Go to http://aem-host:port/system/console/configMgr, and log in as administrator.
Last updated on
17 May 2021
Issue
LDAP login fails after configuring LDAP authentication in AEM. In the error.log file, users see an error similar to the one below:
23.01.2017 16:02:48.411 *ERROR* [qtp627435238-105] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule Error while authenticating 'user001' with ldap org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException: Error while binding user credentials at org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider.authenticate(LdapIdentityProvider.java:375) at org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule.login(ExternalLoginModule.java:221) at org.apache.felix.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:52) at sun.reflect.GeneratedMethodAccessor32.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:587) at org.apache.jackrabbit.oak.core.ContentRepositoryImpl.login(ContentRepositoryImpl.java:165) at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:280) at com.adobe.granite.repository.impl.CRX3RepositoryImpl.login(CRX3RepositoryImpl.java:94) Caused by: java.util.NoSuchElementException: Could not create a validated object, cause: ValidateObject failed at org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1233) at org.apache.jackrabbit.oak.security.authentication.ldap.impl.UnboundLdapConnectionPool.getConnection(UnboundLdapConnectionPool.java:46) at org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider.authenticate(LdapIdentityProvider.java:364) ... 55 common frames omitted
Environment
AEM 6.x
Cause
The LDAP server or its configuration does not work with the validation query used by the "Apache Jackrabbit Oak LDAP Identity Provider".
Resolution
To solve the issue, disable the validation queries as discussed in the following steps:
-
-
Locate LdapIdentityProvider, and click it to open the configuration.
-
Deselect the following checkboxes:
- Admin pool lookup on validate
- User pool lookup on validate
-
Save.