Hi all,
I have a requirment of importing all the users from the LDAP belonging to a specific group. i am using the cisco LDAP Directory. the URL IS ldap://ldap.cisco.com

any help here is appreciable.

Hello,

go in Control Panel on Settings and then on authentication and then on the tab LDAP.

There You have to fill in the given fields.

There is also the filter for the import of the users (field "Import Search Filter")
then You can specify the "Import Search Filter" by something like:

(&(objectCategory=person)(memberOf=cn=Liferay,ou=groups,dc=subdomain,dc=domain,dc=com))

and all users from the "Liferay" Group will be imported automatically, if You click below on "Import enabled"

with regards, Archie

P.S. In our case we used MS Active Direcotry as LDAP, so I cannot guarantee by cisco it will be 100Percent the same, but You have to try...

Hi Artur,
thanks for the quick reply. but that string is not working. can u pls explain the meaning of this string so that i can modify that according to cisco LDAP.
"(&(objectCategory=person)(memberOf=cn=Liferay,ou=groups,dc=subdomain,dc=domain,dc=com))"
do u know from where i can get this import search filter string for cisco ldap directory?

Doesn't work for me either. Looks like it has to have an exact match.

Hello,

no idea how it should be for Cisco... :-(

please, try to activate the log (change the file log4j.properties if You do not have any logs generated) and look into the log file what is written there, evt. post it here...

with regards, Archie

Before I enter any credentials into the LDAP UI or even the properties side, I test it in JXplorer.

Check out the LDAP Integration LifeCast from the 4.2 documentation for inspiration. The concepts of connection are essentially the same in the most current releases of Liferay.
Lifeary 4.2 Documentation

If you can't connect with JXplorer or LDAPBrowser, you won't be able to do it via Liferay.

How to activate logs through log4j.properties file?
pls tell me the setting!!!!

This is a LDAP thread. Please do not hijack it. Ask your question in another category.

Hello, Jerry,


You are right we should keep the topic, but I think this question came because I recommended to activate log4j to get the information what is happening around the LDAP authentication...

Log4J can be for the tracing of LDAP requests activated through following steps:
1. (Maybe not necessary, but for to be sure) Go to {TOMCATDIR}/webapps/ROOT/WEB-INF/classes/log4j.properties
and change it so it will produce the logging with debug, so for example like follows:

log4j.rootCategory=DEBUG, CONSOLE, MM1

log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
log4j.appender.CONSOLE.layout.ConversionPattern=%d{ABSOLUTE} %-5p [%c{1}:%L] %m%n

log4j.appender.MM1=org.apache.log4j.FileAppender
log4j.appender.MM1.File=c:/liferay.log
log4j.appender.MM1.Append=false
log4j.appender.MM1.layout=org.apache.log4j.PatternLayout
log4j.appender.MM1.layout.ConversionPattern=%d{ABSOLUTE} %-5p [%c{1}:%L] %m%n


(see also http://logging.apache.org/log4j/ for additional log4j information)

2. Restart the portal and go in the first portal instance (if You created more of them, if not it is just the default) and here in the control panel to the section "server administration" and select there the tab "log levels". Search for the categories
com.liferay.portal.security.auth.LDAPAuth
com.liferay.portal.security.ldap
com.liferay.portal.security.ldap.PortalLDAPUtil
(in my case itwas on the 3rd page) and set the log level to "DEBUG"
(see the picture below)

3. Do not forget to save Your changes after the change by pressing the save button below.

So will be the log level of the given categories set to DEBUG. If You restart the portal, please verify the settings have not disappeared, we had sometimes this issue...

Now You should be able to track Your LDAP requests to see what is happening really in Your communication.

Anhänge:

LDAPLogging.GIF (104,7k)

Extreamly sorry jerry for asking this question here.... but as artur says this is related with LDAP so, there should not be any problem for keeping this question in this thread.
so that in future if, someone refer this thread and he is having the same issue which i faced than he can get a quick solution instade of searching more in another thread

thanks guys for helping me!!!! specially artur... now the LDAP logs are working man!!

Great, and Did You solved You issue with cisco-LDAP?

Maybe, if You have specified some new configuration which works, You could post it here or post a LEP into the issues, to ahve it in the next version supported out-of-the-box...

with regards, Archie

yes i have solved my problem. instade of group i have used "Import Search Filter"
there is one field in LDAP i.e vendorname i have applied filter on that column..
what exactly i have done is in the "Import Search Filter " field i have put the condition
that (vendorname = XYZ) so that, while importing it only import those users which belong to XYZ.

and that's what i want!!!!

so, if I understand it correctly, the "group name" field on Cisco LDAP is named "vendorname" ?

that's absolute right...