Expand my Community achievements bar.

Join us in celebrating the outstanding achievement of our AEM Community Member of the Year!
SOLVED

Integration of AEM with LDAP

Avatar

Level 5

Hi Team,

I have certain queries regarding Integration of AEM with LDAP:-

1. While integrating AEM with LDAP do we require SSO.

2. Currently, we have integrated AEM with LDAP without SSO, it is working but while creating the login page for a web application do we need Custom Authentication Handler, or what would be the best practice for the same.

3. In our project, there will be multiple user groups, we will be enabling the Closed user group functionality on certain pages after login. Will this be effective if we use Custom Authentication Handler or do we need to add a separate business logic.

4. After integrating AEM with LDAP, we have to manually sync the users using syncAllExternalUsers() options. Can there be a solution to resolve the same?

with regards,

Richa Chaubey

1 Accepted Solution

Avatar

Correct answer by
Employee

1. While integrating AEM with LDAP do we require SSO.

- Not really.

2. Currently, we have integrated AEM with LDAP without SSO, it is working but while creating the login page for a web application do we need Custom Authentication Handler, or what would be the best practice for the same.

- Is it an intranet application ? Would the end-users be using LDAP login credentialss to login into your Web app ?

3. In our project, there will be multiple user groups, we will be enabling the Closed user group functionality on certain pages after login. Will this be effective if we use Custom Authentication Handler or do we need to add a separate business logic.

- This should still work OOTB. If users can login, are part of the CUG group and have the access to the content  This should just work.

4. After integrating AEM with LDAP, we have to manually sync the users using syncAllExternalUsers() options. Can there be a solution to resolve the same?

- You can use the LDAP jmx mbeans to sync all users in one go or can rely on auto-create users so once the users login, the users are created with default set of groups.

View solution in original post

3 Replies

Avatar

Level 10

Watch this GEMS session that covers LDAP - it covers a lot of useful information -- Oak's External Login Module - Authenticating with LDAP and Beyond

Avatar

Correct answer by
Employee

1. While integrating AEM with LDAP do we require SSO.

- Not really.

2. Currently, we have integrated AEM with LDAP without SSO, it is working but while creating the login page for a web application do we need Custom Authentication Handler, or what would be the best practice for the same.

- Is it an intranet application ? Would the end-users be using LDAP login credentialss to login into your Web app ?

3. In our project, there will be multiple user groups, we will be enabling the Closed user group functionality on certain pages after login. Will this be effective if we use Custom Authentication Handler or do we need to add a separate business logic.

- This should still work OOTB. If users can login, are part of the CUG group and have the access to the content  This should just work.

4. After integrating AEM with LDAP, we have to manually sync the users using syncAllExternalUsers() options. Can there be a solution to resolve the same?

- You can use the LDAP jmx mbeans to sync all users in one go or can rely on auto-create users so once the users login, the users are created with default set of groups.

Avatar

Employee

Hi Kunwaar,

Suppose, if my requirement is just to preload all LDAP users in AEM  and do not use LDAP authentication after preloading, can i remove the LDAP Configuration after completion of JMX call?

Does it create any issue?

We are planning to preload and then SAML based authentication.

Regards,