ldap,log4j,liferay,liferay-6,openldap , How to ignore Liferay user removed from LDAP errors?

How to ignore Liferay user removed from LDAP errors?


Tag: ldap,log4j,liferay,liferay-6,openldap

I have a Liferay 6.1 instance that is connected to LDAP. New users get imported nicely, but when I remove a user from the LDAP directory, Liferay starts throwing exceptions when it tries to sync users from LDAP.

These seem to be safe to ignore, but they produce several megabytes of log and it makes log parsing highly annoying. Also I think it might affect performance. If a deleted user logs in, they see nothing.

16:13:54,422 ERROR [liferay/scheduler_dispatch-790][PortalLDAPImporterImpl:995] LDAP user not found with fullUserDN cn=foobar,ou=people,o=foo,dc=bar,dc=baz
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'cn=foobar,ou=people,o=foo,dc=bar,dc=baz'
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3057)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
    ... etc

How could I convince Liferay that this is really OK? Or is there something else I should do?


Until missing users in LDAP are supported by Liferay you can turn off the logging for this particular message. Just create the file ROOT.war/WEB-INF/classes/META-INF/portal-log4j-ext.xml with the following content:

<?xml version="1.0">
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
    <!-- Copy all appenders from 
         and add the following filter: -->
    <appender ...>
        <filter class="org.apache.log4j.filter.StringMatchFilter">
            <param name="StringToMatch" value="LDAP user not found with fullUserDN" />
            <param name="AcceptOnMatch" value="false" />

    <!-- Keep the root definition from portal-log4j.xml 
         to trigger the parsing of the appenders: -->
        <priority value="INFO" />
        <appender-ref ref="CONSOLE" />
        <appender-ref ref="FILE" />

You can find more about logging in the Liferay Wiki.


Write multiple log4j files with different info

The API I am working on cannot be connected to a database, but need to log events that are happening in the API. To do this I was thinking on using log4j to create log file with API event information. The problem is that all log entries end up in...

Create a hyperlink to a project file in console output

Is there a way for me to write out a link to the console output that when clicked on directs to a project file in Intellij? For example, this happens when a run-time exception occurs. I see the stack trace and I can click on a link in the console...

how to bypass the necessity of having to have email address firstname and lastname in liferay to import authenticating users

My application uses liferay to connect to LDAP server and import authenticating users. But many of the user records in the ldap schema doesn't have email id. This seems to be preventing me from importing these users as liferay requires email id, among other things, inorder to successfully import new...

slf4j trace vs debug used with log4j

From the log4j documentation I know that these are the levels in the h http://logging.apache.org/log4j/1.2/manual.html TRACE, DEBUG, INFO, WARN, ERROR and FATAL Fatal being the top level. But could not understand the difference between Trace and debug. I have tried with setting the log level to debug and I can...

How to implement Spring Security Ldap authentication using the configurer class correctly?

Hi I'm trying to implement spring's ldap authentication using the WebSecurityConfigurerAdapter class. So far I can authenticate through the in memory method and even my corp's ldap server, however the latter method I'm only able to authenticate if I pass a hardcoded userDN and password when I create the new...

Spring LDAP Context.REFERRAL to follow

How do I set the LDAP Context.REFERRAL to follow in a Spring Security configuration? This is related to a problem I already reported and for which I found an unsatisfactory solution before discovering the real solution I am seeking for involve setting this environment attribute in the LDAP context to...

any additional advantages to user SLF4J library instead of apache log4j

I came across this library for logging slf4j in my assignment. I have used apache log4j library before but from the documentation I could not understand the use case for the slf4j library. (face palm) Can any one tell me the advantages of using SLF4j or possible real world cases....

Bash How To Select Multiple Lines from ldif-type File based on dn

I am wondering how best to parse an ldif file (and ldif-like files) so that I can import each DN entry and its associated attributes into variables, without crossing over into other DNs and their attributes, as everything is in a single file. Please how can this be done? Thanks...

worklight - Cannot use WL.Client.getUserInfo(“LDAPRealm”, “userId”) to get information after refresh page with LDAPLoginModule

I used the LDAPLoginModule sample app, and I found that I can't use WL.Client.getUserInfo("LDAPRealm", "userId") to get any login user information after refresh page, is that right? if it is, how can I get user information after refresh page?

Design Pattern to only return certain LDAP attributes in an object

Let's say I have the following class, with many instance variables and corresponding getters and setters: public class Foo { private String a; private int b; ... private List<String> z; public String getA() { return a; } public void setA(String a) { this.a = a; } public int getB() {...

monitor log4j behaviour under load

I want to test my J2EE application under high load of sessions accessing different pages. This web application uses Log4J to log bunch of errors,warnings and infos. I want to test what is the side effect of this load on writing log files, especially concurrent I/O writing actions. I found...

