掲示板
Unable to export users to AD 2012R2 (LDAP: error code 16 - 00000057)
8年前 に Amir Barkal によって更新されました。
Unable to export users to AD 2012R2 (LDAP: error code 16 - 00000057)
New Member 投稿: 14 参加年月日: 15/08/12 最新の投稿
I'm trying to make "liferay-portal-tomcat-6.2-ce-ga6-20160112152609836" export newly created users from Control Panel >> Users to Active Directory 2012 R2.
I'm getting the following error after filling in details in "Add User" screen.
I'm adding Screen Name, Email Address, First Name, Last Name and Gender. BTW what is the proper field mapping for Gender? (it is not possible not to fill in this field)
18:47:27,838 DEBUG [http-bio-8080-exec-4][PortalLDAPUtil:41] -- listing properties --_java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory_java.naming.provider.url=ldaps://ad1.lab1.local:636_com.sun.jndi.ldap.connect.timeout=500_java.naming.security.principal=CN=Administrator,CN=Users,DC=lab1,DC=..._com.sun.jndi.ldap.connect.pool=true_java.naming.security.credentials=123_java.naming.referral=follow_com.sun.jndi.ldap.read.timeout=50000_ [Sanitized]
18:47:27,920 DEBUG [http-bio-8080-exec-4][LDAPSettingsUtil:41] -- listing properties --_password=unicodePwd_lastName=sn_screenName=userPrincipalName_firstName=givenName_emailAddress=mail_ [Sanitized]
18:47:28,012 ERROR [http-bio-8080-exec-4][render_portlet_jsp:132] null
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090D87, comment: Error in attribute conversion operation, data 0, v2580_]; remaining name 'userPrincipalName=user31,OU=liferay,DC=lab1,DC=local' [Sanitized]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3108)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:420)
at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:377)
at com.sun.jndi.toolkit.ctx.ComponentContext.p_bind(ComponentContext.java:614)
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.bind(PartialCompositeContext.java:201)
at javax.naming.InitialContext.bind(InitialContext.java:423)
at com.liferay.portal.security.ldap.PortalLDAPExporterImpl.addUser(PortalLDAPExporterImpl.java:389)
at com.liferay.portal.security.ldap.PortalLDAPExporterImpl.exportToLDAP(PortalLDAPExporterImpl.java:261)
at com.liferay.portal.security.ldap.PortalLDAPExporterUtil.exportToLDAP(PortalLDAPExporterUtil.java:53)
at com.liferay.portal.model.UserListener.exportToLDAP(UserListener.java:106)
at com.liferay.portal.model.UserListener.onAfterUpdate(UserListener.java:74)
at com.liferay.portal.model.UserListener.onAfterUpdate(UserListener.java:1)
at com.liferay.portal.model.BaseModelListener.onAfterUpdate(BaseModelListener.java:1)
at com.liferay.portal.service.persistence.impl.BasePersistenceImpl.update(BasePersistenceImpl.java:340)
at com.liferay.portal.service.impl.UserLocalServiceImpl.updateStatus(UserLocalServiceImpl.java:4923)
at com.liferay.portal.spring.aop.ServiceBeanMethodInvocation.proceed(ServiceBeanMethodInvocation.java:115)
at com.liferay.portal.spring.transaction.DefaultTransactionExecutor.execute(DefaultTransactionExecutor.java:62)
at com.liferay.portal.spring.transaction.TransactionInterceptor.invoke(TransactionInterceptor.java:51)
This is my LDAP settings in portal-ext.properties:
ldap.connection.com.sun.jndi.ldap.read.timeout=50000
ldap.auth.enabled=true
ldap.import.enabled=true
ldap.import.interval=3
ldap.import.on.startup=true
ldap.import.method=user
ldap.auth.required=true
ldap.export.enabled=true
ldap.auth.method=bind
ldap.user.ignore.attributes=birthday,comments,male,middleName
ldap.import.user.password.enabled=false
ldap.password.policy.enabled=true
ldap.server.ids=0
ldap.users.dn.0=OU=liferay,DC=lab1,DC=local
ldap.user.default.object.classes.0=top,person,organizationPerson,user
ldap.groups.dn.0=OU=liferay,DC=lab1,DC=local
ldap.group.default.object.classes.0=top,group
ldap.server.name.0=lab1
ldap.base.provider.url.0=ldaps://ad1.lab1.local:636
ldap.base.dn.0=OU=liferay,DC=lab1,DC=local
ldap.security.principal.0=CN=Administrator,CN=Users,DC=lab1,DC=local
ldap.security.credentials.0=123
ldap.user.mappings.0=emailAddress=mail\nfirstName=givenName\nlastName=sn\npassword=unicodePwd\nscreenName=cn\n
ldap.auth.search.filter.0=(&(objectclass=person)(mail=@email_address@)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
ldap.import.user.search.filter.0=(objectClass=person)
ldap.import.group.search.filter.0=(objectClass=group)
ldap.group.mappings.0=description=description\ngroupName=cn\nuser=member
I'm getting the following error after filling in details in "Add User" screen.
