[LPS-30569] User gets imported from LDAP with every login even when unchanged - Liferay Issues

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 6.1.1 CE GA2, 6.1.20 EE GA2
Fix Version/s: 6.0.X EE, 6.1.2 CE GA3, 6.1.30 EE GA3, 6.2.0 CE M4
Component/s: Application Security > LDAP, Application Security > Login/Sign in Portlet, Portal Services, Security Vulnerability
Labels:
- QA-R
- QA-TP
Environment:
Win 2008, liferay-portal-ee 6.1.20

Branch Version/s:

6.1.x, 6.0.x
Backported to Branch:

Committed
Story Points:
8

Description

When user is logged in against LDAP server, import to Liferay DB is automatically triggered. This import is done only if needed, i.e. when modification date of the liferay user is different from modification date of LDAP entry.

But the import seems to be processed everytime, when a non-blank password is used for login, see PortalLDAPImportedImpl.updateUser() around line 1103, look for:

if (ldapUserModifiedDate.equals(user.getModifiedDate()) &&
ldapUser.isAutoPassword()) {

Attachments

Issue Links

is related to

LPS-71590 LDAPUserImporter always updates user

Verified

relates

LPE-8289 User gets imported from LDAP with every login even when modifcation date is unchanged

Closed

Activity

People

Assignee:

Sharry Shi

Reporter:

Josef Šustáček

Participants of an Issue:

Edward Gonzales, Josef Šustáček, Sharry Shi

Recent user:

Esther Sanz

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

18/Oct/12 8:38 AM

Updated:

19/Apr/17 1:12 AM

Resolved:

08/Jan/14 7:01 PM

Days since last comment:

3 years, 37 weeks ago