Log4j Implicit String Formatting

I am using log4j v1.2.14 for logging in my project and I am also using Java 7 String.format() to put variables in my output. Currently I am writing LOGGER.info(String.format("Your var is [%s] and you are [%s]", myVar, myVar1)); Is this really the best way to output strings? I feel that...

Log4j write nothing

I have a problem with log4j, write nothing in the console and don't generate the log file. I have no error, no exception and no messages on my eclipse console, it's only do nothing. log4j.properties (in src/main/resources) # Root logger option log4j.rootLogger=DEBUG, stdout, file # Redirect log messages to console...

Error while importing LDIF

Server: Apache DS 2.0 Client: Apache Directory Studio 2.0 The problem: I am running into error while importing a LDIF This one works http://pastebin.com/DKZ4fT0U This one does not http://pastebin.com/Z5NxUxX4 Error message: #!ERROR [LDAP: error code 32 - NO_SUCH_OBJECT: failed for MessageType : ADD_REQUEST Message ID : 81 Add Request :...

HtmlUnitDriver writes logs in my personal Log4J files

I wrote crawlers for 3 different sites and run the crawlers in 3 threads. For each crawler I use single logger. My 'log4j.properties' file looks like: log4j.rootLogger=TRACE, ZDNET, CNET, GOOGLEPLAY log4j.appender.ZDNET=org.apache.log4j.RollingFileAppender log4j.appender.ZDNET.File=logs/zdnet.log log4j.appender.ZDNET.MaxFileSize=20MB log4j.appender.ZDNET.MaxBackupIndex=100 log4j.appender.ZDNET.layout=org.apache.log4j.PatternLayout log4j.appender.ZDNET.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p - %m%n...

Logstash patter for log4j

I'm setting up Elasticsearch, Logstash and Kibana. I encountered an error when I am configuring "logstash.conf". Here's the error I got. {:timestamp=>"2015-05-25T21:56:59.907000-0400", :message=>"Error: Expected one of #, {, ,, ] at line 12, column 49 (byte 265) after filter {\n grok {\n match => [\"message\", \"<log4j:event logger=\""} {:timestamp=>"2015-05-25T21:56:59.915000-0400", :message=>"You may...

Avoiding Active Directory Uniqueness Constraint Violation During Rename

Our environment has 2 Windows domain controllers successfully replicating on W2k12. In that domain, like everyone else, we have tons of accounts, some of whose account attributes are required to be unique. For business reasons not worth visiting here, we need to sometimes swap attributes between accounts. That is, user1...

Where is the LDAP auth settings stored in the Moodle server?

I have recently updated the Moodle LDAP-auth settings under Site Administration > Plugins > Authentication > LDAP Server I have done this to change the LDAP server settings from using our old EDIR to our new and preferred AD. Now I can't log-in. I have gone into the db and...

Riak CS LDAP authentication

I read here that Riak CS supports LDAP for authentication: http://bit.ly/1Rb2yTF "Pluggable Authentication/Authorization for Integration with Existing Infrastructure – Riak CS provides an extensible authentication system, enabling integration with existing directory services (LDAP, ActiveDirectory, NIS, PAM)." However I cannot find anything relating to the LDAP authentication configuration in the docs....

Active Directory membership provider using LDAP

I am working on a school assignment where we handle logins to a web application written in asp.NET using Active Directory. Our Active Directory is installed on a virtual machine on Azure. When trying to login, I am presented with the following error: I have checked my connection string multiple...

Two logs for one class

I'm working on jdk 1.6 and I have a class that needs to log to 2 different log files using log4j. I have read many other answers, but I can't get mine to work the way I want it. This is my log4j properties. log4j.debug=false log4j.rootLogger=ERROR, appLog log4j.logger.com.my.apps.idm.transactionalemail=DEBUG, appLog, infoLog...

Spring-LDAP - Password Compare How-to Update Failed Password Attempts

Using ApacheDS 2.0.0, the pertinent portion of the config is: dn: ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config ads-pwdminlength: 5 ads-pwdinhistory: 5 ads-pwdid: default ads-pwdcheckquality: 1 ads-pwdlockout: TRUE ads-pwdlockoutduration: 0 ads-pwdvalidator: org.apache.directory.server.core.api.authn.ppolicy.DefaultPasswordValidator ads-pwdmaxfailure: 5 ads-pwdattribute: userPassword ads-pwdfailurecountinterval: 30 entryParentId:...

log4j creates log file but does not write the messages that I am creating

Log file is getting created and logs are getting written into it.But , it doesn't write the things that i specify in LOG.trace("") and LOG.error("") etc. log4j.rootLogger=INFO,R # Direct log messages to stdout log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.Target=System.out log4j.appender.stdout.layout=org.apache.log4j.PatternLayout log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss}%-5p %c{1}:%L - %m%n log4j.appender.R=org.apache.log4j.RollingFileAppender...

