Hi,
I have been trying to integrate ldap with CQ5.5 on Win7 machine. Following are the steps I have taken:
1. Installed cq-service-pack-5.5.2.20121012.zip
2. Installed cq-update-pkg-5.5.10.zip
1. Created F:/installed/cq5/author/crx-quickstart/conf/ldap_login.conf file with following content:
com.day.crx { com.day.crx.core.CRXLoginModule optional tokenExpiration="1800000"; com.day.crx.security.ldap.LDAPLoginModule required principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider" tokenExpiration="1800000" host="xx.xx.xx.xx" port="636" secure="true" authDn="adt\\taduser" authPw="xxxxxx" userRoot="OU=publish,OU=people,DC=adt,DC=com" userIdAttribute="userPrincipalName" autocreate="create" autocreate.path="none" autocreate.user.firstName="rep:firstName" autocreate.user.mail="profile/email" autocreate.user.sn="profile/familyName" autocreate.user.cn="rep:fullname" groupRoot="OU=publish,OU=group,DC=adt,DC=com" groupNameAttribute="CN" autocreate.group.description="description" autocreate.group.cn="rep:groupName" groupMembershipAttribute="member" userFilter="(objectClass=person)" groupFilter="(objectClass=group)" cache.expiration="1" cache.maxsize="1";
};
2. Updated F:\installed\cq5\author\crx-quickstart\repository\repository.xml with:
<?xml version="1.0" encoding="ISO-8859-1"?><!-- ======================================================================= --><!-- $Id: repository-template.xml 78567 2011-06-16 04:27:03Z tripod $ --><!-- ======================================================================= --><!-- Copyright (c) 1997-2008 Day Management AG --><!-- Barfuesserplatz 6, 4001 Basel, Switzerland --><!-- All Rights Reserved. --><!-- --><!-- This software is the confidential and proprietary information of --><!-- Day Management AG, ("Confidential Information"). You shall not --><!-- disclose such Confidential Information and shall use it only in --><!-- accordance with the terms of the license agreement you entered into --><!-- with Day. --><!-- ======================================================================= --><!DOCTYPE Repository PUBLIC "-//Day Management AG//DTD CRX 2.4//EN" "http://www.day.com/dtd/repository-2.4.dtd"><Repository> <!-- virtual file system where the repository stores global state (e.g. registered namespaces, custom node types, etc.) --> <!-- <FileSystem class="com.day.jackrabbit.fs.cq.CQFileSystem"> <param name="path" value="${rep.home}/repStore.dat"/> <param name="autoRepair" value="false"/> </FileSystem> --> <FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem"> <param name="path" value="${rep.home}/repository"/> </FileSystem> <!-- large binary objects are stored in the data store. --> <DataStore class="com.day.crx.core.data.ClusterDataStore"/> <!-- security configuration --> <Security appName="com.day.crx"> <!-- security manager: class: FQN of class implementing the JackrabbitSecurityManager interface --> <!--SecurityManager class="com.day.crx.core.CRXSecurityManager" workspaceName="" --> <SecurityManager class="com.day.crx.core.CRXSecurityManager"> <!-- LDAP related configuration --> <WorkspaceAccessManager class="org.apache.jackrabbit.core.security.simple.SimpleWorkspaceAccessManager"/> <UserManager class="com.day.crx.core.CRXUserManagerImpl"> <param name="usersPath" value="/home/users"/> <param name="groupsPath" value="/home/groups"/> <param name="defaultDepth" value="1"/> </UserManager> <!-- optional user manager configuration <UserManager class="org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager"> <param name="usersPath" value="/home/users"/> <param name="groupsPath" value="/home/groups"/> <param name="defaultDepth" value="1"/> <param name="autoExpandTree" value="true"/> <AuthorizableAction class="org.apache.jackrabbit.core.security.user.action.AccessControlAction"> <param name="groupPrivilegeNames" value="jcr:read"/> <param name="userPrivilegeNames" value="jcr:all"/> </AuthorizableAction> AuthorizableAction class="com.day.crx.core.ntlm.NTLMAuthorizableAction"/> </UserManager> --> <!