I am reposting your question with better mkdocs format: ---------------------------------------------------------------------------------------------------- We have an LDAP data structure example; ``` uid=123456789,ou=people,o=testdomain objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: top personalTitle: Mrs uid: 123456789 userpassword: password initials: C givenName: melissa cn: Tolley Melissa MiddleNames: kate sn: Tolley displayName: Tolley Melissa ``` ``` dn: uniqueIdentifier=965472838045,uid=123456789,ou=People,o=testdomanin objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: UKOrgPerson objectClass: top uid: 123456789 UKOrgCloseDate: 20120111 Country: England initials: K givenName: Melissa cn: Tolley Melissa uniqueIdentifier: 165472838045 sn: Tolley MiddleNames: Kate UKIDCode: hg41sd o: Yorkshire displayName: Tolley Melissa ``` ``` dn: uniqueIdentifier=777777777,uniqueIdentifier=965472838045,uid=123456789,ou=People,o=testdomain objectClass: UKOrgPersonRole objectClass: top JobRole: "Administrator":"Support":"Secretary role" uniqueIdentifier: 777777777 UKOrgCloseDate: 20120111 JobRoleCode: xc123:yc123:yc123 BusinessFunctions: Administrator ``` When I run this through the cache refresh process i get failed results ``` 2019-06-11 20:14:28,854 ERROR [Thread-16473] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:1092) - Non-determini stic primary key. Skipping user with key: CacheCompoundKey [primaryKeyValues=[000009438045], secondaryKeyValues=null, tertiaryKeyValues=null] 2019-06-11 20:14:28,854 INFO [Thread-16473] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:347) - Found '0' uniq ue entries in source server ``` In the Cache Refresh section , I have UID as the key attribute and the objectclass as Top. I require the following attributes: sn , cn , givenname, UKOrgCloseDate , JobRoleCode along with email etc if present. My question is it possible to use this LDAP data structure or do I need to look at a custom script ?? Thanks -----------------------------------------------------------------------------------------------------

>> I have UID as the key attribute and the objectclass as Top Check with some other OC then.. say `person`? Basically, Cache Refresh configuration highly dependent on backend Active directory or LDAP ( from where you are pulling user's information ). It varies from organization to organization.

Yes this is being pulled form and exsisting LDAP service - 1m users

>> Yes this is being pulled form and exsisting LDAP service - 1m users Sorry, not sure I understand. Does that mean... your issue resolved or you just answered some question?

No my question has still not been answered, Is it possible to load a Parent LDAP entry and its corresponding child entries. As per example above. Thanks

>> Is it possible to load a Parent LDAP entry and its corresponding child entries. As per example above. Yes... from above examples.. you need to pull entries from `ou=people,o=testdomain`. i.e. baseDN in Backend Cache Refresh will be `ou=people,o=testdomain`

OK I have tried this on a few occassions now....to me the child entries are not added only the Parent entries. i get the following error: ``` 2019-06-14 13:25:28,129 INFO [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:343) - Found '6' entries in source server`` 2019-06-14 13:25:28,129 ERROR [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:1092) - Non-deterministic primary key. Skipping user with key: CacheCompoundKey [primaryKeyValues=[000], secondaryKeyValues=null, tertiaryKeyValues=null] 2019-06-14 13:25:28,129 ERROR [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:1092) - Non-deterministic primary key. Skipping user with key: CacheCompoundKey [primaryKeyValues=[000000506048], secondaryKeyValues=null, tertiaryKeyValues=null] 2019-06-14 13:25:28,129 ERROR [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:1092) - Non-deterministic primary key. Skipping user with key: CacheCompoundKey [primaryKeyValues=[000000903039], secondaryKeyValues=null, tertiaryKeyValues=null] 2019-06-14 13:25:28,129 INFO [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:347) - Found '0' unique entries in source server 2019-06-14 13:25:28,203 INFO [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:368) - Found '2' entries in inum server 2019-06-14 13:25:28,203 INFO [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:399) - Found '0' changed entries 2019-06-14 13:25:28,263 INFO [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:418) - Updated '0' entries 2019-06-14 13:25:28,264 INFO [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:420) - Failed to update '0' entries 2019-06-14 13:25:28,264 INFO [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:463) - Removed '0' persons from target server 2019-06-14 13:25:28,265 INFO [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:480) - There are '2' entries before updating inum list 2019-06-14 13:25:28,265 INFO [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:484) - There are '2' entries after removal '0' entries 2019-06-14 13:25:28,265 INFO [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:488) - There are '2' entries after adding '0' entries ``` So to be clear this is trying to add the Parent entry then the child entry.

Can you please share all your Cache Refresh config screenshots? Wanna see what's there in config.

FYI

Thanks. Will check it!

Seems like your `Server:Port` information is not correct.... Attaching two screenshots: - Under `Cache Refresh` tab: This is the "IP_address" only of your Gluu Server VM. - Under `Source Backend LDAP Servers` tab: This should be "IP_address:Port" of your Backend LDAP / AD server.

Cache Refresh = 10636 Gluu LDAP Souce Backend LDAP = 10389 To me the issue is that cache refresh process does'nt seem to be able to add a Parent entry and its corresponding child entries. As the example data above.

Server and Ports are definitely wrong ( until and unless you modified something ).

I do have my Local backend LDAp server sitting inside my Gluu VM so they both say localhost ....but I have one listening on 10636 (gluu ) and my Local Backend LDAP on 10389.

>> I do have my Local backend LDAp server sitting inside my Gluu VM so they both say localhost Don't do it. >> but I have one listening on 10636 (gluu ) and my Local Backend LDAP on 10389. Don't do it as well. - Prepare your ldap server in machine. Give it a hostname. - Keep your Gluu server running in default mode for now. - Keep your backend ldap server ( which is remote ldap ) in 1636 ( LDAPS ) or 1389 ( LDAP ). - Re-check Cache refresh doc and video. - Re-establish cache refresh. You shouldn't have any issue.

OK this is only for a proof of concept but appreciate your points. However my question still remains. Can you add a Parent LDAP entry and all its child entries under it. Example o=testdomain dn: uid=123456,ou=people,o=testdomain dn: uniqueidentifier=654321,uid=123456,ou=people,o=testdomain I have added a snippet of test data. i appreciate you may not have a schema. Buts its an example of my Local LDAP data whereby I am adding a uid (parent) the its child entries.

>> Can you add a Parent LDAP entry and all its child entries under it. Yes, Cache Refresh doesn't care much about parent DN and/or Child DN. Whichever DN you use as `baseDN`, it will pull all entries + child entries of that DN. For example, in your case, I would pull `ou=people,o=testdomain` totally; that means, I will use `ou=people,o=testdomain` as BaseDN. Gluu Server will pull all entries of this DN.

OK will test again with some more sample data. But in my previous response you can see errors in the cache refresh log ^^^^^^ "Non-deterministic primary key. Skipping user with key: CacheCompo" I have attached my example people LDAP structure. If you could take a look please.

I believe it means... some kind of duplication in primary key determination by Cache Refresh. [Here](https://github.com/GluuFederation/oxTrust/blob/master/server/src/main/java/org/gluu/oxtrust/ldap/cache/service/CacheRefreshTimer.java#L1093) is code from Cache Refresh.