Adding an LDAP server

On the LDAP tab for authentication settings, the LDAP Servers section lists the LDAP servers configured for this instance.

To add and configure your LDAP server:

  1. Under LDAP Servers, to add a new server to the list, click the Add button.
  2. In the Server Name field, type the name of the LDAP server.
  3. To populate the rest of the fields with default values based on a specific type of server:
    1. Under Default Values, click the radio button for the type of server you are using.
    2. Click Reset Values.
  4. The Connection settings cover the basic connection to LDAP:
    Base Provider URL: The location of your LDAP server.

    Make sure that the machine on which Liferay is installed can communicate with the LDAP server.

    If there is a firewall between the two systems, make sure that the appropriate ports are opened.

    Base DN: The Base Distinguished Name for your LDAP directory.
    For a commercial organization, it may look something like: 
    dc=companynamehere,dc=com
    Principal: The user name of the administrator account for your LDAP system.

    This ID is used to synchronize user accounts to and from LDAP.

    Credentials: The password for the administrative user.

    After providing the connection information, to test the connection to the LDAP server, click the Test LDAP Connection button.

  5. The Users section contains settings for finding users in your LDAP directory.
    Authentication Search Filter: Determines the search criteria for user logins.

    By default, users log in using their email address. If you have changed this setting, you must to modify the search filter here.

    For example, if you changed the authentication method to use the screen name, you would modify the search filter so that it can match the entered login name: 
    (cn=@screen_name@)
    Import Search Filter: Depending on the LDAP server, there are different ways to identify the user.

    The default setting (objectClass=inetOrgPerson) usually is fine, but to search for only a subset of users or for users that have different object classes, you can change this.

  6. Under User Mapping, map your LDAP attributes to the Latitude Studio user fields:
    You can map the following attributes:
    • Screen Name
    • Password
    • Email Address
    • Full Name
    • First Name
    • Middle Name
    • Last Name
    • Job Title
    • Group

    After setting up the attribute mappings, to test the mappings, click Test LDAP Users.

  7. Under Groups, map your LDAP groups.
    In the Import Search Filter field, type the filter for finding LDAP groups, then map the following fields:
    • Group Name
    • Description
    • User

    To test the group mappings, click Test LDAP Groups. The system displays a list of the groups returned by your search filter.

  8. To save the LDAP server, click Save.