Monday 7 March 2016

LDAP Integration In Liferay :

Two Ways implement the LDAP Integration in Liferay.

1) Control Panel Level
2) Add the connection, user and user group properties in portal-ext.properties

Before going to integrate the LDAP Server in liferay 


First Apache directory download

-> Download the Apache directory studio    https://directory.apache.org/studio/
->UnZip ans Install the Apache directory studio
-> Open ADS and Click new -> select Ldap connection ->click next 
Give your properties

-> Click Next 
-> Give the Bind User and Password properties
->  Click Finish

Integrate LDAP :


1) Add the Properties in Control Panel Level 

Go to control Panel --> Configuration --> Portal Setting -> Authentication -> Select LDAP.

Add the LDAP Server propeties

---> Give the connection property values
-->Click Test LDAP Connection
--> Show as Successfully connected LDAP Server.

Add the User Propeties in Same Page 

--> Click Test LDAP Users 

Show the LDAP Users successfully.

--> Give the Group Properties

--> Click Test LDAP Groups

--> Click Save 
--> Your request completed Successfully 

-->You want enable and disable required click drop down and save it.
 --> Check the ldap user in user table imported or not.

2) Add the below property in portal-ext.propeties 


Stop the server and add the below properties in portal-ext.propeties

ldap.base.provider.url= ldap://192.168.102.248:389
ldap.base.dn= ou=dummy,dc=cignex,dc=com
ldap.security.principal= cn=CignexAdmin,dc=cignex,dc=com
ldap.security.credentials= secret
# Settings for importing users from LDAP to Liferay.
ldap.import.enabled=true
# LDAP import on startup
ldap.import.on.startup=true
# LDAP User Mapping Settings (#LifeRay field = #LDAP field)
ldap.user.mappings=screenName=cn\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn\ntitle=st\nphone=telephoneNumber
# Settings for com.liferay.portal.security.auth.LDAPAuth can be configured
# from the Admin portlet. It provides out-of-the-box support for the Apache
# Directory Server, Microsoft Active Directory Server, Novell eDirectory,
# and OpenLDAP. The default settings are for the Apache Directory Server.
# The LDAPAuth class must be specified in the property "auth.pipeline.pre"
# to be executed. Encryption is implemented by com.liferay.util.Encryptor.provider.class 
# in system.properties.
ldap.auth.enabled=true
ldap.auth.required=true
request.header.auth.import.from.ldap=true
# LDAP User Search Filter
ldap.import.user.search.filter=(objectClass=inetOrgPerson)
# User Screen Name Validation
users.screen.name.validator=com.liferay.portal.security.auth.LiberalScreenNameValidator
# Set either user or group for import method. If set to user, the portal
# imports all users and the groups associated with those users. If set
# to group, the portal imports all groups and the users associated with
# those groups. This value should be set based on how your LDAP server
# stores group membership information.
ldap.import.method=group
# LDAP Group Search Filter
ldap.import.group.search.filter=(&(objectClass=groupOfNames)(|(cn=it)))
# LDAP Group Mapping (LDAP Group is Mapped to Liferay User Group)
ldap.group.mappings=groupName=cn\ndescription=description\nuser=member\n
# Set this to true to use LDAP's password policy instead of the Liferay's
# password policy. If set to true, it is possible that portal generated passwords
# will not match the LDAP policy. See the "passwords.regexptoolkit.*" properties 
# for details on configuring RegExpToolkit in generating these passwords.
ldap.password.policy.enabled=true 
#  LDAP user's password should not be imported
ldap.import.user.password.enabled=false 
# User password reminder screen should not be on login
users.reminder.queries.enabled=false
users.reminder.queries.custom.question.enabled=false  
# Active Directory stores information about the user account as a series of
# bit fields in the UserAccountControl attribute.
# If you want to prevent disabled accounts from logging into the portal you
# need to use a search filter similar to the following:
# (&(objectclass=person)(userprincipalname=@email_address@)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))    
ldap.auth.search.filter=(cn=@screen_name@)
#LDAP error mappings for password
ldap.error.password.age=age
ldap.error.password.expired=expired
ldap.error.password.history=history
ldap.error.password.not.changeable=not allowed to change
ldap.error.password.syntax=syntax
ldap.error.password.trivial=trivial
ldap.error.user.lockout=retry limit

--> Start the server 

--> Check the Ldap user are imported successfully or not.







at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

  Inter Portlet Communication (IPC) in Liferay 7.4 Public Render Parameter IPC: 1) Create a new module project -> SenderPortlet 2) In  Se...

  • (no title)
    Pre and Post Login Events using blade hook in Liferay DXP For  Post Login  Event we need to setup the @Component in class @Component( ...
  • (no title)
    LDAP Integration In Liferay : Two Ways implement the LDAP Integration in Liferay. 1) Control Panel Level 2) Add the connection, us...
  • (no title)
      Inter Portlet Communication (IPC) in Liferay 7.4 Public Render Parameter IPC: 1) Create a new module project -> SenderPortlet 2) In  Se...