


karthikreddii
karthikreddii
20-04-2018
I'm trying to setup user synchronization in aem 6.3. I have one author and 2 publish instances.
I followed this below document and set up the user synchronization between publishers. I have a self registration component. User submits the form data and I create the user and add to the group(which was already created using useradmin console) which has necessary permissions. I also activated the tunnel service to get to author(verified in author communities console).
The problem is Users are syncing with the profile. But the user group doesn't gets updated. So in the other publisher user is not part of that group. Please let me know if I'm missing anything to configure, appreciate your help.
preetir53235517
preetir53235517
18-02-2019
Were you able to fix this issue ? I have the same issue after Upgrading aem to 6.4
sawan051
sawan051
06-05-2019
Hi Karthik, were you able to figure out the root cause?
I also have same issue.
Please share your findings, thanks in advance.
Vish_dhaliwal
Employee
Vish_dhaliwal
Employee
07-05-2019
Hello,
Some troubleshooting tips:
- Check if all the tests are passed on libs/granite/operations/content/diagnosis/tool.html/syncdiagnostics
- Check the socialpubsync queue on Author. Clear pending items.
- Check the socialpubsync-reverse-queue on both Publishers. Clear pending items.
- Make sure usersync-admin user has correct permissions on both publishers.
The user that is set up in the "Adobe Granite Distribution – Encrypted Password Transport Secret Provider" must have the following permissions on all publishers:
jcr:read, rep:write on /home
jcr:all on /home/users and /home/groups
rep:write on /etc/packages/sling/distribution jcr:read on /libs/sling/distribution rep:write on /var jcr:read, rep:write on /var/eventing jcr:read, rep:write on /var/sling/distribution
- Put debug log on following classes and check the logs.
Log Level -> Debug
Log File -> logs/usersync.log
Loggers
org.apache.sling.distribution
org.apache.sling.event
com.adobe.cq.social.sync
Regards,
Vishu
sawan051
sawan051
09-05-2019
Hi,
We raised a daycare ticket for this issue, there was a property value missing in "Diff Observer Factory"
Property serviceUser.target
This was introduced in 6.3, thanks for looking into this.
Andrew_Khoury
Employee
Andrew_Khoury
Employee
09-05-2019
Thanks for the update Sawan.
What you mention is a match to product issue GRANITE-25203.
To add more details to this, usually the issue occurs with an error like this during user sync:
javax.jcr.nodetype.ConstraintViolationException: OakConstraint0025: Authorizable property rep:password may not be removed.
The issue can be resolved with the following steps:
1. Make sure that communities-user-admin and usersync-admin are members of administrators group on the publish instances.
2. Edit the configurations per the details below on the publish instances via the /system/console/configMgr UI:
Configuration #1:
com.adobe.granite.distribution.core.impl.diff.DiffEventListener
Set property serviceUser.target with value of (.serviceName=com.adobe.granite.distribution.core) including the parentheses.
Configuration #2
com.adobe.granite.distribution.core.impl.diff.DiffChangesObserver
Set property serviceUser.target with value of (.serviceName=com.adobe.granite.distribution.core) including the parentheses.