Foren
LDAP import user password
Nowhere Rosa, geändert vor 14 Jahren.
LDAP import user password
New Member Beiträge: 20 Beitrittsdatum: 23.05.09 Neueste Beiträge
Hi all,
I'm getting mad with this issue, surely someone of you can help me to solve it.
I have an instance of liferay currently inegrated with LDAP server (ApacheDS) and it works fine...the authentication looks like to work right.
The problem is that I can't understand how LDAP user are imported: cn, sn, screenname, mail are correctly imported in liferay DB, but userPassword is not. I see "strange" characters in its column and I'm wondering if it's a random password generated by liferay.
Initially I was thinking it was LDAP password encrypted, but now I think the two values are not linked in any way.
Can anyone explain me what is happening? I didn't found googling a final answer and, also, I'd like to know if there is a solution to import the correct password.
Any help would be appreciated, I can't figure out how resolve the issue...thanks in advance! :-)
Have a nice evening!
I'm getting mad with this issue, surely someone of you can help me to solve it.
I have an instance of liferay currently inegrated with LDAP server (ApacheDS) and it works fine...the authentication looks like to work right.
The problem is that I can't understand how LDAP user are imported: cn, sn, screenname, mail are correctly imported in liferay DB, but userPassword is not. I see "strange" characters in its column and I'm wondering if it's a random password generated by liferay.
Initially I was thinking it was LDAP password encrypted, but now I think the two values are not linked in any way.
Can anyone explain me what is happening? I didn't found googling a final answer and, also, I'd like to know if there is a solution to import the correct password.
Any help would be appreciated, I can't figure out how resolve the issue...thanks in advance! :-)
Have a nice evening!
Amos Fong, geändert vor 14 Jahren.
RE: LDAP import user password
Liferay Legend Beiträge: 2047 Beitrittsdatum: 07.10.08 Neueste Beiträge
Hello,
Did you set import enabled? If this is set to true, then Liferay will do a mass import of everyone in LDAP to liferay. However this does NOT copy the password during this import. A random password will be generated in Liferay's database.
The password is updated when the user logs in successfully. I believe this is because the LDAP server will not give up passwords (security I assume), so Liferay cannot get it at that time. So when a user attempts to authenticate against LDAP with a password, if it's successful, then Liferay will know that is the correct password and update the user accordingly.
Did you set import enabled? If this is set to true, then Liferay will do a mass import of everyone in LDAP to liferay. However this does NOT copy the password during this import. A random password will be generated in Liferay's database.
The password is updated when the user logs in successfully. I believe this is because the LDAP server will not give up passwords (security I assume), so Liferay cannot get it at that time. So when a user attempts to authenticate against LDAP with a password, if it's successful, then Liferay will know that is the correct password and update the user accordingly.
Nowhere Rosa, geändert vor 14 Jahren.
RE: LDAP import user password
New Member Beiträge: 20 Beitrittsdatum: 23.05.09 Neueste Beiträge
Hi,
thanks for reply!
Yes, I set import settings.
This is my portal-ext.properties content:
Is there some error in it? Pwds are not update after successful first login :-(
Ask me if you need more info.
Again thanks :-)
thanks for reply!
Yes, I set import settings.
This is my portal-ext.properties content:
# File di configurazione di liferay - sovrascrive le configurazioni di portal.properties
# settings del DB
hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
jdbc.default.driverClassName=org.postgresql.Driver
jdbc.default.url=jdbc:postgresql://localhost:5432/lportal
jdbc.default.username=sa
jdbc.default.password=sa
# settings per il SSO con CAS
auto.login.hooks=com.liferay.portal.security.auth.CASAutoLogin
#company.security.auth.type=screenName
company.security.auto.login=true
cas.auth.enabled=true
cas.import.from.ldap=true
cas.login.url=https://localhost:8443/cas-web/login
cas.logout.url=https://localhost:8443/cas-web/logout
cas.server.name=localhost:8081
#cas.service.url=
cas.service.url=http://localhost:8082/c/portal/login
cas.validate.url=https://localhost:8443/cas-web/proxyValidate
# settings per LDAP
ldap.auth.enabled=true
ldap.auth.required=false
ldap.auth.search.filter=(mail=@email_address@)
ldap.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.base.provider.url=ldap://localhost:10389
ldap.base.dn=o=liferayTest
ldap.security.principal=uid=admin,ou=system
ldap.security.credentials=secret
ldap.referral=follow
ldap.import.enabled=true
ldap.import.interval=10
ldap.import.on.startup=true
ldap.import.method=user
ldap.export.enabled=true
ldap.user.mappings=screenName=cn\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn\njobTitle=title\n
ldap.users.dn=ou=People,o=liferayTest
ldap.groups.dn=ou=Groups,o=liferayTest
ldap.user.default.object.classes=top,person,inetOrgPerson,organizationalPerson
#Memorizza le pwd in chiaro per liferay
passwords.encryption.algorithm=NONE
Is there some error in it? Pwds are not update after successful first login :-(
Ask me if you need more info.
