I'm evaluating Liferay Portal to use it in our department with huge number of users and groups. First I want to appreciate Liferay community for their great work. Liferay Portal 'looks' very simple, dynamic and easy to use for both administrators and end users. Its biggest plus is the number of useful Portlets, especially the Collaboration Portlets, that comes out of the box.

We currently use an LDAP based Identity Management System that maintains department's users and groups. We roughly have around 4 million user accounts and around 150,000 user groups and still growing.

From the documentation I could figure out Liferay's current LDAP integration is to import users, user groups and their membership from LDAP into its Portal database and to keep it in sycn with the LDAP regularly. Obviously this solution won't work with LDAP that holds huge number of users and groups and in which users and groups are constantly added and re-grouped.

Is it possible to make Liferay use users and groups in LDAP without copying them into its database? JBoss Portal provides LDAP Identity Modules to accomplish this. Does Liferay provide anything similar? If it doesn't have what is its recommended approach? Is it possible to add such capability into it?

Thanks in advance.