Adobe Experience Manager Sites & More

Ideally, you should block any such operations like package upload etc in the publish instance. 

Packages needs to be deployed using curl or maven while content needs to be pushed via replication to publish instance.

Even if its allowed all the users should not have access to it and only admin should be allowed to access (note: default admin username / pwd should have been changed ). 

Hi,

Apart from Admin, typically who needs to log in to Publish?

If LDAP requires to be integrated, should it be for Author as well as Publish?

In any case, the end users will not be there in LDAP and so cant understand the use case for integrating LDAP with Publish.

I do see that registered users should be authenticated. Could we use LDAP for this authentication?

Appreciate your responses.

Thanks,

Rama.

Usually LDAP will be used in Author instance to integrate the internal users to login to AEM aswell.

where in for application, running in publish instance would have its own login functionality with is normally authenticated against DB. 

Hi,

That explains and thanks a lot.

So, user anonymous has only access to both /content and /bin and no other folder ?

Thanks,

Rama.

Someone, please confirm that the user anonymous has only access to both /content and /bin and no other folders.

Thanks,

Rama.

In publish instance, anonymous user will only have access to content

go to localhost:4502/useradmin and you can see the permission of this user

For more verification you can go to this link on documentation: https://docs.adobe.com/docs/en/cq/5-6-1/administering/security.html

edubey wrote...

Anonymous user in publish is a default behavior. Every user will be treated as anonymous. but same in not the case in author. User / adminstration

You should not upload packages in publish directly, recommended approach is to upload/install in author and then replicate these packages from author to publish.

This is not entirely true. If you only use activation, you need to have downtime ion your live site.

Consider the following scenario: You have 4 publish instances, and you want to deploy your deployment package without any downtime. In this case you would do a rolling deployment. i.e. Stop access to two publish servers, deploy the packages. Test the servers. You would then switch access to the other two servers and follow the same procedure. 

If you only used activation from the author, you would need to have downtime, as the replication event would be sent to all the publish servers, and you don't want to be deploying code to your site while it is serving live requests.

Also in previous versions of AEM, you couldn't uninstall a package that had been deployed by activation.

Regards,

Opkar