LDAP authentication

deepak · August 23, 2022, 1:15pm

I am trying to use LDAP for authentication,
I configured open LDAP server and successfully able to authentication user.

Configured LDAP using shiro.ini

But when I do logout and login again I get the following error on console and failed to login into application

User john.doe is authenticated in session but hasLoggedOut elsewhere, logging out

michael · August 27, 2022, 2:36am

Wow. I’m impressed you got a user authenticated with LDAP.

I don’t know of any testing that has done with LDAP or people using it. It’d be great if you could share what you’ve done and maybe we can get LDAP actually supported in moqui.

deepak · August 30, 2022, 7:21pm

I configured shiro.ini file as below

moquiRealm = org.apache.shiro.realm.ldap.JndiLdapRealm
moquiRealm.userDnTemplate = cn={0},cn=testgrp,dc=example,dc=org
moquiRealm.contextFactory.url = ldap://example.org:389

Created john.doe user in LDAP, everything works well . But after logout faced the above error.

integrines · September 3, 2022, 12:28pm

@deepak we are using LDAP with moqui and running into the same issue, pls find workaround below, this probably needs to be addressed

Error : “User is authenticated in session but hasLoggedOut elsewhere, logging out”
Cause: USER_ACCOUNT → HAS_LOGGED_OUT is set to ‘Y’ when using Logout
button; and UserFacadeImpl.groovy is doing an explicit logout and sending to
login screen when this value is Y

if (userAccount != null && “Y”.equals(userAccount.getNoCheckSimple(“hasLoggedOut”))) {
// logout user through Shiro, invalidate session, continue
logger.info(“User ${sesUsername} is authenticated in session but hasLoggedOut elsewhere, logging out”)
webSubject.logout()
// Shiro invalidates session, but make sure just in case
HttpSession oldSession = request.getSession(false)
if (oldSession != null) oldSession.invalidate()
this.session = request.getSession()
}

Workaround Solution: update USER_ACCOUNT SET HAS_LOGGED_OUT =‘N’ where USER_ID = ‘<USER_ID>’

deepak · February 3, 2023, 9:02am

Can we call add method to update hasLoggedOut in UserFacadeImpl.internalLoginToken()?

In this way will be able to use shiro ldap and other login mechanism.
Any suggestions?

michael · February 3, 2023, 7:25pm

Feel free to submit a pr with the reasoning behind the change