Adobe Experience Manager Sites & More

KishCq5 · 6/14/17

Hi All,

when we tried to perform an inplace upgrade from AEM 6.1 to 6.2 we are facing an issue with Authentication. we are using LDAP integration.

There is a custom feature/ job running in our application daily which creates or update user details present in AEM home/users nodes.

Adobe Experience Manager Help | Release Notes: AEM 6.2 Oak Cumulative Fix Pack in "Know issues" sections it was mentioned that If you are using Oak LDAP integration, then after applying the latest Oak hotfix, LDAP user sync will not longer work. To fix this, go to /system/console/configMgr and update your "LDAP Identity Provider" configuration's "Custom Attributes" property. Update the property with all LDAP attributes used in the Sync configuration.

I am not able to find the "Custom Attributes" property in the LDAP Identity Provider config.

can you please let me know if any one faced this issue kind of issue and any fix for the same.

oak version is 1.4.6

05.06.2017 11:00:56.918 *INFO* [qtp1814574297-144495] org.apache.sling.auth.core.impl.SlingAuthenticator handleLoginFailure: Unable to authenticate null: UserId/Password mismatch.

05.06.2017 11:00:56.918 *DEBUG* [qtp1814574297-144495] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule ignoring local user: XXXXX

Kunwar · 6/16/17

For a test, Delete one of the users existing in the AEM and try the JMX console to sync the user manually. If this works well then you would see in AEM 6.2, a new rep:externalId property gets added.

You can create a servlet that updates all the users to add an additional property 'rep:externalId' with value same as the rep:principalName to make things works normally in AEM 6.2.

View solution in original post

edgarn27224967 · 6/16/17

From what I remember, setting up the custom attributes just fixes the sync'ing of the stuff that is sync'd into the profile, it doesn't cause people not to be able to be logged in. But I might be remembering it wrong.

The custom attributes is the last field on the LDAP Identity Provider config in my 6.2 instances.

Also, I believe that oak custom attributes issue is for oak > 1.4.7. And you really want to be at oak > 1.4.8 or so, I've seen apparent stability issues with oak versions less than that on busy systems. At this point, I'm using the latest oak CFP generally.

Kunwar · 6/16/17

For a test, Delete one of the users existing in the AEM and try the JMX console to sync the user manually. If this works well then you would see in AEM 6.2, a new rep:externalId property gets added.

You can create a servlet that updates all the users to add an additional property 'rep:externalId' with value same as the rep:principalName to make things works normally in AEM 6.2.

KishCq5 · 6/19/17

That worked. Adding 'rep:externalId' with the value of rep:principalName has solved the issue. Thanks a lot all

Adobe Experience Manager Sites & More

LDAP users sync issue caused after AEM 6.2 in-place upgrade from AEM 6.1

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe