Liferay LDAP synchronize users whenever active directory is modified

Question

I have implemented authentication using Liferay LDAP.The problem is LDAP only imports users:

• On startup of server
• When a modified user try to login (only data specific to it is imported\updated)

I want to import/update users whenever there is a change in my active directory

What I have tried:

• Import interval property

This will cause my application to slow down when there will be a large set of users

Answer 1

If you want to trigger an update on change of AD, you'll have to extend AD to push to Liferay. Liferay has an API (even a remote one) that you can trigger on every change in AD. As you say that you can't pull (through a more frequent import), this is your option.

On the other hand: Most of the time, it's not necessary to have the very latest information in Liferay at all times. Latest when a user logs in, their data will be updated anyways. If a user is deactivated in AD, they will be deactivated in Liferay latest when they try to log in.

Edit: As you state that your Liferay-Users are acting on data of the other uses, it feels like you should rather develop an appropriate LDAP frontend, maintaining or using the underlying data in LDAP (AD) instead of the Liferay user database. This is yet another option.

And no, sorry, I can't provide any references for AD. As of Liferay's API, it depends what you need: User, UserGroup, Organization, Roles etc. all have their own services that you can use to implement whatever you need. An abstract description on what you need to do goes well beyond what's possible in a simple answer on SO though, especially given the amount of details that you provide in your question.