By: Loreto Puyod user 14 May 2019 at 10:39 p.m. CDT

2 Responses
Loreto Puyod gravatar
My Gluu server "Cache refresh configuration" are working as i have expected. Out of 56000 Ms AD Users , i have to sync 23 users using primary key of "UID" AD Attributes because using "sAMAccountName" dose'nt work. I dont know why ? But any way I like that uid is working. at least i can controll whom to i sync with gluu system. My Problem was if i configure " Manage authentication " .. every thing were lost including the default admin account .. cannot login to https://gluuserver any more . including the 2nd admin users any users ,including new 23 from AD users. What seems to be wrong?

By Aliaksandr Samuseu staff 15 May 2019 at 1:42 p.m. CDT

Aliaksandr Samuseu gravatar
Hi, Loreto. "saMAccountName" is perfectly legit and we've never had an issue reported where it couldn't been used. The only caveat is that you can't use it in multi-domain AD environment as it's only guaranteed to be unique within a domain, and key attribute you choose for CR must be unique globally. For such cases upn or email attributes are better choice. The only case when you can lose locally created accounts (what includes the default admin account, but also user entries auto-enrolled by authentication scripts, and the ones you created manually on "Manage people" page) is if you unset "Keep external persons" property on CR's main page. It is set by default. By changing properties on "Manage authentication" page, you usually configure Gluu to use your AD LDAP server for auth, that's why you can't use local admin anymore. Also, before you fully switch to using it, you first need to go to "Manage groups" page and make sure you add some users imported from AD to "Gluu Manager Group"

By Loreto Puyod user 21 May 2019 at 1:08 a.m. CDT

Loreto Puyod gravatar
I manage to authenticate both local admin and my new MS AD new admin. I still can't use the sAMAccountName Attribute of MS AD. I tried many many times. On both Cache refresh and Manage authentication. It wont work.. tried several times. so i stick to primary key and secondary key to " UID" in MS AD Attrib. I think i like this way or design.At least i controlled who can have a SSO in my Gluu system. You may closed the ticket now.. thanks to great support. Cheers, Loreto