Forums

Home » Liferay Portal » English » Liferay Legacy

Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Liferay 4.2 Integration with Active Directory sharmiq babu March 1, 2007 5:56 AM
RE: Liferay 4.2 Integration with Active Directory Jörn Ebeling March 1, 2007 7:42 AM
RE: Liferay 4.2 Integration with Active Directory sharmiq babu March 2, 2007 11:15 PM
RE: Liferay 4.2 Integration with Active Directory Jörn Ebeling March 5, 2007 12:22 AM
RE: Liferay 4.2 Integration with Active Directory sharmiq babu March 12, 2007 7:10 AM
RE: Liferay 4.2 Integration with Active Directory Benjamin Bratkus March 29, 2007 12:28 PM
RE: Liferay 4.2 Integration with Active Directory Jörn Ebeling March 30, 2007 2:52 AM
RE: Liferay 4.2 Integration with Active Directory Benjamin Bratkus March 30, 2007 4:39 AM
RE: Liferay 4.2 Integration with Active Directory Jörn Ebeling March 30, 2007 5:05 AM
RE: Liferay 4.2 Integration with Active Directory Benjamin Bratkus March 30, 2007 5:16 AM
RE: Liferay 4.2 Integration with Active Directory Jörn Ebeling March 30, 2007 5:35 AM
RE: Liferay 4.2 Integration with Active Directory Benjamin Bratkus March 30, 2007 5:39 AM
RE: Liferay 4.2 Integration with Active Directory Benjamin Bratkus April 3, 2007 9:10 AM
RE: Liferay 4.2 Integration with Active Directory Benjamin Bratkus April 3, 2007 9:19 AM
RE: Liferay 4.2 Integration with Active Directory pipe melero May 3, 2007 8:53 AM
RE: Liferay 4.2 Integration with Active Directory Elisabeth VanSchaardenburg May 3, 2007 1:34 PM
RE: Liferay 4.2 Integration with Active Directory Benjamin Bratkus May 4, 2007 5:01 AM
RE: Liferay 4.2 Integration with Active Directory pipe melero May 7, 2007 1:01 AM
RE: Liferay 4.2 Integration with Active Directory Jörn Ebeling May 7, 2007 3:54 AM
RE: Liferay 4.2 Integration with Active Directory pipe melero June 4, 2007 6:59 AM
RE: Liferay 4.2 Integration with Active Directory Benjamin Bratkus October 12, 2007 5:01 AM
RE: Liferay 4.2 Integration with Active Directory Benjamin Bratkus October 12, 2007 9:29 AM
RE: Liferay 4.2 Integration with Active Directory Benjamin Bratkus October 15, 2007 3:46 AM
RE: Liferay 4.2 Integration with Active Directory pipe melero June 12, 2007 3:56 AM
sharmiq babu
Liferay 4.2 Integration with Active Directory
March 1, 2007 5:56 AM
Answer

sharmiq babu

Rank: New Member

Posts: 5

Join Date: December 10, 2006

Recent Posts

Dear Friends,

I want to integrate Liferay 4.2 (JBOSS+Tomcat) with Active Directory Server.

I read the developer guide and did accordingly. I gave the active directory details and saved. But am not able to authenticate the users from active directory.

BTW, I was successfull in integrating Liferay 4.0.2 with Active Directory with small code tweaking in the class
com.liferay.portal.security.auth.LDAPAuth.

Kindly let me know if any of you had gone through similar scenarios.


Thanks in adavance.


Regards
Sharmiq.K
Jörn Ebeling
RE: Liferay 4.2 Integration with Active Directory
March 1, 2007 7:42 AM
Answer

Jörn Ebeling

Rank: Regular Member

Posts: 119

Join Date: January 5, 2006

Recent Posts

I integrated AD in LR 4.1.2.
Try to map email to userprincipalname and userid to sammaccountname. This should work.
sharmiq babu
RE: Liferay 4.2 Integration with Active Directory
March 2, 2007 11:15 PM
Answer

sharmiq babu

Rank: New Member

Posts: 5

Join Date: December 10, 2006

Recent Posts

Dear Ebeling,

Thanks for your response.

