I have created ldap configuration in AEM 6.3(see attached) which enable to connect with ldap successfully & all user information get created in AEM but unable to sync few groups. Specially those groups which start with Aem* even with out any group.extraFilter = " " also.
Error in logs "org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext Existing authorizable 'Aem-test-local-administrators' is not a group from this IDP 'ldap' "
I want to highlight that same configuration working in AEM 6.1.
Recommend you to check and follow the documentation:- Configuring LDAP with AEM 6
See this AEM 6 integration with LDAP
//syncAllUsers does not bring all your ldap users to aem. it only syncs existing local users from ldap. local users are created on first login or manually by calling syncUsers() method. see documentation here-
Also make sure to add IdP Certificate to the AEM TrustStore:- https://helpx.adobe.com/experience-manager/6-3/sites/administering/using/saml-2-0-authenticationhand... to Groups
Thanks for sharing the information but i have already gone through these documents & did not find anything which explain troubleshooting of group issues.
Adding IdP Certificate to the AEM TrustStore is only required when we are using SAML authentication handler which is not valid in my case.
I am using PpenLdap. OpenLdap uses the memberUid attribute to identify members of a group and not uniqueMember.
uniqueMember is the full DN which is also what oak uses for querying groups for members. Hence my users are not found in groups.
memberUid = pjones
uniqueMember = cn=Peter Jones,ou=users,dc=example,dc=com