Get/Fetch/Read User and Group details from CRX-AEM repository


Using a query debug URL listing out the users and their groups names in a JSON format.

Query Builder Debugger tool link:
--------------------------------------------
http://localhost:4502/libs/cq/search/content/querydebug.html

query in tool:
-----------------
p.hits=selective
p.limit=-1
p.properties=rep:authorizableId rep:externalId
path=/home/users
type=rep:User
p.properties=jcr:path

User List with group name:
----------------------------------
users list in aem:-
http://localhost:4502/bin/querybuilder.json?property=jcr:primaryType&property.value=rep:User

groups list in aem:-
http://localhost:4502/bin/querybuilder.json?property=jcr:primaryType&property.value=rep:Group

Output will be based on params
http://localhost:4502/bin/querybuilder.json?property=jcr:primaryType&property.value=rep:User





Other related links:-
http://experience-aem.blogspot.com/2013/09/cq-users-groups-crx-rmi-sample.html
https://stackoverflow.com/questions/41774616/can-i-retrieve-the-users-list-and-along-with-their-group-names

Note:-
All users in LDAP are not imported into AEM/CRX.

Configuring LDAP with AEM 6.x - Adobe Experience Manager

LDAP integration with AEM (Apache Directory Server)

Steps to Configure LDAP with AEM :

In AEM 6, LDAP comes with a new implementation that requires a different type of configuration than with previous versions.
All LDAP configurations are now available as OSGI configuration. They can be configured via the Web Management console at:
http://hostName:4502/system/console/configMgr

In order to have LDAP working with AEM, you need to create three OSGI configurations:
1.  LDAP Identity Provider (IDP).
2. Sync Handler.
3. External Login Module.

Steps:
1. Go to http://hostName:4502/system/console/configMgr
2. Search for "Apache Jackrabbit Oak LDAP Identity Provider"
3. Click on "+" (plus) symbol for the creating new configuration for "Apache Jackrabbit Oak LDAP Identity Provider"
4. Enter the below values in configuration and click on save.
provider.name="ldap"
host.name="dsxdev.companyName.com"
host.port=I"389"
host.ssl=B"false"
host.tls=B"false"
host.noCertCheck=B"false"
bind.dn="uid=wemusr.gen,OU=Generics,O=cco.companyName.com"
bind.password="wem4Dev"
searchTimeout="60s"
user.baseDN="O=cco.companyName.com"
user.objectclass=["ccoPerson"]
user.idAttribute="uid"
user.extraFilter="(objectClass=ccoPerson)"
user.makeDnPath=B"false"
group.baseDN="CN=wemusers-dev,OU=Mailer,OU=Groups,O=cco.companyName.com"
group.objectclass=["groupOfUniqueNames"]
group.nameAttribute="cn"
group.extraFilter="CN=wemusers-dev,OU=Mailer,OU=Groups,O=cco.companyName.com"
group.makeDnPath=B"false"
group.memberAttribute="memberOf"
org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider

5. An OSGI node created with name like : org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider-b9c9258a-81b1-4413-8fea-1589cbe0fc35.config  at path : /apps/system/config/

6. Search for "Apache Jackrabbit Oak Default Sync Handler"

7. Click on "+" (plus) symbol for the creating new configuration for " Apache Jackrabbit Oak Default Sync Handler"

8. Enter the below values in configuration and click on save.
NOTE:  handler.name can be changed based on the Environment. Eg: for Production name can be given as : prodldapsynchandler
------------------------------------------------------------
handler.name="idevldapsynchandler"
user.expirationTime="1h"
user.autoMembership=["companyGrpall"]
user.propertyMapping=["rep:e-mail=mail","cq:last-name=sn","cq:first-name=givenName"]
user.pathPrefix=""
user.membershipExpTime="1h"
user.membershipNestingDepth=I"0"
group.expirationTime="1d"
group.autoMembership=[""]
group.propertyMapping=["rep:fullname=cn",""]
group.pathPrefix=""

9. An OSGI node created with name like : org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncHandler-b9c9258a-81b1-4413-8fea-1589cbe0fc35.config  at path : /apps/system/config/

10. Search for "Apache Jackrabbit Oak External Login Module"

11. Click on "+" (plus) symbol for the creating new configuration for "Apache Jackrabbit Oak External Login Module"

12. Enter the below values in configuration and click on save.
NOTE: sync.handlerName is the name of Apache Jackrabbit Oak Default Sync Handler as given above at STEP : 8
jaas.ranking=I"400"
jaas.controlFlag="REQUIRED"
jaas.realmName=""
idp.name="ldap"
sync.handlerName="idevldapsynchandler"

13.An OSGI node created with name like : org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModuleFactory-ffe61481-2dad-4864-b58a-c2ade426345c.config  at path : /apps/system/config/

AEM – Hot Fixes & Service Packs(SP)


AEM Basics - Use Commands while working with CQ5 / AEM

To Start AEM In Author Instance:
--------------------------------------------
java -Xmx1024m -jar cq-author-4502.jar

To Start AEM In Publish Instance:
--------------------------------------------
java -Xmx1024m -jar cq-publish-4502.jar

Note:  Xms means  Minimum allocation of the RAM for the AEM service

Maven Commands Used to Deploy Projects On AEM:
             mvn clean install -PautoInstallPackage -Daem.host=localhost -Daem.port=portNumber -Dvault.password=admin
             mvn clean install -PautoInstallBundle -Daem.host=localhost -Daem.port=portNumber -Dvault.password=admin

Note: Port number is depending on what port you are running AEM instance.

Start AEM In Debug Mode:
-----------------------------------
java -Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=portNumber
-XX:+HeapDumpOnOutOfMemoryError -XX:MaxPermSize=512M -Xmx1024m -jar cq-author-p4502.jar -p 4502 -verbose -nofork

- OR -

Add below line in start.bat file.

set CQ_JVM_OPTS=-server -debug -XX:MaxPermSize=256M -Xnoagent -Xmx1024M -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y, suspend=n,address=portNumber

Note: Port number is on which debug instance runs.

Maven Commands:
------------------------
maven [options] [goal [goal2 [goal3] ...]]

Options:
----------
 -D,--define arg       Define a system property
 -E,--emacs             Produce logging information without adornments
 -P,--plugin-help     Display help on using a given plugin
 -X,--debug            Produce execution debug output
 -b,--nobanner        Suppress logo banner
 -d,--dir arg            Set effective working directory (ignored with -p or -f)
 -e,--exception       Produce exception stack traces
 -f,--find arg          Set project file and effective working directory by finding
                              the project file
 -g,--goals             Display available goals
 -h,--help              Display help information
 -i,--info               Display system information
 -o,--offline          Build is happening offline
 -p,--pom arg       Set project file
 -q,--quiet            Reduce execution output
 -u,--usage           Display help on using the current project
 -v,--version        Display version information

-P, -g, -h, -i, -u and -v cause Maven to exit immediately without running any goals given