Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Need help on user authorization with LDAP Login module

Avatar

Former Community Member

Hi,

I am working on the Active Directory and have configured LDAP on my publisher local instance, when i make a call to any_url/j_security_check with j_username and j_password (the user and their credentials are stored in AD) with valid credentials i get to sign in and do stuff. But i have a use case where i want the users not to interact with the system until they they verify themselves with the verification link which we generate at the time of their registration. Once they click on that registration link a property is set on the users profile which we use to check whether they can be allowed to use the system or not.

The problem is if i make a ajax call with appropriate creds, users can sign in and interact with system. Authentication in my case is ok but Authorization is not. I want to know what should be the best way to solve this problem.

Do i have to extend the Ldap login module?  I think No, because it is doing what it is supposed to do.  I want to fail authentication if they are not authorized to use the system. Any pointers will be of great help. I tried looking for LDAPLoginModule in depfinder and over net but could not find the jar for that.

1 Accepted Solution

Avatar

Correct answer by
Level 10

See the community article written by Yogesh Upadhyay - he is an AEM community member:

http://www.wemblog.com/2012/06/how-to-add-custom-login-module-in-cq55.html

Hope this helps. 

View solution in original post

3 Replies

Avatar

Correct answer by
Level 10

See the community article written by Yogesh Upadhyay - he is an AEM community member:

http://www.wemblog.com/2012/06/how-to-add-custom-login-module-in-cq55.html

Hope this helps. 

Avatar

Former Community Member

I actually had a look at the article and i also had a look at the article www.wemblog.com/2013/03/how-to-create-custom-authentication.html

Do you think i can get away with just writing a custom authentication or do i need to write a login module and a custom authentication both or just a custom login module. I am able to login to CQ using Active Directory so i think i can use the LDAPLoginModule anyways without changing it.

Avatar

Level 6

As your authentication works, so I think you do not need to touch LDAP login module. For authorization, you can assign that user to a group and give the necessary permission to that group.