I need to call LDAP to see if the user exists.
The registration of the account will be enabled only for screenName that are present on LDAP.
I have configured LDAP correctly on Liferay but I do not have to enable importing from LDAP.
Which class and method should I use just to check if the screenName exists on LDAP?
Thank you for your help
you can do this replacing default Screen Name Validator, overwriting the next property at portal-ext.properties
users.screen.name.validator=com.liferay.portal.security.auth.DefaultScreenNameValidator
Put your [package].[class] here. Please, check the following link, can guide you:
https://github.com/liferay/liferay-portal/blob/master/portal-service/src/com/liferay/portal/security/auth/DefaultScreenNameValidator.java
At the end, you only need to implement the ScreenNameValidator interface
Cheers!
Related
in freeradius ldap-module it exist an Expiration attribute which I can map to an LDAP attribute, but in which format? The Documentation is not clear. I've the following LDAP attributes, which one works?
sambaKickoffTime: 1580252400
krb5ValidEnd: 20200129000000Z
shadowExpire: 18290
thanks in advance
You're probably looking for implementing a password policy with password expiration. Since you've tagged your question with [openldap] you should look into man-page slapo-ppolicy(5) - especially how to use attribute pwdMaxAge.
If you've implemented this in your OpenLDAP server there is no need to configure anything in FreeRADIUS.
I can't login with my user administrator "admin" and I can't reset the password
I try to reset the password in Postgresql data base with this comande
UPDATE alf_node_properties SET string_value='f59601091e5cbb1dcf28bbb15a30c50b' WHERE node_id=4 and qname_id=12;
but don't resolve the problème !!!
Are you using the correct Alfresco's reset password method ?
Things have changed since Alfresco 5.1, you might be doing it the wrong way.
You globally have three ways to do it :
Set a user with a known password as admin :
in alfresco-global.properties set the alfresco_user_store.adminusername=username property
Configure the authentication component to accept all logins using org.alfresco.repo.security.authentication.SimpleAcceptOrRejectAllAuthenticationComponentImpl
Change the admin password in the DB (By following the correct alfresco's version instructions)
I've just installed Testlink and am trying to get familiar with it.
I've even managed to configure authentication using LDAP (Microsoft AD).
But strangely, as soon as I set LDAP as default authentication method, my local test users cannot log on anymore.
If I change back to DB authentication as default auth method, my LDAP users cannot log in anymore.
I've the following set in the configuration file:
$tlCfg->authentication['domain'] = array('DB','LDAP');
$tlCfg->authentication['method'] = 'LDAP';
It seems as if both authentication modes are enabled and LDAP is used as the default.
When editing the user settings of a user, I have a dropdown box named "Authentication method"
It has three entries. One is "Default", the other is "0" and the third is "1".
This led me to the assumption, that I can select the type of authentication used for this account.
But strangely, regardless of which option I choose, the behavior is identical to what I mentioned above.
Is anyone experienced in Testlink?
Does anyone use two authentication modes in parallel with Testlink?
Did anyone see the same issue before? What did you do to solve this issue?
Thanks for your help in advance!
Best regards,
Tom
You can use testlink DB authentication as well as LDAP authentication. You have to set this option when you create user
Dropdown box named "Authentication method" has three entries. One is "Default (LDAP)", the other is "DB" and the third is "LDAP". If you see different options then something is messed up with your TestLink installation. I'm using v1.9.14 on MySQL.
I have to import users from two different base dn. My Users lie in following structures
ou=users,ou=dev,dc=abc,dc=net
ou=users,ou=qa, dc=abc,dc=net
Rest of the properties like base.provider.url and security credentials are same for both. What is the correct way to import and authenticate users from both the above DNs in Liferay.
Right now i have provided properties like this in portal-ext.properties
ldap.base.provider.url.0=ldap://localhost:10389
ldap.base.dn.0=ou=users,ou=dev,dc=abc,dc=net
ldap.security.principal.0=username
ldap.security.credentials.0=password
ldap.base.provider.url.1=ldap://localhost:10389
ldap.base.dn.1=ou=users,ou=qa,dc=abc,dc=net
ldap.security.principal.1=username
ldap.security.credentials.1=password
Is it the correct way of importing and authenticating in my scenario. It seems to work intermittently. That is sometimes user is authenticated against ldap and sometimes it is not. I have not changed any settings from Control Panel.
Please have a look into following link it may help you..
Instead of using portal-ext.properties file use Admin Control panel to configure LDAP.
http://www.liferaysavvy.com/2013/10/liferay-ldap-integration_8.html
I have this problem:
I have enabled Liferay to import and export users from/to OpenLDAP server.
When I create a user in Liferay I obtain this page:
So, I have create a new user and Liferay has assigned to it a password (3zbPk6KA).
But.. if I try to login with new user (and generated password) I obtain the error message of incorrect credentials. In LDAP server I can see the new account but, the corresponding password seems to be different from that generated by Liferay..
In Java console i read this warning:
14:20:15,882 WARN [http-bio-8080-exec-6][LDAPAuth:208] Passwords do not match for userDN cn=myUser,ou=users,dc=myProject,dc=com
Some suggestions?
Had this problem too. what's your value for Ldap password policy and what's your liferay version ?
I think you have 2 options :
Disable Ldap password policy, and if your Liferay version has no bug on exporting new user's autogenerated passwords, Your scenario is supposed to work. Else, you'll have to create a patch/hook that sends that password to LDAP
Enable LDAP password policy, setup a fixed default LDAP password, and hook the login process, so that you inform the new registered user (Screen Message + validation email) on her initial password. Note that there's still a security issue here, because of the fixed password, as someone could create accounts for other users if he knows their e-mails and tries to register before them.
You have to unmark "required" in controlpanel→portal→configuration→autenticathion→LDAP to di
I don't know why that specific scenario doesn't work. I have used Liferay 6.1 and know there are a number of bugs with the LDAP function of version 6.1. The problem that I faced was that checking "Use LDAP Password Policy" resulted in a user being created without a password.
However, if your password is being created in Liferay, you can turn off the export in Liferay LDAP wizard and programmatically export users through a hook using Java LDAP look up. I had to do it and it fixed a number of similar issues for me.
The link is a below
http://abhirampal.com/2014/12/20/liferay-ldap-export-to-active-directory-disabled-user-bug/