User gets imported from LDAP with every login even when unchanged

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: 6.1.1 CE GA2, 6.1.20 EE GA2
Fix Version/s: 6.0.X EE, 6.1.2 CE GA3, 6.1.30 EE GA3, 6.2.0 CE M4
Component/s: Portal Services, Portal Services > LDAP, Util > Login portlet
Labels:
- QA-R
- QA-TP
Environment:
Win 2008, liferay-portal-ee 6.1.20

Similar Issues:

Show 5 results

Description

When user is logged in against LDAP server, import to Liferay DB is automatically triggered. This import is done only if needed, i.e. when modification date of the liferay user is different from modification date of LDAP entry.

But the import seems to be processed everytime, when a non-blank password is used for login, see PortalLDAPImportedImpl.updateUser() around line 1103, look for:

if (ldapUserModifiedDate.equals(user.getModifiedDate()) &&
ldapUser.isAutoPassword()) {

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Sharry Shi added a comment - 11/Apr/13 7:35 PM - edited

PASSED Manual Testing using the following steps:

Enable the LDAP. I used Apacheds and JXplorer.
Add a user named "user1" with password "test".
Start Liferay bundle.
Go to Control Panel > Server Administration > Log Levels > Add Category to add com.liferay.portal.security.ldap.PortalLDAPImporterImpl to ALL;
Portal Setting > Authentication > LDAP, click Enable and Import Enable then Save.
Click Add to add the ldap server, choose the Apache Directory Server, fill the Server Name as Test, fill in the necessary infos to make sure Connection is successfully.
Fill in the necessary infos under Users to see the user in LDAP, now you can see test and user1 in the Test LDAP Users list. Then Save.
Login as user1, modified the password to a.
Logout, redo login as user1 with the original password test.

Reproduced on:
Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: 86b4ba82cb4ab5adc68719f7d7e333bee6825005.

Only got a message like: " 08:38:49,604 DEBUG [http-bio-8080-exec-4][PortalLDAPImporterImpl:478] Adding user email-address" when the ldap user first login, re-login has no reminder in console.

Fixed on:
Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: fff9d62d3324e0b437c398348fe565d1d6f6bded.
Tomcat 7.0 + MySQL 5. Portal 6.1.x.EE GIT ID: 137171a711bcc1d9168e5d809d2bf0867ef5055c.

Got a message like: " 09:32:23,987 DEBUG [http-bio-8080-exec-14][PortalLDAPImporterImpl:1176] User email-address is already synchronized, but updated password to avoid a blank value" every time the ldap user login except the first time.

Show

Sharry Shi added a comment - 11/Apr/13 7:35 PM - edited PASSED Manual Testing using the following steps: Enable the LDAP. I used Apacheds and JXplorer. Add a user named "user1" with password "test". Start Liferay bundle. Go to Control Panel > Server Administration > Log Levels > Add Category to add com.liferay.portal.security.ldap.PortalLDAPImporterImpl to ALL; Portal Setting > Authentication > LDAP, click Enable and Import Enable then Save. Click Add to add the ldap server, choose the Apache Directory Server, fill the Server Name as Test, fill in the necessary infos to make sure Connection is successfully. Fill in the necessary infos under Users to see the user in LDAP, now you can see test and user1 in the Test LDAP Users list. Then Save. Login as user1, modified the password to a. Logout, redo login as user1 with the original password test. Reproduced on: Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: 86b4ba82cb4ab5adc68719f7d7e333bee6825005. Only got a message like: " 08:38:49,604 DEBUG [http-bio-8080-exec-4] [PortalLDAPImporterImpl:478] Adding user email-address" when the ldap user first login, re-login has no reminder in console. Fixed on: Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: fff9d62d3324e0b437c398348fe565d1d6f6bded. Tomcat 7.0 + MySQL 5. Portal 6.1.x.EE GIT ID: 137171a711bcc1d9168e5d809d2bf0867ef5055c. Got a message like: " 09:32:23,987 DEBUG [http-bio-8080-exec-14] [PortalLDAPImporterImpl:1176] User email-address is already synchronized, but updated password to avoid a blank value" every time the ldap user login except the first time.

Hide

Permalink

Edward Gonzales added a comment - 31/May/13 12:23 PM

Hello! We plan to remove "Authentication" from the component field from issues that have more than 1 component. This issue has been identified as a candidate. It is recommended that you update any affected filters. Thanks!

Show

Edward Gonzales added a comment - 31/May/13 12:23 PM Hello! We plan to remove "Authentication" from the component field from issues that have more than 1 component. This issue has been identified as a candidate. It is recommended that you update any affected filters. Thanks!

Hide

Permalink

Sharry Shi added a comment - 13/Jan/14 10:08 PM

We are no longer testing 6.0.X, so closing as "Fixed".

Show

Sharry Shi added a comment - 13/Jan/14 10:08 PM We are no longer testing 6.0.X, so closing as "Fixed".

People

Assignee:

Sharry Shi

Reporter:

Josef Šustáček

Participants of an Issue:

Edward Gonzales, Josef Šustáček, Sharry Shi

Vote (0)

Watch (1)

Dates

Created:

18/Oct/12 8:38 AM

Updated:

17/Mar/14 3:09 AM

Resolved:

08/Jan/14 7:01 PM

Days since last comment:

14 weeks, 1 day ago

Agile

View on Board

~~LPS-10718~~	LDAP Import of groups causes massive slowdown on login
~~LPS-23459~~	LDAP-Failed to login as user imported from Microsoft Active Directory Server
~~LPS-36030~~	LDAP users languageId is reset to portal default on every import from LDAP
~~LPS-36696~~	User attributes not imported from LDAP if LDAP user was never modified
~~LPS-32794~~	User is reinidexed for every user group membership when authenticating via LDAP