Foren

  1. Startseite
  2. Portal
  3. Unable to export users to AD 2012R2 (LDAP: error code 16 - 00000057)

Unable to export users to AD 2012R2 (LDAP: error code 16 - 00000057)

Amir Barkal, geändert vor 8 Jahren.

Unable to export users to AD 2012R2 (LDAP: error code 16 - 00000057)

New Member Beiträge: 14 Beitrittsdatum: 12.08.15 Neueste Beiträge
I'm trying to make "liferay-portal-tomcat-6.2-ce-ga6-20160112152609836" export newly created users from Control Panel >> Users to Active Directory 2012 R2.
I'm getting the following error after filling in details in "Add User" screen.
I'm adding Screen Name, Email Address, First Name, Last Name and Gender. BTW what is the proper field mapping for Gender? (it is not possible not to fill in this field)

18:47:27,838 DEBUG [http-bio-8080-exec-4][PortalLDAPUtil:41] -- listing properties --_java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory_java.naming.provider.url=ldaps://ad1.lab1.local:636_com.sun.jndi.ldap.connect.timeout=500_java.naming.security.principal=CN=Administrator,CN=Users,DC=lab1,DC=..._com.sun.jndi.ldap.connect.pool=true_java.naming.security.credentials=123_java.naming.referral=follow_com.sun.jndi.ldap.read.timeout=50000_ [Sanitized]
18:47:27,920 DEBUG [http-bio-8080-exec-4][LDAPSettingsUtil:41] -- listing properties --_password=unicodePwd_lastName=sn_screenName=userPrincipalName_firstName=givenName_emailAddress=mail_ [Sanitized]
18:47:28,012 ERROR [http-bio-8080-exec-4][render_portlet_jsp:132] null
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090D87, comment: Error in attribute conversion operation, data 0, v2580_]; remaining name 'userPrincipalName=user31,OU=liferay,DC=lab1,DC=local' [Sanitized]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3108)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:420)
at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:377)
at com.sun.jndi.toolkit.ctx.ComponentContext.p_bind(ComponentContext.java:614)
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.bind(PartialCompositeContext.java:201)
at javax.naming.InitialContext.bind(InitialContext.java:423)
at com.liferay.portal.security.ldap.PortalLDAPExporterImpl.addUser(PortalLDAPExporterImpl.java:389)
at com.liferay.portal.security.ldap.PortalLDAPExporterImpl.exportToLDAP(PortalLDAPExporterImpl.java:261)
at com.liferay.portal.security.ldap.PortalLDAPExporterUtil.exportToLDAP(PortalLDAPExporterUtil.java:53)
at com.liferay.portal.model.UserListener.exportToLDAP(UserListener.java:106)
at com.liferay.portal.model.UserListener.onAfterUpdate(UserListener.java:74)
at com.liferay.portal.model.UserListener.onAfterUpdate(UserListener.java:1)
at com.liferay.portal.model.BaseModelListener.onAfterUpdate(BaseModelListener.java:1)
at com.liferay.portal.service.persistence.impl.BasePersistenceImpl.update(BasePersistenceImpl.java:340)
at com.liferay.portal.service.impl.UserLocalServiceImpl.updateStatus(UserLocalServiceImpl.java:4923)
at com.liferay.portal.spring.aop.ServiceBeanMethodInvocation.proceed(ServiceBeanMethodInvocation.java:115)
at com.liferay.portal.spring.transaction.DefaultTransactionExecutor.execute(DefaultTransactionExecutor.java:62)
at com.liferay.portal.spring.transaction.TransactionInterceptor.invoke(TransactionInterceptor.java:51)


This is my LDAP settings in portal-ext.properties:
ldap.connection.com.sun.jndi.ldap.read.timeout=50000
ldap.auth.enabled=true
ldap.import.enabled=true
ldap.import.interval=3
ldap.import.on.startup=true
ldap.import.method=user
ldap.auth.required=true
ldap.export.enabled=true
ldap.auth.method=bind
ldap.user.ignore.attributes=birthday,comments,male,middleName
ldap.import.user.password.enabled=false
ldap.password.policy.enabled=true

ldap.server.ids=0
ldap.users.dn.0=OU=liferay,DC=lab1,DC=local
ldap.user.default.object.classes.0=top,person,organizationPerson,user
ldap.groups.dn.0=OU=liferay,DC=lab1,DC=local
ldap.group.default.object.classes.0=top,group
ldap.server.name.0=lab1
ldap.base.provider.url.0=ldaps://ad1.lab1.local:636
ldap.base.dn.0=OU=liferay,DC=lab1,DC=local
ldap.security.principal.0=CN=Administrator,CN=Users,DC=lab1,DC=local
ldap.security.credentials.0=123
ldap.user.mappings.0=emailAddress=mail\nfirstName=givenName\nlastName=sn\npassword=unicodePwd\nscreenName=cn\n
ldap.auth.search.filter.0=(&(objectclass=person)(mail=@email_address@)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
ldap.import.user.search.filter.0=(objectClass=person)
ldap.import.group.search.filter.0=(objectClass=group)
ldap.group.mappings.0=description=description\ngroupName=cn\nuser=member
Amir Barkal, geändert vor 8 Jahren.

