I have created ldap configuration in AEM 6.3(see attached) which enable to connect with ldap successfully & all user information get created in AEM but unable to sync few groups. Specially those groups which start with Aem* even with out any group.extraFilter = " " also.
Error in logs "org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext Existing authorizable 'Aem-test-local-administrators' is not a group from this IDP 'ldap' "
I want to highlight that same configuration working in AEM 6.1.
It should work the same way as it did in AEM 6.1. There has been no changes (not documented anyhow) that would account for this not workign like it did in AEM 6.1.
Yes that's true it should work same way but can't figured out why these groups (Aem-*) does not synch and no changes to the groups also. Same thing is working in 6.1 on same machine but not for 6.3
Recommend you to check and follow the documentation:- Configuring LDAP with AEM 6
See this AEM 6 integration with LDAP
//syncAllUsers does not bring all your ldap users to aem. it only syncs existing local users from ldap. local users are created on first login or manually by calling syncUsers() method. see documentation here-
Also make sure to add IdP Certificate to the AEM TrustStore:- https://helpx.adobe.com/experience-manager/6-3/sites/administering/using/saml-2-0-authenticationhand... to Groups
Thanks for sharing the information but i have already gone through these documents & did not find anything which explain troubleshooting of group issues.
Adding IdP Certificate to the AEM TrustStore is only required when we are using SAML authentication handler which is not valid in my case.
I am using PpenLdap. OpenLdap uses the memberUid attribute to identify members of a group and not uniqueMember.
uniqueMember is the full DN which is also what oak uses for querying groups for members. Hence my users are not found in groups.
memberUid = pjones
uniqueMember = cn=Peter Jones,ou=users,dc=example,dc=com
After redeploy LDAP configurations It works for me on AEM 6.3 with same configuration used in AEm 6.1.
We are using group.baseDN and group.extraFilter for identifying members.