使用LDAP的Liferay [英] Liferay with LDAP
问题描述
我正在使用组织LDAP配置Liferay.
I am configuring Liferay with my organization LDAP.
1.在配置LDAP时,我将"ldap.security.principal"和"ldap.security.credentials"指定为我的用户ID和密码,以针对LDAP进行身份验证,并且测试连接成功.
1.While configuring LDAP, I specify "ldap.security.principal" and "ldap.security.credentials" as my user id and password to authenticate against LDAP and test connection succeeds.
这些强制属性是吗?与生产中一样,我将无法在portal-ext.properties中指定我自己的凭证.是否需要在LDAP中创建的单独用户来在portal-ext中指定用于生产?不幸的是,我无法控制将LDAP配置为其组织LDAP.
Are these mandatory attributes? As in production ,I will not be able to specify my own credentials in portal-ext.properties. Do I need separate user created in LDAP to specify in portal-ext for production? I unfortunately do not have control over configuring LDAP as its an org LDAP.
任何指针都会有所帮助.谢谢.
Any pointers would help. Thanks.
推荐答案
在几种情况下,您需要特权系统帐户才能访问LDAP数据库.
There are several use-cases where you need privileged system account for accessing the LDAP database.
您可以通过两种基本方法对LDAP进行身份验证:
There are two basic methods how you can authenticate against LDAP:
- 对LDAP进行BIND操作-您需要知道用户DN
- 进行密码属性比较-您需要知道用户DN ,带有密码的属性名称,属性值编码(例如,纯文本,哈希值...)
- Do a BIND operation against LDAP - you need to know the user DN
- Do a password attribute comparison - you need to know the user DN, name of attribute with the password, attribute value encoding (e.g. plaintext, hashed, ...)
对于这两种方法,您都需要知道目标用户的专有名称:
For both approaches you need to know the distinguished name of the target user:
- 您可以从凭据(例如
cn={screenName},ou=Users,o=MyOrg
)构建DN-Liferay AFAIK不支持该凭据; - 或者您需要执行LDAP SEARCH查找正确的用户DN ...,为此您需要具有系统帐户.
- Either you are able to construct the DN from credentials (e.g.
cn={screenName},ou=Users,o=MyOrg
) - which is not supported by Liferay AFAIK; - or you need to do LDAP SEARCH to find the right user DN... for that you need to have a system account.
在用户进行身份验证时,正确提取用户信息的另一项选择是Liferay还提供LDAP导入和导出功能.出于明显的原因,您需要具有特权系统帐户才能在LDAP中搜索用户和/或编写用户条目.
Next to pulling user information right when the user authenticates Liferay offers also LDAP import and export functionality. For obvious reasons you need to have a privileged system account to be able to search for users in LDAP and / or to write user entries.
属性ldap.security.principal
和ldap.security.credentials
是强制性的(也可以通过用户界面进行配置).为此,您将需要在LDAP中为Liferay拥有一个专用的系统帐户.
Properties ldap.security.principal
and ldap.security.credentials
are mandatory (they can be configured also via user interface). You will need to have a dedicated system account for Liferay in the LDAP for this.
这篇关于使用LDAP的Liferay的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!