Foren
How to authenticate with Active Directories using a case insensitive filter
Mirto Silvio Busico, geändert vor 10 Jahren.
How to authenticate with Active Directories using a case insensitive filter
Regular Member Beiträge: 240 Beitrittsdatum: 18.01.12 Neueste Beiträge
Hi all,
I need to authenticate users that have, in the Active Directories, a login name that is mixed case (example sAMAccountName is "MyUser1").
I'm using:
With my settings, Apache authenticate the user with any case (i.e. MyUsr1, myusr1, MYUSR1,....) but passes always the user all lower case (i.e. "myusr1")
The settings in Apache are:
In Portal settings -> Authentication -> LDAP for the "Authentication Search Filter" I have:
But, when I try to authenticate using the "IT-DevUsr1" account, Apache accept the user, passes to Liferay the lower case account (it-devusr1) and Liferay says it cannot find an account with this name:
If I use any user that is defined all lowercase in the Active direcories (e.g. "mbusico") everything works correctly and the user is automatically logged in Liferay.
What can I do?
I need to authenticate users that have, in the Active Directories, a login name that is mixed case (example sAMAccountName is "MyUser1").
I'm using:
- Liferay 6.1.1 CE ga2
- Ubuntu 13.04 64Bit
- Apache 2.2
With my settings, Apache authenticate the user with any case (i.e. MyUsr1, myusr1, MYUSR1,....) but passes always the user all lower case (i.e. "myusr1")
The settings in Apache are:
<location />
AuthType Basic
AuthUserFile /MYAPP/sw/users
AuthBasicProvider ldap file
AuthzLDAPAuthoritative off
AuthName "My Main site"
AuthLDAPURL ldap://xx.xx.xx.xx/ou=XX,dc=XX,dc=YY,dc=ZZ?sAMAccountName
AuthLDAPBindDN ADUSER@ADDOMAIN
AuthLDAPBindPassword XXXXXXXX
require valid-user
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . - [E=RU:%1]
RequestHeader set LIFERAY_SCREEN_NAME %{RU}e
Header echo ^L
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /repository !
ProxyPass /static !
ProxyPass /cgi-bin !
ProxyPass /phppgadmin !
ProxyPass / ajp://127.0.0.1:8009/
ProxyPassReverse / ajp://127.0.0.1:8009/
In Portal settings -> Authentication -> LDAP for the "Authentication Search Filter" I have:
(sAMAccountName:caseIgnoreMatch:=@screen_name@)
But, when I try to authenticate using the "IT-DevUsr1" account, Apache accept the user, passes to Liferay the lower case account (it-devusr1) and Liferay says it cannot find an account with this name:
06:29:19,365 ERROR [ajp-bio-8009-exec-1][RequestHeaderAutoLogin:82] com.liferay.portal.NoSuchUserException: No User exists with the key {companyId=10153, screenName=myusr1}
com.liferay.portal.NoSuchUserException: No User exists with the key {companyId=10153, screenName=myusr1}
at com.liferay.portal.service.persistence.UserPersistenceImpl.findByC_SN(UserPersistenceImpl.java:2789)
If I use any user that is defined all lowercase in the Active direcories (e.g. "mbusico") everything works correctly and the user is automatically logged in Liferay.
What can I do?
Mirto Silvio Busico, geändert vor 10 Jahren.
RE: How to authenticate with Active Directories using a case insensitive fi
Regular Member Beiträge: 240 Beitrittsdatum: 18.01.12 Neueste Beiträge
Started again with a 6.1.2 CE GA3 portal.
Using Authentication Sear Filte set to:
The behaviour (for a user that have sAMAccountName equal to "MyUsr1") is:
BTW the Liferay screenname is set to all lowercase (myusr1)
How can I automatically login the firs time?
Using Authentication Sear Filte set to:
(sAMAccountName=@screen_name@)
The behaviour (for a user that have sAMAccountName equal to "MyUsr1") is:
- first time front end Apache authenticate but Liferay not
- execute a login to Liferay with "MyUsr1" - success
- from now on Apache and Liferay aythenticate with any case (i.e MyUsr1 and myusr1)
BTW the Liferay screenname is set to all lowercase (myusr1)
How can I automatically login the firs time?