LiveCycle LDAP to AEM/LDAP and multiple directories/OUs | Community
Skip to main content
crich2784
crich2784
Level 6
June 23, 2021
Solved

LiveCycle LDAP to AEM/LDAP and multiple directories/OUs

  • June 23, 2021
  • 1 reply
  • 633 views

 

We are attempting to duplicate LDAP settings in LiveCycle to AEM OSGI platform.  

The first and basic question is . . . if we have multiple OUs, do we set up multiple "Apache Jackrabbit Oak LDAP Identity Providers".  The next presumption is that we would need to configure one "Apache Jackrabbit Oak Default Sync Handlers" for each Identity provider.  

 

Next, with the "Apache Jackrabbit Oak External Login Module", do we configure one for each ldap.name?  In LiveCycle, we only 1 for LDAP authentication and another for SPNEGO - SSO.  We need to duplicate this for SSO, too.  The JAAS realm information seems to be elusive too - just defaults? 

 

Any helpful hints or documentation would be wonderful.

 

This is what I am reading . . . https://experienceleague.adobe.com/docs/experience-manager-65/administering/security/ldap-config.html?lang=en

 

 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by ChitraMadan

Hi @crich2784 ,

 

For your first question - if we have multiple OUs, do we set up multiple "Apache Jackrabbit Oak LDAP Identity Providers" - In this case, you can search for the user in the parent OU.

For example: 

ou=students, ou=dept1, o=myorg and ou=students, ou=dept2, o=myorg, then search the user in myorg 

 

2nd question, 

we would need to configure one "Apache Jackrabbit Oak Default Sync Handlers" for each Identity provider - So Sync handlers will sync the users.It depends on your use case how you want to map users and groups.For example groups could be different in different providers.In my previous experience, we had 1 provider and so we had 1 sync handler.

 

Apache Jackrabbit Oak External Login Module will define the mapping between provider and sync handler as in which sync handler will be used for which provider.So this will be clear, once you have sorted out above 2.

 

Please note, this is based on my previous experience in using LDAP with AEM. Can you please explain your use case in more detail, in case you need more clarification.

 

Thanks,

Chitra

1 reply

ChitraMadan
Community Advisor
ChitraMadanCommunity AdvisorAccepted solution
Community Advisor
June 23, 2021

Hi @crich2784 ,

 

For your first question - if we have multiple OUs, do we set up multiple "Apache Jackrabbit Oak LDAP Identity Providers" - In this case, you can search for the user in the parent OU.

For example: 

ou=students, ou=dept1, o=myorg and ou=students, ou=dept2, o=myorg, then search the user in myorg 

 

2nd question, 

we would need to configure one "Apache Jackrabbit Oak Default Sync Handlers" for each Identity provider - So Sync handlers will sync the users.It depends on your use case how you want to map users and groups.For example groups could be different in different providers.In my previous experience, we had 1 provider and so we had 1 sync handler.

 

Apache Jackrabbit Oak External Login Module will define the mapping between provider and sync handler as in which sync handler will be used for which provider.So this will be clear, once you have sorted out above 2.

 

Please note, this is based on my previous experience in using LDAP with AEM. Can you please explain your use case in more detail, in case you need more clarification.

 

Thanks,

Chitra

    Terms & ConditionsAccessibility statement

    Loading footer...