Forums de discussion

  1. Accueil
  2. Development
  3. LDAP Integration: Failed login

LDAP Integration: Failed login

Lekan Omotayo, modifié il y a 13 années.

LDAP Integration: Failed login

New Member Publications: 11 Date d'inscription: 02/02/11 Publications récentes
Hi All,

I am new to LifeRAY. I am trying to setup LifeRay authentication using LDAP (Microsoft Active Directory).

See my settings below:
Authentication Search Filter = (sAMAccountName=@screen_name@)
Screen Name = sAMAccountName
Password = userPassword
Email Address = mail
Full Name = name
First Name = givenName
Last Name = sn
Job Title = title
Group = department

I checked the import enabled button as well as the Import on Startup Enabled button. I also checked the export enabled button.


However, whenever I try to login with an LDAP user, it throws the error below:


17:12:35,657 ERROR PollerServlet:279 - Invalid credentials for company id 1 and user id La7TCzEn94Q=
17:12:35,657  WARN PortalImpl:3112 - Current URL /poller/send generates exception: null
17:12:47,782 ERROR UserImpl:109 - com.liferay.portal.NoSuchContactException: No Contact exists with the primary key 10402
com.liferay.portal.NoSuchContactException: No Contact exists with the primary key 10402
	at com.liferay.portal.service.persistence.ContactPersistenceImpl.findByPrimaryKey(ContactPersistenceImpl.java:292)
	at com.liferay.portal.service.impl.ContactLocalServiceImpl.getContact(ContactLocalServiceImpl.java:40)

	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
	at $Proxy17.getContact(Unknown Source)
	at com.liferay.portal.service.ContactLocalServiceUtil.getContact(ContactLocalServiceUtil.java:83)
	at com.liferay.portal.model.impl.UserImpl.getContact(UserImpl.java:104)
	at com.liferay.portal.security.ldap.PortalLDAPUtil.importLDAPUser(PortalLDAPUtil.java:923)


17:12:47,798 ERROR PortalLDAPUtil:966 - Error updating user with screen name firstname.lastname and email address user@email.com
java.lang.NullPointerException
	at java.util.Calendar.setTime(Calendar.java:1037)
	at com.liferay.portal.security.ldap.PortalLDAPUtil.importLDAPUser(PortalLDAPUtil.java:927)
	at com.liferay.portal.security.auth.LDAPAuth.authenticate(LDAPAuth.java:204)
	at com.liferay.portal.security.auth.LDAPAuth.authenticateByScreenName(LDAPAuth.java:95)
	at com.liferay.portal.security.auth.AuthPipeline._authenticate(AuthPipeline.java:153)
	at com.liferay.portal.security.auth.AuthPipeline.authenticateByScreenName(AuthPipeline.java:56)
	at com.liferay.portal.service.impl.UserLocalServiceImpl.authenticate(UserLocalServiceImpl.java:2549)

	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
	at $Proxy71.authenticateByScreenName(Unknown Source)
	at com.liferay.portal.service.UserLocalServiceUtil.authenticateByScreenName(UserLocalServiceUtil.java:173)
	at com.liferay.portlet.login.util.LoginUtil.login(LoginUtil.java:163)
	at com.liferay.portlet.login.action.LoginAction.login(LoginAction.java:145)


	at java.lang.Thread.run(Thread.java:595)
17:12:47,891 ERROR PortalLDAPUtil:255 - javax.naming.NoPermissionException: [LDAP: error code 50 - 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
]; remaining name 'CN=Firstname Lastname,OU=Unit,OU=Company Users,DC=CompanyDomain,DC=com'
javax.naming.NoPermissionException: [LDAP: error code 50 - 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
]; remaining name 'CN=Firstname Lastname,OU=Unit,OU=Compnay Users,DC=CompnayDomain,DC=com'
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3002)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2940)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2746)
	at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1446)
thumbnail
Juan Gonzalez P, modifié il y a 13 années.

