I think I'll go with option one (Cache Refresh), since I won't be able to store the GLUU server config info in one of our local PROD ldap servers.
in this model, when I am using the GLUU Identity Appliance (GUI) on my local install, I would NOT change anything in the "Manage Authentication" screen (have it continue to point to the local GLUU ldap server).
Within the GUI, tho, I would go to the "Configuration Cache Refresh" panels. Using these panels is described here:
https://www.gluu.org/docs/admin-guide/oxtrust-ui/#attributes
and here:
https://www.gluu.org/docs/admin-guide/user-group/#ldap-synchronization
So, I just follow those steps ... am I understanding this correctly ?
thanks !