Issue

LDAP login fails after configuring LDAP authentication in AEM. In the error.log file, users see an error similar to the one below:

23.01.2017 16:02:48.411 *ERROR* [qtp627435238-105] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule Error while authenticating 'user001' with ldap
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException: Error while binding user credentials
    at org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider.authenticate(LdapIdentityProvider.java:375)
    at org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule.login(ExternalLoginModule.java:221)
    at org.apache.felix.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:52)
    at sun.reflect.GeneratedMethodAccessor32.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
    at org.apache.jackrabbit.oak.core.ContentRepositoryImpl.login(ContentRepositoryImpl.java:165)
    at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:280)
    at com.adobe.granite.repository.impl.CRX3RepositoryImpl.login(CRX3RepositoryImpl.java:94)
Caused by: java.util.NoSuchElementException: Could not create a validated object, cause: ValidateObject failed
    at org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1233)
    at org.apache.jackrabbit.oak.security.authentication.ldap.impl.UnboundLdapConnectionPool.getConnection(UnboundLdapConnectionPool.java:46)
    at org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider.authenticate(LdapIdentityProvider.java:364)
    ... 55 common frames omitted

Environment

AEM 6.x

Cause

The LDAP server or its configuration does not work with the validation query used by the "Apache Jackrabbit Oak LDAP Identity Provider".

Resolution

To solve the issue, disable the validation queries as discussed in the following steps:

  1. Go to http://aem-host:port/system/console/configMgr, and log in as administrator.

  2. Locate LdapIdentityProvider, and click it to open the configuration.

  3. Deselect the following checkboxes:

    • Admin pool lookup on validate
    • User pool lookup on validate
  4. Save.

עבודה זו בוצעה ברישיון של Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  הודעות המתפרסמות ב- Twitter™‎ ו- Facebook אינן מכוסות בתנאי Creative Commons.

הצהרות משפטיות   |   מדיניות פרטיות מקוונת