Liferay LDAP integration and configuration Manual

Liferay LDAP Configuration Manual

  1. Goto LDAP settings from Control Panel->Portal Settings. Under Configuration, click Authentication->LDAP.

  2. To enable LDAP, check "Enable", simple enough.

  3. Under Import/Export, check "Import Enabled". When checked, Liferay will periodically synchronize with LDAP. The interval Liferay does this can be changed in your

  4. "Import on Startup Enabled" should be self-explanatory. Check it.

  5. We'll leave "Export Enabled" unchecked. As we are not going to export our data to Directory Server as of now.

  6. Now then, click "Add" to add your LDAP Server.

Type in the name of your LDAP Server at the top. We will notice that there is a radio button list of default choices (Optional).

  1. Now create Connection with LDAP by filling up following values

A) Base Provider URL: The LDAP Base Provider URL format is ldap: //host: port.

For example ldap://

B) Base DN: The Base DN specifies the initial search context for users and is

optional. For example dc=ktree,dc=org where dc is domain component of the


C) Principal: It is User Principal Name. These are generally in the format of

<sAMAccountName>@<UPN Suffix>. Example cn=Manager,dc=ktree,dc=org

d) Credentials: Fill up the correct credential for LDAP Server to which Liferay is

going to connect with.

NOTE: CHECK THE CONNECTION If all are correct Liferay will prompt a message "Liferay has successfully connected to the LDAP server.

  1. Now fill up the USER Fields

  2. Authentication Search Filter : Enter the search filter that will be used to test the validity of a user. The tokens @company_id@, @email_address@, @screen_name@, and @user_id@ are replaced at runtime with the correct values.


For example : (mail=@screen_name@).

  1. Import Search Filter : Used for checking filter while importing data on LDAP.

If we don't want to apply import search filter when we import user then simple fill this it is as (objectClass=person).

Now fill up the following attribute in order to import data on LDAP

  1. Screen Name : cn (common name or canonical name)

  2. Password : usePassword (users password)

  3. Email Address : mail

  4. Full Name : cn (ldap-full-name-attribute-help)

  5. First Name : cn (ldap-full-name-attribute-help)

  6. Middle Name : (leave it)

  7. Last Name : sn (sir name)

  8. Job Title : (leave it)

  9. Portrait : (leave it)

  10. Group : ou (organization unit)

  11. UUID : uidNumber / uid (universal id)

Note: Click Check LDAP Users button. If everything is fine it will pop a list of users

Leave the other fields as it is and click save button in order to use this LDAP configuration.