Expand my Community achievements bar.

SOLVED

AEM transport user

Avatar

Level 2

what is the role of the transport user in AEM, is this user configured only on the publish instance or the user exists on both instances. 

1 Accepted Solution

Avatar

Correct answer by
Level 2

Hi Lincoln

From what I can tell, and from the response above as well: 

  1. The transport user is used to perform the move of items from the originating system to the destination system. So in terms of replication, from author to publish. For reverse replication, the other way around. 
  2. The transport user must exist on both sides, so you would create it on author and then replicate it on publish
  3. You first run replication using the admin user, and then change to a custom user (the transport user mentioned above) afterwards. You would specify the permissions needed for this user based on your use case, what needs to be replicated. 

I think I have that correct, but I am hoping some of the other experts on here will chip in on whether or not I am 100% on the money. 

View solution in original post

3 Replies

Avatar

Administrator

Please have a look at this documentation:

Link:- https://docs.adobe.com/docs/en/aem/6-0/administer/security/security-checklist.html#Configure%20repli...

// The transport user should not be the admin user. Rather, set up a user on the publish system that has only access rights to the relevant portions of the publish system and use that user's credentials for the transport.

You can start from the bundled replication-receiver user and configure this user's access rights to match your situation

 

KB Article :- https://helpx.adobe.com/experience-manager/kb/transport_user_kb.html

//

You should be able to publish using any user account with admin level privileges. However, these privileges must be assigned on the target (publish) server, not just the author server (the initial transport user as the local 'admin' account and then change transport users after the initial sync).

Add a new user to the AEM Author instance. Navigate to http://localhost:4502/useradmin and create a new user account using the Create User button (such as testuser1, but you can skip this step if you already have a suitable account available either via LDAP or in the local repository).
Grant the new user Administrator privileges. Drag the new user account to the administrators group and save changes.
Create a new empty package to hold the user permissions. Go to the Package Manager interface on author (http://localhost:4502/crx/packmgr/index.jsp) and use the Create Package button to add a new package (such as the name user test and the group my_package, but these values are arbitrary).
Add the new users and permissions to the package. Edit the package and add the following filters: /home/groups/a/administrators /home/users/system/testuser1*.  Replace with the path/name of your admin user.
Build the new package. Click Build to assemble the package.
Configure replication for one Publish instance from Author using the built-in Admin credential and test the connection. Go to the Agents on Author settings panel and set up a connection to one of the Publish agents in your cluster. Edit the connection to specify the URL to your Publish instance and enter the transport credentials for the default local admin user. Test that connection and verify that there are no issues with the agent (http://localhost:4502/etc/replication/agents.author.html).
Duplicate the replication agent. Open CRXDE and navigate to the following node: /etc/replication/agents.author/publish. Copy that node and paste as many additional copies as needed into the parent node (/etc/replication/agents.author/).
Customize each of the additional agents. Open each copied agent and modify the transportUri property to point to the correct address for each target publish server.
Replicate the new user to each publish instance. Navigate to the Packages tree (http://localhost:4502/miscadmin#/etc/packages) and find the package you created in step 5. Select the appropriate package and click Activate.
Verify that the new settings have replicated successfully and change your replication transport to use the new user. Repeat step 6 using the new credential. If the new replication test is successful, copy the new transportUser and transportPassword values from this instance to the other replication agents created in step 7.
This procedure is simplified for use with testing. You may be able to further automate some of these steps using code as well, specifically the duplication of the publish agents and updating the transport users/passwords.

Please have a look at the links mentioned, it would help you.

~kautuk



Kautuk Sahni

Avatar

Correct answer by
Level 2

Hi Lincoln

From what I can tell, and from the response above as well: 

  1. The transport user is used to perform the move of items from the originating system to the destination system. So in terms of replication, from author to publish. For reverse replication, the other way around. 
  2. The transport user must exist on both sides, so you would create it on author and then replicate it on publish
  3. You first run replication using the admin user, and then change to a custom user (the transport user mentioned above) afterwards. You would specify the permissions needed for this user based on your use case, what needs to be replicated. 

I think I have that correct, but I am hoping some of the other experts on here will chip in on whether or not I am 100% on the money.