How to Force synchronization of LDAP users with AEM 6

Hi All,

I have ldap configured on AEM6.0SP2 - when I try to go to ldap jmx console I get

HTTP ERROR: 404

Problem accessing /system/console/jmx/org.apache.jackrabbit.oak%3Ahandler%3D%22lbow-ldap-sync%22%2Cidp%3D%22lbow-ldap%22%2Cname%3DExternal+Identity+Synchronization+Management%2Ctype%3DUserManagement. Reason:

Not Found

Powered by Jetty://

But I am able to login using my ldap credentials, but I need to perform purgeOrphaned users and syncexternal users again, but the operations are not accessible from jmx anymore, as I keep getting this 404 error.

The same configuration is working fine on our other environments, so it can't be anything to do with configurations we use. There's nothing on the logs except

Could anyone help us with this issue. thanks.

That don't solve problem I mentioned earlier..

How to force synchronization of LDAP users with AEM6 so that rights can be assigned before the user first tries to login?

Is there any documentation to follow to achieve this? 

How can I sync on demand?  Can you please provide some sample to do that?

Thanks,

the best performance optimization is to sync on demand(while login as opposed to sync once in a while)

LDAP can be configured to sync users on login. Since you wanted to add users before, you need either syncallusers or syncexternalusers (you need to send used ids as json like

["<dn>"]

Yes that looks to be correct.

Is there any way to configure this within AEM ? If not, then what's best way to sync users whenever user is added? [I am new to AEM development]. Also document indicates that it'll be expensive call so any way to optimize it?

Thanks,

Just TBC, are you talking about http://jackrabbit.apache.org/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/SynchronizationMBean.html#syncExternalUsers(java.lang.String%5B%5D)

Yep, LDAP is already configured on the server. 

I can add LDAP [active directory] user in AEM directly. Problem I am running into is after user is added in AEM, new user need to signin to AEM [authenticated] before we can add them to any AEM Groups.

It looks like AEM don't authenticates against newly added user unless he/she log into AEM. I want to force authenticate/synchronize LDAP users with AEM so appropriate user/groups rights can be assigned within AEM before they try to login.

 Did you configure LDAP yet? I think it will work only after LDAP is configured