Forums de discussion
Login with wrong password
Alex Alex, modifié il y a 8 années.
Login with wrong password
Junior Member Publications: 42 Date d'inscription: 14/08/15 Publications récentes
Hello. I have Liferay Portal Community Edition 6.2 CE GA4 (Newton / Build 6203 / April 16, 2015). Ubuntu Server, Oracle Java 7, domain auth.
There was an interesting situation. I could login with wrong password. I can't understand how it can be.
There was an interesting situation. I could login with wrong password. I can't understand how it can be.
Vilmos Papp, modifié il y a 8 années.
RE: Login with wrong password
Liferay Master Publications: 529 Date d'inscription: 21/10/10 Publications récentes
If you switch off this settings and you are not configured well your authentication, it could happen:
#
# Set this to true to enable password checking by the internal portal
# authentication. If set to false, you're essentially delegating password
# checking is delegated to the authenticators configured in
# "auth.pipeline.pre" and "auth.pipeline.post" settings.
#
auth.pipeline.enable.liferay.check=true
Olaf Kock, modifié il y a 8 années.
RE: Login with wrong password
Liferay Legend Publications: 6403 Date d'inscription: 23/09/08 Publications récentes
Assuming you didn't fiddle with the authentication (in that case: check Vilmos' answer) what I've seen often is a misconfigured caching proxy in front of Liferay: This proxy might cache data of logged-in users and deliver them to unauthenticated users. Under certain circumstances this might look like your login succeeded even though you provided a wrong password (because you suddenly start seeing a personalized UI). If you have a proxy in front of your Java Appserver, this is what you should take care of first. One hint (if you have many users) is that you login as user 1, but see the content for user 2.
Alex Alex, modifié il y a 8 années.
RE: Login with wrong password
Junior Member Publications: 42 Date d'inscription: 14/08/15 Publications récentes
I did as Vilmo said. So I can log in only by my correct password, but users, that nevet didn't log in, couldn't log in at all with correct and incorrect password!
Alex Alex, modifié il y a 8 années.
RE: Login with wrong password
Junior Member Publications: 42 Date d'inscription: 14/08/15 Publications récentes
Some lines from my portal-ext.properties:
ldap.auth.password.encryption.algorithm=MD5
auth.pipeline.enable.liferay.check=true
ldap.import.user.password.enabled=true
layout.parallel.render.timeout=30000
session.store.password=true
ldap.auth.password.encryption.algorithm=MD5
auth.pipeline.enable.liferay.check=true
ldap.import.user.password.enabled=true
layout.parallel.render.timeout=30000
session.store.password=true
Alex Alex, modifié il y a 8 années.
RE: Login with wrong password
Junior Member Publications: 42 Date d'inscription: 14/08/15 Publications récentes
Please, help...
Vilmos Papp, modifié il y a 8 années.
RE: Login with wrong password
Liferay Master Publications: 529 Date d'inscription: 21/10/10 Publications récentesAlex Alex:
Some lines from my portal-ext.properties:
ldap.auth.password.encryption.algorithm=MD5
auth.pipeline.enable.liferay.check=true
ldap.import.user.password.enabled=true
layout.parallel.render.timeout=30000
session.store.password=true
Hi,
I would suggest to disable this property:
ldap.import.user.password.enabled=trueSo it should be:
ldap.import.user.password.enabled=falseFurther more session.store.password is not necessary for LDAP.
Could you try it with this setting?
Alex Alex, modifié il y a 8 années.
RE: Login with wrong password
Junior Member Publications: 42 Date d'inscription: 14/08/15 Publications récentes
Thank you for the answer. I did it. It didn't work.
Alex Alex, modifié il y a 8 années.
RE: Login with wrong password
Junior Member Publications: 42 Date d'inscription: 14/08/15 Publications récentes
Please, help
Alex Alex, modifié il y a 8 années.
RE: Login with wrong password
Junior Member Publications: 42 Date d'inscription: 14/08/15 Publications récentes
Please, help...
Olaf Kock, modifié il y a 8 années.
RE: Login with wrong password
Liferay Legend Publications: 6403 Date d'inscription: 23/09/08 Publications récentes
If nobody posts any more answers, it's typically a good hint that there's not enough information. Please go back, start over and give us more information: Where are you, what have you tried, what steps can we use to reproduce? Is there anything in the logs? How and where do you create those users? In Liferay or LDAP? The more information you give, the greater is the chance that it rings a bell with somebody and they'll be able to help you.
Alex Alex, modifié il y a 8 années.
RE: Login with wrong password
Junior Member Publications: 42 Date d'inscription: 14/08/15 Publications récentes
ok. I'm from Belarus.
what log must I read? there are no mistakes in catalina.out file when the user can't log in.
I didn't create users. The users were imported from Active Directory (Windows Server 2012 R2 x64). I can mistake in it. The users are displayed in Control Panel - Users and organizations. But they aren't displayed in the users in my site. So I add manually some users in the users of the site. After that I could log in with incorrect password and change password as Liferay offers. So I could log in with this "new" password. I did it the same as in the Active Directory.
