Hi All,

I am using LR 5.2 tomcat 6.0. I have configured LDAP using Microsoft AD. All the users are able to login sucessfully.

But i am not able to import UserGropus. I get the folloeing error.

06:27:01,401 ERROR [PortalLDAPUtil:60] Error importing LDAP users and groups
javax.naming.InvalidNameException: "CN=Microsoft Schedule\+ Free/Busy Connector
(MLCOR00103),CN=Microsoft Exchange System Objects",dc=mydomain,dc=net: close quote
appears before end of component
at javax.naming.NameImpl.extractComp(NameImpl.java:129)
at javax.naming.NameImpl.<init>(NameImpl.java:267)
at javax.naming.CompositeName.<init>(CompositeName.java:214)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Par
tialCompositeDirContext.java:109)
at javax.naming.directory.InitialDirContext.getAttributes(InitialDirCont
ext.java:123)
at com.liferay.portal.security.ldap.PortalLDAPUtil._getAttributes(Portal
LDAPUtil.java:1081)
at com.liferay.portal.security.ldap.PortalLDAPUtil.getUserAttributes(Por
talLDAPUtil.java:494)
at com.liferay.portal.security.ldap.PortalLDAPUtil.importFromLDAP(Portal
LDAPUtil.java:577)
at com.liferay.portal.security.ldap.PortalLDAPUtil.importFromLDAP(Portal
LDAPUtil.java:549)
at com.liferay.portlet.admin.job.LDAPImportJob.execute(LDAPImportJob.jav
a:62)
at com.liferay.portal.job.JobWrapper.execute(JobWrapper.java:63)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.j
ava:529)

Also my seetings read as attached

Request for your help..

Attachments:

Hi,

Can anybody out there help me out with this problem.


Regards,

Rathish

Hi Rathish,

For the field "Group" in user mapping try "memberOf"

For the field "Description" of group mapping try "description"

regards,

David

David,

I am able to import users. But still i am not able to import groups which is very critical for my environment.

Somebody please help.



Regards,

Rathish

have you just configured using the portal gui or do you use a portal-ext.properties?

if so, can you attach that or past the relevant properties in?

tnx,

D

I have done it through GUI only.


Regards,

Rathish

Start with a clean liferay and create a file called portal-ext.properties in <LiferayDir>/<tomcatDir>/webapps/ROOT/WEB-INF/classes

Below settings work fine for me to connect/authenticate to AD. On actual import i get password compare issues, but that might be a local problem for me...


ldap.auth.enabled=true
ldap.auth.required=false

ldap.base.provider.url=ldap://<hostname>:<port>
ldap.base.dn=CN=Users,DC=net,DC=local
ldap.security.principal=CN=David Caron,CN=Users,DC=net,DC=local
ldap.security.credentials=<password>

# include "disabled" flag
ldap.auth.search.filter=(&(sAMAccountName=@screen_name@)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))
#ldap.auth.search.filter=(sAMAccountName=@screen_name@)
#ldap.auth.search.filter=(mail=@email_address@)

ldap.user.mappings=screenName=sAMAccountName\npassword=userPassword\nemailAddress=mail\nfullName=cn\nfirstName=givenName\nlastName=sn\njobTitle=description\ngroup=memberOf

ldap.group.mappings=groupName=cn\ndescription=description\nuser=member

ldap.import.user.search.filter=(objectClass=organizationalPerson)
ldap.import.group.search.filter=(&(objectClass=group)(name=neteffect))
#ldap.import.method=user
ldap.import.enabled=false
ldap.import.interval=10
ldap.import.on.startup=true
ldap.import.method=group

ldap.export.enabled=false

ldap.users.dn=CN=Users,DC=net,DC=local
ldap.groups.dn=CN=neteffect,CN=Users,DC=net,DC=local

ldap.user.default.object.classes=top,person,inetOrgPerson,organizationalPerson

Hi All,

My issue is resolved.

@David : I resolved it through GUI only. Thanks a ton for your help.


Regards,

Rathish

Hi Rathish,

I have the same issue, Could you let me know how you import the groups from LDAP to Liferay?

one more question is, if it imports correctly, should I see my LDAP groups in the liferay UserGroup page or some where else?

really thanks
Behrang

Hi Behrang and Rathish,

Were you able to import groups from LDAP? I also have the same issue.

Henry

Yes you should see them under usergroups.

Hi Amos,

To import LDAP groups with Liferay 5.2.2, do I need to add any lines in portal-ext.properties?
i.e., ldap.import.method=group

I did most of my LDAP configuration through the GUI and I can connect to the LDAP server and import users successfully,
but I have problems changing the settings to import groups.

Here is what I entered on the LDAP page under the Groups section. When I press the button, "Test LDAP Groups" I see
the groups I want to import.
Import Search Filter: (objectClass=groupOfNames)
Group Name: cn
Description: cn
User: member

In the Import/Export section:
Export enabled = true
Groups DN: ou=groups,ou=SWG,o=IBM,c=US

And my LDIF data looks like:
dn: cn=MAXADMIN,ou=groups,ou=SWG,o=IBM,c=US
objectClass: groupofnames
objectClass: top
cn: MAXADMIN
ibm-entryuuid: 08b472c0-e319-102c-88ee-c823748ca035
member: uid=dummy
member: uid=mxintadm,ou=users,ou=SWG,o=IBM,c=US
member: uid=maxadmin,ou=users,ou=SWG,o=IBM,c=US


When does the actual import of the group in Liferay occur? when a user from that group logs on for the very first time?

Thanks in advance for any insight you can provide,
Henry

[

If your user belong to a group, it should import that group after importing that user.

if your import method is group, I think it only imports that group on startup or on the import interval.

I would turn off export during the import process because there's a bug with it in 5.2.2 (http://issues.liferay.com/browse/LPS-2755)

Amos. Thank you for your reply. I set an import interval and it is working groups now.

Regards,
Henry

Rathish,

I am struggling with this too -- can you pass on what worked for you?

Many thanks!

h1pst3r

Rathish, I am stuck with the exact same problem and would like to what your input mappings were on the UI. Please post your solution here.

Hi..
I am using liferay 6 and Apache directory studio.
I am able to import users and the users are also able to login in.
But i am not able to import groups.During configuration when i test the group it showing me the ldap groups,but its not importing can you please tell what is the problem???

Any idea or suggestions are welcome..
Thanks in advance..

Hi Ankit,

I'm not sure but maybe you should set the following property to the appropriate value:

HTH Oli