Connecting to LDAP

Connecting to LDAP

You can configure an LDAP server at the system level or instance level. If you are on LXC-SM or self-hosted, you can choose the configuration scope based on your needs. Note, when configuring at the system scope, you must specify each instance ID. If you’re on LXC, you must configure LDAP at the instance scope. See Connecting to an LDAP Directory.

Delectable Bonsai must import user data from a company they just acquired.

Start and Populate an LDAP Directory

  1. Start a new OpenLDAP container.

    docker run \
    	   --env LDAP_ORGANISATION="Almighty Syrup" \
    	   --env LDAP_DOMAIN="" \
    	   --env LDAP_BASE_DN="dc=almightysyrup,dc=com" \
    	   --name almightysyrupldap \
    	   -p 389:389 \
    	   -p 636:636 \
  2. Find the IP address of the almightysyrupldap container. This will be used in the configuration step below.

    docker network inspect bridge
  3. Generate an LDIF file to seed LDAP with a user and a user group.

    cat <<EOT >> sarah.ldif
    dn: cn=sarah,dc=almightysyrup,dc=com
    objectClass: inetOrgPerson
    objectClass: organizationalPerson
    objectClass: person
    objectClass: top
    cn: Sarah
    sn: Stanley
    givenName: Sarah
    mail: [email protected]
    title: IT Staff
    userPassword: learn
    cn: almightysyrup
    dn: cn=almightysyrup,dc=almightysyrup,dc=com
    objectClass: groupOfUniqueNames
    objectClass: top
    uniqueMember: cn=sarah,dc=almightysyrup,dc=com
  4. In your shell, navigate to the same folder as the LDIF file. Copy the file into the container.

    docker cp sarah.ldif almightysyrupldap:/container/service/slapd/assets/test
  5. Add the entry into the OpenLDAP server.

    docker exec almightysyrupldap ldapadd -x -D "cn=admin,dc=almightysyrup,dc=com" -w admin -f /container/service/slapd/assets/test/sarah.ldif -H ldap://localhost

Connect Liferay to the LDAP Directory

  1. Navigate to Global Menu (Global Menu) → Control PanelInstance Settings.

  2. Under security, click LDAP.

  3. In the left navigation, click Servers.

  4. Click Add.

  5. In the new page, enter the LDAP connection information.

    • Server Name: Almighty Syrup
    • Base Provider URL: ldap://[IP address]:389
    • Base DN: dc=almightysyrup,dc=com
    • Principal: cn=admin,dc=almightysyrup,dc=com
    • Credentials: admin

    Enter the connection information.

    Click Test LDAP Connection. A popup window shows that Liferay has connected successfully to the LDAP server. Click the X and close the window.

  6. In the LDAP user information section, map your LDAP fields to the appropriate Liferay fields. Type uid into the UUID field to map Liferay’s UUID field to LDAP’s uid field. This is necessary to export data to LDAP. Click Test LDAP Users to preview the mapping of user fields.

    Enter the user fields information.

  7. In the LDAP groups section, enter Almighty Syrup into the Description field. Click Test LDAP Groups to verify that the almightysyrup user group is visible.

  8. Click Save.

Delectable Bonsai’s Liferay instance is now connected to Almighty Syrup’s LDAP directory.

Next: Importing and Exporting users.

Relevant Concepts