8.3. LDAP integration using legacy organization services

Warning

The legacy implementation of the Organization service uses MD5 hashing for password encryption. Thus it is considered unsecure and will be removed in future.

In Platform 4, it is supported for only users who have been using it since older versions. New users should never use this implementation.

  1. Create a new configuration.xml file under the following directory and with the following content:

    • $PLATFORM_TOMCAT_HOME/gatein/conf/portal/portal in Platform Tomcat.

    • $PLATFORM_JBOSS_HOME/standalone/configuration/gatein/portal/portal in Platform JBoss.

    
    <configuration xmlns="http://www.exoplatform.org/xml/ns/kernel_1_2.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.exoplatform.org/xml/ns/kernel_1_2.xsd http://www.exoplatform.org/xml/ns/kernel_1_2.xsd">
        <import>legacy-organization-configuration.xml</import>
        <!-- Remove unused PicketLink IDM Services -->
        <remove-configuration>org.exoplatform.services.organization.idm.PicketLinkIDMCacheService</remove-configuration>
        <remove-configuration>org.exoplatform.services.organization.idm.PicketLinkIDMService</remove-configuration>
    </configuration>
  2. Create a new legacy-organization-configuration.xml file in the same directory, and configure it as one of three data models: Hibernate, LDAP or MS Active Directory.

    • Hibernate

      
      <configuration xmlns="http://www.exoplatform.org/xml/ns/kernel_1_2.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.exoplatform.org/xml/ns/kernel_1_2.xsd http://www.exoplatform.org/xml/ns/kernel_1_2.xsd">
          <component>
              <key>org.exoplatform.services.organization.OrganizationService</key>
              <type>org.exoplatform.services.organization.hibernate.OrganizationServiceImpl</type>
          </component>
          <external-component-plugins>
              <target-component>org.exoplatform.services.database.HibernateService</target-component>
              <component-plugin> 
                  <name>add.hibernate.annotations</name>
                  <set-method>addPlugin</set-method>
                  <type>org.exoplatform.services.database.impl.AddHibernateMappingPlugin</type>
                  <init-params>
                      <values-param>
                          <name>hibernate.annotations</name>
                          <value>org.exoplatform.services.organization.impl.UserImpl</value>
                          <value>org.exoplatform.services.organization.impl.MembershipImpl</value>
                          <value>org.exoplatform.services.organization.impl.GroupImpl</value>
                          <value>org.exoplatform.services.organization.impl.MembershipTypeImpl</value>
                          <value>org.exoplatform.services.organization.impl.UserProfileData</value>
                      </values-param>
                  </init-params>
              </component-plugin>
          </external-component-plugins>
          <import>classpath:/conf/portal/organization-configuration.xml</import>    
      </configuration>
    • LDAP

      You need to change the providerURL, rootdn and password to match your LDAP setup. Also, change the domain DC=exoplatform,DC=org everywhere to match your top DN.

      
      <configuration xmlns="http://www.exoplatform.org/xml/ns/kernel_1_2.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.exoplatform.org/xml/ns/kernel_1_2.xsd http://www.exoplatform.org/xml/ns/kernel_1_2.xsd">
          <component>
              <key>org.exoplatform.services.ldap.LDAPService</key>
              <type>org.exoplatform.services.ldap.impl.LDAPServiceImpl</type>
              <init-params>
                  <object-param>
                      <name>ldap.config</name>
                      <description>Default ldap config</description>
                      <object type="org.exoplatform.services.ldap.impl.LDAPConnectionConfig">         
                          <field name="providerURL"><string>ldap://127.0.0.1:389,10.0.0.1:389</string></field>
                          <field name="rootdn"><string>CN=Manager,DC=exoplatform,DC=org</string></field>
                          <field name="password"><string>secret</string></field>        
                          <field name="version"><string>3</string></field>
                          <field name="minConnection"><int>5</int></field>
                          <field name="maxConnection"><int>10</int></field>     
                          <field name="referralMode"><string>follow</string></field>  
                          <field name="serverName"><string>default</string></field>
                      </object>
                  </object-param>
              </init-params>
          </component>
          <component>
              <key>org.exoplatform.services.organization.OrganizationService</key>
              <type>org.exoplatform.services.organization.ldap.OrganizationServiceImpl</type>
              <component-plugins>
                  <component-plugin>
                      <name>init.service.listener</name>
                      <set-method>addListenerPlugin</set-method>
                      <type>org.exoplatform.services.organization.ldap.OrganizationLdapInitializer</type>
                      <description>this listener populate organization ldap service create default dn</description>      
                  </component-plugin>  
              </component-plugins> 
              <init-params>
                  <value-param>
                      <name>ldap.userDN.key</name>
                      <description>The key used to compose user DN</description>
                      <value>cn</value>
                  </value-param>
                  <object-param>
                      <name>ldap.attribute.mapping</name>
                      <description>ldap attribute mapping</description>
                      <object type="org.exoplatform.services.organization.ldap.LDAPAttributeMapping">                
                          <field name="userLDAPClasses"><string>top,person,organizationalPerson,inetOrgPerson</string></field>
                          <field name="profileLDAPClasses"><string>top,organizationalPerson</string></field>
                          <field name="groupLDAPClasses"><string>top,organizationalUnit</string></field>
                          <field name="membershipTypeLDAPClasses"><string>top,organizationalRole</string></field>
                          <field name="membershipLDAPClasses"><string>top,groupOfNames</string></field>
                          <field name="baseURL"><string>dc=exoplatform,dc=org</string></field>
                          <field name="groupsURL"><string>ou=groups,ou=portal,dc=exoplatform,dc=org</string></field>
                          <field name="membershipTypeURL"><string>ou=memberships,ou=portal,dc=exoplatform,dc=org</string></field>
                          <field name="userURL"><string>ou=users,ou=portal,dc=exoplatform,dc=org</string></field>
                          <field name="profileURL"><string>ou=profiles,ou=portal,dc=exoplatform,dc=org</string></field>
                          <field name="userUsernameAttr"><string>uid</string></field>
                          <field name="userPassword"><string>userPassword</string></field>
                          <field name="userFirstNameAttr"><string>givenName</string></field>
                          <field name="userLastNameAttr"><string>sn</string></field>
                          <field name="userDisplayNameAttr"><string>displayName</string></field>
                          <field name="userMailAttr"><string>mail</string></field>
                          <field name="userObjectClassFilter"><string>objectClass=person</string></field>
                          <field name="membershipTypeMemberValue"><string>member</string></field>
                          <field name="membershipTypeRoleNameAttr"><string>cn</string></field>
                          <field name="membershipTypeNameAttr"><string>cn</string></field>
                          <field name="membershipTypeObjectClassFilter"><string>objectClass=organizationalRole</string></field>
                          <field name="membershiptypeObjectClass"><string>organizationalRole</string></field>
                          <field name="groupObjectClass"><string>organizationalUnit</string></field>
                          <field name="groupObjectClassFilter"><string>objectClass=organizationalUnit</string></field>
                          <field name="membershipObjectClass"><string>groupOfNames</string></field>
                          <field name="membershipObjectClassFilter"><string>objectClass=groupOfNames</string></field>
                          <field name="ldapCreatedTimeStampAttr"><string>createdTimeStamp</string></field>
                          <field name="ldapModifiedTimeStampAttr"><string>modifiedTimeStamp</string></field>
                          <field name="ldapDescriptionAttr"><string>description</string></field>
                      </object>
                  </object-param>
              </init-params>     
          </component>
          <external-component-plugins>
              <target-component>org.exoplatform.services.database.HibernateService</target-component>
              <component-plugin>
                  <name>add.hibernate.annotations</name>
                  <set-method>addPlugin</set-method>
                  <type>org.exoplatform.services.database.impl.AddHibernateMappingPlugin</type>
                  <init-params>
                      <values-param>
                      <name>hibernate.annotations</name>
                      <value>org.exoplatform.services.organization.impl.UserProfileData</value>
                      </values-param>
                  </init-params>
              </component-plugin>
          </external-component-plugins>
      </configuration>
    • Microsoft Active Directory

      
      <configuration xmlns="http://www.exoplatform.org/xml/ns/kernel_1_2.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.exoplatform.org/xml/ns/kernel_1_2.xsd http://www.exoplatform.org/xml/ns/kernel_1_2.xsd">
          <component>
              <key>org.exoplatform.services.ldap.LDAPService</key>
              <type>org.exoplatform.services.ldap.impl.LDAPServiceImpl</type>
              <init-params>
                  <object-param>
                      <name>ldap.config</name>
                      <description>Default ldap config</description>
                      <object type="org.exoplatform.services.ldap.impl.LDAPConnectionConfig">
                          <field name="providerURL"><string>ldap://192.168.2.88:389</string></field>
                          <field name="rootdn"><string>CN=Administrator,CN=Users, DC=exoplatform,DC=org</string></field>
                          <field name="password"><string>Secret1234</string></field>
                          <field name="version"><string>3</string></field>
                          <field name="minConnection"><int>5</int></field>
                          <field name="maxConnection"><int>10</int></field>
                          <field name="referralMode"><string>ignore</string></field>
                          <field name="serverName"><string>active.directory</string></field>
                      </object>
                  </object-param>
              </init-params>
          </component>
          <component>
              <key>org.exoplatform.services.organization.OrganizationService</key>
              <type>org.exoplatform.services.organization.ldap.OrganizationServiceImpl</type>
              <component-plugins>
                  <component-plugin>
                      <name>init.service.listener</name>
                      <set-method>addListenerPlugin</set-method>
                      <type>org.exoplatform.services.organization.ldap.OrganizationLdapInitializer</type>
                      <description>this listener populate organization ldap service create default dn</description>
                  </component-plugin>
              </component-plugins>
              <init-params>
                  <object-param>
                      <name>ldap.attribute.mapping</name>
                      <description>ldap attribute mapping</description>
                      <object type="org.exoplatform.services.organization.ldap.LDAPAttributeMapping">
                          <field name="userLDAPClasses"><string>top,person,organizationalPerson,user</string></field>
                          <field name="profileLDAPClasses"><string>top,organizationalPerson</string></field>
                          <field name="groupLDAPClasses"><string>top,organizationalUnit</string></field>
                          <field name="membershipTypeLDAPClasses"><string>top,group</string></field>
                          <field name="membershipLDAPClasses"><string>top,group</string></field>
                          <field name="baseURL"><string>DC=test,DC=man</string></field>
                          <field name="groupsURL"><string>ou=groups,ou=portal,DC=test,DC=man</string></field>
                          <field name="membershipTypeURL"><string>ou=memberships,ou=portal,DC=test,DC=man</string></field>
                          <field name="userURL"><string>ou=users,ou=portal,DC=test,DC=man</string></field>
                          <field name="profileURL"><string>ou=profiles,ou=portal,DC=test,DC=man</string></field>
                          <field name="userUsernameAttr"><string>sAMAccountName</string></field>
                          <field name="userPassword"><string>unicodePwd</string></field>
                          <field name="userFirstNameAttr"><string>givenName</string></field>
                          <field name="userLastNameAttr"><string>sn</string></field>
                          <field name="userDisplayNameAttr"><string>displayName</string></field>
                          <field name="userMailAttr"><string>mail</string></field>
                          <field name="userObjectClassFilter"><string>objectClass=user</string></field>
                          <field name="membershipTypeMemberValue"><string>member</string></field>
                          <field name="membershipTypeRoleNameAttr"><string>cn</string></field>
                          <field name="membershipTypeNameAttr"><string>cn</string></field>
                          <field name="membershipTypeObjectClassFilter"><string>objectClass=group</string></field>
                          <field name="membershiptypeObjectClass"><string>group</string></field>
                          <field name="groupObjectClass"><string>organizationalUnit</string></field>
                          <field name="groupObjectClassFilter"><string>objectClass=organizationalUnit</string></field>
                          <field name="membershipObjectClass"><string>group</string></field>
                          <field name="membershipObjectClassFilter"><string>objectClass=group</string></field>
                          <field name="ldapCreatedTimeStampAttr"><string>createdTimeStamp</string></field>
                          <field name="ldapModifiedTimeStampAttr"><string>modifiedTimeStamp</string></field>
                          <field name="ldapDescriptionAttr"><string>description</string></field>
                      </object>
                  </object-param>
              </init-params>
          </component>
          <external-component-plugins>
              <target-component>org.exoplatform.services.database.HibernateService</target-component>
              <component-plugin>
                  <name>add.hibernate.annotations</name>
                  <set-method>addPlugin</set-method>
                  <type>org.exoplatform.services.database.impl.AddHibernateMappingPlugin</type>
                  <init-params>
                      <values-param>
                      <name>hibernate.annotations</name>
                      <value>org.exoplatform.services.organization.impl.UserProfileData</value>
                      </values-param>
                  </init-params>
              </component-plugin>
          </external-component-plugins>
      </configuration>

LDAP/MSAD required libraries

To use LDAP/MSAD, you need to install two libraries:

Ask eXo Support for the libraries, or you can search and download the compatible version of those from https://repository.exoplatform.org.

Install the downloaded files to $PLATFORM_TOMCAT_HOME/lib/ or $PLATFORM_JBOSS_HOME/standalone/deployments/platform.ear/lib/. In JBoss, you should rename the files to exo.core.component.ldap.jar and exo.core.component.organization.ldap.jar (no version string).

See also

Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus