This website uses cookies to ensure you get the best experience. Learn More.
Amendment to LDAP in 7.0/DXP entry
The other day I posted a blog entry about LDAP settings in 7.0/DXP and how generating the hash values precludes the ability to have the files configured without having to go into the UI. You can read it here.
In discussion with other technical resources and through further testing, it is, in fact, possible to create the files without the need for a hash. Instead of the hash value, we replace it with the word "default" so the files look like this:
com.liferay.portal.security.ldap.authenticator.configuration.LDAPAuthConfiguration-default.config com.liferay.portal.security.ldap.configuration.LDAPServerConfiguration-default.config com.liferay.portal.security.ldap.exportimport.configuration.LDAPExportConfiguration-default.config com.liferay.portal.security.ldap.exportimport.configuration.LDAPImportConfiguration-default.config
Now since we're not generating those files, we need to know what to put in them, right? Here are the necessary contents. Values marked <LIKE-THIS> are values that need to be filled in at the very least, and these are only in the LDAPServerConfiguration file.
LDAPAuthConfiguration
companyId="0" enabled="true" passwordEncryptionAlgorithm="NONE" passwordPolicyEnabled="false" required="false" method="bind"
contactMappings="" groupSearchFilterEnabled="true" authSearchFilter="(&(objectCategory\=person)(mail\=@email_address@))" userIgnoreAttributes="" baseProviderURL="<LDAP-SERVER-HERE>" baseDN="<LDAP-BASE-DN>" securityPrincipal="<LDAP-PRINCIPAL>" serverName="<SERVER-NAME>" ldapServerId="0" userSearchFilter="<USER-SEARCH-FILTER>" groupMappings=["description\=description","groupName\=cn","user\=member"] groupDefaultObjectClasses=["top","group"] securityCredential="<LDAP-PRINCIPAL-PW>" userDefaultObjectClasses=["top","person","inetOrgPerson","organizationalPerson"] companyId="0" groupsDN="" userMappings=["emailAddress\=mail","firstName\=givenName","group\=memberOf","jobTitle\=title","lastName\=sn","password\=unicodePwd","screenName\=sAMAccountName"] groupSearchFilter="<USER-SEARCH-FILTER>" contactCustomMappings="" usersDN="" userCustomMappings=""
(Optional) LDAPExportConfiguration
companyId="0" exportEnabled="false" exportGroupEnabled="false"
importGroupCacheEnabled="true" importUserPasswordEnabled="false" importUserPasswordAutogenerated="true" importUserPasswordDefault="test" importCreateRolePerGroup="false" importOnStartup="false" importLockExpirationTime="86400000" companyId="0" importEnabled="false" importInterval="10" importUserSyncStrategy="auth-type" importMethod="user"