Solved
AEM LDAP Synchronization scheduler
We have set up multiple OUs in AEM and SSON is working. How do we schedule a synchronization daily, weekly, etc?
This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Hi @crich2784 ,
In order to have LDAP and User Synchronisation working with AEM, you need to create three OSGi configurations:
- An LDAP Identity Provider (IDP).
- A Sync Handler.
- An External Login Module.
Since you mentioned, SSO is working, you can check below properties to set expiration of the user.
Once the user is expired, and it will login again, the user will be synced.
But this process could slow down user login, hence the other way is to sync the users through an automated process,
which is to create a scheduled service in the backend to access the Mbean Server and run syncAllUsers() at some interval.
package my.project.scheduled;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.metatype.annotations.AttributeDefinition;
import org.osgi.service.metatype.annotations.AttributeType;
import org.osgi.service.metatype.annotations.Designate;
import org.osgi.service.metatype.annotations.ObjectClassDefinition;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import java.lang.management.ManagementFactory;
/**
* Service to invoke the syncAllUsers() method of org.apache.jackrabbit.oak
* so AEM users can be synced with LDAP.
* */
@Component(
immediate = true,
configurationPid = "my.project.scheduled.SyncUsersService"
)
@Designate(ocd = SyncUsersService.Configuration.class)
public class SyncUsersService implements Runnable{
protected static Logger logger = LoggerFactory.getLogger(SyncUsersService.class);
@Activate
public void activate(Configuration config){}
/**
* Runs the implementation at the scheduled interval
*
* @return void
* */
@Override
public void run() {
logger.info("Starting LDAP Sync Service");
MBeanServer mBeanServer = ManagementFactory.getPlatformMBeanServer();
ObjectName objectName = null;
try {
objectName = new ObjectName("org.apache.jackrabbit.oak:handler=\"Active Directory\","
+ "idp=\"Active Directory\",name=External Identity Synchronization Management,type=UserManagement");
mBeanServer.invoke(objectName, "syncAllUsers", new Object[]{true},
new String[]{boolean.class.getName()});
} catch (Exception e) {
logger.error("Error while running the Mbean to sync users with LDAP. ", e);
}
}
@ObjectClassDefinition(name="LDAP User Sync Service")
public @interface Configuration {
@AttributeDefinition(
name = "Expression",
description = "Cron-job expression. Default: run every 30 min.",
type = AttributeType.STRING)
String scheduler_expression() default "0 */30 * ? * *";
}
}
Also you can refer to this article for more details -
https://kbwebconsult.com/aem-automatic-user-synchronization-with-ldap/
https://jackrabbit.apache.org/oak/docs/security/authentication/usersync.html
Thanks,
Chitra
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.