LDAP Integration with AEM 6.5, I am facing issue while syncronizing external users.

Avatar

Avatar

adithyaa4585051

Avatar

adithyaa4585051

adithyaa4585051

14-03-2021

Hello All,

 

I am trying to implement LDAP Integration with AEM 6.5.

 

When I did my configutaion and click on sync .

 

Here are my configs:

 

Configuration:

org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider.config:
userPool.maxActive=L"8"
searchTimeout="60s"
host.name="ldap.xyz.com"
customattributes=[""]
adminPool.maxActive=L"8"
group.makeDnPath=B"false"
user.baseDN="cn\=user,ou\=service\ accounts,OU\=Accounts,DC\=xyz,DC\=com"
group.objectclass=["group"]
user.objectclass=["person"]
userPool.lookupOnValidate=B"true"
host.noCertCheck=B"false"
user.makeDnPath=B"false"
bind.dn="cn\=user,ou\=service\ accounts,OU\=Accounts,DC\=xyz,DC\=com"
group.baseDN="CN\=username,OU\=Security\ Groups,OU\=People\ and\ PCs,DC\=xyz,DC\=com"
group.extraFilter=""
user.extraFilter=""
host.port=I"389"
adminPool.lookupOnValidate=B"true"
useUidForExtId=B"false"
group.nameAttribute="name"
provider.name="ldap"
host.ssl=B"false"
host.tls=B"false"
user.idAttribute="sAMAccountName"
group.memberAttribute="uniquemember"


org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncHandler.config:

# Configuration created by Apache Sling JCR Installer
group.pathPrefix=""
user.dynamicMembership=B"false"
group.expirationTime="1d"
user.membershipExpTime="1h"
user.pathPrefix=""
user.propertyMapping=["profile/givenName\=givenName"]
handler.name="default"
enableRFC7613UsercaseMappedProfile=B"false"
user.autoMembership=[""]
user.expirationTime="1h"
group.propertyMapping=[""]
group.autoMembership=["administrators"]
user.disableMissing=B"false"
user.membershipNestingDepth=I"0"


org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModuleFactory.config:


# Configuration created by Apache Sling JCR Installer
jaas.controlFlag="SUFFICIENT"
jaas.ranking=I"15"
sync.handlerName="default"
jaas.realmName=""
idp.name="ldap"

 

 

when I click on sync external users I am getting this as below.:

14.03.2021 19:22:27.882 *INFO* [qtp1949559303-29600] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx.Delegatee Created delegatee for
SyncMBean with session: session-2241678 null

 Please elt me know if any changes are required to acheive it.

 

Thanks,
Adithya.

Accepted Solutions (1)

Accepted Solutions (1)

Answers (1)

Answers (1)

Avatar

Avatar

jbrar

Employee

Avatar

jbrar

Employee

jbrar
Employee

15-03-2021

Setup a DEBUG level logger on the following classes:

 

org.apache.jackrabbit.oak.security.authentication.ldap

org.apache.jackrabbit.oak.spi.security.authentication.external

 

Once done, try to access AEM via LDAP and notice what you get in the logs.

adithyaa4585051

Hello Jbar,

Here are my logs:

 

org.apache.directory.api.ldap.model.message.SearchRequestImpl@de3b6e06.
15.03.2021 09:09:31.450 *DEBUG* [HealthCheck Default Login Accounts] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getEntry: search below DC=nrgenergy,DC=com with (&(sAMAccountName=author)(objectclass=person)) found 0 entries.
15.03.2021 09:09:31.450 *DEBUG* [HealthCheck Default Login Accounts] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getUser(author) (connect=503.11us, lookup=4.70ms)
15.03.2021 09:09:31.450 *DEBUG* [HealthCheck Default Login Accounts] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule IDP NRG AD returned null for author
15.03.2021 09:09:32.385 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.389 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.391 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.393 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.395 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.397 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:34.327 *DEBUG* [sling-cq-polling-importer-4-myDataSource] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:37.363 *DEBUG* [10.99.80.61 [1615817377357] GET /libs/granite/csrf/token.json HTTP/1.1] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:37.415 *DEBUG* [10.99.80.61 [1615817377410] GET /libs/granite/csrf/token.json HTTP/1.1] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:37.467 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:37.473 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getEntry: using SearchRequest MessageType : SEARCH_REQUEST
Message ID : -1
SearchRequest
baseDn : 'DC=nrgenergy,DC=com'
filter : '(&(sAMAccountName=aalluri)(objectclass=person))'
scope : whole subtree
typesOnly : false
Size Limit : no limit
Time Limit : 60000
Deref Aliases : deref Always
attributes : '*'
org.apache.directory.api.ldap.model.message.SearchRequestImpl@25b2a193.
15.03.2021 09:09:37.474 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getEntry: search below DC=nrgenergy,DC=com with (&(sAMAccountName=bbasaur)(objectclass=person)) found 0 entries.
15.03.2021 09:09:37.474 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getUser(aalluri) (connect=4.81ms, lookup=674.73us)
15.03.2021 09:09:37.474 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule IDP NRG AD returned null for bbasaur