LDAP cn trouble with Liferay

I have been struggling with getting Liferay to play nicely with our OpenLDAP server for the past two days.

I finally was able to figure out my mistake this afternoon.

Liferay expects ‘user’ entries (objectClass = inetOrgPerson, in my case) to be in the following format:

objectClass = inetOrgPerson

objectClass = organizationalPerson

objectClass = person

objectClass = top

cn =

sn = Beard

givenName = Doctor

mail =

title = Hirsute Physician

userPassword = <whatever encryption you use>

After much struggling and cursing, I found that my trouble was with the An email address is not allowed in this field.

Once I changed the cn to ‘beardy’, I was able to login to my Liferay portal using LDAP authentication, the user was imported to the Liferay database, blah blah blah. Everything works great now.

Probably a simple fix for an experienced LDAP administrator, but for a n00b like me, it was an infuriating minor detail that made all the difference in my portal working versus not working.

…I’ve got to find a way to add code to my blog.


UPDATE (06.28.2012) – I’ve found a decent enough way to do it.