CQ5 as Windows Service with LDAP Authentication

CQ5 as Windows Service with LDAP Authentication

1 Introduction

• LDAP:  Lightweight Directory Access Protocol
• Used for accessing centralized directory services.
• LDAP is often used to achieve Single Sign On which allows a user to access multiple applications after logging in once.

2 Steps

1.    Install LDAP server,

1)    Double click the file（Download from apache website first）

ApacheDirectoryStudio-win32-x86_<architecture>-<version>

2)    After start the system, Create a new server (CQ5LDAP)

New-New Server

3)    Add group and users and save them

Name: Adobe

Suffix: ou=groups, dc=adobe, dc=com)

Name: Adobe2

Suffix: ou=users, dc=adobe, dc=com)

4)    Start the server

5)    Create a new connection (CQ5LDAP)

Connection name: CQ5LDAP

Hostname: localhost

Port: 10389

6)    Fill in the Authentication information

Bind DNor user: uid=admin, ou=system

Bind password: secret

7)    Right click the connection name, Import users with LDIF Import

2.    Configure repository.xml

• Remove or comment the LoginModule element in the repository configuration (repository.xml). The configuration file can be found in the folder crx-quickstart/repository.
• Ensure that the file ldap_login.conf is in a folder such as crx-quickstart/conf/ of your CRX installation folder.
• Add the following bolded code to repository.xml so that users can login

    <SecurityManagerclass="com.day.crx.core.CRXSecurityManager">

        <WorkspaceAccessManager  class="org.apache.jackrabbit.core.

               security.simple.SimpleWorkspaceAccessManager"/>

        <UserManagerclass="com.day.crx.core.CRXUserManagerImpl">

            <paramname="usersPath"value="/home/users"/>

            <paramname="groupsPath"value="/home/groups"/>

            <paramname="defaultDepth"value="1"/>

        </UserManager>

    </SecurityManager>

3.    Change start.bat and Quickstart.bat

From the command line, start Quickstart with the option:

-Djava.security.auth.login.config=crx-quickstart/conf/ldap_login.conf

    For example:

    32-bit VM:

     java -Djava.security.auth.login.config=crx-quickstart/conf/ldap_login.conf -Xmx384M -jar crx-quickstart-<version>.jar

    64-bit VM:

     java -Djava.security.auth.login.config=crx-quickstart/conf/ldap_login.conf -XX:MaxPermSize=128m -Xmx512M -jar crx-quickstart-<version>.jar

4.    Starting CQ5 as Windows Service

We install CQ5 as a windows service with instsrv.bat located in C:\author\crx-quickstart\opt\helpers.Hence, if we want to use CQ5 service with LDAP. We need to change instsrv.bat and then run instsrv.bat to install CQ5 as a Windows Service.

Replace line 40: set jvm_options=-XX:MaxPermSize=256M

With: set jvm_options=-Djava.security.auth.login.config=C:/author2013/crx-quickstart/conf/ldap_logi n.conf";"-XX:MaxPermSize=256M

5.    Start the CQ5 service with CMD or Service of Task Manager

        c:>sc start CQ5 (or any service name you installed, say cq5author)

6.    Now you can login by LDAP users