Skip to main content
12 Mar 2014

Authority and authorization is always a challenging problem for all Enterprise Systems. Most of the system is managing their authorities in LDAP (e.g. Microsoft AD, OpenLDAP) and Authorization is managed at different application level.

Many enterprise portal systems are migrated into Liferay Enterprise Portal which gives a very good support for LDAP Migration. It also gives them freedom to manage authentication and authorization at central place without affecting their traditional way of managing authority in LDAP. They do not require leaving their traditional way of managing users in LDAP, as many of their Legacy systems are dependent on it.

For one of the enterprise client, we have developed a custom mechanism which allows keeping Liferay and LDAP in sync all the time. Considering custom need and business flow, Liferay mechanism has been extended for following features.

  1. Automatic User Sync between Liferay and LDAP (using internal Export/Import process) - Every user created in any of the system, Liferay or LDAP, will automatically by synced with other system. This will give them freedom for managing users from Liferay along with their authorizations. Not only that, it gives them a way of traditionally managing users in LDAP.
  2. Bulk User Creation in Liferay using custom table schema – What if they need to create a bulk of users? One should populate users in this table and Liferay will pick information from this table and create users.

In the entire syncing process, we have also covered following aspects from LDAP and business needs.

  • Syncing Password Policy between Liferay and LDAP
  • Forcing users to change password for the first time login for any LDAP connected Systems
  • Customized Screen Name Generation process as per business need
  • Default Role/Group allocation to newly created users
  • Email Notification to specific group for user creation

This entire process runs as a background process using configurable time slots. It also runs once during login for a USER whenever any information has changed in Liferay.