Expand my Community achievements bar.

Join us in celebrating the outstanding achievement of our AEM Community Member of the Year!
Celebrate the Success!
SOLVED

LiveCycle LDAP to AEM/LDAP and multiple directories/OUs

Avatar

Level 7
Level 7
6/23/21 7:06:20 AM

 

We are attempting to duplicate LDAP settings in LiveCycle to AEM OSGI platform.  

The first and basic question is . . . if we have multiple OUs, do we set up multiple "Apache Jackrabbit Oak LDAP Identity Providers".  The next presumption is that we would need to configure one "Apache Jackrabbit Oak Default Sync Handlers" for each Identity provider.  

 

Next, with the "Apache Jackrabbit Oak External Login Module", do we configure one for each ldap.name?  In LiveCycle, we only 1 for LDAP authentication and another for SPNEGO - SSO.  We need to duplicate this for SSO, too.  The JAAS realm information seems to be elusive too - just defaults? 

 

Any helpful hints or documentation would be wonderful.

 

This is what I am reading . . . https://experienceleague.adobe.com/docs/experience-manager-65/administering/security/ldap-config.htm...

 

 

Views

472

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
6/23/21 3:34:43 PM

Hi @crich2784 ,

 

For your first question - if we have multiple OUs, do we set up multiple "Apache Jackrabbit Oak LDAP Identity Providers" - In this case, you can search for the user in the parent OU.

For example: 

ou=students, ou=dept1, o=myorg and ou=students, ou=dept2, o=myorg, then search the user in myorg 

 

2nd question, 

we would need to configure one "Apache Jackrabbit Oak Default Sync Handlers" for each Identity provider - So Sync handlers will sync the users.It depends on your use case how you want to map users and groups.For example groups could be different in different providers.In my previous experience, we had 1 provider and so we had 1 sync handler.

 

Apache Jackrabbit Oak External Login Module will define the mapping between provider and sync handler as in which sync handler will be used for which provider.So this will be clear, once you have sorted out above 2.

 

Please note, this is based on my previous experience in using LDAP with AEM. Can you please explain your use case in more detail, in case you need more clarification.

 

Thanks,

Chitra

View solution in original post

Views

452

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
1 Reply

Avatar

Correct answer by
Community Advisor
Community Advisor
6/23/21 3:34:43 PM

Hi @crich2784 ,

 

For your first question - if we have multiple OUs, do we set up multiple "Apache Jackrabbit Oak LDAP Identity Providers" - In this case, you can search for the user in the parent OU.

For example: 

ou=students, ou=dept1, o=myorg and ou=students, ou=dept2, o=myorg, then search the user in myorg 

 

2nd question, 

we would need to configure one "Apache Jackrabbit Oak Default Sync Handlers" for each Identity provider - So Sync handlers will sync the users.It depends on your use case how you want to map users and groups.For example groups could be different in different providers.In my previous experience, we had 1 provider and so we had 1 sync handler.

 

Apache Jackrabbit Oak External Login Module will define the mapping between provider and sync handler as in which sync handler will be used for which provider.So this will be clear, once you have sorted out above 2.

 

Please note, this is based on my previous experience in using LDAP with AEM. Can you please explain your use case in more detail, in case you need more clarification.

 

Thanks,

Chitra

Views

453

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
Experiences with AEM Headless for Large-Scale Multilingual, Multi-Region Sites Solved

Views

99

Like

1

Replies

2
AEM Developer Certification Question - AEM Unit Testing Solved

Views

79

Likes

0

Replies

2
AEM XF (Experience Fragments) vs. CF (Content Fragment)

Views

26

Likes

0

Replies

1
Identifying AEM Environments Tier

Views

53

Likes

0

Replies

3
AEM Traditional, Headless and Hybrid Implementation

Views

115

Likes

0

Replies

6