In that mometh there were theese lines in properties:
In this situation all users from AD can log in with incorrect passwords.
I did
Users that manually added to the users of the site could log in but not all. Some users could, some - not. For example, I (the owner) could log in, another user - couldn't.
I attach logs. Dublicate it on google.drive
what log must I read? there are no mistakes in catalina.out file when the user can't log in.
I didn't create users. The users were imported from Active Directory (Windows Server 2012 R2 x64). I can mistake in it. The users are displayed in Control Panel - Users and organizations. But they aren't displayed in the users in my site. So I add manually some users in the users of the site. After that I could log in with incorrect password and change password as Liferay offers. So I could log in with this "new" password. I did it the same as in the Active Directory.
In that mometh there were theese lines in properties:
ldap.auth.password.encryption.algorithm=MD5
auth.pipeline.enable.liferay.check=false
ldap.import.user.password.enabled=true
layout.parallel.render.timeout=30000
session.store.password=trueIn this situation all users from AD can log in with incorrect passwords.
I did
auth.pipeline.enable.liferay.check=true, as Vilmos said. After that users from AD couldn't log in with correct and incorrect password at all.
Users that manually added to the users of the site could log in but not all. Some users could, some - not. For example, I (the owner) could log in, another user - couldn't.
I attach logs. Dublicate it on google.drive
Pièces jointes:
Gurumurthy Godlaveeti, modifié il y a 8 années.
RE: Login with wrong password
Regular Member Publications: 208 Date d'inscription: 12/08/11 Publications récentes
Hi Alex,
After seeing all your threads, I believe your AD setup with Liferay is done in proper way. You either need to follow LIferay password policy or AD password policy. Check whether your properties sticks to one kind only.
The other thing is, You can do as much as set up related from control panel. Not required to update from portal-ext.properties file.
https://www.liferay.com/community/wiki/-/wiki/Main/LDAP+with+AD+in+Liferay+6.0.5?_36_pageResourcePrimKey=6397714
The above link explains all installation, configuration and password policy related things. Please check it once.
I hope this will help you in understanding the steps.
Thanks
Guru
After seeing all your threads, I believe your AD setup with Liferay is done in proper way. You either need to follow LIferay password policy or AD password policy. Check whether your properties sticks to one kind only.
The other thing is, You can do as much as set up related from control panel. Not required to update from portal-ext.properties file.
https://www.liferay.com/community/wiki/-/wiki/Main/LDAP+with+AD+in+Liferay+6.0.5?_36_pageResourcePrimKey=6397714
The above link explains all installation, configuration and password policy related things. Please check it once.
I hope this will help you in understanding the steps.
Thanks
Guru
Alex Alex, modifié il y a 8 années.
RE: Login with wrong password
Junior Member Publications: 42 Date d'inscription: 14/08/15 Publications récentes
I read this article many times and did it. It doesn't help.
Vilmos Papp, modifié il y a 8 années.
RE: Login with wrong password
Liferay Master Publications: 529 Date d'inscription: 21/10/10 Publications récentes
Can you create screenshots about your config in Control Panel and the test results if you test the connection from the LDAP configuration page?
Vilmos Papp, modifié il y a 8 années.
RE: Login with wrong password
Liferay Master Publications: 529 Date d'inscription: 21/10/10 Publications récentes
Hey, it seems to me that the issue is pretty straight forward from your logs:
It means, you want to login with a user who has no e-mail address in LDAP.
If you want to import users without e-mail address, you should try to set these in your portal-ext.properties:
[PortalLDAPImporterImpl:717] Unable to import user CN=BR-DC02,OU=Domain Controllers: null:null:{samaccountname=sAMAccountName: BR-DC02$}
com.liferay.portal.UserEmailAddressException: Email address cannot be null for BR-DC02 BR-DC02
at com.liferay.portal.security.ldap.DefaultLDAPToPortalConverter.importLDAPUser(DefaultLDAPToPortalConverter.java:139)
at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importUser(PortalLDAPImporterImpl.java:913)
at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importFromLDAPByUser(PortalLDAPImporterImpl.java:707)
at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importFromLDAP(PortalLDAPImporterImpl.java:203)
at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importFromLDAP(PortalLDAPImporterImpl.java:139)
at com.liferay.portal.security.ldap.PortalLDAPImporterUtil.importFromLDAP(PortalLDAPImporterUtil.java:43)
at com.liferay.portlet.admin.messaging.LDAPImportMessageListener.doImportOnStartup(LDAPImportMessageListener.java:38)
at com.liferay.portlet.admin.messaging.LDAPImportMessageListener.doReceive(LDAPImportMessageListener.java:48)
at com.liferay.portal.kernel.messaging.BaseMessageListener.receive(BaseMessageListener.java:26)
at sun.reflect.GeneratedMethodAccessor706.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.liferay.portal.kernel.bean.ClassLoaderBeanHandler.invoke(ClassLoaderBeanHandler.java:67)
at com.sun.proxy.$Proxy296.receive(Unknown Source)
at com.liferay.portal.kernel.scheduler.messaging.SchedulerEventMessageListenerWrapper.receive(SchedulerEventMessageListenerWrapper.java:77)
at com.liferay.portal.kernel.messaging.InvokerMessageListener.receive(InvokerMessageListener.java:72)
at com.liferay.portal.kernel.messaging.ParallelDestination$1.run(ParallelDestination.java:69)
at com.liferay.portal.kernel.concurrent.ThreadPoolExecutor$WorkerTask._runTask(ThreadPoolExecutor.java:682)
at com.liferay.portal.kernel.concurrent.ThreadPoolExecutor$WorkerTask.run(ThreadPoolExecutor.java:593)
at java.lang.Thread.run(Thread.java:745)It means, you want to login with a user who has no e-mail address in LDAP.
