Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Nestor Urquiza
ApacheDS for LDAP Liferay 5.2.3 problem
September 30, 2010 9:07 AM
Answer

Nestor Urquiza

Rank: New Member

Posts: 5

Join Date: July 22, 2009

Recent Posts

Hi!

I have ApacheDS succesfully working in one servlet application using spring security.

I want the same ApacheDS to be accessible from Liferay to provide both authentication and authorization.

Below is a section that shows a group and a user to show the attributes in the server:

...
dn: CN=Nestor Urquiza,ou=people,o=MyCompany
sn: Urquiza
givenName: Nestor
mail: nurquiza@mycompany.com
uid: nurquiza
userPassword:
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: top

dn: cn=admin,ou=groups,o=MyCompany
description: Super User
objectclass: groupOfUniqueNames
objectclass: top
cn: admin
uniquemember: cn=Nestor Urquiza,ou=people,o=MyCompany
...

As you can see we use uniqueMember inside a group to list all users belonging to that group.

1. I set up LDAP in Liferay and I can see users when I set the Base DN as "ou=people,o=MyCompany" (from "Control Panel | Settings | Setup | LDAP | Connection | Base DN"). I can then import the users but the groups will not be imported as Liferay can only import Users or Groups.
2. If I set up "ou=groups,o=MyCompany" I can import groups and then users will be imported as well.

My only option at this point is clearly number 2, however when I configure it then the user cannot login. The user can login only if I setup number 1 but then groups are not pulled from LDAP.

Thanks in advance for comments/suggestions.

Cheers,

-Nestor
Nestor Urquiza
RE: ApacheDS for LDAP Liferay 5.2.3 problem
September 30, 2010 10:14 AM
Answer

Nestor Urquiza

Rank: New Member

Posts: 5

Join Date: July 22, 2009

Recent Posts

Other issues I have found so far:

-If a user is removed from a group in LDAP the change will never make it to Liferay even though adding a user to a group in LDAP will make the change available in Liferay.
-When LDAP Authentication is marked as "required" the groups for the user are never updated.
Nestor Urquiza
RE: ApacheDS for LDAP Liferay 5.2.3 problem
September 30, 2010 5:33 PM
Answer

Nestor Urquiza

Rank: New Member

Posts: 5

Join Date: July 22, 2009

Recent Posts

I finally managed to get ApacheDS working for both Liferay and Spring Security. Hopefully this post will help others:

http://thinkinginsoftware.blogspot.com/2010/09/apacheds-ldap-from-spring-security-and.html