oo

Connecting to LDAP

You can configure an LDAP server at the system level or instance level. If you are on Liferay PaaS or self-hosted, you can choose the configuration scope based on your needs. Note, when configuring at the system scope, you must specify each instance ID. If you’re on Liferay SaaS, you must configure LDAP at the instance scope. See Connecting to an LDAP Directory.

Clarity Vision Solutions must import user data from a company they just acquired.

Start and Populate an LDAP Directory

  1. Start a new OpenLDAP container.

    docker run \
    	   --env LDAP_ORGANISATION="Fabulous Frames" \
    	   --env LDAP_DOMAIN="fabulousframes.com" \
    	   --env LDAP_BASE_DN="dc=fabulousframes,dc=com" \
    	   --name fabulousframesldap \
    	   -p 389:389 \
    	   -p 636:636 \
    	   osixia/openldap:1.5.0
    
  2. Find the IP address of the fabulousframesldap container. This will be used in the configuration step below.

    docker network inspect bridge
    
  3. Generate an LDIF file to seed LDAP with a user and a user group.

    cat <<EOT >> sarah.ldif
    dn: cn=sarah,dc=fabulousframes,dc=com
    objectClass: inetOrgPerson
    objectClass: organizationalPerson
    objectClass: person
    objectClass: top
    cn: Sarah
    sn: Stanley
    givenName: Sarah
    mail: sarah@fabulousframes.com
    title: IT Staff
    userPassword: learn
    
    cn: fabulousframes
    dn: cn=fabulousframes,dc=fabulousframes,dc=com
    objectClass: groupOfUniqueNames
    objectClass: top
    uniqueMember: cn=sarah,dc=fabulousframes,dc=com
    EOT
    
  4. In your shell, navigate to the same folder as the LDIF file. Copy the file into the container.

    docker cp sarah.ldif fabulousframesldap:/container/service/slapd/assets/test
    
  5. Add the entry into the OpenLDAP server.

    docker exec fabulousframesldap ldapadd -x -D "cn=admin,dc=fabulousframes,dc=com" -w admin -f /container/service/slapd/assets/test/sarah.ldif -H ldap://localhost
    

Connect Liferay to the LDAP Directory

  1. Navigate to Global Menu (Global Menu) → Control PanelInstance Settings.

  2. Under security, click LDAP.

  3. In the left navigation, click Servers.

  4. Click Add.

  5. In the new page, enter the LDAP connection information.

    • Server Name: Fabulous Frames
    • Base Provider URL: ldap://[IP address]:389
    • Base DN: dc=fabulousframes,dc=com
    • Principal: cn=admin,dc=fabulousframes,dc=com
    • Credentials: admin

    Enter the connection information.

    Click Test LDAP Connection. A popup window shows that Liferay has connected successfully to the LDAP server. Click the X and close the window.

  6. In the LDAP user information section, map your LDAP fields to the appropriate Liferay fields. Type uid into the UUID field to map Liferay’s UUID field to LDAP’s uid field. This is necessary to export data to LDAP. Click Test LDAP Users to preview the mapping of user fields.

    Enter the user fields information.

  7. In the LDAP groups section, enter Fabulous Frames into the Description field. Click Test LDAP Groups to verify that the fabulousframes user group is visible.

  8. Click Save.

Clarity Vision Solutions’ Liferay instance is now connected to Fabulous Frames’s LDAP directory.

Next: Importing and Exporting users.

Relevant Concepts