LDAP Group Sync With AEM

Avatar

Avatar

pritam

Avatar

pritam

pritam

15-10-2015

Hi

I m using CQ(5.6.1) and LDAP(ApacheDS).

I have completed the ldap user sync to CQ, Now I have to do the group sync, groups have already been created in ldap, I have to add the user to the ldap groups dynamically depending on the country specific sites e.g. if user is trying to access the Worldwide site then I need to add that user to the worldwide group and same user group need to be synchronized to CQ whenever user gets synchronized with CQ.

However there is an attribute โ€œautocreate.user.membershipโ€ through which we can add the user to a default group but here the prerequisite of case study is different.

I tried with the โ€œmemberOfโ€ attribute and specify the group โ€œdnโ€ but when I am trying to add this property through java api, itโ€™s throwing an error of SvcErr:DSID-031A11E5, problem 5003(WILL_NOT_PERFORM).

 

I have also tried to synchronize the admin user that client has provided, it contains all the attributes like โ€œmemberOfโ€  and group โ€œdnโ€ value has already been specified for the memberOf attribute, through JMX(com.adobe.granite.ldap) and sync the user using syncUser method  but only user is getting synchronized , group is not getting synchronized.

 

I have attached the ldap_login configuration file that I am using to connect to ldap.

I have followed the same web links but that did not work for group sync.

I am using AEM 5.6.1 and LDAP(Active Directory), I have completed the ldap user sync to CQ, Now I have to do the group sync, groups have already been created in ldap, I have to add the user to the ldap groups dynamically depending on the country specific sites e.g. if user is trying to access the Worldwide site then I need to add that user to the worldwide group and same user group need to be synchronized to CQ whenever user gets synchronized with CQ.

However there is an attribute โ€œautocreate.user.membershipโ€ through which we can add the user to a default group but here the prerequisite of case study is different.

I tried with the โ€œmemberOfโ€ attribute and specify the group โ€œdnโ€ but when I am trying to add this property through java api, itโ€™s throwing an error of SvcErr:DSID-031A11E5, problem 5003(WILL_NOT_PERFORM).

 

I have also tried to synchronize the admin user that client has provided, it contains all the attributes like โ€œmemberOfโ€  and group โ€œdnโ€ value has already been specified for the memberOf attribute, through JMX(com.adobe.granite.ldap) and sync the user using syncUser method  but only user is getting synchronized , group is not getting synchronized.

 

I have attached the ldap_login configuration file that I am using to connect to ldap.