Adobe Experience Manager Sites & More

this-that-the-otter · 6/28/16

I need a way to synchronize LDAP users into AEM via a Restful interface.

A separate system needs to make an authenticated Rest-based call to AEM 6.1 author, with the user ID to-be-synched, and then that user needs to be synchronized (from LDAP) into the AEM author user store. AEM should provide an exit code, success or failure, etc.

I can do this now with curl (if LDAP, etc. are configured in /system/console/configMgr).:

curl -u "admin:admin" -X POST --data p1="['uid=tst2,ou=People,o=abc.com,o=abc']" http://localhost:4502/system/console/jmx/org.apache.jackrabbit.oak%3Ahandler%3D%22default%22%2Cidp%3...

But I want to do this via a Rest/Sling/OSGi service, avoiding system calls like curl, scp/ssh, etc., as the system making the call is Rest-based.

What's the best way to go about this? I envision an OSGi bundle (with a config screen for anything related), that exposes a Java method to sync the user, but don't have the first idea on where to start.

Thanks for any info,
Bill

stevec2515680 · 6/28/16

To address this use case - you would have to write a custom AEM service that uses a LDAP Java API:

http://directory.apache.org/api/ (for example)

There is a community article on how to manually configure AEM to pull in users from LDAP (Apache Directory service):

https://helpx.adobe.com/experience-manager/using/configuring-aem6-apache-directory-service.html

But there is no community article that shows you how to use LDAP API in AEM.

This should point you in the right direction.

this-that-the-otter · 6/28/16

Thanks for the info Steve.

I would think AEM has a Java method to perform synchronization from LDAP to the user store (rather than having to use an other API), as it's able to do so using the curl command I included ... I vaguely (but recently) remember seeing the function mentioned, maybe in Java doc.

Do you know if there's any info on writing custom AEM (Sling/OSGi) services?

Thanks,

Bill

Lokesh_Shivalingaiah · 6/28/16

Currently, there is a bundle that exposes the service to integrate AEM with LDAP. If you need REST API, then you will have to write an API layer to integrate with LDAP and then use that in AEM.

But why do you need to do only via REST when you already have the service bundle available ?

this-that-the-otter · 6/28/16

Thanks for the input bsloki,

I would appreciate any info on how to create the layer you mentioned. I believe there must be an AEM Java method that can do this now, as it works using the curl command mentioned, which looks to use jmx / external identity synchronization, i.e.

curl -u "admin:admin" -X POST --data p1="['uid=tst2,ou=People,o=abc.com,o=abc']" http://localhost:4502/system/console/jmx/org.apache.jackrabbit.oak%3Ahandler%3D%22default%22%2Cidp%3...

I would like to do it with rest because that's what the calling system uses.

Bill

stevec2515680 · 6/28/16

I do not know of any artilce that talks about how to invoke a service for AEM that will sync LDAP. However - this doc may point you in the correct direction:

https://docs.adobe.com/docs/en/aem/6-0/administer/security/ldap-config.html

Adobe Experience Manager Sites & More

Rest Service to Synchronize Users from LDAP into AEM

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe