Submit Feedback
Legacy Knowledge Base
Published Jun. 30, 2025

'Authentication Search Filter' for Users in LDAP

Written By

Sergio Alonso

How To articles are not official guidelines or officially supported documentation. They are community-contributed content and may not always reflect the latest updates to Liferay DXP. We welcome your feedback to improve How To articles!

While we make every effort to ensure this Knowledge Base is accurate, it may not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with any feedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack" publication program, made available for informational purposes. Articles in this program were published without a requirement for independent editing or verification and are provided"as is" without guarantee.

Before using any information from this article, independently verify its suitability for your situation and project.

Issue

  • At the moment, we are using LDAP server connection to authenticate our users.
  • Our question is: in which moment the query to authenticate users is executed? More exactly, when the field 'Authentication Search Filter' is applied?
  • We are using as 'Authentication Search Filter' this value: '(HJTconID=@screen_name@)'

Environment

  • DXP 7.3

Resolution

  • The field 'Authentication Search Filter' is defined to make a relationship between the field configured in DXP for login and the attribute which defines a user in LDAP.
  • The bind process between both servers DXP and LDAP follows these steps:
    • DXP requests an initial query to LDAP, using the 'Authentication Search Filter' .
      • Using the previous defined value, the query is equivalent to '(HJTconID=[[[Screen Name Used in Login]]])'
      • Then DXP checks if there is some value returned to resume or abort the process.
    • Next step, DXP makes a join between these both filters: 'Authentication Search Filter' and 'Import Search Filter' and requests to LDAP.
      • The query is equivalent to '(&([[[Authentication Search Filter]]])([[[Import Search Filter]]]))'
      • Returned value is used by DXP to populate user data using  configured 'User Mapping' fields.
    • Finally, DXP proceeds to import user memberships requesting to LDAP the filter 'Import Search Filter' from 'Groups' section.
      • The query is equivalent to '(&([[['User' field from 'Groups' section, usually 'uniqueMember']]]=[[[User DN]]])([[['Import Search Filter' from 'Groups' section]]]))'
  • Please, take into account those queries are requested only when user import is done during authentication. If import from LDAP configuration is defined ('Enable Import'option, 'Enable Import on Startup'option, 'Import Interval'field), DXP will only use 'Import Search Filter' filters to import users from LDAP.

 

 

 

Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?