掲示板
Liferay and LDAP: current an old password works!
12年前 に Silvano Fari によって更新されました。
Liferay and LDAP: current an old password works!
Junior Member 投稿: 58 参加年月日: 10/06/16 最新の投稿
Hi, I have a Liferay, which is bound to an LDAP (Active Directory) as user registry. It works fine so far!
When I am changing a password of a user in AD the according user is able to immediately log in with the new password.
But what I don't understand is, that logging in with the old one works as well....
Is this working as designed? Can somebody explain, why that behaves like this?
When I am changing a password of a user in AD the according user is able to immediately log in with the new password.
But what I don't understand is, that logging in with the old one works as well....
Is this working as designed? Can somebody explain, why that behaves like this?
11年前 に Jack Bakker によって更新されました。
RE: Liferay and LDAP: current an old password works!
Liferay Master 投稿: 978 参加年月日: 10/01/03 最新の投稿
I also look for solution to this (LR v6.0.6 against Active Directory)
11年前 に Hüseyin Uzun によって更新されました。
RE: Liferay and LDAP: current an old password works!
New Member 投稿: 10 参加年月日: 10/11/11 最新の投稿
There's an blog-entry, where you can see the integration of secure LDAP-Integration: http://www.liferay.com/web/jonas.yuan/blog/-/blogs/6583930
Which Version of Liferay do you use? In 6.0.6 you must implement the sources themselves.
Which Version of Liferay do you use? In 6.0.6 you must implement the sources themselves.
11年前 に Hitoshi Ozawa によって更新されました。
RE: Liferay and LDAP: current an old password works!
Liferay Legend 投稿: 7942 参加年月日: 10/03/24 最新の投稿
This seems to a security risk but I think I've seen similar post before. Have you tried the nightly trunk version because it may be solved there.
11年前 に elias saliba によって更新されました。
RE: Liferay and LDAP: current an old password works!
New Member 投稿: 24 参加年月日: 12/07/16 最新の投稿
hi Silvano,
when your portal liferay imports data from LDAP, it imports password of users and stores it into liferay repository database. then when you change password in your portal, the two passwords will be accepeted. try to not importing data from LDAP server and make your LDAP required:
when your portal liferay imports data from LDAP, it imports password of users and stores it into liferay repository database. then when you change password in your portal, the two passwords will be accepeted. try to not importing data from LDAP server and make your LDAP required:
添付ファイル:
11年前 に Jack Bakker によって更新されました。
RE: Liferay and LDAP: current an old password works!
Liferay Master 投稿: 978 参加年月日: 10/01/03 最新の投稿
if ldap is not required ; do we know if authentication is FIRST tried against ldap and then against Liferay ? or might it be against Liferay first and then LDAP ?
11年前 に elias saliba によって更新されました。
RE: Liferay and LDAP: current an old password works!
New Member 投稿: 24 参加年月日: 12/07/16 最新の投稿
Hi jack,
If ldap is required then the authentication would take place on the ldap server. This means that the username and password of ldap will be checked.
If ldap is required then the authentication would take place on the ldap server. This means that the username and password of ldap will be checked.
11年前 に Jack Bakker によって更新されました。
RE: Liferay and LDAP: current an old password works!
Liferay Master 投稿: 978 参加年月日: 10/01/03 最新の投稿
Elias wrote
Jack asked
Hi jack,
If ldap is required then the authentication would take place on the ldap server. This means that the username and password of ldap will be checked.
Jack asked
if ldap is not required ; do we know if authentication is FIRST tried against ldap and then against Liferay ? or might it be against Liferay first and then LDAP ?
11年前 に elias saliba によって更新されました。
RE: Liferay and LDAP: current an old password works!
New Member 投稿: 24 参加年月日: 12/07/16 最新の投稿Jack Bakker:
Elias wroteHi jack,
If ldap is required then the authentication would take place on the ldap server. This means that the username and password of ldap will be checked.
Jack askedif ldap is not required ; do we know if authentication is FIRST tried against ldap and then against Liferay ? or might it be against Liferay first and then LDAP ?
Elias answer:
If required is true then liferay only search in ldap server.
If required is false then liferay will firstly seach in its repository, if the authentication is false then liferay will go to the third party (ldap) .
Conclusion, if ldap is not required, liferay will fetch firstly in its repository because its is more quick and its dependent to liferay, then fetch in ldap.
11年前 に Hitoshi Ozawa によって更新されました。
RE: Liferay and LDAP: current an old password works!
Liferay Legend 投稿: 7942 参加年月日: 10/03/24 最新の投稿
Please try it and see it actually works. I think there was a bug which made it to always check liferay's repository.