0 Replies Latest reply on Oct 15, 2015 7:29 PM by pritam

    LDAP Group Sync With AEM

    pritam

      Hi

      I m using CQ(5.6.1) and LDAP(ApacheDS).

      I have completed the ldap user sync to CQ, Now I have to do the group sync, groups have already been created in ldap, I have to add the user to the ldap groups dynamically depending on the country specific sites e.g. if user is trying to access the Worldwide site then I need to add that user to the worldwide group and same user group need to be synchronized to CQ whenever user gets synchronized with CQ.

      However there is an attribute “autocreate.user.membership” through which we can add the user to a default group but here the prerequisite of case study is different.

      I tried with the “memberOf” attribute and specify the group “dn” but when I am trying to add this property through java api, it’s throwing an error of SvcErr:DSID-031A11E5, problem 5003(WILL_NOT_PERFORM).

       

      I have also tried to synchronize the admin user that client has provided, it contains all the attributes like “memberOf”  and group “dn” value has already been specified for the memberOf attribute, through JMX(com.adobe.granite.ldap) and sync the user using syncUser method  but only user is getting synchronized , group is not getting synchronized.

       

      I have attached the ldap_login configuration file that I am using to connect to ldap.

      I have followed the same web links but that did not work for group sync.

      I am using AEM 5.6.1 and LDAP(Active Directory), I have completed the ldap user sync to CQ, Now I have to do the group sync, groups have already been created in ldap, I have to add the user to the ldap groups dynamically depending on the country specific sites e.g. if user is trying to access the Worldwide site then I need to add that user to the worldwide group and same user group need to be synchronized to CQ whenever user gets synchronized with CQ.

      However there is an attribute “autocreate.user.membership” through which we can add the user to a default group but here the prerequisite of case study is different.

      I tried with the “memberOf” attribute and specify the group “dn” but when I am trying to add this property through java api, it’s throwing an error of SvcErr:DSID-031A11E5, problem 5003(WILL_NOT_PERFORM).

       

      I have also tried to synchronize the admin user that client has provided, it contains all the attributes like “memberOf”  and group “dn” value has already been specified for the memberOf attribute, through JMX(com.adobe.granite.ldap) and sync the user using syncUser method  but only user is getting synchronized , group is not getting synchronized.

       

      I have attached the ldap_login configuration file that I am using to connect to ldap.