AEM is very flexible for how permissions and "roles" are applied. Your
approach will likely depend on how you want to manage users and what
features of AEM you deploy. Because of the flexibility, a role based
solution can easily get complex. We have decided to keep it fairly
simple. We use groups to define a role based, usually, on job
responsibility or department. All of our authoring users are at least
"contributors". We define a role like "Marketing" or "Customer Service".
A group is created ...
We use LDAP for authentication to the Author server. After configuring
LDAP, the bind password used by the user to authenticate to the LDAP
server is in plain text in the repository. We we hoping to encrypt that
password using Crypto Support but it does not seem to work. We can
encrypt using Web Console -> Main -> Crypto Support to come up with a
hash. We replace the password with that hash in the OSGI node
configuration. LDAP works fine until AEM is restarted. After the restart
the LDAP bind is...
Just a follow up. After working with technical support this is my
understanding of the issue... Turns out this is an issue when
configuring OSGi using the content-node method. When using content-node
and creating the configuration as a sling:OsgiConfig node with
properties there is no type of Integer. Typically Long will work in
place of integer, but the SSL Configuration Security Check code requires
the number to be an Integer for the SSL port property. As a work around
use the Adobe Web Consol...
It might help to better understand what you are after. Are you trying to
find out when the account was created? When they were granted permission
to a particular piece of content? The first time they edited content?
Something else? I am sure there are multiple ways to do it. One is to
look in CRXDE Lite (:/crx/de). Users are stored here:
/home/users. Find the user in question and then refer to jcr:created
property. This will tell you when the account was created. ...clint
Somewhat as a follow up to my original set of questions... How do I test
the OSGI Password? If I set it to something like "sunnyday" how do I
know it was actually set or set to what I think it is? Any help to
better understand this is appreciated! Thanks...clint
We enabled SSL for Author and Publish using the SSL by Default method
for AEM 6.4. SSL is working as expected. However in the Operations
Dashboard the "SSL Configuration" security check is in status:CRITICAL.
It is producing an error. I believe the error is caused by a data type
mismatch in the code that does the health check rather than the health
check finding something critical, but I am not sure. Error:Exception
during execution of 'SSL Configuration': java.lang.ClassCastException:
Hey @ArpitVarshney, Thanks for the reply! Here are some screen shots of
the bundles in question and the Security Checks -> WebDAV Health Check.
The bundles are not active as suggested per the Security Checklist.
However the WebDAV Health Check is giving me a warning [WARN]. If the
bundles should not be active, then the WebDAV Health Check probably
should not be in status:WARN, but instead should be in status:OK. Maybe
I am missing something? ...clint
@jbrar , Thanks for the reply. I am not certain that -nosamplecontent
does disable both of those bundles. In my case, after installing using
that runmode I found this bundle Active - "Apache Sling Simple WebDAV
Access to repositories". Regardless of whether -nosamplecontent does or
does not disable/stop the bundle, it still does not explain the
discrepancy between the security checklist documentation and the
security checks through the Operations Dashboard.
In the Security Checklist for AEM 6.4 in the section Disable WebDAV, it
mentions stopping the following bundles:Apache Sling Simple WebDAV
Access to repositories (org.apache.sling.jcr.webdav)Apache Sling DavEx
Access to repositories (org.apache.sling.jcr.davex)However in Security
Checks in the Operation Dashboard there is a health check for WebDAV
Health Check. (Tools -> Operations -> Health Reports -> Security Checks
-> WebDAV Health Check). In that Health Check it will issue a warning if
I am doing a security review of our AEM instance and going through the
Security Checklist. It is not clear to me what "Changing the OSGi Web
Console Password" actually does. I changed the AEM admin user password
to "rainyday". I changed the OSGi Web Console password to something
distinct per the instructions - "sunnyday". To get to the OSGi Web
Console the AEM admin user password "rainyday" allows access NOT the
password set for OSGi Web Console. Why is is recommended to set an OSGi
Web Console ...
It might be helpful for others if the documentation clarified when a
runmode is more of a install option verses an always used option. The
documentation on this page is unclear and seems to imply that it is used
always and not just once at install.
. "In order to run AEM in production ready mode all you need to do is
add the nosamplecontent via the -r runmode switch to your existing
Thanks for the responses. Aside from the sample content that is not
installed, let's suppose an administrator has bypassed or otherwise
disabled some of the "Production Ready" settings post installation. Will
using -nosamplecontent replace or recover those?
