Hyland Connect

potitius · ‎08-07-2015

Hello all,
I finally succeed to integrate Activiti with Ldap but unfortunately, when doing a random test I knew that anyone who know just the usersID can log in successfully by inserting a random password.

Why Activiti / LDAP is not checking the passwords ?

How can I fix this please ?

Thank you for your answers.
Best Regards.

potitius · ‎08-07-2015

Got some other bad news,

inserting just a random password without a username will lead to a successful authentification.

vasile_dirla · ‎08-07-2015

could you provide your LDAP settings ?

potitius · ‎08-07-2015

Attached you will find my LDAP Config.
Thank you.

vasile_dirla · ‎08-08-2015

Just tested and I get this:
<code>
javax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: Cannot authenticate user …]
</code>
try adding a breakpoint here:
LDAPConnectionUtil.java
<code>
public static InitialDirContext createDirectoryContext(LDAPConfigurator ldapConfigurator, String principal, String credentials) {…}
</code>
and with the debugger you'll see step by step what's happening when bind operation is done.

And now the most important part

just check your ldap server configuration (maybe is not secured and just allow anyone to access it):
http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP-BindPW.html

Hyland Connect

Anyone can connect on LDAP, no user's password verification