Does changing password of an ldap user in AEM makes the user local to AEM?

SurendraKonatha

11-02-2019

If we change the password of an LDAP user in AEM 6.4 (Users > Edit User > Change Password) , the user will no longer be able to login using LDAP credentials. We understand that this is the purpose of LDAP user that password need to always be validated from ldap and not AEM local. We wanted to confirm this, we could not find any documentation mentioning this. 

We can obverse a new property rep:password is added to the user on changing the password. Also LDAP user node name is like userid[ldapid] while AEM user is like userid (screenshot below)

Screen Shot 2019-02-08 at 3.38.45 PM copy.png

Also other than deleting the user from AEM and having then relogin using LDAP credentials, is there any other solution to reset the user  so they can always using LDAP credentials?

Accepted Solutions (1)

Accepted Solutions (1)

SurendraKonatha

11-02-2019

Here's some details/solution:

LDAP user’ password should not be changed in AEM. If such a change is done, then AEM stores the user’s password within AEM and from then on the user is validated against the password stored in AEM and not from LDAP.

If such a change is done on AEM, the solution to reset the user is to Delete user from AEM and have them re-login using LDAP credentials. This allows AEM to register the user as an LDAP user.

AEM also follows an order between the login methods. The configuration will be listed under <server>/system/console/jaas

A typical ranking is

  • AEM local user.. if not then LDAP (Higher rank comes first)

Untitled.png

Answers (0)