By: Aman Khanna user 25 Jun 2018 at 2:03 p.m. CDT

2 Responses

Is it possible to connect to an existing Active Directory server without duplicating the user information within the Gluu server? In such a scenario, the Gluu server instance will connect each time to the AD instance to pull the data. I understand that this may be less efficient that cache refresh but can live with that.

Ubuntu 18.04

closed

By Michael Schwartz Account Admin 25 Jun 2018 at 2:35 p.m. CDT

Copy

1. You need at least one attribute for correlation. 2. In general, attributes are returned from LDAP. You could use dynamic OpenID scopes to dynamically query LDAP, but there is a performance hit (i.e. grabbing attributes from the local LDAP and returning them is fastest)

By Aman Khanna user 25 Jun 2018 at 2:53 p.m. CDT

Copy

Thank you for the quick response. This helps and we may be able to live with a performance hit depending on how severe it is. We would like to start a small PoC for this. Are there any parts of the documentation / sample code that addresses such usage scenarios (dynamic querying of AD) specifically? If so, some pointers would be helpful.

You need to Login in order to post an answer

Connecting to AD without user information duplication

By: Aman Khanna user 25 Jun 2018 at 2:03 p.m. CDT

Answers

By Michael Schwartz Account Admin 25 Jun 2018 at 2:35 p.m. CDT

By Aman Khanna user 25 Jun 2018 at 2:53 p.m. CDT

Post an answer