-
Type:
Regression Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 7.2.X, Master
-
Fix Version/s: 7.2.10 DXP FP7, 7.2.X, 7.3.3 CE GA4, 7.3.10 DXP GA1, Master
-
Component/s: Application Security > LDAP
-
Labels:
-
Branch Version/s:7.2.x
-
Backported to Branch:Committed
-
Story Points:1
-
Fix Priority:3
-
Sprint:Iteration 40
-
Git Pull Request:
Steps To Reproduce (Mostly taken from LPS-76332)
- Start a Docker container with OpenLDAP installed and a password policy with history enabled.
docker run --name LPS-76332 --detach -p 389:389 holatuwol/liferayissue:LPS-76332 docker exec LPS-76332 ldapmodify -x -c -D 'cn=admin,cn=config' -w admin -f /postmodify.ldif
- Start up Liferay and log in as the admin user
- Navigate to Control Panel > Configuration > Instance Settings > LDAP
- Under "General" enable "Enabled" and "Use LDAP Password Policy"
- Under "Export" enable "Enable Export"
- Under "Import" enable "Enable Import" and "Enable Import on Startup"
- Under "Server" add a server with the following details
- Set the name to "localhost"
- Select the OpenLDAP radio button
- Change the Base DN to "dc=example,dc=org"
- Change the Principal to "cn=test,ou=people,dc=example,dc=org"
- Change the password to "test"
- Click on the "Test LDAP Connection" button
- Test the LDAP user import
- Click on the "Test LDAP Users" button
- Update the LDAP export configuration
- Change the Users DN to "ou=people,dc=example,dc=org"
- Change the User Default Object Classes to "top,person,organizationalPerson,inetOrgPerson"
- Set the Groups DN to blank
- Save the configuration
- Wait for the users to be imported or restart the server to trigger it
- Sign in as test2@liferay.com with the password "test"
- Navigate to My Account > Account Settings
- Change the password to "test1"
- Change the password to "test"
Expected Results
The password is not modified since it does not adhere to the password policy in LDAP (cannot reuse password). The user can only log in with the password "test1".
Actual Results
The password in the database is updated but the password in LDAP is not. The user can log in with either "test" or "test1".
- is caused by
-
LPS-74221 Long LDAP export delay can cause contact or user group update to fail
- Closed
- is related to
-
LPS-116133 Study the possibility to roll back changes in LDAP in case the local DB transaction fails after a correct update of LDAP
-
- Open
-