Unable to import user CN=Testuser01 - Unable to encrypt blank passwordUnable to import user CN=Testuser01 - Unable to encrypt blank passwordhttps://liferay.dev/en/c/message_boards/find_thread?p_l_id=119785333&threadId=1117484102024-03-29T12:26:16Z2024-03-29T12:26:16ZUnable to import user CN=Testuser01 - Unable to encrypt blank passwordLukas Wilbrandhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1117484092018-12-06T12:45:27Z2018-12-06T12:45:27Z<p>
<span style="font-size: 10.0pt;">
<span style="font-family: Arial , sans-serif;">
<span style="color: black;">Hello everyone,</span></span></span></p>
<p> </p>
<p>
<span style="font-size: 10.0pt;">
<span style="font-family: Arial , sans-serif;">
<span style="color: black;">Right know we are faced with the
problem that we are currently unable to import any User via LDAP.</span></span></span></p>
<p> </p>
<p>
<span style="font-size: 10.0pt;">
<span style="font-family: Arial , sans-serif;">
<span style="color: black;">We have defined the required
configuration given the documentation under the following link:
<a
href="https://dev.liferay.com/de/discover/deployment/-/knowledge_base/7-1/ldap">https://dev.liferay.com/de/discover/deployment/-/knowledge_base/7-1/ldap</a><br />
All configurations have been set under Control
Panel->Configuration->Instance
Settings->Authentication->LDAP with the following values:</span></span></span></p>
<p> </p>
<p>
<span style="font-size: 10.0pt;">
<span style="font-family: Arial , sans-serif;">
<span style="color: black;">• Enabled: true<br /> • Required:
false<br /> • Method: Bind<br /> • Password Encryption
Algorithm: None<br /> • Enable Import: true<br /> • Enable
Import on Startup: false<br /> • Import Interval: 10<br /> •
Import Method: User<br /> • Lock Expiration Time: 86400000<br />
• Import User Sync Strategy: Auth Type<br /> • Enable User
Password on Import: false<br /> • Default User Password:
Blank<br /> • Enable Group Cache on Import: false<br /> • Create
Role per Group on Import: false<br /> • Enable Export:
false<br /> • Enable Group Export: false<br /> • Use LDAP
Password Policy: true</span></span></span></p>
<p> </p>
<p>
<span style="font-size: 10.0pt;">
<span style="font-family: Arial , sans-serif;">
<span style="color: black;">We are running Liferay Portal CE 7.1
GA1 (Bundled with Tomcat) in combination with a Microsoft Active
Directory Server.<br /> The configuration for the LDAP-Server is
as followed:</span></span></span></p>
<p> </p>
<p>
<span style="font-size: 10.0pt;">
<span style="font-family: Arial , sans-serif;">
<span style="color: black;">• Base Provider URL:
ldap://url_to_the_server:389<br /> • Base DN: {BaseDN}<br /> •
Principal: {Username}<br /> • Credentials: {Password}<br /> •
Authentication Search Filter:
(&(objectCategory=person)(sAMAccountName=@user_id@))<br /> •
Users - Import Search Filter:
(&(objectClass=person)(memberOf=CN={CN}))<br /> • UUID:
blank<br /> • Screen Name: sAMAccountName<br /> • Email Address:
userprincipalname<br /> • Password: userPassword<br /> • First
Name: givenName<br /> • Middle Name: initials<br /> • Last Name:
sn<br /> • Full Name: cn<br /> • Job Title: blank<br /> •
Status: blank<br /> • Group: memberOf<br /> • Portrait:
blank<br /> • Custom User Mapping: blank<br /> • Custom Contact
Mapping: blank<br /> • Groups - Import Search Filter:
(&(objectClass=group)(cn={cn}))<br /> • Group Name: cn<br />
• Description: sAMAccountName<br /> • User: member </span></span></span></p>
<p> </p>
<p>
<span style="font-size: 10.0pt;">
<span style="font-family: Arial , sans-serif;">
<span style="color: black;">Liferay can successfully connect to
the LDAP server with the given credentials and the subset of
users that will be displayed in the review is correct. </span></span></span></p>
<p>
<span style="font-size: 10.0pt;">
<span style="font-family: Arial , sans-serif;">
<span style="color: black;">Every user that should be imported has
a password. The problem is after activating the
LDAP-Configuration we are faced with the following exception:</span></span></span></p>
<p> </p>
<p>
<span style="font-size: 10.0pt;">
<span style="font-family: Arial , sans-serif;">
<span style="color: black;">07:31:46,475 ERROR
[liferay/scheduled_user_ldap_import-1][LDAPUserImporterImpl:796]
Unable to import user CN=Testuser01,CN=Users: null:null:<br />
{samaccountname=sAMAccountName: liferaytest01}<br />
com.liferay.portal.kernel.exception.PwdEncryptorException:
Unable to encrypt blank password</span></span></span></p>
<p>
<br />
<span style="font-size: 10.0pt;">
<span style="font-family: Arial , sans-serif;">
<span style="color: black;">Currently it is not possible to import
any users via the defined LDAP-Configuration (Every user results
in the mentioned exception) except for the groups which were
successfully added into Control Panel->Users->User
Groups<br /> Right know we are using a workaround so that every
user will be assigned with a default password which is defined
with the following modification:</span></span></span></p>
<p> </p>
<p>
<span style="font-size: 10.0pt;">
<span style="font-family: Arial , sans-serif;">
<span style="color: black;">• Enable User Password on Import:
true<br /> • Default User Password: {Password}</span></span></span></p>
<p> </p>
<p>
<span style="font-size: 10.0pt;">
<span style="font-family: Arial , sans-serif;">
<span style="color: black;">We are only running this setup right
know to allow the users to at least be able to login into
Liferay via the defined password.<br /> I suspect that there
could be an old or damaged LDAP-Configuration which overrides
our current configuration given the fact that we have a lot of
imported Users in Liferay which have the right Name
(corresponding to the Active Directory definition) but are
defined with a random Screen Name (for example: Name:
Testuser01, Screen Name: 83388 – which is also the User ID)</span></span></span></p>
<p> </p>
<p>
<span style="font-size: 10.0pt;">
<span style="font-family: Arial , sans-serif;">
<span style="color: black;">Is it possible that we somehow need to
cleanup the database to get rid of any configurations or are the
other possible workarounds to solve this problem?</span></span></span></p>
<p> </p>
<p>
<font face="Arial, sans-serif">
<span style="font-size: 13.3333px;">Thanks in advance!</span></font></p>
<p>
<font face="Arial, sans-serif">
<span style="font-size: 13.3333px;">- Luk</span></font>&