Just seeking clarification on the nosamplecontent runmode. Is this is
one-time runmode used for the initial installation only? Or, in order to
maintain the "production ready" status, should it be used on every start
of AEM for the lifetime of the instance? If it varies by AEM version it
would be helpful to know . In this particular case I am asking for AEM
6.4.8. Hopefully a simple question with a simple answer.
If Screens is not being used, a work around is to change the Author to
Publish polling schedule so it occurs very infrequently. Create an OSGI
changes the schedule to something like 0 0 1 1 * ? - which would amount
to once a year on January 1st.
We are planning to create a component in AEM 6.1 that will show multiple
markers on a Google Map. It will look kind of like a Store Locator Map
etc will be integrated into AEM as a component on a special purpose
template. The map markers will be drawn based on data in several JSON
files that will be updated every 15 minutes or so. We plan to use curl
commands to automate upload to author then replicate to the publish
Just a side note... The RECAP tool
in Package Share does not work with AEM 6.1 due to the CSRF protection
change. This is what happens when trying to create an address:POST
com.adobe.granite.csrf.impl.CSRFFilter doFilter: the provided CSRF token
is invalidPOST /home/users/x/x6TeJhtxt3GQ4GfZmzI9/recapAddresses/*
In AEM 6.1 web console, when a component is disabled using the stop
button (square) it disappears from the list and there is no control to
change it back to active. In previous versions of CQ/AEM the component
would remain in the list with a status of disabled. Clicking the play
button (right facing triangle) would change the status back to active.
Where did the "play" button go? Is there a way to change the status back
to active without restarting AEM?Steps to duplicate:Launch the web
Thanks smacdonald8 and Jörg for the quick response.It's mostly a
nuisance issue.I have configured LDAP many times and this time I thought
I had something misconfigured. I spent quite a bit time determining it
was configured properly and the system changed.I will be "importing,"
via package, many groups and possibly users. They are coming from CQ
5.5. The package will work fine, but the old users and groups will be
different than any new users and groups making an inconsistency.Manually
In AEM 6.1 when a new user is created the node name for the user appears
to be a random alphanumeric string. The user is placed in the repository
based on the first character of the string. The same happens for groups.
For example, a user created with the ID of oscar might get created
at:/home/users/A/Av1DJBJvjDKqRWn0d4OTIn AEM 6.0 and prior the same user
account would get created at:/home/users/o/oscarIs this intentional or a
bug? If intentional why? Is there a configuration somewhere that can ...
Rajesh,Not sure I understand your problem completely. The only major
difference I see is that for authDN you start with uid= instead of cn=.
Here is our configuration using LDAP and AD that works well with CQ5.
(AEM 6 is configured differently). Of course make sure your HOST and
USER are in proper LDAP format and match your environment.Once
configured a user can login with their AD user ID and password. It will
create a user node in the repository as well as create all the groups
they are a memb...
Sham,Does this process check internal links? I have a similar question
from one of our users. They want to know something like - "What are all
the broken links in our HR pages?" Specifically they are looking for
internal.Also in the second step, what do you mean by "find for that
Some detailed information about this patch from Adobe and what it is
supposed to do would be helpful. It does not seem to be working quite
right or maybe it is not understood. I have installed the 1.0.2 version
of the patch.Today I started with 22.2 GB and 85 files in
repository/segmentstore. I ran Web Console -> JMX ->
org.apache.jackrabbit.oak Repository Management -> startRevisionGC(). It
ran for about a minute. Afterwards 22.2 GB and 86 files.04.08.2014
12:09:52.140 *INFO* [TarMK compaction ...
Ondrej Semotan wrote... We have problem with DataStoreGarbage Collection
and all "utilities" from
DataStoreGarbage Collection worked on new installation of CQ5, if i
installed hotfixies (4135 and 4562), i have problem: DSGC,
tarOptimization and other functions say:
javax.jcr.UnsupportedRepositoryOperationException. Is it OK or where is
something wrong? I cant find anything about this failure. Assuming you
are using A...
Installed AEM 6.0 a few weeks ago in a non-prod environment and it grew
rapidly up to about 25 GB. It is an out-of-the-box install with only
Geometrixx sites. After installing this hotfix the rapid growth has
stopped, but it does not seem to be reducing the number of .tar files
and the space used. I can't find the equivalent of a CRX 2 Tar
Optimization to start manually or one that is running scheduled. Does
OAK TarMK have something similar? How do I get the .tar files reduced to
a normal size a...