Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

LDAP Integration with AEM 6.5, I am facing issue while syncronizing external users.

adithyaa4585051
Level 2
Level 2

Hello All,

 

I am trying to implement LDAP Integration with AEM 6.5.

 

When I did my configutaion and click on sync .

 

Here are my configs:

 

Configuration:

org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider.config:
userPool.maxActive=L"8"
searchTimeout="60s"
host.name="ldap.xyz.com"
customattributes=[""]
adminPool.maxActive=L"8"
group.makeDnPath=B"false"
user.baseDN="cn\=user,ou\=service\ accounts,OU\=Accounts,DC\=xyz,DC\=com"
group.objectclass=["group"]
user.objectclass=["person"]
userPool.lookupOnValidate=B"true"
host.noCertCheck=B"false"
user.makeDnPath=B"false"
bind.dn="cn\=user,ou\=service\ accounts,OU\=Accounts,DC\=xyz,DC\=com"
group.baseDN="CN\=username,OU\=Security\ Groups,OU\=People\ and\ PCs,DC\=xyz,DC\=com"
group.extraFilter=""
user.extraFilter=""
host.port=I"389"
adminPool.lookupOnValidate=B"true"
useUidForExtId=B"false"
group.nameAttribute="name"
provider.name="ldap"
host.ssl=B"false"
host.tls=B"false"
user.idAttribute="sAMAccountName"
group.memberAttribute="uniquemember"


org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncHandler.config:

# Configuration created by Apache Sling JCR Installer
group.pathPrefix=""
user.dynamicMembership=B"false"
group.expirationTime="1d"
user.membershipExpTime="1h"
user.pathPrefix=""
user.propertyMapping=["profile/givenName\=givenName"]
handler.name="default"
enableRFC7613UsercaseMappedProfile=B"false"
user.autoMembership=[""]
user.expirationTime="1h"
group.propertyMapping=[""]
group.autoMembership=["administrators"]
user.disableMissing=B"false"
user.membershipNestingDepth=I"0"


org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModuleFactory.config:


# Configuration created by Apache Sling JCR Installer
jaas.controlFlag="SUFFICIENT"
jaas.ranking=I"15"
sync.handlerName="default"
jaas.realmName=""
idp.name="ldap"

 

 

when I click on sync external users I am getting this as below.:

14.03.2021 19:22:27.882 *INFO* [qtp1949559303-29600] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx.Delegatee Created delegatee for
SyncMBean with session: session-2241678 null

 Please elt me know if any changes are required to acheive it.

 

Thanks,
Adithya.

1 Accepted Solution
snbaem
Correct answer by
Community Advisor
Community Advisor
3 Replies
jbrar
Employee
Employee

Setup a DEBUG level logger on the following classes:

 

org.apache.jackrabbit.oak.security.authentication.ldap

org.apache.jackrabbit.oak.spi.security.authentication.external

 

Once done, try to access AEM via LDAP and notice what you get in the logs.

adithyaa4585051
Level 2
Level 2

Hello Jbar,

Here are my logs:

 

org.apache.directory.api.ldap.model.message.SearchRequestImpl@de3b6e06.
15.03.2021 09:09:31.450 *DEBUG* [HealthCheck Default Login Accounts] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getEntry: search below DC=nrgenergy,DC=com with (&(sAMAccountName=author)(objectclass=person)) found 0 entries.
15.03.2021 09:09:31.450 *DEBUG* [HealthCheck Default Login Accounts] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getUser(author) (connect=503.11us, lookup=4.70ms)
15.03.2021 09:09:31.450 *DEBUG* [HealthCheck Default Login Accounts] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule IDP NRG AD returned null for author
15.03.2021 09:09:32.385 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.389 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.391 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.393 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.395 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:32.397 *DEBUG* [sling-default-5-health-com.adobe.granite.replication.hc.impl.ReplicationQueueHealthCheck] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:34.327 *DEBUG* [sling-cq-polling-importer-4-myDataSource] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:37.363 *DEBUG* [10.99.80.61 [1615817377357] GET /libs/granite/csrf/token.json HTTP/1.1] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:37.415 *DEBUG* [10.99.80.61 [1615817377410] GET /libs/granite/csrf/token.json HTTP/1.1] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:37.467 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule No 'SupportedCredentials' configured. Using default implementation supporting 'SimpleCredentials'.
15.03.2021 09:09:37.473 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getEntry: using SearchRequest MessageType : SEARCH_REQUEST
Message ID : -1
SearchRequest
baseDn : 'DC=nrgenergy,DC=com'
filter : '(&(sAMAccountName=aalluri)(objectclass=person))'
scope : whole subtree
typesOnly : false
Size Limit : no limit
Time Limit : 60000
Deref Aliases : deref Always
attributes : '*'
org.apache.directory.api.ldap.model.message.SearchRequestImpl@25b2a193.
15.03.2021 09:09:37.474 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getEntry: search below DC=nrgenergy,DC=com with (&(sAMAccountName=bbasaur)(objectclass=person)) found 0 entries.
15.03.2021 09:09:37.474 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider getUser(aalluri) (connect=4.81ms, lookup=674.73us)
15.03.2021 09:09:37.474 *DEBUG* [qtp1949559303-61015] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule IDP NRG AD returned null for bbasaur

snbaem
Correct answer by
Community Advisor
Community Advisor