- Andrew Kos
- Bill Burlein
- Bryan Williams
- Christian Vozar
- Jeff Brown
- John Kraus
- Joseph Mak
- Josh Durbin
- Mark Daugherty
- Matt Van Bergen
- Melissa Geoffrion
- Michael Kang
- Michael Chan
- Michael Hodgdon
- Mike Motherway
- Molly McDaniel
- Nadia Maciulis
- Pat McLoughlin
- Paul Michelotti
- Puru Hemnani
- Rohit Srinath
- Ryan Lunka
- Tom Kelly
Adobe CQ5.5 and LDAP
Saturday, March 31, 2012
Adobe CQ 5.5 provides significant advancements for systems administrators including JMX support. One area of confusion for administrators is directory structure changes involved with CQ 5.5, specifically LDAP support. The information in this blog references the official Day/Adobe LDAP documentation.
The good news is very little has changed with LDAP integration in CQ. It is still a JAAS configuration that is referenced by the JVM with command line arguments. What can be confusing Adobe CQ users is the documentation is still somewhat outdated and references directories that under a fresh CQ5.5 install will not appear. We at CITYTECH thought we'd clear the air a bit on this and explain how LDAP support works in 5.4 and 5.5.
The first thing to know about CQ is that it is not responsible for interfacing to your LDAP, CRX which is the content application platform CQ runs on is responsible. Therefore, JAAS is responsible for LDAP authentication. Your first step in LDAP integration is to create a JAAS configuration. In Adobe CQ 5.4 customers were provided a file sample_ldap_login.conf under the crx-quickstart\server\etc directory. In Adobe CQ5.5 this file no longer comes out of the box. Wonderfully, the configuration file still works just fine in Adobe CQ 5.5.
In Adobe CQ 5.5 the directory crx-quickstart\server\etc does not exist. Where you place the file is really not important, what is important is how you reference it with the JVM. You will notice in CQ 5.5 the file quickstart (quickstart.bat for Windows users) references /etc/jaas.config. If you are a current CQ 5.4 user and already have ldap_login.conf setup you simply need to reference that file in the quickstart startup script. For purposes of housekeeping you might move it into a new directory /etc as the file jaas.config. If you are a new user for CQ 5.5 simply create a directory under crx-quickstart /etc the file as jaas.config. Example: /adobe-cq5.5/crx-quickstart/etc/jaas.config
Unfortunately, the quickstart script has a bug. If you uncomment CQ_USE_JAAS the script will put the command line option after the -jar option which will not parse correctly on the latest version of the Oracle Java JVM 6.0_30. You can rearrange the options in the quickstart script or simply place the option in the CQ_JVM_OPTS variable in script.
Example: CQ_JVM_OPTS='-server -Xmx1024m -XX:MaxPermSize=256M -Djava.security.auth.login.config=/adobe-cq5.5/crx-quickstart/etc/jaas.config'
We hope this clarifies LDAP with Adobe CQ5.5. If you have questions we'd love to hear from you.
- Descriptive JMX Beans in AEM/CQ
- Invisible requirements within Business requirements
- Building a better Options Predicate
- Extensionless URLs with Adobe Experience Manager
- The Life of a Tester in Adobe CQ World!
- Limitations of the CQ Parsys Model and the Implementation of a Nested Paragraph System
- Using Apache FOP to generate a PDF document based on a form submission data
- Configuring SAML in AEM 5.6