role.per.group=false
#
# Settings for exporting users from the portal to LDAP. This allows a user
# to modify his first name, last name, etc. in the portal and have that
# change get pushed to the LDAP server. This will only be active if the
# property "ldap.auth.enabled" is also set to true. New users and groups
# will be created at the specified DN.
#
ldap.export.enabled=false
ldap.users.dn=ou=users,dc=example,dc=com
ldap.groups.dn=ou=groups,dc=example,dc=com
#
# Set this to true to use the LDAP's password policy instead of the portal
# password policy.
#
ldap.password.policy.enabled=false
#
# Set these values to be a portion of the error message returned by the
# appropriate directory server to allow the portal to recognize messages
# from the LDAP server. The default values will work for Fedora DS.
#
ldap.error.password.age=age
ldap.error.password.expired=expired
ldap.error.password.history=history
ldap.error.password.not.changeable=not allowed to change
ldap.error.password.syntax=syntax
ldap.error.password.trivial=trivial
ldap.error.user.lockout=retry limit
==================================================
Error Message
==================================================
13:09:43,378 ERROR [PortalLDAPImporterImpl:716] Unable to load user {givenname=g
ivenname: Bob, sn=sn: Jones, userpassword=userpassword: [B@e46e67, mail=mail: Bob
_Jones@hma.honda.com, modifytimestamp=modifytimestamp: 20100731072338Z, modifie
rsname=modifiersname: CN=HAM ITIMReader,OU=<ou1>,OU=<ou2>,O=<org>, cn=cn: Bob Jones,
AB12345, title=title: Team Manager, creatorsname=creatorsname: CN=Jane Doe,O
U=<ou1>,OU=<ou2>,O=<org>, createtimestamp=createtimestamp: 19971020184231Z}
com.liferay.portal.UserScreenNameException
at com.liferay.portal.service.impl.UserLocalServiceImpl.validateScreenNa
me(UserLocalServiceImpl.java:3251)
at com.liferay.portal.service.impl.UserLocalServiceImpl.validate(UserLoc
alServiceImpl.java:3073)
at com.liferay.portal.service.impl.UserLocalServiceImpl.addUser(UserLoca
lServiceImpl.java:344)
at sun.reflect.GeneratedMethodAccessor395.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflecti
on(AopUtils.java:309)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJo
inpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
ReflectiveMethodInvocation.java:150)
at org.springframework.transaction.interceptor.TransactionInterceptor.in
voke(TransactionInterceptor.java:110)
at com.liferay.portal.dao.jdbc.aop.DynamicDataSourceTransactionIntercept
or.invoke(DynamicDataSourceTransactionInterceptor.java:44)
at com.liferay.portal.spring.aop.ChainableMethodAdvice.invoke(ChainableM
ethodAdvice.java:58)
at com.liferay.portal.spring.aop.ChainableMethodAdvice.invoke(ChainableM
ethodAdvice.java:58)
at com.liferay.portal.spring.aop.ChainableMethodAdvice.invoke(ChainableM
ethodAdvice.java:58)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
ReflectiveMethodInvocation.java:172)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invok
e(ExposeInvocationInterceptor.java:89)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynami
cAopProxy.java:202)
at $Proxy81.addUser(Unknown Source)
at com.liferay.portal.service.UserLocalServiceUtil.addUser(UserLocalServ
iceUtil.java:287)
at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.addUser(Porta
lLDAPImporterImpl.java:302)
at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importUser(Po
rtalLDAPImporterImpl.java:608)
at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importUsers(P
ortalLDAPImporterImpl.java:700)
at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importFromLDA
PByGroup(PortalLDAPImporterImpl.java:420)
at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importFromLDA
P(PortalLDAPImporterImpl.java:163)
at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importFromLDA
P(PortalLDAPImporterImpl.java:122)
at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importFromLDA
P(PortalLDAPImporterImpl.java:85)
at com.liferay.portal.security.ldap.PortalLDAPImporterUtil.importFromLDA
P(PortalLDAPImporterUtil.java:30)
at com.liferay.portlet.admin.messaging.LDAPImportMessageListener.doRecei
ve(LDAPImportMessageListener.java:38)
at com.liferay.portlet.admin.messaging.LDAPImportMessageListener.receive
(LDAPImportMessageListener.java:30)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.liferay.portal.kernel.bean.ClassLoaderBeanHandler.invoke(ClassLoa
derBeanHandler.java:54)
at $Proxy236.receive(Unknown Source)
at com.liferay.portal.kernel.scheduler.messaging.SchedulerEventMessageLi
stenerWrapper.receive(SchedulerEventMessageListenerWrapper.java:57)
at com.liferay.portal.kernel.messaging.InvokerMessageListener.receive(In
vokerMessageListener.java:63)
at com.liferay.portal.kernel.messaging.ParallelDestination$1.run(Paralle
lDestination.java:61)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExec
utor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
.java:908)
at java.lang.Thread.run(Thread.java:619)
==================================================
portal-ext.properties LDAP / Auth config
==================================================
## Screen name validator
# Input a class name that implements
# com.liferay.portal.security.auth.ScreenNameValidator. This class will be
# called to validate user screen names.
#
#users.screen.name.validator=com.liferay.portal.security.auth.DefaultScreenNameValidator
users.screen.name.validator=com.liferay.portal.security.auth.LiberalScreenNameValidator
## LDAP
##
#
# Set the values used to connect to a LDAP store.
#
ldap.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.base.provider.url=ldap://<server>:389
ldap.base.dn=
ldap.security.principal=cn=<id>,ou=<ou1>,ou=<ou2>,o=<org>
ldap.security.credentials=<password>
ldap.referral=follow
#
# Settings for com.liferay.portal.security.auth.LDAPAuth can be configured
# from the Admin portlet. It provides out of the box support for Apache
# Directory Server, Microsoft Active Directory Server, Novell eDirectory,
# and OpenLDAP. The default settings are for Apache Directory Server.
#
# The LDAPAuth class must be specified in the property "auth.pipeline.pre"
# to be executed.
#
# Encryption is implemented by com.liferay.util.Encryptor.provider.class in
# system.properties.
#
ldap.auth.enabled=true
ldap.auth.required=false
#
# Set the page size for directory servers that supports paging. This value
# needs to be 1000 or less for Microsoft Active Directory Server.
#
ldap.page.size=1000
#
# Set the number of values to return in each query to a multivalued
# attribute for directory servers that support range retrieval. The range
# size must be 1000 or less for Windows 2000 and 1500 or less for Windows
# Server 2003.
#
ldap.range.size=1000
#
# Set either bind or password-compare for the LDAP authentication method.
# Bind is preferred by most vendors so that you don't have to worry about
# encryption strategies.
#
ldap.auth.method=bind
#ldap.auth.method=password-compare
#
# Set the password encryption to used to compare passwords if the property
# "ldap.auth.method" is set to password-compare.
#
ldap.auth.password.encryption.algorithm=
ldap.auth.password.encryption.algorithm.types=MD5,SHA
#
# Active Directory stores information about the user account as a series of
# bit fields in the UserAccountControl attribute.
#
# If you want to prevent disabled accounts from logging into the portal you
# need to use a search filter similiar to the following:
# (&(objectclass=person)(userprincipalname=@email_address@)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))
#
# See the following links:
# http://support.microsoft.com/kb/305144/
# http://support.microsoft.com/?kbid=269181
#
ldap.auth.search.filter=(mail=@email_address@)
#
# You can write your own class that implements
# com.liferay.portal.security.ldap.AttributesTransformer to transform the
# LDAP attributes before a user or group is imported to the LDAP store.
#
ldap.attrs.transformer.impl=com.liferay.portal.security.ldap.DefaultAttributesTransformer
#
# When importing and exporting users, the portal will use this mapping to
# connect LDAP user attributes and portal contact attributes.
#
# See com.liferay.portal.model.ContactModel for a list of attributes.
#
ldap.contact.mappings=
#
# When importing and exporting users, the portal will use this mapping to
# connect LDAP user attributes and portal contact's custom attributes.
#
ldap.contact.custom.mappings=
#
# When a user is exported to LDAP and the user does not exist, the user will
# be created with the following default object classes.
#
ldap.user.default.object.classes=top,person,inetOrgPerson,organizationalPerson
#
# When importing and exporting users, the portal will use this mapping to
# connect LDAP user attributes and portal user attributes.
#
# See com.liferay.portal.model.UserModel for a list of attributes.
#
ldap.user.mappings=screenName=cn\npassword=userpassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn\njobTitle=title\ngroup=groupMembership
#groupMembership has no effect since Domino user accounts do not include an attribute for group membership
# Instead, you must get a list of users from the groups via an LDAP filter (member attribute)
#
# When importing and exporting users, the portal will use this mapping to
# connect LDAP user attributes and portal user's custom attributes.
#
ldap.user.custom.mappings=
#
# When a group is exported to LDAP and the group does not exist, the group
# will be created with the following default object classes.
#
ldap.group.default.object.classes=top,groupOfUniqueNames,groupOfNames
#
# When importing groups, the portal will use this mapping to connect LDAP
# group attributes and portal user group attributes.
#
ldap.group.mappings=groupName=cn\ndescription=description\nuser=member
#
# Settings for importing users and groups from LDAP to the portal.
#
ldap.import.enabled=true
ldap.import.on.startup=true
ldap.import.interval=10
ldap.import.user.search.filter=(objectClass=inetOrgPerson)
ldap.import.group.search.filter=(&(objectClass=groupOfNames)(cn=HMA*))
#
# Set either user or group for import method. If set to user, the portal
# will import all users and the groups associated with those users. If set
# to group, the portal import all groups and the users associated those
# groups. This value should be set based on how your LDAP server stores
# group membership information.
#
#ldap.import.method=user
ldap.import.method=group
#HMA: Switched to groups to allow the import of users in these groups.
