Hello,
i asked question before, but question moderator set initial answer as ‘Solved Answer’ even answer did not solve my question. Therefore, I am creating new discussion here.
When I create custom attribute “testattribute” in Active Directory and assigned to group class.
Then in Apache Jackrabbit Oak LDAP Identity Provider, set Group object class = group, and set Group name attribute = testattribute Group member attribute = blank
Then sync using Jmx console
But when I checked useradmin, no group name is synced. My expectation is, value n testattribute should be synced in useradmin group name. I only see default group everyone.
I think this happens because AEM LDAP could not check membership of user?
When I configure standard Active Directory user group sync shown below, user and group are successfully synced. I think because Group member attribute = member lets AEM LDAP back check if user belongs to the group.
Apache Jackrabbit Oak LDAP Identity Provider
User object classes = person organizationalPerson
User ID attribute sAMAccountName
Group object classes = group
Group Name attribute = sAMAccountName
Group Member attribute = member
in Windows Active Directory, member attribute in Group includes user names which belong to this Group.
I think - AEM LDAP back checks this member, and only if user name found in member, AEM LDAP adds group name in user in useradmin. This is my guess.
Anyway, my objective is to sync custom attribute as a group name in useradmin.
I created AEM question, and initial answer was, I have to create member attribute which has members for the group attribute.
I need to know if there is a way to disable AEM behavior to check member attribute before adding custom group attribute to user.
