Skip to content

Latest commit

 

History

History
78 lines (44 loc) · 3.24 KB

tutorial-03-test.md

File metadata and controls

78 lines (44 loc) · 3.24 KB

AEM 6.1 LDAP Authentication Tutorial

Step 03 - Test that it works!

In this step we verify that the LDAP authentication works and if the users are synced properly.

! If you want to fast forward, here's the ldap-config-with-profile-pkg.zip package with the resulting configuration of this step.

Requirements

  1. LDAP Server with example data (from step 01)
  2. AEM 6.1 installation with configured LDAP authentication (from step 02)

1. simple test - login as a ldap user

The first test is to login as a user that does not exist in the repository but only on the ldap.

  • ensure to logout previous session or clear all browser cookie or use a different browser, hostname or IP
  • open browser to aem: http://127.0.0.1:4502/
  • login as wbush with password pass

if the login succeeds, you should now see the authoring environment because we configured the user.autoMembership to include the contributor group.

Looking at the users and groups should show the user William Bush and his group:

useradmin

If you look at the log files, you should see something like this here: log-snip-01.md

2. add more config for first- and givenname

As you can see in the AEM user admin, the fields for First Name and Last Name are empty, because the AEM useradmin uses the profile/givenName and profile/familyName properties.

So let's alter the config so that this information is populated as well.

  • open the Felix Configuration Manager and search for the "Default Sync Handler" factory config and click on the first confg to edit it

  • change the value for User property mapping and add the mappings.

  • also lower the value for User expiration time so we can see the effects sooner

Enter the following information:

Name Value
User Expiration Time 10s
User property mapping rep:fullname=cn
profile/nt:primaryType="nt:unstructured"
profile/givenName=givenname
profile/familyName=sn

new config

And save the config.

Now, if you logout and login again with wbush the user should be resynced.

useradmin

3. use JMX console to sync more users

Oak comes with a default JMX mbean that allows you to control the sync handler.

  • open the Felix JMX Console and search for the "External Identity" bean and select it

jmx console

jmx synchandler

  • click on syncAllExternalUsers() and then on invoke. this will collect all the users from the IDP and sync them with the repository. you will see an add op property for all newly added users, and an upd for the updated ones.

sync users

checking back the user admin shows the newly imported users and groups

useradmin