Home > Articles > Installing Liferay with MySQL, CAS and openLDAP on Ubuntu (part 3)

Installing Liferay with MySQL, CAS and openLDAP on Ubuntu (part 3)

This is third part of of article “Installing Liferay with MySQL, CAS and openLDAP on Ubuntu”.

5. Installing and configuring CAS

The easiest way to integrate CAS with openLDAP is to build CAS using Maven.  Created war file will contain all needed dependencies and all properties will be set inside configuration files.  Before we move on you need to first download CAS sources and unpack it somewhere in your file system (for example /home/user/Downloads/cas). We will refer to this folder (or to the path of this folder) as CAS_SOURCE further in this tutorial.

5.1 Configuration of dependencies and properties

1. Go to folder $CAS_SOURCE/cas-server-webapp and in file pom.xml add

<dependency>
     <groupId>${project.groupId}</groupId>
     <artifactId>cas-server-support-ldap</artifactId>
     <version>${project.version}</version>
</dependency>

2. Go to folder $CAS_SOURCE/cas-server-webapp/src/main/webapp/WEB-INF and open file deployerConfigContext.xml

3. In file deployerConfigContext.xml inside bean authenticationManager comment out SimpleTestUsernamePasswordAuthenticationHandler

<!--
<bean
class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
-->

4. Add FastBindLdapAuthenticationHandler inside authenticationManager bean (where SimpleTestUsernamePasswordAuthenticationHandler used to be)

<bean
class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler">
  <property name="filter" value="uid=%u,ou=people,dc=it,dc=mycompany,dc=com" />
  <property name="contextSource" ref="contextSource" />
</bean>

5. Add new bean called contextSource

<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
        <property name="pooled" value="true"/>
        <property name="urls">
            <list>
                <value>ldap://localhost/</value>
            </list>
        </property>
        <property name="userDn" value="cn=admin,dc=it,dc=mycompany,dc=com"/>
        <property name="password" value="asdfgh"/>
        <property name="baseEnvironmentProperties">
            <map>
                <entry>
                    <key>
                        <value>java.naming.security.authentication</value>
                    </key>
                    <value>simple</value>
                </entry>
            </map>
        </property>
</bean>

5.2 Building CAS war file

Building CAS war file actually requires only modules cas-server-core, cas-server-webapp and cas-server-support-ldap, however you can always build all components (somemodules simply won’t be used). For me personally, this is much quicker way. So all you really need to do now is to open your command line, go to $CAS_SOURCE folder and type

mvn -Dmaven.test.skip=true clean install

Created war file (called cas.war) can be found inside folder  $CAS_SOURCE/cas-server-webapp/target.  Now all you need to do is to deploy this file in tomcat. Just copy it to folder LIFERAY_ROOT/tomcat/webapps/ .

6. Integrating Liferay with CAS and with openLDAP

6.1 Integrating Liferay with CAS

1. Start Liferay

2. Log into admin account (at this point Liferay is not integrated with CAS yet)
login: test@liferay.com
haslo: test

3. Go to Control Panel -> Settings -> Authentication -> CAS

4. Select values ‘Enabled’ and  ‘Import from LDAP’
[x] Enabled
[x] Import from LDAP

5. In default values change cas-web into cas and localhost into your server’s DNS name (for this tutorial it will be it.mycompany.com) – or leave it localhost if you don’thave DNS name for your server.

6. In field  “Server Name” enter DNS name – it.mycompany.com:443

7. In field “Service URL” enter path to the service – https://it.mycompany.com:443/c/portal/login

6.2 Integrating Liferay with openLDAP

1. Go to Control Panel -> Settings -> Authentication -> LDAP
2. Select ‘Enabled’ option
3. Select openLDAP
4. Values

Connection:
base provider: ldap://localhost:389
base dn: dc=it,dc=mycompany,dc=com
principal: cn=admin,dc=it,dc=mycompany,dc=com
password: asdfgh
(test connection)

Users:
Authentication Search Filter: (uid=@screen_name@)
Import Search Filter: (objectClass=uidObject)
Screen Name: uid
Password: userPassword
Email Address: email
Full Name:
First Name: name
Last Name: sn
Job Title: — leave it empty
Group: member

Groups:
Import Search Filter: (objectClass=groupOfNames)
Group Name: cn
Description: description
User: member
(test connection)

5. In Import/Export:

Import Enabled: [x]
Import on Startup Enabled: [x]
Import Interval: any value e.g. 5 minutes
Export Enabled: [ ]

6. Go to Control Panel -> Settings -> Authentication → General and change “How do users authenticate?” to “By Screen Name”

7. Accept changes by clicking “Save” button

After importing users and groups you need to give  group “admins” a role “Administrator”. Go to Control Panel → Roles → Administrator → Assign Members → User Groups. Select group „admins” and click “Update Associations”.

Part 4 is coming soon….

Reference:

[CAS1] http://www.jasig.org/cas/ – CAS official site
[CAS2] http://en.wikipedia.org/wiki/Central_Authentication_Service – what wikipedia knows
[CAS3] http://www.ja-sig.org/wiki/display/CAS/Home – CAS official wiki

About these ads
Categories: Articles
  1. jakarru
    June 10, 2010 at 4:13 pm

    Thanks for that fantastic article.

    What is coming in part 4? I really need to install Liferay with MySQL, CAS and openLDAP. And i think if i know the following process i can try to do ir by myself.

    thanks

  1. April 8, 2010 at 8:48 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: