Uploaded image for project: 'PUBLIC - Liferay Documentation'
  1. PUBLIC - Liferay Documentation
  2. LRDOCS-8132

(DevOps?) Clarify that LDAP Require still allows Liferay Admins to login

    Details

    • Type of Documentation:
      User

      Description

      According to https://help.liferay.com/hc/en-us/articles/360029031791-Configuring-LDAP#general, the LDAP Required check box is described as:

      Required: Check this box if LDAP authentication is required. Users can't log in unless they can bind to the LDAP directory successfully. Uncheck this box if users with Liferay DXP accounts but no LDAP accounts can log in.

      This implies that only LDAP users can login to Liferay. However, Liferay intentionally allows non-LDAP users with the Administrator role to bypass this requirement, leading to some confusion.
      Here is the code that allows this:
      https://github.com/liferay/liferay-portal/blob/master/modules/apps/portal-security/portal-security-ldap-impl/src/main/java/com/liferay/portal/security/ldap/internal/authenticator/LDAPAuth.java#L549-L550

      https://github.com/liferay/liferay-portal/blob/master/modules/apps/portal-security/portal-security-ldap-impl/src/main/java/com/liferay/portal/security/ldap/internal/authenticator/LDAPAuth.java#L635-L636

      To avoid confusion, update this part of the documentation that makes exception for LR Admin users to bypass this requirement.

        Attachments

          Activity

            People

            Assignee:
            russell.bohl Russell Bohl
            Reporter:
            christopher.lui Christopher Lui
            Participants of an Issue:
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:

                Zendesk Support

                  Packages

                  Version Package
                  7.2.x
                  7.3.x
                  master