Issue

LDAP login fails after configuring LDAP authentication in AEM. In the error.log file, users see an error similar to the one below:

23.01.2017 16:02:48.411 *ERROR* [qtp627435238-105] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule Error while authenticating 'user001' with ldap
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException: Error while binding user credentials
    at org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider.authenticate(LdapIdentityProvider.java:375)
    at org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule.login(ExternalLoginModule.java:221)
    at org.apache.felix.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:52)
    at sun.reflect.GeneratedMethodAccessor32.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
    at org.apache.jackrabbit.oak.core.ContentRepositoryImpl.login(ContentRepositoryImpl.java:165)
    at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:280)
    at com.adobe.granite.repository.impl.CRX3RepositoryImpl.login(CRX3RepositoryImpl.java:94)
Caused by: java.util.NoSuchElementException: Could not create a validated object, cause: ValidateObject failed
    at org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1233)
    at org.apache.jackrabbit.oak.security.authentication.ldap.impl.UnboundLdapConnectionPool.getConnection(UnboundLdapConnectionPool.java:46)
    at org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider.authenticate(LdapIdentityProvider.java:364)
    ... 55 common frames omitted

Environment

AEM 6.x

Cause

The LDAP server or its configuration does not work with the validation query used by the "Apache Jackrabbit Oak LDAP Identity Provider".

Resolution

To solve the issue, disable the validation queries as discussed in the following steps:

  1. Go to http://aem-host:port/system/console/configMgr, and log in as administrator.

  2. Locate LdapIdentityProvider, and click it to open the configuration.

  3. Deselect the following checkboxes:

    • Admin pool lookup on validate
    • User pool lookup on validate
  4. Save.

Licencia na používanie tohto diela sa poskytuje v súlade s podmienkami licencie Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Na príspevky v sociálnych sieťach Twitter™ a Facebook sa nevzťahujú podmienky licencií Creative Commons.

Právne upozornenia   |   Zásady ochrany osobných údajov online