Fórum

  1. Início
  2. Portal
  3. Liferay and LDAP: current an old password works!

Liferay and LDAP: current an old password works!

Silvano Fari, modificado 12 Anos atrás.

Liferay and LDAP: current an old password works!

Junior Member Postagens: 58 Data de Entrada: 16/06/10 Postagens Recentes
Hi, I have a Liferay, which is bound to an LDAP (Active Directory) as user registry. It works fine so far!

When I am changing a password of a user in AD the according user is able to immediately log in with the new password.
But what I don't understand is, that logging in with the old one works as well....

Is this working as designed? Can somebody explain, why that behaves like this?
thumbnail
Jack Bakker, modificado 11 Anos atrás.

RE: Liferay and LDAP: current an old password works!

Liferay Master Postagens: 978 Data de Entrada: 03/01/10 Postagens Recentes
I also look for solution to this (LR v6.0.6 against Active Directory)
Hüseyin Uzun, modificado 11 Anos atrás.

RE: Liferay and LDAP: current an old password works!

New Member Postagens: 10 Data de Entrada: 11/11/10 Postagens Recentes
There's an blog-entry, where you can see the integration of secure LDAP-Integration: http://www.liferay.com/web/jonas.yuan/blog/-/blogs/6583930
Which Version of Liferay do you use? In 6.0.6 you must implement the sources themselves.
thumbnail
Hitoshi Ozawa, modificado 11 Anos atrás.

RE: Liferay and LDAP: current an old password works!

Liferay Legend Postagens: 7942 Data de Entrada: 24/03/10 Postagens Recentes
This seems to a security risk but I think I've seen similar post before. Have you tried the nightly trunk version because it may be solved there.
thumbnail
elias saliba, modificado 11 Anos atrás.

RE: Liferay and LDAP: current an old password works!

New Member Postagens: 24 Data de Entrada: 16/07/12 Postagens Recentes
hi Silvano,
when your portal liferay imports data from LDAP, it imports password of users and stores it into liferay repository database. then when you change password in your portal, the two passwords will be accepeted. try to not importing data from LDAP server and make your LDAP required:

Anexos:

thumbnail
Jack Bakker, modificado 11 Anos atrás.

RE: Liferay and LDAP: current an old password works!

Liferay Master Postagens: 978 Data de Entrada: 03/01/10 Postagens Recentes
if ldap is not required ; do we know if authentication is FIRST tried against ldap and then against Liferay ? or might it be against Liferay first and then LDAP ?
thumbnail
elias saliba, modificado 11 Anos atrás.

RE: Liferay and LDAP: current an old password works!

New Member Postagens: 24 Data de Entrada: 16/07/12 Postagens Recentes
Hi jack,
If ldap is required then the authentication would take place on the ldap server. This means that the username and password of ldap will be checked.
thumbnail
Jack Bakker, modificado 11 Anos atrás.

RE: Liferay and LDAP: current an old password works!

Liferay Master Postagens: 978 Data de Entrada: 03/01/10 Postagens Recentes
Elias wrote

Hi jack,
If ldap is required then the authentication would take place on the ldap server. This means that the username and password of ldap will be checked.


Jack asked

if ldap is not required ; do we know if authentication is FIRST tried against ldap and then against Liferay ? or might it be against Liferay first and then LDAP ?
thumbnail
elias saliba, modificado 11 Anos atrás.

RE: Liferay and LDAP: current an old password works!

New Member Postagens: 24 Data de Entrada: 16/07/12 Postagens Recentes
Jack Bakker:
Elias wrote

Hi jack,
If ldap is required then the authentication would take place on the ldap server. This means that the username and password of ldap will be checked.


Jack asked

if ldap is not required ; do we know if authentication is FIRST tried against ldap and then against Liferay ? or might it be against Liferay first and then LDAP ?


Elias answer:

If required is true then liferay only search in ldap server.
If required is false then liferay will firstly seach in its repository, if the authentication is false then liferay will go to the third party (ldap) .

Conclusion, if ldap is not required, liferay will fetch firstly in its repository because its is more quick and its dependent to liferay, then fetch in ldap.
thumbnail
Hitoshi Ozawa, modificado 11 Anos atrás.

RE: Liferay and LDAP: current an old password works!

Liferay Legend Postagens: 7942 Data de Entrada: 24/03/10 Postagens Recentes
Please try it and see it actually works. I think there was a bug which made it to always check liferay's repository.