Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-90188

User authenticated by Liferay DB password when LDAP password has changed


    • Type: Bug
    • Status: Closed
    • Resolution: Won't Fix
    • Affects Version/s: 7.0.X, 7.1.X, Master
    • Fix Version/s: None
    • Labels:


      User login in with the portal user (old password) when user exists in LDAP Server but authentication fails.

      Steps to reproduce this behavior:

      1. Enable LDAP authentication with:
        1. Enable user import.
        2. Disable 'required' LDAP authentication.
      2. Create an user in LDAP and login in portal. (After that, user will be exist in Liferay database and LDAP).
      3. Change user password in LDAP. (After that, LDAP has a different password than Liferay database).
      4. Change user password in LDAP again. (Microsoft Active Directory lets use old password for some time if you do not change password cache).
      5. Log in portal with this user but with old password (Liferay database password).

      Current behavior
      User will be authenticated with success because, although LDAP password fails, portal will try to authenticate with database.

      Expected behavior
      In this use case, user shouldn't be authenticated because password in LDAP is different.





            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created:
                Days since last comment:
                1 year, 30 weeks, 1 day ago


                Version Package