Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-85179

LDAP updates user password on every login even if the password hasn't changed

    XMLWordPrintable

    Details

      Description

      Steps to reproduce

      1. Start a Docker container with OpenLDAP installed. 
        docker run --name LPS-85179 --detach -p 389:389 holatuwol/liferayissue:LPS-85179
docker exec -u root LPS-85179 apt-get update
docker exec -u root LPS-85179 apt-get install -yq ldap-utils
docker exec LPS-85179 ldapmodify -x -c -D 'cn=admin,cn=config' -w admin -f /postmodify.ldif
      2. Set users.update.last.login=false in portal-ext.properties
      3. Start up Liferay and log in as the admin user
      4. Navigate to Control Panel > Configuration > Instance Settings
      5. Select the Authentication section and select the LDAP tab
      6. Choose the option to add an LDAP server
      7. Test the LDAP configuration
        1. Set the name to "localhost"
        2. Select the OpenLDAP radio button
        3. Change the Base DN to "dc=example,dc=org"
        4. Change the Principal to "cn=test,ou=people,dc=example,dc=org"
        5. Change the password to "test"
        6. Click on the "Test LDAP Connection" button
      8. Test the LDAP user import
        1. Click on the "Test LDAP Users" button
      9. Save the configuration
      10. Select the Authentication section and select the LDAP tab
      11. Check the "Enabled" checkbox, the "Required" checkbox, and the "Enable User Password on Import"
      12. Save the configuration, and double-check to make sure the settings took effect
      13. Open a new shell window, and run the following script. If not using the provided OpenLDAP server, update the value for -u accordingly. 
        while true
do
    curl http://localhost:8080/api/jsonws/classname/fetch-class-name -u 'test2@liferay.com:test' -d 'value=com.liferay.portal.kernel.model.User' 2>&1 | grep 'Exception
done
      14. Confirm that the script successfully runs successfully
      15. Open a new shell window, and run the above script again (essentially having two shell windows running the script in parallel)

      Expected Result: No StaleObjectStateExceptions are thrown in the Liferay logs
      Actual Results: StaleObjectStateExceptions are thrown in the Liferay logs

        Attachments

          Issue Links

          causes

          Regression Bug - Used by Liferay QA to indicate an issue discovered during regression testing LPS-116250 Changing password to one that does not meet LDAP's password policy causes the user to be logged out

          • Closed
          fixes

          Bug - A problem which impairs or prevents the functions of the product. LPS-71590 LDAPUserImporter always updates user

          • Closed

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  1 year, 49 weeks, 6 days ago

                  Packages

                  Version Package
                  7.0.0 DXP FP60
                  7.0.0 DXP SP9
                  7.0.X
                  7.1.10 DXP FP3
                  7.1.1 CE GA2
                  7.1.10.1 SP1
                  7.1.X
                  Master