LDAP Integration with AEM 6.5, I am facing issue while syncronizing external users.

Avatar

Avatar
Validate 1
Level 1
adithyaa4585051
Level 1

Likes

2 likes

Total Posts

12 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Boost 1
Applaud 5
View profile

Avatar
Validate 1
Level 1
adithyaa4585051
Level 1

Likes

2 likes

Total Posts

12 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Boost 1
Applaud 5
View profile
adithyaa4585051
Level 1

14-03-2021

Hello All,

 

I am trying to implement LDAP Integration with AEM 6.5.

 

When I did my configutaion and click on sync .

 

Here are my configs:

 

Configuration:

org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider.config:
userPool.maxActive=L"8"
searchTimeout="60s"
host.name="ldap.xyz.com"
customattributes=[""]
adminPool.maxActive=L"8"
group.makeDnPath=B"false"
user.baseDN="cn\=user,ou\=service\ accounts,OU\=Accounts,DC\=xyz,DC\=com"
group.objectclass=["group"]
user.objectclass=["person"]
userPool.lookupOnValidate=B"true"
host.noCertCheck=B"false"
user.makeDnPath=B"false"
bind.dn="cn\=user,ou\=service\ accounts,OU\=Accounts,DC\=xyz,DC\=com"
group.baseDN="CN\=username,OU\=Security\ Groups,OU\=People\ and\ PCs,DC\=xyz,DC\=com"
group.extraFilter=""
user.extraFilter=""
host.port=I"389"
adminPool.lookupOnValidate=B"true"
useUidForExtId=B"false"
group.nameAttribute="name"
provider.name="ldap"
host.ssl=B"false"
host.tls=B"false"
user.idAttribute="sAMAccountName"
group.memberAttribute="uniquemember"


org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncHandler.config:

# Configuration created by Apache Sling JCR Installer
group.pathPrefix=""
user.dynamicMembership=B"false"
group.expirationTime="1d"
user.membershipExpTime="1h"
user.pathPrefix=""
user.propertyMapping=["profile/givenName\=givenName"]
handler.name="default"
enableRFC7613UsercaseMappedProfile=B"false"
user.autoMembership=[""]
user.expirationTime="1h"
group.propertyMapping=[""]
group.autoMembership=["administrators"]
user.disableMissing=B"false"
user.membershipNestingDepth=I"0"


org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModuleFactory.config:


# Configuration created by Apache Sling JCR Installer
jaas.controlFlag="SUFFICIENT"
jaas.ranking=I"15"
sync.handlerName="default"
jaas.realmName=""
idp.name="ldap"

 

 

when I click on sync external users I am getting this as below.:

14.03.2021 19:22:27.882 *INFO* [qtp1949559303-29600] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx.Delegatee Created delegatee for
SyncMBean with session: session-2241678 null

 Please elt me know if any changes are required to acheive it.

 

Thanks,
Adithya.

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Boost 100
Level 6
snbaem
Level 6

Likes

115 likes

Total Posts

245 posts

Correct reply

36 solutions
Top badges earned
Boost 100
Springboard
Establish
Validate 25
Validate 10
View profile

Avatar
Boost 100
Level 6
snbaem
Level 6

Likes

115 likes

Total Posts

245 posts

Correct reply

36 solutions
Top badges earned
Boost 100
Springboard
Establish
Validate 25
Validate 10
View profile
snbaem
Level 6

16-03-2021

Answers (1)

Answers (1)

Avatar

Avatar
Coach
Employee
jbrar
Employee

Likes

389 likes

Total Posts

869 posts

Correct reply

283 solutions
Top badges earned
Coach
Establish
Give Back 50
Give Back 5
Give Back 3
View profile

Avatar
Coach
Employee
jbrar
Employee

Likes

389 likes

Total Posts

869 posts

Correct reply

283 solutions
Top badges earned
Coach
Establish
Give Back 50
Give Back 5
Give Back 3
View profile
jbrar
Employee

15-03-2021

Setup a DEBUG level logger on the following classes:

 

org.apache.jackrabbit.oak.security.authentication.ldap

org.apache.jackrabbit.oak.spi.security.authentication.external

 

Once done, try to access AEM via LDAP and notice what you get in the logs.

adithyaa4585051

Hello Jbar,

Here are my logs:

 

org.apache.directory.api.ldap.model.message.SearchRequestImpl@de3b6e06.
15.03.2021 09:09:31.450 *DEBUG* [HealthCheck Default Login Accounts] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getEntry: search below DC=nrgenergy,DC=com with (&(sAMAccountName=author)(objectclass=person)) found 0 entries.
15.03.2021 09:09:31.450 *DEBUG* [HealthCheck Default Login Accounts] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getUser(author) (connect=503.11us, lookup=4.70ms)
15.03.2021 09:09:31.450 *DEBUG* [HealthCheck Default Login Accounts] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule IDP NRG AD returned null for author
15.03.2021 09:09:32.385 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.389 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.391 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.393 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.395 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.397 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:34.327 *DEBUG* [sling-cq-polling-importer-4-myDataSource] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:37.363 *DEBUG* [10.99.80.61 [1615817377357] GET /libs/granite/csrf/token.json HTTP/1.1] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:37.415 *DEBUG* [10.99.80.61 [1615817377410] GET /libs/granite/csrf/token.json HTTP/1.1] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:37.467 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:37.473 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getEntry: using SearchRequest MessageType : SEARCH_REQUEST
Message ID : -1
SearchRequest
baseDn : 'DC=nrgenergy,DC=com'
filter : '(&(sAMAccountName=aalluri)(objectclass=person))'
scope : whole subtree
typesOnly : false
Size Limit : no limit
Time Limit : 60000
Deref Aliases : deref Always
attributes : '*'
org.apache.directory.api.ldap.model.message.SearchRequestImpl@25b2a193.
15.03.2021 09:09:37.474 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getEntry: search below DC=nrgenergy,DC=com with (&(sAMAccountName=bbasaur)(objectclass=person)) found 0 entries.
15.03.2021 09:09:37.474 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getUser(aalluri) (connect=4.81ms, lookup=674.73us)
15.03.2021 09:09:37.474 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule IDP NRG AD returned null for bbasaur