1

I need to make a Liferay-hook, when the user logins, check in LDAP for the group.

If the group is "users" do nothing especial, but if don't have any LDAP group I need to redirect to other page inside the Liferay portal.

I know how to do the redirect, but my problem is: How can I know the LDAP group of the user?

Actually I only import the users group in liferay LDAP configuration like this:

(&(uid=@screen_name@)(memberof=cn=usersr,ou=groups,o=users.com))

Any idea?
Thanks

Rasabihari Kumar
  • 491
  • 1
  • 4
  • 16
colymore
  • 11,776
  • 13
  • 48
  • 90
  • normally, the LDAP groups are sync-ed with Liferay UserGroups, so you could use the Liferay API to check the user's usergroups. Is there any reason to scan specifically for LDAP groups ? – yannicuLar Jan 25 '13 at 10:24

1 Answers1

0

The problem you will have is that LDAP directories are somewhat inconsistent on storing group membership on the user.

eDirectory stores Group Membership on the user (groupMembership in LDAP). Active Directory in later versions (2008 I think) stores memberOf on the User, sort of. It is not stored as a static value in AD, but can be read and it is calculated.

Generally the LDAP approach has been to query for:

(&(objectClass=group)(member=cn=MyUser,ou=MyOu,dc=com))

That is, go find me all groups, for whom this user is a member and then check to see if your control group is returned. This is not really efficient. But will work.

geoffc
  • 4,030
  • 7
  • 44
  • 51