After upgrading from CQ5.x or AEM6.0 to AEM 6.0 SP3, 6.1, or 6.2, the existing LDAP users can no longer log in to AEM.
Either delete the existing LDAP users and let them get re-synced automatically or pursue the following instructions:
-
Download the version of oak-run that matches your Oak version installed in AEM.
-
Run the following commands in the console. (Replace the ldap parameter to match the name of your LDAP Identity Provider OSGi configuration. For example, if your IDP name is configured in the OSGi configuration as ldap, then change that name in the jsp also.
:load setRepExternalId.groovy new FixLDAPUsers().setRepUserProps(session, "/home", "ldap")