RE: Unable to export users to AD 2012R2 (LDAP: error code 16 - 00000057)

New Member Beiträge: 14 Beitrittsdatum: 12.08.15 Neueste Beiträge
I'm still looking for an answer on this one, if anyone has an idea what could be the problem I will be happy to know.

UPDATE #1
If I change the LDAP field mapping of the screen name, (for example: screenName=cn) than the error is changed to:
ERROR [http-bio-8080-exec-4][render_portlet_jsp:132] null
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090D87, comment: Error in attribute conversion operation, data 0, v2580_]; remaining name 'cn=user31,OU=liferay,DC=lab1,DC=local'

This means that for some reason, Liferay is trying to put the user's distinguished name in the screename field.
Amir Barkal, geändert vor 8 Jahren.

RE: Unable to export users to AD 2012R2 (LDAP: error code 16 - 00000057)

New Member Beiträge: 14 Beitrittsdatum: 12.08.15 Neueste Beiträge
No one has an idea?
I'm still facing this issue...

Thanks
Amir Barkal, geändert vor 8 Jahren.

RE: Unable to export users to AD 2012R2 (LDAP: error code 16 - 00000057)

New Member Beiträge: 14 Beitrittsdatum: 12.08.15 Neueste Beiträge
I've double checked everything I can imagine. The only explanation I can think of is that Liferay is passing to AD an attribute that doesn't exist.
Anyone can point me to the direction in the code where could that be?
lee zach, geändert vor 7 Jahren.

RE: Unable to export users to AD 2012R2 (LDAP: error code 16 - 00000057)

New Member Beiträge: 3 Beitrittsdatum: 18.07.15 Neueste Beiträge
I face the same problem too, and I see you , I've got a bit said when I seen u still have no solution...
Don't be cry! I found something useful!
When I see the logs, I realize there are something helpful, look the red content below, it means user export to ldap use the UserListener, so , I think we can fix this problem by create our own module listener:
here is the reference doc: https://dev.liferay.com/develop/tutorials/-/knowledge_base/6-2/creating-model-listeners
Let's figure it out!emoticon
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3156)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:423)
at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:380)
at com.sun.jndi.toolkit.ctx.ComponentContext.p_bind(ComponentContext.java:612)
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.bind(PartialCompositeContext.java:201)
at javax.naming.InitialContext.bind(InitialContext.java:429)
at com.liferay.portal.security.ldap.PortalLDAPExporterImpl.addUser(PortalLDAPExporterImpl.java:389)
at com.liferay.portal.security.ldap.PortalLDAPExporterImpl.exportToLDAP(PortalLDAPExporterImpl.java:261)
at com.liferay.portal.security.ldap.PortalLDAPExporterUtil.exportToLDAP(PortalLDAPExporterUtil.java:53)
at com.liferay.portal.model.UserListener.exportToLDAP(UserListener.java:106)
at com.liferay.portal.model.UserListener.onAfterUpdate(UserListener.java:74)
at com.liferay.portal.model.UserListener.onAfterUpdate(UserListener.java:1)
at com.liferay.portal.model.BaseModelListener.onAfterUpdate(BaseModelListener.java:1)
at com.liferay.portal.service.persistence.impl.BasePersistenceImpl.update(BasePersistenceImpl.java:340)
at com.liferay.portal.service.impl.UserLocalServiceImpl.updateStatus(UserLocalServiceImpl.java:4923)
at com.liferay.portal.spring.aop.ServiceBeanMethodInvocation.proceed(ServiceBeanMethodInvocation.java:115)
at com.liferay.portal.spring.transaction.DefaultTransactionExecutor.execute(DefaultTransactionExecutor.java:62)
at com.liferay.portal.spring.transaction.TransactionInterceptor.invoke(TransactionInterceptor.java:51)
lee zach, geändert vor 7 Jahren.

RE: Unable to export users to AD 2012R2 (LDAP: error code 16 - 00000057)

New Member Beiträge: 3 Beitrittsdatum: 18.07.15 Neueste Beiträge
Finally!!!!!
After a long time debug!! I fixed my problem
I thought we both make a huge mistake!!!
I try overwrite UserLocalServiceImpl and write my own UserListener listen onAfterUpdate event!!
Finally figure out by override some class in liferay portal-impl ldap packge , print out some debug info at console:
https://github.com/liferay/liferay-portal/tree/6.2.x/portal-impl/src/com/liferay/portal/security/ldap

here is the solution will help u figure out what's going on with you config,(I'm base on ms server 2008 ad)
1, check all attribute config in ldap is right (eg: cn, userPassword, givenName, sn, etc.)
2, check export objectclass(my issue is config wrong objectclass: change organizationPerson --> organizationalPerson)
3, set up uuid attribute

if still doesn't work , I surgess u can use liferay ext plugin override ldap class to get some useful info
thumbnail
David H Nebinger, geändert vor 7 Jahren.

RE: Unable to export users to AD 2012R2 (LDAP: error code 16 - 00000057)

Liferay Legend Beiträge: 14916 Beitrittsdatum: 02.09.06 Neueste Beiträge
Well, technically this isn't really a bug, it just wasn't configured correctly.

I didn't see this thread come up before or I would have suggested checking out your mappings.

Glad you found the solution, though, and thanks for sharing with everyone!







Come meet me at the NAS!