Level 6

Solved

AEM ldap Integration: How to sync groups from ldap users

Forum|Forum|3 years ago
February 15, 2023
3 replies
3633 views

Hello,

I'm using this modul to synchronize users from active directory. The sync action with users works well. My requriemtent is I also need to create groups which are the users are members of. How can I achive this?

Thanks in advanced.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by Magicr

I think I could solve my issue. by doing three things:

Disabling the option "Dynamic membership".
Add a slash at begin to properties where you can define users and groups are stored.
By using simple queries first I found out all my queries where "wrong", even though they generated valid results in AEM it self. The fields user extra filters and group extra filters does contains only the "second" part of a query.
Query example:
```
(&(objectClass=<person/group>)(|(memberOf=CN=sug-xxx,OU=groupfolder,DC=exampledomain,DC=com)(memberOf=CN=sug-yyy,OU=groupfolder,DC=exampledomain,DC=com))
```
So the working result for me was adding below query to filter fields:
```
(|(memberOf=CN=sug-xxx,OU=groupfolder,DC=exampledomain,DC=com)(memberOf=CN=sug-yyy,OU=groupfolder,DC=exampledomain,DC=com))
```
Due to the fact there exists no well explained examples at the Internet and by missleading log output this was a big exploration journey for me.😢😢

Saravanan_Dharmaraj

Community Advisor

Please check the below blog on how to set up the groups in AEM

https://www.tothenew.com/blog/ldap-integration-with-aem-apache-directory-server/

MagicrAuthor

Level 6

@saravanan_dharmaraj schrieb:

Please check the below blog on how to set up the groups in AEM

https://www.tothenew.com/blog/ldap-integration-with-aem-apache-directory-server/

Thanks for your answer. The posted link could not help me to solve my issue.

From offcial site from Adobe - https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/ldap-config.html?lang=en - I enabled the logging for ExternalLoginModule and Authatication.

The created log file contains a huge number of

org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.

Could it be the reason why I'm unable to get groups from ldap? How can I fix it? The research for this message points always here to an post in this forum. The containing link points to a todo list which I have already followed.

Chandra_Hire

Level 4

Hi @magicr

Please check the configuration for reference

HOW TO SYNCHRONIZE AEM WITH LDAP USERS AND GROUPS (aemsigma.blogspot.com)

M

makzare1463

Level 2

Through admin console you get ldap and group create with email start sync and integration.

MagicrAuthorAccepted solution

Level 6

I think I could solve my issue. by doing three things:

Disabling the option "Dynamic membership".
Add a slash at begin to properties where you can define users and groups are stored.
By using simple queries first I found out all my queries where "wrong", even though they generated valid results in AEM it self. The fields user extra filters and group extra filters does contains only the "second" part of a query.
Query example:
```
(&(objectClass=<person/group>)(|(memberOf=CN=sug-xxx,OU=groupfolder,DC=exampledomain,DC=com)(memberOf=CN=sug-yyy,OU=groupfolder,DC=exampledomain,DC=com))
```
So the working result for me was adding below query to filter fields:
```
(|(memberOf=CN=sug-xxx,OU=groupfolder,DC=exampledomain,DC=com)(memberOf=CN=sug-yyy,OU=groupfolder,DC=exampledomain,DC=com))
```
Due to the fact there exists no well explained examples at the Internet and by missleading log output this was a big exploration journey for me.😢😢

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded