Expand my Community achievements bar.

Radically easy to access on brand approved content for distribution and omnichannel performant delivery. AEM Assets Content Hub and Dynamic Media with OpenAPI capabilities is now GA.

AEM LDAP Sync with Active Directory custom attribute


Level 1



i asked question before, but question moderator set initial answer as ‘Solved Answer’ even answer did not solve my question. Therefore, I am creating new discussion here.


When I create custom attribute “testattribute” in Active Directory and assigned to group class.

Then in Apache Jackrabbit Oak LDAP Identity Provider, set Group object class = group, and set Group name attribute = testattribute  Group member attribute = blank

Then sync using Jmx console

But when I checked useradmin, no group name is synced. My expectation is, value n testattribute should be synced in useradmin group name. I only see default group everyone.


I think this happens because AEM LDAP could not check membership of user?



When I configure standard Active Directory user group sync shown below, user and group are successfully synced. I think because Group member attribute = member lets AEM LDAP back check if user belongs to the group.


Apache Jackrabbit Oak LDAP Identity Provider

User object classes = person organizationalPerson


User ID attribute sAMAccountName


Group object classes = group


Group Name attribute = sAMAccountName


Group Member attribute = member

in Windows Active Directory, member attribute in Group includes user names which belong to this Group.

I think - AEM LDAP back checks this member, and only if user name found in member, AEM LDAP adds group name in user in useradmin. This is my guess.


Anyway, my objective is to sync custom attribute as a group name in useradmin.


I created AEM question, and initial answer was, I have to create member attribute which has members for the group attribute.
I need to know if there is a way to disable AEM behavior to check member attribute before adding custom group attribute to user.



0 Replies