RE: LDAP Integration: Failed login

Liferay Legend Publications: 3089 Date d'inscription: 28/10/08 Publications récentes
Lekan Omotayo:

at java.lang.Thread.run(Thread.java:595)
17:12:47,891 ERROR PortalLDAPUtil:255 - javax.naming.NoPermissionException: [LDAP: error code 50 - 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
]; remaining name 'CN=Firstname Lastname,OU=Unit,OU=Company Users,DC=CompanyDomain,DC=com'
javax.naming.NoPermissionException: [LDAP: error code 50 - 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
]; remaining name 'CN=Firstname Lastname,OU=Unit,OU=Compnay Users,DC=CompnayDomain,DC=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3002)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2940)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2746)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1446)


Just see the logs properly. The user hasn't got permissions to access that DN in LDAP.

And perhaps you should set the authentication field by screen name.
Lekan Omotayo, modifié il y a 13 années.

RE: LDAP Integration: Failed login

New Member Publications: 11 Date d'inscription: 02/02/11 Publications récentes
Juan Gonzalez P:
Lekan Omotayo:

at java.lang.Thread.run(Thread.java:595)
17:12:47,891 ERROR PortalLDAPUtil:255 - javax.naming.NoPermissionException: [LDAP: error code 50 - 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
]; remaining name 'CN=Firstname Lastname,OU=Unit,OU=Company Users,DC=CompanyDomain,DC=com'
javax.naming.NoPermissionException: [LDAP: error code 50 - 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
]; remaining name 'CN=Firstname Lastname,OU=Unit,OU=Compnay Users,DC=CompnayDomain,DC=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3002)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2940)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2746)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1446)


Just see the logs properly. The user hasn't got permissions to access that DN in LDAP.

And perhaps you should set the authentication field by screen name.


I 'd already set it to authenticate by screen name.

I eventually unchecked the export enabled button and when I tried to log in, it says:


08:03:18,835 ERROR UserImpl:109 - com.liferay.portal.NoSuchContactException: No Contact exists with the primary key 10206
com.liferay.portal.NoSuchContactException: No Contact exists with the primary key 10206
	at com.liferay.portal.service.persistence.ContactPersistenceImpl.findByPrimaryKey(ContactPersistenceImpl.java:292)
	at com.liferay.portal.service.impl.ContactLocalServiceImpl.getContact(ContactLocalServiceImpl.java:40)
	at sun.reflect.GeneratedMethodAccessor159.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:585)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
	at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
	at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
	at $Proxy17.getContact(Unknown Source)
	at com.liferay.portal.service.ContactLocalServiceUtil.getContact(ContactLocalServiceUtil.java:83)
	at com.liferay.portal.model.impl.UserImpl.getContact(UserImpl.java:104)
	at com.liferay.portal.security.ldap.PortalLDAPUtil.importLDAPUser(PortalLDAPUtil.java:923)
	at com.liferay.portal.security.auth.LDAPAuth.authenticate(LDAPAuth.java:204)
	at com.liferay.portal.security.auth.LDAPAuth.authenticateByScreenName(LDAPAuth.java:95)
	at com.liferay.portal.security.auth.AuthPipeline._authenticate(AuthPipeline.java:153)
	at com.liferay.portal.security.auth.AuthPipeline.authenticateByScreenName(AuthPipeline.java:56)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
	at java.lang.Thread.run(Thread.java:595)
08:03:18,850 ERROR PortalLDAPUtil:966 - Error updating user with screen name first.lastname and email address email@mail.com
java.lang.NullPointerException
	at java.util.Calendar.setTime(Calendar.java:1037)
	at com.liferay.portal.security.ldap.PortalLDAPUtil.importLDAPUser(PortalLDAPUtil.java:927)
	at com.liferay.portal.security.auth.LDAPAuth.authenticate(LDAPAuth.java:204)
	at com.liferay.portal.security.auth.LDAPAuth.authenticateByScreenName(LDAPAuth.java:95)
............
thumbnail
Apoorva Prakash, modifié il y a 13 années.

