https://connect.hyland.com/t5/alfresco-archive/anyone-can-connect-on-ldap-no-user-s-password-verification/m-p/199270#M152400 <HTML><HEAD></HEAD><BODY><SPAN>could you provide your LDAP settings ?</SPAN></BODY></HTML> Fri, 07 Aug 2015 14:25:53 GMT vasile_dirla 2015-08-07T14:25:53Z https://connect.hyland.com/t5/alfresco-archive/anyone-can-connect-on-ldap-no-user-s-password-verification/m-p/199268#M152398 Hello all,I finally succeed to integrate Activiti with Ldap but unfortunately, when doing a random test I knew that anyone who know just the usersID can log in successfully by inserting a random password. Why Activiti / LDAP is not checking the passwords ? How can I fix this please ? Thank you for y Fri, 07 Aug 2015 10:44:40 GMT https://connect.hyland.com/t5/alfresco-archive/anyone-can-connect-on-ldap-no-user-s-password-verification/m-p/199268#M152398 potitius 2015-08-07T10:44:40Z https://connect.hyland.com/t5/alfresco-archive/anyone-can-connect-on-ldap-no-user-s-password-verification/m-p/199269#M152399 <HTML><HEAD></HEAD><BODY><SPAN>Got some other bad news, </SPAN><BR /><BR /><SPAN>inserting just a random password without a username will lead to a successful authentification. </SPAN></BODY></HTML> Fri, 07 Aug 2015 11:15:12 GMT https://connect.hyland.com/t5/alfresco-archive/anyone-can-connect-on-ldap-no-user-s-password-verification/m-p/199269#M152399 potitius 2015-08-07T11:15:12Z https://connect.hyland.com/t5/alfresco-archive/anyone-can-connect-on-ldap-no-user-s-password-verification/m-p/199270#M152400 <HTML><HEAD></HEAD><BODY><SPAN>could you provide your LDAP settings ?</SPAN></BODY></HTML> Fri, 07 Aug 2015 14:25:53 GMT https://connect.hyland.com/t5/alfresco-archive/anyone-can-connect-on-ldap-no-user-s-password-verification/m-p/199270#M152400 vasile_dirla 2015-08-07T14:25:53Z https://connect.hyland.com/t5/alfresco-archive/anyone-can-connect-on-ldap-no-user-s-password-verification/m-p/199271#M152401 <HTML><HEAD></HEAD><BODY><SPAN>Attached you will find my LDAP Config. </SPAN><BR /><SPAN>Thank you.</SPAN></BODY></HTML> Fri, 07 Aug 2015 15:41:16 GMT https://connect.hyland.com/t5/alfresco-archive/anyone-can-connect-on-ldap-no-user-s-password-verification/m-p/199271#M152401 potitius 2015-08-07T15:41:16Z https://connect.hyland.com/t5/alfresco-archive/anyone-can-connect-on-ldap-no-user-s-password-verification/m-p/199272#M152402 <HTML><HEAD></HEAD><BODY><SPAN>Just tested and I get this:</SPAN><BR /><SPAN>&lt;code&gt;</SPAN><BR /><SPAN>javax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: Cannot authenticate user …]</SPAN><BR /><SPAN>&lt;/code&gt;</SPAN><BR /><SPAN>try adding a breakpoint here:</SPAN><BR /><SPAN>LDAPConnectionUtil.java</SPAN><BR /><SPAN>&lt;code&gt;</SPAN><BR /><SPAN>public static InitialDirContext createDirectoryContext(LDAPConfigurator ldapConfigurator, String principal, String credentials) {…}</SPAN><BR /><SPAN>&lt;/code&gt;</SPAN><BR /><SPAN>and with the debugger you'll see step by step what's happening when bind operation is done.</SPAN><BR /><BR /><SPAN>And now the most important part <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://connect.hyland.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></SPAN><BR /><SPAN>just check your ldap server configuration (maybe is not secured and just allow anyone to access it):</SPAN><BR /><A href="http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP-BindPW.html" rel="nofollow noopener noreferrer">http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP-BindPW.html</A><BR /><BR /><BR /></BODY></HTML> Sat, 08 Aug 2015 06:42:34 GMT https://connect.hyland.com/t5/alfresco-archive/anyone-can-connect-on-ldap-no-user-s-password-verification/m-p/199272#M152402 vasile_dirla 2015-08-08T06:42:34Z