CQ5.2.X to CQ5.3 Upgrade: LDAP autocreate.user.membership is reapplied on each login

Symptoms

In CQ 5.3, when ldap authentication is enabled and a CQ5 user's group membership is removed by an administrator then if the membership was acquired via the jaas configuration's autocreate.user.membership setting then the membership to this group will be re-added on the user"s next login. In 5.2.1 the group membership was not re-added on subsequent logins.

To explain this more clearly, here is a scenario to demonstrate:
Assume that autocreate.user.membership="site-users" in the jaas configuration, the site-users group already exists in CQ5 and has ACLs set for editing all pages.

  1. LDAP User jdoe logs into CQ5.2.1 author for the first time
    • Upon login, the system creates user jdoe in CQ5 and makes him a member of the site-users group
  2. User admin logs into CQ5 and removes jdoe's membership to the site-users group.
    • Now jdoe is no longer a member of site-users.
  3. jdoe logs into CQ5 author again
    • In CQ 5.3 - site-users membership is re-added to the user jdoe after he logs in again.
    • In CQ 5.2.x - the user membership does not change (i.e. he is still not a member of site-users).

Resolution

This functionality was intentionally changed in CQ5.3. For further information, please see the documentation here.

Applies to

CQ 5.2.x to 5.3 Upgrade

 Adobe

Get help faster and easier

New user?