We've AEM site hosted for public and authenticated users. Few sections of sites are only visible to authenticated users and we are controlling this through users and groups stored within AEM itself.
One of the requirement is to store users and groups in company shared user system. Due to security reason we cannot store any users in AEM.
If we externalize all our users/groups to an external system like LDAP or custom DB solution.
In this case how can I leverage AEM OOTB content authorization? what is the standard approach for public, authenticated users content authorization when users are stored outside from AEM?
If we externalize all our users/groups to an external system like LDAP
Many AEM developers use LDAP. However - when you configure AEM to use LDAP -- you have to import the LDAP users into AEM, and grant them appropriate permissions in AEM.
See this article for more details: https://helpx.adobe.com/experience-manager/using/configuring-aem6-apache-directory-service.html
Thanks for the reply,
We've ~4.5millions user currently stored in external system and which is going grow. We might not want to overload the repository with users instead keep all our user in current centralized source system.
1. In this case, is there any best practice to store users outside AEM without syncing the users back with AEM?
2. How to support the content authorization, should we store groups inside AEM OR content authorization can be achieved without having users/groups in AEM.