2 Replies Latest reply on Jul 23, 2013 10:12 AM by great98

    CQ5.5 and ldap integration/synchronization

    kumaranf

      Hi,

       

      I have been trying to integrate ldap with CQ5.5 on Win7 machine. Following are the steps I have taken:

       

      1. Installed cq-service-pack-5.5.2.20121012.zip

       

      2. Installed cq-update-pkg-5.5.10.zip

       

      1. Created F:/installed/cq5/author/crx-quickstart/conf/ldap_login.conf file with following content:

       

      com.day.crx {
         com.day.crx.core.CRXLoginModule optional
         tokenExpiration="1800000";
         com.day.crx.security.ldap.LDAPLoginModule required
                    principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider"
                    tokenExpiration="1800000"
                    host="xx.xx.xx.xx"
                    port="636"
                    secure="true"
                    authDn="adt\\taduser"
                    authPw="xxxxxx"
                    userRoot="OU=publish,OU=people,DC=adt,DC=com"
                    userIdAttribute="userPrincipalName"
                    autocreate="create"
                    autocreate.path="none"
                    autocreate.user.firstName="rep:firstName"
                    autocreate.user.mail="profile/email"
                    autocreate.user.sn="profile/familyName"
                    autocreate.user.cn="rep:fullname"
                    groupRoot="OU=publish,OU=group,DC=adt,DC=com"
                    groupNameAttribute="CN"
                    autocreate.group.description="description"
                    autocreate.group.cn="rep:groupName"
                    groupMembershipAttribute="member"
                    userFilter="(objectClass=person)"
                    groupFilter="(objectClass=group)"
                    cache.expiration="1"
                    cache.maxsize="1";
      };
      

       

      2. Updated F:\installed\cq5\author\crx-quickstart\repository\repository.xml with:

       

      <?xml version="1.0" encoding="ISO-8859-1"?>
      <!-- ======================================================================= -->
      <!-- $Id: repository-template.xml 78567 2011-06-16 04:27:03Z tripod $ -->
      <!-- ======================================================================= -->
      <!-- Copyright (c) 1997-2008 Day Management AG                               -->
      <!-- Barfuesserplatz 6, 4001 Basel, Switzerland                              -->
      <!-- All Rights Reserved.                                                    -->
      <!--                                                                         -->
      <!-- This software is the confidential and proprietary information of        -->
      <!-- Day Management AG, ("Confidential Information"). You shall not          -->
      <!-- disclose such Confidential Information and shall use it only in         -->
      <!-- accordance with the terms of the license agreement you entered into     -->
      <!-- with Day.                                                               -->
      <!-- ======================================================================= -->
      <!DOCTYPE Repository PUBLIC "-//Day Management AG//DTD CRX 2.4//EN"
                                  "http://www.day.com/dtd/repository-2.4.dtd">
      <Repository>
          <!--
          virtual file system where the repository stores global state
          (e.g. registered namespaces, custom node types, etc.)
          -->
          <!--
          <FileSystem class="com.day.jackrabbit.fs.cq.CQFileSystem">
              <param name="path" value="${rep.home}/repStore.dat"/>
              <param name="autoRepair" value="false"/>
          </FileSystem>
          -->
          <FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
              <param name="path" value="${rep.home}/repository"/>
          </FileSystem>
      
      
          <!--
          large binary objects are stored in the data store.
          -->
          <DataStore class="com.day.crx.core.data.ClusterDataStore"/>
      
      
          <!--
          security configuration
          -->
          <Security appName="com.day.crx">
              <!--
                  security manager:
                  class: FQN of class implementing the JackrabbitSecurityManager interface
              -->
              <!--SecurityManager class="com.day.crx.core.CRXSecurityManager" workspaceName="" -->
              <SecurityManager class="com.day.crx.core.CRXSecurityManager">
              <!-- LDAP related configuration -->
                              <WorkspaceAccessManager class="org.apache.jackrabbit.core.security.simple.SimpleWorkspaceAccessManager"/>
                              <UserManager class="com.day.crx.core.CRXUserManagerImpl">
                              <param name="usersPath" value="/home/users"/>
                              <param name="groupsPath" value="/home/groups"/>
                              <param name="defaultDepth" value="1"/>
                              </UserManager>
                  <!--
                  optional user manager configuration
      
      
                  <UserManager class="org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager">
                      <param name="usersPath" value="/home/users"/>
                      <param name="groupsPath" value="/home/groups"/>
                      <param name="defaultDepth" value="1"/>
                      <param name="autoExpandTree" value="true"/>
                      <AuthorizableAction class="org.apache.jackrabbit.core.security.user.action.AccessControlAction">
                        <param name="groupPrivilegeNames" value="jcr:read"/>
                        <param name="userPrivilegeNames" value="jcr:all"/>
                      </AuthorizableAction>
                      AuthorizableAction class="com.day.crx.core.ntlm.NTLMAuthorizableAction"/>
                  </UserManager> -->
      
      
                  <!--
                  optional workspace access manager configuration
                 -->
              </SecurityManager>
                          <!--
              access manager:
              class: FQN of class implementing the AccessManager interface
              -->
              <AccessManager class="org.apache.jackrabbit.core.security.DefaultAccessManager"></AccessManager>
              <!--
              Use LoginModule authenticating against repository itself
      -->
              <LoginModule class="com.day.crx.core.CRXLoginModule">
                  <param name="anonymousId" value="anonymous"/>
                  <param name="adminId" value="admin"/>
                  <param name="disableNTLMAuth" value="true"/>
                  <param name="tokenExpiration" value="43200000"/>
                  <!-- param name="trust_credentials_attribute" value="d5b9167e95dad6e7d3b5d6fa8df48af8"/ -->
              </LoginModule>
          </Security>
      
      
      
      
          <!--
          location of workspaces root directory and name of default workspace
          -->
          <Workspaces rootPath="${rep.home}/workspaces" defaultWorkspace="crx.default" maxIdleTime="5"/>
          <!--
          workspace configuration template:
          used to create the initial workspace if there's no workspace yet
          -->
          <Workspace name="${wsp.name}" simpleLocking="true">
              <!--
              virtual file system of the workspace:
              class: FQN of class implementing FileSystem interface
              -->
              <FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
                  <param name="path" value="${wsp.home}"/>
              </FileSystem>
      
      
              <!--
              persistence manager of the workspace:
              class: FQN of class implementing PersistenceManager interface
              -->
              <PersistenceManager class="com.day.crx.persistence.tar.TarPersistenceManager"/>
      
      
              <!--
              Search index and the file system it uses.
              -->
              <SearchIndex class="com.day.crx.query.lucene.LuceneHandler">
                  <param name="path" value="${wsp.home}/index"/>
                  <param name="resultFetchSize" value="50"/>
              </SearchIndex>
      
      
              <!--
              Workspace security configuration
              -->
              <WorkspaceSecurity>
                  <AccessControlProvider class="org.apache.jackrabbit.core.security.authorization.acl.ACLProvider">
                      <param name="omit-default-permission" value="true"/>
                  </AccessControlProvider>
              </WorkspaceSecurity>
      
      
              <!--
              XML Import configuration of the workspace
              -->
              <Import>
                  <ProtectedItemImporter class="org.apache.jackrabbit.core.xml.AccessControlImporter"/>
                  <ProtectedItemImporter class="org.apache.jackrabbit.core.security.user.UserImporter">
                      <param name="importBehavior" value="besteffort"/>
                  </ProtectedItemImporter>
              </Import>
          </Workspace>
      
      
          <!--
              Configures the versioning
          -->
          <Versioning rootPath="${rep.home}/version">
              <!--
                  Configures the filesystem to use for versioning of the respective
                  persistence manager
              -->
              <FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
                  <param name="path" value="${rep.home}/version"/>
              </FileSystem>
      
      
              <!--
                  Configures the persistence manager to use for the versioning.
                  Please note, that the current versioning implementation is based on
                  a 'normal' persistence manager, but this could change in future
                  implementations.
              -->
              <PersistenceManager class="com.day.crx.persistence.tar.TarPersistenceManager"/>
      
      
          </Versioning>
      
      
          <!--
              Enable searching the /jcr:system subtree
          -->
          <SearchIndex class="com.day.crx.query.lucene.LuceneHandler">
              <param name="path" value="${rep.home}/repository/index"/>
          </SearchIndex>
      
      
          <!--
              Cluster configuration.
          -->
          <Cluster>
              <Journal class="com.day.crx.persistence.tar.TarJournal"/>
          </Cluster>
      
      
          <!--
              Configures extension modules
          -->
          <Modules>
              <!--
                 Sample configuration of an EventLoggerModule requiring configuration
                 <Module class="com.day.crx.eventlogger.EventLoggerModule">
                     <param name="workspaces" value="crx.default"/>
                     <param name="logWorkspace" value="crx.logger"/>
                     <param name="logPath" value="/logger"/>
                 </Module>
              -->
          </Modules>
      </Repository>
      

       

      3. Updated F:\installed\cq5\author\crx-quickstart\bin\quickstart.bat with:

       

      @echo off
      :: This script configures the start information for this server.
      ::
      :: The following variables may be used to override the defaults.
      :: For one-time overrides the variable can be set as part of the command-line; e.g.,
      ::
      ::     SET CQ_PORT=1234 & ./start.bat
      ::
      setlocal
      
