留言板
[Solved] Export Password and userAccountContro to Active Directory
Hervé Ménage,修改在11 年前。
[Solved] Export Password and userAccountContro to Active Directory
Junior Member 帖子: 50 加入日期: 07-3-1 最近的帖子
Hi community,
Since I spent hours to find out how to make it work, and to actually make it work, here is a summary about:
- exporting password to AD
- exporting user status (disabled/enabled) to AD
Tested with 6.2m3.
1. configure AD with SSL to enable LDAPS
2. import the certificate into your Tomcat (or any webapp server) JVM
3. Map Liferay password attribute to "unicodePwd", which encoding is correctly handled by Liferay
4. Set ldap password encryption to empty (ie. keep the property in portal-ext.properties without any value)
5. Create your own UserModelListener. Force ldap export when password is changed, e.g onAfterCreate
if (model.getPassword() != null) {
try {
model.setPasswordModified(true);
PortalLDAPExporterUtil.exportToLDAP(model, null);
} catch (Exception e) {
e.printStackTrace();
}
}
For exporting the "userAccountControl" to reflect the user status in AD:
1. Override DefaultPortalToLDAPConverter
2. Add the following in getLDAPUserModifications
addModificationItem("userAccountControl", user.isActive()?"544":"546", modifications);
3. In your UserModelListener, onAfterUpdate
PortalLDAPExporterUtil.exportToLDAP(model, null);
(you can analyse the thread's stack to avoid multiple LDAP export and do it only on actual statusUpdate)
Good luck, and thank you to all those who posted information.
Regards
Hervé
Since I spent hours to find out how to make it work, and to actually make it work, here is a summary about:
- exporting password to AD
- exporting user status (disabled/enabled) to AD
Tested with 6.2m3.
1. configure AD with SSL to enable LDAPS
2. import the certificate into your Tomcat (or any webapp server) JVM
3. Map Liferay password attribute to "unicodePwd", which encoding is correctly handled by Liferay
4. Set ldap password encryption to empty (ie. keep the property in portal-ext.properties without any value)
5. Create your own UserModelListener. Force ldap export when password is changed, e.g onAfterCreate
if (model.getPassword() != null) {
try {
model.setPasswordModified(true);
PortalLDAPExporterUtil.exportToLDAP(model, null);
} catch (Exception e) {
e.printStackTrace();
}
}
For exporting the "userAccountControl" to reflect the user status in AD:
1. Override DefaultPortalToLDAPConverter
2. Add the following in getLDAPUserModifications
addModificationItem("userAccountControl", user.isActive()?"544":"546", modifications);
3. In your UserModelListener, onAfterUpdate
PortalLDAPExporterUtil.exportToLDAP(model, null);
(you can analyse the thread's stack to avoid multiple LDAP export and do it only on actual statusUpdate)
Good luck, and thank you to all those who posted information.
Regards
Hervé
Georgi Georgiev,修改在10 年前。
RE: [Solved] Export Password and userAccountContro to Active Directory
New Member 发布: 1 加入日期: 13-11-1 最近的帖子
Hervé,
I have almost no experience with liferay, so can you tell me how to make liferay understand that I have overriden the DefaultPortalToLDAPConverter class?
I have almost no experience with liferay, so can you tell me how to make liferay understand that I have overriden the DefaultPortalToLDAPConverter class?
Hervé Ménage,修改在10 年前。
RE: [Solved] Export Password and userAccountContro to Active Directory
Junior Member 帖子: 50 加入日期: 07-3-1 最近的帖子
Hi Georgi,
I have simply deploy the class file into liferays' webapp directory /WEB-INF/classes
(e.g. /opt/liferay-tomcat/webapps/ROOT/WEB-INF/classes/com.liferay........DefaultPortalToLDAPConverter.class
Regards
Hervé
I have simply deploy the class file into liferays' webapp directory /WEB-INF/classes
(e.g. /opt/liferay-tomcat/webapps/ROOT/WEB-INF/classes/com.liferay........DefaultPortalToLDAPConverter.class
Regards
Hervé
Abhi R,修改在9 年前。
RE: [Solved] Export Password and userAccountContro to Active Directory
New Member 帖子: 20 加入日期: 13-12-18 最近的帖子Hervé Ménage:
Hi community,
3. In your UserModelListener, onAfterUpdate
PortalLDAPExporterUtil.exportToLDAP(model, null);
(you can analyse the thread's stack to avoid multiple LDAP export and do it only on actual statusUpdate)
Good luck, and thank you to all those who posted information.
Regards
Hervé
Hi Herve. Are you referring to the UserListener class here? I cant find a class called UserModelListener? Thanks, Abhi.