Hi,
I have been trying to integrate ldap with CQ5.5 on Win7 machine. Following are the steps I have taken:
1. Installed cq-service-pack-5.5.2.20121012.zip
2. Installed cq-update-pkg-5.5.10.zip
1. Created F:/installed/cq5/author/crx-quickstart/conf/ldap_login.conf file with following content:
com.day.crx { com.day.crx.core.CRXLoginModule optional tokenExpiration=1800000; com.day.crx.security.ldap.LDAPLoginModule required principal_provider.class=com.day.crx.security.ldap.principals.LDAPPrincipalProvider tokenExpiration=1800000 host=xx.xx.xx.xx port=636 secure=true authDn="adt\\taduser authPw=xxxxxx userRoot=OU=publish,OU=people,DC=adt,DC=com userIdAttribute=userPrincipalName autocreate=create autocreate.path=none autocreate.user.firstName=rep:firstName autocreate.user.mail=profile/email autocreate.user.sn=profile/familyName autocreate.user.cn=rep:fullname groupRoot=OU=publish,OU=group,DC=adt,DC=com groupNameAttribute=CN autocreate.group.description=description autocreate.group.cn=rep:groupName groupMembershipAttribute=member userFilter=(objectClass=person) groupFilter=(objectClass=group) cache.expiration=1 cache.maxsize=1";
};
2. Updated F:\installed\cq5\author\crx-quickstart\repository\repository.xml with:
<?xml version="1.0" encoding="ISO-8859-1"?><!-- ======================================================================= --><!-- $Id: repository-template.xml 78567 2011-06-16 04:27:03Z tripod $ --><!-- ======================================================================= --><!-- Copyright (c) 1997-2008 Day Management AG --><!-- Barfuesserplatz 6, 4001 Basel, Switzerland --><!-- All Rights Reserved. --><!-- --><!-- This software is the confidential and proprietary information of --><!-- Day Management AG, ("Confidential Information"). You shall not --><!-- disclose such Confidential Information and shall use it only in --><!-- accordance with the terms of the license agreement you entered into --><!-- with Day. --><!-- ======================================================================= --><!DOCTYPE Repository PUBLIC "-//Day Management AG//DTD CRX 2.4//EN" "http://www.day.com/dtd/repository-2.4.dtd"><Repository> <!-- virtual file system where the repository stores global state (e.g. registered namespaces, custom node types, etc.) --> <!-- <FileSystem class="com.day.jackrabbit.fs.cq.CQFileSystem"> <param name="path" value="${rep.home}/repStore.dat"/> <param name="autoRepair" value="false"/> </FileSystem> --> <FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem"> <param name="path" value="${rep.home}/repository"/> </FileSystem> <!-- large binary objects are stored in the data store. --> <DataStore class="com.day.crx.core.data.ClusterDataStore"/> <!-- security configuration --> <Security appName="com.day.crx"> <!-- security manager: class: FQN of class implementing the JackrabbitSecurityManager interface --> <!--SecurityManager class="com.day.crx.core.CRXSecurityManager" workspaceName="" --> <SecurityManager class="com.day.crx.core.CRXSecurityManager"> <!-- LDAP related configuration --> <WorkspaceAccessManager class="org.apache.jackrabbit.core.security.simple.SimpleWorkspaceAccessManager"/> <UserManager class="com.day.crx.core.CRXUserManagerImpl"> <param name="usersPath" value="/home/users"/> <param name="groupsPath" value="/home/groups"/> <param name="defaultDepth" value="1"/> </UserManager> <!-- optional user manager configuration <UserManager class="org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager"> <param name="usersPath" value="/home/users"/> <param name="groupsPath" value="/home/groups"/> <param name="defaultDepth" value="1"/> <param name="autoExpandTree" value="true"/> <AuthorizableAction class="org.apache.jackrabbit.core.security.user.action.AccessControlAction"> <param name="groupPrivilegeNames" value="jcr:read"/> <param name="userPrivilegeNames" value="jcr:all"/> </AuthorizableAction> AuthorizableAction class="com.day.crx.core.ntlm.NTLMAuthorizableAction"/> </UserManager> --> <!-- optional workspace access manager configuration --> </SecurityManager> <!-- access manager: class: FQN of class implementing the AccessManager interface --> <AccessManager class="org.apache.jackrabbit.core.security.DefaultAccessManager"></AccessManager> <!-- Use LoginModule authenticating against repository itself
--> <LoginModule class="com.day.crx.core.CRXLoginModule"> <param name="anonymousId" value="anonymous"/> <param name="adminId" value="admin"/> <param name="disableNTLMAuth" value="true"/> <param name="tokenExpiration" value="43200000"/> <!-- param name="trust_credentials_attribute" value="d5b9167e95dad6e7d3b5d6fa8df48af8"/ --> </LoginModule> </Security> <!-- location of workspaces root directory and name of default workspace --> <Workspaces rootPath="${rep.home}/workspaces" defaultWorkspace="crx.default" maxIdleTime="5"/> <!-- workspace configuration template: used to create the initial workspace if there's no workspace yet --> <Workspace name="${wsp.name}" simpleLocking="true"> <!-- virtual file system of the workspace: class: FQN of class implementing FileSystem interface --> <FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem"> <param name="path" value="${wsp.home}"/> </FileSystem> <!-- persistence manager of the workspace: class: FQN of class implementing PersistenceManager interface --> <PersistenceManager class="com.day.crx.persistence.tar.TarPersistenceManager"/> <!-- Search index and the file system it uses. --> <SearchIndex class="com.day.crx.query.lucene.LuceneHandler"> <param name="path" value="${wsp.home}/index"/> <param name="resultFetchSize" value="50"/> </SearchIndex> <!-- Workspace security configuration --> <WorkspaceSecurity> <AccessControlProvider class="org.apache.jackrabbit.core.security.authorization.acl.ACLProvider"> <param name="omit-default-permission" value="true"/> </AccessControlProvider> </WorkspaceSecurity> <!-- XML Import configuration of the workspace --> <Import> <ProtectedItemImporter class="org.apache.jackrabbit.core.xml.AccessControlImporter"/> <ProtectedItemImporter class="org.apache.jackrabbit.core.security.user.UserImporter"> <param name="importBehavior" value="besteffort"/> </ProtectedItemImporter> </Import> </Workspace> <!-- Configures the versioning --> <Versioning rootPath="${rep.home}/version"> <!-- Configures the filesystem to use for versioning of the respective persistence manager --> <FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem"> <param name="path" value="${rep.home}/version"/> </FileSystem> <!-- Configures the persistence manager to use for the versioning. Please note, that the current versioning implementation is based on a 'normal' persistence manager, but this could change in future implementations. --> <PersistenceManager class="com.day.crx.persistence.tar.TarPersistenceManager"/> </Versioning> <!-- Enable searching the /jcr:system subtree --> <SearchIndex class="com.day.crx.query.lucene.LuceneHandler"> <param name="path" value="${rep.home}/repository/index"/> </SearchIndex> <!-- Cluster configuration. --> <Cluster> <Journal class="com.day.crx.persistence.tar.TarJournal"/> </Cluster> <!-- Configures extension modules --> <Modules> <!-- Sample configuration of an EventLoggerModule requiring configuration <Module class="com.day.crx.eventlogger.EventLoggerModule"> <param name="workspaces" value="crx.default"/> <param name="logWorkspace" value="crx.logger"/> <param name="logPath" value="/logger"/> </Module> --> </Modules></Repository>
3. Updated F:\installed\cq5\author\crx-quickstart\bin\quickstart.bat with:
@echo off
:: This script configures the start information for this server.
::
:: The following variables may be used to override the defaults.
:: For one-time overrides the variable can be set as part of the command-line; e.g.,
::
:: SET CQ_PORT=1234 & ./start.bat
::
setlocal
::* TCP port used for stop and status scripts
set CQ_PORT=4502
::* http host name
:: set CQ_HOST=
::* interface that this server should listen to
:: set CQ_INTERFACE=eth0
::* show gui
set CQ_GUI=true
::* do not show browser on startup
set CQ_NOBROWSER=true
::* do not redirect stdout/stderr (logs to console)
set CQ_VERBOSE=true
::* do not fork the JVM
:: set CQ_NOFORK=true
::* force forking the VM using recommended default memory settings
:: set CQ_FORK=true
::* additional arguments for the forked JVM
:: set CQ_FORKARGS=
::* runmode(s)
set CQ_RUNMODE=author,dev
::* defines the path under which the quickstart work folder is located
:: set CQ_BASEFOLDER=
::* low memory action
:: set CQ_LOWMEMACTION=
::* name of the jarfile
:: set CQ_JARFILE=
::* use jaas.config
:: set CQ_USE_JAAS=true
::* config for jaas
set CQ_JAAS_CONFIG=F:/installed/cq5/author/crx-quickstart/conf/ldap_login.conf
::* default JVM options
set CQ_JVM_OPTS=-Djava.security.auth.login.config=F:/installed/cq5/author/crx-quickstart/conf/ldap_login.conf -Xms1024m -Xmx1024m -XX:PermSize=256M -XX:MaxPermSize=256M -XX:+UseConcMarkSweepGC -XX:NewRatio=1 -XX:CMSInitiatingOccupancyFraction=85 -XX:ParallelGCThreads=4 -XX:GCTimeRatio=3 -XX:+UseParNewGC -XX:-UseGCOverheadLimit -XX:SurvivorRatio=6 -Xloggc:F:/installed/cq5/author/crx-quickstart/gc.log -verbose:gc -XX:+PrintGCTimeStamps -XX:+HeapDumpOnOutOfMemoryError -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=9998 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djava.awt.headless=true
::* ------------------------------------------------------------------------------
::* do not configure below this point
::* ------------------------------------------------------------------------------
chdir /D %~dp0
cd ..\..
set START_OPTS=-use-control-port
if defined CQ_PORT set START_OPTS=%START_OPTS% -p %CQ_PORT%
if defined CQ_INTERFACE set START_OPTS=%START_OPTS% -a %CQ_INTERFACE%
if defined CQ_GUI set START_OPTS=%START_OPTS% -gui
if defined CQ_NOBROWSER set START_OPTS=%START_OPTS% -nobrowser
if defined CQ_VERBOSE set START_OPTS=%START_OPTS% -verbose
if defined CQ_NOFORK set START_OPTS=%START_OPTS% -nofork
if defined CQ_FORK set START_OPTS=%START_OPTS% -fork
if defined CQ_FORKARGS set START_OPTS=%START_OPTS% -forkargs %CQ_FORKARGS%
if defined CQ_RUNMODE set START_OPTS=%START_OPTS% -r %CQ_RUNMODE%
if defined CQ_BASEFOLDER set START_OPTS=%START_OPTS% -b %CQ_BASEFOLDER%
if defined CQ_LOWMEMACTION set START_OPTS=%START_OPTS% -low-mem-action %CQ_LOWMEMACTION%
if defined CQ_HOST set START_OPTS=%START_OPTS% -Dorg.apache.felix.http.host=%CQ_HOST%
if defined CQ_USE_JAAS set START_OPTS=%START_OPTS% -Djava.security.auth.login.config=%CQ_JAAS_CONFIG%
if not defined CQ_JARFILE for %%X in (*.jar) do set CQ_JARFILE=%%X
tasklist > oldTaskList.txt
start CQ cmd.exe /K java %CQ_JVM_OPTS% -jar %CQ_JARFILE% %START_OPTS%
tasklist > newTaskList.txt
java -cp %~dp0 GetProcessID oldTaskList.txt newTaskList.txt java.exe > crx-quickstart\conf\cq.pid
del newTaskList.txt
del oldTaskList.txt
4. Started CQ5 by double-clicking F:\installed\cq5\author\crx-quickstart\bin\quickstart.bat
Issue: I am not able to see the domain "com.adobe.granite.ldap" in http://localhost:4502/system/console/jmx
I am not sure what have I done wrong. Please let me know how can I synchronize all the users from LDAP into CRX.
Thanks in advance,
Anurag