I tried the same. But no luck.

The following are my settings.

Base Provider URL : ldap://192.168.20.20:389

Base DN :

Principal : CN=Administrator,CN=Users,DC=daralshifa,DC=com

Credentials : ******************


Enter the search filter that will be used to test the validity of a user. The tokens @company_id@, @email_address@, and @user_id@ are replaced at runtime with the correct values.

(&(objectCategory=person)(sAMAccountName=@user_id@))

If the user is valid and the user exists in the LDAP server but not in Liferay, the user will be synchronized from the LDAP server to Liferay. Below is a mapping of Liferay attributes and the pair name used to populate the Liferay field from LDAP.

fullName=cn
userId=sAMAccountName
emailAddress=userprincipalname



Looking forward to your help.

regards
Sharmiq.K
Jörn Ebeling
RE: Liferay 4.2 Integration with Active Directory
March 5, 2007 12:22 AM
Answer

Jörn Ebeling

Rank: Regular Member

Posts: 119

Join Date: January 5, 2006

Recent Posts

try to set base-dn to DC=daralshifa,DC=com
sharmiq babu
RE: Liferay 4.2 Integration with Active Directory
March 12, 2007 7:10 AM
Answer

sharmiq babu

Rank: New Member

Posts: 5

Join Date: December 10, 2006

Recent Posts

Thanks Ebeling, It worked with small code change.
Benjamin Bratkus
RE: Liferay 4.2 Integration with Active Directory
March 29, 2007 12:28 PM
Answer

Benjamin Bratkus

Rank: Junior Member

Posts: 61

Join Date: March 5, 2006

Recent Posts

hi folks,

actually i try to do the same emoticon. as you i try to combine liferay 4.2.1 with an active directory.
if i try to set the checkbox "enable" in the portlet for authentication i allways get the message: Failed to bind to the LDAP server with given values.
so i hope you can give me a hint. here are my informations which my admin gave to me for the testsystem:
____________________________________

Root: Administrator
Pass: ******
Host-IP: 192.168.1.85
Host-Name: howe-server
DNS-Suffix: semnet.oio.de
WinDNS: SEMNET or "semnet.oio.de"

__________________________________

i inserted as follows to the portlet:

Base Provider URL: ldap://192.168.1.85:389
Base DN : dc=semnet.oio,dc=de
Principal : cn=Administrator
Credentials : ******
____________________________________

best regards,

ben
Jörn Ebeling
RE: Liferay 4.2 Integration with Active Directory
March 30, 2007 2:52 AM
Answer

Jörn Ebeling

Rank: Regular Member

Posts: 119

Join Date: January 5, 2006

Recent Posts

Hi Ben,
I think you have to use the full distinqueshed name for yout principal.
Something like cn=Administrator,ou=Users,dc=semnet.oio,dc=de.

Good luck.

Jörn
Benjamin Bratkus
RE: Liferay 4.2 Integration with Active Directory
March 30, 2007 4:39 AM
Answer

Benjamin Bratkus

Rank: Junior Member

Posts: 61

Join Date: March 5, 2006

Recent Posts

hi Jörn,

i have tried this too, but even this do not work. the same error occures. i guess it could be a problem with the active d itself because this is just a small test active d which my sysadmin provides so me.

i made some extra tries to connect. some other looked like:
__________________________________

i inserted as follows to the portlet:

Base Provider URL: ldap://192.168.1.85:389
Base DN : dc=semnet.oio,dc=de
Principal : ccn=Administrator,ou=Users,dc=semnet.oio,dc=de
Credentials : ******
____________________________________

as i said this fails too.

thanks, ben
Jörn Ebeling
RE: Liferay 4.2 Integration with Active Directory
March 30, 2007 5:05 AM
Answer

