Connecting to LDAP

Documentation Menu
Go Back

Connecting to LDAP

You can configure an LDAP server at the system level or instance level. If you are on LXC-SM or self-hosted, you can choose the configuration scope based on your needs. Note, when configuring at the system scope, you must specify each instance ID. If you’re on LXC, you must configure LDAP at the instance scope. See Connecting to an LDAP Directory.

Delectable Bonsai must import user data from a company they just acquired.

Start and Populate an LDAP Directory

  1. Start a new OpenLDAP container.

    docker run \
	   --env LDAP_ORGANISATION="Almighty Syrup" \
	   --env LDAP_DOMAIN="almightysyrup.com" \
	   --env LDAP_BASE_DN="dc=almightysyrup,dc=com" \
	   --name almightysyrupldap \
	   -p 389:389 \
	   -p 636:636 \
	   osixia/openldap:1.5.0

  2. Find the IP address of the almightysyrupldap container. This will be used in the configuration step below.

    docker network inspect bridge

  3. Generate an LDIF file to seed LDAP with a user and a user group.

    cat <<EOT >> sarah.ldif
dn: cn=sarah,dc=almightysyrup,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Sarah
sn: Stanley
givenName: Sarah
mail: [email protected]
title: IT Staff
userPassword: learn

cn: almightysyrup
dn: cn=almightysyrup,dc=almightysyrup,dc=com
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: cn=sarah,dc=almightysyrup,dc=com
EOT

  4. In your shell, navigate to the same folder as the LDIF file. Copy the file into the container.

    docker cp sarah.ldif almightysyrupldap:/container/service/slapd/assets/test

  5. Add the entry into the OpenLDAP server.

    docker exec almightysyrupldap ldapadd -x -D "cn=admin,dc=almightysyrup,dc=com" -w admin -f /container/service/slapd/assets/test/sarah.ldif -H ldap://localhost

Connect Liferay to the LDAP Directory

  1. Navigate to Global Menu (Global Menu) → Control PanelInstance Settings.

  2. Under security, click LDAP.

  3. In the left navigation, click Servers.

  4. Click Add.

  5. In the new page, enter the LDAP connection information.

    • Server Name: Almighty Syrup
    • Base Provider URL: ldap://[IP address]:389
    • Base DN: dc=almightysyrup,dc=com
    • Principal: cn=admin,dc=almightysyrup,dc=com
    • Credentials: admin

    Enter the connection information.

    Click Test LDAP Connection. A popup window shows that Liferay has connected successfully to the LDAP server. Click the X and close the window.

  6. In the LDAP user information section, map your LDAP fields to the appropriate Liferay fields. Type uid into the UUID field to map Liferay’s UUID field to LDAP’s uid field. This is necessary to export data to LDAP. Click Test LDAP Users to preview the mapping of user fields.

    Enter the user fields information.

  7. In the LDAP groups section, enter Almighty Syrup into the Description field. Click Test LDAP Groups to verify that the almightysyrup user group is visible.

  8. Click Save.

Delectable Bonsai’s Liferay instance is now connected to Almighty Syrup’s LDAP directory.

Next: Importing and Exporting users.

Relevant Concepts

Not finding what you're looking for?

Pardon our dust as we revamp and transition our product documentation to this site. If something seems missing, please check Liferay Help Center documentation for Liferay DXP 7.2 and previous versions.

Try Liferay's Help Center