We can follow the below steps for configuring LDAP in AEM 6.x
- LDAP Server is running. (To test, you can install Apache Directory Studio and start the LDAP Server running with basic data)
- Should know the LDAP Server Hostname, Port and Binding Password.
- AEM 6.x instance running
Step1: configure LDAP identity provider
Open the Felix Web Console (http://localhost:4502/system/console/configMgr) and search for the “Apache Jackrabbit Oak LDAP Identity Provider” config and click on the plus ‘+’ button.
Important properties to add:
LDAP Provider Name, LDAP Server Hostname and Port, Bind DN, Bind Pwd, User base DN, User Id attribute, Group base DN, Group Object Classes, Group Name attribute, Group member attribute
You can map these values with the LDAP data below
Click on ‘Save’
Step2: configure Default Sync Handler
In the Felix Web console, search for the “Apache Jackrabbit Default Sync Handler” config and click on the plus ‘+’ button
Give the Sync Handle Name and User Property Mapping as shown in the screenshot and Click ‘Save’
Step3: configure the external login module
In the Felix Web console, search for the “Apache Jackrabbit External Login Module” config and click on the plus ‘+’ button
Enter the ‘Identity Provider Name’ and ‘Sync Handler Name’ which created before and Click ‘Save’
Now, you should be able to login with the User details present in the LDAP. You can see the new user created in the AEM and the same can be verified in User Admin (http://localhost:4502/useradmin)
Offline User Sync
You can also sync all the users’ offline from LDAP
Step1: Go to jmx console (http://localhost:4502/system/console/jmx). Search for ‘External Identity Synchornization Management’ and click
Click on ‘syncAllExternalUsers() to sync all the users manually.
It is always better to configure LDAP related logging.
– open Config Manager (http://localhost:4502/system/console/configMgr) in the Felix console
– Search for ‘Apache Sling Logging Logger Configuration. Add new logger
You can also see my article on LDAP configuration in AEM Community page aswell configuring-aem6-apache-directory-service