Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-15179

LDAP synchronization (user removed from a LDAP group) : 'View users' page still shows the removed user (but 'Assign users' page is correct)

    Details

      Description

      The bug concerns LDAP synchronization component.
      Here is the my LDAP configuration in portal-ext.properties :

      #

      1. Set the values used to connect to a LDAP store.
        #
        ldap.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
        ldap.base.provider.url=ldap://localhost:1389
        ldap.base.dn=dc=example,dc=com
        ldap.security.principal=cn=DM
        ldap.security.credentials=root
        ldap.referral=follow

      #

      1. When a user is exported to LDAP and the user does not exist, the user will
      2. be created with the following default object classes.
        #
        ldap.user.default.object.classes=top,person,inetOrgPerson,organizationalPerson

      #

      1. When importing and exporting users, the portal will use this mapping to
      2. connect LDAP user attributes and portal user attributes.
        #
      3. See com.liferay.portal.model.UserModel for a list of attributes.
        #
        ldap.user.mappings=uuid=uid\nscreenName=cn\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn\njobTitle=title\ngroup=groupMembership

      #

      1. When importing and exporting users, the portal will use this mapping to
      2. connect LDAP user attributes and portal user's custom attributes.
        #
        ldap.user.custom.mappings=

      #

      1. When a group is exported to LDAP and the group does not exist, the group
      2. will be created with the following default object classes.
        #
        ldap.group.default.object.classes=top,groupOfUniqueNames

      #

      1. When importing groups, the portal will use this mapping to connect LDAP
      2. group attributes and portal user group attributes.
        #
        ldap.group.mappings=groupName=cn\ndescription=description\nuser=uniqueMember

      #

      1. Settings for importing users and groups from LDAP to the portal.
        #
        ldap.import.enabled=true
        ldap.import.on.startup=false
        ldap.import.interval=1
        ldap.import.user.search.filter=(objectClass=inetOrgPerson)
        ldap.import.group.search.filter=(objectClass=groupOfUniqueNames)

      #

      1. Set either user or group for import method. If set to user, portal will
      2. import all users and the groups associated with those users. If set to
      3. group, the portal import all groups and the users associated those groups.
      4. This value should be set based on how your LDAP server stores group
      5. membership information.
        #
        #ldap.import.method=user
        ldap.import.method=group

      You can take a look at screenshot to understand more easily what's the bug.

      When a user ('Ted Tiger' in the screenshot) is first put in the LDAP (OPEN DS) group ('groupe de test' in the screenshot), but after a first synchronization, if he's removed from that group (in LDAP), then

      • in page : 'Control Panel > Portal > User Groups > groupe de test > Assign Members', the user ('Ted Tiger' in the screeshot) doesn't appear anymore --> that's correct, but
      • in 'Control Panel > Portal > User Groups > groupe de test > View Members', the user ('Ted Tiger' in the screeshot) is still there.

      It sounds like while the LDAP synchronization, the database user/user group relationship is not completely cleaned up.

        Attachments

          Activity

            People

            Assignee:
            michael.saechang Michael Saechang
            Reporter:
            lamim Laurent Mimoun (Inactive)
            Participants of an Issue:
            Recent user:
            Esther Sanz
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              8 years, 30 weeks ago

                Packages

                Version Package
                6.2.0 CE M4