# Note that users not in any groups will not be imported.
#
# Set this to true if the portal should automatically create a role per
# group imported from LDAP. The role will be assigned to the group so that
# users can automatically inherit that role when they are assigned to the
# group.
#
ldap.import.create.role.per.group=false
#
# Settings for exporting users from the portal to LDAP. This allows a user
# to modify his first name, last name, etc. in the portal and have that
# change get pushed to the LDAP server. This will only be active if the
# property "ldap.auth.enabled" is also set to true. New users and groups
# will be created at the specified DN.
#
ldap.export.enabled=false
ldap.users.dn=ou=users,dc=example,dc=com
ldap.groups.dn=ou=groups,dc=example,dc=com
#
# Set this to true to use the LDAP's password policy instead of the portal
# password policy.
#
ldap.password.policy.enabled=false
#
# Set these values to be a portion of the error message returned by the
# appropriate directory server to allow the portal to recognize messages
# from the LDAP server. The default values will work for Fedora DS.
#
ldap.error.password.age=age
ldap.error.password.expired=expired
ldap.error.password.history=history
ldap.error.password.not.changeable=not allowed to change
ldap.error.password.syntax=syntax
ldap.error.password.trivial=trivial
ldap.error.user.lockout=retry limit
==================================================
Error Message
==================================================
13:09:43,378 ERROR [PortalLDAPImporterImpl:716] Unable to load user {givenname=g
ivenname: Bob, sn=sn: Jones, userpassword=userpassword: [B@e46e67, mail=mail: Bob
_Jones@hma.honda.com, modifytimestamp=modifytimestamp: 20100731072338Z, modifie
rsname=modifiersname: CN=HAM ITIMReader,OU=<ou1>,OU=<ou2>,O=<org>, cn=cn: Bob Jones,
AB12345, title=title: Team Manager, creatorsname=creatorsname: CN=Jane Doe,O
U=<ou1>,OU=<ou2>,O=<org>, createtimestamp=createtimestamp: 19971020184231Z}
com.liferay.portal.UserScreenNameException
at com.liferay.portal.service.impl.UserLocalServiceImpl.validateScreenNa
me(UserLocalServiceImpl.java:3251)
at com.liferay.portal.service.impl.UserLocalServiceImpl.validate(UserLoc
alServiceImpl.java:3073)
at com.liferay.portal.service.impl.UserLocalServiceImpl.addUser(UserLoca
lServiceImpl.java:344)
at sun.reflect.GeneratedMethodAccessor395.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflecti
on(AopUtils.java:309)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJo
inpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
ReflectiveMethodInvocation.java:150)
at org.springframework.transaction.interceptor.TransactionInterceptor.in
voke(TransactionInterceptor.java:110)
at com.liferay.portal.dao.jdbc.aop.DynamicDataSourceTransactionIntercept
or.invoke(DynamicDataSourceTransactionInterceptor.java:44)
at com.liferay.portal.spring.aop.ChainableMethodAdvice.invoke(ChainableM
ethodAdvice.java:58)
at com.liferay.portal.spring.aop.ChainableMethodAdvice.invoke(ChainableM
ethodAdvice.java:58)
at com.liferay.portal.spring.aop.ChainableMethodAdvice.invoke(ChainableM
ethodAdvice.java:58)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
ReflectiveMethodInvocation.java:172)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invok
e(ExposeInvocationInterceptor.java:89)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynami
cAopProxy.java:202)
at $Proxy81.addUser(Unknown Source)
at com.liferay.portal.service.UserLocalServiceUtil.addUser(UserLocalServ
iceUtil.java:287)
at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.addUser(Porta
lLDAPImporterImpl.java:302)
at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importUser(Po
rtalLDAPImporterImpl.java:608)
at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importUsers(P
ortalLDAPImporterImpl.java:700)
at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importFromLDA
PByGroup(PortalLDAPImporterImpl.java:420)
at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importFromLDA
P(PortalLDAPImporterImpl.java:163)
at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importFromLDA
P(PortalLDAPImporterImpl.java:122)
at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importFromLDA
P(PortalLDAPImporterImpl.java:85)
at com.liferay.portal.security.ldap.PortalLDAPImporterUtil.importFromLDA
P(PortalLDAPImporterUtil.java:30)
at com.liferay.portlet.admin.messaging.LDAPImportMessageListener.doRecei
ve(LDAPImportMessageListener.java:38)
at com.liferay.portlet.admin.messaging.LDAPImportMessageListener.receive
(LDAPImportMessageListener.java:30)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.liferay.portal.kernel.bean.ClassLoaderBeanHandler.invoke(ClassLoa
derBeanHandler.java:54)
at $Proxy236.receive(Unknown Source)
at com.liferay.portal.kernel.scheduler.messaging.SchedulerEventMessageLi
stenerWrapper.receive(SchedulerEventMessageListenerWrapper.java:57)
at com.liferay.portal.kernel.messaging.InvokerMessageListener.receive(In
vokerMessageListener.java:63)
at com.liferay.portal.kernel.messaging.ParallelDestination$1.run(Paralle
lDestination.java:61)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExec
utor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
.java:908)
at java.lang.Thread.run(Thread.java:619)
Ben Davis, modificado 13 Anos atrás.
RE: 6.0.5, LDAP, and UserScreenNameException error
Junior Member Postagens: 77 Data de Entrada: 03/05/07 Postagens Recentes
Try setting your screenName mapping to uid instead of cn.
If your directory is like ours, the CN has a space character
between first and last names and that might be causing the exception.
If your directory is like ours, the CN has a space character
between first and last names and that might be causing the exception.
Hugh Martin, modificado 13 Anos atrás.
