I am in the process of setting up authentication via Active Directory LDAP. I have it working just fine for everyone in my AD to log in to CQ5, but I actually have about 1000 AD users and only 10 will be using CQ, at least in our test phase. I would like the LDAP authentication process to only create new user accounts in CQ based on membership in an AD group. (Example: TestUser1 belongs to group AEM_USERS so their account is created when they log into AEM for the first time, but TestUser2 is not a member so their account doesn't get created) Is this possible? How do I define that within my LDAP_Login.conf file? I have tried a couple of settings, and I either get no one able to log in, or everyone able to log in. My AD tree is also very departmentalized, so I can't put everyone who is going to use the software in one directory, although I have created a group for these 10 developers that I can put put anywhere in the tree (right now it is at the root, i.e., "CN=CMS_Users,OU=CAES,DC=CAESAD,DC=UGA,DC=EDU").
Here is what I have at present:
userRoot="OU=CAES,DC=CAESAD,DC=UGA,DC=EDU"
userFilter="(objectclass=person)"
userIdAttribute="sAMAccountName"
groupRoot="OU=CAES,DC=CAESAD,DC=UGA,DC=EDU"
groupMembershipAttribute="uniquemember"
autocreate="create"
autocreate.user.mail="profile/email"
autocreate.user.givenname="profile/givenName"
autocreate.user.familyname="profile/sn"
autocreate.user.cn="rep:fullname"
autocreate.user.sn="cq:last-name"
autocreate.user.description="profile/aboutMe
autocreate.path="splitdn"
cache.expiration="600"
cache.maxsize="100";
Thanks!
Diana
Solved! Go to Solution.
Views
Replies
Total Likes
Diana,
the keya to your issue is the line
userFilter="(objectclass=person)"
I'm not an LDAp specialist, but your LDAP team should be able to give you the correct filter... any user not matching the filter will be ignored.
regards,
Ben
Views
Replies
Total Likes
Diana,
the keya to your issue is the line
userFilter="(objectclass=person)"
I'm not an LDAp specialist, but your LDAP team should be able to give you the correct filter... any user not matching the filter will be ignored.
regards,
Ben
Views
Replies
Total Likes