How To Limit User Import of users for SAML integration to UMP

Document ID : KB000034605
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction

In the directions to setup SAML authentication one of the first steps
is setting up the LDAP connection. When this is done WASP will import
these users at statup.

The original setting for this is as follows:
##Ensure the ldap.import.user.search.filter line matches your LDAP 'user' designation.
ldap.import.user.search.filter.0=(objectClass=user)

the above will import ALL user in the LDAP directory.

Below is sample to limit the import to a single LDAP group:
# added the below to restrict imported users to a single group
ldap.import.user.search.filter.0=(&(objectcategory=user)(memberof=CN=NimsoftUsers,CN=Users,DC=Nimsoft,DC=com))

Other valid LDAP queris can be used to limit the scope of users inputs.

****NOTE***
if user are imported by mistake they will have to be manually removed from the UMP control panel portal.
?




Procedure

The change to the user import is kept in the portal-ext.properties

The default location of this file is:
<Nimsoft>\probes\service\wasp\webapps\ROOT\WEB-INF\classes

The lines that need to be changed are:
from the default:
##Ensure the ldap.import.user.search.filter line matches your LDAP 'user' designation.
ldap.import.user.search.filter.0=(objectClass=user)

So the custom LDAP search string you need:
# added the below to restrict imported users to a single group
ldap.import.user.search.filter.0=(&(objectcategory=user)(memberof=CN=NimsoftUsers,CN=Users,DC=Nimsoft,DC=com))


******NOTE******
if an LDAP search criteria is too large you may end up with errors in the portal logs about being able to import users such as:

08 May 2015 14:19:29,030 ERROR [PortalLDAPImporterImpl:714] Unable to import user CN=Administrator,CN=Users: null:null:{samaccountname=sAMAccountName: Administrator}
com.liferay.portal.ContactFirstNameException