Thursday, May 28, 2015

LDAP Integration with Liferay

  

LDAP Integration with Liferay

Introduction about LDAP:


The Lightweight Directory Access Protocol (LDAP) is a directory service protocol that runs on a layer above the TCP/IP stack. It provides a mechanism used to connect to, search, and modify Internet directories. The LDAP directory service is based on a client-server model.

 Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network.[2] As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.

There are multiple vendors providing implementation of LDAP, But i will mention few of the commonly used LDAP Servers.

1. Apache Directory Server

2. Open LDAP

3. Windows Directory Services etc.

Here i am going to show an example how to configure LDAP and How to integrate it with Liferay 6.1, currently i have implemented in Liferay 6.1 it should work higher versions of liferay also.

I will use Apache Directory Server for LDAP here.

Liferay LDAP Configuration with Apache Directory Server

Steps Involved:

1. First of all we have to download a directory server the given link below is the apache ds download link.



2.  Install the server by followed by the steps given on same website . Now our DS(Directory Server) is installed. 


3.  Now open the Apache DS by double click on the icon on your desktop , you will see Eclipse Type Apache Directory Studio is open in front of You.



4.  Now  Right Click on LDAP Server Tab and create New Server




5.      Now Select one of the following servers available (Select latest one i.e 2.0.0 )





 6.      Click on finish, you have successfully configured your LDAP server. Now we will create 
new connection to server so that we can create users directly in our LDAP server  for 
Creating new Connection our Server should be running. So just Start the Server For that Right Click on Server and Click on Create a Connection.





 7.      Now you will see you have successfully created a connection. Basic Directory Structure Look like this.






 8.    We are ready with our LDAP Server running.  Now we have to configure Liferay to use this server for our purposes. For that navigate to
Control Panel à Portal Settings à Authentication à LDAP



9.      Now Click on Add Server you will have a long screen with some prefilled values , where you have to provide your configuration settings

a.    Server name  (You can give any name as of your choice. )




         b.      Default Values (Choose LDAP Server you are Usinf for us it is Apache DS)

  

  c.     Connection
            Base Provider URL:  This is the URL of your LDAP server (ldap://host:port             ) for us it is  “ldap://localhost:10389” .  to confirm go to your LDAP Browser and Right Click on Root DSE and select properties anf navigate to
Connection à Network Parameter





           Base DN: It is Initial search context of  Users will be searched(For us it is                                            dc=example,dc=com)

Principal:  It is  Binding DN or User (For us it is uid=admin,ou=system)
Credentials: It is the Binding Password (For us it is “secret”)

To confirm go to your LDAP Browser and Right Click on Root DSE and select properties anf navigate to
                                            Connection à Authentication
             Finally our connection settings look like this


              



1.      Now Click on Test LDAP Connection, if every thing is good you will see the message below.








1.      Users  Now you have provide information related to Users. Let Us see  little Description about these fields.


Authentication Search Filter:  It is the field of User Mapping which will be used to check the Validity of User.(For Us We will use cn=@screen_name@)

Import Search Filter:  It is the objectClass which will be used filter users during Importing Users from LDAP to your Portal.(for us it will be as it is i.e objectClass=person )







1.      User Mapping   Here you have to provide required fields of User which will be used in importing and exporting  Users. These are common fields which doesn’t need any description .




Note: The required fields must be filled  either in exporting or importing Users otherwise you will get Error Message.


1.      Now Click on Test LDAP Users, if everything is good  you will see List of Users fetched  from your LDAP Server

Note: To perform Test LDAP Server should be running and LDAP Server Should contain Users otherwise it will show no Users exist.



1.      Groups:  This Section conteins settings for mapping LDAP groups to Liferay.



1.      Export  This Section Contains settings for Exporting Users from LDAP.






1.      Now In our case we are going to use LDAP Password policy for that we have to put a property in our portal-ext.properties file

p                            passwords.passwordpolicytoolkit.generator=static


1.      Now you have to enable your portal to use LDAP as a Authentication Medium for that you have to enable the option in
Control Panel à Portal Settings à Authentication à LDAP

Note: There is another option Required with Enable , Required option is to specify that Users must be authenticated through LDAP Only.

  1. Now check the Use LDAP Password Policy option and import , Export option As per your requirement.

    Now you are all set with all the necessary settings required to use your LDAP Server to Authenticate Users as well as Import and Export Users to and from LDAP
















2 comments:

Subscribe to: Post Comments (Atom)