Friday, 6 June 2014

Understanding some properties related to Liferay LDAP Import process

Liferay provides an easy way to integrate with LDAP. Using its control panel you can enable LDAP and also add the LDAP server.
There is pretty good documentation around that. Please refer to this wiki link

The two things I wanted to discuss in this post are regarding the usage of the following properties

ldap.import.lock.expiration.time and ldap.import.interval

Both these properties can be specified in the file.

But the confusion I had was what's the difference between these two.

I started looking at the Liferay Portal 6.2 source code and wanted to share my findings.

Please feel free to post a comment if you differ on these or have any questions.

Here is the sequence of LDAP Import process when you enable it in the control panel and if you enable the import option.

Firstly LDAPImportMessageListener class gets called.

This is defined as a listener class in liferay-portlet.xml file. And this gets called as per the time interval defined
using the property - ldap.import.interval

Now here is what this class does

It checks startup is enabled. If yes it does importOnStartup else it calls the PortalLDAPImporterUtil class
importFromLDAP() method

Next this method importFromLDAP() in turn runs the same logic for each company id which means for each site you have
defined in Liferay.

Logic is for each Site call importFromLDAP(companyId) method
Now Lets see what this method does

                Step 1
                Check if (not isImportEnabled for this site) { return; }
                check the Lock_ table for this Site and User. If its there return.
                Else get the userid and the put an entry in the Lock_ table.

                Here the setting defined using ldap.import.lock.expiration.time comes into picture.
                By default its

                Next its does the import operation for that site.
                Now comes the important part, what's the best way to use these two.

It can depend on how frequently you want to update information from your LDAP and if you want to
enable the import option in the first place. As you can see there is an overhead involved in using this option.

You can use the default option which ensures that import is done if LDAP Auth is enabled when the user tries to log in.
ldap.import.interval is 10 mins by default. And ldap.import.lock.expiration.time is 1 day by default.

I think if you are using this option then it might be a good idea to set ldap.import.interval to 1 day. 

1 comment:

  1. Hi Ankur,

    I think companyID belong to portal instance not the Site.

    LDAP works based on portal instance(companyID).