Expand my Community achievements bar.

SOLVED

Does changing password of an ldap user in AEM makes the user local to AEM?

Avatar

Former Community Member
2/11/19 6:15:28 AM

If we change the password of an LDAP user in AEM 6.4 (Users > Edit User > Change Password) , the user will no longer be able to login using LDAP credentials. We understand that this is the purpose of LDAP user that password need to always be validated from ldap and not AEM local. We wanted to confirm this, we could not find any documentation mentioning this. 

We can obverse a new property rep:password is added to the user on changing the password. Also LDAP user node name is like userid[ldapid] while AEM user is like userid (screenshot below)

Screen Shot 2019-02-08 at 3.38.45 PM copy.png

Also other than deleting the user from AEM and having then relogin using LDAP credentials, is there any other solution to reset the user  so they can always using LDAP credentials?

Views

1.6K

Replies

1

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Former Community Member
2/11/19 8:57:32 AM

Here's some details/solution:

LDAP user’ password should not be changed in AEM. If such a change is done, then AEM stores the user’s password within AEM and from then on the user is validated against the password stored in AEM and not from LDAP.

If such a change is done on AEM, the solution to reset the user is to Delete user from AEM and have them re-login using LDAP credentials. This allows AEM to register the user as an LDAP user.

AEM also follows an order between the login methods. The configuration will be listed under <server>/system/console/jaas

A typical ranking is

  • AEM local user.. if not then LDAP (Higher rank comes first)

Untitled.png

View solution in original post

Views

1.5K

Replies

0

Total Likes

Translate
Translate
Jump to reply
1 Reply

Avatar

Correct answer by
Former Community Member
2/11/19 8:57:32 AM

Here's some details/solution:

LDAP user’ password should not be changed in AEM. If such a change is done, then AEM stores the user’s password within AEM and from then on the user is validated against the password stored in AEM and not from LDAP.

If such a change is done on AEM, the solution to reset the user is to Delete user from AEM and have them re-login using LDAP credentials. This allows AEM to register the user as an LDAP user.

AEM also follows an order between the login methods. The configuration will be listed under <server>/system/console/jaas

A typical ranking is

  • AEM local user.. if not then LDAP (Higher rank comes first)

Untitled.png

Views

1.5K

Replies

0

Total Likes

Translate
Translate
Jump to reply
The following has evaluated to null or missing: ==> liqladmin("SELECT id, value FROM metrics WHERE id = 'net_accepted_solutions' and user.id = '${acceptedAnswer.author.id}'").data.items [in template "analytics-container" at line 83, column 41] ---- Tip: It's the step after the last dot that caused this error, not those before it. ---- Tip: If the failing expression is known to be legally refer to something that's sometimes null or missing, either specify a default value like myOptionalVar!myDefault, or use <#if myOptionalVar??>when-present<#else>when-missing. (These only cover the last step of the expression; to cover the whole expression, use parenthesis: (myOptionalVar.foo)!myDefault, (myOptionalVar.foo)?? ---- ---- FTL stack trace ("~" means nesting-related): - Failed at: #assign answerAuthorNetSolutions = li... [in template "analytics-container" at line 83, column 5] ----