By: Benjamin Smith user 25 Dec 2019 at 10:03 a.m. CST

2 Responses
Benjamin Smith gravatar
First of all, please forgive me for how basic this question is. I'm testing out gluu server as a solution for centralized authentication for my nonprofit org's various apps. I have gluu 4.0 installed and running on Debian 9, and it's running as expected on an Amazon EC2 instance. At the moment for testing I have all ports open for the instance. I also carefully followed the installation procedure outlined in the gluu documentation, and was able to get it up and running without any errors (kudos!). I logged into the frontend and created a new user, and logged in with the test user to verify it works. Because my experience is authenticating via an LDAP server, that's what I set out to do; however, it has become clear to me that that isn't really how the gluu server is intended to be used. My question then is, is it possible to use "Basic authentication" (that is, a simple LDAP bind authentication) for external apps, or is this not how gluu is intended to be used? For example, I can extrapolate that the LDAP basedn being ou=people,o=gluu and a binddn using cn=directory manager, but whereas the LDAPS port is not opened up during configuration, it seems that this is not really intended usage. I've poured over the documentation and it doesn't seem this use scenario was envisioned. Am I correct, or am I missing something? Thanks so much. And thanks for supporting open source.

By Aliaksandr Samuseu staff 25 Dec 2019 at 10:15 a.m. CST

Aliaksandr Samuseu gravatar
Hi, Benjamin. That depends on what do you mean by "Basic LDAP authentication for external apps". You can use LDAP bind against some external LDAP server as authentication method for Gluu Server itself, but it seems like you are talking about opening Gluu Server's own LDAP server for external apps to use for authetication. Gluu Server wasn't really designed for the latter, it's mostly used with apps that rely on web browser and HTTP protocol to handle authentication, and everything built upon this (protocols like SAML and OIDC). You could make its internal LDAP server to listen on external ports, but that would just mean 95% of Gluu's capabilities are not used, if this will be its main purpose.

By Benjamin Smith user 25 Dec 2019 at 12:33 p.m. CST

Benjamin Smith gravatar
Thanks so much for the clarification. Indeed, I don't need to make use of all of gluu's functionality immediately, and eventually hope to have a more experienced IT person working for us who can make better use of it in the future. Thanks again.