Submit Feedback
Legacy Knowledge Base
Published Jun. 30, 2025

Local Liferay Admin Users unable to authenticate when LDAP is Configured on Virtual Instance

Written By

Joel Jeong

How To articles are not official guidelines or officially supporteddocumentation. They are community-contributed content and may not alwaysreflect the latest updates to Liferay DXP. We welcome your feedback toimprove How to articles!

While we make every effort to ensure this Knowledge Base is accurate, itmay not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with anyfeedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack"publication program, made available for informational purposes. Articlesin this program were published without a requirement for independentediting or verification and are provided "as is" withoutguarantee.

Before using any information from this article, independently verify itssuitability for your situation and project.

Issue

  • When a main Liferay instance and a second virtual instance are both connected to the same LDAP server, local Liferay admin users are unable to log in when the “Required” box is checked.

    In the case where the LDAP is connected and the “Enabled” box is checked, all LDAP users are able to authenticate with the same default password as well as their LDAP password.

    If the “Required” box is checked for the LDAP connection, then LDAP users can no longer authenticate with the same default password (as expected). A local Liferay admin account is still able to log in normally on the main instance. However, a local Liferay admin account is not able to log into the second virtual instance anymore.

Environment

  • Liferay DXP 7.0-7.4

Resolution

  • This is the expected behavior. When the "Required" box is checked, only LDAP users can be authenticated to login. The only exception to this is Admin users of the default main instance. 
  • There are a couple of ways to work around this behavior, if necessary:
    • Add the virtual instance user to the LDAP directory, OR
    • Have the main instance's admin user log in using the On-Demand Admin portlet on the default instance, as this will skip AuthPipeline processing altogether during login.
      Here are the steps to do this:
      1. After the "Required" box has been checked, login with a default Liferay user to the main instance
      2. Go to Control Panel -> System -> On-Demand Admin
      3. Click on the kebab menu next to the virtual instance and click on "Request Administrator Access"
      4. Enter a reason and click Submit
      5. You are then redirected to the login page of the virtual instance, and can now login with local Liferay admin users.
Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?