Issue

After upgrading from CQ5.x or AEM6.0 to AEM 6.0 SP3, 6.1, or 6.2, the existing LDAP users can no longer log in to AEM. 

Cause

It is a known issue as the properties on the LDAP connected user nodes have changed.

Resolution

Either delete the existing LDAP users and let them get re-synced automatically or pursue the following instructions:

  1. Download the version of oak-run that matches your Oak version installed in AEM.

  2. Download the attached setRepExternalId.groovy.

  3. Upload both oak-run and the groovy script to your AEM server.

  4. Stop AEM.

  5. To open the oak-run console, run the following command . (Replace crx-quickstart/repository/segmentstore with the path to your AEM instance's repository/segmenstore).

    java -Xmx2048m -jar oak-run-*.jar console crx-quickstart/repository/segmentstore
  6. Run the following commands in the console. (Replace the ldap parameter to match the name of your LDAP Identity Provider OSGi configuration. For example, if your IDP name is configured in the OSGi configuration as ldap, then change that name in the jsp also.  

    :load setRepExternalId.groovy
    new FixLDAPUsers().setRepUserProps(session, "/home", "ldap")

    As a result it runs a dry run with the output as all LDAP users and groups on AEM displaying the rep: externalId and rep: authorizableId are set.  

  7. If you are satisfied with the output, then move to the next step.

  8. Run the command from step 6 again, but this time, add the parameter false to the end. It applies the changes. (Once again ensure to change ldap to match your configuration name instead).

    :load setRepExternalId.groovy
    new FixLDAPUsers().setRepUserProps(session, "/home", "ldap", false)
  9. Go to http://aem-host:port/crx/de/index.jsp and log in as admin.

  10. Browse to /oak: index.

  11. Set property reindex=true on the following indexes if they exist:

    • /oak:index/externalId
    • /oak:index/authorizableId
    • /oak:index/authorizables
  12. Click Save All.

    Indexing causes the system to hang until it is done. 

  13. Monitor the logs until it is completed.
    As a result, the users can log in to the system.

Dit werk is gelicentieerd onder de Creative Commons Naamsvermelding/Niet-commercieel/Gelijk delen 3.0 Unported-licentie  De voorwaarden van Creative Commons zijn niet van toepassing op Twitter™- en Facebook-berichten.

Juridische kennisgevingen   |   Online privacybeleid