Fórum

  1. Início
  2. Portal
  3. Add LDAP button issue in Liferay 6.2 GA5

Add LDAP button issue in Liferay 6.2 GA5

Vasu Kumar Piduru, modificado 8 Anos atrás.

Add LDAP button issue in Liferay 6.2 GA5

Junior Member Postagens: 37 Data de Entrada: 05/10/09 Postagens Recentes
Hello Team,

I am trying to add LDAP server in the Liferay configuration, the proper link is really missing.

In the DEV/QA environments the button in the html shows like this.
<button class="btn" id="_130_addButton" onclick="location.href = location.href.replace(location.hash, '');;" type="button"> Add </button>


In the local environment the link shows really good and works fine. The in the local environment is something like this.

<button class="btn" id="_130_addButton" onclick="location.href = 'http\x3a\x2f\x2flocalhost\x3a8888\x2fgroup\x2fcontrol_panel\x2fmanage\x3fp_p_id\x3d130\x26p_p_lifecycle\x3d0\x26p_p_state\x3dmaximized\x26p_p_mode\x3dview\x26refererPlid\x3d10870\x26controlPanelCategory\x3dconfiguration\x26_130_struts_action\x3d\x252Fportal_settings\x252Fedit_ldap_server\x26_130_redirect\x3dhttp\x253A\x252F\x252Flocalhost\x253A8888\x252Fgroup\x252Fcontrol_panel\x252Fmanage\x253Fp_p_id\x253D130\x2526p_p_lifecycle\x253D0\x2526p_p_state\x253Dmaximized\x2526p_p_mode\x253Dview\x2526refererPlid\x253D10870\x2526controlPanelCategory\x253Dconfiguration\x2523_LFR_FN_authentication';" type="button"> Add </button>


Anyone know exactly where the problem is, as I know there is something to set in the ext properties as allowed domains but not sure what to set and how to set properly in the cluster environment. Is it IP of the app server individually or IP of the load balanced host name? Any details information and example would be appreciated.
thumbnail
Andrew Jardine, modificado 7 Anos atrás.

RE: Add LDAP button issue in Liferay 6.2 GA5

Liferay Legend Postagens: 2416 Data de Entrada: 22/12/10 Postagens Recentes
Though I might get in trouble for reviving a "dead thread" -- I'm going to post here anyway since I came across this post troubleshooting the same issue. There are actually several threads referencing this issue -- and in my case I had the issue with the Polls admin, not the LDAP (this time). Rather than just post the answer, I am going to describe what I did.

The issue didn't exist for me on my local. The most obvious difference between my local and the remove servers was that fact that, locally, I was not using a proxy. Ah -- so the issue must be the proxy -- but best to be sure. So I started by bypassing the server on the remove machine to validate. Sure enough, bypassing the proxy did seem to resolve the issue. So then I started plowing through the LR source.

Look at the /html/portlet/polls/view.jsop I could see that the "Add Question" button uses the aui:button taglib. Digging into that taglib, I next found myself in /html/taglib/aui/button/init.jsp. In there I could see --

java.lang.String href = GetterUtil.getString((java.lang.String)request.getAttribute("aui:button:href"));


but also lower in the file ...

&lt;%@ include file="/html/taglib/aui/button/init-ext.jspf" %&gt;


Digging into the init-ext I could see that the href was being processed 

if (Validator.isNotNull(href)) {
	escapedHREF = HtmlUtil.escapeJS(PortalUtil.escapeRedirect(href));


Interesting. So PortalUtil, which maps to PortalImp and I could see ..

...
		try {
			String securityMode = PropsValues.REDIRECT_URL_SECURITY_MODE;

			if (securityMode.equals("domain")) {
				String[] allowedDomains =
					PropsValues.REDIRECT_URL_DOMAINS_ALLOWED;

				if ((allowedDomains.length &gt; 0) &amp;&amp;
					!ArrayUtil.contains(allowedDomains, domain)) {

					if (_log.isDebugEnabled()) {
						_log.debug("Redirect URL " + url + " is not allowed");
					}

					url = null;
				}
			}
....


If you enable your debugger, I bet you'll see that message. So basically, I know that it stems from this and it's the proxy inclusion that is a problem. Checking my proxy settings I could see that the forward rule used a DOMAIN for the rule, not an IP. By default, LR does it based on IPs. So if you change your proxy to use a forward rule based on IP rather than Domain would fix the issue. But what if you WANT to use the domain in your config? You can -- all you have to do is make sure that you have the right property enabled (in your portal-ext)

##
## Redirect
##

    #
    # Set this property to "ip" or "domain" for the redirect security method. If
    # set to "domain", the portal will only redirect users to domains listed in
    # the property "redirect.url.domain.allowed". If set to "ip", the portal
    # will only redirect to domains whose IP address resolve to an IP address
    # listed in the property "redirect.url.ip.allowed".
    #
    #redirect.url.security.mode=domain
    redirect.url.security.mode=ip


switch it from ip to use domain, and you're back on track.