When an individual user (not yet registered in CRX) attempts to login, CRX authenticates against LDAP and if authentication is successful then that user is synchronized with CRX. So, How to force synchronization of LDAP users with CRX so that rights can be assigned before the user first tries to login?
This question is answered in this link for CRX 2.3 - I have similar issue and unable to find any solution in AEM 6.0.0.SP2.
Solution mentioned in above link doesn't work because AEM 6 don't have com.adobe.granite.ldap MBeans registered under JMX Web Console.
What's best way to solve this issue to force authorization of LDAP users with AEM ? I want to add users to AEM [from LDAP] and at the same time wanna add them to pre-defined AEM Groups [without them required to sign-in AEM].
Thanks,
Solved! Go to Solution.
Views
Replies
Total Likes
Sync on demand=sync while login. This is a available feature in the ldap config.
Views
Replies
Total Likes
Views
Replies
Total Likes
Thanks Kalyanar,
We followed AEM 6 Docs to configure and connect to LDAP.
While clicking on "External Identity Synchronization Management" on JMX console, it throws 404. Not sure what's wrong.
Problem accessing /system/console/jmx/org.apache.jackrabbit.oak:handler%3d%22sync.corpAD%22%2cidp%3d%22corpAD%22%2cname%3dExternal%2bIdentity%2bSynchronization%2bManagement%2ctype%3dUserManagement. Reason:
Not Found
Is there any detail documentation to implement enforcement to sync. LDAP users in AEM.
Thanks,
Views
Replies
Total Likes
Did you configure LDAP yet? I think it will work only after LDAP is configured
Views
Replies
Total Likes
Yep, LDAP is already configured on the server.
I can add LDAP [active directory] user in AEM directly. Problem I am running into is after user is added in AEM, new user need to signin to AEM [authenticated] before we can add them to any AEM Groups.
It looks like AEM don't authenticates against newly added user unless he/she log into AEM. I want to force authenticate/synchronize LDAP users with AEM so appropriate user/groups rights can be assigned within AEM before they try to login.
Views
Replies
Total Likes
Just TBC, are you talking about http://jackrabbit.apache.org/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/...)
Views
Replies
Total Likes
Yes that looks to be correct.
Is there any way to configure this within AEM ? If not, then what's best way to sync users whenever user is added? [I am new to AEM development]. Also document indicates that it'll be expensive call so any way to optimize it?
Thanks,
Views
Replies
Total Likes
LDAP can be configured to sync users on login. Since you wanted to add users before, you need either syncallusers or syncexternalusers (you need to send used ids as json like
["<dn>"]
Views
Replies
Total Likes
the best performance optimization is to sync on demand(while login as opposed to sync once in a while)
Views
Replies
Total Likes
How can I sync on demand? Can you please provide some sample to do that?
Thanks,
Views
Replies
Total Likes
Sync on demand=sync while login. This is a available feature in the ldap config.
Views
Replies
Total Likes
That don't solve problem I mentioned earlier..
How to force synchronization of LDAP users with AEM6 so that rights can be assigned before the user first tries to login?
Is there any documentation to follow to achieve this?
Views
Replies
Total Likes
Hi All,
I have ldap configured on AEM6.0SP2 - when I try to go to ldap jmx console I get
Problem accessing /system/console/jmx/org.apache.jackrabbit.oak%3Ahandler%3D%22lbow-ldap-sync%22%2Cidp%3D%22lbow-ldap%22%2Cname%3DExternal+Identity+Synchronization+Management%2Ctype%3DUserManagement. Reason:
Not Found
Powered by Jetty://
But I am able to login using my ldap credentials, but I need to perform purgeOrphaned users and syncexternal users again, but the operations are not accessible from jmx anymore, as I keep getting this 404 error.
The same configuration is working fine on our other environments, so it can't be anything to do with configurations we use. There's nothing on the logs except
Could anyone help us with this issue. thanks.
Views
Replies
Total Likes
Vipal, did you ever find a solution to this? We're on AEM 6.2 and are having the same issue. Once a user authenticates, he's added to AEM from LDAP and belongs to xyz AEM groups, which also came from LDAP. But if I update the user and add him to a group, and then login again as that user (or sync manually via JMX Console as admin), the new group never appears in AEM. There seems to be a caching issue as AEM doesn't go back to LDAP since that user logged in before. I cannot figure out how to disable caching, for purposes of syncing.
Views
Replies
Total Likes
Views
Likes
Replies