0

I have a Liferay 6.1 instance that is connected to LDAP. New users get imported nicely, but when I remove a user from the LDAP directory, Liferay starts throwing exceptions when it tries to sync users from LDAP.

These seem to be safe to ignore, but they produce several megabytes of log and it makes log parsing highly annoying. Also I think it might affect performance. If a deleted user logs in, they see nothing.

16:13:54,422 ERROR [liferay/scheduler_dispatch-790][PortalLDAPImporterImpl:995] LDAP user not found with fullUserDN cn=foobar,ou=people,o=foo,dc=bar,dc=baz
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'cn=foobar,ou=people,o=foo,dc=bar,dc=baz'
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3057)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
    ... etc

How could I convince Liferay that this is really OK? Or is there something else I should do?

Tobias Liefke
  • 8,637
  • 2
  • 41
  • 58
Joel Peltonen
  • 13,025
  • 6
  • 64
  • 100
  • [Liferay source code](https://github.com/liferay/liferay-portal/blob/6.1.x/portal-impl/src/com/liferay/portal/security/ldap/PortalLDAPImporterImpl.java) offers no options for this. Maybe you could ask on [sf] if there is a "purge" operation you could run periodicaly? – ixe013 Jun 02 '15 at 12:37
  • Sounds like a bug to me - could you check [Liferays bug database](https://issues.liferay.com/) for any existing issue and report that as a bug otherwise? – Tobias Liefke Jun 02 '15 at 13:41
  • @TobiasLiefke Thanks for the tip. I added a feature request instead as I think this is more like a missing feature than a bug - I'm sure they'll reclassify if I'm wrong https://issues.liferay.com/browse/LPS-56086 – Joel Peltonen Jun 03 '15 at 06:39

1 Answers1

0

Until missing users in LDAP are supported by Liferay you can turn off the logging for this particular message. Just create the file ROOT.war/WEB-INF/classes/META-INF/portal-log4j-ext.xml with the following content:

<?xml version="1.0">
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
    <!-- Copy all appenders from 
         ROOT.war/WEB-INF/lib/portal-impl.jar/META-INF/portal-log4j.xml
         and add the following filter: -->
    <appender ...>
        ...
        <filter class="org.apache.log4j.filter.StringMatchFilter">
            <param name="StringToMatch" value="LDAP user not found with fullUserDN" />
            <param name="AcceptOnMatch" value="false" />
         </filter>
    </appender>

    <!-- Keep the root definition from portal-log4j.xml 
         to trigger the parsing of the appenders: -->
    <root>
        <priority value="INFO" />
        <appender-ref ref="CONSOLE" />
        <appender-ref ref="FILE" />
    </root>
</log4j:configuration>

You can find more about logging in the Liferay Wiki.

Tobias Liefke
  • 8,637
  • 2
  • 41
  • 58