LDAP integration with AEM 5.6

Question

Hi,I managed to integrate LDAP with CQ 5.6 with autocreate="create".  However, I believe the documentation also states that IF we only want to authenticate users, we really do not need the Auto-Creation parameters.My "autocreate='create'" config looks likecom.day.crx {   com.day.crx.core.CRXLoginModule sufficient;   com.day.crx.security.ldap.LDAPLoginModule required              principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider"              host="myldap.server.com"              port="389"              secure="false"              authDn="cn=myCN               authPw="mypassword"              userRoot="dc=server,dc=com"              userFilter="(objectclass=person)"               userIdAttribute="samaccountname"               autocreate="create"              autocreate.user.membership="contributor"              autocreate.user.mail="rep:e-mail"              autocreate.user.cn="rep:fullname"              autocreate.path="direct"              cache.expiration="600"              cache.maxsize="100";};Theoretically, if I do not want "autocreate", my config should be com.day.crx {   com.day.crx.core.CRXLoginModule sufficient;   com.day.crx.security.ldap.LDAPLoginModule required              principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider"              host="myldap.server.com"              port="389"              secure="false"              authDn="cn=myCN               authPw="mypassword"              userRoot="dc=server,dc=com"              userFilter="(objectclass=person)"               userIdAttribute="samaccountname"               cache.expiration="600"              cache.maxsize="100";};Assume that I am trying to login as userA.  With "autocreate", login is successful.  Without "autocreate", login is unsuccesful.  The LDAP integration document states that if we set "autocreate=none", token authentication will fail.  Therefore, we need to put disableTokenAuth=true.  I tried this and my ldap.log file does have "Token Authentication disabled" like messages.  However, the authentication attempt will still try to find a token, which never gets created on the server and the error.log keeps throwing "invalid token" errors.If I disable the token authentication handler via OSGI Configuration, then with my registered authentication handler having only "Day CQ Login Selector" and "HTTP Basic Authentication Handler", login will never be successful.  If I further disable "Day CQ Login Selector" and leave only "HTTP Basic Authentication Handler", I find that I can authenticate via AD, access crx/de but can never get to pages like "tools.html" or "projects.html"...Has anyone managed to get LDAP authentication working with autocreate='none'?Thank You.

Sham_HC · Accepted Answer

Voon Siong wrote... We created users A and B in CQ. We want usersA and B to authenticate via AD. If C attempts to login, he should not be able to access CQ because there is no user account in CQ for C. There are two parts authentication & authorization. For authentication you have done correctly for authorization to happen need to configure trust_credentials_attribute. Also it is deprecated.  Can you please file a daycare to track it so that assigned specialist will provide solution and as well to update the documentation?

Sham_HC · Answer

What is your use case? Authoring the content without user in aem?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded