LDAP synchronization only happens on the first time the user logs in | AEM

LDAP synchronization only happens on the first time the user logs in | AEM

Search
Experience Manager User Guide

On this page

Applies to: Experience Manager

某些 Creative Cloud 应用程序、服务和功能在中国不可用。

Issue

We configured LDAP integration in AEM, but after the user's expiration time, the user's information is not resynchronized with the LDAP server.

Environment

AEM 6.0-6.2

Cause

The ExternalLoginModule may be configured with a low JAAS Ranking.

Resolution

  1. Go to http://aem-host:port/system/console/configMgr and log in as admin

  2. Search for ExternalLoginModuleFactory and find your configuration that is tied to the ldap configurations

  3. Set the JAAS Ranking to 150

  4. Go to http://aem-host:port/system/console/status-jaas and make sure that [1] is ordered above [2].  See example output [3] below.

  5. Incase this order is wrong, update the JAAS Ranking on the ExternalLoginModuleFactory configuration accordingly

    1. org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModuleFactory

    2. org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl

    3. Example output of http://aem-host:port/system/console/status-jaas

      JAAS Configuration Details:

Registered LoginModules
Realm : jackrabbit.oak 
  com.adobe.cq.screens.sessions.impl.auth.ScreensLoginModuleFactory 
    Flag    : SUFFICIENT 
    Type    : Service 
    Ranking : 2000 
  com.adobe.cq.dam.s7imaging.impl.auth.MemoryTokenServiceImpl 
    Flag    : SUFFICIENT 
    Type    : Service 
    Ranking : 1000 
org.apache.jackrabbit.oak.spi.security.authentication.GuestLoginModule 
    Flag    : OPTIONAL 
    Type    : Configuration 
    Ranking : 300 
org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule 
    Flag    : SUFFICIENT 
    Type    : Configuration 
    Ranking : 200 
org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModuleFactory 
    Flag    : SUFFICIENT 
    Type    : Service 
    Ranking : 150 
org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl 
    Flag    : SUFFICIENT 
    Type    : Configuration 
    Ranking : 100 

Available LoginModules
org.apache.jackrabbit.oak-core (93)  org.apache.jackrabbit.oak.spi.security.authentication.GuestLoginModule  org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl  org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule