Hi,
Someone posted a reply about filters and then deleted their comment. Thanks so much for mentioning. Your advice was super helpful. And got our team a step closer to resolution.
The details of the problem. It looks like the problem was with my groupfilter configuration that filters out some of the groups. Two new problems have arisen:
- Users are only added to a group when a user is synced via the JMX console, or, when the user is logging in for the first time, they are added to the group. Existing users who are members are not being added. Know why?
- When a user is deleted in Active Directory/LDAP, the user is not deleted from the group existing in CQ. Any ideas?
Thanks!!!
Here's our ldap_login.conf file.
com.day.crx { com.day.crx.core.CRXLoginModule sufficient; com.day.crx.security.ldap.LDAPLoginModule required principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider" /** trust_credentials_attribute="TrustedInfo" */ host="ldap.prod.server.org" port="389" authDn="CN=ldap_read Application Account,OU=Application,OU=User Accounts,DC=prod,DC=server,DC=org" authPw="secret" secure="false" userRoot="OU=User Accounts,DC=prod,DC=server,DC=org" userFilter="(objectclass=organizationalPerson)" userIdAttribute="sAMAccountName" groupRoot="OU=Corporate,OU=Groups,DC=prod,DC=server,DC=org" groupFilter="(&(objectclass=group)(cn=wcm*))" groupMembershipAttribute="member" groupNameAttribute="cn" deny_anonymous_access="true" autocreate="create" autocreate.syncdelay="0" autocreate.user.mail="profile/email" autocreate.user.cn="profile/fullname" autocreate.user.sn="profile/familyName" autocreate.group.cn="profile/fullname" autocreate.group.mail="profile/email" autocreate.group.givenName="profile/givenName" autocreate.group.sn="profile/familyName" autocreate.path="splitdn" cache.expiration="86400" cache.maxsize="1000"; };