Again thanks :-)
Nowhere Rosa, geändert vor 14 Jahren.
RE: LDAP import user password
New Member Beiträge: 20 Beitrittsdatum: 23.05.09 Neueste Beiträge
Hi,
I found the problem is in CAS enabled. If I disable it, liferay behave as expected: correct pwd is stored in db when user access portal the first time.
When cas in enabled it's never stored. How can I remediate at this? Need I an hook class after cas login? Can I have a brief guide on it?
Good night :-)
I found the problem is in CAS enabled. If I disable it, liferay behave as expected: correct pwd is stored in db when user access portal the first time.
When cas in enabled it's never stored. How can I remediate at this? Need I an hook class after cas login? Can I have a brief guide on it?
Good night :-)
Jerry Niu, geändert vor 14 Jahren.
RE: LDAP import user password
Expert Beiträge: 451 Beitrittsdatum: 21.06.06 Neueste Beiträge
You'll have to modify CAS itself and its interaction with LDAP at that point. I would look up CAS documentation for that.
You can reference these 2 wiki articles for ideas:
CAS, LDAP and Liferay 5.2.x
Single SignOn - Integrating Liferay With CAS Server
You can reference these 2 wiki articles for ideas:
CAS, LDAP and Liferay 5.2.x
Single SignOn - Integrating Liferay With CAS Server
Nowhere Rosa, geändert vor 14 Jahren.
RE: LDAP import user password
New Member Beiträge: 20 Beitrittsdatum: 23.05.09 Neueste Beiträge
Yes,
I managed to change passord in db when server cas authenticate user, but liferay rechange it to previous value...why? Can I avoid it?
Thanks!
I managed to change passord in db when server cas authenticate user, but liferay rechange it to previous value...why? Can I avoid it?
Thanks!
Juan Gonzalez P, geändert vor 13 Jahren.
RE: LDAP import user password
Liferay Legend Beiträge: 3089 Beitrittsdatum: 28.10.08 Neueste BeiträgeNowhere Rosa:
Yes,
I managed to change passord in db when server cas authenticate user, but liferay rechange it to previous value...why? Can I avoid it?
Thanks!
Please can you tell me how did you get that working? I am after that solution for some weeks and even created and issue:
http://issues.liferay.com/browse/LPS-14624
With your solution I could debug Liferay and tell you why Liferay rechanges password.
Nowhere Rosa, geändert vor 13 Jahren.
RE: LDAP import user password
New Member Beiträge: 20 Beitrittsdatum: 23.05.09 Neueste BeiträgeJuan Gonzalez P:
Nowhere Rosa:Yes,
I managed to change passord in db when server cas authenticate user, but liferay rechange it to previous value...why? Can I avoid it?
Thanks!
Please can you tell me how did you get that working? I am after that solution for some weeks and even created and issue:
http://issues.liferay.com/browse/LPS-14624
With your solution I could debug Liferay and tell you why Liferay rechanges password.
Sorry Juan,
but it's so much time ago I did it and I can't remember now how. Maybe I ovverride CAS authentication class to update user details when user logged in. At end, I also debug liferay and I got it working, but now I can't say how anymore. You can find more here: http://www.liferay.com/es/community/forums/-/message_boards/message/4143267 but my question didn't find anwer.
Hope you can find help soon by somebody.
Nowhere Rosa, geändert vor 13 Jahren.
RE: LDAP import user password
New Member Beiträge: 20 Beitrittsdatum: 23.05.09 Neueste Beiträge
Maybe you can extends something as "AbstractLdapUsernamePasswordAuthenticationHandler" and use "UserLocalServiceUtil.updatePassword(id , password , password, false);" to update pwd.
That's all what I remember
That's all what I remember