This is second part of of article “Installing Liferay with MySQL, CAS and openLDAP on Ubuntu”.
2. Installing and configuring MySQL
To install MySQL you simply run command:
sudo apt get install mysql-server
Now that we have MySQL installed we can download sql script (that generates schema) and unzip it:
Next you need to enter MySQL shell
mysql -u root -p
and create new database for Liferay
create database lportal character set utf8;
create user ‘lportal’@'localhost’ identified by ‘lportal123′;
grant all privileges on lportal.* to ‘lportal’@'localhost’;
After entering portal database:
we can generate basic schema:
Now we have MySQL installed with database configured for Liferay portal.
3. Installing Liferay portal
Before we move on you need to first download Liferay 5.2.3 zip archive and unpack it somewhere in your file system (for example /home/user/liferay/). We will refer to this folder (or to the path of this folder) as LIFERAY_ROOT further in this tutorial.
Add rights to make tomcat runable:
chmod R +x LIFERAY_ROOT/tomcat/bin
Then you need to delete sample data. Liferay (since version 5.2) comes with so-called “sample data”, which must be removed before we move on. Delete :
- folder LIFERAY_ROOT/tomcat/webapps/sevencogshook
- folder LIFERAY_ROOT/tomcat/webapps/sevencogstheme
- folder LIFERAY_ROOT/tomcat/webapps/wolportlet
- file LIFERAY_ROOT/data/hsql/lportal.properties
- file LIFERAY_ROOT/data/hsql/lportal.script
Now you need to only bind your Liferay portal with MySQL database your created earlier. To do that open file LIFERAY_ROOT\tomcat\webapps\ROOT\WEB-INF\classes\portalext.properties for edition and enter lines below:
Now you have properly installed and configured Liferay portal.
4. Configuring SSL
Authentication to your portal should be done using secure connection. That’s why you need to enable SSL in your tomcat. First you need to generate certificate for your server. To do that run JDK tool called keytool:
keytool -genkey -alias tomcat -keypass asdfgh -keyalg RSA
notice that for this tutorial keypass (in other words password) will be ‘asdfgh’. Keytool will ask you few questions, but only one is really important. When asked “What is your first and last name?” you must answer with the DNS name of your server. If you are following this tutorial on your private computer (that do not have DNS name) then provide ‘localhost’ answer. Other questions are irrelevant and you can answer with default values (just keep pressing ENTER).
Now that you have your certificate generated, you can export it to .cert file. Run keytool again:
keytool -export -alias tomcat -keypass asdfgh -file server.cert
At the end you need to add your certificate to JDK’s keystore:
keytool -import -alias tomcat -file server.cert -keypass asdfgh -keystore $JAVA_HOME/jre/lib/security/cacerts
You will be asked for JDK’s keystore pass. By default this password is ‘changeit’.
Now all you need to do is simply enable SSL in your tomcat. In LIFERAY_ROOT/tomcat/conf/sertver.xml add new connector:
<Connector port=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”
maxThreads=”150″ scheme=”https” secure=”true”
clientAuth=”false” sslProtocol=”TLS” keystorePass=”asdfgh”/>
Congratulations. You have now enabled SSL in your tomcat.
 – Liferay portal page
Recently I’ve been asked to deploy a portal infrastructure into one of the Polish corporations. The task was to bind together Liferay (portal with MySQL as internal database) with CAS (single sign-on authentication) and openLDAP (directory for holding user specific data like login, password, email etc.).
The general idea was that every user’s information should be held inside openLDAP. Liferay portal would delegate authentication to CAS web application where user’s login action would be authenticated against data from openLDAP. Because Liferay keeps its internal database, portal needs to periodically check openLDAP to see whether any data changed and update if needed.
Because the whole idea was kind of new for me, I had to do a small research before I got my hands dirty. On Internet I found many tutorials how to integrate Liferay with CAS, CAS with openLDAP and Liferay with openLDAP. Some of them worked, some not, some were simply obsolete. Moreover there was not one single tutorial to show how to bind all these technologies together. This post tries to fills this gap.
This post will be divided into four parts. Liferay version was 5.2.3 used with CAS 3.3. Installation and deployment was done on Linux Debian and on Ubuntu Linux (9.04).
1. Installing openLDAP
Warning: This will not run on Ubuntu 9.10! There were some changes done in Ubuntu that made installation of openLDAP really hard task. Ubuntu 9.04 is recommended.
To run installation you should simply run command below:
sudo apt-get install slapd ldap-utils
During installation you will be asked for administrator password. For purpose of this document this password will be ‘asdfgh’.
After installation ends, you should run configuration program:
sudo dpkg-reconfigure slapd
You will then need to answer few questions:
a) If you enable this option, no initial configuration or database will be created for you. Omit
OpenLDAP server configuration?
b) The DNS domain name is used to construct the base DN of the LDAP directory. For example,
‘foo.example.org’ will create the directory with ‘dc=foo, dc=example, dc=org’ as base DN.
You need to enter name base DN, which normally is just simply the DNS domain name.
For it.mycompany.com DN would be dc=it,dc=mycompany,dc=com
c) Please enter the name of the organization to use in the base DN of your LDAP directory.
Simply your organisation name. Can be anything.
d) The HDB backend is recommended. HDB and BDB use similar storage formats, but HDB adds
support for subtree enames. Both support the same configuration options.
In either case, you should review the resulting database configuration for your needs.
See/usr/share/doc/slapd/README.DB_CONFIG.gz for more details.
e) Do you want the database to be removed when slapd is purged?
f) Please enter the password for the admin entry in your LDAP directory.
Any, for this document it’s ‘asdfgh’
g) The obsolete LDAPv2 protocol is disabled by default in slapd. Programs and users should
upgrade to LDAPv3. If you have old programs which can’t use LDAPv3, you should select this
option and ‘olcAllows: bind_v2′ will be added to your cn=config directory.
Now to create simple structure that holds users and their groups, we run command:
ldapadd x D cn=admin,dc=it,dc=mycompany,dc=com W f ldap_data_set.ldif
where ldap_data_set.ldif looks like this:
——————- ldap_data_set.ldif ——————–
description: admins group
description: programisci hudsona
—————-end of ldap_data_set.ldif ——————
This will create structure described below:
| | admins
| | programmers
| | jdoe
| | kmoe
| | jhudson
Every user has password: ’123′.
And that’s simply it. We now have openLDAP installed with some user data in it.
[ldap1] – https://help.ubuntu.com/9.04/serverguide/C/openldap-server.html -> official Ubuntu tutorial
[ldap2] – https://help.ubuntu.com/community/OpenLDAPServer -> older version of [ldap1]
[ldap3] – http://docs.sun.com/source/816-6400-10/lmodify.html - SUN’s documentation - ldapmodify
[ldap4] – http://docs.sun.com/source/816-6400-10/lsearch.html – SUN’s documentation -