If you want to import users without e-mail address, you should try to set these in your portal-ext.properties:
#
# Set this to false if you want to be able to create users without an email
# address. An email address will be automatically assigned to a user based
# on the property "users.email.address.auto.suffix".
#
users.email.address.required=false
#
# Set the suffix of the email address that will be automatically generated
# for a user that does not have an email address. This property is not used
# unless the property "users.email.address.required" is set to false. The
# autogenerated email address will be the user ID plus the specified suffix.
#
users.email.address.auto.suffix=@no-emailaddress.com
Alex Alex, modifié il y a 8 années.
RE: Login with wrong password
Junior Member Publications: 42 Date d'inscription: 14/08/15 Publications récentes
The errors were displayed because the liferay wants import the computer's accounts, not user's. So it doesn't create the problem.
I attached two screenshots of my auth config.
I attached two screenshots of my auth config.
Pièces jointes:
Vilmos Papp, modifié il y a 8 années.
RE: Login with wrong password
Liferay Master Publications: 529 Date d'inscription: 21/10/10 Publications récentes
Then the problem is simple. You have to refine the LDAP filter to filter out computer accounts.
Alex Alex, modifié il y a 8 années.
RE: Login with wrong password
Junior Member Publications: 42 Date d'inscription: 14/08/15 Publications récentes
The computer accounts don't make any problems for me. This problem is another. And this is the second.
For first I want to log in only with correct password.
For first I want to log in only with correct password.
Klaus Bachmaier, modifié il y a 8 années.
RE: Login with wrong password
Regular Member Publications: 223 Date d'inscription: 30/09/13 Publications récentes
I've run into the same Problems with Liferay, LDAP and Active Directoy. I had setup everything as recommended in this Thread and here
Anyway AD Users still wheren't able to login to my Portal.
So I went to Control Panel-> Server Administration->Log Level and set the Levels for com.liferay.portal.security.ldap and com.liferay.portal.security.ldap.PortalLDAPUtil to DEBUG.
Next Time I tried to Log into my Portal with an AD User I've got this:
Google brought me this when I searched for the Line with the Error Code::
http://www-01.ibm.com/support/docview.wss?uid=swg21290631
From that I learned that the Code 773 (after "data") means "user must reset password", and BINGO that was my Problem! The AD Admin has set up my Testuser so that he would have to reset his Password first before it could be used with LDAP.
Anyway AD Users still wheren't able to login to my Portal.
So I went to Control Panel-> Server Administration->Log Level and set the Levels for com.liferay.portal.security.ldap and com.liferay.portal.security.ldap.PortalLDAPUtil to DEBUG.
Next Time I tried to Log into my Portal with an AD User I've got this:
12:53:37,683 DEBUG [http-bio-8080-exec-8][LDAPAuth:272] Search filter returned at least one result
12:53:37,687 DEBUG [http-bio-8080-exec-8][PortalLDAPUtil:593] LDAP user attribute sn: Tester
12:53:37,689 DEBUG [http-bio-8080-exec-8][PortalLDAPUtil:593] LDAP user attribute sAMAccountName: Test
12:53:37,691 DEBUG [http-bio-8080-exec-8][PortalLDAPUtil:593] LDAP user attribute givenName: Test
12:53:37,693 DEBUG [http-bio-8080-exec-8][PortalLDAPUtil:593] LDAP user attribute mail: Test.Tester@mycompany.com
12:53:37,695 DEBUG [http-bio-8080-exec-8][PortalLDAPUtil:593] LDAP user attribute company: ABC
12:53:37,696 DEBUG [http-bio-8080-exec-8][PortalLDAPUtil:593] LDAP user attribute cn: Test Tester
12:53:37,711 DEBUG [http-bio-8080-exec-8][LDAPAuth:176] Failed to bind to the LDAP server with userDN CN=Test Tester,OU=ABC,DC=DEF, DC=COM and password XYZXYZ
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C8, comment: AcceptSecurityContext error, data 773, v2580_] [Sanitized]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835)Google brought me this when I searched for the Line with the Error Code::
http://www-01.ibm.com/support/docview.wss?uid=swg21290631
From that I learned that the Code 773 (after "data") means "user must reset password", and BINGO that was my Problem! The AD Admin has set up my Testuser so that he would have to reset his Password first before it could be used with LDAP.