Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-90188

User authenticated by Liferay DB password when LDAP password has changed

    Details

    • Type: Bug
    • Status: Closed
    • Resolution: Won't Fix
    • Affects Version/s: 7.0.X, 7.1.X, Master
    • Fix Version/s: None
    • Labels:

      Description

      User login in with the portal user (old password) when user exists in LDAP Server but authentication fails.

      Steps to reproduce this behavior:

      1. Enable LDAP authentication with:
        1. Enable user import.
        2. Disable 'required' LDAP authentication.
      2. Create an user in LDAP and login in portal. (After that, user will be exist in Liferay database and LDAP).
      3. Change user password in LDAP. (After that, LDAP has a different password than Liferay database).
      4. Change user password in LDAP again. (Microsoft Active Directory lets use old password for some time if you do not change password cache).
      5. Log in portal with this user but with old password (Liferay database password).

      Current behavior
      User will be authenticated with success because, although LDAP password fails, portal will try to authenticate with database.

      Expected behavior
      In this use case, user shouldn't be authenticated because password in LDAP is different.

       

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                32 weeks ago

                Packages

                Version Package