Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
raghu N M
LDAP and Liferay Setup
September 13, 2012 11:05 AM
Answer

raghu N M

Rank: Junior Member

Posts: 27

Join Date: July 27, 2010

Recent Posts

Just want to share trouble I have faced and steps I took to resolve them. Using AD as LDAP setting liferay offers different challenges. With careful setup it is possible to import more than 8K users in 6 minutes with out overloading the server. Below steps explains to how to configure the AD in Liferay. I have implemented these steps successfully in 6.0 SP2, 6.1 GA1, 6.2 GA2.

Goto control panel --> Authenticaion --> LDAP and click ADD button
configuring AD Server,
Fill appropriate Server Name, select Microsoft Active Directory Server
Add values to

Connection

a. Base url - ldap://<server>:3268
b. Base DN -<value> dc=<values>,dc=<values>
c. princpal - AD admin user
d. credentials - AD admin password
click on test LDAP connection, if popup window shows "Liferay has successfully connected to the LDAP server" then your good go, else contact your AD admin.

Users

Authentication Search Filter: Use unique value from AD as authentication filter, the default is email address - (mail=@email_address@)

Import search filter: This is a tricky part, liferay looks for Screen name, First Name, Last Name, email address for any AD entries. It throws exception if it fails to identify it. If you have any missing information in AD and not needed in liferay then apply filters else it slows down the server and fills out the log files. I used below entry
(&(objectClass=user)(mail=*)(sn=*)(givenName=*))

User Mapping

Screen Name: - sn
Password - userPassword
EmailAddress - mail
FullName - givenName sn
FirstName - givenName
Middle name -
Last Name - sn
Job Title - title
Portrait
Group
UUID

Click on test ldap users. popup windows shows like 20 entries and all columns are filled up with entries.
Configuring Groups
Import search filter - (objectClass=group)
Group Name - cn
Description - description
User - member

click on test LDAP groups. Popup window shows entries from AD. If your relying on AD groups I would recommend to work with your AD admin.

SAVE the configuration.

Go to Goto control panel --> Authenticaion --> LDAP, check enabled, import enabled and import on start up enabled.

Restart the server, it will take some time to import all the users. repeat the process if you have any AD child domains.

the steps will give clean AD import, if you see any errors like missing screen name, missing firstname, last name and email address, that means u have not set the filters properly. Make necessary correction and restart the server.

How to avoid duplicate screen exception:
AD as default rule that it copies last name as its screen name but liferay consider it as unique entity. If your not using NTLM, there is work around solution to stop all the exceptions
In your portal-ext.properties enable below properties.
users.screen.name.always.autogenerate=true
users.screen.name.validator=com.liferay.portal.security.auth.LiberalScreenNameValidator
Shruthi Valsalan
RE: LDAP and Liferay Setup
July 29, 2015 12:38 AM
Answer

Shruthi Valsalan

Rank: Junior Member

Posts: 50

Join Date: January 28, 2015

Recent Posts

Hi Raghu,
I have followed the steps that you have mentioned. For the base dn you have given something like 'Base DN -<value> dc=<values>,dc=<values>', but i gave something like 'ecompany.local'. Since i am not the admin of the ldap, i gave the principal as the my ldap id and credentials my ldap password . When i clicked on test connection, i got the popup window that shows "Liferay has successfully connected to the LDAP server" .

Next, i followed the steps regarding Authentication Search Filter, Import search filter and User Mapping. But when i Clicked on test ldap users, popup window showed that there are no users currently(this might be because i do not have the ldap credentials. )

SAVED the configuration.

Went to control panel --> Authenticaion --> LDAP, checked enabled, import enabled and import on start up enabled.

Restarted the server.

Clicked on sign in. Fed in the ldap login credentials, and i am not able to login using the ldap credentials. But can login using Liferay's id and password. Why?