LDAP configuration with Liferay portal not working

0
votes

I need to configure Liferay with organization LDAP.

My requirement is to import users on demand( on login) to Liferay database.

When I try to login by using screen name which is mapped to sAMAccountNumber in LDAP, I get

authentication failure error

I do not see any users imported in db too.

After a lot of debugging it looks life LDAP connection is done successfully. But no results are returned from LDAP.

I am seeing something like this in the logs .

Search filter before transformation (sAMAccountName=@screen_name‌​@)
Search filter after transformation (sAMAccountName=@screen_name‌​@)

I am not sure why its appending junk characters at the end .

It should just be

"sAMAccountName=@screen_name@ "

Any quick pointers would really help.

Thanks!

1
javaliferayliferay-6
ldap.security.principal.0=domainname/myusername feels incorrect. RDN (relative DN) is expected here (relative to ldap.base.dn). Check github.com/liferay/liferay-portal/blob/master/portal-impl/src/… .Pavel Horal
@Pavel Horal Thanks for reply!I made changes you suggested as below ldap.security.principal.0=CN=my name,OU=Users,OU=MyLocation,OU=MyCity,OU=MyCountry,OU=Myregion,OU=Mycompany,DC=companydomain,DC=com I fetched this value from LDAP server using Jxplorer i.e. value of distinguishedname field in there.Restarted tomcat and tried login by username,which is mapped to sAMAccountName in portal.ext. Exception I am getting now is "com.liferay.portal.NoSuchUserException: No User exists with the key {companyId=10157, screenName=username}".Mani
@Pavel Horal ,I tried with proncipal value as "CN=my name,OU=Users,OU=MyLocation,OU=MyCity,OU=MyCountry,OU=Myregion,OU=Mycompany". Did server restart. I am getting new exception as: Failed to bind to the LDAP server javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1_] [Sanitized] is there anything else I am missing? Thanks.Mani
@Pavel Horal ,after doing some more analysis on the method in liferay source ,I found that what it seem to be doing is only making a call to liferay DB and check whether correopsnding screen name is present. I do not see my user imported in DB yet. I am nor sure at what point does the import of users actually happens in liferay DB and why its checking in DB even before import .So in this case import not happening looks be an issue.What do you suggest?Mani
@Pavel Horal ,As per liferay documentation ,enabling this attribute would do the mass import of all the users from LDAP. As the LDAP I am dealing with organization LDAP ,there are very large no of users.I want to do the LDAP user import on demand i.e. only when user logs in. <link>liferay.com/community/wiki/-/wiki/Main/LDAP </link>Mani

1 Answers

1
votes

After lot of debugging and server restarts finally I got to know the issue. Hope it helps somebody else.

As shown in my question there were some junk characters getting appended to authentication search filter ,this was the reason it was not replacing the SAMAccountNamr with actual value I entered on login screen.

This Junk characters were not visible in the text editor I was using and hence not visible to the human eye.

It was only when I changed my text editor encoding to ANSI ,I was able to see these junk characters . I really have no knowledge on how character encoding work ,I tried it just thinking whether text editor is hiding something. I had copied this string from one of the tutorial i.e. web page and might be a reason these junk characters got appended.

After removing them everything was all fine.Thanks Pavel for your suggestions in the debugging process.