We have observed that the LDAP query for groups is not triggering consistently as observed in loggers because of which Group Sync failing [only users sync is successful ]. Referred the configuration as per link- https://helpx.adobe.com/experience-manager/6-3/sites/administering/using/ldap-config.html
We are using 6.4 version of AEM and the sample LDIF file and configurations are mentioned below. Could you please let us know if something is wrong with the below configurations or steps followed.
Configurations:
# Apache Jackrabbit Oak LDAP Identity Provider
userPool.maxActive=L"8"
searchTimeout="60s"
host.name="xxxxx"
customattributes=[""]
adminPool.maxActive=L"8"
group.makeDnPath=B"false"
user.baseDN="dc\=example,dc\=ps,dc\=com"
group.objectclass=["group"]
user.objectclass=["person"]
userPool.lookupOnValidate=B"true"
host.noCertCheck=B"false"
user.makeDnPath=B"true"
bind.dn="CN\=ldaplookupuser,CN\=Users,DC\=example,DC\=com"
group.baseDN="CN\=Group,DC\=example,DC\=com"
group.extraFilter="(objectCategory\=group)"
user.extraFilter=""
host.port=I"3268"
bind.password="xxxxx"
adminPool.lookupOnValidate=B"true"
group.nameAttribute="CN"
provider.name="ldap"
host.ssl=B"false"
host.tls=B"false"
user.idAttribute="sAMAccountName"
group.memberAttribute="member"
# Apache Jackrabbit Oak Default Sync Handler
group.pathPrefix="/aemldapusers/ldap"
user.dynamicMembership=B"false"
group.expirationTime="1d"
user.membershipExpTime="1h"
user.pathPrefix="/aemldapusers/ldap"
user.propertyMapping=["rep:fullname\=cn","profile/email\=mail"]
handler.name="default"
enableRFC7613UsercaseMappedProfile=B"false"
user.autoMembership=["contributor"]
user.expirationTime="1h"
group.propertyMapping=[""]
group.autoMembership=[""]
user.disableMissing=B"false"
user.membershipNestingDepth=I"2"
# Apache Jackrabbit Oak External Login Module
jaas.controlFlag="SUFFICIENT"
jaas.ranking=I"50"
sync.handlerName="default"
jaas.realmName=""
idp.name="ldap"
LDIF File Snippet:
dn: CN=DnsUpdateProxy,CN=Users,DC=example,DC=com
objectClass: top
objectClass: group
cn: DnsUpdateProxy
description: DNS clients who are permitted to perform dynamic updates on behalf of some other clients (such as DHCP servers).
instanceType: 4
whenCreated: 20200212074609.0Z
whenChanged: 20200212074609.0Z
uSNCreated: 3603
uSNChanged: 3603
name: DnsUpdateProxy
objectGUID:: fC+OYNPR1Um6d65Uctstpw==
objectSid:: AQUAAAAAAAUVAAAAlvzxoCLKglAqEEnqTgQAAA==
sAMAccountName: DnsUpdateProxy
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=example,DC=com
distinguishedName: CN=DnsUpdateProxy,CN=Users,DC=example,DC=com
dn: CN=DnsAdmins,CN=Users,DC=example,DC=com
objectClass: top
objectClass: group
cn: DnsAdmins
description: DNS Administrators Group
instanceType: 4
whenCreated: 20200212074609.0Z
whenChanged: 20200212074609.0Z
uSNCreated: 3602
uSNChanged: 3602
name: DnsAdmins
objectGUID:: uWRuKJKD7ESxSosncblwHA==
objectSid:: AQUAAAAAAAUVAAAAlvzxoCLKglAqEEnqTQQAAA==
sAMAccountName: DnsAdmins
sAMAccountType: 536870912
groupType: -2147483644
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=example,DC=com
distinguishedName: CN=DnsAdmins,CN=Users,DC=example,DC=com
dn: CN=everyone,CN=Users,DC=example,DC=com
objectClass: top
objectClass: group
cn: everyone
description: everyone
instanceType: 4
whenCreated: 20200218143504.0Z
uSNCreated: 3764
name: everyone
objectGUID:: L8ujcWUxvUq9wZnuOMiOBw==
objectSid:: AQUAAAAAAAUVAAAAlvzxoCLKglAqEEnqRAYAAA==
sAMAccountName: everyone
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=example,DC=com
member: CN=john.doe,CN=Users,DC=example,DC=com
whenChanged: 20200218144440.0Z
uSNChanged: 3765
distinguishedName: CN=everyone,CN=Users,DC=example,DC=com
dn: CN=admin,CN=Users,DC=example,DC=com
objectClass: top
objectClass: group
cn: admin
description: test admin
instanceType: 4
whenCreated: 20200212165214.0Z
uSNCreated: 3757
name: admin
objectGUID:: nByiLbz5fUqur+MgO+1i+Q==
objectSid:: AQUAAAAAAAUVAAAAlvzxoCLKglAqEEnqQQYAAA==
sAMAccountName: admin
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=example,DC=com
member: CN=john.doe,CN=Users,DC=example,DC=com
member: CN=billy.joel,CN=Users,DC=example,DC=com
whenChanged: 20200212165805.0Z
uSNChanged: 3762
distinguishedName: CN=admin,CN=Users,DC=example,DC=com
Solved! Go to Solution.
Topics help categorize Community content and increase your ability to discover relevant content.
Views
Replies
Total Likes
Solution provided here in this post by Leo :- https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-6-4-ldap-group-sync-is...
To display html tags in HTL add context ='html' while printing the value.
In your scenario ${article.title @ context='html'} should fix the issue.
Views
Replies
Total Likes
Solution provided here in this post by Leo :- https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-6-4-ldap-group-sync-is...
To display html tags in HTL add context ='html' while printing the value.
In your scenario ${article.title @ context='html'} should fix the issue.
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies