Foren

  1. Startseite
  2. Portal
  3. Microsoft Active Directory authentication

Microsoft Active Directory authentication

thumbnail
Aniceto P Madrid, geändert vor 14 Jahren.

Microsoft Active Directory authentication

Regular Member Beiträge: 120 Beitrittsdatum: 24.05.08 Neueste Beiträge
Hi

I've never user LDAP authentication. I wat to connect 5.2.3 with MS Active Directory and I did'nt get it working

I've gone to portal settings, authentication

LDAP, select MS Active Directory, Reset values

url: ldap://servidorad:389
base DN: dc=midominio,dc=local (el dominio AD es midominio.local)
user: administrador@mydomain.local
password: ******

test LDAP connection: OK
test LDAP users: OK. The user list of this AD is shown
email=aperez@mydomain.local
test LDAP groups:: OK. I see the groups list

import Enabled: true
import on startup enabled: true
import interval: 10 min
Export Enabled: false
use LDAP password policy: false

With portal autentication by emal I try to login as aperez@mydomain.local. Doesn't work. I change the authentication to screen name and user aperez, abut it desn't work either.

I see these logs every 10 min

18-jun-2009 10:42:16
INFO: 10:42:16,849 ERROR [UserImpl:109] com.liferay.portal.NoSuchContactException: No Contact exists with the primary key 10903
com.liferay.portal.NoSuchContactException: No Contact exists with the primary key 10903
at com.liferay.portal.service.persistence.ContactPersistenceImpl.findByPrimaryKey(ContactPersistenceImpl.java:286)
at com.liferay.portal.service.impl.ContactLocalServiceImpl.getContact(ContactLocalServiceImpl.java:41)
at sun.reflect.GeneratedMethodAccessor286.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy81.getContact(Unknown Source)
at com.liferay.portal.service.ContactLocalServiceUtil.getContact(ContactLocalServiceUtil.java:84)
at com.liferay.portal.model.impl.UserImpl.getContact(UserImpl.java:104)
at com.liferay.portal.security.ldap.PortalLDAPUtil.importLDAPUser(PortalLDAPUtil.java:845)
at com.liferay.portal.security.ldap.PortalLDAPUtil.importFromLDAP(PortalLDAPUtil.java:572)
at com.liferay.portal.security.ldap.PortalLDAPUtil.importFromLDAP(PortalLDAPUtil.java:541)
at com.liferay.portlet.admin.job.LDAPImportJob.execute(LDAPImportJob.java:62)
at com.liferay.portal.job.JobWrapper.execute(JobWrapper.java:69)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)18-jun-2009 10:32:16

INFO: 10:32:16,853 ERROR [PortalLDAPUtil:888] Error updating user with screen name aperez and email address aperez@mydomain.local
java.lang.NullPointerException
at java.util.Calendar.setTime(Calendar.java:1075)
at com.liferay.portal.security.ldap.PortalLDAPUtil.importLDAPUser(PortalLDAPUtil.java:849)
at com.liferay.portal.security.ldap.PortalLDAPUtil.importFromLDAP(PortalLDAPUtil.java:572)
at com.liferay.portal.security.ldap.PortalLDAPUtil.importFromLDAP(PortalLDAPUtil.java:541)
at com.liferay.portlet.admin.job.LDAPImportJob.execute(LDAPImportJob.java:62)
at com.liferay.portal.job.JobWrapper.execute(JobWrapper.java:69)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)

Any ideas?
Thanks
Kevin Bailey, geändert vor 14 Jahren.

RE: Microsoft Active Directory authentication

New Member Beiträge: 7 Beitrittsdatum: 13.07.09 Neueste Beiträge
Hi,

Did you get any joy resolving this issue as I am having the same problem. I have just downloaded version 5.2.3 and am trying to configure Liferay to import users/groups from ADAM. On the setting's page all is well and I can successfully connect to ADAM and retrieve users and groups on the test.

However things go very wrong when I select to import on startup, getting the same error as you.
thumbnail
Lisa Simpson, geändert vor 14 Jahren.

RE: Microsoft Active Directory authentication

Liferay Legend Beiträge: 2034 Beitrittsdatum: 05.03.09 Neueste Beiträge
I wonder if this has anything to do with the ability to authenticate improperly against domain controllers. I've seen several posts about it - namely being able to authenticate using any valid user name and *any* (correct or not) password.
Tomasz Ryzner, geändert vor 14 Jahren.

RE: Microsoft Active Directory authentication

New Member Beitrag: 1 Beitrittsdatum: 17.09.09 Neueste Beiträge
Same thing on my installation, tons of logs.
Any ideas?
Strange all tests seem to be ok but not working after saving/restarting the portal.
regards
tr
Maxwell Chiareli Xandeco, geändert vor 14 Jahren.

RE: Microsoft Active Directory authentication

New Member Beiträge: 3 Beitrittsdatum: 15.09.09 Neueste Beiträge
I have the same problem, every test is ok for me.

But I got a strange problem with the password field when I do the "user list test", it's blank.

I'm using "userPassword" to map it, if I change to other field, just to test, a group of * is shown (because it's a password =) ), so I think this could be the problem, liferay is can't find the password field, so we get a error on login.

Cheers
Maxwell
thumbnail
Lisa Simpson, geändert vor 14 Jahren.

RE: Microsoft Active Directory authentication

Liferay Legend Beiträge: 2034 Beitrittsdatum: 05.03.09 Neueste Beiträge
I've seen some other posts where people say it works fine if you enable both LDAP and NTLM. Point the LDAP to the domain controller...
Maxwell Chiareli Xandeco, geändert vor 14 Jahren.

RE: Microsoft Active Directory authentication

New Member Beiträge: 3 Beitrittsdatum: 15.09.09 Neueste Beiträge
Hi Lisa,

I tried it, but I got the same "contact error"...
thumbnail
Lisa Simpson, geändert vor 14 Jahren.

RE: Microsoft Active Directory authentication

Liferay Legend Beiträge: 2034 Beitrittsdatum: 05.03.09 Neueste Beiträge
Not sure what else to tell you. Maybe try putting CAS between Liferay and AD??