Submit Feedback
Legacy Knowledge Base
Published Jul. 2, 2025

How to remove users from Liferay that are deactivated / deleted in the LDAP server

Written By

Alexandra Rujzam

How To articles are not official guidelines or officially supporteddocumentation. They are community-contributed content and may not alwaysreflect the latest updates to Liferay DXP. We welcome your feedback toimprove How to articles!

While we make every effort to ensure this Knowledge Base is accurate, itmay not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with anyfeedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack"publication program, made available for informational purposes. Articlesin this program were published without a requirement for independentediting or verification and are provided "as is" withoutguarantee.

Before using any information from this article, independently verify itssuitability for your situation and project.

Issue

When a user is no longer listed in the LDAP server, the authentication fails and the user cannot log in anymore, but a dead user entry remains in Control Panel -> Users.

Environment

  • Liferay DXP 7.0+

Resolution

There is a way to synchronize user deactivation with the portal/database. If Status is properly mapped to an LDAP user attribute, the portal will deactivate that user upon next import/login and the account will not be displayed under Control Panel -> Users section.
Please see the steps below:
  1. Import a user and verify that it can sign in successfully and is displayed under Control Panel -> Users section.
  2. Check the user_ table in the database and assert that the column Status value is '0' which means 'Active'.
  3. If there is no standardized attribute for Status in your LDAP server (e.g. Apache Directory), choose a random attribute (e.g. employeeNumber) and set its value to '5' which means 'Inactive'.
  4. Map this employeeNumber attribute to Status in Instance Settings -> Edit LDAP Server (it's listed among the User's mappable fields, right after 'Job Title'.
  5. Try logging in with the LDAP user, just to trigger the LDAP import and see that the user is unable to log in.
  6. Check the user_ table in the database again and assert that the user status is '5'.
  7. Go to Control Panel -> Users and see that the user is not listed there anymore.

Unfortunately there is no out of the box method to completely remove the users from the database, save for using Liferay API (groovy script):
https://help.liferay.com/hc/en-us/articles/360017895672-Using-Liferay-s-Script-Engine
Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?