Expand my Community achievements bar.

SOLVED

LDAP Integration with AEM 6.5, I am facing issue while syncronizing external users.

Avatar

Level 2

Hello All,

 

I am trying to implement LDAP Integration with AEM 6.5.

 

When I did my configutaion and click on sync .

 

Here are my configs:

 

Configuration:

org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider.config:
userPool.maxActive=L"8"
searchTimeout="60s"
host.name="ldap.xyz.com"
customattributes=[""]
adminPool.maxActive=L"8"
group.makeDnPath=B"false"
user.baseDN="cn\=user,ou\=service\ accounts,OU\=Accounts,DC\=xyz,DC\=com"
group.objectclass=["group"]
user.objectclass=["person"]
userPool.lookupOnValidate=B"true"
host.noCertCheck=B"false"
user.makeDnPath=B"false"
bind.dn="cn\=user,ou\=service\ accounts,OU\=Accounts,DC\=xyz,DC\=com"
group.baseDN="CN\=username,OU\=Security\ Groups,OU\=People\ and\ PCs,DC\=xyz,DC\=com"
group.extraFilter=""
user.extraFilter=""
host.port=I"389"
adminPool.lookupOnValidate=B"true"
useUidForExtId=B"false"
group.nameAttribute="name"
provider.name="ldap"
host.ssl=B"false"
host.tls=B"false"
user.idAttribute="sAMAccountName"
group.memberAttribute="uniquemember"


org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncHandler.config:

# Configuration created by Apache Sling JCR Installer
group.pathPrefix=""
user.dynamicMembership=B"false"
group.expirationTime="1d"
user.membershipExpTime="1h"
user.pathPrefix=""
user.propertyMapping=["profile/givenName\=givenName"]
handler.name="default"
enableRFC7613UsercaseMappedProfile=B"false"
user.autoMembership=[""]
user.expirationTime="1h"
group.propertyMapping=[""]
group.autoMembership=["administrators"]
user.disableMissing=B"false"
user.membershipNestingDepth=I"0"


org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModuleFactory.config:


# Configuration created by Apache Sling JCR Installer
jaas.controlFlag="SUFFICIENT"
jaas.ranking=I"15"
sync.handlerName="default"
jaas.realmName=""
idp.name="ldap"

 

 

when I click on sync external users I am getting this as below.:

14.03.2021 19:22:27.882 *INFO* [qtp1949559303-29600] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx.Delegatee Created delegatee for
SyncMBean with session: session-2241678 null

 Please elt me know if any changes are required to acheive it.

 

Thanks,
Adithya.

1 Accepted Solution

Avatar

Correct answer by
Community Advisor
4 Replies

Avatar

Employee Advisor

Setup a DEBUG level logger on the following classes:

 

org.apache.jackrabbit.oak.security.authentication.ldap

org.apache.jackrabbit.oak.spi.security.authentication.external

 

Once done, try to access AEM via LDAP and notice what you get in the logs.

Avatar

Level 2

Hello Jbar,

Here are my logs:

 

org.apache.directory.api.ldap.model.message.SearchRequestImpl@de3b6e06.
15.03.2021 09:09:31.450 *DEBUG* [HealthCheck Default Login Accounts] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getEntry: search below DC=nrgenergy,DC=com with (&(sAMAccountName=author)(objectclass=person)) found 0 entries.
15.03.2021 09:09:31.450 *DEBUG* [HealthCheck Default Login Accounts] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getUser(author) (connect=503.11us, lookup=4.70ms)
15.03.2021 09:09:31.450 *DEBUG* [HealthCheck Default Login Accounts] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule IDP NRG AD returned null for author
15.03.2021 09:09:32.385 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.389 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.391 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.393 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.395 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.397 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:34.327 *DEBUG* [sling-cq-polling-importer-4-myDataSource] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:37.363 *DEBUG* [10.99.80.61 [1615817377357] GET /libs/granite/csrf/token.json HTTP/1.1] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:37.415 *DEBUG* [10.99.80.61 [1615817377410] GET /libs/granite/csrf/token.json HTTP/1.1] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:37.467 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:37.473 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getEntry: using SearchRequest MessageType : SEARCH_REQUEST
Message ID : -1
SearchRequest
baseDn : 'DC=nrgenergy,DC=com'
filter : '(&(sAMAccountName=aalluri)(objectclass=person))'
scope : whole subtree
typesOnly : false
Size Limit : no limit
Time Limit : 60000
Deref Aliases : deref Always
attributes : '*'
org.apache.directory.api.ldap.model.message.SearchRequestImpl@25b2a193.
15.03.2021 09:09:37.474 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getEntry: search below DC=nrgenergy,DC=com with (&(sAMAccountName=bbasaur)(objectclass=person)) found 0 entries.
15.03.2021 09:09:37.474 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getUser(aalluri) (connect=4.81ms, lookup=674.73us)
15.03.2021 09:09:37.474 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule IDP NRG AD returned null for bbasaur

Avatar

Correct answer by
Community Advisor

Avatar

Level 4

Were you able to find the solution to this issue? I'm having a similar problem with the null session.