Liferay provides an easy way to integrate with LDAP. Using its control panel you can enable LDAP and also add the LDAP server.
There is pretty good documentation around that. Please refer to this wiki link http://goo.gl/7dqgj9
The two things I wanted to discuss in this post are regarding the usage of the following properties
ldap.import.lock.expiration.time and ldap.import.interval
Both these properties can be specified in the portal-ext.properties file.
But the confusion I had was what's the difference between these two.
I started looking at the Liferay Portal 6.2 source code and wanted to share my findings.
Please feel free to post a comment if you differ on these or have any questions.
Here is the sequence of LDAP Import process when you enable it in the control panel and if you enable the import option.
Firstly LDAPImportMessageListener class gets called.
This is defined as a listener class in liferay-portlet.xml file. And this gets called as per the time interval defined
using the property - ldap.import.interval
Now here is what this class does
It checks startup is enabled. If yes it does importOnStartup else it calls the PortalLDAPImporterUtil class
importFromLDAP() method
Next this method importFromLDAP() in turn runs the same logic for each company id which means for each site you have
defined in Liferay.
Logic is for each Site call importFromLDAP(companyId) method
Now Lets see what this method does
Step 1
Check if (not isImportEnabled for this site) { return; }
else
check the Lock_ table for this Site and User. If its there return.
Else get the userid and the put an entry in the Lock_ table.
Here the setting defined using ldap.import.lock.expiration.time comes into picture.
By default its
ldap.import.lock.expiration.time=86400000
Next its does the import operation for that site.
Now comes the important part, what's the best way to use these two.
It can depend on how frequently you want to update information from your LDAP and if you want to
enable the import option in the first place. As you can see there is an overhead involved in using this option.
You can use the default option which ensures that import is done if LDAP Auth is enabled when the user tries to log in.
ldap.import.interval is 10 mins by default. And ldap.import.lock.expiration.time is 1 day by default.
I think if you are using this option then it might be a good idea to set ldap.import.interval to 1 day.
There is pretty good documentation around that. Please refer to this wiki link http://goo.gl/7dqgj9
The two things I wanted to discuss in this post are regarding the usage of the following properties
ldap.import.lock.expiration.time and ldap.import.interval
Both these properties can be specified in the portal-ext.properties file.
But the confusion I had was what's the difference between these two.
I started looking at the Liferay Portal 6.2 source code and wanted to share my findings.
Please feel free to post a comment if you differ on these or have any questions.
Here is the sequence of LDAP Import process when you enable it in the control panel and if you enable the import option.
Firstly LDAPImportMessageListener class gets called.
This is defined as a listener class in liferay-portlet.xml file. And this gets called as per the time interval defined
using the property - ldap.import.interval
Now here is what this class does
It checks startup is enabled. If yes it does importOnStartup else it calls the PortalLDAPImporterUtil class
importFromLDAP() method
Next this method importFromLDAP() in turn runs the same logic for each company id which means for each site you have
defined in Liferay.
Logic is for each Site call importFromLDAP(companyId) method
Now Lets see what this method does
Step 1
Check if (not isImportEnabled for this site) { return; }
else
check the Lock_ table for this Site and User. If its there return.
Else get the userid and the put an entry in the Lock_ table.
Here the setting defined using ldap.import.lock.expiration.time comes into picture.
By default its
ldap.import.lock.expiration.time=86400000
Next its does the import operation for that site.
Now comes the important part, what's the best way to use these two.
It can depend on how frequently you want to update information from your LDAP and if you want to
enable the import option in the first place. As you can see there is an overhead involved in using this option.
You can use the default option which ensures that import is done if LDAP Auth is enabled when the user tries to log in.
ldap.import.interval is 10 mins by default. And ldap.import.lock.expiration.time is 1 day by default.
I think if you are using this option then it might be a good idea to set ldap.import.interval to 1 day.
Hi Ankur,
ReplyDeleteI think companyID belong to portal instance not the Site.
LDAP works based on portal instance(companyID).
Thanks:
Ankit