Jörn Ebeling

Rank: Regular Member

Posts: 119

Join Date: January 5, 2006

Recent Posts

are you able to connect with this details with another application (an ldapbrowser e.g.)?
Benjamin Bratkus
RE: Liferay 4.2 Integration with Active Directory
March 30, 2007 5:16 AM
Answer

Benjamin Bratkus

Rank: Junior Member

Posts: 61

Join Date: March 5, 2006

Recent Posts

i havent tryed, but i ll do so, which application would you propose to me. www.jxplorer.org as in the flash demo of liferay ?


best regards,

ben
Jörn Ebeling
RE: Liferay 4.2 Integration with Active Directory
March 30, 2007 5:35 AM
Answer

Jörn Ebeling

Rank: Regular Member

Posts: 119

Join Date: January 5, 2006

Recent Posts

I'm using Softerra LDAP Browser.

http://www.ldapbrowser.com/download.htm
Benjamin Bratkus
RE: Liferay 4.2 Integration with Active Directory
March 30, 2007 5:39 AM
Answer

Benjamin Bratkus

Rank: Junior Member

Posts: 61

Join Date: March 5, 2006

Recent Posts

hi jörn,

thanks for your responses, i ll try this browser as soon as possible.


best regards,

ben
Benjamin Bratkus
RE: Liferay 4.2 Integration with Active Directory
April 3, 2007 9:10 AM
Answer

Benjamin Bratkus

Rank: Junior Member

Posts: 61

Join Date: March 5, 2006

Recent Posts

back again emoticon,

i have used your preferred ldap browser to access the test active directory, but actually this system is not as expected. the ldap browser is able to connect to the active d wit the following informations:

ldap://192.168.1.85:389
base dn: DC=semnet,DC=oio,DC=de
principal :cn=Adminstrator,c=Users,DC=semnet,DC=oio,DC=de
credentials: whatever

_________
,but the main difference to the example ldaps which are delieverd with the browser by default is, that i am not possible to extend the tree view in the side navigation which is working for the example ldaps which come with the application. so i guess that my active d is missing a setting to allow the access as expected. because liferay is still not able to connect to the active d with this settings and i only can see some "header" informations regaring my test system.
have you any idea?

best regards,

ben
Benjamin Bratkus
RE: Liferay 4.2 Integration with Active Directory
April 3, 2007 9:19 AM
Answer

Benjamin Bratkus

Rank: Junior Member

Posts: 61

Join Date: March 5, 2006

Recent Posts

back,

now i can see the structure.... emoticon and i am connect to the ldap with my liferay emoticon.
so what have i done? nothing just 100 time clicked in liferay "save" emoticon

so active directory is a tool for sysadmins. emoticon

thanks for your support.

ben
pipe melero
RE: Liferay 4.2 Integration with Active Directory
May 3, 2007 8:53 AM
Answer

pipe melero

Rank: New Member

Posts: 22

Join Date: January 29, 2007

Recent Posts

Hi Benjamin and all,

I am trying to connect my Liferay 4.2.1 with AD but no success,

This is my configuration:
================================================
Base Provider URL : ldap://10.20.*.*:389
Base DN : DC=kaioaprueba,DC=com
Principal : CN=Administrador,CN=Users,DC=kaioaprueba,DC=com
Credentials : **********

Enter the search filter that will be used to test the validity of a user. The tokens @company_id@, @email_address@, and @user_id@ are replaced at runtime with the correct values.

(&(objectCategory=person)(sAMAccountName=@user_id@))

If the user is valid and the user exists in the LDAP server but not in Liferay, the user will be synchronized from the LDAP server to Liferay. Below is a mapping of Liferay attributes and the pair name used to populate the Liferay field from LDAP.

fullName=cn
userId=sAMAccountName
emailAddress=userprincipalname
================================================
Using JXplorer I have got to connect with these parameters and Liferay tells me "Your request processed successfully" meaning that the bind is correct. I don't know if it is necessary to modify LDAPAuth.java, if it is necessary to select the algorithm in the checkbox...

