从ldap服务器导入的liferay用户的身份验证失败
根据我的要求,我需要使用从ldap服务器导入的用户登录liferay从ldap服务器导入的liferay用户的身份验证失败,ldap,liferay,liferay-6,liferay-ide,Ldap,Liferay,Liferay 6,Liferay Ide,根据我的要求,我需要使用从ldap服务器导入的用户登录liferay 1)I have some java code to create a user into Ldap server(name,firstname,password etc) 2)User has been created successfully in ldap server 3)I gave some properties in portal-ext.properties files to import these use
1)I have some java code to create a user into Ldap server(name,firstname,password etc)
2)User has been created successfully in ldap server
3)I gave some properties in portal-ext.properties files to import these users from ldap server to liferay and to login using the screen name
4)From the control panel i could see that the user has been imported to liferay
5)Now if i try to login with the screenname and the password (password i passed in step1)it shows authentication failed
6)I Logged into liferay as administrator and changed the password of the user
7)Now the login is successfull
1) How can i properly import the password from ldap server to liferay.
2)Any idea why the password i gave shows authentication failure
#jdbc.default.jndi.name=jdbc/LiferayPool
jdbc.default.driverClassName=com.mysql.jdbc.Driver
jdbc.default.url=jdbc:mysql://localhost/lportal?useUnicode=true&characterEncoding=UTF-8&useFastDateParsing=false
jdbc.default.username=root
jdbc.default.password=root
json.service.auth.token.hosts.allowed=127.0.0.1
json.service.auth.token.enabled=false
jsonws.web.service.public.methods=*
jsonws.servlet.hosts.allowed=127.0.0.1
users.screen.name.validator=com.liferay.portal.security.auth.LiberalScreenNameValidator
#users.screen.name.allow.numeric=true
#users.screen.name.validator=com.liferay.portal.security.auth.DefaultScreenNameValidator
ldap.base.provider.url= ldap://localhost:389
ldap.base.dn= dc=soas,dc=schoolx
ldap.security.principal= cn=admin
ldap.security.credentials= blahblah
auth.pipeline.pre=com.liferay.portal.security.auth.LDAPAuth
ldap.auth.enabled=true
ldap.auth.required=false
ldap.password.policy.enabled=true
ldap.users.dn= dc=soas,dc=schoolx
ldap.groups.dn= dc=soas,dc=schoolx
ldap.import.enabled=true
ldap.import.interval=1
ldap.import.on.startup=true
ldap.import.method=group
ldap.import.group.search.filter.enabled=true
#ldap.import.group.cache.enabled=false
users.screen.name.allow.numeric=true
#ldap.auth.method=bind
#ldap.auth.password.encryption.algorithm=
#passwords.encrypted=
ldap.user.mappings=screenName=uid\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn
#ldap.user.mappings=screenName=displayName\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn
#ldap.user.impl=com.liferay.portal.security.ldap.LDAPUser
ldap.group.mappings=groupName=cn\ndescription=description\nuser=member
ldap.import.user.search.filter=(objectClass=inetOrgPerson)
ldap.import.group.search.filter=(objectClass=groupOfEntries)
#ldap.auth.search.filter=(mail=@email_address@)
ldap.auth.search.filter=(cn=@screen_name@)
ldap.import.user.password.enabled=true
#ldap.import.create.role.per.group=true
axis.servlet.hosts.allowed=
axis.servlet.https.required=false
#company.security.auth.type=emailAddress
company.security.auth.type=screenName
search.container.show.pagination.top=false
setup.wizard.enabled=false
passwords.default.policy.change.required=false
# LDAP id 1 is for open LDAP instance
ldap.server.ids=1
ldap.referral.1=follow
