Thursday, August 10, 2017

Configuring LDAP with AEM 6.x - Adobe Experience Manager

LDAP integration with AEM (Apache Directory Server)


Steps to Configure LDAP with AEM :

 In AEM 6, LDAP comes with a new implementation that requires a different type of configuration than with previous versions.
All LDAP configurations are now available as OSGI configuration. They can be configured via the Web Management console at:
http://hostName:4502/system/console/configMgr

 In order to have LDAP working with AEM, you need to create three OSGI configurations:
1.  LDAP Identity Provider (IDP).
2. Sync Handler.
3. External Login Module.

 Steps:
1. Go to http://hostName:4502/system/console/configMgr
2. Search for "Apache Jackrabbit Oak LDAP Identity Provider"
3. Click on "+" (plus) symbol for the creating new configuration for "Apache Jackrabbit Oak LDAP Identity Provider"
4. Enter the below values in configuration and click on save.
provider.name="ldap"
host.name="dsxdev.companyName.com"
host.port=I"389"
host.ssl=B"false"
host.tls=B"false"
host.noCertCheck=B"false"
bind.dn="uid=wemusr.gen,OU=Generics,O=cco.companyName.com"
bind.password="wem4Dev"
searchTimeout="60s"
user.baseDN="O=cco.companyName.com"
user.objectclass=["ccoPerson"]
user.idAttribute="uid"
user.extraFilter="(objectClass=ccoPerson)"
user.makeDnPath=B"false"
group.baseDN="CN=wemusers-dev,OU=Mailer,OU=Groups,O=cco.companyName.com"
group.objectclass=["groupOfUniqueNames"]
group.nameAttribute="cn"
group.extraFilter="CN=wemusers-dev,OU=Mailer,OU=Groups,O=cco.companyName.com"
group.makeDnPath=B"false"
group.memberAttribute="memberOf"
org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider

5. An OSGI node created with name like : org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider-b9c9258a-81b1-4413-8fea-1589cbe0fc35.config  at path : /apps/system/config/

 6. Search for "Apache Jackrabbit Oak Default Sync Handler"

 7. Click on "+" (plus) symbol for the creating new configuration for " Apache Jackrabbit Oak Default Sync Handler"

8. Enter the below values in configuration and click on save.
NOTE:  handler.name can be changed based on the Environment. Eg: for Production name can be given as : prodldapsynchandler
------------------------------------------------------------
handler.name="idevldapsynchandler"
user.expirationTime="1h"
user.autoMembership=["companyGrpall"]
user.propertyMapping=["rep:e-mail=mail","cq:last-name=sn","cq:first-name=givenName"]
user.pathPrefix=""
user.membershipExpTime="1h"
user.membershipNestingDepth=I"0"
group.expirationTime="1d"
group.autoMembership=[""]
group.propertyMapping=["rep:fullname=cn",""]
group.pathPrefix=""

9. An OSGI node created with name like : org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncHandler-b9c9258a-81b1-4413-8fea-1589cbe0fc35.config  at path : /apps/system/config/

 10. Search for "Apache Jackrabbit Oak External Login Module"

 11. Click on "+" (plus) symbol for the creating new configuration for "Apache Jackrabbit Oak External Login Module"

 12. Enter the below values in configuration and click on save.
NOTE: sync.handlerName is the name of Apache Jackrabbit Oak Default Sync Handler as given above at STEP : 8
jaas.ranking=I"400"
jaas.controlFlag="REQUIRED"
jaas.realmName=""
idp.name="ldap"
sync.handlerName="idevldapsynchandler"

13.An OSGI node created with name like : org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModuleFactory-ffe61481-2dad-4864-b58a-c2ade426345c.config  at path : /apps/system/config/

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)