Expand my Community achievements bar.

Submissions are now open for the 2026 Adobe Experience Maker Awards.
Apply Now

Mark Solution

This conversation has been locked due to inactivity. Please create a new post.

SOLVED

AEM with Active Directory

Avatar

Level 6
Level 6
11/16/15 10:42:21 AM

Hi,

Does anyone have set AEM log against an AD Server and Sync the groups?

I am able to log using an user from LDAP and Sync it on AEM, but the groups are not being imported. Could someone help me on this?

The Group Base DN is correct.

For Group Object Class I'm using: group

And for Group Member Attribute: member

Any help is welcome.

Thanks

Views

3.0K

Replies

9
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee
Employee
11/17/15 6:50:05 AM

Hi,

So you see nothing when you set debug level logging?[1]

what value have you set for "User membership nesting depth"[2]?

Regards,

Opkar

[1] https://docs.adobe.com/docs/en/aem/6-1/administer/security/ldap-config.html#Enabling debug logging

[2https://docs.adobe.com/docs/en/aem/6-1/administer/security/ldap-config.html#Configuring The Synchronization Handler

View solution in original post

Views

2.3K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
9 Replies

Avatar

Level 10
Level 10
11/16/15 10:54:16 AM

Only Users get syncd. You need to create mapping for the group which is already existing in crx to be mapped when the user is created/syncd from LdAP

Views

2.3K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
11/16/15 10:55:50 AM

Refer [1] for the same

autocreate.user.membership="contributor" is the property to be used to map to the existing group when use is auto created.

[1] https://docs.adobe.com/docs/en/cq/5-6-1/core/administering/ldap_authentication.html

Views

2.3K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 6
Level 6
11/16/15 11:02:37 AM

Hi bloski,

So AEM doesn´t bring the Groups from AD to the repository?

Views

2.3K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 6
Level 6
11/16/15 11:06:47 AM

Hi,

I am using 6.1, is this config valid for 6.1 as well?

Thanks

Views

2.3K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
11/16/15 6:47:08 PM

Yes... You need to create the LDAP groups in AEM and you can map to the same group while syncing the users. Its mainly to sync the users.

Views

2.3K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee
Employee
11/16/15 11:52:48 PM

As far as I can remember, and it has been a while since I used LDAP, you should be able to synch users and groups. The documentation does mention this[1], see below

A Word on Group Affiliation

Users synchronized through LDAP can be part of different groups in AEM. These groups can be external LDAP groups that will be added to AEM as part of the synchronization process, but they can also be groups that are added separately and are not part of the original LDAP group affiliation scheme.

 

EDIT: have you enabled debugging for LDAP to see what is going on?

Regards,

Opkar

[1] https://docs.adobe.com/docs/en/aem/6-1/administer/security/ldap-config.html

[2] https://github.com/Adobe-Marketing-Cloud/aem-ldap-tutorial

Views

2.3K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 6
Level 6
11/17/15 3:40:43 AM

Hi Opkar,

I've enabled the ldap log, but it doesn't display anything about groups sync.

It just displays the user authenticating against the AD server.

Is there any other configuration that I can check?

Thanks

Views

2.3K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Employee
Employee
11/17/15 6:50:05 AM

Hi,

So you see nothing when you set debug level logging?[1]

what value have you set for "User membership nesting depth"[2]?

Regards,

Opkar

[1] https://docs.adobe.com/docs/en/aem/6-1/administer/security/ldap-config.html#Enabling debug logging

[2https://docs.adobe.com/docs/en/aem/6-1/administer/security/ldap-config.html#Configuring The Synchronization Handler

Views

2.3K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 6
Level 6
12/8/15 7:30:41 AM

Hi opkar,

I was able to make the group sync. As you said I didn't set the User membership nesting depth, so I set that to 1.

And another thing was to change the  Group object classes  to be group and the  Group member attribute  to member.

Thanks for your help.   

Views

2.3K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
AEM Authoring and Asset Renditions Solved

Views

78

Likes

0

Replies

3
Local AEM Error - HTTP ERROR 500 Server Error

Views

213

Likes

0

Replies

1
Issue with Receiving Duplicate Emails in AEM Cloud Scheduler

Views

321

Likes

0

Replies

2
AEM as cloud and Generic List (ACS Commons) DAM metadata Schema - Options not saving in the dropdown

Views

827

Likes

0

Replies

2
Can we use Microsoft OpenJDK11 with AEMaaCS ?

Views

206

Likes

0

Replies

2