ldap.factory.initial.1=com.sun.jndi.ldap.LdapCtxFactory
ldap.server.name.1=ldaptest-internal
ldap.base.provider.url.1=ldap://<host>:<port>
ldap.base.dn.1=dc=example,dc=com
ldap.security.principal.1=cn=Manager,dc=example,dc=com
ldap.security.credentials.1=seacret
ldap.auth.search.filter.1=(mail=@email_address@)
# EXPORT RELATED PROPERTY
ldap.user.default.object.classes.1=top,person,organizationalPerson,inetOrgPerson
#User mappings
#
ldap.user.mappings.1=screenName=uid\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn\ngroup=groupMembership\nfullName=cn
# EXPORT RELATED PROPERTY
ldap.group.default.object.classes.1=top,groupOfUniqueNames
# Group mappings
#
ldap.group.mappings.1=groupName=cn\ndescription=description\nuser=uniqueMember
# Import and export search filter
#
ldap.import.user.search.filter.1=(objectClass=inetOrgPerson)
ldap.import.group.search.filter.1=(objectClass=groupOfUniqueNames)
# EXPORT RELATED PROPERTY
ldap.users.dn.1=dc=example,dc=com
# EXPORT RELATED PROPERTY
ldap.groups.dn.1=dc=example,dc=com
auth.pipeline.pre.1=com.liferay.portal.security.auth.LDAPAuth
ldap.import.method.1=user
ldap.import.enabled=true
ldap.import.on.startup=true
ldap.auth.enabled=true
ldap.auth.required=true
ldap.password.policy.enabled=true
我将Liferay 6.2 GA2 bundble与Tomcat 7和OpenDJ-2.5.0-Xpress结合使用。有人能帮我解决这个问题吗可能有某些可能性:
尝试在您的portal-ext.properties中使用以下LDAP属性
#jdbc.default.jndi.name=jdbc/LiferayPool
jdbc.default.driverClassName=com.mysql.jdbc.Driver
jdbc.default.url=jdbc:mysql://localhost/lportal?useUnicode=true&characterEncoding=UTF-8&useFastDateParsing=false
jdbc.default.username=root
jdbc.default.password=root
json.service.auth.token.hosts.allowed=127.0.0.1
json.service.auth.token.enabled=false
jsonws.web.service.public.methods=*
jsonws.servlet.hosts.allowed=127.0.0.1
users.screen.name.validator=com.liferay.portal.security.auth.LiberalScreenNameValidator
#users.screen.name.allow.numeric=true
#users.screen.name.validator=com.liferay.portal.security.auth.DefaultScreenNameValidator
ldap.base.provider.url= ldap://localhost:389
ldap.base.dn= dc=soas,dc=schoolx
ldap.security.principal= cn=admin
ldap.security.credentials= blahblah
auth.pipeline.pre=com.liferay.portal.security.auth.LDAPAuth
ldap.auth.enabled=true
ldap.auth.required=false
ldap.password.policy.enabled=true
ldap.users.dn= dc=soas,dc=schoolx
ldap.groups.dn= dc=soas,dc=schoolx
ldap.import.enabled=true
ldap.import.interval=1
ldap.import.on.startup=true
ldap.import.method=group
ldap.import.group.search.filter.enabled=true
#ldap.import.group.cache.enabled=false
users.screen.name.allow.numeric=true
#ldap.auth.method=bind
#ldap.auth.password.encryption.algorithm=
#passwords.encrypted=
ldap.user.mappings=screenName=uid\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn
#ldap.user.mappings=screenName=displayName\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn
#ldap.user.impl=com.liferay.portal.security.ldap.LDAPUser
ldap.group.mappings=groupName=cn\ndescription=description\nuser=member
ldap.import.user.search.filter=(objectClass=inetOrgPerson)
ldap.import.group.search.filter=(objectClass=groupOfEntries)
#ldap.auth.search.filter=(mail=@email_address@)
ldap.auth.search.filter=(cn=@screen_name@)
ldap.import.user.password.enabled=true
#ldap.import.create.role.per.group=true
axis.servlet.hosts.allowed=
axis.servlet.https.required=false
#company.security.auth.type=emailAddress
