Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-95871

LDAP groups are not getting imported if the user has a comma in its name

    Details

      Description

      Reproduction steps:

      • Installed Liferay DXP 7.1 Fix Pack 8
      • Connected an LDAP server to the portal (Apache Directory Studio)
      • Created a user in LDAP with CN pattern {name}, {given name}
      • Created a user group in LDAP and assigned the previously created user to it
      • In the resulting user DN the "," of the CN is escaped with a backslash
      • While trying to log in with this user, an error is thrown in the log:
      2019-05-14 10:41:26.304 ERROR [http-nio-8080-exec-10][LDAPAuth:427] Problem accessing LDAP server
      com.liferay.portal.kernel.exception.UserScreenNameException$MustValidate: Screen name duck, dagobert for user 34001 must validate with com.liferay.portal.kernel.security.auth.DefaultScreenNameValidator: The screen name cannot be an email address or a reserved word, such as postfix. It must contain only alphanumeric or the following special characters: -._.
              at com.liferay.portal.service.impl.UserLocalServiceImpl.validateScreenName(UserLocalServiceImpl.java:6917)
              at com.liferay.portal.service.impl.UserLocalServiceImpl.validate(UserLocalServiceImpl.java:6694)
              at com.liferay.portal.service.impl.UserLocalServiceImpl.updateUser(UserLocalServiceImpl.java:5253)
      
      

      When the space between {name}, {given name} is removed from CN in Apache Directory Studio and the following property in portal-ext is set, the user gets logged in, but the user group still does not get imported, and another error is thrown in the log:

      users.screen.name.special.characters=-.,_

      2019-05-14 10:52:06.108 ERROR [http-nio-8080-exec-7][LDAPAuth:427] Problem accessing LDAP server
      javax.naming.NamingException: [LDAP: error code 33 - ALIAS_PROBLEM: failed for MessageType : SEARCH_REQUEST_Message ID : 4_    SearchRequest_        baseDn : 'dc=example,dc=com'_        filter : '(&(objectClass=groupOfUniqueNames)(uniqueMember=cn=Duck\5C\5C,Dagobert,dc=example,dc=com))'_        scope : whole subtree_        typesOnly : false_        Size Limit : no limit_        Time Limit : no limit_        Deref Aliases : deref Always_        attributes : 'cn'_org.apache.directory.api.ldap.model.message.SearchRequestImpl@20453c12    Paged Search Control_        oid : 1.2.840.113556.1.4.319_        critical : true_        size   : '1000'_        cookie   : ''_: java.lang.IllegalArgumentException: ERR_13247_INVALID_VALUE_CANT_NORMALIZE Invalid upValue, it cant be normalized]; remaining name 'dc=example,dc=com' [Sanitized]
              at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3134)
              at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
              at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)
              at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
              at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
              at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
              at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
              at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
              at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
              at com.liferay.portal.security.ldap.internal.DefaultPortalLDAP.searchLDAP(DefaultPortalLDAP.java:982)
              at com.liferay.portal.security.ldap.internal.exportimport.LDAPUserImporterImpl.importGroups(LDAPUserImporterImpl.java:987)
              at com.liferay.portal.security.ldap.internal.exportimport.LDAPUserImporterImpl.importUser(LDAPUserImporterImpl.java:154)
              at com.liferay.portal.security.ldap.internal.authenticator.LDAPAuth.authenticate(LDAPAuth.java:360)
              at com.liferay.portal.security.ldap.internal.authenticator.LDAPAuth.authenticateAgainstPreferredLDAPServer(LDAPAuth.java:546)
              at com.liferay.portal.security.ldap.internal.authenticator.LDAPAuth.authenticate(LDAPAuth.java:465)
              at com.liferay.portal.security.ldap.internal.authenticator.LDAPAuth.authenticateByEmailAddress(LDAPAuth.java:95)
              at com.liferay.portal.security.auth.AuthPipeline._authenticate(AuthPipeline.java:146)
              at com.liferay.portal.security.auth.AuthPipeline.authenticateByEmailAddress(AuthPipeline.java:39)
              at com.liferay.portal.service.impl.UserLocalServiceImpl.authenticate(UserLocalServiceImpl.java:5656)
              at com.liferay.portal.service.impl.UserLocalServiceImpl.authenticateByEmailAddress(UserLocalServiceImpl.java:1273)
      

      Actual result: User does not get logged in on 7.1, and the User group is not imported either
      Expected result: User is logged in, User group gets imported without error in the log

      This error does not come in 7.0

      Reproduced on:
      7.1.x 4714ffc192a1cef2d6cf3b117a3aa5371d5c47bd
      Master 14fd10c10abf2d002dc1a90c74ea59a480514b52

        Attachments

          Activity

            People

            • Assignee:
              brian.lee Brian Lee
              Reporter:
              norbert.kocsis Norbert Kocsis
              Participants of an Issue:
              Recent user:
              Enterprise Release HU
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                11 weeks, 1 day ago

                Packages

                Version Package
                7.0.0 DXP FP84
                7.0.X
                7.1.X
                7.2.X
                Master