Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-47294

LDAP password import is disabled but signing in restores real password

    Details

    • Story Points:
      6
    • Fix Priority:
      2

      Description

      Set up portal LDAP user import so that passwords are not be imported and set password encryption to none (for testing purposes)

      ldap.import.user.password.enabled=false
      ldap.import.user.password.autogenerated=false
      ldap.import.user.password.default=test

      passwords.encryption.algorithm=NONE

      Users are imported so that password_ in database is "test". Signing in sets password to be user's real password hence making this feature not very useful.

      Apparently this happens only when user data has not changed in LDAP and user signs in. Seems to be caused by password update code lines which do not respect the above configuration. I think configuration should be checked here as is done later in code when real data update takes place. My diff:

      diff PortalLDAPImporterImpl.java_MOD PortalLDAPImporterImpl.java_6.2cega2
      1210,1219d1209
      < if (!PropsValues.LDAP_IMPORT_USER_PASSWORD_ENABLED) {
      < password = PropsValues.LDAP_IMPORT_USER_PASSWORD_DEFAULT;
      <
      < if (StringUtil.equalsIgnoreCase(
      < password, _USER_PASSWORD_SCREEN_NAME))

      { < < password = ldapUser.getScreenName(); < }

      < }
      <

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  4 years, 43 weeks, 2 days ago

                  Packages

                  Version Package
                  7.0.0 Beta 2