Importing Users From LDAP in Liferay - liferay

I have exactly the same issue since 5 days, Impossible to import Users and group from OpenLDAP to Liferay CE 6.1 ...
Here the structure of my OpenLDAP :
World
--tn
----com
------domain
--------admin
--------Computers
--------domain
--------Groups
----------IT
------------cn
------------gidNumber
------------objectClass
------------memberUid (n member)
--------Users
----------uid0001
------------cn
------------gidNumber
------------homeDirectory
------------objectClass
------------sn
------------uid
------------uidNumber
------------givenName
------------loginShell
------------userPassword
And here is my portal-ext.porperties file :
## LDAP Server Settings
ldap.base.provider.url=ldap://controller.domain.com.tn:389
ldap.base.dn=DC=domain,DC=com,DC=tn
# authentication
ldap.security.principal=cn=admin,dc=domain,dc=com,dc=tn
ldap.security.credentials=My Password !
# search from this point in the tree
ldap.users.dn=DC=domain,DC=com,DC=tn
# You can write your own class that implements
# com.liferay.portal.security.ldap.AttributesTransformer to transform the
# LDAP attributes before a user or group is imported to the LDAP store.
ldap.attrs.transformer.impl=com.liferay.portal.security.ldap.DefaultAttributesTransformer
# standard mappings, must be present in LDAP or we get an exception
#ldap.user.mappings=screenName=cn\npassword=userPassword\nemailAddress=\nfirstName=givenName\nlastName=sn\njobTitle=\ngroup=
ldap.user.mappings=screenName=cn\npassword=userPassword\nfirstName=givenName\nlastName=sn\njobTitle=title\ngroup=groupMembership\nemailAddress=uid
ldap.auth.search.filter=(mail=#user_id#)
ldap.import.user.search.filter=(objectClass=inetOrgPerson)
## Import, users can be imported on demand at login or at startup and at regular intervals.
ldap.import.enabled=true
ldap.import.interval=360
ldap.import.on.startup=true
ldap.export.enabled=false
ldap.user.default.object.classes=inetOrgPerson,organizationalPerson
## Custom Mappings, same format as ldap.user.mappings
##Commented by ME : ldap.user.custom.mappings=nickname=mailNickname\ndisplay=cn
## Added from this link : http://www.liferay.com/community/forums/-/message_boards/message/5681334
users.screen.name.validator=com.liferay.portal.security.auth.LiberalScreenNameValidator
users.screen.name.allow.numeric=true
##added from this link : http://issues.liferay.com/browse/LPS-14519
users.screen.name.always.autogenerate=true
##added from this link : http://vkbardia.blogspot.com/2012/05/liferay-authentication-fails-for-screen.html?showComment=1345199625453#c3592789922325172023
users.email.address.required= false
#Groups
ldap.group.mappings=groupName=cn\ndescription=description\nuser=memberUid
ldap.import.create.role.per.group=false
PS : I don't have an email field for my users that's why I want them to login with their UID.
PS : When running in eclipse I got this :
13:35:47,450 ERROR [PortalLDAPImporterImpl:196] Error importing LDAP users and groups
java.lang.NullPointerException
at com.liferay.portal.kernel.io.unsync.UnsyncStringReader.<init>(UnsyncStringReader.java:33)
at com.liferay.portal.kernel.util.PropertiesUtil.load(PropertiesUtil.java:199)
at com.liferay.portal.kernel.util.PropertiesUtil.load(PropertiesUtil.java:192)
at com.liferay.portal.security.ldap.LDAPSettingsUtil.getUserExpandoMappings(LDAPSettingsUtil.java:124)
at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importFromLDAP(PortalLDAPImporterImpl.java:169)
at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importFromLDAP(PortalLDAPImporterImpl.java:128)
at com.liferay.portal.security.ldap.PortalLDAPImporterUtil.importFromLDAP(PortalLDAPImporterUtil.java:34)
at com.liferay.portal.util.PortalInstances._initCompany(PortalInstances.java:448)
at com.liferay.portal.util.PortalInstances.initCompany(PortalInstances.java:92)
at com.liferay.portal.servlet.MainServlet.initCompanies(MainServlet.java:766)
at com.liferay.portal.servlet.MainServlet.init(MainServlet.java:336)
at javax.servlet.GenericServlet.init(GenericServlet.java:160)
at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1266)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1185)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1080)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5001)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5289)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:866)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:842)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:615)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:649)
at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1581)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(FutureTask.java:138)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)
PS : I'm writing all this in detail cause this is so important for me.
Waiting for your Help.
Best & Regards

hope this might help you,
http://www.liferay.com/community/forums/-/message_boards/message/8246721

Related

Running Derby as a server on Linux using JDK11

I am at my wits end!
I have a minimal install of Ubuntu Server 18.04 and OpenJDK 11 (headless).
Downloaded, to a local folder are the java 9+ binaries for Derby (db-derby-10.15.2.0-bin)
Path and Environment settings are all correct!
When I start the server startNetworkServer -h 0.0.0.0, I get an error when doing a simple connect using the ij command line tool
ij> connect 'jdbc:derby://localhost:1527/dbname;create=true';
ERROR XJ041: DERBY SQL error: ERRORCODE: 40000, SQLSTATE: XJ041, SQLERRMC: Failed to create database 'dbname', see the next exception for details.::SQLSTATE: XBM01::SQLSTATE: XJ001
The derby.log file makes reference to:
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getenv.SOURCE_DATE_EPOCH")
Looking further into this error, I learned that I somehow need a security.profile. I found this website that seemed to be the answers to my problems. https://www.javacodegeeks.com/2020/04/apache-derby-database-jvm-security-policy.html
Following these pretty straight-forward instructions, I get:
java.security.AccessControlException: access denied
org.apache.derby.shared.common.security.SystemPermission( "engine", "usederbyinternals" )
For the next person who has this strange problem (it seems to happen with some regularity, here's a simple workaround, copied from this FAQ page at Chalmers Institute of Technology:
Q: When we try to create a database in Derby and the database explorer in NetBeans, we get one or more of the following error(s):
An error occurred while creating the database:
java.sql.NonTransientConnectionException: DERBY SQL error: ERRORCODE:
40000, SQLSTATE: XJ041, SQLERRMC: ...
Caused by: java.security.AccessControlException: access denied
("java.lang.RuntimePermission" "getenv.SOURCE_DATE_EPOCH")
A: This is some kind of missconfiguration in the JVM with a very aggressive security policy that doesn't allow applications to fetch the time on the system (since epoch). The solution is to edit ~/.java.policy or [java.home]/lib/security/java.policy and add the following:
grant {
permission java.lang.RuntimePermission "getenv.SOURCE_DATE_EPOCH", "read";
};
If you are on Windows you can read about where this policy file is supposed to be located here;
https://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFiles.html
Apache-Derby is a database management system prepared for a multi-user environment, therefore, when you execute the startNetworkServer -h 0.0.0.0 instruction, you are telling it by default to take certain security into account, and that is why it does not let you do an insecure connection such as ij> connect 'jdbc:derby://172.16.17.31:1527/BBDD_server;create=true';
because you are connecting without specifying username and password, so you should either connect by specifying username + password, or start the server without any security:
startNetworkServer -h 0.0.0.0 -noSecurityManager
More help:
https://db.apache.org/derby/docs/10.4/adminguide/tadminnetservopen.html
https://db.apache.org/derby/docs/10.4/adminguide/tadminnetservbasic.html

Why is Wildfly 17 complaining about missing BearerTokenAuthenticationMechanism ctor?

we're trying to upgrade from Wildfly 15 to Wildfly 17. When starting the application under 17 we get lot's of DEBUGs in log as follows:
2019-07-16 08:30:41,031|DEBUG| org.jboss.as.domain.management|Identification of operation not progressing after [15000000000] ns has been requested
2019-07-16 08:30:51,029|DEBUG| io.undertow.request|Matched prefix path /management for path /management
2019-07-16 08:30:51,029|DEBUG| io.undertow.request.security|Setting authentication required for exchange HttpServerExchange{ POST /management}
2019-07-16 08:30:51,029|DEBUG| org.wildfly.security|Unable to create instance
java.security.NoSuchAlgorithmException: ELY00011: Unable to create service for 'HttpServerAuthenticationMechanismFactory.BEARER_TOKEN'
at org.wildfly.security.WildFlyElytronProvider$ProviderService.newInstance(WildFlyElytronProvider.java:342)
at org.wildfly.security.http.util.SecurityProviderServerMechanismFactory.getMechanismNames(SecurityProviderServerMechanismFactory.java:79)
at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory.getMechanismNames(SetMechanismInformationMechanismFactory.java:58)
at org.wildfly.security.http.util.FilterServerMechanismFactory.getMechanismNames(FilterServerMechanismFactory.java:100)
at org.wildfly.security.http.util.SortedServerMechanismFactory.getMechanismNames(SortedServerMechanismFactory.java:50)
at org.wildfly.security.auth.server.HttpAuthenticationFactory.getAllSupportedMechNames(HttpAuthenticationFactory.java:65)
at org.wildfly.security.auth.server.AbstractMechanismAuthenticationFactory.getMechanismNames(AbstractMechanismAuthenticationFactory.java:77)
at org.jboss.as.domain.http.server.ManagementHttpServer.lambda$secureDomainAccess$3(ManagementHttpServer.java:447)
at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:253)
at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$800(HttpAuthenticator.java:242)
at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:97)
at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:96)
at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:364)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NoSuchMethodException: org.wildfly.security.http.bearer.BearerTokenAuthenticationMechanism.<init>(java.security.Provider)
at java.lang.Class.getConstructor0(Class.java:3082)
at java.lang.Class.getConstructor(Class.java:1825)
at org.wildfly.security.WildFlyElytronProvider$ProviderService.newInstance(WildFlyElytronProvider.java:339)
Why is this and how can I get rid of these log entries?
Best regards
Mark.
This appears to be a bug in the WildFlyElytronProvider, I have created the following so we can implement a fix - https://issues.jboss.org/browse/ELY-1847
As this is just a DEBUG message you should be able to ignore in the meantime if you are not trying to use this mechanism.