Can you help me out please?

Thanks.
Elisabeth VanSchaardenburg
RE: Liferay 4.2 Integration with Active Directory
May 3, 2007 1:34 PM
Answer

Elisabeth VanSchaardenburg

Rank: Regular Member

Posts: 184

Join Date: May 23, 2006

Recent Posts

Most likely the problem is this:

1(&(objectCategory=person)(sAMAccountName=@user_id@))


Is your portal configured to log in with userid or e-mail address? If it's e-mail address, you'll want to replace 'sAMAcountName=@user_id@' with 'mail=@email_address@'. If you're logging in with a user id, then you need to make sure that the value that you're entering in the userid field of the login screen matches the 'sAMAccountName' defined in AD, or choose a different AD attribute that corresponds to the value the user will enter in the user id field.

This was a handy reference for figuring out Active Directory attributes.

Hope this helps.

Elisabeth
Benjamin Bratkus
RE: Liferay 4.2 Integration with Active Directory
May 4, 2007 5:01 AM
Answer

Benjamin Bratkus

Rank: Junior Member

Posts: 61

Join Date: March 5, 2006

Recent Posts

hi pipe,

for my case i have not edited the fields in the box after changing the auth mechanism to active directory. means i just selected active directory from the dropdown menu and filled in my credentials as written above.
after saving the inserted values i tried to login with my admin and the user contract of the portal occures to accept the licence agreement and after accepting i was successfully logged in.
there are two questions regarding the config you re trying to use for your active directory.

a) are you sure that your active directory is the main domain controller, means are there really the users your looking for?
in my cae my active directory was responsible for a subdomain called semnet. see my config above.

b) i used the c for users in my principal :cn=Adminstrator,c=Users,DC=semnet,DC=oio,DC=de, compared to your principal cn=Users, but i am not a sysadmin emoticon so perhaps you should ask your admin or use the link which was posted by elisabeth.


best regards,

ben
pipe melero
RE: Liferay 4.2 Integration with Active Directory
May 7, 2007 1:01 AM
Answer

pipe melero

Rank: New Member

Posts: 22

Join Date: January 29, 2007

Recent Posts

Thanks to all for your fast answers!

I have got to bind and authenticate Liferay with my AD. My mistake was that I was mapping "mail=@email_address@" without having mail defined in AD, so I used "userPrincipalName=@email_address@" and it worked!

regards

Felipe
Jörn Ebeling
RE: Liferay 4.2 Integration with Active Directory
May 7, 2007 3:54 AM
Answer

Jörn Ebeling

Rank: Regular Member

Posts: 119

Join Date: January 5, 2006

Recent Posts

there's one think you should care about if you are integrating AD:
in liferay the userid cannot be changed. If you map the AD samaccountname to liferays userid you have to create a new user if the samaccountname has to be changed in your directory. (e.g. marriege)

I'm using objectguid as userid and I've enabled login via email. As I want the people to login with there username and not with email-Adress I'm not mapping email to email but the ad's userprincipalname. This is always sammaccountname@domain.ads. I modified liferays login to add "@domain.ads" to the users submitted username.

If you have to change the sammaccountname in ad, you can easily update the liferay email adress of this user and the user can login with his new username as the old user.
pipe melero
RE: Liferay 4.2 Integration with Active Directory
June 4, 2007 6:59 AM
Answer

pipe melero

Rank: New Member

Posts: 22

Join Date: January 29, 2007

Recent Posts

Hi,

now I have to bind an external AD with another Liferay portal (both are in a LAN) but I'm can't access to the AD information. They only have provided me the IP, the domain name (type dc=enterprise,dc=com), and one administrator user /password. My question is: Do they have to provide me more information (such as the folder that contain this user, the atributte of this user...)?

I am accesing with CN but also can be UID,SN and others to refer the user, am I right?

