LDAP Integration with AEM 6.5, I am facing issue while syncronizing external users.

Forum|Forum|4 years ago
March 15, 2021
3 replies
2700 views

Hello All,

I am trying to implement LDAP Integration with AEM 6.5.

When I did my configutaion and click on sync .

Here are my configs:

Configuration:

org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider.config:
userPool.maxActive=L"8"
searchTimeout="60s"
host.name="ldap.xyz.com"
customattributes=[""]
adminPool.maxActive=L"8"
group.makeDnPath=B"false"
user.baseDN="cn\=user,ou\=service\ accounts,OU\=Accounts,DC\=xyz,DC\=com"
group.objectclass=["group"]
user.objectclass=["person"]
userPool.lookupOnValidate=B"true"
host.noCertCheck=B"false"
user.makeDnPath=B"false"
bind.dn="cn\=user,ou\=service\ accounts,OU\=Accounts,DC\=xyz,DC\=com"
group.baseDN="CN\=username,OU\=Security\ Groups,OU\=People\ and\ PCs,DC\=xyz,DC\=com"
group.extraFilter=""
user.extraFilter=""
host.port=I"389"
adminPool.lookupOnValidate=B"true"
useUidForExtId=B"false"
group.nameAttribute="name"
provider.name="ldap"
host.ssl=B"false"
host.tls=B"false"
user.idAttribute="sAMAccountName"
group.memberAttribute="uniquemember"

org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncHandler.config:

# Configuration created by Apache Sling JCR Installer
group.pathPrefix=""
user.dynamicMembership=B"false"
group.expirationTime="1d"
user.membershipExpTime="1h"
user.pathPrefix=""
user.propertyMapping=["profile/givenName\=givenName"]
handler.name="default"
enableRFC7613UsercaseMappedProfile=B"false"
user.autoMembership=[""]
user.expirationTime="1h"
group.propertyMapping=[""]
group.autoMembership=["administrators"]
user.disableMissing=B"false"
user.membershipNestingDepth=I"0"

org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModuleFactory.config:

# Configuration created by Apache Sling JCR Installer
jaas.controlFlag="SUFFICIENT"
jaas.ranking=I"15"
sync.handlerName="default"
jaas.realmName=""
idp.name="ldap"

when I click on sync external users I am getting this as below.:

14.03.2021 19:22:27.882 *INFO* [qtp1949559303-29600] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx.Delegatee Created delegatee for
 SyncMBean with session: session-2241678 null

Please elt me know if any changes are required to acheive it.

Thanks,
Adithya.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by Shubham_borole

@adithyaa4585051
Please check this if it helps https://aemsigma.blogspot.com/2019/06/how-to-synchronize-aem-with-ldap-users.html

U

user05162

Adobe Employee

Setup a DEBUG level logger on the following classes:

org.apache.jackrabbit.oak.security.authentication.ldap

org.apache.jackrabbit.oak.spi.security.authentication.external

Once done, try to access AEM via LDAP and notice what you get in the logs.

adithyaa4585051Author

Level 2

Hello Jbar,

Here are my logs:

org.apache.directory.api.ldap.model.message.SearchRequestImpl@de3b6e06.
15.03.2021 09:09:31.450 *DEBUG* [HealthCheck Default Login Accounts] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getEntry: search below DC=nrgenergy,DC=com with (&(sAMAccountName=author)(objectclass=person)) found 0 entries.
15.03.2021 09:09:31.450 *DEBUG* [HealthCheck Default Login Accounts] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getUser(author) (connect=503.11us, lookup=4.70ms)
15.03.2021 09:09:31.450 *DEBUG* [HealthCheck Default Login Accounts] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule IDP NRG AD returned null for author
15.03.2021 09:09:32.385 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.389 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.391 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.393 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.395 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.397 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:34.327 *DEBUG* [sling-cq-polling-importer-4-myDataSource] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:37.363 *DEBUG* [10.99.80.61 [1615817377357] GET /libs/granite/csrf/token.json HTTP/1.1] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:37.415 *DEBUG* [10.99.80.61 [1615817377410] GET /libs/granite/csrf/token.json HTTP/1.1] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:37.467 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:37.473 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getEntry: using SearchRequest MessageType : SEARCH_REQUEST
Message ID : -1
SearchRequest
baseDn : 'DC=nrgenergy,DC=com'
filter : '(&(sAMAccountName=aalluri)(objectclass=person))'
scope : whole subtree
typesOnly : false
Size Limit : no limit
Time Limit : 60000
Deref Aliases : deref Always
attributes : '*'
org.apache.directory.api.ldap.model.message.SearchRequestImpl@25b2a193.
15.03.2021 09:09:37.474 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getEntry: search below DC=nrgenergy,DC=com with (&(sAMAccountName=bbasaur)(objectclass=person)) found 0 entries.
15.03.2021 09:09:37.474 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getUser(aalluri) (connect=4.81ms, lookup=674.73us)
15.03.2021 09:09:37.474 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule IDP NRG AD returned null for bbasaur