Liferay 7 Login Fragment error

I have created login fragment for login.jsp which is working perfectly fine.
Now I need to add some code to fetch some data from custom tables so I have added XYZLocalServiceUtil call using scriptlet.
Now service call is working but problem is when I deploy fragment hook it gives following error and portlet becomes unavailable, but only for first time after deployment.
When I refresh page, next time it works properly without any error. I am not sure why it is not able to get following dependency for first time.
07:17:00,237 ERROR [http-nio-9080-exec-9][PortletRequestDispatcherImpl:265] Unable to dispatch request: javax.el.ELException: Provider com.sun.el.ExpressionFactoryImpl not found
07:17:00,242 ERROR [http-nio-9080-exec-9][PortletServlet:111] javax.portlet.PortletException: org.apache.jasper.JasperException: javax.el.ELException: Provider com.sun.el.ExpressionFactoryImpl not found
javax.portlet.PortletException: org.apache.jasper.JasperException: javax.el.ELException: Provider com.sun.el.ExpressionFactoryImpl not found
at com.liferay.portlet.PortletRequestDispatcherImpl.dispatch(PortletRequestDispatcherImpl.java:267)
at com.liferay.portlet.PortletRequestDispatcherImpl.include(PortletRequestDispatcherImpl.java:102)
at com.liferay.portal.kernel.portlet.bridges.mvc.MVCPortlet.include(MVCPortlet.java:594)
at com.liferay.portal.kernel.portlet.bridges.mvc.MVCPortlet.include(MVCPortlet.java:610)
at com.liferay.portal.kernel.portlet.bridges.mvc.MVCPortlet.doView(MVCPortlet.java:160)
at com.liferay.portal.kernel.portlet.LiferayPortlet.doDispatch(LiferayPortlet.java:303)
at com.liferay.portal.kernel.portlet.bridges.mvc.MVCPortlet.doDispatch(MVCPortlet.java:497)
at javax.portlet.GenericPortlet.render(GenericPortlet.java:262)
at com.liferay.portal.kernel.portlet.bridges.mvc.MVCPortlet.render(MVCPortlet.java:317)
at com.liferay.portlet.FilterChainImpl.doFilter(FilterChainImpl.java:103)
at com.liferay.portlet.ScriptDataPortletFilter.doFilter(ScriptDataPortletFilter.java:57)
at com.liferay.portlet.FilterChainImpl.doFilter(FilterChainImpl.java:100)
at com.liferay.portal.kernel.portlet.PortletFilterUtil.doFilter(PortletFilterUtil.java:64)
at com.liferay.portal.kernel.servlet.PortletServlet.service(PortletServlet.java:107)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at org.eclipse.equinox.http.servlet.internal.registration.EndpointRegistration.service(EndpointRegistration.java:153)
at org.eclipse.equinox.http.servlet.internal.servlet.ResponseStateHandler.processRequest(ResponseStateHandler.java:62)
at org.eclipse.equinox.http.servlet.internal.context.DispatchTargets.doDispatch(DispatchTargets.java:117)
at org.eclipse.equinox.http.servlet.internal.servlet.RequestDispatcherAdaptor.include(RequestDispatcherAdaptor.java:48)
at com.liferay.portlet.InvokerPortletImpl.invoke(InvokerPortletImpl.java:530)
at com.liferay.portlet.InvokerPortletImpl.invokeRender(InvokerPortletImpl.java:605)
at com.liferay.portlet.InvokerPortletImpl.render(InvokerPortletImpl.java:391)
at com.liferay.portal.monitoring.internal.portlet.MonitoringInvokerPortlet.render(MonitoringInvokerPortlet.java:265)
at org.apache.jsp.html.portal.render_005fportlet_jsp._jspService(render_005fportlet_jsp.java:1580)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at com.liferay.portal.servlet.DirectRequestDispatcher.include(DirectRequestDispatcher.java:64)
at com.liferay.portal.servlet.ClassLoaderRequestDispatcherWrapper.doDispatch(ClassLoaderRequestDispatcherWrapper.java:78)
at com.liferay.portal.servlet.ClassLoaderRequestDispatcherWrapper.include(ClassLoaderRequestDispatcherWrapper.java:53)
at com.liferay.portlet.PortletContainerImpl._render(PortletContainerImpl.java:707)
at com.liferay.portlet.PortletContainerImpl.render(PortletContainerImpl.java:162)
at com.liferay.portlet.SecurityPortletContainerWrapper.render(SecurityPortletContainerWrapper.java:133)
at com.liferay.portlet.RestrictPortletContainerWrapper.render(RestrictPortletContainerWrapper.java:133)
...
I have tried by adding following dependency in gradle file but no luck.
compile group: 'org.glassfish', name: 'javax.el', version: '3.0.0'
I am using "liferay-ce-portal-7.0-ga4", If anyone faced similar issue please suggest the way to resolve it.
Thanks