      
      ::* TCP port used for stop and status scripts
      set CQ_PORT=4502
      
      
      ::* http host name
      :: set CQ_HOST=
      
      
      ::* interface that this server should listen to
      :: set CQ_INTERFACE=eth0
      
      
      ::* show gui
      set CQ_GUI=true
      
      
      ::* do not show browser on startup
      set CQ_NOBROWSER=true
      
      
      ::* do not redirect stdout/stderr (logs to console)
      set CQ_VERBOSE=true
      
      
      ::* do not fork the JVM
      :: set CQ_NOFORK=true
      
      
      ::* force forking the VM using recommended default memory settings
      :: set CQ_FORK=true
      
      
      ::* additional arguments for the forked JVM
      :: set CQ_FORKARGS=
      
      
      ::* runmode(s)
      set CQ_RUNMODE=author,dev
      
      
      ::* defines the path under which the quickstart work folder is located
      :: set CQ_BASEFOLDER=
      
      
      ::* low memory action
      :: set CQ_LOWMEMACTION=
      
      
      ::* name of the jarfile
      :: set CQ_JARFILE=
      
      
      ::* use jaas.config
      :: set CQ_USE_JAAS=true
      
      
      ::* config for jaas
      set CQ_JAAS_CONFIG=F:/installed/cq5/author/crx-quickstart/conf/ldap_login.conf
      
      
      ::* default JVM options
      set CQ_JVM_OPTS=-Djava.security.auth.login.config=F:/installed/cq5/author/crx-quickstart/conf/ldap_login.conf -Xms1024m -Xmx1024m  -XX:PermSize=256M -XX:MaxPermSize=256M -XX:+UseConcMarkSweepGC -XX:NewRatio=1 -XX:CMSInitiatingOccupancyFraction=85 -XX:ParallelGCThreads=4 -XX:GCTimeRatio=3 -XX:+UseParNewGC -XX:-UseGCOverheadLimit -XX:SurvivorRatio=6 -Xloggc:F:/installed/cq5/author/crx-quickstart/gc.log -verbose:gc -XX:+PrintGCTimeStamps  -XX:+HeapDumpOnOutOfMemoryError -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=9998 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djava.awt.headless=true
      
      
      ::* ------------------------------------------------------------------------------
      ::* do not configure below this point
      ::* ------------------------------------------------------------------------------
      
      
      chdir /D %~dp0
      cd ..\..
      set START_OPTS=-use-control-port
      if defined CQ_PORT            set START_OPTS=%START_OPTS% -p %CQ_PORT%
      if defined CQ_INTERFACE       set START_OPTS=%START_OPTS% -a %CQ_INTERFACE%
      if defined CQ_GUI             set START_OPTS=%START_OPTS% -gui
      if defined CQ_NOBROWSER       set START_OPTS=%START_OPTS% -nobrowser
      if defined CQ_VERBOSE         set START_OPTS=%START_OPTS% -verbose
      if defined CQ_NOFORK          set START_OPTS=%START_OPTS% -nofork
      if defined CQ_FORK            set START_OPTS=%START_OPTS% -fork
      if defined CQ_FORKARGS        set START_OPTS=%START_OPTS% -forkargs %CQ_FORKARGS%
      if defined CQ_RUNMODE         set START_OPTS=%START_OPTS% -r %CQ_RUNMODE%
      if defined CQ_BASEFOLDER      set START_OPTS=%START_OPTS% -b %CQ_BASEFOLDER%
      if defined CQ_LOWMEMACTION    set START_OPTS=%START_OPTS% -low-mem-action %CQ_LOWMEMACTION%
      if defined CQ_HOST            set START_OPTS=%START_OPTS% -Dorg.apache.felix.http.host=%CQ_HOST%
      if defined CQ_USE_JAAS        set START_OPTS=%START_OPTS% -Djava.security.auth.login.config=%CQ_JAAS_CONFIG%
      if not defined CQ_JARFILE     for %%X in (*.jar) do set CQ_JARFILE=%%X
      
      
      tasklist > oldTaskList.txt
      start "CQ" cmd.exe /K java %CQ_JVM_OPTS% -jar %CQ_JARFILE% %START_OPTS%
      tasklist > newTaskList.txt
      java -cp %~dp0 GetProcessID oldTaskList.txt newTaskList.txt java.exe > crx-quickstart\conf\cq.pid
      del newTaskList.txt
      del oldTaskList.txt
      

       

       

      4. Started CQ5 by double-clicking F:\installed\cq5\author\crx-quickstart\bin\quickstart.bat

       

      Issue: I am not able to see the domain "com.adobe.granite.ldap" in http://localhost:4502/system/console/jmx

       

      I am not sure what have I done wrong. Please let me know how can I synchronize all the users from LDAP into CRX.

       

      Thanks in advance,

      Anurag