Hi all,

I have a case on the login module on that, liferay will have to validate user,password retrieved from LDAP. There are some constraints that I couldn't just commonly integrate Liferay with LDAP via the built-in Liferay's LDAP configuration. The problem is the requirement that Liferay shall contains no users in database (to avoid duplication). It has to fetch user/password from LDAP via 3rd party's webservice, and bypass authentication and mapping roles/privilege (which are already created in liferay) to such user at runtime. Is this possible?

After done some researching, I found that I have to create a class that implements Authenticator interface, and also configure some configuration options to create a custom authentication mechanism (ex. modify auth.pipeline.pre=my.custom.class.name and set auth.pipeline.enable.liferay.check=false).

So I tried following all the steps above but couldn't make it work.

Is there a way to authenticate and log on user programmatically without user/password created in the Liferay database? (For ex. retrieve user's info from LDAP and put into the running thread)

However, I have roles and groups pre-created in the system and will be mapped to the user retrieved from LDAP on runtime.

Any idea?

Thank you in advance