I have configured Liferay to use LDAP server which works fine as long as Import is enabled.
As soon as I switch on Export enabled option,and user tries to login it throws exception.Strangely the user from Liferay is exported to LDAP server.
Caused by: javax.naming.directory.SchemaViolationException: [LDAP:
error code 67 - NOT_ALLOWED_ON_RDN: failed for MessageType :
MODIFY_REQUEST_Message ID : 6_ Modify Request_ Object :
'cn=johndoe+mail=johndoeldap#liferay.com+sn=doe,dc=example,dc=com'_
Modification[0]_ Operation : replace_
Modification_sn: doe Modification1_
Operation : replace_ Modification_sn: doe
Modification2_ Operation : replace_
Modification_givenName: johndoe Modification3_
Operation : replace_ Modification_mail:
johndoeldap#liferay.com Modification[4]_
Operation : replace_ Modification_cn: doe
doeorg.apache.directory.api.ldap.model.message.ModifyRequestImpl#32d7606a:
ERR_62 Entry
cn=johndoe+mail=johndoeldap#liferay.com+sn=doe,dc=example,dc=com does
not have the cn attributeType, which is part of the RDN";]; remaining
name
'cn=johndoe+mail=johndoeldap#liferay.com+sn=doe,dc=example,dc=com'
[Sanitized]
Post configuring LDAP on liferay,I am able to correctly connect to LDAP and view users too.
Below is the user mapping configuration
Below is export and Group mapping config
LDAP config
I got it sorted up by correcting the User field mapping.
While importing,data was imported from LDAP without any exceptions but on the other hand,while exporting the data to LDAP,there was duplicacy in terms of 'cn' attribute being used multiple times for mapping(both for Screen name and Full name),which must have been used uniquely.So even though the user data is exported from liferay,yet this led to SchmenaViolationException and did not allow user to login in to portal.
Related
I have a User with a Customer Community Plus Login User License. I am getting the following error when running some code as this user that inserts a new Account record:
Insert failed. First exception on row 0; first error: CANNOT_INSERT_UPDATE_ACTIVATE_ENTITY, BCH_AccountTrigger: execution of AfterInsert
caused by: System.DmlException: Insert failed. First exception on row 0; first error: CANNOT_INSERT_UPDATE_ACTIVATE_ENTITY, DDH.HC_ProgramEligibility_Trigger: execution of AfterInsert
caused by: DDH.HC_SQuery.SQueryException: Permission Denied: cannot read [Account] object field(s) {PersonBirthdate}
When I do the same as a System Admin, Everything works as expected. How do I give access to PersonBirthdate to this Customer Community Plus Login User via a permission set?
I tried searching the Object Settings for this field and could not find it.
I put a user into an AD group, and after that, i used the below syntax to find if he has been put:
xp_logininfo 'domain\group_name', 'members'
and find the user domain\username is listed.
And then, I checked the user's permission path, using the following statements:
xp_logininfo 'domain\user_name', 'all'
execute as user = 'domain\user_name'
None of them worked, and all showing the error message as:
Msg 15404, Level 16, State 19, Line 12
Could not obtain information about Windows NT group/user 'domain\user_name', error code 0x5.
So what happens when query this user?
The error code 0x5 indicates access denied. Here are some troubleshooting methods.
• Check the user indeed exists in the AD group.
• Check if the service account is not disabled.
• Check if the user has dataread permissions.
In SAP HANA I am trying to call a StoredProcedure with a Table Type as input parameter.
Other Input parameters work just fine. But as soon as I use a Table Type I get the error:
Failed to execute action: InternalError: dberror($.hdb.Connection.executeProcedure): 258 - SQL error, server error code: 258. insufficient privilege: Not authorized at /sapmnt/ld7272/a/HDB/jenkins_prod/workspace/8uyiojyvla/s/ptime/query/checker/query_check.cc:4003
How to fix / debug this?
In the indexserver-trace is:
[19984]{315590}[100/100235487] 2018-08-22 10:07:13.949679 i TraceContext TraceContext.cpp(01028) : UserName=SAPDBCTRL, ApplicationUserName=SM_EFWK, ApplicationName=ABAP:AS2, ApplicationSource=CL_SQL_STATEMENT==============CP:304, Client=010, StatementHash=31c1e1f5ca72868a541d58fc5a77596b, EppRootContextId=0050560204981EE782C14A33A16BC68E, EppTransactionId=47BF1E2CEE9D05A0E005B7CF04FCF981, EppConnectionId=5B7C13CC22061B08E10000000A1807AF, EppConnectionCounter=1, EppComponentName=AS2/sapas2ci_AS2_01, EppAction=EFWK RESOURCE MANAGER
[19984]{315590}[100/100235487] 2018-08-22 10:07:13.949656 w SQLScriptExecuto se_eapi_proxy.cc(00144) : Error <exception 71000258: Not authorized
> in preparation of internal statement: delete from _SYS_STATISTICS.STATISTICS_PROPERTIES where key='internal.check.store_results'
[19984]{315590}[100/100235487] 2018-08-22 10:07:13.949904 e SQLScript trex_llvm.cc(00936) : Llang Runtime Error: Exception::SQLException258: insufficient privilege: Not authorized
at main (line 63) ("_SYS_STATISTICS"."SHARED_STORE_USED_VALUES": line 8 col 5 (at pos 456))
This seems rather straightforward:
The application user (the person using SAP NetWeaver) SM_EFWK logged on in client 010 is trying to delete data from an SAP HANA statistics service table _SYS_STATISTICS.STATISTICS_PROPERTIES.
The NetWeaver/ABAP program uses a secondary database connection with the database user SAPDBCTRL.
The error Exception::SQLException258: insufficient privilege: Not authorized is thrown, because this SAPDBCTRL database user, does not have the privilege to DELETE on this table assigned to it (neither directly, nor via schema or role privilege).
If the SQL command is part of an SAP standard program, then I'd check that the recommended setup has been implemented correctly.
If this command comes from a custom program, you may want to either assign the privilege or use a different technical user as SAPDBCTRL is an SAP standard user that shouldn't be modified.
I am trying to do a username lookup onto my active directory and even when I am using the proper credentials I am still getting this error. I even verified I was able to connect to the ldap but I just can't authenticate to do a lookup.
[LDAP: error code 49 - 8009030C: LdapErr: DSID-0C09042A, comment:
AcceptSecurityContext error, data 2030, v3839]; nested exception is
javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C:
LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data
2030, v3839]
Even tried creating a new user account and that still wont authenticate with it as well.
First off, show how you are doing the bind. (like the code)
Are you sure you have proper permissions?
Generally the respsonse breaks down like: (From what I have discovered)
LDAP: error code 49 - is the standard LDAP Result Code
data 2030 - Usually (when error code 49) this is is an server provided Client Bind Error However I have not seen 2030 in my travels.
Regardless the credentials provided are invalid or some account restriction is preventing a bind to complete.
I would recommend you perform the LDAP bind with some "Known" application. (I like Apache Studio)
I have got below error while sign in the user who is not assign to the webapp. I want to display custom error page instead of this.
An error of type 'access_denied' occurred during the login process: 'xyz121': User account is disabled.
Trace ID: xyz121
Correlation ID: xyz
Timestamp: 2015-05-18 05:51:16