company.security.auth.type=screenName
search.container.show.pagination.top=false
setup.wizard.enabled=false
passwords.default.policy.change.required=false
# LDAP id 1 is for open LDAP instance
ldap.server.ids=1
ldap.referral.1=follow
ldap.factory.initial.1=com.sun.jndi.ldap.LdapCtxFactory
ldap.server.name.1=ldaptest-internal
ldap.base.provider.url.1=ldap://<host>:<port>
ldap.base.dn.1=dc=example,dc=com
ldap.security.principal.1=cn=Manager,dc=example,dc=com
ldap.security.credentials.1=seacret
ldap.auth.search.filter.1=(mail=@email_address@)
# EXPORT RELATED PROPERTY
ldap.user.default.object.classes.1=top,person,organizationalPerson,inetOrgPerson
#User mappings
#
ldap.user.mappings.1=screenName=uid\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn\ngroup=groupMembership\nfullName=cn
# EXPORT RELATED PROPERTY
ldap.group.default.object.classes.1=top,groupOfUniqueNames
# Group mappings
#
ldap.group.mappings.1=groupName=cn\ndescription=description\nuser=uniqueMember
# Import and export search filter
#
ldap.import.user.search.filter.1=(objectClass=inetOrgPerson)
ldap.import.group.search.filter.1=(objectClass=groupOfUniqueNames)
# EXPORT RELATED PROPERTY
ldap.users.dn.1=dc=example,dc=com
# EXPORT RELATED PROPERTY
ldap.groups.dn.1=dc=example,dc=com
auth.pipeline.pre.1=com.liferay.portal.security.auth.LDAPAuth
ldap.import.method.1=user
ldap.import.enabled=true
ldap.import.on.startup=true
ldap.auth.enabled=true
ldap.auth.required=true
ldap.password.policy.enabled=true
#LDAP id 1用于打开的LDAP实例
ldap.server.ids=1
ldap.reference.1=follow
ldap.factory.initial.1=com.sun.jndi.ldap.LdapCtxFactory
ldap.server.name.1=ldaptest-internal
ldap.base.provider.url.1=ldap://:
ldap.base.dn.1=dc=example,dc=com
ldap.security.principal.1=cn=Manager,dc=example,dc=com
ldap.security.credentials.1=seacret
ldap.auth.search.filter.1=(mail=@email\u address@)
#出口相关财产
ldap.user.default.object.classes.1=top、person、organizationalPerson、inetOrgPerson
#用户映射
#
ldap.user.mappings.1=screenName=uid\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn\ngroup=groupMembership\nfullName=cn
#出口相关财产
ldap.group.default.object.classes.1=top,groupOfUniqueNames
#群映射
#
ldap.group.mappings.1=groupName=cn\n说明=description\n用户=uniqueMember
#导入和导出搜索筛选器
#
ldap.import.user.search.filter.1=(objectClass=inetOrgPerson)
ldap.import.group.search.filter.1=(objectClass=groupOfUniqueNames)
#出口相关财产
ldap.users.dn.1=dc=example,dc=com
#出口相关财产
ldap.groups.dn.1=dc=example,dc=com
auth.pipeline.pre.1=com.liferay.portal.security.auth.LDAPAuth
ldap.import.method.1=用户
ldap.import.enabled=true
ldap.import.on.startup=true
ldap.auth.enabled=true
ldap.auth.required=true
ldap.password.policy.enabled=true
我猜可能缺少一些属性。正如我在问题中所说,我使用一些java代码在ldap中创建用户,并将密码绑定到ldap的userPassword字段。因此,这些是我为解决问题所做的更改
ldap.user.mappings=screenName=uid\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn
ldap.auth.search.filter=(uid=@screen_name@)
ldap.import.user.password.enabled=false
ldap.import.user.password.autogenerated=false
ldap.import.user.password.default=userPassword
1) 我已经启用了用户ldap密码策略(ldap.password.policy.enabled=true)2)我已经指定了超级用户角色ldap.password.policy和portal password.policy是否相同?我在哪里指定portal passowrd策略?在configuration>passwordpolicy选项卡中,我可以看到“您正在使用LDAP的密码策略。如果希望使用本地密码策略,请更改LDAP密码策略设置”。您是否询问了此问题?确定,这意味着您的密码是使用LDAP密码策略导入的。这里不应该有什么问题。然后,加密技术可能会出现问题。解密您存储在lportal中的密码,并验证它是否与ldap密码匹配。从lportal解密密码嗯,我认为这是不可能的。我不确定他们使用哪种加密技术use@Parkash库马尔,@aston感谢你的评论