I have been struggling with getting Liferay to play nicely with our OpenLDAP server for the past two days.
I finally was able to figure out my mistake this afternoon.
Liferay expects ‘user’ entries (objectClass = inetOrgPerson, in my case) to be in the following format:
objectClass = inetOrgPerson
objectClass = organizationalPerson
objectClass = person
objectClass = top
cn = beardy@liferay.com
sn = Beard
givenName = Doctor
mail = beardy@liferay.com
title = Hirsute Physician
userPassword = <whatever encryption you use>
After much struggling and cursing, I found that my trouble was with the
cn=beardy@liferay.com
. An email address is not allowed in this field.
Once I changed the cn to ‘beardy’, I was able to login to my Liferay portal using LDAP authentication, the user was imported to the Liferay database, blah blah blah. Everything works great now.
Probably a simple fix for an experienced LDAP administrator, but for a n00b like me, it was an infuriating minor detail that made all the difference in my portal working versus not working.
…I’ve got to find a way to add code to my blog.
UPDATE (06.28.2012) – I’ve found a decent enough way to do it.