1. Home
  2. Portal
  3. RE: LDAP password sync

RE: LDAP password sync

Harry Chen, modified 5 Years ago.
LDAP password sync
New Member Posts: 3 Join Date: 9/3/20 Recent Posts
Hi,
I configured LDAP (Active Directory) for user authetication. Now, I can use AD user to login, my question is about password.
When AD user logon Liferay for first time, it will ask the user to change password. After the user change the password, the user then has to use the new password to login next time. The user cannot use AD password to login anymore. Seems Liferay stored the new password locally. Is this expected behavior? I am using CE 7.3.4-ga5.
Can I force Liferay to check with AD server for the password each time when user login Liferay?
thumbnail
Jack Bakker, modified 5 Years ago.
RE: LDAP password sync
Liferay Master Posts: 978 Join Date: 1/3/10 Recent Posts
Do you have "required" checked ?"Required: Check this box if LDAP authentication is required. Liferay DXP then won’t allow a user to log in unless he or she can successfully bind to the LDAP directory first. "https://help.liferay.com/hc/en-us/articles/360017896112-LDAP
Harry Chen, modified 5 Years ago.
RE: LDAP password sync
New Member Posts: 3 Join Date: 9/3/20 Recent Posts
I did some test, but the result is quite confusing.

after first-time login, now I can use AD password login. But if I change AD password, I can use both old and new AD password to login Liferay. Does it mean, Liferay still stored the AD password locally, and it will check local password first and then check AD server?
thumbnail
Jack Bakker, modified 5 Years ago.
RE: LDAP password sync
Liferay Master Posts: 978 Join Date: 1/3/10 Recent Posts
Do you have "required" checked ?
Harry Chen, modified 5 Years ago.
RE: LDAP password sync
New Member Posts: 3 Join Date: 9/3/20 Recent Posts
Yes, the test was after 'required' checked.