Configuring LDAP with AEM 6

Configuring LDAP with AEM 6

LDAP (Lightweight Directory Access Protocol) is used for accessing centralized information directories. LDAP is based on the standards contained within the X.500 standard and supports TCP/IP, which is necessary for any type of Internet access. LDAP helps reduce the effort required to manage user accounts as they can be accessed by multiple applications.

User accounts can be synchronized between the LDAP server and AEM with LDAP account details being saved in the AEM configurations. It allows the accounts created in the LDAP to be assigned to AEM groups for providing the correct permissions and privileges to the groups OR individual users.

AEM uses LDAP authentication to authenticate such users, with credentials being passed to the LDAP server for validation, which is required before allowing access to AEM repository. For gaining in performance, validated credentials are cached by AEM; with a defined timeout.

When an account is removed from the LDAP server validation is no longer granted and so access to CRX is denied. Details of LDAP accounts that are saved in CRX can also be purged from CRX. One example of LDAP is Active Directory.

In AEM 6 the configuration changes has been different.

Till CQ 5.6.1 we used to make the changes at the repository.xml and used to create a configuration file as sample_ldap_login.conf for all the configuration.

But with AEM 6 there is a change in that and now changes has to be made in the following three configuration at the OSGI felix console configurations:

  • Ldap Identity Provider
  • DefaultSyncHandler
  • External Login Module

Steps to configure LDAP:

  • Go to http://<Server>:<Port>/system/console/configMgr
  • Search for Ldap Identity Provider and make the changes as given in below screenShot.(Few Values can be different depending on your LDAP configs)


  • Search for Default Sync Handler, Select the add button and make the changes as shown in below screenshots:


  • Search for External Login Module, Select the add button and make the changes as shown in below screenshots:


Make the changes as described in above steps and then try to login into AEM through the credentials of some LDAP user. And test your changes.