The Problem: We have CQ integrated with the external portal, the portal sends user information i.e. username and authorization token (passsword) in the request headers, this request is for the CQ Publish instance AEM version 6.0. We have to validate the user against client provided LDAP. How we can achieve this ?
Things tried so far : Followed the AEM 6 Docs to configure and connect to LDAP. Next tried login with the directory provided user in CQ, CQ tries to connect and query the user via LDAP request (provided in the config) and fetches and creates the corresponding user in crx, so that the user details are cached and LDAP requests are not fired for the same user when he/she tries to login again. However this user created in CQ has no information for the password i.e no password fetched in ldap request and updated in crx. So the authentication to CQ fails. In short after adding configuration CQ connects directories via LDAP, fetches user details, but doesn't fetches password of that user and this causes authentication to be failed.
Looking for best way to do this. Any alternative approaches are welcome. See below configurations added.
LdapIdentityProvider searchTimeout="60s" host.name="***" group.makeDnPath=B"false" user.baseDN="ou\=people,dc\=***,dc\=com" group.objectclass=["groupOfUniqueNames"] user.objectclass=["person","**","**"] host.noCertCheck=B"false" user.makeDnPath=B"false" bind.dn="uid\=***,ou\=***,ou\=***,dc\=***,dc\=com" group.baseDN="ou\=groups,o\=example,dc\=com" group.extraFilter="" user.extraFilter="" host.port=I"389" bind.password="***" group.nameAttribute="cn" host.ssl=B"false" provider.name="***" host.tls=B"false" user.idAttribute="uid" group.memberAttribute="uniquemember" ExternalLoginModuleFactory jaas.controlFlag="SUFFICIENT" jaas.ranking=I"50" sync.handlerName="***" jaas.realmName="" idp.name="***" DefaultSyncHandler group.pathPrefix="" group.expirationTime="1d" user.membershipExpTime="1h" user.pathPrefix="" user.propertyMapping=["rep:email\=mail","rep:fullName\=cn","profile/email\=mail","profile/familyName\=sn","profile/givenName\=gn"] handler.name="qaldapsync" user.autoMembership=[""] user.expirationTime="1h" group.propertyMapping=["description\=description","rep:email\=mail","rep:fullname\=cn"] user.membershipNestingDepth=I"0" group.autoMembership=[""]