RE: LDAP Integration: Failed login

Liferay Master Publications: 658 Date d'inscription: 15/06/10 Publications récentes
Hello Lekan Omotayo,

Check your settings in control panel, match with the following:
(However I've done this with Apache DS)...




Hope this will help...

Thanks and Regards...
ice sword, modifié il y a 12 années.

RE: LDAP Integration: Failed login

New Member Publications: 7 Date d'inscription: 24/01/11 Publications récentes
Apoorva Prakash:
Hello Lekan Omotayo,

Check your settings in control panel, match with the following:
(However I've done this with Apache DS)...




Hope this will help...

Thanks and Regards...


hi Apoorva Prakash

i'm using microsoft ad for ldap server and now i can log in liferay by using a user that not exist in liferay but exist in ldap server,but i got an error when i used test to log in

09:19:15,741 ERROR [LDAPAuth:164] Failed to bind to the LDAP server javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr:
DSID-0C09030F, comment: AcceptSecurityContext error


could you help me again? thanks a lot
thumbnail
tinu c p, modifié il y a 12 années.

RE: LDAP Integration: Failed login

Junior Member Publications: 78 Date d'inscription: 07/01/10 Publications récentes
You not able to sign in with test user i.e not in LDAP coz in your LDAP configuration in control panel you have checked Required option untick it to be able to sign in liferay.

Thanks,
AP
thumbnail
Apoorva Prakash, modifié il y a 12 années.

RE: LDAP Integration: Failed login

Liferay Master Publications: 658 Date d'inscription: 15/06/10 Publications récentes
Hello Ice Sword,
As you've checked login required, the liferay is not letting you login.
Try unchecking it.

Hope this will help.
Thanks regards and happy coding...
ice sword, modifié il y a 12 années.

RE: LDAP Integration: Failed login

New Member Publications: 7 Date d'inscription: 24/01/11 Publications récentes
hi Apoorva Prakash and tinu c p

this is my liferay ldap configuration

Enabled:checked
Required:checked
------------------------
Import/Export

Import Enabled:unchecked
Export Enabled:checked


i used test to sign in successfully,but i got an error:

09:19:15,741 ERROR [LDAPAuth:164] Failed to bind to the LDAP server javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr:
DSID-0C09030F, comment: AcceptSecurityContext error


and now i changed the configuration


Enabled:checked
Required:unchecked
------------------------
Import/Export

Import Enabled:unchecked
Export Enabled:checked


but i got the same error

so could you give me some suggestion? thanks a lot
thumbnail
Apoorva Prakash, modifié il y a 12 années.

RE: LDAP Integration: Failed login

Liferay Master Publications: 658 Date d'inscription: 15/06/10 Publications récentes
Hey buddy,
I haven't done with MS-AD, but I have small idea about this problem. I can't point problem exactly, You've to dig in further.
In DN, it accepts following
useraccountname@corp.xxx.com (where useraccountname is the login ID and XXX is the domain your AD runs in)
Two more points
1. to the extent I know, LDAP authentication is skipped if the user is omni admin.
2. your password may not be saved in plain text. It was hashed but looks like plain...
So, may be this can solve your issue.

Hope this will help.
Thanks and Regards. emoticon
ice sword, modifié il y a 12 années.

RE: LDAP Integration: Failed login

New Member Publications: 7 Date d'inscription: 24/01/11 Publications récentes
hi Apoorva Prakash and tinu c p

this is my liferay ldap configuration

Enabled:checked
Required:checked
------------------------
Import/Export

Import Enabled:unchecked
Export Enabled:checked


Apoorva Prakash:
Hey buddy,
I haven't done with MS-AD, but I have small idea about this problem. I can't point problem exactly, You've to dig in further.
In DN, it accepts following
useraccountname@corp.xxx.com (where useraccountname is the login ID and XXX is the domain your AD runs in)
Two more points
1. to the extent I know, LDAP authentication is skipped if the user is omni admin.
2. your password may not be saved in plain text. It was hashed but looks like plain...
So, may be this can solve your issue.

