Have you configured [basic authentication](https://gluu.org/docs/ce/authn-guide/basic/)? I think what you are not clear on is the fact that yes, your users are in Gluu but their passwords are still stored in the backend ldap. That's why you still need to configure authentication and presumably why your users are unable to login.

What is the point of cache refresh if I can't authenticate with the local ldap. I want to have multiple cache refresh operations with multiple LDAP servers and set one authentication for my new unified LDAP dataset. Is that possible?

Hi, Matt. For each user it's expected to serve, Gluu requires a local user entry to exist in its own internal LDAP server. This entry keeps cached user attributes (sometimes gathered from several sources and pre-processed in some way) in one place. It's still true even in cases when actual authentication will happen via some other means (LDAP bind to some backend LDAP server, custom auth script etc). Cache Refresh is intended to be used with LDAP authentication against an existing LDAP backend server. It automates import and modification of its user entries into Gluu's LDAP server. As authentication still will happen against the backend server, no password is usually needed to be stored in Gluu in such scenario.

Passwords are encrypted in your backed directory and can't be pulled into Gluu's local ldap. If you want to store passwords in the gluu server, you will need to prompt users to reset their password upon login against the gluu server.