I have integrated OpenDJ with OpenAM. The users created in OpenDJ are reflected in OpenAM and are able to log into OpenAM. I used SHA-1 as password storage scheme in OpenDJ. OpenDJ also imports users from Liferay which also has SHA-1 password storage scheme. The problem is that i cannot log into OpenAM. The login is failed.
Why the users created in OpenDJ can log into OpenAM but not the users imported from Liferay although the users are reflected in OpenAM also? How to fix this?
Liferay integration with OpenAM and OpenDJ
909 Views Asked by nebula At
3
There are 3 best solutions below
0
On
You may try to check what Liferay writes to OpenDJ using a sniffer. The default ldap.auth.password.encryption.algorithm is NONE, which has the funny effect of creating passwords with the {NONE} algorithm in OpenDJ, and apparnetly OpenDJ does not like these. You may try adding
ldap.auth.password.encryption.algorithm=SHA1
to your Liferay portal-ext.properties file.
0
On
Using the help provided by Ludovic and Bernhard, it seems Liferay is not creating a password in OpenDJ, as my new users wind up with an entry of:
userPassword: {NONE}null
This seems to be a bug with version 6.1. Said to be fixed in 6.2 pre-release.
You may check OpenAM auth module debug log .. not sure which auth module you use.
If you use LDAP auth module then OpenAM performs an LDAP 'BIND'-operation. The password is compared on the server side, not the client (OpenAM) side. BTW the password is sent in clear text from OpenAM to OpenDJ.
-Bernhard