Posts Tagged ‘openLDAP’

Installing Liferay with MySQL, CAS and openLDAP on Ubuntu (part 2)

January 23, 2010 4 comments

This is second part of of article “Installing Liferay with MySQL, CAS and openLDAP on Ubuntu”.

2. Installing and configuring MySQL

To install MySQL you simply run command:

sudo apt­ get install mysql­-server

Now that we have MySQL installed we can download sql script (that generates schema) and unzip it:


unzip ./

Next you need to enter MySQL shell

mysql -u root -p

and create new database for Liferay

create database lportal character set utf8;
create user ‘lportal’@’localhost’ identified by ‘lportal123’;
grant all privileges on lportal.* to ‘lportal’@’localhost’;
flush privileges;

After entering portal database:

use lportal;

we can generate basic schema:

source liferay-portal-sql-5.2.3/portal-minimal/portal-minimal-mysql.sql

Now we have MySQL installed with database configured for Liferay portal.

3. Installing Liferay portal

Before we move on you need to first download Liferay 5.2.3 zip archive and unpack it somewhere in your file system (for example /home/user/liferay/). We will refer to this folder (or to the path of this folder) as LIFERAY_ROOT further in this tutorial.

Add rights to make tomcat runable:

chmod ­R +x LIFERAY_ROOT/tomcat/bin

Then you need to delete sample data. Liferay (since version 5.2) comes with so-called “sample data”, which must be removed before we move on. Delete :

  • folder LIFERAY_ROOT/tomcat/webapps/sevencogs­hook
  • folder LIFERAY_ROOT/tomcat/webapps/sevencogs­theme
  • folder LIFERAY_ROOT/tomcat/webapps/wol­portlet
  • file LIFERAY_ROOT/data/hsql/
  • file LIFERAY_ROOT/data/hsql/lportal.script

Now you need to only bind your Liferay portal with MySQL database your created earlier. To do that open file LIFERAY_ROOT\tomcat\webapps\ROOT\WEB­-INF\classes\portal­ for edition and enter lines below:


Now you have properly installed and configured Liferay portal.

4. Configuring SSL

Authentication to your portal should be done using secure connection. That’s why you need to enable SSL in your tomcat. First you need to generate certificate for your server. To do that run JDK tool called keytool:

keytool -­genkey ­-alias tomcat -­keypass asdfgh ­-keyalg RSA

notice that for this tutorial keypass (in other words password) will be ‘asdfgh’. Keytool will ask you few questions, but only one is really important. When asked “What is your first and last name?” you must answer with the DNS name of your server. If you are following this tutorial on your private computer (that do not have DNS name) then provide ‘localhost’ answer. Other questions are irrelevant and you can answer with default values (just keep pressing ENTER).

Now that you have your certificate generated, you can export it to .cert file. Run keytool again:

keytool ­-export ­-alias tomcat ­-keypass asdfgh ­-file server.cert

At the end you need to add your certificate to JDK’s keystore:

keytool ­-import ­-alias tomcat ­-file server.cert ­-keypass asdfgh ­-keystore $JAVA_HOME/jre/lib/security/cacerts

You will be asked for JDK’s keystore pass. By default this password is ‘changeit’.

Now all you need to do is simply enable SSL in your tomcat. In LIFERAY_ROOT/tomcat/conf/sertver.xml add new connector:

<Connector port=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”
maxThreads=”150″ scheme=”https” secure=”true”
clientAuth=”false” sslProtocol=”TLS” keystorePass=”asdfgh”/>

Congratulations. You have now enabled SSL in your tomcat.

Go to Part 3 of this tutorial


[1] – Liferay portal page

[2] – Tomcat SSL configuration How-to


Installing Liferay with MySQL, CAS and openLDAP on Ubuntu (part 1)

January 19, 2010 4 comments

Recently I’ve been asked to deploy a portal infrastructure into one of the Polish corporations. The task was to bind together Liferay (portal with MySQL as internal database) with CAS (single sign-on authentication) and openLDAP (directory for holding user specific data like login, password, email etc.).

The general idea was that every user’s information should be  held inside openLDAP. Liferay portal would delegate authentication to CAS web application where user’s login action would be authenticated against data from openLDAP. Because Liferay keeps its internal database, portal needs to periodically check openLDAP to see whether any data changed and update if needed.

Because the whole idea was kind of new for me, I had to do a small research before I got my hands dirty. On Internet I found many tutorials how to integrate Liferay with CAS, CAS with openLDAP and Liferay with openLDAP. Some of them worked, some not, some were simply obsolete. Moreover there was not one single tutorial to show how to bind all these technologies together. This post tries to fills this gap.

This post will be divided into four parts. Liferay version was 5.2.3 used with CAS 3.3. Installation and deployment was done on Linux Debian and on Ubuntu Linux (9.04).

