PUBLIC - Liferay Portal Community Edition

Unable to import group from LDAP in Liferay 6.0.5 with ldap.import.method=user

Details

  • Type: Regression Bug Regression Bug
  • Status: Closed Closed
  • Priority: Minor Minor
  • Resolution: Fixed
  • Affects Version/s: 6.0.5 GA
  • Fix Version/s: --Sprint 12/11, 6.1.0 CE RC1
  • Component/s: Security
  • Labels:
    None
  • Similar Issues:
    Show 5 results 

Description

Unable to import group from LDAP in Liferay 6.0.5 with : ldap.import.method=user (but works with ldap.import.method=group).

I want to point that group importation works fine in Liferay 5.2.3 with the same LDAP configuration.

Below the LDAP configuration :

##

    1. LDAP
      ##

#configuration du LDAP
ldap.base.provider.url=ldap://myHost:389
ldap.base.dn=dc=myCompany,dc=fr
ldap.security.principal=cn=admin,dc=myCompany,dc=fr
ldap.security.credentials=password

ldap.auth.enabled=true

ldap.auth.required=false

ldap.auth.search.filter=(uid=@screen_name@)

ldap.import.enabled=true
ldap.import.on.startup=false
ldap.import.interval=10
ldap.import.user.search.filter=(objectClass=person)
ldap.import.group.search.filter=(objectClass=groupOfUniqueNames)

ldap.user.mappings=screenName=uid\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn\ngroup=memberOf

ldap.group.mappings=groupName\=cn\ndescription\=description\nuser\=uniqueMember

ldap.import.method=user

ldap.import.create.role.per.group=true

ldap.export.enabled=false

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Sophia Zhang added a comment -

I could reproduce it on 6.0.11EESP1.As of 6.0.x,I couldn't test it due to this issue:
http://issues.liferay.com/browse/LPS-14930
But I could retested it as soon as it's fixed.
Basically tested steps as above description.

Show
Sophia Zhang added a comment - I could reproduce it on 6.0.11EESP1.As of 6.0.x,I couldn't test it due to this issue: http://issues.liferay.com/browse/LPS-14930 But I could retested it as soon as it's fixed. Basically tested steps as above description.
Hide
Permalink
Leo PRATLONG added a comment -

I reproduce this error too.
Do you have any way to fix this problem please ?

Show
Leo PRATLONG added a comment - I reproduce this error too. Do you have any way to fix this problem please ?
Hide
Permalink
James Falkner added a comment -

This issue is a backlog candidate for the 100 PaperCuts program. Please consider participating! See http://liferay.com/community/100-papercuts

Show
James Falkner added a comment - This issue is a backlog candidate for the 100 PaperCuts program. Please consider participating! See http://liferay.com/community/100-papercuts
Hide
Permalink
Baptiste Grenier added a comment -

This issue is currently being addressed in Sprint 2 of the 100 PaperCuts program. Please see http://liferay.com/community/100-papercuts

Show
Baptiste Grenier added a comment - This issue is currently being addressed in Sprint 2 of the 100 PaperCuts program. Please see http://liferay.com/community/100-papercuts
Hide
Permalink
Leo PRATLONG added a comment -

I could not see it in Sprint 2. Do you have more information please ?

Show
Leo PRATLONG added a comment - I could not see it in Sprint 2. Do you have more information please ?
Hide
Permalink
Baptiste Grenier added a comment -

Hi,
Please see: http://www.liferay.com/community/forums/-/message_boards/message/7644098#_19_message_7673321 .

Regarding this issue, I did some tests on trunk with OpenLDAP 2.4.24, and the results seems to vary according to the way the LDAP directory is organized:
The user has an attribute memberOf with a group DN.
If the group does list the member's DN using a uniqueMember attribute the import work, both for ldap.import.method=user and ldap.import.method=group.
If the group does not list the member's DN using a uniqueMember attribute the import does not work both for user and group import method.

On Liferay 6.0.5 (bundle and checkout of the 6.0.5 tag) I got the same behaviour.

Here is the LDAP directory I'm using:
dn: dc=bapt,dc=name
objectClass: top
objectClass: dcObject
objectClass: organization
o: bapt
dc: bapt
description: Top level LDAP tree for bapt.name

dn: ou=people,dc=bapt,dc=name
objectClass: organizationalUnit
ou: people
description: the list of registered users

dn: ou=team,dc=bapt,dc=name
objectClass: groupOfUniqueNames
cn: team
ou: team
description: the bapt team
uniqueMember: cn=Joe Dalton,ou=people,dc=bapt,dc=name

dn: cn=Baptiste Grenier,ou=people,dc=bapt,dc=name
cn: Baptiste Grenier
sn: Grenier
uid: baptiste.grenier
givenName: Baptiste
objectClass: inetOrgPerson
userPassword:: e1NTSEF9c2cyaDI1ZFZQcFRxVmlhN3JKUVQzNUN1ZFVIN1Q2OGY=
mail: baptiste@bapt.name
memberOf: ou=team,dc=bapt,dc=name

dn: cn=Joe Dalton,ou=people,dc=bapt,dc=name
cn: Joe Dalton
sn: Dalton
uid: joe.dalton
givenName: Joe
objectClass: inetOrgPerson
userPassword:: cGxvcA==

Here is the Liferay conf for trunk:
company.security.auth.type=screenName
ldap.base.provider.url.0=ldap://beerserk.bapt.name:389
ldap.base.dn.0=dc=bapt,dc=name
ldap.security.principal.0=cn=admin,dc=bapt,dc=name
ldap.security.credentials.0=XXXXXXXXXXX
ldap.auth.enabled=true
ldap.auth.required=false
ldap.auth.search.filter.0=(uid=@screen_name@)
ldap.import.enabled=true
ldap.import.on.startup=false
ldap.import.interval=10
ldap.import.user.search.filter.0=(objectClass=person)
ldap.import.group.search.filter.0=(objectClass=groupOfUniqueNames)
ldap.user.mappings.0=screenName=uid\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn\ngroup=memberOf
ldap.group.mappings.0=groupName\=cn\ndescription\=description\nuser\=uniqueMember
ldap.import.method=user
#ldap.import.method=group
ldap.import.create.role.per.group=true
ldap.export.enabled=false
ldap.user.custom.mappings.0=
ldap.contact.mappings.0=
ldap.contact.custom.mappings.0=

And for 6.0.5:
company.security.auth.type=screenName
ldap.base.provider.url=ldap://beerserk.bapt.name:389
ldap.base.dn=dc=bapt,dc=name
ldap.security.principal=cn=admin,dc=bapt,dc=name
ldap.security.credentials=XXXXXXXXX
ldap.auth.enabled=true
ldap.auth.required=false
ldap.auth.search.filter=(uid=@screen_name@)
ldap.import.enabled=true
ldap.import.on.startup=false
ldap.import.interval=10
ldap.import.user.search.filter=(objectClass=person)
ldap.import.group.search.filter=(objectClass=groupOfUniqueNames)
ldap.user.mappings=screenName=uid\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn\ngroup=memberOf
ldap.group.mappings=groupName\=cn\ndescription\=description\nuser\=uniqueMember
ldap.import.method=user
#ldap.import.method=group
ldap.import.create.role.per.group=true
ldap.export.enabled=false

So I am not able to reproduce the very same error, but I do have some problems...
I am new to the memberOf overlay and I am not sure if adding the user DN as a uniqueMember attribute is required or it it's optional. If it's required for me Liferay works correctly, if not there is a bug.
What was the LDAP directory configuration you were using?

