Liferay and LDAP: current an old password works!

掲示板

12年前に Silvano Fari によって更新されました。

Liferay and LDAP: current an old password works!

Junior Member 投稿: 58 参加年月日: 10/06/16 最新の投稿

Hi, I have a Liferay, which is bound to an LDAP (Active Directory) as user registry. It works fine so far!

When I am changing a password of a user in AD the according user is able to immediately log in with the new password.
But what I don't understand is, that logging in with the old one works as well....

Is this working as designed? Can somebody explain, why that behaves like this?

11年前に Jack Bakker によって更新されました。

RE: Liferay and LDAP: current an old password works!

Liferay Master 投稿: 978 参加年月日: 10/01/03 最新の投稿

I also look for solution to this (LR v6.0.6 against Active Directory)

11年前に Hüseyin Uzun によって更新されました。

RE: Liferay and LDAP: current an old password works!

New Member 投稿: 10 参加年月日: 10/11/11 最新の投稿

There's an blog-entry, where you can see the integration of secure LDAP-Integration: http://www.liferay.com/web/jonas.yuan/blog/-/blogs/6583930
Which Version of Liferay do you use? In 6.0.6 you must implement the sources themselves.

11年前に Hitoshi Ozawa によって更新されました。

RE: Liferay and LDAP: current an old password works!

Liferay Legend 投稿: 7942 参加年月日: 10/03/24 最新の投稿

This seems to a security risk but I think I've seen similar post before. Have you tried the nightly trunk version because it may be solved there.

11年前に elias saliba によって更新されました。

RE: Liferay and LDAP: current an old password works!

New Member 投稿: 24 参加年月日: 12/07/16 最新の投稿

hi Silvano,
when your portal liferay imports data from LDAP, it imports password of users and stores it into liferay repository database. then when you change password in your portal, the two passwords will be accepeted. try to not importing data from LDAP server and make your LDAP required:

11年前に Jack Bakker によって更新されました。

RE: Liferay and LDAP: current an old password works!

Liferay Master 投稿: 978 参加年月日: 10/01/03 最新の投稿

if ldap is not required ; do we know if authentication is FIRST tried against ldap and then against Liferay ? or might it be against Liferay first and then LDAP ?

11年前に elias saliba によって更新されました。

RE: Liferay and LDAP: current an old password works!

New Member 投稿: 24 参加年月日: 12/07/16 最新の投稿

Hi jack,
If ldap is required then the authentication would take place on the ldap server. This means that the username and password of ldap will be checked.

11年前に Jack Bakker によって更新されました。

RE: Liferay and LDAP: current an old password works!

Liferay Master 投稿: 978 参加年月日: 10/01/03 最新の投稿

Elias wrote

Hi jack,
If ldap is required then the authentication would take place on the ldap server. This means that the username and password of ldap will be checked.

Jack asked

if ldap is not required ; do we know if authentication is FIRST tried against ldap and then against Liferay ? or might it be against Liferay first and then LDAP ?

11年前に elias saliba によって更新されました。

RE: Liferay and LDAP: current an old password works!

New Member 投稿: 24 参加年月日: 12/07/16 最新の投稿

Jack Bakker:

Elias wrote

Hi jack,
If ldap is required then the authentication would take place on the ldap server. This means that the username and password of ldap will be checked.

Jack asked

if ldap is not required ; do we know if authentication is FIRST tried against ldap and then against Liferay ? or might it be against Liferay first and then LDAP ?

Elias answer:

If required is true then liferay only search in ldap server.
If required is false then liferay will firstly seach in its repository, if the authentication is false then liferay will go to the third party (ldap) .

Conclusion, if ldap is not required, liferay will fetch firstly in its repository because its is more quick and its dependent to liferay, then fetch in ldap.

11年前に Hitoshi Ozawa によって更新されました。

RE: Liferay and LDAP: current an old password works!

Liferay Legend 投稿: 7942 参加年月日: 10/03/24 最新の投稿

Please try it and see it actually works. I think there was a bug which made it to always check liferay's repository.