AEM with Active Directory | Community
Skip to main content
francisco_ribei
francisco_ribei
November 16, 2015
Solved

AEM with Active Directory

  • November 16, 2015
  • 9 replies
  • 3117 views

Hi,

Does anyone have set AEM log against an AD Server and Sync the groups?

I am able to log using an user from LDAP and Sync it on AEM, but the groups are not being imported. Could someone help me on this?

The Group Base DN is correct.

For Group Object Class I'm using: group

And for Group Member Attribute: member

Any help is welcome.

Thanks

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by ogill

Hi,

So you see nothing when you set debug level logging?[1]

what value have you set for "User membership nesting depth"[2]?

Regards,

Opkar

[1] https://docs.adobe.com/docs/en/aem/6-1/administer/security/ldap-config.html#Enabling debug logging

[2https://docs.adobe.com/docs/en/aem/6-1/administer/security/ldap-config.html#Configuring The Synchronization Handler

9 replies

Lokesh_Shivalingaiah
Lokesh_Shivalingaiah
November 16, 2015

Only Users get syncd. You need to create mapping for the group which is already existing in crx to be mapped when the user is created/syncd from LdAP

Lokesh_Shivalingaiah
Lokesh_Shivalingaiah
November 16, 2015

Refer [1] for the same

autocreate.user.membership="contributor" is the property to be used to map to the existing group when use is auto created.

[1] https://docs.adobe.com/docs/en/cq/5-6-1/core/administering/ldap_authentication.html

francisco_ribei
francisco_ribeiAuthor
November 16, 2015

Hi bloski,

So AEM doesn´t bring the Groups from AD to the repository?

francisco_ribei
francisco_ribeiAuthor
November 16, 2015

Hi,

I am using 6.1, is this config valid for 6.1 as well?

Thanks

Lokesh_Shivalingaiah
Lokesh_Shivalingaiah
November 17, 2015

Yes... You need to create the LDAP groups in AEM and you can map to the same group while syncing the users. Its mainly to sync the users.

O
Adobe Employee
ogillAdobe Employee
Adobe Employee
November 17, 2015

As far as I can remember, and it has been a while since I used LDAP, you should be able to synch users and groups. The documentation does mention this[1], see below

A Word on Group Affiliation

Users synchronized through LDAP can be part of different groups in AEM. These groups can be external LDAP groups that will be added to AEM as part of the synchronization process, but they can also be groups that are added separately and are not part of the original LDAP group affiliation scheme.

 

EDIT: have you enabled debugging for LDAP to see what is going on?

Regards,

Opkar

[1] https://docs.adobe.com/docs/en/aem/6-1/administer/security/ldap-config.html

[2] https://github.com/Adobe-Marketing-Cloud/aem-ldap-tutorial

francisco_ribei
francisco_ribeiAuthor
November 17, 2015

Hi Opkar,

I've enabled the ldap log, but it doesn't display anything about groups sync.

It just displays the user authenticating against the AD server.

Is there any other configuration that I can check?

Thanks

O
Adobe Employee
ogillAdobe EmployeeAccepted solution
Adobe Employee
November 17, 2015

Hi,

So you see nothing when you set debug level logging?[1]

what value have you set for "User membership nesting depth"[2]?

Regards,

Opkar

[1] https://docs.adobe.com/docs/en/aem/6-1/administer/security/ldap-config.html#Enabling debug logging

[2https://docs.adobe.com/docs/en/aem/6-1/administer/security/ldap-config.html#Configuring The Synchronization Handler

francisco_ribei
francisco_ribeiAuthor
December 8, 2015

Hi opkar,

I was able to make the group sync. As you said I didn't set the User membership nesting depth, so I set that to 1.

And another thing was to change the  Group object classes  to be group and the  Group member attribute  to member.

Thanks for your help.   

Terms & ConditionsAccessibility statement

Loading footer...