Foros de discusión
Concerns about the LDAP integration
Kevin Thorpe, modificado hace 11 años.
Concerns about the LDAP integration
New Member Mensajes: 6 Fecha de incorporación: 6/07/12 Mensajes recientes
Hi All,
I'm just struggling with the LDAP authentication.
It appears to want to import passwords from the LDAP server to LifeRay's internal user db.
Obviously this must never be done, the passwords need to stay in LDAP and authentication
must be done by logging in to LDAP as the user to see if that works. Can someone please
explain the exact process for LDAP integration?
Secondly I want LDAP to be an alternative login, not the main login process. We have lots
of client users who wil log in directly against our user database, but a couple of companies
want to manage it themselves via LDAP. Is that possible?
My final query is about importing. I have a filter (CompeActif=Actif) to only get active client
accounts but I get a lot of errors in the logs about mail addresses being empty. I've checked
and mail is never empty for active accounts so somethings going wrong there as well.
I'm just struggling with the LDAP authentication.
It appears to want to import passwords from the LDAP server to LifeRay's internal user db.
Obviously this must never be done, the passwords need to stay in LDAP and authentication
must be done by logging in to LDAP as the user to see if that works. Can someone please
explain the exact process for LDAP integration?
Secondly I want LDAP to be an alternative login, not the main login process. We have lots
of client users who wil log in directly against our user database, but a couple of companies
want to manage it themselves via LDAP. Is that possible?
My final query is about importing. I have a filter (CompeActif=Actif) to only get active client
accounts but I get a lot of errors in the logs about mail addresses being empty. I've checked
and mail is never empty for active accounts so somethings going wrong there as well.
Kevin Thorpe, modificado hace 11 años.
RE: Concerns about the LDAP integration
New Member Mensajes: 6 Fecha de incorporación: 6/07/12 Mensajes recientes
Well I've got a bit further on this......
After reading the source (surely that's a last resort guys) I see that there is an option (and it's the default)
to check login against LDAP. The user interface for LDAP setup though requires me to import *something*
into the pasword field. I'm not too happy doing that as there's nothing random ehough in the LDAP records
for this not to be a security risk.
The login issue I have is that the user I'm trying to log in as hasn't been imported. I'm not sure why but I'm
getting lots of 'first name' exceptions despite there being completely valid first names in the LDAP. Unfortunately
as is common with a lot of java apps the exception shows where the error is but not actually what is wrong.
I'd still like a little help if anyone knows this part of Liferay.
After reading the source (surely that's a last resort guys) I see that there is an option (and it's the default)
to check login against LDAP. The user interface for LDAP setup though requires me to import *something*
into the pasword field. I'm not too happy doing that as there's nothing random ehough in the LDAP records
for this not to be a security risk.
The login issue I have is that the user I'm trying to log in as hasn't been imported. I'm not sure why but I'm
getting lots of 'first name' exceptions despite there being completely valid first names in the LDAP. Unfortunately
as is common with a lot of java apps the exception shows where the error is but not actually what is wrong.
I'd still like a little help if anyone knows this part of Liferay.