Expand my Community achievements bar.

SOLVED

AEM Integration: How to import groups from ldap into AEM?

Avatar

Level 7

Hello,

currently I'm trying to import users and groups from ldap to AEM reporsitory. I followed the steps from https://aem4beginner.blogspot.com/how-to-synchronize-ldap-users-and . The general import of users into AEM works. My question is how to import groups? I double checked the defined ldap filter with an ldap browser and according this program there are no errors. I checked the error.log and other log files, there no errors.

Thanks in advanced

1 Accepted Solution

Avatar

Correct answer by
Level 7

Thanks for your answer. Accendently I found a salution for my problem just now. All existing documententation don't describe in detail how this module exactly work . Here a small explaination for further visitors:

First thing: You cannot import any ldap groups only.

In configuration "Ldap Identity provider" you can define a user filter. If you define a group filter as well every single ldap user will apply with defined group filter. I found it out by reading the debug output. In general the attribute member in group object contains the member of this group. At the end of the dialog exists a configuration field wich allows you to connect each filters together.

After this and the others configuration, the result is: only the groups will be imported which are used by previously selected users.

View solution in original post

5 Replies

Avatar

Level 1

@Magicr  Assuming that you have configured "Group base DN" property for LDAP Identity Provider and make sure  that your group Base DN is correct because there could be a possibility that users and groups belongs to different DN.

Read here more about similar issue:
https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/activedirectory-group-sync...

 

Avatar

Correct answer by
Level 7

Thanks for your answer. Accendently I found a salution for my problem just now. All existing documententation don't describe in detail how this module exactly work . Here a small explaination for further visitors:

First thing: You cannot import any ldap groups only.

In configuration "Ldap Identity provider" you can define a user filter. If you define a group filter as well every single ldap user will apply with defined group filter. I found it out by reading the debug output. In general the attribute member in group object contains the member of this group. At the end of the dialog exists a configuration field wich allows you to connect each filters together.

After this and the others configuration, the result is: only the groups will be imported which are used by previously selected users.

Avatar

Employee Advisor

@Magicr in case you run into an issue creating a filter than the LDAP query browser tool are a lightweight way to test and then you can map the attributes in aem.

Avatar

Level 7

That's what I also did, because an ldap browser is more comfortable way to create and debug queries