PUBLIC - Liferay Portal Community Edition
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-14905

Unable to import group from LDAP in Liferay 6.0.5 with ldap.import.method=user

    Details

    • Similar Issues:
      Show 5 results 

      Description

      Unable to import group from LDAP in Liferay 6.0.5 with : ldap.import.method=user (but works with ldap.import.method=group).

      I want to point that group importation works fine in Liferay 5.2.3 with the same LDAP configuration.

      Below the LDAP configuration :

      ##

        1. LDAP
          ##

      #configuration du LDAP
      ldap.base.provider.url=ldap://myHost:389
      ldap.base.dn=dc=myCompany,dc=fr
      ldap.security.principal=cn=admin,dc=myCompany,dc=fr
      ldap.security.credentials=password

      ldap.auth.enabled=true

      ldap.auth.required=false

      ldap.auth.search.filter=(uid=@screen_name@)

      ldap.import.enabled=true
      ldap.import.on.startup=false
      ldap.import.interval=10
      ldap.import.user.search.filter=(objectClass=person)
      ldap.import.group.search.filter=(objectClass=groupOfUniqueNames)

      ldap.user.mappings=screenName=uid\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn\ngroup=memberOf

      ldap.group.mappings=groupName\=cn\ndescription\=description\nuser\=uniqueMember

      ldap.import.method=user

      ldap.import.create.role.per.group=true

      ldap.export.enabled=false

        Activity

        Hide
        Sophia Zhang added a comment -

        I could reproduce it on 6.0.11EESP1.As of 6.0.x,I couldn't test it due to this issue:
        http://issues.liferay.com/browse/LPS-14930
        But I could retested it as soon as it's fixed.
        Basically tested steps as above description.

        Show
        Sophia Zhang added a comment - I could reproduce it on 6.0.11EESP1.As of 6.0.x,I couldn't test it due to this issue: http://issues.liferay.com/browse/LPS-14930 But I could retested it as soon as it's fixed. Basically tested steps as above description.
        Hide
        Leo PRATLONG added a comment -

        I reproduce this error too.
        Do you have any way to fix this problem please ?

        Show
        Leo PRATLONG added a comment - I reproduce this error too. Do you have any way to fix this problem please ?
        Hide
        James Falkner added a comment -

        This issue is a backlog candidate for the 100 PaperCuts program. Please consider participating! See http://liferay.com/community/100-papercuts

        Show
        James Falkner added a comment - This issue is a backlog candidate for the 100 PaperCuts program. Please consider participating! See http://liferay.com/community/100-papercuts
        Hide
        Baptiste Grenier added a comment -

        This issue is currently being addressed in Sprint 2 of the 100 PaperCuts program. Please see http://liferay.com/community/100-papercuts

        Show
        Baptiste Grenier added a comment - This issue is currently being addressed in Sprint 2 of the 100 PaperCuts program. Please see http://liferay.com/community/100-papercuts
        Hide
        Leo PRATLONG added a comment -

        I could not see it in Sprint 2. Do you have more information please ?

        Show
        Leo PRATLONG added a comment - I could not see it in Sprint 2. Do you have more information please ?
        Hide
        Baptiste Grenier added a comment -

        Hi,
        Please see: http://www.liferay.com/community/forums/-/message_boards/message/7644098#_19_message_7673321 .

        Regarding this issue, I did some tests on trunk with OpenLDAP 2.4.24, and the results seems to vary according to the way the LDAP directory is organized:
        The user has an attribute memberOf with a group DN.
        If the group does list the member's DN using a uniqueMember attribute the import work, both for ldap.import.method=user and ldap.import.method=group.
        If the group does not list the member's DN using a uniqueMember attribute the import does not work both for user and group import method.

        On Liferay 6.0.5 (bundle and checkout of the 6.0.5 tag) I got the same behaviour.

        Here is the LDAP directory I'm using:
        dn: dc=bapt,dc=name
        objectClass: top
        objectClass: dcObject
        objectClass: organization
        o: bapt
        dc: bapt
        description: Top level LDAP tree for bapt.name

        dn: ou=people,dc=bapt,dc=name
        objectClass: organizationalUnit
        ou: people
        description: the list of registered users

        dn: ou=team,dc=bapt,dc=name
        objectClass: groupOfUniqueNames
        cn: team
        ou: team
        description: the bapt team
        uniqueMember: cn=Joe Dalton,ou=people,dc=bapt,dc=name

        dn: cn=Baptiste Grenier,ou=people,dc=bapt,dc=name
        cn: Baptiste Grenier
        sn: Grenier
        uid: baptiste.grenier
        givenName: Baptiste
        objectClass: inetOrgPerson
        userPassword:: e1NTSEF9c2cyaDI1ZFZQcFRxVmlhN3JKUVQzNUN1ZFVIN1Q2OGY=
        mail: baptiste@bapt.name
        memberOf: ou=team,dc=bapt,dc=name

        dn: cn=Joe Dalton,ou=people,dc=bapt,dc=name
        cn: Joe Dalton
        sn: Dalton
        uid: joe.dalton
        givenName: Joe
        objectClass: inetOrgPerson
        userPassword:: cGxvcA==

        Here is the Liferay conf for trunk:
        company.security.auth.type=screenName
        ldap.base.provider.url.0=ldap://beerserk.bapt.name:389
        ldap.base.dn.0=dc=bapt,dc=name
        ldap.security.principal.0=cn=admin,dc=bapt,dc=name
        ldap.security.credentials.0=XXXXXXXXXXX
        ldap.auth.enabled=true
        ldap.auth.required=false
        ldap.auth.search.filter.0=(uid=@screen_name@)
        ldap.import.enabled=true
        ldap.import.on.startup=false
        ldap.import.interval=10
        ldap.import.user.search.filter.0=(objectClass=person)
        ldap.import.group.search.filter.0=(objectClass=groupOfUniqueNames)
        ldap.user.mappings.0=screenName=uid\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn\ngroup=memberOf
        ldap.group.mappings.0=groupName\=cn\ndescription\=description\nuser\=uniqueMember
        ldap.import.method=user
        #ldap.import.method=group
        ldap.import.create.role.per.group=true
        ldap.export.enabled=false
        ldap.user.custom.mappings.0=
        ldap.contact.mappings.0=
        ldap.contact.custom.mappings.0=

        And for 6.0.5:
        company.security.auth.type=screenName
        ldap.base.provider.url=ldap://beerserk.bapt.name:389
        ldap.base.dn=dc=bapt,dc=name
        ldap.security.principal=cn=admin,dc=bapt,dc=name
        ldap.security.credentials=XXXXXXXXX
        ldap.auth.enabled=true
        ldap.auth.required=false
        ldap.auth.search.filter=(uid=@screen_name@)
        ldap.import.enabled=true
        ldap.import.on.startup=false
        ldap.import.interval=10
        ldap.import.user.search.filter=(objectClass=person)
        ldap.import.group.search.filter=(objectClass=groupOfUniqueNames)
        ldap.user.mappings=screenName=uid\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn\ngroup=memberOf
        ldap.group.mappings=groupName\=cn\ndescription\=description\nuser\=uniqueMember
        ldap.import.method=user
        #ldap.import.method=group
        ldap.import.create.role.per.group=true
        ldap.export.enabled=false

        So I am not able to reproduce the very same error, but I do have some problems...
        I am new to the memberOf overlay and I am not sure if adding the user DN as a uniqueMember attribute is required or it it's optional. If it's required for me Liferay works correctly, if not there is a bug.
        What was the LDAP directory configuration you were using?

        Show
        Baptiste Grenier added a comment - Hi, Please see: http://www.liferay.com/community/forums/-/message_boards/message/7644098#_19_message_7673321 . Regarding this issue, I did some tests on trunk with OpenLDAP 2.4.24, and the results seems to vary according to the way the LDAP directory is organized: The user has an attribute memberOf with a group DN. If the group does list the member's DN using a uniqueMember attribute the import work, both for ldap.import.method=user and ldap.import.method=group. If the group does not list the member's DN using a uniqueMember attribute the import does not work both for user and group import method. On Liferay 6.0.5 (bundle and checkout of the 6.0.5 tag) I got the same behaviour. Here is the LDAP directory I'm using: dn: dc=bapt,dc=name objectClass: top objectClass: dcObject objectClass: organization o: bapt dc: bapt description: Top level LDAP tree for bapt.name dn: ou=people,dc=bapt,dc=name objectClass: organizationalUnit ou: people description: the list of registered users dn: ou=team,dc=bapt,dc=name objectClass: groupOfUniqueNames cn: team ou: team description: the bapt team uniqueMember: cn=Joe Dalton,ou=people,dc=bapt,dc=name dn: cn=Baptiste Grenier,ou=people,dc=bapt,dc=name cn: Baptiste Grenier sn: Grenier uid: baptiste.grenier givenName: Baptiste objectClass: inetOrgPerson userPassword:: e1NTSEF9c2cyaDI1ZFZQcFRxVmlhN3JKUVQzNUN1ZFVIN1Q2OGY= mail: baptiste@bapt.name memberOf: ou=team,dc=bapt,dc=name dn: cn=Joe Dalton,ou=people,dc=bapt,dc=name cn: Joe Dalton sn: Dalton uid: joe.dalton givenName: Joe objectClass: inetOrgPerson userPassword:: cGxvcA== Here is the Liferay conf for trunk: company.security.auth.type=screenName ldap.base.provider.url.0=ldap://beerserk.bapt.name:389 ldap.base.dn.0=dc=bapt,dc=name ldap.security.principal.0=cn=admin,dc=bapt,dc=name ldap.security.credentials.0=XXXXXXXXXXX ldap.auth.enabled=true ldap.auth.required=false ldap.auth.search.filter.0=(uid=@screen_name@) ldap.import.enabled=true ldap.import.on.startup=false ldap.import.interval=10 ldap.import.user.search.filter.0=(objectClass=person) ldap.import.group.search.filter.0=(objectClass=groupOfUniqueNames) ldap.user.mappings.0=screenName=uid\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn\ngroup=memberOf ldap.group.mappings.0=groupName\=cn\ndescription\=description\nuser\=uniqueMember ldap.import.method=user #ldap.import.method=group ldap.import.create.role.per.group=true ldap.export.enabled=false ldap.user.custom.mappings.0= ldap.contact.mappings.0= ldap.contact.custom.mappings.0= And for 6.0.5: company.security.auth.type=screenName ldap.base.provider.url=ldap://beerserk.bapt.name:389 ldap.base.dn=dc=bapt,dc=name ldap.security.principal=cn=admin,dc=bapt,dc=name ldap.security.credentials=XXXXXXXXX ldap.auth.enabled=true ldap.auth.required=false ldap.auth.search.filter=(uid=@screen_name@) ldap.import.enabled=true ldap.import.on.startup=false ldap.import.interval=10 ldap.import.user.search.filter=(objectClass=person) ldap.import.group.search.filter=(objectClass=groupOfUniqueNames) ldap.user.mappings=screenName=uid\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn\ngroup=memberOf ldap.group.mappings=groupName\=cn\ndescription\=description\nuser\=uniqueMember ldap.import.method=user #ldap.import.method=group ldap.import.create.role.per.group=true ldap.export.enabled=false So I am not able to reproduce the very same error, but I do have some problems... I am new to the memberOf overlay and I am not sure if adding the user DN as a uniqueMember attribute is required or it it's optional. If it's required for me Liferay works correctly, if not there is a bug. What was the LDAP directory configuration you were using?
        Hide
        Sophia Zhang added a comment - - edited

        Actually,I retested it again on 6.0.11ee and it's working well, I could import groups from LDAP with ldap.imort.method=user successfullly.I used Apache server.My configuration was just followed this issue's description.
        As of your above question,my opinion is adding user DN is required.
        So I think I could close it.
        Thanks.

        Show
        Sophia Zhang added a comment - - edited Actually,I retested it again on 6.0.11ee and it's working well, I could import groups from LDAP with ldap.imort.method=user successfullly.I used Apache server.My configuration was just followed this issue's description. As of your above question,my opinion is adding user DN is required. So I think I could close it. Thanks.
        Hide
        Vicki Tsang added a comment -

        This is being bulk edited to prepare for new workflow

        Show
        Vicki Tsang added a comment - This is being bulk edited to prepare for new workflow

          People

          • Votes:
            7 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Days since last comment:
              3 years, 24 weeks, 6 days ago

              Development

                Structure Helper Panel