Configure Security Manager on Tomcat7

Trying to configure Security Manager for Tomcat 7. We are running Java 1.8.0_51 on a 64 bit Windows 2008 server and run Tomcat as a service. I've added the following lines as Java Options:
-Djava.security.manager
-Djava.security.policy=D:\Program Files\Apache Software Foundation\Tomcat7.0\conf\catalina.policy
The security policy file is the default file and has not been modified. After adding the lines I can no longer start Tomcat. I get the following error messages:
2015-10-07 08:58:31 Commons Daemon procrun stderr initialized properties: reading security properties file: C:\Program Files\Java\jre1.8.0_51\lib\security\java.security jar: beginEntry META-INF/MANIFEST.MF jar: done with meta! jar: nothing to verify! scl: getPermissions ProtectionDomain (file:/D:/Program%20Files/Apache%20Software%20Foundation/Tomcat7.0/bin/tomcat-juli.jar <no signer certificates>) sun.misc.Launcher$AppClassLoader#c387f44 <no principals> java.security.Permissions#28d93b30 ( ("java.lang.RuntimePermission" "exitVM") ("java.io.FilePermission" "\D:\Program Files\Apache Software Foundation\Tomcat7.0\bin\tomcat-juli.jar" "read") ) scl: policy: reading file:/D:/Program%20Files/Apache%20Software%20Foundation/Tomcat7.0/conf/catalina.policy [Policy Parser]: sun.security.util.PropertyExpander$ExpandException: unable to expand property catalina.home [Policy Parser]: sun.security.util.PropertyExpander$ExpandException: unable to expand property catalina.base
I also see errors like the following:
java.lang.IllegalArgumentException: null KeyStore name
If I remove the new config lines all is well.
Any ideas?

java.security.NoSuchAlgorithmException:Algorithm PBKDF2WithHmacSHA1 not available

My webserver, orion 1.5.4, run on jre 1.4.2, when I run
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
the following exception is thrown
java.security.NoSuchAlgorithmException:Algorithm PBKDF2WithHmacSHA1 not available
I google and find need to add Bouncy Castle provider, so I download bcprov-jdk14-150.jar and placed it in classpath, and download the unlimited policy files in the JVM, then when I run the program code, error thrown in line
aesCipher.init(Cipher.DECRYPT_MODE,secretKey, new IvParameterSpec(ivByte));
the error message is
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.SunJCE_b.(DashoA12275)
... 15 more
Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
at javax.crypto.SunJCE_b.a(DashoA12275)
at javax.crypto.SunJCE_b.g(DashoA12275)
at javax.crypto.SunJCE_b.f(DashoA12275)
at javax.crypto.SunJCE_t.run(DashoA12275)
at java.security.AccessController.doPrivileged(Native Method)
... 16 more
how to solve it?
I found the problem, I download the unlimited policy files for java 1.6 wrongly, should download for java 1.4.
thanks

Resources