Show
Baptiste Grenier added a comment - Hi, Please see: http://www.liferay.com/community/forums/-/message_boards/message/7644098#_19_message_7673321 . Regarding this issue, I did some tests on trunk with OpenLDAP 2.4.24, and the results seems to vary according to the way the LDAP directory is organized: The user has an attribute memberOf with a group DN. If the group does list the member's DN using a uniqueMember attribute the import work, both for ldap.import.method=user and ldap.import.method=group. If the group does not list the member's DN using a uniqueMember attribute the import does not work both for user and group import method. On Liferay 6.0.5 (bundle and checkout of the 6.0.5 tag) I got the same behaviour. Here is the LDAP directory I'm using: dn: dc=bapt,dc=name objectClass: top objectClass: dcObject objectClass: organization o: bapt dc: bapt description: Top level LDAP tree for bapt.name dn: ou=people,dc=bapt,dc=name objectClass: organizationalUnit ou: people description: the list of registered users dn: ou=team,dc=bapt,dc=name objectClass: groupOfUniqueNames cn: team ou: team description: the bapt team uniqueMember: cn=Joe Dalton,ou=people,dc=bapt,dc=name dn: cn=Baptiste Grenier,ou=people,dc=bapt,dc=name cn: Baptiste Grenier sn: Grenier uid: baptiste.grenier givenName: Baptiste objectClass: inetOrgPerson userPassword:: e1NTSEF9c2cyaDI1ZFZQcFRxVmlhN3JKUVQzNUN1ZFVIN1Q2OGY= mail: baptiste@bapt.name memberOf: ou=team,dc=bapt,dc=name dn: cn=Joe Dalton,ou=people,dc=bapt,dc=name cn: Joe Dalton sn: Dalton uid: joe.dalton givenName: Joe objectClass: inetOrgPerson userPassword:: cGxvcA== Here is the Liferay conf for trunk: company.security.auth.type=screenName ldap.base.provider.url.0=ldap://beerserk.bapt.name:389 ldap.base.dn.0=dc=bapt,dc=name ldap.security.principal.0=cn=admin,dc=bapt,dc=name ldap.security.credentials.0=XXXXXXXXXXX ldap.auth.enabled=true ldap.auth.required=false ldap.auth.search.filter.0=(uid=@screen_name@) ldap.import.enabled=true ldap.import.on.startup=false ldap.import.interval=10 ldap.import.user.search.filter.0=(objectClass=person) ldap.import.group.search.filter.0=(objectClass=groupOfUniqueNames) ldap.user.mappings.0=screenName=uid\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn\ngroup=memberOf ldap.group.mappings.0=groupName\=cn\ndescription\=description\nuser\=uniqueMember ldap.import.method=user #ldap.import.method=group ldap.import.create.role.per.group=true ldap.export.enabled=false ldap.user.custom.mappings.0= ldap.contact.mappings.0= ldap.contact.custom.mappings.0= And for 6.0.5: company.security.auth.type=screenName ldap.base.provider.url=ldap://beerserk.bapt.name:389 ldap.base.dn=dc=bapt,dc=name ldap.security.principal=cn=admin,dc=bapt,dc=name ldap.security.credentials=XXXXXXXXX ldap.auth.enabled=true ldap.auth.required=false ldap.auth.search.filter=(uid=@screen_name@) ldap.import.enabled=true ldap.import.on.startup=false ldap.import.interval=10 ldap.import.user.search.filter=(objectClass=person) ldap.import.group.search.filter=(objectClass=groupOfUniqueNames) ldap.user.mappings=screenName=uid\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn\ngroup=memberOf ldap.group.mappings=groupName\=cn\ndescription\=description\nuser\=uniqueMember ldap.import.method=user #ldap.import.method=group ldap.import.create.role.per.group=true ldap.export.enabled=false So I am not able to reproduce the very same error, but I do have some problems... I am new to the memberOf overlay and I am not sure if adding the user DN as a uniqueMember attribute is required or it it's optional. If it's required for me Liferay works correctly, if not there is a bug. What was the LDAP directory configuration you were using?
Hide
Permalink
Sophia Zhang added a comment - - edited

Actually,I retested it again on 6.0.11ee and it's working well, I could import groups from LDAP with ldap.imort.method=user successfullly.I used Apache server.My configuration was just followed this issue's description.
As of your above question,my opinion is adding user DN is required.
So I think I could close it.
Thanks.

Show
Sophia Zhang added a comment - - edited Actually,I retested it again on 6.0.11ee and it's working well, I could import groups from LDAP with ldap.imort.method=user successfullly.I used Apache server.My configuration was just followed this issue's description. As of your above question,my opinion is adding user DN is required. So I think I could close it. Thanks.
Hide
Permalink
Vicki Tsang added a comment -

This is being bulk edited to prepare for new workflow

Show
Vicki Tsang added a comment - This is being bulk edited to prepare for new workflow

People

Vote (7)
Watch (3)

Dates

  • Created:
    Updated:
    Resolved:
    Days since last comment:
    1 year, 28 weeks, 3 days ago