Configure Liferay authentication with Active Directory OR OpenLDAP
Hi Guys,
I am working as Sr. Consultant - MCS ( Manage Cloud Service) in CIGNEX Datamatics Pvt. Ltd. We often used to do Liferay authentication with different different Directory server, Like Active Directory, Open LDAP, etc.. We can implement multiple directory servers' authentication in liferay also we can use active directory and openldap same time in multiple directory servers' authentication.
Today I am going to write here how we can implement Liferay 6.2 authentication with Active directory and open ldap.
After Below exercise you will have liferay working with authentication with openldap and active directory using email id. You will have all users' imported in liferay. If you dont want to import in liferay you can stop by disabling import properties.
Important note:
Before Going to start please be confirm following things:
- AD/OpenLdap server should be accessible from your machine on 389 port.
- All users’ must have values in given fields: sAMAccountName, userPassword, userPrincipalName, givenName, sn
- None of users have '@' or '_' ind of extra character in sAMAccountName or UID. if any user containing these special characters then those users' will not be authenticated or imported.
- You must have java installed in your machine with version 1.7.0 or latest
- JAVA_HOME must be set
- PATH must be set to be accessible java bin directory.
- iptables and selinux should be off.
Step 1: Download liferay zip file and put in /opt directory
root@shankarpatel:~# cd /opt
Step 2: Extract it.
root@shankarpatel:/opt# unzip liferay-portal-tomcat-6.2-ce-ga2-20140319114139101.zip
Step 3 : rename to liferay directory and change to liferay directory
root@shankarpatel:/opt# mv liferay-portal-6.2-ce-ga2 liferay
root@shankarpatel:/opt# cd liferay
Step 4: Create portal-ext.properties file
root@shankarpatel:/opt/liferay# vim portal-ext.properties
Step 5: now paste below content in the file
#################################################
# Below properties are basic properties to connect with database and use mysql driver
#################################################
# Use mysql connector
jdbc.default.driverClassName=com.mysql.jdbc.Driver
# connect to localhost’s mysql server
jdbc.default.url=jdbc:mysql://localhost/lportal?useUnicode=true&characterEncoding=UTF-8&useFastDateParsing=false
# database credentials
jdbc.default.username=root
jdbc.default.password=redhat
####
# Common properties to Configuration for users import from ldap in liferay
#######
ldap.auth.enabled=true
ldap.import.user.password.enabled=true
ldap.import.enabled=true
ldap.import.on.startup=true
ldap.import.interval=5
Context.REFERRAL=follow
####
# Configuration for authenticating with Active directory.
#######
ldap.base.provider.url.0=ldap://192.168.1.1:389
ldap.base.dn.0=dc=server,dc=com
ldap.security.principal.0=user1
ldap.security.credentials.0=Test1234
ldap.user.mappings.0=screenName=sAMAccountName\npassword=userPassword\nemailAddress=userPrincipalName\nfirstName=givenName\nlastName=sn\njobTitle=title
ldap.import.user.search.filter.0=(objectClass=person)
# If you want to set login using SCREEN NAME enable below line
#ldap.auth.search.filter.0=(sAMAccountName=@screen_name@)
# If you want to set login using email address enable below line
#ldap.auth.search.filter.1=(userPrincipalName=@email_address@)
# you can have multiple AD or 1 AD and 1 OpenLdap
# if you want to configure authentication with open ldap put below configuration
####
# Configuration for authenticating with OPEN LDAP.
#######
ldap.base.provider.url.1=ldap://localhost:389
ldap.base.dn.1=dc=server,dc=com
ldap.security.principal.1=cn=shankar,ou=People,dc=server,dc=com
ldap.security.credentials.1=Test1234
ldap.user.mappings.1=screenName=uid\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn\njobTitle=title
ldap.import.user.search.filter.1=(objectClass=person)
# If you want to set login using SCREEN NAME enable below line
#ldap.auth.search.filter.0=(cn=@screen_name@)
# If you want to set login using email address enable below line
#ldap.auth.search.filter.1=(mail=@email_address@)
Before applying above settings please change below parameters with your credentials.
jdbc.default.url = Change hostname localhost to your db server
jdbc.default.username= Change username as you have for database
jdbc.default.password= Change password as you have for above user
ldap.base.provider.url.0=ldap://<your Active Directory Server name or IP>
ldap.base.dn.0=dc=your,dc=domain
ldap.security.principal.0=Active Directory Admin Username
ldap.security.credentials.0= Password of above user
ldap.base.provider.url.1=ldap://<your OpenLDAP Server name or IP>
ldap.base.dn.1=dc=OPENLDAP,dc=domainname
ldap.security.principal.1=Active Directory Admin Username
ldap.security.credentials.1= Password of above user
Now Start your liferay it will be able to authenticated with open ldap and active directory users.
Enjoy..............