1. Installing openLDAP

Warning: This will not run on Ubuntu 9.10! There were some changes done in Ubuntu that made installation of openLDAP really hard task. Ubuntu 9.04 is recommended.

To run installation you should simply run command below:

sudo apt­-get install slapd ldap­-utils

During installation you will be asked for administrator password. For purpose of this document this password will be ‘asdfgh’.

After installation ends, you should run configuration program:

sudo dpkg­-reconfigure slapd

You will then need to answer few questions:

a) If you enable this option, no initial configuration or database will be created for you. Omit
OpenLDAP server configuration?

Choose: No

b) The DNS domain name is used to construct the base DN of the LDAP directory. For example,
‘’ will create the directory with ‘dc=foo, dc=example, dc=org’ as base DN.

You need to enter name base DN, which normally is just simply the DNS domain name.
For DN would be dc=it,dc=mycompany,dc=com

c) Please enter the name of the organization to use in the base DN of your LDAP directory.

Simply your organisation name. Can be anything.
d) The HDB backend is recommended. HDB and BDB use similar storage formats, but HDB adds
support for subtree enames. Both support the same configuration options.
In either case, you should review the resulting database configuration for your needs.
See/usr/share/doc/slapd/README.DB_CONFIG.gz for more details.

Choose: No

e) Do you want the database to be removed when slapd is purged?

Choose: No

f) Please enter the password for the admin entry in your LDAP directory.

Any, for this document it’s ‘asdfgh’
g) The obsolete LDAPv2 protocol is disabled by default in slapd. Programs and users should
upgrade to LDAPv3. If you have old programs which can’t use LDAPv3, you should select this
option and ‘olcAllows: bind_v2’ will be added to your cn=config directory.

Choose: No

Now to create simple structure that holds users and their groups, we run command:

ldapadd ­x ­D cn=admin,dc=it,dc=mycompany,dc=com ­W ­f ldap_data_set.ldif

where ldap_data_set.ldif looks like this:

——————- ldap_data_set.ldif ——————–

dn: ou=groups,dc=it,dc=mycompany,dc=com
objectClass: organizationalUnit
objectClass: top
description: grupy
ou: groups

dn: ou=people,dc=it,dc=mycompany,dc=com
objectClass: organizationalUnit
objectClass: top
ou: people

dn: cn=admins,ou=groups,dc=it,dc=mycompany,dc=com
objectClass: extensibleObject
objectClass: groupOfNames
objectClass: top
cn: admins
description: admins group
member: uid=jdoe,ou=people,dc=it,dc=mycompany,dc=com

dn: cn=programmers,ou=groups,dc=it,dc=mycompany,dc=com
objectClass: extensibleObject
objectClass: groupOfNames
objectClass: top
cn: programmers
description: programisci hudsona
member: uid=kmoe,ou=people,dc=it,dc=mycompany,dc=com
member: uid=jhudson,ou=people,dc=it,dc=mycompany,dc=com

dn: uid=jdoe,ou=people,dc=it,dc=mycompany,dc=com
objectClass: account
objectClass: extensibleObject
objectClass: uidObject
objectClass: userSecurityInformation
objectClass: top
member: cn=admins,ou=groups,dc=it,dc=mycompany,dc=com
name: John
sn: Doe
uid: jdoe
userPassword: {MD5}ICy5YqxZB1uWSwcVLSNLcA==

dn: uid=kmoe,ou=people,dc=it,dc=mycompany,dc=com
objectClass: account
objectClass: extensibleObject
objectClass: uidObject
objectClass: userSecurityInformation
objectClass: top
member: cn=programmers,ou=groups,dc=it,dc=mycompany,dc=com
name: Kate
sn: Moe
uid: kmoe
userPassword: {MD5}ICy5YqxZB1uWSwcVLSNLcA==

dn: uid=jhudson,ou=people,dc=it,dc=mycompany,dc=com
objectClass: account
objectClass: extensibleObject
objectClass: uidObject
objectClass: userSecurityInformation
objectClass: top
member: cn=programmers,ou=groups,dc=it,dc=mycompany,dc=com
name: Jane
sn: Hudson
uid: jhudson
userPassword: {MD5}ICy5YqxZB1uWSwcVLSNLcA==

—————-end of ldap_data_set.ldif ——————

This will create structure described below:
|­­­ groups

|       |    admins

|       |    programmers
|­­­ people

|       |   jdoe

|       |   kmoe

|       |   jhudson

Every user has password: ‘123’.

And that’s simply it. We now have openLDAP installed with some user data in it.

Go to Part 2 of this tutorial


[ldap1] – -> official Ubuntu tutorial
[ldap2] – -> older version of [ldap1]
[ldap3] – –  SUN’s documentation –  ldapmodify
[ldap4] – – SUN’s documentation –