Today we'll learn how to integrate LDAP with Adobe CQ5
1. First we need to setup LDAP directory server. In this article we'll use Apache Directory server. Download Apache Directory server for Window machine from here. Once it is done then install. Installation is very straight forward.
2. Once installation is completed then setup new server and select 1.5.3 version. And enter name as you like.
3. select the server and click on create new connection.
4. Now create a user.
Select ou=users -> Right click New -> New Entry -> Create Entry from Scratch. Select as per below
Click on Finish.
5. Now we need to create password. Right click -> New Attribute -> Select userPassword from dropdown and click finish. A new window will come up and enter password as you like. You should use this password later when login to CQ.
6. Nest step is to create ldap_login.conf. Create a directory with the name as conf under CQ installation directory.
com.day.crx {
com.day.crx.core.CRXLoginModule sufficient;
com.day.crx.security.ldap.LDAPLoginModule required
principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider"
host="localhost"
port="10389"
secure="false"
authDn="uid=admin,ou=system"
authPw="secret"
userRoot="ou=users,ou=system"
userIdAttribute="uid"
userFilter="(objectClass=*)"
groupRoot="ou=groups, o=example"
groupMembershipAttribute="uniquemember"
autocreate="create"
autocreate.user.membership="contributor"
autocreate.user.mail="rep:e-mail"
autocreate.user.cn="rep:fullname"
autocreate.group.description="description"
autocreate.group.mail="rep:e-mail"
autocreate.group.cn="rep:fullname"
autocreate.path="direct"
cache.expiration="600"
cache.maxsize="100";
};
5. Next step is to modify repository.xml. Here we need to remove the below entry from repository.xml -
<LoginModule class="com.day.crx.core.CRXLoginModule">
<param name="anonymousId" value="anonymous"/>
<param name="adminId" value="admin"/>
<param name="tokenExpiration" value="43200000"/>
</LoginModule>
6. Now the last step is to start CQ. Start CQ with below command line
4. Now create a user.
Select ou=users -> Right click New -> New Entry -> Create Entry from Scratch. Select as per below
Click on Finish.
5. Now we need to create password. Right click -> New Attribute -> Select userPassword from dropdown and click finish. A new window will come up and enter password as you like. You should use this password later when login to CQ.
6. Nest step is to create ldap_login.conf. Create a directory with the name as conf under CQ installation directory.
com.day.crx {
com.day.crx.core.CRXLoginModule sufficient;
com.day.crx.security.ldap.LDAPLoginModule required
principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider"
host="localhost"
port="10389"
secure="false"
authDn="uid=admin,ou=system"
authPw="secret"
userRoot="ou=users,ou=system"
userIdAttribute="uid"
userFilter="(objectClass=*)"
groupRoot="ou=groups, o=example"
groupMembershipAttribute="uniquemember"
autocreate="create"
autocreate.user.membership="contributor"
autocreate.user.mail="rep:e-mail"
autocreate.user.cn="rep:fullname"
autocreate.group.description="description"
autocreate.group.mail="rep:e-mail"
autocreate.group.cn="rep:fullname"
autocreate.path="direct"
cache.expiration="600"
cache.maxsize="100";
};
5. Next step is to modify repository.xml. Here we need to remove the below entry from repository.xml -
<LoginModule class="com.day.crx.core.CRXLoginModule">
<param name="anonymousId" value="anonymous"/>
<param name="adminId" value="admin"/>
<param name="tokenExpiration" value="43200000"/>
</LoginModule>
6. Now the last step is to start CQ. Start CQ with below command line
java
-Djava.security.auth.login.config=crx-quickstart/conf/ldap_login.conf
-XX:MaxPermSize=128m -Xmx512M -jar cq5-author-4502.jar
Once CQ is started then you will not be able to see newly created user in users list when you are logged in as admin. This user only be available after you try login first time with the credentials you entered while creating user in ApacheDS.
