RE: LDAP authentication vs. local authentication

2024-04-12T08:22:42Z

Hi Ovidiu,

The behaviour may differ depending on how the LDAP is configured. Is both the import and export enabled? Being able to authenticate with an old password can happen when the export is enabled. With export, when a user is updated in the portal, updates immediately go to the LDAP side, but not always the other way around. The import from the LDAP side happens with different trigger points and your case may occur sometimes. Even if the "LDAP required" is enabled. it may be different also if the import is enabled or not beside the export.

A workaround may be to enable 'Autogenerate User Password on Import' which should prevent use of stale passwords.

Regards,
Zsigmond

LDAP authentication vs. local authentication

2024-04-11T13:01:37Z

Hello,

We use Liferay 7.4 GA 106 with LDAP integration to manage internal users login to Liferay from the organization.

All it's fine, authentication works well with small execeptions.

Issue is that when a user is changing the password in LDAP then he can still authenticate with the old password in Liferay and password syncronization is happening at some point but I did not find the actual rule. I also tried to select "LDAP required" and "Use LDAP server policy" but still the user can login with old password sometime and new password is not entering into force.

Also, I noticed that locally created accounts can still login even the "LDAP required" is enabled, shall this force the user to be authenticated only with LDAP server?

Has anyone have similar situations or is there some material to explain how this shall work?

Thank you,
Ova