Fórum
Liferay and LDAP: current an old password works!
Silvano Fari, modificado 12 Anos atrás.
Liferay and LDAP: current an old password works!
Junior Member Postagens: 58 Data de Entrada: 16/06/10 Postagens Recentes
Hi, I have a Liferay, which is bound to an LDAP (Active Directory) as user registry. It works fine so far!
When I am changing a password of a user in AD the according user is able to immediately log in with the new password.
But what I don't understand is, that logging in with the old one works as well....
Is this working as designed? Can somebody explain, why that behaves like this?
When I am changing a password of a user in AD the according user is able to immediately log in with the new password.
But what I don't understand is, that logging in with the old one works as well....
Is this working as designed? Can somebody explain, why that behaves like this?
Jack Bakker, modificado 11 Anos atrás.
RE: Liferay and LDAP: current an old password works!
Liferay Master Postagens: 978 Data de Entrada: 03/01/10 Postagens Recentes
I also look for solution to this (LR v6.0.6 against Active Directory)
Hüseyin Uzun, modificado 11 Anos atrás.
RE: Liferay and LDAP: current an old password works!
New Member Postagens: 10 Data de Entrada: 11/11/10 Postagens Recentes
There's an blog-entry, where you can see the integration of secure LDAP-Integration: http://www.liferay.com/web/jonas.yuan/blog/-/blogs/6583930
Which Version of Liferay do you use? In 6.0.6 you must implement the sources themselves.
Which Version of Liferay do you use? In 6.0.6 you must implement the sources themselves.
Hitoshi Ozawa, modificado 11 Anos atrás.
RE: Liferay and LDAP: current an old password works!
Liferay Legend Postagens: 7942 Data de Entrada: 24/03/10 Postagens Recentes
This seems to a security risk but I think I've seen similar post before. Have you tried the nightly trunk version because it may be solved there.
elias saliba, modificado 11 Anos atrás.
RE: Liferay and LDAP: current an old password works!
New Member Postagens: 24 Data de Entrada: 16/07/12 Postagens Recentes
hi Silvano,
when your portal liferay imports data from LDAP, it imports password of users and stores it into liferay repository database. then when you change password in your portal, the two passwords will be accepeted. try to not importing data from LDAP server and make your LDAP required:
when your portal liferay imports data from LDAP, it imports password of users and stores it into liferay repository database. then when you change password in your portal, the two passwords will be accepeted. try to not importing data from LDAP server and make your LDAP required:
Anexos:
Jack Bakker, modificado 11 Anos atrás.
RE: Liferay and LDAP: current an old password works!
Liferay Master Postagens: 978 Data de Entrada: 03/01/10 Postagens Recentes
if ldap is not required ; do we know if authentication is FIRST tried against ldap and then against Liferay ? or might it be against Liferay first and then LDAP ?
elias saliba, modificado 11 Anos atrás.
RE: Liferay and LDAP: current an old password works!
New Member Postagens: 24 Data de Entrada: 16/07/12 Postagens Recentes
Hi jack,
If ldap is required then the authentication would take place on the ldap server. This means that the username and password of ldap will be checked.
If ldap is required then the authentication would take place on the ldap server. This means that the username and password of ldap will be checked.
Jack Bakker, modificado 11 Anos atrás.
RE: Liferay and LDAP: current an old password works!
Liferay Master Postagens: 978 Data de Entrada: 03/01/10 Postagens Recentes
Elias wrote
Jack asked
Hi jack,
If ldap is required then the authentication would take place on the ldap server. This means that the username and password of ldap will be checked.
Jack asked
if ldap is not required ; do we know if authentication is FIRST tried against ldap and then against Liferay ? or might it be against Liferay first and then LDAP ?
elias saliba, modificado 11 Anos atrás.
RE: Liferay and LDAP: current an old password works!
New Member Postagens: 24 Data de Entrada: 16/07/12 Postagens RecentesJack Bakker:
Elias wroteHi jack,
If ldap is required then the authentication would take place on the ldap server. This means that the username and password of ldap will be checked.
Jack askedif ldap is not required ; do we know if authentication is FIRST tried against ldap and then against Liferay ? or might it be against Liferay first and then LDAP ?
Elias answer:
If required is true then liferay only search in ldap server.
If required is false then liferay will firstly seach in its repository, if the authentication is false then liferay will go to the third party (ldap) .
Conclusion, if ldap is not required, liferay will fetch firstly in its repository because its is more quick and its dependent to liferay, then fetch in ldap.
Hitoshi Ozawa, modificado 11 Anos atrás.
RE: Liferay and LDAP: current an old password works!
Liferay Legend Postagens: 7942 Data de Entrada: 24/03/10 Postagens Recentes
Please try it and see it actually works. I think there was a bug which made it to always check liferay's repository.