Details
-
Type:
Bug
-
Status: Closed
-
Resolution: Duplicate
-
Affects Version/s: 5.1.2
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
-
Environment:Java 1.6, Tomcat 5.5, MySql 5
Description
Trying to import users from a LDAP server you get the below error for all users and no users are imported.
NOTE that from the Administration portlet the test about users to import is ok - it shows all the user to import.
-----------------------------------------------------------
18:12:11,531 ERROR [PortalLDAPUtil] Problem adding user with screen name m2 and
email address m2@clivet.it
com.liferay.portal.ModelListenerException: javax.naming.directory.InvalidAttribu
teValueException: [LDAP: error code 21 - INVALID_ATTRIBUTE_SYNTAX: failed for
Modify Request
Object : '2.5.4.3=m2,2.5.4.11=people,0.9.2342.19200300.100.1.25=clivet,0
.9.2342.19200300.100.1.25=it'
Modification[0]
Operation : replace
Modification
givenname:
Modification[1]
Operation : replace
Modification
sn:
Modification[2]
Operation : replace
Modification
mail: m2@clivet.it
Modification[3]
Operation : replace
Modification
title:
: Attribute value '' for attribute 'givenname' is syntactically incorrect]; remaining name 'cn=m2,ou=People,dc=clivet,dc=it'
Actual portal-ext.properties:
##
-
- LDAP
##
- LDAP
#
- Set the values used to connect to a LDAP store.
#
ldap.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.base.provider.url=ldap://localhost:10389
ldap.base.dn=dc=clivet,dc=it
ldap.security.principal=uid=admin,ou=system
ldap.security.credentials=xxxxxxxx
#
- Settings for com.liferay.portal.security.auth.LDAPAuth can be configured
- from the Admin portlet. It provides out of the box support for Apache
- Directory Server, Microsoft Active Directory Server, Novell eDirectory,
- and OpenLDAP. The default settings are for Apache Directory Server.
# - The LDAPAuth class must be specified in the property "auth.pipeline.pre"
- to be executed.
# - Encryption is implemented by com.liferay.util.Encryptor.provider.class in
- system.properties.
#
ldap.auth.enabled=true
ldap.auth.required=false
#
- Set either bind or password-compare for the LDAP authentication method.
- Bind is preferred by most vendors so that you don't have to worry about
- encryption strategies.
#
#ldap.auth.method=password-compare
#
- Active Directory stores information about the user account as a series of
- bit fields in the UserAccountControl attribute.
# - If you want to prevent disabled accounts from logging into the portal you
- need to use a search filter similiar to the following:
- (&(objectclass=person)(userprincipalname=@email_address@)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))
# - See the following links:
- http://support.microsoft.com/kb/305144/
- http://support.microsoft.com/?kbid=269181
#
ldap.auth.search.filter=(cn=@screen_name@)
ldap.import.search.filter=(objectClass=inetOrgPerson)
# - The following settings are used to map LDAP users to portal users.
# - You can write your own class that extends
- com.liferay.portal.security.ldap.LDAPUser to customize the behavior for
- exporting portal users to the LDAP store.
#
ldap.users.dn=ou=People,dc=clivet,dc=it
ldap.user.mappings=screenName=cn\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn\njobTitle=title\ngroup=groupMembership
ldap.user.impl=com.liferay.portal.security.ldap.LDAPUser
ldap.user.default.object.classes=top,person,inetOrgPerson,organizationalPerson
# - The following settings are used to map LDAP groups to portal user groups.
#
ldap.groups.dn=ou=Roles,dc=clivet,dc=it
ldap.group.mappings=groupName=cn\ndescription=description
#
- Settings for importing users and groups from LDAP to the portal.
#
ldap.import.enabled=true
ldap.import.on.startup=true
ldap.import.interval=10
#
- Settings for exporting users from the portal to LDAP. This allows a user
- to modify his first name, last name, etc. in the portal and have that
- change get pushed to the LDAP server. This will only be active if the
- property "ldap.auth.enabled" is also set to true.
#
ldap.export.enabled=true
#
- Set this to true to use the LDAP's password policy instead of the portal
- password policy.
#
ldap.password.policy.enabled=false