论坛

主页 » Liferay Portal » English » 3. Development

组合视图 统一视图 树状图
讨论主题 [ 上一个 | 下一个 ]
toggle
Hervé Ménage
[Solved] Export Password and userAccountContro to Active Directory
2013年3月7日 上午5:39
答复

Hervé Ménage

等级: Junior Member

帖子: 50

加入日期: 2007年3月1日

最近的帖子

Hi community,

Since I spent hours to find out how to make it work, and to actually make it work, here is a summary about:
- exporting password to AD
- exporting user status (disabled/enabled) to AD

Tested with 6.2m3.

1. configure AD with SSL to enable LDAPS
2. import the certificate into your Tomcat (or any webapp server) JVM
3. Map Liferay password attribute to "unicodePwd", which encoding is correctly handled by Liferay
4. Set ldap password encryption to empty (ie. keep the property in portal-ext.properties without any value)
5. Create your own UserModelListener. Force ldap export when password is changed, e.g onAfterCreate
if (model.getPassword() != null) {
try {
model.setPasswordModified(true);
PortalLDAPExporterUtil.exportToLDAP(model, null);
} catch (Exception e) {
e.printStackTrace();
}
}

For exporting the "userAccountControl" to reflect the user status in AD:
1. Override DefaultPortalToLDAPConverter
2. Add the following in getLDAPUserModifications
addModificationItem("userAccountControl", user.isActive()?"544":"546", modifications);
3. In your UserModelListener, onAfterUpdate
PortalLDAPExporterUtil.exportToLDAP(model, null);
(you can analyse the thread's stack to avoid multiple LDAP export and do it only on actual statusUpdate)

Good luck, and thank you to all those who posted information.

Regards
Hervé
Georgi Georgiev
RE: [Solved] Export Password and userAccountContro to Active Directory
2013年11月1日 上午4:20
答复

Georgi Georgiev

等级: New Member

帖子: 1

加入日期: 2013年11月1日

最近的帖子

Hervé,
I have almost no experience with liferay, so can you tell me how to make liferay understand that I have overriden the DefaultPortalToLDAPConverter class?
Hervé Ménage
RE: [Solved] Export Password and userAccountContro to Active Directory
2013年11月6日 上午4:09
答复

Hervé Ménage

等级: Junior Member

帖子: 50

加入日期: 2007年3月1日

最近的帖子

Hi Georgi,

I have simply deploy the class file into liferays' webapp directory /WEB-INF/classes
(e.g. /opt/liferay-tomcat/webapps/ROOT/WEB-INF/classes/com.liferay........DefaultPortalToLDAPConverter.class

Regards
Hervé
Abhi R
RE: [Solved] Export Password and userAccountContro to Active Directory
2014年11月4日 下午5:07
答复

Abhi R

等级: New Member

帖子: 20

加入日期: 2013年12月18日

最近的帖子

Hervé Ménage:
Hi community,

3. In your UserModelListener, onAfterUpdate
PortalLDAPExporterUtil.exportToLDAP(model, null);
(you can analyse the thread's stack to avoid multiple LDAP export and do it only on actual statusUpdate)

Good luck, and thank you to all those who posted information.

Regards
Hervé



Hi Herve. Are you referring to the UserListener class here? I cant find a class called UserModelListener? Thanks, Abhi.