AEM 6.4 LDAP Group Sync Issue with AWS Directory Service Provider

ManojSj

17-06-2020

We have observed that the LDAP query for groups is not triggering consistently as observed in loggers because of which Group Sync failing [only users sync is successful ]. Referred the configuration as per link- https://helpx.adobe.com/experience-manager/6-3/sites/administering/using/ldap-config.html

We are using 6.4 version of AEM and the sample LDIF file and configurations are mentioned below. Could you please let us know if something is wrong with the below configurations or steps followed.

 

Configurations:

# Apache Jackrabbit Oak LDAP Identity Provider

userPool.maxActive=L"8"

searchTimeout="60s"

host.name="xxxxx"

customattributes=[""]

adminPool.maxActive=L"8"

group.makeDnPath=B"false"

user.baseDN="dc\=example,dc\=ps,dc\=com"

group.objectclass=["group"]

user.objectclass=["person"]

userPool.lookupOnValidate=B"true"

host.noCertCheck=B"false"

user.makeDnPath=B"true"

bind.dn="CN\=ldaplookupuser,CN\=Users,DC\=example,DC\=com"

group.baseDN="CN\=Group,DC\=example,DC\=com"

group.extraFilter="(objectCategory\=group)"

user.extraFilter=""

host.port=I"3268"

bind.password="xxxxx"

adminPool.lookupOnValidate=B"true"

group.nameAttribute="CN"

provider.name="ldap"

host.ssl=B"false"

host.tls=B"false"

user.idAttribute="sAMAccountName"

group.memberAttribute="member"

 

# Apache Jackrabbit Oak Default Sync Handler

group.pathPrefix="/aemldapusers/ldap"

user.dynamicMembership=B"false"

group.expirationTime="1d"

user.membershipExpTime="1h"

user.pathPrefix="/aemldapusers/ldap"

user.propertyMapping=["rep:fullname\=cn","profile/email\=mail"]

handler.name="default"

enableRFC7613UsercaseMappedProfile=B"false"

user.autoMembership=["contributor"]

user.expirationTime="1h"

group.propertyMapping=[""]

group.autoMembership=[""]

user.disableMissing=B"false"

user.membershipNestingDepth=I"2"

 

# Apache Jackrabbit Oak External Login Module

jaas.controlFlag="SUFFICIENT"

jaas.ranking=I"50"

sync.handlerName="default"

jaas.realmName=""

idp.name="ldap"

 

LDIF File Snippet:

dn: CN=DnsUpdateProxy,CN=Users,DC=example,DC=com

objectClass: top

objectClass: group

 

cn: DnsUpdateProxy

description: DNS clients who are permitted to perform dynamic updates on behalf of some other clients (such as DHCP servers).

instanceType: 4

whenCreated: 20200212074609.0Z

whenChanged: 20200212074609.0Z

uSNCreated: 3603

uSNChanged: 3603

name: DnsUpdateProxy

objectGUID:: fC+OYNPR1Um6d65Uctstpw==

objectSid:: AQUAAAAAAAUVAAAAlvzxoCLKglAqEEnqTgQAAA==

sAMAccountName: DnsUpdateProxy

sAMAccountType: 268435456

groupType: -2147483646

objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=example,DC=com

distinguishedName: CN=DnsUpdateProxy,CN=Users,DC=example,DC=com

 

dn: CN=DnsAdmins,CN=Users,DC=example,DC=com

objectClass: top

objectClass: group

cn: DnsAdmins

description: DNS Administrators Group

instanceType: 4

whenCreated: 20200212074609.0Z

whenChanged: 20200212074609.0Z

uSNCreated: 3602

uSNChanged: 3602

name: DnsAdmins

objectGUID:: uWRuKJKD7ESxSosncblwHA==

objectSid:: AQUAAAAAAAUVAAAAlvzxoCLKglAqEEnqTQQAAA==

sAMAccountName: DnsAdmins

sAMAccountType: 536870912

groupType: -2147483644

objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=example,DC=com

distinguishedName: CN=DnsAdmins,CN=Users,DC=example,DC=com

 

dn: CN=everyone,CN=Users,DC=example,DC=com

objectClass: top

objectClass: group

cn: everyone

description: everyone

instanceType: 4

whenCreated: 20200218143504.0Z

uSNCreated: 3764

name: everyone

objectGUID:: L8ujcWUxvUq9wZnuOMiOBw==

objectSid:: AQUAAAAAAAUVAAAAlvzxoCLKglAqEEnqRAYAAA==

sAMAccountName: everyone

sAMAccountType: 268435456

groupType: -2147483646

objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=example,DC=com

member: CN=john.doe,CN=Users,DC=example,DC=com

whenChanged: 20200218144440.0Z

uSNChanged: 3765

distinguishedName: CN=everyone,CN=Users,DC=example,DC=com

 

dn: CN=admin,CN=Users,DC=example,DC=com

objectClass: top

objectClass: group

cn: admin

description: test admin

instanceType: 4

whenCreated: 20200212165214.0Z

uSNCreated: 3757

name: admin

objectGUID:: nByiLbz5fUqur+MgO+1i+Q==

objectSid:: AQUAAAAAAAUVAAAAlvzxoCLKglAqEEnqQQYAAA==

sAMAccountName: admin

sAMAccountType: 268435456

groupType: -2147483646

objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=example,DC=com

member: CN=john.doe,CN=Users,DC=example,DC=com

member: CN=billy.joel,CN=Users,DC=example,DC=com

whenChanged: 20200212165805.0Z

uSNChanged: 3762

distinguishedName: CN=admin,CN=Users,DC=example,DC=com

 

AEM AEM 6.4 authentication Groups LDAP LDAPADSync

Accepted Solutions (1)

Accepted Solutions (1)

vanegi

Employee

13-07-2020

Solution provided here in this post by Leo :- https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-6-4-ldap-group-sync-is...

 

To display html tags in HTL add context ='html' while printing the value. 

In your scenario ${article.title @ context='html'} should fix the issue. 

 

Answers (0)