Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Cristian Roldan
How to use differents users registry
December 19, 2012 12:28 AM
Answer

Cristian Roldan

Rank: New Member

Posts: 12

Join Date: September 24, 2012

Recent Posts

Hi All,
Is it posible to use several users registry in LifeRay, we would like to use a liferay database user registry for administrators and ldap registry for our business users, is it posible ?

Many thanks.
David H Nebinger
RE: How to use differents users registry
December 19, 2012 6:03 AM
Answer

David H Nebinger

Community Moderator

Rank: Liferay Legend

Posts: 8941

Join Date: September 1, 2006

Recent Posts

No. Liferay entities all have FKs against the Liferay User database. All users, even LDAP users, get imported into the User table so these FKs can be satisfied.
Cristian Roldan
RE: How to use differents users registry
December 19, 2012 7:40 AM
Answer

Cristian Roldan

Rank: New Member

Posts: 12

Join Date: September 24, 2012

Recent Posts

Hi,
What about this situation ....

1) First installation using a DataBase my Administrator user is created in my DataBase.
2) After a while I configure LifeRay to use a LDAP as users registry.

My administrator user (created intially in my database) will be available after changing to LDAP ?


Thanks.
David H Nebinger
RE: How to use differents users registry
December 19, 2012 9:12 AM
Answer

David H Nebinger

Community Moderator

Rank: Liferay Legend

Posts: 8941

Join Date: September 1, 2006

Recent Posts

If all you're doing is ldap import, yes. You can add users (they go to the database) and also import users from LDAP.

The trick is when you enable export, then users in the database may go to LDAP. I think it's actually smarter than that, that only users that were imported will get exported back and db-only users do not get exported, but you'll have to test that out.
Milen Dyankov
RE: How to use differents users registry
December 20, 2012 9:40 AM
Answer

Milen Dyankov

LIFERAY STAFF

Rank: Regular Member

Posts: 232

Join Date: October 30, 2012

Recent Posts

The LDAP users will be imported into Liferay's database. This need to be done for a number of reasons. Liferay can be configured to do a mass import upfront or import user by user as they attempt to log in.

As for the login process - there are (at least) two scenarios:
1) If LDAP is NOT required - authentication will be against Liferay database. This meas that users in Liferay database (but not in LDAP) will still be able to log in. The side effect is that if you change passwords in LDAP the users will still be able to log in with their OLD passwords as they will not be automatically updated in portal's database.
2) if LDAP IS required - then password check is against LDAP and thus Liferay users without LDAP records will not be able to log in.

You can try to provide a custom login hook for your admin users, but I think if LDAP is required this will end up checking the password in LDAP anyway. If I'm right, it seams you can NOT get 100% of what you need OOTB. Most likely you'll have to customize the LDAP login process. Perhaps utilizing custom fields to specify which users are in LDAP and which aren't.