Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Micha Ra
LDAP err 17 empty AttributeDescription - openLDAP export
December 22, 2011 3:53 AM
Answer

Micha Ra

Rank: New Member

Posts: 1

Join Date: December 22, 2011

Recent Posts

Hello Everybody,

with Liferay Portal 6.1 RC 1 I have done a successful LDAP setup with connecting to openLDAP with custom attributes mapping:
my portal-ext.properties file is
 1auth.pipeline.pre=com.liferay.portal.security.auth.LDAPAuth
 2ldap.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
 3ldap.auth.enabled=true
 4ldap.auth.required=false
 5ldap.base.provider.url=ldap://liferay.com:389
 6ldap.base.dn=dc=liferay,dc=com
 7ldap.security.principal=cn=Manager,dc=liferay,dc=com
 8ldap.security.credentials=secret
 9ldap.auth.search.filter=(uid=@screen_name@)
10ldap.import.user.search.filter=(objectClass=person)
11ldap.user.mappings=screenName=uid\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nfullName=cn\nlastName=sn
12ldap.user.custom.mappings=Organization=o\nHomepage=labeledURI\npostalAddress=postalAddress\nCountry=postalCode\nProject=l
13ldap.import.group.search.filter=(objectClass=groupOfUniqueNames)
14ldap.import.enabled=true
15ldap.import.on.startup=true
16ldap.import.interval=10
17ldap.export.enabled=true
18ldap.users.dn=ou=people,dc=liferay,dc=com
19ldap.groups.dn=ou=groups,dc=liferay,dc=com

All LDAP user attributes are imported and mapped to before created Custom Fields. (Big improvement to LP 6.0.6)
everything works fine until I enable ldap.export.enabled = true.
Afterwards even login fails with the following error:
 1
 211:29:33,871 ERROR [LoginAction:128] com.liferay.portal.ModelListenerException: javax.naming.directory.InvalidAttributeIdentifierException: [LDAP: error code 17 - : empty AttributeDescription]; remaining name 'uid=testuser,ou=people,dc=liferay,dc=com'
 3com.liferay.portal.ModelListenerException: javax.naming.directory.InvalidAttributeIdentifierException: [LDAP: error code 17 - : empty AttributeDescription]; remaining name 'uid=testuser,ou=people,dc=liferay,dc=com'
 4        at com.liferay.portal.model.UserListener.onAfterUpdate(UserListener.java:75)
 5        at com.liferay.portal.model.UserListener.onAfterUpdate(UserListener.java:1)
 6        at com.liferay.portal.model.BaseModelListener.onAfterUpdate(BaseModelListener.java:1)
 7        at com.liferay.portal.service.persistence.impl.BasePersistenceImpl.update(BasePersistenceImpl.java:264)
 8        at com.liferay.portal.service.impl.UserLocalServiceImpl.authenticate(UserLocalServiceImpl.java:5067)
 9        at com.liferay.portal.service.impl.UserLocalServiceImpl.authenticateByScreenName(UserLocalServiceImpl.java:886)
10        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
11        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
12        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
13        at java.lang.reflect.Method.invoke(Method.java:597)
14        at com.liferay.portal.spring.aop.ServiceBeanMethodInvocation.proceed(ServiceBeanMethodInvocation.java:112)
15        at com.liferay.portal.spring.transaction.TransactionInterceptor.invoke(TransactionInterceptor.java:71)
16        at com.liferay.portal.spring.aop.ServiceBeanMethodInvocation.proceed(ServiceBeanMethodInvocation.java:108)
17        at com.liferay.portal.spring.aop.ChainableMethodAdvice.invoke(ChainableMethodAdvice.java:59)
18        at com.liferay.portal.spring.aop.ServiceBeanMethodInvocation.proceed(ServiceBeanMethodInvocation.java:108)
19        at com.liferay.portal.spring.aop.ChainableMethodAdvice.invoke(ChainableMethodAdvice.java:59)
20        at com.liferay.portal.spring.aop.ServiceBeanMethodInvocation.proceed(ServiceBeanMethodInvocation.java:108)
21        at com.liferay.portal.spring.aop.ChainableMethodAdvice.invoke(ChainableMethodAdvice.java:59)
22        at com.liferay.portal.spring.aop.ServiceBeanMethodInvocation.proceed(ServiceBeanMethodInvocation.java:108)
23        at com.liferay.portal.spring.aop.ServiceBeanAopProxy.invoke(ServiceBeanAopProxy.java:211)
24        at $Proxy96.authenticateByScreenName(Unknown Source)
25        at com.liferay.portal.service.UserLocalServiceUtil.authenticateByScreenName(UserLocalServiceUtil.java:607)
26        at com.liferay.portlet.login.util.LoginUtil.getAuthenticatedUserId(LoginUtil.java:160)
27        at com.liferay.portlet.login.util.LoginUtil.login(LoginUtil.java:243)
28        at com.liferay.portlet.login.action.LoginAction.login(LoginAction.java:189)
29        at com.liferay.portlet.login.action.LoginAction.processAction(LoginAction.java:88)
30        at com.liferay.portal.struts.PortletRequestProcessor.process(PortletRequestProcessor.java:175)
31        at com.liferay.portlet.StrutsPortlet.processAction(StrutsPortlet.java:190)
32        at com.liferay.portlet.FilterChainImpl.doFilter(FilterChainImpl.java:70)
33        at com.liferay.portal.kernel.portlet.PortletFilterUtil.doFilter(PortletFilterUtil.java:48)
34        at com.liferay.portlet.InvokerPortletImpl.invoke(InvokerPortletImpl.java:653)
35...
36Caused by: javax.naming.directory.InvalidAttributeIdentifierException: [LDAP: error code 17 - : empty AttributeDescription]; remaining name 'uid=testuser,ou=people,dc=liferay,dc=com'
37        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3110)
38        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
39        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
40        at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1455)
41        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
42        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
43        at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:153)
44        at com.liferay.portal.security.ldap.PortalLDAPExporterImpl.exportToLDAP(PortalLDAPExporterImpl.java:199)
45        at com.liferay.portal.security.ldap.PortalLDAPExporterUtil.exportToLDAP(PortalLDAPExporterUtil.java:43)
46        at com.liferay.portal.model.UserListener.exportToLDAP(UserListener.java:96)
47        at com.liferay.portal.model.UserListener.onAfterUpdate(UserListener.java:72)
48        ... 143 more

on LDAP server similar log entry is:
1
2Dec 22 10:08:48 liferay slapd[7179]: conn=1180 op=1069 RESULT tag=103 err=17 text=: empty AttributeDescription


how do I find out what AttributeDescription is empty? Or did anybody knows what is going wrong?

Thanks,
Micha

PS: all hostname settings and logentries are changed to liferay.com
Jack Chung
RE: LDAP err 17 empty AttributeDescription - openLDAP export
May 4, 2012 4:47 PM
Answer

Jack Chung

Rank: New Member

Posts: 19

Join Date: November 30, 2011

Recent Posts

just in case it may help someone else, this error message seems to come up when liferay may be detecting an ldap attribute that it doesn't know what to do with. I think in my case, it was the 'memberOf' attribute. Removing that attribute via the Apache Directory Studio (make sure the Fetch Operational Attributes option in the right-click context menu is turned on) resolved it when i was testing stuff out.

using liferay 6.1 ee, openldap.
Ranga Rao Bobbili
RE: LDAP err 17 empty AttributeDescription - openLDAP export
July 24, 2013 5:41 PM
Answer

Ranga Rao Bobbili

Rank: Regular Member

Posts: 152

Join Date: July 20, 2007

Recent Posts

Hi All,

I also faced same issue with Group export(Portal to LDAP), but i resolved my issue by adding description data in the User Group filed section.

Environment: Liferay Portal 6.1 CE GA2 & Oracle Internet Directory 11g

Thanks,
Ranga Rao Bobbili
Adaequare INC
Attachment

Attachments: userexport.png (169.2k)