March 28, 2020
Estimated Post Reading Time ~

Configure LDAP with AEM 6

Steps to Configure LDAP with AEM 6- SP1:

In AEM 6, LDAP support comes with a new implementation that requires a different type of configuration than with previous versions.

All LDAP configurations are now available as OSGi configuration. They can be configured via the Web Management console at:
http://hostName:4502/system/console/configMgr

In order to have LDAP working with AEM, you need to create three OSGi configurations:

1.LDAP Identity Provider (IDP).
2.Sync Handler.
3.External Login Module.

Steps:
1. Go to http://hostName:4502/system/console/configMgr
2. Search for "Apache Jackrabbit Oak LDAP Identity Provider"
3. Click on "+" (plus) symbol for the creating new configuration for "Apache Jackrabbit Oak LDAP Identity Provider"
4. Enter the below values in configuration and click on save.

provider.name="ldap"
host.name="dsxdev.companyName.com"
host.port=I"389"
host.ssl=B"false"
host.tls=B"false"
host.noCertCheck=B"false"
bind.dn="uid=wemusr.gen,OU=Generics,O=cco.companyName.com"
bind.password="wem4Dev"
searchTimeout="60s"
user.baseDN="O=cco.companyName.com"
user.objectclass=["ccoPerson"]
user.idAttribute="uid"
user.extraFilter="(objectClass=ccoPerson)"
user.makeDnPath=B"false"
group.baseDN="CN=wemusers-dev,OU=Mailer,OU=Groups,O=cco.companyName.com"
group.objectclass=["groupOfUniqueNames"]
group.nameAttribute="cn"
group.extraFilter="CN=wemusers-dev,OU=Mailer,OU=Groups,O=cco.companyName.com"
group.makeDnPath=B"false"
group.memberAttribute="memberOf"
org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider


5. An OSGI node created with name like : org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider-b9c9258a-81b1-4413-8fea-1589cbe0fc35.config at path : /apps/system/config/
6. Search for "Apache Jackrabbit Oak Default Sync Handler"
7. Click on "+" (plus) symbol for the creating new configuration for " Apache Jackrabbit Oak Default Sync Handler"

8. Enter the below values in configuration and click on save.
NOTE: handler.name can be changed based on the Environment. Eg: for Production name can be given as prodldapsynchandler

handler.name="idevldapsynchandler"
user.expirationTime="1h"
user.autoMembership=["companyGrpall"]
user.propertyMapping=["rep:e-mail=mail","cq:last-name=sn","cq:first-name=givenName"]
user.pathPrefix=""
user.membershipExpTime="1h"
user.membershipNestingDepth=I"0"
group.expirationTime="1d"
group.autoMembership=[""]
group.propertyMapping=["rep:fullname=cn",""]
group.pathPrefix=""


9. An OSGI node created with name like : org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncHandler-b9c9258a-81b1-4413-8fea-1589cbe0fc35.config at path : /apps/system/config/
10. Search for "Apache Jackrabbit Oak External Login Module"
11. Click on "+" (plus) symbol for the creating new configuration for "Apache Jackrabbit Oak External Login Module"
12. Enter the below values in configuration and click on save.
NOTE: sync.handlerName is the name of Apache Jackrabbit Oak Default Sync Handler as given above at 

STEP: 8

jaas.ranking=I"400"
jaas.controlFlag="REQUIRED"
jaas.realmName=""
idp.name="ldap"
sync.handlerName="idevldapsynchandler"


13.An OSGI node created with name like : org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModuleFactory-ffe61481-2dad-4864-b58a-c2ade426345c.config at path : /apps/system/config/


By aem4beginner

No comments:

Post a Comment

If you have any doubts or questions, please let us know.