Featured post

Docker setup for Liferay 7 with MySQL

Tuesday, 15 May 2012

Liferay authentication fails for screen name authentication when "mail" attribute is not set in LDAP (AD)



Context : 
1) A valid user in Active Directory exists
2) The "mail" entry is missing in the Active Directory for the user
3) The authentication is set by Screen Name

When tries to login, the authentication fails. This issue is not occurring in other applications using Active Directory

Question :
If it is intended behavior for authentication to fail if email is not configured in LDAP. Is this correct?  If so,

Answer :
Here is a response to that question.  It is not a bug.  In order for a user to be authenticated in the
Liferay Portal, five pieces of user data are needed.  Without these, user authentication will fail.

They are:

1.  Screen name
2.  First name
3.  Last name
4.  Email
5.  Password


Problem :
In My Company all the accounts do not have “mail” attribute set in LDAP. None of the other application has any issue with this. These application can authenticate for all the users. If this is a requirement from liferay that all the users should have their “mail” set in LDAP, that would be a major task.

If the validation is through screen-name. So mail should not be mandatory.

Resolution :
 So in this case, you need to set:

      users.email.address.required=true to "false."
 
    #
        # Set this to false if you want to be able to create users without an email
        # address. An email address will be automatically assigned to a user based
        # on the property "users.email.address.auto.suffix".
        #
        users.email.address.required=true

Also, notice this following property from portal.properties.

You can set the suffix of the email address that you desire to be generated for a user who does not have an email address.  This can only be used if the previous property  is set to false.
 
        #
        # Set the suffix of the email address that will be automatically generated
        # for a user that does not have an email address. This property is not used
        # unless the property "users.email.address.required" is set to false. The
        # autogenerated email address will be the user id plus the specified suffix.
        #

        users.email.address.auto.suffix=@no-emailaddress.com


You are just done, Try & Enjoy the function.............:))

2 comments:

  1. Thanks for these informations...but I can't find the portal.porperties file...
    Can you tell where can I find it ? or did I need to create it ?

    Thanks & Regards

    ReplyDelete
    Replies
    1. Hi Jlassi,

      You can find portal.properties in ROOT/WEB-INF/classes.
      But it's not advisable to change this file directly.

      Create a new file named portal-ext.properties besides your tomcat folder and then made change in it.

      Regards

      Delete