I'm adding Screen Name, Email Address, First Name, Last Name and Gender. BTW what is the proper field mapping for Gender? (it is not possible not to fill in this field)
18:47:27,838 DEBUG [http-bio-8080-exec-4][PortalLDAPUtil:41] -- listing properties --_java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory_java.naming.provider.url=ldaps://ad1.lab1.local:636_com.sun.jndi.ldap.connect.timeout=500_java.naming.security.principal=CN=Administrator,CN=Users,DC=lab1,DC=..._com.sun.jndi.ldap.connect.pool=true_java.naming.security.credentials=123_java.naming.referral=follow_com.sun.jndi.ldap.read.timeout=50000_ [Sanitized]
18:47:27,920 DEBUG [http-bio-8080-exec-4][LDAPSettingsUtil:41] -- listing properties --_password=unicodePwd_lastName=sn_screenName=userPrincipalName_firstName=givenName_emailAddress=mail_ [Sanitized]
18:47:28,012 ERROR [http-bio-8080-exec-4][render_portlet_jsp:132] null
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090D87, comment: Error in attribute conversion operation, data 0, v2580_]; remaining name 'userPrincipalName=user31,OU=liferay,DC=lab1,DC=local' [Sanitized]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3108)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:420)
at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:377)
at com.sun.jndi.toolkit.ctx.ComponentContext.p_bind(ComponentContext.java:614)
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.bind(PartialCompositeContext.java:201)
at javax.naming.InitialContext.bind(InitialContext.java:423)
at com.liferay.portal.security.ldap.PortalLDAPExporterImpl.addUser(PortalLDAPExporterImpl.java:389)
at com.liferay.portal.security.ldap.PortalLDAPExporterImpl.exportToLDAP(PortalLDAPExporterImpl.java:261)
at com.liferay.portal.security.ldap.PortalLDAPExporterUtil.exportToLDAP(PortalLDAPExporterUtil.java:53)
at com.liferay.portal.model.UserListener.exportToLDAP(UserListener.java:106)
at com.liferay.portal.model.UserListener.onAfterUpdate(UserListener.java:74)
at com.liferay.portal.model.UserListener.onAfterUpdate(UserListener.java:1)
at com.liferay.portal.model.BaseModelListener.onAfterUpdate(BaseModelListener.java:1)
at com.liferay.portal.service.persistence.impl.BasePersistenceImpl.update(BasePersistenceImpl.java:340)
at com.liferay.portal.service.impl.UserLocalServiceImpl.updateStatus(UserLocalServiceImpl.java:4923)
at com.liferay.portal.spring.aop.ServiceBeanMethodInvocation.proceed(ServiceBeanMethodInvocation.java:115)
at com.liferay.portal.spring.transaction.DefaultTransactionExecutor.execute(DefaultTransactionExecutor.java:62)
at com.liferay.portal.spring.transaction.TransactionInterceptor.invoke(TransactionInterceptor.java:51)
This is my LDAP settings in portal-ext.properties:
ldap.connection.com.sun.jndi.ldap.read.timeout=50000
ldap.auth.enabled=true
ldap.import.enabled=true
ldap.import.interval=3
ldap.import.on.startup=true
ldap.import.method=user
ldap.auth.required=true
ldap.export.enabled=true
ldap.auth.method=bind
ldap.user.ignore.attributes=birthday,comments,male,middleName
ldap.import.user.password.enabled=false
ldap.password.policy.enabled=true
ldap.server.ids=0
ldap.users.dn.0=OU=liferay,DC=lab1,DC=local
ldap.user.default.object.classes.0=top,person,organizationPerson,user
ldap.groups.dn.0=OU=liferay,DC=lab1,DC=local
ldap.group.default.object.classes.0=top,group
ldap.server.name.0=lab1
ldap.base.provider.url.0=ldaps://ad1.lab1.local:636
ldap.base.dn.0=OU=liferay,DC=lab1,DC=local
ldap.security.principal.0=CN=Administrator,CN=Users,DC=lab1,DC=local
ldap.security.credentials.0=123
ldap.user.mappings.0=emailAddress=mail\nfirstName=givenName\nlastName=sn\npassword=unicodePwd\nscreenName=cn\n
ldap.auth.search.filter.0=(&(objectclass=person)(mail=@email_address@)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
ldap.import.user.search.filter.0=(objectClass=person)
ldap.import.group.search.filter.0=(objectClass=group)
ldap.group.mappings.0=description=description\ngroupName=cn\nuser=member
8年前 に Amir Barkal によって更新されました。
RE: Unable to export users to AD 2012R2 (LDAP: error code 16 - 00000057)
New Member 投稿: 14 参加年月日: 15/08/12 最新の投稿
I'm still looking for an answer on this one, if anyone has an idea what could be the problem I will be happy to know.
