Hi,
I would like to authenticate my users using a LDAP server.
I manage to do it with their email adress but I would like it to be done acording to their 'cn' attribute.
I tried to change (mail=@email_address@) with (cn=@user_id@) but doesn't seem to work.
On top of that, what does the token @user_id@ refers to?

Hi,

I've got the same problem. After I do try and error, I conclude that authentication filter using cn=@user_id@ or uid=@user_id@ does not work if user does not exist in database (I'm using MySQL v5). This is because Liferay will search an autogenerate user_id by Liferay (table "user_" in field "userId").

So make sure if you login using authentication "By User ID", you should use your auto generated user_id that Liferay make for you (this mean user already exist in the database and not only exist in LDAP), or the authentication will not work.

I found the rest of authentication (using "email address" and "screen name") is work even user not exist in database (Liferay will create the user in database). But you must take a note, that attribute value that will be mapped to screen name in LDAP (using cn or uid or other attribute) should not contain underscore ( _ ) or space ( ) or all numbers (ex: 112545 -> wrong, tommy123 -> right)