Issue

We configured LDAP integration in AEM, but after the user's expiration time, the user's information is not resynchronized with the LDAP server.

Environment

AEM 6.0-6.2

Cause

The ExternalLoginModule may be configured with a low JAAS Ranking.

Resolution

  1. Go to http://aem-host:port/system/console/configMgr and log in as admin

  2. Search for ExternalLoginModuleFactory and find your configuration that is tied to the ldap configurations

  3. Set the JAAS Ranking to 150

  4. Go to http://aem-host:port/system/console/status-jaas and make sure that [1] is ordered above [2].  See example output [3] below.

  5. Incase this order is wrong, update the JAAS Ranking on the ExternalLoginModuleFactory configuration accordingly

    1. org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModuleFactory

    2. org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl

    3. Example output of http://aem-host:port/system/console/status-jaas

      JAAS Configuration Details:
      
      Registered LoginModules
      Realm : jackrabbit.oak 
        com.adobe.cq.screens.sessions.impl.auth.ScreensLoginModuleFactory 
          Flag    : SUFFICIENT 
          Type    : Service 
          Ranking : 2000 
        com.adobe.cq.dam.s7imaging.impl.auth.MemoryTokenServiceImpl 
          Flag    : SUFFICIENT 
          Type    : Service 
          Ranking : 1000 
      org.apache.jackrabbit.oak.spi.security.authentication.GuestLoginModule 
          Flag    : OPTIONAL 
          Type    : Configuration 
          Ranking : 300 
      org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule 
          Flag    : SUFFICIENT 
          Type    : Configuration 
          Ranking : 200 
      org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModuleFactory 
          Flag    : SUFFICIENT 
          Type    : Service 
          Ranking : 150 
      org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl 
          Flag    : SUFFICIENT 
          Type    : Configuration 
          Ranking : 100 
      
      Available LoginModules
      org.apache.jackrabbit.oak-core (93)  org.apache.jackrabbit.oak.spi.security.authentication.GuestLoginModule  org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl  org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule

이 작업에는 Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License의 라이센스가 부여되었습니다.  Twitter™ 및 Facebook 게시물은 Creative Commons 약관을 적용받지 않습니다.

법적 고지 사항   |   온라인 개인 정보 보호 정책