Hope this will help.
Thanks and Regards. emoticon


hey Apoorva Prakash

if i used a user that exist in ldap server,it will sign in successfully,even if i create a new user in ldap server,i also can sign in successfully;
but if i created a new user in liferay ,it can be synchronized to ldap server automatically.when i used this user to sign in liferay,i got the error.

09:19:15,741 ERROR [LDAPAuth:164] Failed to bind to the LDAP server javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr:
DSID-0C09030F, comment: AcceptSecurityContext error


i compared the user that synchronized from liferay to the user existed in ldap server and got some differences

the user in ldap server

cn bg1
instanceType 4
nTSecurityDescriptor
objectCategory CN=Person,CN=Schema,CN=Configuration,DC=icesword,DC=cn
objectClass top
objectClass person
objectClass organizationalPerson
objectClass user
accountExpires 9223372036854775807
badPasswordTime 0
badPwdCount 0
codePage 0
countryCode 0
displayName bg1
distinguishedName CN=bg1,OU=BGS,OU=SDEP,DC=icesword,DC=cn
givenName bg1
lastLogoff 0
lastLogon 0
logonCount 0
mail bg1@lif.com
name bg1
objectGUID (non string data)
objectSid (non string data)
primaryGroupID 513
pwdLastSet 129519878289160091
sAMAccountName bg1
sAMAccountType 805306368
sn bg1
userAccountControl 512
userPrincipalName bg1@icesword.cn
uSNChanged 49307
uSNCreated 49211
whenChanged 20110608091400.0Z
whenCreated 20110608062348.0Z


the user synchronized from liferay

cn liferaynewuser
instanceType 4
nTSecurityDescriptor
objectCategory CN=Person,CN=Schema,CN=Configuration,DC=icesword,DC=cn
objectClass top
objectClass person
objectClass organizationalPerson
objectClass user
accountExpires 9223372036854775807
badPasswordTime 129520074161454830
badPwdCount 1
codePage 0
countryCode 0
distinguishedName CN=liferaynewuser,OU=SDEP,DC=icesword,DC=cn
givenName liferaynewuser
lastLogoff 0
lastLogon 0
logonCount 0
mail liferaynewuser@sdep.cn
name liferaynewuser
objectGUID (non string data)
objectSid (non string data)
primaryGroupID 513
pwdLastSet 129520016024903292
sAMAccountName $O31000-Q5BDQTD35CAV
sAMAccountType 805306368
sn liferaynewuser
userAccountControl 66080
userPassword (non string data)
userPrincipalName liferaynewuser@icesword.cn
uSNChanged 49383
uSNCreated 49348
whenChanged 20110608115507.0Z
whenCreated 20110608093759.0Z


Is it means that i have some wrong configurations in liferay to deal with when a user created in liferay and synchronized to ldap server?

thanks a lot
thumbnail
Apoorva Prakash, modifié il y a 12 années.

RE: LDAP Integration: Failed login

Liferay Master Publications: 658 Date d'inscription: 15/06/10 Publications récentes
Always welcome mate... emoticon
thumbnail
ganesh thakur, modifié il y a 8 années.

RE: LDAP Integration: Failed login

New Member Publications: 17 Date d'inscription: 19/10/15 Publications récentes
I had done LDAP integration with Liferay 6.2 Community edition(CE). LDAP server connectivity is done successfully also LDAP users get displaying. Also in Liferay database user_ tables imported all LDAP users.
Now when I login using LDAP users credentials i am getting error message as Authentication failed. I am not getting what the issue. Can some one help to route out this issue.

my LDAP server connected successfully. and Users get imported successfully into my Liferay user_ table. I am attaching my LDAP integration configuration details file. Please check my LDAP setting all fields are correctly configured. Still i am unable to login through LDAP user credentials.
Please check and let us know where is the problem persist.

Pièces jointes:

thumbnail
Aditya Bhardwaj, modifié il y a 8 années.

RE: LDAP Integration: Failed login

Junior Member Publications: 78 Date d'inscription: 08/01/15 Publications récentes
Hi Ganesh,

Check the enable option and don't forget to save it.
You can try LDAP integration with Liferay for step by step details.