UPDATE #1
If I change the LDAP field mapping of the screen name, (for example: screenName=cn) than the error is changed to:
ERROR [http-bio-8080-exec-4][render_portlet_jsp:132] null
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090D87, comment: Error in attribute conversion operation, data 0, v2580_]; remaining name 'cn=user31,OU=liferay,DC=lab1,DC=local'
This means that for some reason, Liferay is trying to put the user's distinguished name in the screename field.
UPDATE #1
If I change the LDAP field mapping of the screen name, (for example: screenName=cn) than the error is changed to:
ERROR [http-bio-8080-exec-4][render_portlet_jsp:132] null
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090D87, comment: Error in attribute conversion operation, data 0, v2580_]; remaining name 'cn=user31,OU=liferay,DC=lab1,DC=local'
This means that for some reason, Liferay is trying to put the user's distinguished name in the screename field.
8年前 に Amir Barkal によって更新されました。
RE: Unable to export users to AD 2012R2 (LDAP: error code 16 - 00000057)
New Member 投稿: 14 参加年月日: 15/08/12 最新の投稿
No one has an idea?
I'm still facing this issue...
Thanks
I'm still facing this issue...
Thanks
8年前 に Amir Barkal によって更新されました。
RE: Unable to export users to AD 2012R2 (LDAP: error code 16 - 00000057)
New Member 投稿: 14 参加年月日: 15/08/12 最新の投稿
I've double checked everything I can imagine. The only explanation I can think of is that Liferay is passing to AD an attribute that doesn't exist.
Anyone can point me to the direction in the code where could that be?
Anyone can point me to the direction in the code where could that be?
7年前 に lee zach によって更新されました。
RE: Unable to export users to AD 2012R2 (LDAP: error code 16 - 00000057)
New Member 投稿: 3 参加年月日: 15/07/18 最新の投稿
I face the same problem too, and I see you , I've got a bit said when I seen u still have no solution...
Don't be cry! I found something useful!
When I see the logs, I realize there are something helpful, look the red content below, it means user export to ldap use the UserListener, so , I think we can fix this problem by create our own module listener:
here is the reference doc: https://dev.liferay.com/develop/tutorials/-/knowledge_base/6-2/creating-model-listeners
Let's figure it out!
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3156)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:423)
at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:380)
at com.sun.jndi.toolkit.ctx.ComponentContext.p_bind(ComponentContext.java:612)
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.bind(PartialCompositeContext.java:201)
at javax.naming.InitialContext.bind(InitialContext.java:429)
at com.liferay.portal.security.ldap.PortalLDAPExporterImpl.addUser(PortalLDAPExporterImpl.java:389)
at com.liferay.portal.security.ldap.PortalLDAPExporterImpl.exportToLDAP(PortalLDAPExporterImpl.java:261)
at com.liferay.portal.security.ldap.PortalLDAPExporterUtil.exportToLDAP(PortalLDAPExporterUtil.java:53)
at com.liferay.portal.model.UserListener.exportToLDAP(UserListener.java:106)
at com.liferay.portal.model.UserListener.onAfterUpdate(UserListener.java:74)
at com.liferay.portal.model.UserListener.onAfterUpdate(UserListener.java:1)
at com.liferay.portal.model.BaseModelListener.onAfterUpdate(BaseModelListener.java:1)
at com.liferay.portal.service.persistence.impl.BasePersistenceImpl.update(BasePersistenceImpl.java:340)
at com.liferay.portal.service.impl.UserLocalServiceImpl.updateStatus(UserLocalServiceImpl.java:4923)
at com.liferay.portal.spring.aop.ServiceBeanMethodInvocation.proceed(ServiceBeanMethodInvocation.java:115)
at com.liferay.portal.spring.transaction.DefaultTransactionExecutor.execute(DefaultTransactionExecutor.java:62)
at com.liferay.portal.spring.transaction.TransactionInterceptor.invoke(TransactionInterceptor.java:51)
Don't be cry! I found something useful!
