LDAP Sync doesn't refresh group memberships in AEM when user is removed from LDAP group | Community
Skip to main content
H
hl_20
October 16, 2015
Solved

LDAP Sync doesn't refresh group memberships in AEM when user is removed from LDAP group

  • October 16, 2015
  • 4 replies
  • 2206 views

Hi,

I have setup an AEM instance with LDAP to sync users and groups to AEM. Sync is working fine and syncing users and their respective groups as defined in the group filters. I need to remove a user from a synced group in AEM when the user is removed from LDAP group. I have set "Group Expiration Time"  value, but this doesn't seem to work and doesn't remove user from AEM group after specified time. Is there any other configuration needed here?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Sham_HC

No other configuration is required. When user is removed from ldap its membership will not be reflected in crx group immediately at that point. The group membership becomes eventually consistent once another user/same user logins after cache expiration.    Cq 5.3 had this issue & you should have hotfix for this. Any latest aem version should not have such problems.

4 replies

Sham_HC
Sham_HCAccepted solution
Level 10
October 16, 2015

No other configuration is required. When user is removed from ldap its membership will not be reflected in crx group immediately at that point. The group membership becomes eventually consistent once another user/same user logins after cache expiration.    Cq 5.3 had this issue & you should have hotfix for this. Any latest aem version should not have such problems.

H
hl_20Author
October 16, 2015

Thanks Sham. This has been resolved now.

P
pavank8292442
Level 2
June 1, 2016

Hi Harshl,

 

  How did you get the Group sync get it work? could you please send me the snapshot of config that you have?

I am attaching mine

 

thanks

pavan

K
kavithap4977708
Level 2
May 15, 2017

Please could you update the configuration syou have. How it got fixed. We are having same issues. When LDAP groups is removed the user still exists within AEM with everyone role. How do we delete user when he is not longer in LDAP.

Terms & ConditionsAccessibility statement

Loading footer...