Adobe Experience Manager Sites & More

andrewj40704587 · 3/24/16

Hello,

I have configured LDAP authentication in AEM 6.1 by creating an OSGI config directly in /system/console/configMgr. In order to implement that without manually doing it in the console, I would have to create a config in our code base under config.author. However, this would mean including the password for the bind account in our code base, exposing it to a large number of developers and other staff. Is there a better way to do it in AEM 6.x?

I've read that versions earlier than 6.0 could use a jaas.conf file in the local filesystem, which would work for me, but in 6.0 Oak started doing things differently.

Lokesh_Shivalingaiah · 3/24/16

Actually, you can create these config nodes with dummy data and manage it to the code base via package manager. So it wont be installed on every deployment. Once you install it using the package manager, control the access to this config folder via ACLs and configure it once per environment. Hope that should work.

andrewj40704587 · 3/25/16

That is a good idea, and should help. Can you comment on how to restrict users from being able to see/modify the LDAP config/password in the following places (or anywhere else it might be visible)?

JCR node using "crx/de”
Using OSGi configMgr
Package Manager

I'm thinking denying read permission to the node would hide it in crx/de, but I'm not sure about the others

Adobe Experience Manager Sites & More

AEM 6.x LDAP Config?

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe