LDAP import PermissionChecker not initialized


  • When importing users by Groups and enabling ‘Creating Roles on Import’, the roles and groups will be created/imported, but the users are not imported.

  • Error reads PermissionChecker not initialized after scheduled LDAP import.

  • I’m connected to my LDAP server, all tests are working, but I’m unable to import users.

Steps to reproduce

  1. In a 2023.Q4.6 bundle 
    1. navigate to instance settings > LDAP > Servers
  2. Connect to your LDAP
  3. Within your directory:
    1. Create two groups
    2. Assign members to the groups
  4. Test your configurations:
    1. Connection,
    2. Users,
    3. Groups and save your configurations.
  5. Click on “Import”, 
    1. enable the import 
    2. enable “Create Role per Group on Import”.

Actual Results:

The Groups, and Roles will be created, but the users will not be imported, check the logs and verify the error matches the one below. 

ERROR [liferay/scheduled_user_ldap_import-2][LDAPUserImporterImpl:1015] Unable to import group CN=Test1: null:null:{cn=cn: Test1}
com.liferay.portal.kernel.exception.ModelListenerException: com.liferay.portal.kernel.security.auth.PrincipalException: PermissionChecker not initialized

Expected Results:
The users should be imported by groups, with Roles created per group.


  • Liferay DXP 2023.Q4.6


  • A manual workaround: after the Roles and Groups are created, you can manually connect the Groups and the Roles (Assignees). Then the import will work without issue.
  • Upgrading to a later version of Liferay DXP where the behavior is no longer present.
  • Request a hotfix built on https://liferay.atlassian.net/browse/COMMERCE-13166

Additional Information

¿Fue útil este artículo?
Usuarios a los que les pareció útil: 0 de 0