Expand my Community achievements bar.

SOLVED

AEM LDAP Integration in AEM 6.3

Avatar

Former Community Member

In AEM 6.3, we are doing AEM- LDAP integration. While searching I have found “Adobe Granite SAML 2.0 Authentication Handler” which we can use for LDAP integration. Also, we have three other LDAP osgi services to connect to LDAP [“Apache Jackrabbit Oak LdapIdentityProvider”, “Apache jackrabbit oak DefaultSyncHandler” and “Apache jackrabbit oak External Login Module”]. So, I have two questions -

1. I am trying to understand which one to use? Should I use SAM2.0 Authentication Handler or the LDAP services?

2. Also, once we define the OSGi configuration, where is the handshake mechanism between AEM and ldap which picks the credentials from the form and validates against ldap. Any pointers will be highly appreciated.

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

1) No, there is a separate configuration for LDAP. check [1]

2) AEM will query the LDAP server to validate the user and create a user locally in AEM based on the data.

SAML handler should be used for SSO(Okta,ADFS etc.) and is not applicable for LDAP. Check [1] on more details about configuring LDAP with the config names.

[1] Configuring LDAP with AEM 6

View solution in original post

2 Replies

Avatar

Correct answer by
Employee Advisor

1) No, there is a separate configuration for LDAP. check [1]

2) AEM will query the LDAP server to validate the user and create a user locally in AEM based on the data.

SAML handler should be used for SSO(Okta,ADFS etc.) and is not applicable for LDAP. Check [1] on more details about configuring LDAP with the config names.

[1] Configuring LDAP with AEM 6

Avatar

Former Community Member

JaideepBrar​ - Which is the handshake service (do you know service name) between AEM and ldap which picks the credentials from the form and validates against ldap. Is it OOTB authentication service ? or do we need to write this manually?

2. Can't we use the SAML Osgi service to configure LDAP? Is it not preferred or is it not possible?