The Core Organization service implementation uses MD5 hashing for password encryption. Thus it is considered unsecure and will be removed in future.
eXo Platform currently uses PicketLink IDM implementation of Organization service. It is more flexible and supports many more use cases of LDAP integration than this so-called "legacy" implementation.
For PicketLink IDM configuration, refer to LDAP Integration chapter, Administrator guide.
Let's assume you have set up an OpenLDAP directoy, with the top DN is dc=example,dc=com
.
You will configure eXo Platform to store organization data (users, groups, memberships and membership types) in the directory.
Here is a quick instruction. The details, and more advanced configuration will be explained in later sections.
Required libraries
The use of LDAP requires two libraries that are not included in Platform package:
exo.core.component.ldap
exo.core.component.organization.ldap
You can search and download the libraries from https://repository.exoplatform.org.
Configuration
Remove unused PicketLink IDM configuration
PicketLink IDM is pre-configured, use remove-configuration tag to unload it.
<configuration xmlns="http://www.exoplatform.org/xml/ns/kernel_1_2.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.exoplatform.org/xml/ns/kernel_1_2.xsd http://www.exoplatform.org/xml/ns/kernel_1_2.xsd">
<remove-configuration>org.exoplatform.services.organization.idm.PicketLinkIDMCacheService</remove-configuration>
<remove-configuration>org.exoplatform.services.organization.idm.PicketLinkIDMService</remove-configuration>
<!-- Other components and plugins configuration -->
<!-- ... -->
</configuration>
LDAPService component
<component>
<key>org.exoplatform.services.ldap.LDAPService</key>
<type>org.exoplatform.services.ldap.impl.LDAPServiceImpl</type>
<init-params>
<object-param>
<name>ldap.config</name>
<description>Default ldap config</description>
<object type="org.exoplatform.services.ldap.impl.LDAPConnectionConfig">
<field name="providerURL"><string>ldap://127.0.0.1:389,10.0.0.1:389</string></field>
<field name="rootdn"><string>CN=Manager,DC=exoplatform,DC=org</string></field>
<field name="password"><string>secret</string></field>
<field name="version"><string>3</string></field>
<field name="minConnection"><int>5</int></field>
<field name="maxConnection"><int>10</int></field>
<field name="referralMode"><string>follow</string></field>
<field name="serverName"><string>default</string></field>
</object>
</object-param>
</init-params>
</component>
OrganizationService and its OrganizationLdapInitializer plugin
<component>
<key>org.exoplatform.services.organization.OrganizationService</key>
<type>org.exoplatform.services.organization.ldap.OrganizationServiceImpl</type>
<component-plugins>
<component-plugin>
<name>init.service.listener</name>
<set-method>addListenerPlugin</set-method>
<type>org.exoplatform.services.organization.ldap.OrganizationLdapInitializer</type>
<description>this listener populate organization ldap service create default dn</description>
</component-plugin>
</component-plugins>
<init-params>
<value-param>
<name>ldap.userDN.key</name>
<description>The key used to compose user DN</description>
<value>cn</value>
</value-param>
<object-param>
<name>ldap.attribute.mapping</name>
<description>ldap attribute mapping</description>
<object type="org.exoplatform.services.organization.ldap.LDAPAttributeMapping">
<field name="userLDAPClasses"><string>top,person,organizationalPerson,inetOrgPerson</string></field>
<field name="profileLDAPClasses"><string>top,organizationalPerson</string></field>
<field name="groupLDAPClasses"><string>top,organizationalUnit</string></field>
<field name="membershipTypeLDAPClasses"><string>top,organizationalRole</string></field>
<field name="membershipLDAPClasses"><string>top,groupOfNames</string></field>
<field name="baseURL"><string>dc=exoplatform,dc=org</string></field>
<field name="groupsURL"><string>ou=groups,ou=portal,dc=exoplatform,dc=org</string></field>
<field name="membershipTypeURL"><string>ou=memberships,ou=portal,dc=exoplatform,dc=org</string></field>
<field name="userURL"><string>ou=users,ou=portal,dc=exoplatform,dc=org</string></field>
<field name="profileURL"><string>ou=profiles,ou=portal,dc=exoplatform,dc=org</string></field>
<field name="userUsernameAttr"><string>uid</string></field>
<field name="userPassword"><string>userPassword</string></field>
<field name="userFirstNameAttr"><string>givenName</string></field>
<field name="userLastNameAttr"><string>sn</string></field>
<field name="userDisplayNameAttr"><string>displayName</string></field>
<field name="userMailAttr"><string>mail</string></field>
<field name="userObjectClassFilter"><string>objectClass=person</string></field>
<field name="membershipTypeMemberValue"><string>member</string></field>
<field name="membershipTypeRoleNameAttr"><string>cn</string></field>
<field name="membershipTypeNameAttr"><string>cn</string></field>
<field name="membershipTypeObjectClassFilter"><string>objectClass=organizationalRole</string></field>
<field name="membershiptypeObjectClass"><string>organizationalRole</string></field>
<field name="groupObjectClass"><string>organizationalUnit</string></field>
<field name="groupObjectClassFilter"><string>objectClass=organizationalUnit</string></field>
<field name="membershipObjectClass"><string>groupOfNames</string></field>
<field name="membershipObjectClassFilter"><string>objectClass=groupOfNames</string></field>
<field name="ldapCreatedTimeStampAttr"><string>createdTimeStamp</string></field>
<field name="ldapModifiedTimeStampAttr"><string>modifiedTimeStamp</string></field>
<field name="ldapDescriptionAttr"><string>description</string></field>
</object>
</object-param>
</init-params>
</component>
AddHibernateMappingPlugin
<external-component-plugins>
<target-component>org.exoplatform.services.database.HibernateService</target-component>
<component-plugin>
<name>add.hibernate.annotations</name>
<set-method>addPlugin</set-method>
<type>org.exoplatform.services.database.impl.AddHibernateMappingPlugin</type>
<init-params>
<values-param>
<name>hibernate.annotations</name>
<value>org.exoplatform.services.organization.impl.UserProfileData</value>
</values-param>
</init-params>
</component-plugin>
</external-component-plugins>
After the server is started, the directory is populated with users, groups, memberships and membership types as below:
See also