RE: 6.0.5, LDAP, and UserScreenNameException error
Junior Member Postagens: 75 Data de Entrada: 15/06/10 Postagens Recentes
I tried both uid and mail (which should both contain the user's email address. This configuration works in 5.x, but not in 6 (CC and EE trial). One difference in our 5.x setup was that we were enabling import, but advice from the Liferay Symposium was not to use Import, so our 6 setup has both import and export disabled.
Ben Davis, modificado 13 Anos atrás.
RE: 6.0.5, LDAP, and UserScreenNameException error
Junior Member Postagens: 77 Data de Entrada: 03/05/07 Postagens Recentes
Must be the @ symbol. I think you might be stuck unless you have some other unique identifier in your directory.
Ben Davis, modificado 13 Anos atrás.
RE: 6.0.5, LDAP, and UserScreenNameException error
Junior Member Postagens: 77 Data de Entrada: 03/05/07 Postagens Recentes
Take a look at this thread:
http://www.liferay.com/community/forums/-/message_boards/message/5264884#_19_message_5243570
http://www.liferay.com/community/forums/-/message_boards/message/5264884#_19_message_5243570
Henrique Simoes de Andrade, modificado 13 Anos atrás.
RE: 6.0.5, LDAP, and UserScreenNameException error
Regular Member Postagens: 165 Data de Entrada: 30/04/10 Postagens Recentes
I'm experiencing same issue...
After migrating from 5.2.3 to 6.0.5, same configuration in portal-ext.properties and same user!
Did you find a solution?
my portal-ext.properties:
13:22:09,418 INFO [STDOUT] 13:22:09,390 ERROR [LDAPAuth:318] Problem accessing LDAP server
com.liferay.portal.UserScreenNameException
at com.liferay.portal.service.impl.UserLocalServiceImpl.validateScreenName(UserLocalServiceImpl.java:3251)
at com.liferay.portal.service.impl.UserLocalServiceImpl.validate(UserLocalServiceImpl.java:3105)
at com.liferay.portal.service.impl.UserLocalServiceImpl.updateUser(UserLocalServiceImpl.java:2315)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
at com.liferay.portal.dao.jdbc.aop.DynamicDataSourceTransactionInterceptor.invoke(DynamicDataSourceTransactionInterceptor.java:44)
at com.liferay.portal.spring.aop.ChainableMethodAdvice.invoke(ChainableMethodAdvice.java:58)
at com.liferay.portal.spring.aop.ChainableMethodAdvice.invoke(ChainableMethodAdvice.java:58)
at com.liferay.portal.spring.aop.ChainableMethodAdvice.invoke(ChainableMethodAdvice.java:58)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy274.updateUser(Unknown Source)After migrating from 5.2.3 to 6.0.5, same configuration in portal-ext.properties and same user!
Did you find a solution?
my portal-ext.properties:
users.screen.name.validator=com.liferay.portal.security.auth.LiberalScreenNameValidator
users.screen.name.always.autogenerate=true
Szymon Winiarz, modificado 13 Anos atrás.
RE: 6.0.5, LDAP, and UserScreenNameException error
New Member Mensagem: 1 Data de Entrada: 10/02/11 Postagens Recentes
I found out that the "_" in the screen name may be the problem when importing users form LDAP.
Trying to login with user whose mapped LDAP screenname contains "_"
I got this error:
When I removed "_" from screen name (changed in LDAP) I logged in whitout any problems (user was imported to Liferay)
Does anyone know how to make it possible to have screen names with "_" character? Maybe it is a bug?
Trying to login with user whose mapped LDAP screenname contains "_"
I got this error:
ERROR [LDAPAuth:318] Problem accessing LDAP server
com.liferay.portal.UserScreenNameException at
com.liferay.portal.service.impl.UserLocalServiceImpl.validateScreenName(UserLocalServiceImpl.java:3228)at
com.liferay.portal.service.impl.UserLocalServiceImpl.validate(UserLocalServiceImpl.java:3073)at
com.liferay.portal.service.impl.UserLocalServiceImpl.addUser(UserLocalServiceImpl.java:344)
When I removed "_" from screen name (changed in LDAP) I logged in whitout any problems (user was imported to Liferay)
Does anyone know how to make it possible to have screen names with "_" character? Maybe it is a bug?