When I see the logs, I realize there are something helpful, look the red content below, it means user export to ldap use the UserListener, so , I think we can fix this problem by create our own module listener:
here is the reference doc: https://dev.liferay.com/develop/tutorials/-/knowledge_base/6-2/creating-model-listeners
Let's figure it out!
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3156)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:423)
at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:380)
at com.sun.jndi.toolkit.ctx.ComponentContext.p_bind(ComponentContext.java:612)
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.bind(PartialCompositeContext.java:201)
at javax.naming.InitialContext.bind(InitialContext.java:429)
at com.liferay.portal.security.ldap.PortalLDAPExporterImpl.addUser(PortalLDAPExporterImpl.java:389)
at com.liferay.portal.security.ldap.PortalLDAPExporterImpl.exportToLDAP(PortalLDAPExporterImpl.java:261)
at com.liferay.portal.security.ldap.PortalLDAPExporterUtil.exportToLDAP(PortalLDAPExporterUtil.java:53)
at com.liferay.portal.model.UserListener.exportToLDAP(UserListener.java:106)
at com.liferay.portal.model.UserListener.onAfterUpdate(UserListener.java:74)
at com.liferay.portal.model.UserListener.onAfterUpdate(UserListener.java:1)
at com.liferay.portal.model.BaseModelListener.onAfterUpdate(BaseModelListener.java:1)
at com.liferay.portal.service.persistence.impl.BasePersistenceImpl.update(BasePersistenceImpl.java:340)
at com.liferay.portal.service.impl.UserLocalServiceImpl.updateStatus(UserLocalServiceImpl.java:4923)
at com.liferay.portal.spring.aop.ServiceBeanMethodInvocation.proceed(ServiceBeanMethodInvocation.java:115)
at com.liferay.portal.spring.transaction.DefaultTransactionExecutor.execute(DefaultTransactionExecutor.java:62)
at com.liferay.portal.spring.transaction.TransactionInterceptor.invoke(TransactionInterceptor.java:51)
7年前 に lee zach によって更新されました。
RE: Unable to export users to AD 2012R2 (LDAP: error code 16 - 00000057)
New Member 投稿: 3 参加年月日: 15/07/18 最新の投稿
Finally!!!!!
After a long time debug!! I fixed my problem
I thought we both make a huge mistake!!!
I try overwrite UserLocalServiceImpl and write my own UserListener listen onAfterUpdate event!!
Finally figure out by override some class in liferay portal-impl ldap packge , print out some debug info at console:
https://github.com/liferay/liferay-portal/tree/6.2.x/portal-impl/src/com/liferay/portal/security/ldap
here is the solution will help u figure out what's going on with you config,(I'm base on ms server 2008 ad)
1, check all attribute config in ldap is right (eg: cn, userPassword, givenName, sn, etc.)
2, check export objectclass(my issue is config wrong objectclass: change organizationPerson --> organizationalPerson)
3, set up uuid attribute
if still doesn't work , I surgess u can use liferay ext plugin override ldap class to get some useful info
After a long time debug!! I fixed my problem
I thought we both make a huge mistake!!!
I try overwrite UserLocalServiceImpl and write my own UserListener listen onAfterUpdate event!!
Finally figure out by override some class in liferay portal-impl ldap packge , print out some debug info at console:
https://github.com/liferay/liferay-portal/tree/6.2.x/portal-impl/src/com/liferay/portal/security/ldap
here is the solution will help u figure out what's going on with you config,(I'm base on ms server 2008 ad)
1, check all attribute config in ldap is right (eg: cn, userPassword, givenName, sn, etc.)
2, check export objectclass(my issue is config wrong objectclass: change organizationPerson --> organizationalPerson)
3, set up uuid attribute
if still doesn't work , I surgess u can use liferay ext plugin override ldap class to get some useful info
7年前 に David H Nebinger によって更新されました。
RE: Unable to export users to AD 2012R2 (LDAP: error code 16 - 00000057)
Liferay Legend 投稿: 14915 参加年月日: 06/09/02 最新の投稿
Well, technically this isn't really a bug, it just wasn't configured correctly.
I didn't see this thread come up before or I would have suggested checking out your mappings.
Glad you found the solution, though, and thanks for sharing with everyone!
Come meet me at the NAS!
I didn't see this thread come up before or I would have suggested checking out your mappings.
Glad you found the solution, though, and thanks for sharing with everyone!
Come meet me at the NAS!