For those who don't know, Liferay It is a content management portal of open source written in JavaIt was created in 2000, initially as a solution for non-profit organizations. Today, Liferay has over 60,000 downloads per month.

Its most outstanding features are:

• It runs on most application servers and containers. servletsdatabases and operating systems, with more than 700 possible combinations.
• Compatible with JSR-286
• Out-of-the-box availability of more than 60 pre-built Portlets.
• Built within the Content Management System (CMS) and Collaborative Suite.
• Customized pages for all users.
• Benchmarked as one of the secure portals using LogicLibrary’s Logiscan suite.

In this tutorial we'll see how we can configure our Liferay server with an authentication system SSO (in this case we will use) CAS) and in turn the authentication will be performed against a LDAP.

First, we will start by configuring our Liferay server to authenticate against an LDAP.

Another option Liferay provides is the ability to import users from the LDAP server to the Liferay server when configuring an LDAP server with Liferay. Why? This is very useful so that when users log in, the portal automatically obtains the permissions granted to them there, which may differ from those they have in LDAP.

NOTE: Since we are conducting the tests in a Windows environment, we will be working with OpenLDAP for Windows.

Once we have OpenLDAP and the Liferay server installed on our machine, we go to the control panel of our Liferay server.

In the control panel, go to the Portal section (in the left-hand menu) and select the Settings option. Now, in the right-hand menu, select the Authentication option.

On the screen we are viewing, at the top we must select the LDAP option, where we will configure everything.

First, we will configure the connection to the authentication server. To do this, we will click on the add button, which will display a screen like the following:

2. Once the connection is set up, we will configure the user data:

Once configured, we can test it by clicking on the “Test LDAP user configuration” button, and if everything is configured correctly, a screen with the LDAP users should appear like the following:

3. After configuring the users, our next step is to configure the group data:

Similarly, we can test the configuration by clicking on the "Test LDAP group configuration" button, and a screen like the following will appear if everything is configured correctly.

Once we have everything configured, we go back one step, and check the enabled box (as we can see in the following image), and additionally we check the enable import box so that the LDAP server users are imported into our Liferay.

From this point forward, existing LDAP users will be able to authenticate with Liferay. Liferay will import the data and groups from LDAP.

Finally, we will stop our Liferay server and edit our “portal-ext.properties” file located in:

../Servidor Liferay/TomcatX/webapps/ROOT/WEB-INF/clases/portal-ext.properties.

For users who do not have an email address in LDAP, since this is one of the mandatory parameters for user registration in Liferay, we will insert the following two lines:

1. users.email.address.required=false
2. users.email.address.auto.suffix=@no-emailaddress.com

These two lines will assign the string “id_de_usuario@no-emailaddress.com” to users who do not have an email address.

We also added the following lines:

1.ldap.import.interval=2

2.ldap.import.method=group

3.ldap.import.create.role.per.group=true

Line 1 determines that it synchronizes with LDAP every 2 minutes, line 2 imports only the users that are assigned to a group in LDAP, and line 3, when it creates a new group, also creates a role with the same name.

Important: The username and email address can be identification fields in Liferay, which are obtained from LDAP and are in principle modifiable by the user, which can cause problems.

For example, a single LDAP user who changes their username in Liferay could revert to the original username, creating a duplicate user with two different names. To prevent this, these lines should be added to the file.portal-ext.properties‘:

1.field.editable.com.liferay.portal.model.User.screenName=administrator,user-with-mx,user-without-mx

2.field.editable.com.liferay.portal.model.User.emailAddress=administrator,user-with-mx,user-without-mx

One of Liferay's great strengths is its versatility when it comes to integrating with external systems, as has been shown in this article; by following a few simple steps, an integration with LDAP can be performed.

SOLTEL IT SOFTWARE's commitment to Liferay dates back to 2007 and it is currently one of the established technologies in our technology stack.