Any success for binding with the ldap, could you give me some light on this?

regards
pipe melero
RE: Liferay 4.2 Integration with Active Directory
June 12, 2007 3:56 AM
Answer

pipe melero

Rank: New Member

Posts: 22

Join Date: January 29, 2007

Recent Posts

sharmiq babu:
Thanks Ebeling, It worked with small code change.


hi sharmiq,

I'd like to know which "small code changes" have you done to get the authentication work with AD.Have you modified the LDAPAuth.java?

I can bind with the AD but not authenticate. In the filter I have what is by default: (sAMAccountName=@user_id@) and in the General Tab I have "authenticate by user", is it ok?

thanks on advance
Benjamin Bratkus
RE: Liferay 4.2 Integration with Active Directory
October 12, 2007 5:01 AM
Answer

Benjamin Bratkus

Rank: Junior Member

Posts: 61

Join Date: March 5, 2006

Recent Posts

he guys,

so actually i can successfully authenticate my domain users to the active directory. some questions are remaining:
1. how can i manage that a domain user which accesses the portal the first time must not "accept" the contract - means that the contract is automatically accepted ?
System Liferay 4.2.2.

2. if i try to enable the automatic ldap importer which can be configured as descriped in the liferay wiki http://wiki.liferay.com/index.php/LDAP i always getting exceptions like:

12:00:17,653 ERROR [LDAPImportUtil:60] Error importing LDAP users and groups
javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'dc=schulung,dc=oio,dc=de'
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2763)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:129)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:198)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171)
at com.liferay.portal.security.ldap.LDAPImportUtil.importLDAP(LDAPImportUtil.java:218)
at com.liferay.portal.security.ldap.LDAPImportUtil.importLDAP(LDAPImportUtil.java:150)
at com.liferay.portlet.admin.job.LDAPImportJob.execute(LDAPImportJob.java:70)
at org.quartz.core.JobRunShell.run(JobRunShell.java:195)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)

can give me somebody a hint regarding point 2 ?
my actual configuration(see code snippet) of the portal.properties in the portal-ejb.jar looks like
##
## LDAP Import
##

ldap.import.enabled=true
ldap.import.on.startup=false
ldap.import.method=user

#
# Enter time in minutes. This is how often the importer will synchronize
# with LDAP. This property is portal wide. Company override will be ignored.
#
ldap.import.interval=10

ldap.import.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.import.base.provider.url=ldap://testsystem:389
ldap.import.base.dn=dc=schulung,dc=oio,dc=de
ldap.import.security.principal=cn=coachingadmin,cn=users,dc=schulung,dc=oio,dc=de
ldap.import.security.credentials=whatever
ldap.import.search.filter=(objectClass=organizationalPerson)
ldap.import.user.mappings=fullname=cn\npassword=userPassword\nemailAddress=userprincipalname
\nfirstName=givenName\nlastName=sn\njobTitle=title\ngroup=groupMembership
ldap.import.group.mappings=groupName=cn\ndescription=description

additional infos:
1. the groupMembership,title in my active directory is empty
2. i changed the objectClass from inetOrgPerson to organizationalPerson because the inetOrgPerson i haven't found as attribute of my users in the testsystem.


best regards,

ben
Benjamin Bratkus
RE: Liferay 4.2 Integration with Active Directory
October 12, 2007 9:29 AM
Answer

Benjamin Bratkus

Rank: Junior Member

Posts: 61

Join Date: March 5, 2006

Recent Posts

he all,
i got the importer run. but the users and group which are imported are not associated with each other. so is there a possibility to configure the importer in my liferay 4.2.2 setting the user groups of the active directory to the imported users during import?

best regards,
ben
Benjamin Bratkus
RE: Liferay 4.2 Integration with Active Directory
October 15, 2007 3:46 AM
Answer

Benjamin Bratkus

Rank: Junior Member

Posts: 61

Join Date: March 5, 2006

Recent Posts

got it.

best regards,
ben