AEM6.1 - Sync Users/Groups on Publishers

AEM6.1 - Sync Users/Groups on Publishers

AEM6.1 comes with OSGi tools/services where we can easily sync users/groups between unclustered publish instances (Figure 1). This feature is especially useful for leveraging AEM communities capabilities.


Figure 1.

I find this feature is useful when

  1. We don't want to store users, which are supposed to reside on publish instances only, on author.
  2. In community site manager, on author instance, we want to be able to set permissions (i.e. moderators or group members) for those users/groups (which reside on publish instances only).
  3. On author instance, we want to assign access or ban users from accessing publish instances.

Information and instances used for this exercise

For the sake of this exercise, I have 1 author instance running on port 4502 (http://localhost:4502) and 2 publish instances running on port 4503 (http://localhost:4503) and 4504 (http://localhost:4504).

On author-4502, I have 2 replication agents (rep4503 and rep4504) and 2 reverse replication agents (revrep4503 and revrep4504). See Figure 2.


Figure 2.

There are two things we need to do

  1. Configure the tunnel.
  2. Configure publish side users/groups sync.

Configure the tunnel

This configuration is done on author-4502 (http://localhost:4502/system/console/configMgr). We'll configure:

  1. AEM Communities Publish Tunnel Service (see Figure 3)

    Figure 3.
  2. Adobe Granite Distribution - Encrypted Password Transport Secret Provider (see Figure 4). The username and password is admin and admin.

    Figure 4.
  3. Apache Sling Distribution Agent - Sync Agents Factory (see Figure 5). I have 2 "Exporter Endpoints" for 2 publish instances and 2 "Importer Endpoints" for 2 publish instances.

    Figure 5.
  4. Apache Sling Distribution Trigger - Scheduled Triggers Factory (see Figure 6). You can change the value of the "Interval in Seconds" to whatever the number of seconds that works for you.

    Figure 6.

Configure publish side users/groups sync

This configuration is done on both publish-4503 (http://localhost:4503/system/console/configMgr) and publish-4504 (http://localhost:4504/system/console/configMgr). We'll configure:

  1. Adobe Granite Distribution - Diff Observer Factory (see Figure 7).

    Figure 7.
  2. Apache Sling Distribution Agent - Queue Agents Factory (see Figure 8).

    Figure 8.

Create a test user named "aem61test"

As you can see in See Figure 9, Figure 10, and Figure 11, we don't have a user named aem61test.


Figure 9.


Figure 10.


Figure 11.

On publish-4503, let's create a test user named: aem61test. See Figure 12 and Figure 13.


Figure 12.


Figure 13.

Now, go to http://localhost:4504/useradmin and search for aem61test, you will see the test user there. See Figure 14.

Figure 14.

If you go to http://localhost:4502/useradmin, search for aem61test, the user will not show up in author-4502.

Create a community site and set Moderator and/or Group Management

  1. http://localhost:4502/communities/sites.html
  2. Create Site
  3. Fill in: Community Site Title, Community Site Description, and Community Site Name.
  4. Choose a Community Site Template from the drop down.
  5. Click "Next".
  6. Select a Community Theme.
  7. Click "Next".
  8. Click "MODERATION" tab.
  9. In the Community Moderators field, type in: aem6. Now you will see that the aem61test, was created on publish-4503 is available on the Community Moderators' search suggest list. If you go back to http://localhost:4502/useradmin and search for aem61test, the user will not be there.
  10. Now, if you go to "GROUP MANAGEMENT" tab, select "Selected Community Members", then search for "aem6" under the "Group Creators", the aem61test will appear on the search suggest list as well.

Credits

Adobe Experience Manager (AEM) 6.1 Communities Technical - Publisher User Management, by Laurie Byrum, Principal Scientist at Adobe Systems

Share this post

0 Comments

comments powered by Disqus