content authorization when AEM users and groups are are stored outside of AEM

Avatar

Avatar
Validate 1
Level 1
sanjeevdogra
Level 1

Likes

2 likes

Total Posts

7 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Boost 1
View profile

Avatar
Validate 1
Level 1
sanjeevdogra
Level 1

Likes

2 likes

Total Posts

7 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Boost 1
View profile
sanjeevdogra
Level 1

04-05-2016

We've AEM site hosted for public and authenticated users. Few sections of sites are only visible to authenticated users and we are controlling this through users and groups stored within AEM itself.

One of the requirement is to store users and groups in company shared user system. Due to security reason we cannot store any users in AEM.

If we externalize all our users/groups to an external system like LDAP or custom DB solution.

In this case how can I leverage AEM OOTB content authorization? what is the standard approach for public, authenticated users content authorization when users are stored outside from AEM?

Replies

Avatar

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,409 likes

Total Posts

12,671 posts

Correct reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,409 likes

Total Posts

12,671 posts

Correct reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile
smacdonald2008
Level 10

04-05-2016

If we externalize all our users/groups to an external system like LDAP

Many AEM developers use LDAP. However - when you configure AEM to use LDAP -- you have to import the LDAP users into AEM, and grant them appropriate permissions in AEM.

See this article for more details: https://helpx.adobe.com/experience-manager/using/configuring-aem6-apache-directory-service.html

Avatar

Avatar
Validate 1
Level 1
sanjeevdogra
Level 1

Likes

2 likes

Total Posts

7 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Boost 1
View profile

Avatar
Validate 1
Level 1
sanjeevdogra
Level 1

Likes

2 likes

Total Posts

7 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Boost 1
View profile
sanjeevdogra
Level 1

04-05-2016

Thanks for the reply,

We've ~4.5millions user currently stored in external system and which is going grow. We might not want to overload the repository with users instead keep all our user in current centralized source system. 

1. In this case, is there any best practice to store users outside AEM without syncing the users back with AEM? 

2. How to support the content authorization, should we store groups inside AEM OR content authorization can be achieved without having users/groups in AEM.