In some environments it may be desirable to import a user's contact information from an LDAP server. This article explains how to import custom mappings as well as contact mappings from a Microsoft Active Directory LDAP server using the following properties:
**In this article, the properties which end with .0 indicate that they are set for the LDAP server called 0. You can set up several LDAP servers in the
portal-ext, and this part indicates which server the properties belong to.
Please note that in order to use this functionality, the portal must connect to LDAP via the portal-ext.properties file. Once the connection is made through the Control Panel GUI, the connection values are written to the database which overrides the portal-ext in precedence.
Before starting the Liferay Instance with LDAP:
- Include the following LDAP properties in the portal-ext.properties file:
(Note that the connection mappings might be different for each setup.)
ldap.auth.enabled=true ldap.import.enabled=true ldap.import.on.startup=false ldap.base.provider.url.0=ldap://LDAP_IP_ADDRESS:389 ldap.base.dn.0=dc=windows2008r2,dc=ntlm ldap.security.principal.0=cn=Administrator,cn=Users,dc=windows2008r2,dc=ntlm ldap.security.credentials.0=liferay ldap.auth.search.filter.0=(sAMAccountName=@screen_name@) ldap.import.user.search.filter.0=(objectClass=person) ldap.user.mappings.0=screenName=sAMAccountName\npassword=userPassword\nemailAddress=mail\nfullName=cn\nmiddleName=middleName\nfirstName=givenName\nlastName=sn\ngroup=memberOf ldap.import.group.search.filter.0=(objectClass=group) ldap.group.mappings.0=groupName=cn\ndescription=sAMAccountName\nuser=member ldap.contact.custom.mappings.0=ldap.contact.mappings.0=skypeSn=employeeTypeldap.user.custom.mappings.0=Telephone=telephoneNumber
The two properties in bold are pointing to the contact and custom field mappings.
- Start the portal and log in as the admin user
- Go to Control Panel > Authentication > LDAP. Check the Enabled check box and click save.
- In the Control Panel > Authentication page, set the drop down menu to allow users to authenticate by screen name.
- Navigate to the LDAP server.
- Open the directory in a LDAP text editor.
- Create a user named
TEST_USER. Be sure to give the user all the appropriate information to allow him to be imported:
First Name, Last Name, Password, Email Address, Screen Name
- Open the user's properties and find the field called 'employeeType.' Click edit and set the value to 'Joe Bloggs.' Click Save.
- Now, scroll down to the 'telephoneNumber' field. Edit this field and set the value to '5555555555.'
- In the Liferay Portal, go to Control Panel > Custom Fields > User > Add New Field. Fill in the name Telephone and make sure Text Box is selected in the drop-down menu.
- Click the new field. Adjust the height to 100 and the width to 200 so that the test box will be visible. Click Save.
- Now sign out as the admin user and sign in as
TEST_USERwith the password. The user will be imported. Once he is fully signed in, sign out.
- Sign back in as the admin user and go to Control Panel > Users and Organizations. Click on
- Go to the Custom Field tab in the right hand menu towards the bottom. Verify that the telephone number has been imported.
- Now, in the right had menu towards the middle, go to the Instant Messenger tab. 'Joe Bloggs' appears in the Skype field.
For a list of contact attributes to use, see
Note: While this article used the
ldap.contact.mappings.0=skypeSn=employeeType, any LDAP mapping that is empty could be used in place of 'employeeType.'