ldap, user group/org?

Foren

Jan Agermose, geändert vor 9 Jahren.

ldap, user group/org?

Junior Member Beiträge: 64 Beitrittsdatum: 09.04.10 Neueste Beiträge

hi

I finianlly got ldap working to the extend that users are imported and I can authendicate them. Im using import by user. But how are the users assigned to a group or org based on what info in the ldap server? Ive not found any explanation on this from what Ive managed to search so far.

In the ldap config I see 2 "option". If I understand correct the group mappings section is not used if I use "user import", right? That section is only used for when I use "group import" - and group import is when I first import groups and then import users assigned to the groups, right? But since thats even less explained I opted to use the import user option. From what I understand liferay then importes the list of users and if "something" is filled in the attribute for group membership that group is created? or/and the user is assigned to that group/org in Liferay?

So under "user mappings" I filled out the field "group" with "o" and in apache DS for the user I filled in the name of a group that existed in liferay in the hope that then the user would be assigned to the liferay group... but that does not happen. I also tried wth names for orgs in my liferay test setup. Also no assignment is made for the users.

is the understanding of that field wrong? is it not used to assign users to groups - or is it orgs? Should it not be the name but the ID (I cannot make that work either).

Jack Bakker, geändert vor 9 Jahren.

RE: ldap, user group/org?

Liferay Master Beiträge: 978 Beitrittsdatum: 03.01.10 Neueste Beiträge

So far, with AD and OpenLDAP backends, I've taken the approach of importing by group, making sure my user and group mappings are accurate, setting a good group import filter. As an aside there is also customization possible where if ldap user is removed from ldap group then that is reflected in Liferay.

In your posts here, you might start with reviewing Liferay documentation and then make references to such documentation if something there is unclear to you.

David H Nebinger, geändert vor 9 Jahren.

RE: ldap, user group/org?

Liferay Legend Beiträge: 14917 Beitrittsdatum: 02.09.06 Neueste Beiträge

If you check out com.liferay.portal.security.ldap.DefaultLDAPToPortalConverter, you can see how the LDAPUser instance is created and populated by converting ldap attributes and setting them in the LDAPUser.

However, this class does nothing to convert the group, user group, or organization ids.

It is actually quite easy to extend this class, do some post-processing of the created LDAPUser to add the various IDs after looking at available attributes and finding the corresponding IDs from the Liferay entities.

When the values are populated in LDAPUser and returned, the appropriate associations will be created/maintained for the Liferay user-related entities.