PUBLIC - Liferay Portal Community Edition

PortalLDAPUtil - Impossible to import users from LDAP server

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Resolution: Duplicate
  • Affects Version/s: 5.1.2
  • Fix Version/s: None
  • Component/s: None
  • Labels:
    None
  • Environment:
    Java 1.6, Tomcat 5.5, MySql 5
  • Similar Issues:
    Show 5 results 

Description

Trying to import users from a LDAP server you get the below error for all users and no users are imported.
NOTE that from the Administration portlet the test about users to import is ok - it shows all the user to import.

-----------------------------------------------------------
18:12:11,531 ERROR [PortalLDAPUtil] Problem adding user with screen name m2 and
email address m2@clivet.it
com.liferay.portal.ModelListenerException: javax.naming.directory.InvalidAttribu
teValueException: [LDAP: error code 21 - INVALID_ATTRIBUTE_SYNTAX: failed for
Modify Request
Object : '2.5.4.3=m2,2.5.4.11=people,0.9.2342.19200300.100.1.25=clivet,0
.9.2342.19200300.100.1.25=it'
Modification[0]
Operation : replace
Modification
givenname:
Modification[1]
Operation : replace
Modification
sn:
Modification[2]
Operation : replace
Modification
mail: m2@clivet.it
Modification[3]
Operation : replace
Modification
title:
: Attribute value '' for attribute 'givenname' is syntactically incorrect]; remaining name 'cn=m2,ou=People,dc=clivet,dc=it'

Actual portal-ext.properties:

##

    1. LDAP
      ##

#

  1. Set the values used to connect to a LDAP store.
    #
    ldap.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
    ldap.base.provider.url=ldap://localhost:10389
    ldap.base.dn=dc=clivet,dc=it
    ldap.security.principal=uid=admin,ou=system
    ldap.security.credentials=xxxxxxxx

#

  1. Settings for com.liferay.portal.security.auth.LDAPAuth can be configured
  2. from the Admin portlet. It provides out of the box support for Apache
  3. Directory Server, Microsoft Active Directory Server, Novell eDirectory,
  4. and OpenLDAP. The default settings are for Apache Directory Server.
    #
  5. The LDAPAuth class must be specified in the property "auth.pipeline.pre"
  6. to be executed.
    #
  7. Encryption is implemented by com.liferay.util.Encryptor.provider.class in
  8. system.properties.
    #
    ldap.auth.enabled=true
    ldap.auth.required=false

#

  1. Set either bind or password-compare for the LDAP authentication method.
  2. Bind is preferred by most vendors so that you don't have to worry about
  3. encryption strategies.
    #
    #ldap.auth.method=password-compare

#

  1. Active Directory stores information about the user account as a series of
  2. bit fields in the UserAccountControl attribute.
    #
  3. If you want to prevent disabled accounts from logging into the portal you
  4. need to use a search filter similiar to the following:
  5. (&(objectclass=person)(userprincipalname=@email_address@)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))
    #
  6. See the following links:
  7. http://support.microsoft.com/kb/305144/
  8. http://support.microsoft.com/?kbid=269181
    #
    ldap.auth.search.filter=(cn=@screen_name@)
    ldap.import.search.filter=(objectClass=inetOrgPerson)
    #
  9. The following settings are used to map LDAP users to portal users.
    #
  10. You can write your own class that extends
  11. com.liferay.portal.security.ldap.LDAPUser to customize the behavior for
  12. exporting portal users to the LDAP store.
    #
    ldap.users.dn=ou=People,dc=clivet,dc=it
    ldap.user.mappings=screenName=cn\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn\njobTitle=title\ngroup=groupMembership
    ldap.user.impl=com.liferay.portal.security.ldap.LDAPUser
    ldap.user.default.object.classes=top,person,inetOrgPerson,organizationalPerson
    #
  13. The following settings are used to map LDAP groups to portal user groups.
    #
    ldap.groups.dn=ou=Roles,dc=clivet,dc=it
    ldap.group.mappings=groupName=cn\ndescription=description

#

  1. Settings for importing users and groups from LDAP to the portal.
    #
    ldap.import.enabled=true
    ldap.import.on.startup=true
    ldap.import.interval=10

#

  1. Settings for exporting users from the portal to LDAP. This allows a user
  2. to modify his first name, last name, etc. in the portal and have that
  3. change get pushed to the LDAP server. This will only be active if the
  4. property "ldap.auth.enabled" is also set to true.
    #
    ldap.export.enabled=true

#

  1. Set this to true to use the LDAP's password policy instead of the portal
  2. password policy.
    #
    ldap.password.policy.enabled=false

Activity

Transition Time In Source Status Execution Times Last Executer Last Execution Date
Open Open Closed Closed
166d 3h 9m 1 Amos Fong 13/Apr/09 2:32 PM
Closed Closed Reopened Reopened
1m 24s 2 Amos Fong 13/Apr/09 2:35 PM
Reopened Reopened Closed Closed
1m 22s 2 Amos Fong 13/Apr/09 2:35 PM

People

Vote (3)
Watch (3)

Dates

  • Created:
    Updated:
    Resolved:
    Days since last comment:
    5 years, 13 weeks, 4 days ago