-- optional workspace access manager configuration --> </SecurityManager> <!-- access manager: class: FQN of class implementing the AccessManager interface --> <AccessManager class="org.apache.jackrabbit.core.security.DefaultAccessManager"></AccessManager> <!-- Use LoginModule authenticating against repository itself
--> <LoginModule class="com.day.crx.core.CRXLoginModule"> <param name="anonymousId" value="anonymous"/> <param name="adminId" value="admin"/> <param name="disableNTLMAuth" value="true"/> <param name="tokenExpiration" value="43200000"/> <!-- param name="trust_credentials_attribute" value="d5b9167e95dad6e7d3b5d6fa8df48af8"/ --> </LoginModule> </Security> <!-- location of workspaces root directory and name of default workspace --> <Workspaces rootPath="${rep.home}/workspaces" defaultWorkspace="crx.default" maxIdleTime="5"/> <!-- workspace configuration template: used to create the initial workspace if there's no workspace yet --> <Workspace name="${wsp.name}" simpleLocking="true"> <!-- virtual file system of the workspace: class: FQN of class implementing FileSystem interface --> <FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem"> <param name="path" value="${wsp.home}"/> </FileSystem> <!-- persistence manager of the workspace: class: FQN of class implementing PersistenceManager interface --> <PersistenceManager class="com.day.crx.persistence.tar.TarPersistenceManager"/> <!-- Search index and the file system it uses. --> <SearchIndex class="com.day.crx.query.lucene.LuceneHandler"> <param name="path" value="${wsp.home}/index"/> <param name="resultFetchSize" value="50"/> </SearchIndex> <!-- Workspace security configuration --> <WorkspaceSecurity> <AccessControlProvider class="org.apache.jackrabbit.core.security.authorization.acl.ACLProvider"> <param name="omit-default-permission" value="true"/> </AccessControlProvider> </WorkspaceSecurity> <!-- XML Import configuration of the workspace --> <Import> <ProtectedItemImporter class="org.apache.jackrabbit.core.xml.AccessControlImporter"/> <ProtectedItemImporter class="org.apache.jackrabbit.core.security.user.UserImporter"> <param name="importBehavior" value="besteffort"/> </ProtectedItemImporter> </Import> </Workspace> <!-- Configures the versioning --> <Versioning rootPath="${rep.home}/version"> <!-- Configures the filesystem to use for versioning of the respective persistence manager --> <FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem"> <param name="path" value="${rep.home}/version"/> </FileSystem> <!-- Configures the persistence manager to use for the versioning. Please note, that the current versioning implementation is based on a 'normal' persistence manager, but this could change in future implementations. --> <PersistenceManager class="com.day.crx.persistence.tar.TarPersistenceManager"/> </Versioning> <!-- Enable searching the /jcr:system subtree --> <SearchIndex class="com.day.crx.query.lucene.LuceneHandler"> <param name="path" value="${rep.home}/repository/index"/> </SearchIndex> <!-- Cluster configuration. --> <Cluster> <Journal class="com.day.crx.persistence.tar.TarJournal"/> </Cluster> <!-- Configures extension modules --> <Modules> <!-- Sample configuration of an EventLoggerModule requiring configuration <Module class="com.day.crx.eventlogger.EventLoggerModule"> <param name="workspaces" value="crx.default"/> <param name="logWorkspace" value="crx.logger"/> <param name="logPath" value="/logger"/> </Module> --> </Modules></Repository>
