I have this problem:
I have enabled Liferay to import and export users from/to OpenLDAP server.
When I create a user in Liferay I obtain this page:
So, I have create a new user and Liferay has assigned to it a password (3zbPk6KA).
But.. if I try to login with new user (and generated password) I obtain the error message of incorrect credentials. In LDAP server I can see the new account but, the corresponding password seems to be different from that generated by Liferay..
In Java console i read this warning:
14:20:15,882 WARN [http-bio-8080-exec-6][LDAPAuth:208] Passwords do not match for userDN cn=myUser,ou=users,dc=myProject,dc=com
Some suggestions?
Had this problem too. what's your value for Ldap password policy and what's your liferay version ?
I think you have 2 options :
Disable Ldap password policy, and if your Liferay version has no bug on exporting new user's autogenerated passwords, Your scenario is supposed to work. Else, you'll have to create a patch/hook that sends that password to LDAP
Enable LDAP password policy, setup a fixed default LDAP password, and hook the login process, so that you inform the new registered user (Screen Message + validation email) on her initial password. Note that there's still a security issue here, because of the fixed password, as someone could create accounts for other users if he knows their e-mails and tries to register before them.
You have to unmark "required" in controlpanel→portal→configuration→autenticathion→LDAP to di
I don't know why that specific scenario doesn't work. I have used Liferay 6.1 and know there are a number of bugs with the LDAP function of version 6.1. The problem that I faced was that checking "Use LDAP Password Policy" resulted in a user being created without a password.
However, if your password is being created in Liferay, you can turn off the export in Liferay LDAP wizard and programmatically export users through a hook using Java LDAP look up. I had to do it and it fixed a number of similar issues for me.
The link is a below
http://abhirampal.com/2014/12/20/liferay-ldap-export-to-active-directory-disabled-user-bug/
Related
I am working om using Auth0 has authentication for services. I have the following problem. I have created a user but when I try to make a request with that user I get the following error.
Authorization server not configured with default connection
I have researched this and found I need to Configure the tenant
The Resource Owner Password Flow relies on a connection that is capable of authenticating users by username and password, so you must set the default connection for the tenant.
Go to Auth0 Dashboard > Tenant Settings, and scroll down to locate the Default Directory setting.
Enter the name of the connection you would like to use. Make sure it is capable of authenticating users by username and password.
But I have on idea what they mean by Default Directory. Is that the name of the Auth0 application I generated, since that is the service, that is supposed to authenticate users by username and password.
I have generated a SpringBoot app from the auth0 console. is that what they mean by connection.
Follow these steps.
Navigate to your dashboard - manage.auth0.com/dashboard
On the left menu, click on Setting
Scroll down to "API Authorization Settings"
Enter Username-Password-Authentication in the "Default Directory" input
Hit save - It typically takes about 30secs for changes to take effect
In Default Directory put Username-Password-Authentication
My auth0 was configured with a custom database, and when I was trying to get tokens using the Resource Owner Password API, I had the same issue Authorization server not configured with default connection .
The solution to this issue was:
Set the grant_type to http://auth0.com/oauth/grant-type/password-realm
Set the realm to the name of the custom database
For anyone else stumbling upon this question, you can also use the Realm property to define a specific Database connection instead of setting up a default one.
I'm using WSO2 API Manager version 1.10.0.
i can't update API on Publisher portal after super admin password changed.
when I click "Next:Manage>" button, page has unlimited loading.
and publisher log print below.
ERROR APIProviderHostObject Login failed.Please recheck the username and password and try again..
after super admin password changed in carbon consol, i also change password property in user-mgt.xml (./repository/conf/user-mgt.xml)
but symptoms continue to appear.
How should I solve it?
There are a lot of places where this password is used. Grep for 'admin' inside conf directory to find them all.
I have configured liferay to authenticated to OpenLdap. Cas, import and export is activated.
User create from OpenLdap can authenticate to portal, also is imported into Liferay. It seems importing process is ok.
When user try to modify an attribute other than password the data is modified on OpenLdap.
The problem is when user try to modify their password. Liferay ask for current pass and the new one. It get a error saying credentials an incorrect.
If i try to modify the password of the user with a administrator user, Liferay only ask for the new password. After that, the user with de password changed by de admin user can log in with the new password. So, it seems password is modified correctly on OpenLdap. If user, try to modify again the password, Liferay say that everything was ok, but the user cannot autenticate with the new passord, only with old password.
