No Start page after LDAP login

DKWilliams

06-06-2019

We just built our first AEM 6.4 server and have configured the LDAP authentication.  When logging in with an LDAP user (not a locally created user) we get an Error 500 page and the /aem/start.html page doesn't load.  Even if you manually enter the URL, it doesn't load, just gives the Error 500.  However, if we login with an internally created test user, we go right to the /aem/start.html page.

The LDAP configuration appears to be correct because the user can log in - I have tested using the wrong password and get the error message for that.  Also, when I go to Security - Permissions, I see that the user has been created, and that the LDAP group that they belong to has been created.  I assumed that it was a permissions issue and gave their Group the correct permissions - in this case Administrator group membership - then closed the browser and logged in again.  No joy.  However, if I log in with Admin and then Impersonate the user, I get to everything (Sites, Assets, Tools, all of it).

We are currently running three tiers of AEM 6.3 with LDAP - the exact same LDAP settings that we configured on this new 6.4 server.  That has been working for years without a problem.  So we are very familiar with how to configure the settings.  And so far the logs have failed to give us any insight.

Is there something about the LDAP configuration that has changed since 6.3?  Anyone else have a similar problem?

Thanks!

Diana W.

Accepted Solutions (1)

Accepted Solutions (1)

DKWilliams

07-06-2019

Solved the problem.  There were a number of other entries under the Oak Default Sync Handler and the Oak External Login module for Communities.  I deleted all of these entries and then the login to our LDAP worked fine.  I am assuming those other entries were part of the demo stuff that comes with the usual install.

Answers (2)

Answers (2)

DKWilliams

06-06-2019

No, nothing relating to problems with the user or the group.  Below is an image of the logged error - which is also what I see on the screen. 

Error500.png

jbrar

Employee

06-06-2019

Can you set up a DEBUG level logger on the following classes:

org.apache.jackrabbit.oak.security.authentication.ldap

org.apache.jackrabbit.oak.spi.security.authentication.external

Try logging in again and check if you can find anything related to user/group issues