Ben Brown, modificado 13 Anos atrás.
RE: 6.0.5, LDAP, and UserScreenNameException error
Junior Member Postagens: 79 Data de Entrada: 07/07/10 Postagens Recentes
We've got Liferay 6 EE installed, and we're getting the same error.
Why does Liferay not like underscores etc in display names?
We have an active directory to link to that has around 700 accounts in all with [first name]_[surname initial] (e.g. ben_b), and we can't recreate accounts for everyone...any ideas?
Ben
Why does Liferay not like underscores etc in display names?
We have an active directory to link to that has around 700 accounts in all with [first name]_[surname initial] (e.g. ben_b), and we can't recreate accounts for everyone...any ideas?
Ben
Ben Brown, modificado 13 Anos atrás.
RE: 6.0.5, LDAP, and UserScreenNameException error
Junior Member Postagens: 79 Data de Entrada: 07/07/10 Postagens Recentes
Anyone?
Minhchau Dang, modificado 13 Anos atrás.
RE: 6.0.5, LDAP, and UserScreenNameException error
Liferay Master Postagens: 598 Data de Entrada: 22/10/07 Postagens Recentes
While some people in this thread seem to have had issues (possibly because they set some configuration value in the UI and thus effectively invalidated all portal-ext.properties customizations), I've never had problems with setting this in portal.properties:
users.screen.name.validator=com.liferay.portal.security.auth.LiberalScreenNameValidator
Ben Brown, modificado 13 Anos atrás.
RE: 6.0.5, LDAP, and UserScreenNameException error
Junior Member Postagens: 79 Data de Entrada: 07/07/10 Postagens Recentes
That has worked - thanks for the info. 
Shahin Ali, modificado 12 Anos atrás.
RE: 6.0.5, LDAP, and UserScreenNameException error
New Member Postagens: 24 Data de Entrada: 03/05/11 Postagens Recentes
Hi
Doesn it work for u after giving "users.screen.name.validator=com.liferay.portal.security.auth.LiberalScreenNameValidator" in the portal-ext.properties?
for me even after specifying this line, it is showing
com.liferay.portal.UserScreenNameException
at com.liferay.portal.service.impl.UserLocalServiceImpl.validateScreenName(UserLocalServiceImpl.java:3382)
Any help is highly appreciated. Thanks.
Doesn it work for u after giving "users.screen.name.validator=com.liferay.portal.security.auth.LiberalScreenNameValidator" in the portal-ext.properties?
for me even after specifying this line, it is showing
com.liferay.portal.UserScreenNameException
at com.liferay.portal.service.impl.UserLocalServiceImpl.validateScreenName(UserLocalServiceImpl.java:3382)
Any help is highly appreciated. Thanks.
Tejas Kanani, modificado 12 Anos atrás.
RE: 6.0.5, LDAP, and UserScreenNameException error
Liferay Master Postagens: 654 Data de Entrada: 06/01/09 Postagens RecentesShahin Ali:
com.liferay.portal.UserScreenNameException
at com.liferay.portal.service.impl.UserLocalServiceImpl.validateScreenName(UserLocalServiceImpl.java:3382)
Hi Shahin,
Please check if your screen name contains any digit? If yes, and if you want to allow digit as well in screen name, please add below property to portal-ext.properties.
users.screen.name.allow.numeric=trueNote : Please check that your screen name with all digit is not the primary key of any community/organization id, otherwise it will give same error. And it should not be same as user's user id as well.
And in case of
users.screen.name.validator=com.liferay.portal.security.auth.LiberalScreenNameValidatorscreen name will allow any character, any digit, DASH(-), PERIOD(.), UNDERLINE(_). Please check if you have any other special character in your screen name.
And it should not contain any ANONYMOUS name from "anonymous-guest", "guest", "ANONYMOUS", "<anonymous>".
Shahin Ali, modificado 12 Anos atrás.
RE: 6.0.5, LDAP, and UserScreenNameException error
New Member Postagens: 24 Data de Entrada: 03/05/11 Postagens Recentes
Dear Tejas,
Thanks , u got my exact problem.
I have provided the property "users.screen.name.allow.numeric=true".
But the issue is that we have screenNames as numbers only. Ther is high possiblity that the userId can be same as screenName. And most importantly, i am able to import the users into a fresh DB.!!!.
Is there any way to set the auto incremented userId value to some high range to make sure that it wil not conflict with screenName?
I have checked the values and couldnt find any special characters other digits in the screenName field in LDAP.
And also i have checked for the class LiberalScreenNameValidator in the portal-impl.jar file. I couldnt find it over there. I am afraid i am missing the class LiberalScreenNameValidator in the jar. thats why it is neglecting the property.
Thanks again.
Thanks , u got my exact problem.
I have provided the property "users.screen.name.allow.numeric=true".
But the issue is that we have screenNames as numbers only. Ther is high possiblity that the userId can be same as screenName. And most importantly, i am able to import the users into a fresh DB.!!!.
Is there any way to set the auto incremented userId value to some high range to make sure that it wil not conflict with screenName?
I have checked the values and couldnt find any special characters other digits in the screenName field in LDAP.
And also i have checked for the class LiberalScreenNameValidator in the portal-impl.jar file. I couldnt find it over there. I am afraid i am missing the class LiberalScreenNameValidator in the jar. thats why it is neglecting the property.
Thanks again.
Shahin Ali, modificado 12 Anos atrás.
RE: 6.0.5, LDAP, and UserScreenNameException error
New Member Postagens: 24 Data de Entrada: 03/05/11 Postagens RecentesShahin Ali:
Dear Tejas,
Thanks , u got my exact problem.
I have provided the property "users.screen.name.allow.numeric=true".
But the issue is that we have screenNames as numbers only. Ther is high possiblity that the userId can be same as screenName. And most importantly, i am able to import the users into a fresh DB.!!!.
Is there any way to set the auto incremented userId value to some high range to make sure that it wil not conflict with screenName?
I have checked the values and couldnt find any special characters other digits in the screenName field in LDAP.
And also i have checked for the class LiberalScreenNameValidator in the portal-impl.jar file. I couldnt find it over there. I am afraid i am missing the class LiberalScreenNameValidator in the jar. thats why it is neglecting the property.
Thanks again.
We finally resolved the issue. It seems a bug in the liferay code.
while importing the users it is checking the groupId against the screenName. this should be groupId against the userId.
Dawid Chojnacki, modificado 11 Anos atrás.
RE: 6.0.5, LDAP, and UserScreenNameException error
New Member Postagens: 2 Data de Entrada: 04/06/12 Postagens Recentes
Hi.
Basicly if someone suffers on UserScreenNameException he should check how the validation of screenName is being performed:
Cheers, D.