After that if I try to change de password again with admin user, Liferay say that everthing was ok but the user now cannot authenticate with new password.
I'm using Liferay 6.2 ce.
I have modified :
ldap.auth.method=password-compare
ldap.auth.password.encryption.algorithm=SHA
ldap.auth.method=bind
on portal-setup-wizard.propertiesenter code here
Any Idea?
Thanks very much in advance.
with several values without success.
Compare is not a best practice for LDAP in general.
"Bind is preferred by most vendors so that you don't have to worry about encryption strategies."
Also there appears to be a bug in LifeRay that may affect your version.
I'm trying to use wso2 APPM (vers 1.10.0) with an external ldap as authentication without real success.
I'll try to be as factual as possible to let it be testable:
I've unzip the wso2appm zip file under linux
I've setup the java_home var
I've start the wso2server.sh ==> no problem displayed in the log, at this step I must precise I'm using the default database of wso2.
Then logging to carbon gui, and adding a new userstore management setting up to a read-only external ldap.
after few seconds, the ldap users appears in the user list.
then selecting me in the list and adding the internal/store role.
opening the store url, and trying to login with the login / password of my user
Then having a message to inform me that the user has not the store profile.
If I log into carbon with my ldap user, it's working.
The same use case with the API looks fine to log into the store.
Any fix or ideas are welcome.
BR,
jfv
By the looks of it I suspect your issue is, the privileges are not set correctly for your ldap user store roles. Please make sure that you have assigned the internal/subscriber role to the relevant user in your permission tree. You can find more details about this at JIRA ticket [1]
[1] https://wso2.org/jira/browse/APPM-279
Cheers,
Pubudu
Hi and thank your for your answer,
first: I've checked this morning the solution you've proposed, and there is no change.
In a second time, I've tryied to add all privileges without more success
but if I create a new user manually, this one can login.
The following error in the log are shown when I try to login with an ldap user.
[2016-05-09 07:48:54,272] INFO - ReadOnlyLDAPUserStoreManager LDAP connection created successfully in read-only mode
[2016-05-09 07:48:54,283] INFO - UserStoreDeploymentManager Realm configuration of tenant:-1234 modified with /opt/wso2appm/repository/deployment/server/userstores/orange_com.xml
[2016-05-09 07:50:18,187] WARN - CarbonAuthenticationUtil Failed Administrator login attempt 'admin[-1234]' at [2016-05-09 07:50:18,187+0200]
[2016-05-09 07:50:18,189] WARN - AuthenticationHandler Illegal access attempt at [2016-05-09 07:50:18,0188] from IP address 10.199.210.37 while trying to authenticate access to service RemoteAuthorizationManagerService
[2016-05-09 07:50:18,189] ERROR - AUDIT_LOG Illegal access attempt at [2016-05-09 07:50:18,0188] from IP address 10.199.210.37 while trying to authenticate access to service RemoteAuthorizationManagerService
[2016-05-09 07:50:18,221] WARN - acs:jag User jaav7491 does not have permission to access the store application. Make sure the user has the store role.
the login is "jaav7491"
Thank you for your ideas,
BR,
jfv
I have a question about Liferay.
I have configuate my system with Liferay + Jasig CAS Authentication and OpenLDAP.
I can authenticate my user correctly and I can import user account from LDAP (Ldap import).
I have also configurate the user export to OpenLDAP..so, now I can export an account when this will be create.
Infact I can see this new account in my OpenLDAP server.
When Liferay create a new account it generate a random password for this new account (for example 4hdsdsh) and the user receive an e-mail after the registration.
The problem is: I my OpenLDAP server this password does not seem to be equal to the one just generated by Liferay..
So, the new user will never be able to authenticate into my Liferay (because I use CAS + LDAP).
I also found a funny/strange thing: If I modify this new password in Liferay (using an administrator account) I see this password correctly into my OpenLDAP server and so, the user can finally log into my Liferay..
I am not sure but it seems while user registration it is just exporting the fields entered by user in registration screen and since the password is auto generated after registration, it is not exported to LDAP and might be blank till User has not updated his password by Logging in.
You can debug this class PortalLDAPExporterImpl.Java and also watch user detail in LDAP via jxplorer whats the password & user status as well. If password is blank you could extend class and your logic to pass auto generated or default password for first time case.
This is a bug of Liferay:
See following issue: https://issues.liferay.com/browse/LPS-43045