Expand my Community achievements bar.

SOLVED

AEM ldap Integration: How to sync groups from ldap users

Avatar

Level 7
Level 7
2/15/23 2:19:29 AM

Hello,

I'm using this modul to synchronize users from active directory. The sync action with users works well. My requriemtent is I also need to create groups which are the users are  members of. How can I achive this?

 

Thanks in advanced.  

Views

2.0K

Replies

8
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 7
Level 7
2/20/23 2:21:20 AM

I think I could solve my issue. by doing three things:

  1. Disabling the option "Dynamic membership".
  2. Add a slash at begin to properties where you can define users and groups are stored.
  3. By using simple queries first I found out all my queries where "wrong", even though they generated valid results in AEM it self. The fields user extra filters and group extra filters does contains only the "second" part of a query.
    Query example: 
    (&(objectClass=<person/group>)(|(memberOf=CN=sug-xxx,OU=groupfolder,DC=exampledomain,DC=com)(memberOf=CN=sug-yyy,OU=groupfolder,DC=exampledomain,DC=com))
    So the working result for me was adding below query to filter fields: 
    (|(memberOf=CN=sug-xxx,OU=groupfolder,DC=exampledomain,DC=com)(memberOf=CN=sug-yyy,OU=groupfolder,DC=exampledomain,DC=com))
    Due to the fact there exists no well explained examples at the Internet and by missleading log output this was a big exploration journey for me.

 

View solution in original post

Views

1.9K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
8 Replies

Avatar

Level 7
Level 7
2/15/23 6:16:39 AM
In response to Saravanan_Dharmaraj
@Saravanan_Dharmaraj  schrieb:

Please check the below blog on how to set up the groups in AEM

https://www.tothenew.com/blog/ldap-integration-with-aem-apache-directory-server/ 

Thanks for your answer. The posted link could not help me to solve my issue.

From offcial site from Adobe - https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/ldap-config.htm... - I enabled the logging for ExternalLoginModule and Authatication.

The created log file contains a huge number of 

 org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.

Could it be the reason why I'm unable to get groups from ldap? How can I fix it? The research for this message points always here to an post in this forum. The containing link points to a todo list which I have already followed.

 

Views

2.0K

Replies

4
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 7
Level 7
2/15/23 6:41:47 AM
In response to Chandra_Hire

I followed this list on a fresh new instance and it could not fix the issue. Users are imported, groups not.

Views

2.0K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 7
Level 7
2/15/23 7:40:08 AM
In response to Magicr

Maybe I found a helpful log entry who disappears between all lines of debug output. The following output is

*DEBUG* [qtp31820972-1821] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getDeclaredGroupRefs: search below OU=xxx,DC=example,DC=com with (& (xxx)) found 0 entries. (connect=1,99ms, search=963,00us, iterate=2,38ms)

Actually this makes sense why groups are not created.

Views

2.0K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 5
Level 5
2/15/23 12:48:46 PM
In response to Magicr

Please check with LDAP administrator for value of 'Bind DN' & 'Group DN' configuration in Identity Provider OSGi configuraiton. 

Views

2.0K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
2/15/23 11:39:38 AM

Through admin console you get ldap and group create with email start sync and integration.

Views

2.0K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Level 7
Level 7
2/20/23 2:21:20 AM

I think I could solve my issue. by doing three things:

  1. Disabling the option "Dynamic membership".
  2. Add a slash at begin to properties where you can define users and groups are stored.
  3. By using simple queries first I found out all my queries where "wrong", even though they generated valid results in AEM it self. The fields user extra filters and group extra filters does contains only the "second" part of a query.
    Query example: 
    (&(objectClass=<person/group>)(|(memberOf=CN=sug-xxx,OU=groupfolder,DC=exampledomain,DC=com)(memberOf=CN=sug-yyy,OU=groupfolder,DC=exampledomain,DC=com))
    So the working result for me was adding below query to filter fields: 
    (|(memberOf=CN=sug-xxx,OU=groupfolder,DC=exampledomain,DC=com)(memberOf=CN=sug-yyy,OU=groupfolder,DC=exampledomain,DC=com))
    Due to the fact there exists no well explained examples at the Internet and by missleading log output this was a big exploration journey for me.

 

Views

1.9K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
AEM headless architecture Solved

Views

106

Likes

0

Replies

4
Passing parameters to Sling Model methods Solved

Views

111

Likes

0

Replies

2
The dynamic table previews correctly in HTML, but when converted to PDF, the page is cut off.

Views

44

Likes

0

Replies

0
Integrate splunk with aemaacs

Views

40

Likes

0

Replies

1
How to Render the different version of Header for Specific Pages Using Experience Fragments in AEM?

Views

90

Likes

0

Replies

2