Blogs

Introduction

     I'm using my very first entry to explain NTLM integration with Liferay 5.2. While trying to figure this out, I noticed that there was a lack of public information on the actual process to do so with an "Out of the Box" configuration. Because I have literally no developing experience, my explination will be as simple as it can get. So I hope this helps many of those unanswered message board posts. While researching the process, I read into this article that included information on NTLM integration with Apache DS.
http://www.liferay.com/community/wiki/-/wiki/Main/Integration+with+NTLM+plus+ADS

Resources

• Windows Server 2003
• Windows XP SP3
• Liferay 5.2 - MySQL / Tomcat 6.0

Procedure

1. Begin by locating your web.xml in the following directory:
   Bundle> tomcat-6.0.18> webapps> ROOT> WEB-INF> web.xml
2. Locate [SSO Ntlm Filter] and make sure the highlighted snippet matches:
   Note: The bolded part is whats added to that section
   
   
       <filter>
           <filter-name>SSO Ntlm Filter</filter-name>
           <filter-class>com.liferay.portal.servlet.filters.sso.ntlm.NtlmFilter</filter-class>
             <init-param>
      <param-name>jcifs.smb.client.soTimeout</param-name>
      <param-value>2000</param-value>
     </init-param>
       </filter>
3. Start up your tomcat
4. Go to the Windows Server 2003 Machine. I have mine on a VM on another machine
5. Navigate to:
   Control Panel> Administrative Tools> Active Directory users and Computers
6. Right clicks the Users folder and go to New> InetOrgPerson
7. Add a user with a password and verify that the system adds the user correctly.
    
8. That should be all the setup you need on a default Windows Server 2003 system.
9. Now that your tomcat is started log in and navigate to:
   Control Panel> Settings> Authentication> LDAP
10. Enable LDAP, select Required and select User LDAP Password Policy.
11. Save your settings
12. Add an LDAP Server
13. Select Microsoft Active Directory Server and clicks Reset
14. Under Base Provider URL enter the IP of the machine with Windows Server 2003
    ldap://ipgoeshere:389
15. Base DN should be:
    cn=Users,dc=windows2003,dc=ntlm
16. Principal should be:
    cn=Administrator,cn=Users,dc=windows2003,dc=ntlm
17. Under credentials, enter the password to the machine with Windows Server 2003
18. Below is a screen of the settings I have
    
19. Hit test LDAP Connection and you should see a confirmation
20. Under users, you should only have to set the Authentication Search Filter and the Import Search Filter:
    Authentication Search Filter:
    (&(sAMAccountName=@screen_name@)(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))
    Import Search Filter:
    (&(objectClass=inetOrgPerson)(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))
21. Make sure it looks something like this:
    
22. Save your settings and navigate to:
    Control Panel> Settings> Authentication
23. While under the General tab change the authentication type to by Screen Name and save your settings
24. Log out and log back in as the user you added under Windows Server 2003
25. Log back in as your admin user and navigate to:
    Control Panel> Settings> Authentication> NTLM
26. Enable it and enter the IP address of the Windows Server 2003 machine under Domain Controller
27. Under Domain enter:
    windows2003
28. Save your settings and log out
29. Clear your browser cache and open up your Liferay instance
30. Click Sign In at the top right navigation bar and a log in box should show up:
     
31. Enter the screen name of your newly added user and the password
32. Hit OK and it should log in completely
33. Scott Palmer added an important comment below which should be set if you want to change your landing page to the correct log in. Thanks again Scott:
    
    "-Set the default landing page as the page you want users to see once logged in (say /web/guest/home or /group/guest/PAGENAME) you can do this in portal-ext.properties or in the control panel under portal settings.
    -Set the home URL of your site to point to /c/portal/login (company.default.home.url=/c/portal/login) in portal-ext.properties.
    
    This redirects users to /c/portal/login when they visit the site and if NTLM is working properly this will log them in and redirect them straight into the landing page without any interaction from the user. This is what I expected it would do in the first place but it required a bit of messing around."