Basicly if someone suffers on UserScreenNameException he should check how the validation of screenName is being performed:
com.liferay.portal.service.impl.UserLocalServiceImpl.validateScreenName()
protected void validateScreenName(
long companyId, long userId, String screenName)
throws PortalException, SystemException {
if (Validator.isNull(screenName)) {
throw new UserScreenNameException();
}
ScreenNameValidator screenNameValidator =
ScreenNameValidatorFactory.getInstance();
if (!screenNameValidator.validate(companyId, screenName)) {
throw new UserScreenNameException();
}
if (Validator.isNumber(screenName)) {
if (!PropsValues.USERS_SCREEN_NAME_ALLOW_NUMERIC) {
throw new UserScreenNameException();
}
if (!screenName.equals(String.valueOf(userId))) {
Group group = groupPersistence.fetchByPrimaryKey(
GetterUtil.getLong(screenName));
if (group != null) {
throw new UserScreenNameException();
}
}
}
for (char c : screenName.toCharArray()) {
if ((!Validator.isChar(c)) && (!Validator.isDigit(c)) &&
(c != CharPool.DASH) && (c != CharPool.PERIOD) &&
(c != CharPool.UNDERLINE)) {
throw new UserScreenNameException();
}
}
String[] anonymousNames = BaseServiceImpl.ANONYMOUS_NAMES;
for (String anonymousName : anonymousNames) {
if (screenName.equalsIgnoreCase(anonymousName)) {
throw new UserScreenNameException();
}
}
User user = userPersistence.fetchByC_SN(companyId, screenName);
if ((user != null) && (user.getUserId() != userId)) {
throw new DuplicateUserScreenNameException();
}
String friendlyURL = StringPool.SLASH + screenName;
Group group = groupPersistence.fetchByC_F(companyId, friendlyURL);
if ((group != null) && (group.getClassPK() != userId)) {
throw new GroupFriendlyURLException(
GroupFriendlyURLException.DUPLICATE);
}
int exceptionType = LayoutImpl.validateFriendlyURL(friendlyURL);
if (exceptionType != -1) {
throw new UserScreenNameException(
new GroupFriendlyURLException(exceptionType));
}
String[] reservedScreenNames = PrefsPropsUtil.getStringArray(
companyId, PropsKeys.ADMIN_RESERVED_SCREEN_NAMES,
StringPool.NEW_LINE, PropsValues.ADMIN_RESERVED_SCREEN_NAMES);
for (String reservedScreenName : reservedScreenNames) {
if (screenName.equalsIgnoreCase(reservedScreenName)) {
throw new ReservedUserScreenNameException();
}
}
}Cheers, D.
Jan Tošovský, modificado 12 Anos atrás.
RE: 6.0.5, LDAP, and UserScreenNameException error
Liferay Master Postagens: 566 Data de Entrada: 22/07/10 Postagens Recentes
Please could you elaborate this 'they set some configuration value in the UI and thus effectively invalidated all portal-ext.properties customizations' a bit?
So if I need to use LiberalScreenNameValidator, all LDAP setting must be specified in portal-ext.properties?
I've done so, but although I've specified import after startup, nothing happens.
If only LiberalScreenNameValidator is specified in the properties file (and the rest in the UI), I am still getting exceptions when any character from non western alphabet is used. When 'Test LDAP users' via LDAP UI is performed, I am getting list of the first 20 users and these characters are Ok. I am confused a bit.
My settings was made according to this article:
http://www.liferay.com/community/wiki/-/wiki/1071674/ldap+with+ad+in+liferay+6.0.5/maximized
So if I need to use LiberalScreenNameValidator, all LDAP setting must be specified in portal-ext.properties?
I've done so, but although I've specified import after startup, nothing happens.
If only LiberalScreenNameValidator is specified in the properties file (and the rest in the UI), I am still getting exceptions when any character from non western alphabet is used. When 'Test LDAP users' via LDAP UI is performed, I am getting list of the first 20 users and these characters are Ok. I am confused a bit.
My settings was made according to this article:
http://www.liferay.com/community/wiki/-/wiki/1071674/ldap+with+ad+in+liferay+6.0.5/maximized
Jan Tošovský, modificado 12 Anos atrás.
RE: 6.0.5, LDAP, and UserScreenNameException error
Liferay Master Postagens: 566 Data de Entrada: 22/07/10 Postagens Recentes
My problem was in the screen name entry (cn) in AD - all were specified as a full name with a space between given name and surname. I've chosen another field (mailNickname) and it works now.
Amit Aggarwal, modificado 13 Anos atrás.
RE: 6.0.5, LDAP, and UserScreenNameException error
Junior Member Postagens: 87 Data de Entrada: 20/08/10 Postagens Recentes
There is a definite bug in 6.0.5 and 6.0.6 on LDAP import if the CN contains a comma character. LR does not escape the LDAP query correctly. I had to patch 2 lines of code in one of the portal service files, and it worked. Does the CN in your example contain a comma? It looks like it might..