Hi
I m using CQ(5.6.1) and LDAP(ApacheDS).
I have completed the ldap user sync to CQ, Now I have to do the group sync, groups have already been created in ldap, I have to add the user to the ldap groups dynamically depending on the country specific sites e.g. if user is trying to access the Worldwide site then I need to add that user to the worldwide group and same user group need to be synchronized to CQ whenever user gets synchronized with CQ.
However there is an attribute “autocreate.user.membership” through which we can add the user to a default group but here the prerequisite of case study is different.
I tried with the “memberOf” attribute and specify the group “dn” but when I am trying to add this property through java api, it’s throwing an error of SvcErr:DSID-031A11E5, problem 5003(WILL_NOT_PERFORM).
I have also tried to synchronize the admin user that client has provided, it contains all the attributes like “memberOf” and group “dn” value has already been specified for the memberOf attribute, through JMX(com.adobe.granite.ldap) and sync the user using syncUser method but only user is getting synchronized , group is not getting synchronized.
I have attached the ldap_login configuration file that I am using to connect to ldap.
I have followed the same web links but that did not work for group sync.
I am using AEM 5.6.1 and LDAP(Active Directory), I have completed the ldap user sync to CQ, Now I have to do the group sync, groups have already been created in ldap, I have to add the user to the ldap groups dynamically depending on the country specific sites e.g. if user is trying to access the Worldwide site then I need to add that user to the worldwide group and same user group need to be synchronized to CQ whenever user gets synchronized with CQ.
However there is an attribute “autocreate.user.membership” through which we can add the user to a default group but here the prerequisite of case study is different.
I tried with the “memberOf” attribute and specify the group “dn” but when I am trying to add this property through java api, it’s throwing an error of SvcErr:DSID-031A11E5, problem 5003(WILL_NOT_PERFORM).
I have also tried to synchronize the admin user that client has provided, it contains all the attributes like “memberOf” and group “dn” value has already been specified for the memberOf attribute, through JMX(com.adobe.granite.ldap) and sync the user using syncUser method but only user is getting synchronized , group is not getting synchronized.
I have attached the ldap_login configuration file that I am using to connect to ldap.
Solved! Go to Solution.
Views
Replies
Total Likes
you have to use callback mechanishm whenever user is synced. Follow this : http://dev.day.com/docs/en/crx/current/administering/ldap_authentication.html#CALLBACKS
1. mention this parameter syncCallbackClass in ldap_login.conf
2. get the userid from map
3. Assign the user to the group you want.
Views
Replies
Total Likes
you have to use callback mechanishm whenever user is synced. Follow this : http://dev.day.com/docs/en/crx/current/administering/ldap_authentication.html#CALLBACKS
1. mention this parameter syncCallbackClass in ldap_login.conf
2. get the userid from map
3. Assign the user to the group you want.
Views
Replies
Total Likes
I have tried that but repo session is not available in the callback class, i have also tried to get the repo session through jndi but this also didn't work. Everytime, it throws a repository exception.
Views
Replies
Total Likes
I have fixed that issue. In order to do group sync, we need to add couple of attributes :
autocreate.group.localadmin="admin"
autocreate.group.uniquemember="uniquemember" and
add member attribute to group in ldap and pass the user dn value to that.
Views
Replies
Total Likes
Views
Likes
Replies