Configuring a Custom LDAP Authentication Provider with Spring Security

I'm trying to configure the Spring Security with LDAP Authentication, but I need to get the username for all login requests. I configure my spring-security.xml who points to my MyCustomAuthenticationProvider class. I think the configuration is correct, but in runtime, the Spring first try to login with his own LdapAuthenticationProvider....

How to ignore Liferay user removed from LDAP errors?

I have a Liferay 6.1 instance that is connected to LDAP. New users get imported nicely, but when I remove a user from the LDAP directory, Liferay starts throwing exceptions when it tries to sync users from LDAP. These seem to be safe to ignore, but they produce several megabytes...

SonarQube LDAP authentication is not working

Presently, connecting to Apache Directory Server 2.0 from SonarQube 5.0.1. Have given the following entries in sonar.properties file: # LDAP configuration # General Configuration sonar.security.realm=LDAP sonar.security.savePassword=false ldap.url=ldap:// # User Configuration ldap.user.baseDn=o=TechMahindra ldap.user.request=(&(objectClass=inetOrgPerson)(uid={login})) ldap.user.realNameAttribute=cn ldap.user.emailAttribute=mail # Group Configuration...

Set log4j.properties for GWT

GWT compiles and creates thereby log4j.properties in WEB-INF/classes. The problem is that I can't change the settings as it gets generated and overwritten all the time. How can I set log4j settings in Eclipse using a GWT project?...

LDAP connection only works on localhost

I have a login page that verifies credentials with active directory and redirects to the next page. When I run it locally it works perfect, but when I put it out on our webserver it gives an error trying to create the group principal: (System.DirectoryServices.DirectoryServicesCOMException (0x80072020)) I need to find...

How to not-abbreviate the source class name in spriing-boot's loggger name?

When I run a spring-boot application, it shows the following log: 2014-03-05 10:57:51.702 INFO 45469 --- [ost-startStop-1] o.s.b.c.embedded.FilterRegistrationBean : Mapping filter: 'hiddenHttpMethodFilter' to: [/*] The logger name is abbreviated for the following: org.springframework.boot.context.embedded.FilterRegistrationBean How can I show the full source class name for it? Thanks!...

Gitlab LDAP (Active Directory) Authentication without Server Side Access

I am using GitLab Omnibus 7.10.0 on RHEL 6.6. I have enabled LDAP using the following configuration: gitlab_rails['ldap_enabled'] = true gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below main: # 'main' is the GitLab 'provider ID' of this LDAP server label: 'FOO COM Active Directory...

Add user to LDAP using JAVA. Naming.InvalidNameException: Invalid Name

I am practicing in Java, adding a user to LDAP(v3, running on my Virtual machine). Userdetails and attributes are obtained from postgres database running locally. This is my code (may not be a good approach): public class LDAPConnector { static final String DOMAIN_URL = "ldaps://"; static final String ADMIN_NAME =...

AuthenticationException LDAP using plain Java

i have a problem while connecting to an Active Directory via ldap using plain Java. If the displayName begins with a , (Comma e.g. ", name") I get a javax.naming.AuthenticationException. The displayName is never used in the application. Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS wich I use dont contain any commas. Can somebody...

How to configure Log4j (1 or 2) to use custom log file name while code against Slf4j

I know there has been a lot of question related to this, but i couldn't find one that matches on the scenario that i'm looking at, so here's the question. Current logging setup: logger coded using Slf4j with Log4j 1.2 bindings. DailyRollingAppender used. The program: A multi-threading backend Java program...

LDAP More than one negation operators in filter

I try to write a LDAP filter with two negations. I need all users who are not disabled AND don't belong to OU=Abt99 . This is my filter at the moment: (&(objectClass=user)(objectCategory=person)(samaccountname={USERNAME})(!(userAccountControl:1.2.840.113556.1.4.803:=2))) I tried (&(objectClass=user)(objectCategory=person)(samaccountname={USERNAME})(!(userAccountControl:1.2.840.113556.1.4.803:=2)(OU=Abt99))) and...

Log4j - log ALL levels except ERROR

Is there any way to achieve it? I mean what I want in my application is that it should log messages from all levels including debug and trace logs. The obvious way to achieve this is to set level to ALL. But I don't want to see any log of...

Web2py - Howto Auto Convert Username field to uppercase

I am looking to have all users that sign in have their name converted(Transformed) to uppercase in the DB records or before it hits the DB. Currently I am using LDAP. So people are free to use sign ins like this: ['PREACTIVE','Preactive','preactive','PREactive','preACTIVE'] Each one of those will get a new...

How to set multiple LDAP object classes with PHP?

I'm trying to receive user data from an Shibboleth/SAML IdP and pass it into an LDAP: // Get data from IdP $attributes = getUserFromIdP(); // Connect + bind (simplified) $ldapconn = ldap_connect(); ldap_bind(); // Prepare data $info['uid'] = $attributes['uid'][0]; $info['givenName'] = $attributes['givenName'][0]; $info['sn'] = $attributes['sn'][0]; $info['cn'] = $attributes['cn'][0]; $info['mail'] =...

How can I retrieve deleted objects from Active Directory with Ruby?

From the research I've done, it appears I need to send a special OID with my request (1.2.840.113556.1.4.417) in order to access the Deleted Objects container. I couldn't find a way to send a specific control with a request using the "net-ldap" gem. Does anyone know if this is possible?...

LDAP search attributes

I have a search on my LDAP base which is: user_account = server.search_s( 'ou=usuarios,ou=xxx,o=system xxx', ldap.SCOPE_ONELEVEL, 'uid=' + login, ['uid', 'mail', 'objectClass', 'CPF'])[0] if user_account[1]['CPF'] is not None: plpy.debug("It has CPF") That's working fine if the CPF field is filled, but if it's not filled it gives me an error:...

Limit the output of jsch in Spring integration

I am trying to limit the output of the com.jcraft.jsch package in my Spring Boot applicatoin. My application uses Spring Intgration and has a log4j.properties files defining the following log levels # Root logger option log4j.rootLogger=DEBUG log4j.category.com.jcraft.jsch=ERROR log4j.category.org.springframework.integration.file=ERROR And still, I get a whole lot of INFO levelled messages from...

ldapadd gives “no global superior knowledge” on default config

Background: I'm installing a Prosody XMPP server and Kaiwa webclient on a DigitalOcean droplet. Kaiwa has a one-click deploy-to-DO-droplet tool using Docker that I tried first, but it didn't work - probably because I'm using the 512MB minimum DO VPS and it ran out of memory with half of the...

How to use log4j in REST Service

I have tried using log4j in REST client and it logs the information. However, I have tried to log the events server side using log4j and it dose not record any logs. Here is my sample where I have used on my server side. @POST @Path("/send") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) public Response...

Setting log4j.rootLogger=OFF in one class configuration, will cause log crash in another class

Setting log4j.rootLogger=OFF in one class configuration, will cause another class to not log. I have two sample classes: LogCrasher and MainLogger. This two classes are configured to log some test logs. Each class have it's own configuration file. LogCrasher was called from MainLogger. When log4j.rootLogger in LogCrashers log4j configuration file...

Log runtime exceptions using log4j in JSF web application

I want to log all unhadled exceptions in my JSF web application using log4j. I read this post Log runtime Exceptions in Java using log4j and add a class that implements Thread.UncaughtExceptionHandler. but the method is not fired. Any sugestion please ? Web Server : Tomcat 8.0...

Active Directory Integration Plugin

I'm trying to integrate my Active directory to my website. So, I downloaded the AD Integration Plugin, but it says "ATTENTION: You have no LDAP support. This plugin won´t work. You must install or enable LDAP support in PHP." How do I fix that? Is that a php problem? Thanks...

Can't get LDAP department

After bind user try to get department list: $filter = "(department=*)"; $justthese = array("*"); $sr = ldap_search($ldap_conn, $ldap_dn, $filter, $justthese); $info = ldap_get_entries($ldap_conn, $sr); for($i=0; $i < $info["count"]; $i++) { echo "department: " . $info[$i]["department"][0]."<br>"; } get blank window...

Log4j: specific logging

I have a service class that import and parse files from an ftp server. This task can be executed from a Spring controller when the user choose a specific action. The same service is used by a scheduled task (TimerTask) that everyday at a specific time do the same. I...

JNDI SPI provider for LDAP (Apache DS)

I was trying to implement a program to do JNDI lookup for LDAP. I saw there is open source LDAP from Apache viz: apacheds-2.0.0-M20 The below is the program that i wrote: import java.util.Hashtable; import javax.naming.Context; import javax.naming.NamingException; import javax.naming.ldap.InitialLdapContext; import javax.naming.ldap.LdapContext; import javax.naming.directory.InitialDirContext; class JndiLDAPLookup { public static void...

LDAP Access - javax.naming.CommunicationException: simple bind failed

We are running into issues connecting LDAP server after LDAP SHA-256 Migration .We got the below exception when we ran our application in debug mode : javax.naming.CommunicationException: simple bind failed: xxxamd.xxx.com:636 [Root exception is java.net.SocketException: Socket is closed]​ We tried to add the below .cer files into our application specific...