Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-90188

User authenticated by Liferay DB password when LDAP password has changed

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Resolution: Won't Fix
    • 7.0.X, 7.1.X, Master
    • None
    • Application Security > LDAP

    Description

      User login in with the portal user (old password) when user exists in LDAP Server but authentication fails.

      Steps to reproduce this behavior:

      1. Enable LDAP authentication with:
        1. Enable user import.
        2. Disable 'required' LDAP authentication.
      2. Create an user in LDAP and login in portal. (After that, user will be exist in Liferay database and LDAP).
      3. Change user password in LDAP. (After that, LDAP has a different password than Liferay database).
      4. Change user password in LDAP again. (Microsoft Active Directory lets use old password for some time if you do not change password cache).
      5. Log in portal with this user but with old password (Liferay database password).

      Current behavior
      User will be authenticated with success because, although LDAP password fails, portal will try to authenticate with database.

      Expected behavior
      In this use case, user shouldn't be authenticated because password in LDAP is different.

       

      Attachments

        Activity

          People

            josemaria.munoz José María Muñoz
            josemaria.munoz José María Muñoz
            Kiyoshi Lee Kiyoshi Lee
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              4 years, 13 weeks, 6 days ago

              Packages

                Version Package