Liferay LDAP Auth not working as expected

1
votes

I am using Liferay 6.1 CE and I have the following issue related to the below blog

Ref: http://www.liferay.com/web/jonas.yuan/blog/-/blogs/6583930

I am trying to do LDAP auth and I am not supposed to import ldap user password and I would also like to use only ldap as auth source and not do liferay auth for second time.

These are my settings in portal-ext.properties:

ldap.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.referral=follow
ldap.base.provider.url=ldap://localhost:10389
ldap.base.dn=dc=example,dc=com
ldap.security.principal=uid=admin,ou=system
ldap.security.credentials=secret

auth.pipeline.enable.liferay.check=false

ldap.auth.enabled=true
ldap.auth.required=true
ldap.auth.method=bind

ldap.import.enabled=false
ldap.import.on.startup=false
ldap.import.interval=10
ldap.export.enabled=false
ldap.export.group.enabled=false

ldap.auth.search.filter=(mail=@email_address@)

ldap.user.mappings=screenName=cn\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn
ldap.user.custom.mappings=screenName=cn\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn
ldap.group.mappings=groupName=cn\ndescription=description\nuser=uniqueMember

ldap.import.user.search.filter=(objectClass=inetOrgPerson)
ldap.import.group.search.filter=(objectClass=groupOfUniqueNames)

ldap.password.policy.enabled=false
ldap.import.user.password.enabled=false
ldap.import.user.password.autogenerated=false
ldap.import.user.password.default=test

What is happening is , if I keep auth.pipeline.enable.liferay.check=false, then I am not able to login even using [email protected] user since he is not in ldap (others users also not able to login due to reason given in question 1 below). If I enable the property then the liferay does second validation after ldap and it fails since the password in ldap is different from the local dummy password(test) due to password not import setting.

Also, i have 2 separate questions.

  1. When I load ldap props using this property file, then I can see it in the portalproperties table only after the test user logs in for the first time and goes to control panel (ldap page). If I don do this none of the other users able to do ldap auth (since the props file is not loaded to that portalproperties table)

  2. Is there a way in liferay so that I can do only ldap auth and not create an liferay user

1
javaldapliferay-6apacheds
2. No, liferay need user-entity to operate with it. But you can automaticly delete the user after logout, or before login.Mark

1 Answers

0
votes

Almost two years late!! But in case that any other people find this thread, Liferay always passes the Auth Pipeline and , if passed, always checks the password again against its database unless

auth.pipeline.enable.liferay.check=false

In portal.properties . In that case, independently of the password stored in Liferay User_ table, the password would be checked only against the LDAP.

Sorry for being two years late!!