Featured post

Docker setup for Liferay 7 with MySQL

Tuesday, 15 May 2012

Liferay authentication fails for screen name authentication when "mail" attribute is not set in LDAP (AD)

Context : 
1) A valid user in Active Directory exists
2) The "mail" entry is missing in the Active Directory for the user
3) The authentication is set by Screen Name

When tries to login, the authentication fails. This issue is not occurring in other applications using Active Directory

Question :
If it is intended behavior for authentication to fail if email is not configured in LDAP. Is this correct?  If so,

Answer :
Here is a response to that question.  It is not a bug.  In order for a user to be authenticated in the
Liferay Portal, five pieces of user data are needed.  Without these, user authentication will fail.

They are:

1.  Screen name
2.  First name
3.  Last name
4.  Email
5.  Password

Problem :
In My Company all the accounts do not have “mail” attribute set in LDAP. None of the other application has any issue with this. These application can authenticate for all the users. If this is a requirement from liferay that all the users should have their “mail” set in LDAP, that would be a major task.

If the validation is through screen-name. So mail should not be mandatory.

Resolution :
 So in this case, you need to set:

      users.email.address.required=true to "false."
        # Set this to false if you want to be able to create users without an email
        # address. An email address will be automatically assigned to a user based
        # on the property "users.email.address.auto.suffix".

Also, notice this following property from portal.properties.

You can set the suffix of the email address that you desire to be generated for a user who does not have an email address.  This can only be used if the previous property  is set to false.
        # Set the suffix of the email address that will be automatically generated
        # for a user that does not have an email address. This property is not used
        # unless the property "users.email.address.required" is set to false. The
        # autogenerated email address will be the user id plus the specified suffix.


You are just done, Try & Enjoy the function.............:))


  1. Thanks for these informations...but I can't find the portal.porperties file...
    Can you tell where can I find it ? or did I need to create it ?

    Thanks & Regards

    1. Hi Jlassi,

      You can find portal.properties in ROOT/WEB-INF/classes.
      But it's not advisable to change this file directly.

      Create a new file named portal-ext.properties besides your tomcat folder and then made change in it.


  2. The website is looking bit flashy and it catches the visitors eyes. Design is pretty simple and a good user friendly interface. flatbed screen printing machine

  3. You completed certain reliable points there. I did a search on the subject and found nearly all persons will agree with your blog. t-shirt prints

  4. Yes i am totally agreed with this article and i just want say that this article is very nice and very informative article.I will make sure to be reading your blog more. You made a good point but I can't help but wonder, what about the other side? !!!!!!Thanks names of shops

  5. This forward leap and effectively versatile screen printing method permits you to communicate your unusual side. ONCETECH