News

LDAP Enhancements

thumbnail
Michael C. Han
Published Date14 Years Ago - 59229 Views

With the upcoming 6.0 release, you will see many product engineers announce cool new features.  Unfortunately, LDAP integration is neither cool nor new.  However, in 6.0, we have improved the capabilities of our LDAP integration in several areas:

1. You can synchronize user custom attributes between Liferay and LDAP

No longer are you limited to the columns in the User_ table, now you can configure attributes like your favorite color between LDAP and Liferay.  This can be done by simply creating the appropriate custom attributes for a User in Liferay's control panel and then configuring the properties "ldap.user.custom.mappings" and/or "ldap.contact.custom.mappings" in your portal-ext.properties.

 

2. In 5.1 and 5.2 EE, we implemented LDAP pagination via PageResultsControls .  We now make this solution available to the community in 6.0.

3. You can configure the portal to create a role for each LDAP group.

Prior to 6.0, the portal synchronized LDAP groups as User Groups and you had to manually associate the user group to roles.  In 6.0, the portal will create the user group, then create a role with the same name as the user group, and then associate the role to the user group.  This capability is deactivated by default.  However, you can activated it by changing "ldap.import.create.role.per.group" to true in portal.properties.

4. You may override LDAP import and export processes via Spring

 

For those who are IOC fans, you were probably frustrated by the inability to customize the import and export process (they were static methods in PortalLDAPUtil or buried in LDAPUser).  In 6.0, we changed LDAP to provide proper interfaces at all levels of the LDAP integration process:

  • Don't like how Liferay converts LDAP attributes to a Liferay user?  You may implement your own LDAPToPortalConverter in the EXT and change a Spring configuration to inject your own implementation.  
  • Don't like how Liferay converts a Liferay user to LDAP attributes?  You may implement your own PortalToLDAPConverter.  
  • Need to change the export process?  Implement a PortalLDAPExporter.
  • Need to change the import process?  Implement a PortalLDAPImporter

 

Comment (16)

More Blog Entries

thumbnail

New partners in early 2010

thumbnail
Carolina Moreno
25 Mar
0
thumbnail

People Who Use Liferay: Eureka

thumbnail
Ronald Sarayudej
18 Apr
3
Blogs
Pablo M Mino
14 Years Ago
Does this means that if we have an Active attribute in LDAP we will be able to activate/deactivate the LR user account from there? or just map the information?

Is this on trunk?
Please sign in to reply.
thumbnail
Michael C. Han Pablo M Mino
14 Years Ago
In theory, yes, if you mapped the active attribute you could do that. However, nothing prevents you from doing that prior to this enhancement.

Yes its in trunk
Please sign in to reply.
Pablo M Mino Michael C. Han
14 Years Ago
You really got to tell me how to do that emoticon
Please sign in to reply.
thumbnail
Michael C. Han Pablo M Mino
14 Years Ago
You can try configuring the active_ attribute to be synchronized from ldap in portal.properties
Please sign in to reply.
Rajesh Jain Michael C. Han
13 Years Ago
Hi Michael

What is the attribute we need to configure in the portal.properties for making the LDAP user active, if an active LDAP user logs in the portal?

Thanks
Please sign in to reply.
Rob Worthington
14 Years Ago
Hi Michael,

Will this change make it possible for a user to use the same login credentials across different Liferay domains on the same instance? We have several different sites, each running as a separate domain, but all ultimately the same instance of Liferay.

We would like to have the possibility for a user with an account on one domain to sign in on another, but without having to create a new account.

Thanks!

Rob
Please sign in to reply.
thumbnail
Michael C. Han Rob Worthington
14 Years Ago
Rob, if you are using Liferay's virtual hosting w/ communities and not with portal instances, you users should be able to login into multiple virtually hosted communities w/o a new account. If you are using the instance, concept, then yes, you will need to use some form of centralized credential store like LDAP.
Please sign in to reply.
Advait Trivedi
14 Years Ago
Customization possible using Spring is very good, that is one of the reasons in 5.2EE we went for custom user import module. Now, with above feature set I think we could do a lot many more things in future.
Please sign in to reply.
thumbnail
Jonas X. Yuan
13 Years Ago
Nice feature!

"In 6.0, the portal will create the user group, then create a role with the same name as the user group, and then associate the role to the user group. "
Please sign in to reply.
raghu N M
13 Years Ago
Do we get an example on
"You may override LDAP import and export processes via Spring"?

Its hard to find an example on implementation.
Please sign in to reply.
Shuaib K
12 Years Ago
With the NTLM SSO enabled on Liferay CE 6.0.6/Windows Server 2003, when I browse to the Liferay portal on Internet Explorer, I get the default login page. I then have to click on the 'Sign In' link at the top right corner of the page in order to get to the welcome page of the logged-in user without entering in any user name or password. Is this how the Single Sign On works in Liferay? Isn't there any way to go to the welcome page directly as soon as you enter in the Liferay portal URL on your browser? There should be a way to bypass the default login page. Please advise.
Please sign in to reply.