Submit Feedback
Legacy Knowledge Base
Published Jul. 2, 2025

Configuring LDAP to Ignore Attributes During the Import Process

Written By

Liferay Support

How To articles are not official guidelines or officially supporteddocumentation. They are community-contributed content and may not alwaysreflect the latest updates to Liferay DXP. We welcome your feedback toimprove How to articles!

While we make every effort to ensure this Knowledge Base is accurate, itmay not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with anyfeedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack"publication program, made available for informational purposes. Articlesin this program were published without a requirement for independentediting or verification and are provided "as is" withoutguarantee.

Before using any information from this article, independently verify itssuitability for your situation and project.

This article describes how specific LDAP attributes can be ignored during LDAP user import.

Sometimes, users may change some information on the Liferay Portal. When the next scheduled LDAP import is executed, it will overwrite the user-made change. To ensure the change is not overwritten, users can define which attributes are to be ignored in their portal-ext.properties file.

For a more exhaustive look, in PortalLDAPImporterImpl.java, under the function updateUser, a function call to UserLocalServiceUtil.updateUser contains the list of available attributes. Removing the prefixes "get" and "is" defines the attribute. For instances, getEmailAddress, the attribute would become "contact.EmailAddress". These attributes must be prefixed with "contact." The reason why "contact" must be added is because the property was registered in the bean as LDAPUser#contact.xxxxxx.

Here is the function call with the attributes:

user = UserLocalServiceUtil.updateUser(

user.getUserId(), password, StringPool.BLANK, StringPool.BLANK,

passwordReset, ldapUser.getReminderQueryQuestion(),

ldapUser.getReminderQueryAnswer(), ldapUser.getScreenName(),

ldapUser.getEmailAddress(), ldapUser.getFacebookId(),

ldapUser.getOpenId(), ldapUser.getLanguageId(),

ldapUser.getTimeZoneId(), ldapUser.getGreeting(),

ldapUser.getComments(), ldapUser.getFirstName(),

ldapUser.getMiddleName(), ldapUser.getLastName(),

ldapUser.getPrefixId(), ldapUser.getSuffixId(), ldapUser.isMale(),

birthdayMonth, birthdayDay, birthdayYear, ldapUser.getSmsSn(),

ldapUser.getAimSn(), ldapUser.getFacebookSn(), ldapUser.getIcqSn(),

ldapUser.getJabberSn(), ldapUser.getMsnSn(),

ldapUser.getMySpaceSn(), ldapUser.getSkypeSn(),

ldapUser.getTwitterSn(), ldapUser.getYmSn(), ldapUser.getJobTitle(),

ldapUser.getGroupIds(), ldapUser.getOrganizationIds(),

ldapUser.getRoleIds(), ldapUser.getUserGroupRoles(),

ldapUser.getUserGroupIds(), ldapUser.getServiceContext())
 

Users are strongly discouraged from modifying the Java classes and methods.

Resolution

  1. In portal.properties, users can see which available attributes are listed within portal.properties: 
    Set the user attributes that are controlled from the portal. When adding
	# or updating a user from LDAP, these attributes will be skipped.
	#
	ldap.user.ignore.attributes=
	#ldap.user.ignore.attributes=aimSn,comments,facebookId,facebookSn,greeting,icqSn,jabberSn,jobTitle,languageId,msnSn,mySpaceSn,openId,prefixId,reminderQueryAnswer,reminderQueryQuestion,skypeSn,smsSn,suffixId,timeZoneId,twitterSn,ymSn
  2. Copy the property ldap.user.ignore.attributes= and copy it to the portal-ext.properties.
  3. Add the properties to be ignored: e.g. ldap.user.ignore.attributes=contact.EmailAddress
  4. Save the file.
  5. Start the Portal. During the next LDAP import, the LDAP process will ignore those attributes defined in the portal-ext.properties.
Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?