Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-57602

Users cannot login with ldap.auth.method=password-compare ldap.auth.password.encryption.algorithm=SHA-256

    Details

    • Fix Priority:
      4

      Description

      Steps to reproduce:

      1. Set the following properties:
        passwords.encryption.algorithm=SHA-256
        
      2. Install a clean bundle.
      3. Set up a LDAP server which saves passwords in SHA-256.
      4. Configure LDAP properties:
        ##
        ## LDAP configuration
        ##
        ldap.auth.enabled=true
        ldap.auth.required=true
        ldap.auth.method=password-compare
        ldap.auth.password.encryption.algorithm=SHA-256
        
        ldap.import.enabled=true
        ldap.import.on.startup=false
        ldap.import.interval=10
        ldap.import.method=group
        ldap.import.create.role.per.group=true
        ldap.import.user.password.enabled=false
        ldap.export.enabled=true
        ldap.export.group.enabled=true
        
        ldap.base.provider.url.0=ldap://localhost:389
        ldap.base.dn.0=dc=example,dc=com
        ldap.security.principal.0=cn=admin,dc=example,dc=com
        ldap.security.credentials.0=test
        
        ldap.auth.search.filter.0=(email=@email_address@)
        ldap.import.user.search.filter.0=(objectClass=account)
        ldap.import.group.search.filter.0=(objectClass=groupOfNames)
        
        ldap.user.mappings.0=emailAddress=email\nfirstName=name\ngroup=member\nlastName=sn\npassword=userPassword\nscreenName=uid\n
        ldap.group.mappings.0=description=description\ngroupName=cn\nuser=member
        
        ldap.users.dn.0=ou=users,dc=example,dc=com
        ldap.user.default.object.classes.0=extensibleObject,userSecurityInformation,top,account,uidObject
        ldap.groups.dn.0=ou=groups,dc=example,dc=com
        ldap.group.default.object.classes.0=groupOfNames,extensibleObject,top
        
      5. Create a LDAP user with user@example.com as email address and password "test" (" {SHA-256}

        n4bQgYhMfWWaL+qgxVrQFaO/TxsrC4Is0V1sFbDwCgg=").

      6. Login as user@example.com

      Expected result:

      • Login is successful.

      Actual result:

      • Login fails.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              melody.wu Melody Wu
              Reporter:
              daniel.couso Daniel Couso
              Participants of an Issue:
              Recent user:
              Tomáš Polešovský
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                4 years, 44 weeks, 4 days ago

                  Packages

                  Version Package
                  7.0.0 Beta 1