Uploaded image for project: 'PUBLIC - Liferay Documentation'
  1. PUBLIC - Liferay Documentation
  2. LRDOCS-2138

Usage of LDAP setting ldap.import.group.search.filter.enabled needs to be well defined


    • Type: New Article
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: None
    • Labels:


      Currently, the proper usage of LDAP setting ldap.import.group.search.filter.enabled is not well-defined and the only documentation that I've found (portal.properties) is actually a little misleading for when the setting is set to false:

          # If set to true, the group filter will be applied, but only to groups in
          # the specified base DN. If set to false, the filter will not be applied and
          # all groups that are associated with the imported users will be imported
          # regardless of the base DN.

      It states that "all groups that are associated with the imported users will be imported regardless of the base DN" but this is only true if you've satisfied a few preconditions:

      1. Users in LDAP need to have attributes defined for the groups they are members of (e.g. "memberOf" for certain LDAP implementations with the group's DN as the value).
      2. A mapping for "Group" to said attribute must be defined in LDAP Server Settings.

      Basically, all groups will be imported if and only if your LDAP users are set up to maintain their group memberships and you've set up the proper mapping in your LDAP Server Settings. Adding these expectations to the documentation should remedy any confusion and prevent future bug reports related to the setting.

      Note that when set to true, it behaves as you would expect after reading the documentation so that part is fine.

      Let me know if further clarification is needed.




            • Votes:
              0 Vote for this issue
              0 Start watching this issue


              • Created:

                Zendesk Support


                  Version Package