I'm trying to setup user synchronization in aem 6.3. I have one author and 2 publish instances.
I followed this below document and set up the user synchronization between publishers. I have a self registration component. User submits the form data and I create the user and add to the group(which was already created using useradmin console) which has necessary permissions. I also activated the tunnel service to get to author(verified in author communities console).
The problem is Users are syncing with the profile. But the user group doesn't gets updated. So in the other publisher user is not part of that group. Please let me know if I'm missing anything to configure, appreciate your help.
Were you able to fix this issue ? I have the same issue after Upgrading aem to 6.4
Views
Replies
Total Likes
Hi Karthik, were you able to figure out the root cause?
I also have same issue.
Please share your findings, thanks in advance.
Views
Replies
Total Likes
Hello,
Some troubleshooting tips:
- Check if all the tests are passed on libs/granite/operations/content/diagnosis/tool.html/syncdiagnostics
- Check the socialpubsync queue on Author. Clear pending items.
- Check the socialpubsync-reverse-queue on both Publishers. Clear pending items.
- Make sure usersync-admin user has correct permissions on both publishers.
The user that is set up in the "Adobe Granite Distribution – Encrypted Password Transport Secret Provider" must have the following permissions on all publishers:
jcr:read, rep:write on /home
jcr:all on /home/users and /home/groups
rep:write on /etc/packages/sling/distribution jcr:read on /libs/sling/distribution rep:write on /var jcr:read, rep:write on /var/eventing jcr:read, rep:write on /var/sling/distribution
- Put debug log on following classes and check the logs.
Log Level -> Debug
Log File -> logs/usersync.log
Loggers
org.apache.sling.distribution
org.apache.sling.event
com.adobe.cq.social.sync
Regards,
Vishu
Hi,
We raised a daycare ticket for this issue, there was a property value missing in "Diff Observer Factory"
Property serviceUser.target
This was introduced in 6.3, thanks for looking into this.
Thanks for the update Sawan.
What you mention is a match to product issue GRANITE-25203.
To add more details to this, usually the issue occurs with an error like this during user sync:
javax.jcr.nodetype.ConstraintViolationException: OakConstraint0025: Authorizable property rep:password may not be removed.
The issue can be resolved with the following steps:
1. Make sure that communities-user-admin and usersync-admin are members of administrators group on the publish instances.
2. Edit the configurations per the details below on the publish instances via the /system/console/configMgr UI:
Configuration #1:
com.adobe.granite.distribution.core.impl.diff.DiffEventListener
Set property serviceUser.target with value of (.serviceName=com.adobe.granite.distribution.core) including the parentheses.
Configuration #2
com.adobe.granite.distribution.core.impl.diff.DiffChangesObserver
Set property serviceUser.target with value of (.serviceName=com.adobe.granite.distribution.core) including the parentheses.