Liferay Portal users not able to login?
Posted by Vivek Agarwal on June 17, 2008
I just thought that I will blog about a common issue that afflicts people getting started with Liferay Portal. If you tie Liferay Portal to a LDAP and you have different password policies on your LDAP versus Liferay, you can run into issues with users entering a valid password for their LDAP but they still cannot login to Liferay.
When I was playing with Liferay back in the v3.6.1 days, I had configured Liferay to authenticate using our Active Directory setup. I then turned people loose on Liferay and within the hour had complaints about some people not being able to login even though they were entering their correct password. It did not take me long to figure out that the issue related to the “password policy” configuration that comes out of the box with Liferay. The default configuration only allows alphanumeric passwords that are at least 4 characters long. So if a user has a password that contains any special characters (non-alphanumeric) then their login will always fail. Also, if your LDAP allows 3-character passwords while Liferay requires 4, then that can result in a failure.
To resolve the issue set the passwords.regexptoolkit.pattern property in portal-ext.properties in {$LIFERAY_HOME}\server\default\deploy\liferay-portal.ear\portal-ejb.jar. Here is a sample setting that I did to resolve the issue by adding a bunch of special characters as acceptable ones in a password.
##
## Passwords
##
#
# If you choose to use the default com.liferay.portal.pwd.RegExpToolkit as
# your passwords toolkit, set the regular expression pattern that will be
# used to generate and validate passwords.
#
# Note that \ is replaced with \\ to work in Java.
#
# The first pattern ensures that passwords must have at least 4 valid
# characters consisting of digits or letters.
#
# The second pattern ensures that passwords must have at least 8 valid
# characters consisting of digits or letters.
#
# The third pattern ensures that passwords must have at least 6 valid
# characters consisting of digits or letters or a bunch of other special chars.
#
#passwords.regexptoolkit.pattern=(?=.{4})(?:[a-zA-Z0-9]*)
#passwords.regexptoolkit.pattern=(?=.{8})(?:[a-zA-Z0-9]*)
passwords.regexptoolkit.pattern=(?=.{6})(?:[a-zA-Z0-9~!@#$%\\^&*,.?/_\\-+=:;'"]*)
The reason for blogging about this a couple of years after I first ran into this issue is that I had a team member run into it recently. I figured there would be others who run into the same issue and rush to the judgement that their LDAP configuration is wrong whereas the real issue is simply that their password does not meet the default password policy requirements.
PS: Obviously this is just one scenario that may cause login issues; incorrect LDAP configuration is just as likely a scenario and there are many others as well.
