Go to http://aem-host:port/system/console/configMgr and log in as admin
Issue
We configured LDAP integration in AEM, but after the user's expiration time, the user's information is not resynchronized with the LDAP server.
Environment
AEM 6.0-6.2
Cause
The ExternalLoginModule may be configured with a low JAAS Ranking.
Resolution
-
-
Search for ExternalLoginModuleFactory and find your configuration that is tied to the ldap configurations
-
Set the JAAS Ranking to 150
-
Go to http://aem-host:port/system/console/status-jaas and make sure that [1] is ordered above [2]. See example output [3] below.
-
Incase this order is wrong, update the JAAS Ranking on the ExternalLoginModuleFactory configuration accordingly
-
org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModuleFactory
-
org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl
-
Example output of http://aem-host:port/system/console/status-jaas
JAAS Configuration Details: Registered LoginModules Realm : jackrabbit.oak com.adobe.cq.screens.sessions.impl.auth.ScreensLoginModuleFactory Flag : SUFFICIENT Type : Service Ranking : 2000 com.adobe.cq.dam.s7imaging.impl.auth.MemoryTokenServiceImpl Flag : SUFFICIENT Type : Service Ranking : 1000 org.apache.jackrabbit.oak.spi.security.authentication.GuestLoginModule Flag : OPTIONAL Type : Configuration Ranking : 300 org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule Flag : SUFFICIENT Type : Configuration Ranking : 200 org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModuleFactory Flag : SUFFICIENT Type : Service Ranking : 150 org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl Flag : SUFFICIENT Type : Configuration Ranking : 100 Available LoginModules org.apache.jackrabbit.oak-core (93) org.apache.jackrabbit.oak.spi.security.authentication.GuestLoginModule org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule
-