We are attempting to duplicate LDAP settings in LiveCycle to AEM OSGI platform.
The first and basic question is . . . if we have multiple OUs, do we set up multiple "Apache Jackrabbit Oak LDAP Identity Providers". The next presumption is that we would need to configure one "Apache Jackrabbit Oak Default Sync Handlers" for each Identity provider.
Next, with the "Apache Jackrabbit Oak External Login Module", do we configure one for each ldap.name? In LiveCycle, we only 1 for LDAP authentication and another for SPNEGO - SSO. We need to duplicate this for SSO, too. The JAAS realm information seems to be elusive too - just defaults?
Any helpful hints or documentation would be wonderful.
This is what I am reading . . . https://experienceleague.adobe.com/docs/experience-manager-65/administering/security/ldap-config.htm...
Solved! Go to Solution.
Views
Replies
Total Likes
Hi @crich2784 ,
For your first question - if we have multiple OUs, do we set up multiple "Apache Jackrabbit Oak LDAP Identity Providers" - In this case, you can search for the user in the parent OU.
For example:
ou=students, ou=dept1, o=myorg and ou=students, ou=dept2, o=myorg, then search the user in myorg
2nd question,
we would need to configure one "Apache Jackrabbit Oak Default Sync Handlers" for each Identity provider - So Sync handlers will sync the users.It depends on your use case how you want to map users and groups.For example groups could be different in different providers.In my previous experience, we had 1 provider and so we had 1 sync handler.
Apache Jackrabbit Oak External Login Module will define the mapping between provider and sync handler as in which sync handler will be used for which provider.So this will be clear, once you have sorted out above 2.
Please note, this is based on my previous experience in using LDAP with AEM. Can you please explain your use case in more detail, in case you need more clarification.
Thanks,
Chitra
Hi @crich2784 ,
For your first question - if we have multiple OUs, do we set up multiple "Apache Jackrabbit Oak LDAP Identity Providers" - In this case, you can search for the user in the parent OU.
For example:
ou=students, ou=dept1, o=myorg and ou=students, ou=dept2, o=myorg, then search the user in myorg
2nd question,
we would need to configure one "Apache Jackrabbit Oak Default Sync Handlers" for each Identity provider - So Sync handlers will sync the users.It depends on your use case how you want to map users and groups.For example groups could be different in different providers.In my previous experience, we had 1 provider and so we had 1 sync handler.
Apache Jackrabbit Oak External Login Module will define the mapping between provider and sync handler as in which sync handler will be used for which provider.So this will be clear, once you have sorted out above 2.
Please note, this is based on my previous experience in using LDAP with AEM. Can you please explain your use case in more detail, in case you need more clarification.
Thanks,
Chitra