3. Updated F:\installed\cq5\author\crx-quickstart\bin\quickstart.bat with:
@echo off :: This script configures the start information for this server. :: :: The following variables may be used to override the defaults. :: For one-time overrides the variable can be set as part of the command-line; e.g., :: :: SET CQ_PORT=1234 & ./start.bat :: setlocal ::* TCP port used for stop and status scripts set CQ_PORT=4502 ::* http host name :: set CQ_HOST= ::* interface that this server should listen to :: set CQ_INTERFACE=eth0 ::* show gui set CQ_GUI=true ::* do not show browser on startup set CQ_NOBROWSER=true ::* do not redirect stdout/stderr (logs to console) set CQ_VERBOSE=true ::* do not fork the JVM :: set CQ_NOFORK=true ::* force forking the VM using recommended default memory settings :: set CQ_FORK=true ::* additional arguments for the forked JVM :: set CQ_FORKARGS= ::* runmode(s) set CQ_RUNMODE=author,dev ::* defines the path under which the quickstart work folder is located :: set CQ_BASEFOLDER= ::* low memory action :: set CQ_LOWMEMACTION= ::* name of the jarfile :: set CQ_JARFILE= ::* use jaas.config :: set CQ_USE_JAAS=true ::* config for jaas set CQ_JAAS_CONFIG=F:/installed/cq5/author/crx-quickstart/conf/ldap_login.conf ::* default JVM options set CQ_JVM_OPTS=-Djava.security.auth.login.config=F:/installed/cq5/author/crx-quickstart/conf/ldap_login.conf -Xms1024m -Xmx1024m -XX:PermSize=256M -XX:MaxPermSize=256M -XX:+UseConcMarkSweepGC -XX:NewRatio=1 -XX:CMSInitiatingOccupancyFraction=85 -XX:ParallelGCThreads=4 -XX:GCTimeRatio=3 -XX:+UseParNewGC -XX:-UseGCOverheadLimit -XX:SurvivorRatio=6 -Xloggc:F:/installed/cq5/author/crx-quickstart/gc.log -verbose:gc -XX:+PrintGCTimeStamps -XX:+HeapDumpOnOutOfMemoryError -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=9998 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djava.awt.headless=true ::* ------------------------------------------------------------------------------ ::* do not configure below this point ::* ------------------------------------------------------------------------------ chdir /D %~dp0 cd ..\.. set START_OPTS=-use-control-port if defined CQ_PORT set START_OPTS=%START_OPTS% -p %CQ_PORT% if defined CQ_INTERFACE set START_OPTS=%START_OPTS% -a %CQ_INTERFACE% if defined CQ_GUI set START_OPTS=%START_OPTS% -gui if defined CQ_NOBROWSER set START_OPTS=%START_OPTS% -nobrowser if defined CQ_VERBOSE set START_OPTS=%START_OPTS% -verbose if defined CQ_NOFORK set START_OPTS=%START_OPTS% -nofork if defined CQ_FORK set START_OPTS=%START_OPTS% -fork if defined CQ_FORKARGS set START_OPTS=%START_OPTS% -forkargs %CQ_FORKARGS% if defined CQ_RUNMODE set START_OPTS=%START_OPTS% -r %CQ_RUNMODE% if defined CQ_BASEFOLDER set START_OPTS=%START_OPTS% -b %CQ_BASEFOLDER% if defined CQ_LOWMEMACTION set START_OPTS=%START_OPTS% -low-mem-action %CQ_LOWMEMACTION% if defined CQ_HOST set START_OPTS=%START_OPTS% -Dorg.apache.felix.http.host=%CQ_HOST% if defined CQ_USE_JAAS set START_OPTS=%START_OPTS% -Djava.security.auth.login.config=%CQ_JAAS_CONFIG% if not defined CQ_JARFILE for %%X in (*.jar) do set CQ_JARFILE=%%X tasklist > oldTaskList.txt start "CQ" cmd.exe /K java %CQ_JVM_OPTS% -jar %CQ_JARFILE% %START_OPTS% tasklist > newTaskList.txt java -cp %~dp0 GetProcessID oldTaskList.txt newTaskList.txt java.exe > crx-quickstart\conf\cq.pid del newTaskList.txt del oldTaskList.txt
4. Started CQ5 by double-clicking F:\installed\cq5\author\crx-quickstart\bin\quickstart.bat
Issue: I am not able to see the domain "com.adobe.granite.ldap" in http://localhost:4502/system/console/jmx
I am not sure what have I done wrong. Please let me know how can I synchronize all the users from LDAP into CRX.
Thanks in advance,
Anurag