Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-68063

"Create New User" feature not creating userPassword attribute in LDAP -- user unable to authenticate

    Details

    • Story Points:
      1.5
    • JDK:
      Oracle Sun JDK 8
    • Application Servers:
      Apache Tomcat 8.0.x
    • Browsers:
      Chrome (latest)
    • Databases:
      MariaDB 10.0

      Description

      History of my issue can be found here: https://web.liferay.com/en/community/forums/-/message_boards/message/78818698

      There were a number of configuration issues around LDAP, but I'll keep this ticket to a single issue with my most workable LDAP configuration.

      ----------------

      Liferay 7.0.2 GA3 (Wilberforce / Build 7002 / August 5, 2016)
      10.1.17-MariaDB MariaDB Server
      CentOS Linux release 7.2.1511
      tomcat-8.0.32
      ----------------

      list of configurations (portal-ext.properties, openldap, LDAP configs in liferay).
      Liferay LDAP troubleshooting.pdf
      ----------------

      The issue that I'm seeing is that newly created users do not have a userPassword created in ldap. this should be considered a bug since the UI and email provides the user their initial password. But, that password will not auth as it's not persisted to the ldap. here's a use case:


      • creating a new user appears to work
      • user object is created in the db and ldap
      • ldap does not have a userPassword attribute
      • initial password does not allow user to auth
      • user can use 'forgot password' feature
      • upon submit, error is thrown in log*** and UI; but passwordModifiedDate is updated in db and userPassword attribute is added to ldap
      • at this point, it seems that the user's ldap is setup the same as the other, working users, but this user still cannot log in – same error thrown

      ***liferay error.log
      Note that this error is seen often when using other configurations (e.g., enabling ldap import & export at the same time – note that Liferay 6.2 appears not to allow this config)

      Note that I attempted to disable the 'required' flag (assuming it's similar to the JAAS control flag for required vs. sufficient) to see if new users would be able to auth against the password value in the db, but that failed.

      Thanks,
      -ryan

        Attachments

        1. liferay error.log
          25 kB
        2. Liferay LDAP troubleshooting.pdf
          94 kB
        3. LPS-68063 - trace.log
          427 kB
        4. screenshot-1.png
          screenshot-1.png
          13 kB

          Activity

            People

            • Assignee:
              linda.sui Linda Sui
              Reporter:
              rsulliv1 Ryan Sullivan
              Participants of an Issue:
              Recent user:
              Linda Sui
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                2 years, 9 weeks, 5 days ago

                Packages

                Version Package
                7.0.X EE
                Master