>> Fail stage 1 : cache refresh >> The configuration is not saved. The symptom is quite simple: we enter the configuration, go to another menu, come back to cache refresh configuration and... it's gone! We just heard exactly same thing and resolved that over a screen sharing call. It turned out that, he didn't complete the configuration. You need to fill up all fields there in Cache Refresh configuration. We have made some changes in Cache Refresh doc. Let's take a look at [that](http://www.gluu.org/docs/admin-guide/configuration/#cache-refresh). >> Fail stage 2: >> Synchronization being ineffective, we simulate it by adding a new user in OpenDJ, to mirror our administrator user in AD. We’ll use the mail to link the two entries. Have you changed anything in 'Manage Authentication' section?

Hi #Cache Refresh: I keep getting this DEBUG Message in oxtrust_cache_refresh.log: 2015-10-01 00:08:31,544 DEBUG [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-5-thread-10) Allowing to run new process exclusively 2015-10-01 00:09:31,544 DEBUG [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-5-thread-4) Starting conditions aren't reached 2015-10-01 00:09:31,544 DEBUG [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-5-thread-4) Allowing to run new process exclusively 2015-10-01 00:10:31,544 DEBUG [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-5-thread-8) Starting conditions aren't reached 2015-10-01 00:10:31,544 DEBUG [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-5-thread-8) Allowing to run new process exclusively 2015-10-01 00:11:31,544 DEBUG [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-5-thread-6) Starting conditions aren't reached 2015-10-01 00:11:31,544 DEBUG [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-5-thread-6) Allowing to run new process exclusively Here is my oxTrustCacheRefresh.properties: # Define LDAP server configurations server.source.configs=wisconsin server.inum.config=gluu_ldap server.target.config= cache.config.sizelimit=0 # Define configuration for source LDAP server #1 ldap.conf.wisconsin.bindDN=cn=Administrateur\,cn=Users\,dc=insead\,dc=sorbonne ldap.conf.wisconsin.bindPassword=5nz4TtA2L/XrFjzfoPt4XA== ldap.conf.wisconsin.servers=wisconsin.insead.sorbonne:636 ldap.conf.wisconsin.maxconnections=3 ldap.conf.wisconsin.useSSL=true ldap.conf.wisconsin.baseDNs=cn=Users\,dc=insead\,dc=sorbonne ldap.conf.wisconsin.useAnonymousBind=false # Define configuration for InumDB server ldap.conf.gluu_ldap.bindDN=cn=Directory manager ldap.conf.gluu_ldap.bindPassword=5nz4TtA2L/XrFjzfoPt4XA== ldap.conf.gluu_ldap.servers=alaska.aduneo.com:1636 ldap.conf.gluu_ldap.maxconnections=2 ldap.conf.gluu_ldap.useSSL=true ldap.conf.gluu_ldap.baseDNs=ou=people\,o=site # Define compound key ldap.conf.source.compoundKey.attr=mail ldap.conf.source.compoundKey.objectClasses=User # Define source attributes which application synchronize ldap.conf.source.attrs=mail, sAMAccountName, cn # Define custom filter ldap.conf.source.custom.filter= # Use VDS or direct copy update method. Allowed values are 'vds', 'copy' target.server.update.method=copy # Keep non cache refresh users. Allowed values are 'true', 'false' target.keep.external.person=true # Use unlimited search or not. Allowed values are 'true', 'false' source.load.use.search.limit=false # Define mapping from source attribute names to destination attribute names. It's needed for target.server.update.method=copy only ldap.conf.target.attr.mapping.uid=samaccountname ldap.conf.target.attr.mapping.mail=mail ldap.conf.target.attr.mapping.cn=cn # Snapshot configuration snapshot.folder=/tmp/sync snapshot.max.count=5 the good news is that cache Refresh configuration does not disappear, but i got noting in /tmp/sync #Have you changed anything in 'Manage Authentication' section? Yes i changed it to authenticate to Gluu using Active Directory users

Couple of points to share: 1. Have you enabled 'Cache Refresh'? There is an 'enable' button in System Configuration ( doc: http://www.gluu.org/docs/admin-guide/configuration/#system-configuration ) 2. >> ldap.conf.gluu_ldap.servers=alaska.aduneo.com:1636 Use: localhost:1636. Check out the 'Inum LDAP Server' section of CR [doc](http://www.gluu.org/docs/admin-guide/configuration/#cache-refresh). There are example there, which mostly you can use for your case directly.

Cache refresh is enabled in system configuration. I changed the inumLdap name to InumDB, and now i get this in oxtrust_cache_refresh.log: 2015-10-02 08:25:31,839 DEBUG [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-5-thread-3) Allowing to run new process exclusively 2015-10-02 08:26:31,605 INFO [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-5-thread-8) Attempting to load entries from source server 2015-10-02 08:26:31,617 INFO [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-5-thread-8) Found '2' entries in source server 2015-10-02 08:26:31,617 INFO [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-5-thread-8) Found '2' unique entries in source server 2015-10-02 08:26:31,816 ERROR [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-5-thread-8) Exception happened while executing cache refresh synchronization java.lang.NullPointerException at java.io.File.<init>(File.java:277) at org.xdi.service.ObjectSerializationService.loadObject(ObjectSerializationService.java:74) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.jboss.seam.util.Reflections.invoke(Reflections.java:22) at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56) at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107) at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:196) at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:114) at org.xdi.service.ObjectSerializationService_$$_javassist_seam_44.loadObject(ObjectSerializationService_$$_javassist_seam_44.java) at org.gluu.oxtrust.ldap.cache.service.CacheRefreshTimer.detectChangedEntries(CacheRefreshTimer.java:307) at org.gluu.oxtrust.ldap.cache.service.CacheRefreshTimer.processImpl(CacheRefreshTimer.java:256) at org.gluu.oxtrust.ldap.cache.service.CacheRefreshTimer.process(CacheRefreshTimer.java:172) at sun.reflect.GeneratedMethodAccessor323.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.jboss.seam.util.Reflections.invoke(Reflections.java:22) at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56) at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:79) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) at org.jboss.seam.async.AsynchronousInterceptor.aroundInvoke(AsynchronousInterceptor.java:52) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107) at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:196) at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:114) at org.gluu.oxtrust.ldap.cache.service.CacheRefreshTimer_$$_javassist_seam_35.process(CacheRefreshTimer_$$_javassist_seam_35.java) at sun.reflect.GeneratedMethodAccessor322.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.jboss.seam.util.Reflections.invoke(Reflections.java:22) at org.jboss.seam.util.Reflections.invokeAndWrap(Reflections.java:144) at org.jboss.seam.Component.callComponentMethod(Component.java:2313) at org.jboss.seam.core.Events.raiseEvent(Events.java:85) at org.jboss.seam.async.AsynchronousEvent$1.process(AsynchronousEvent.java:33) at org.jboss.seam.async.Asynchronous$ContextualAsynchronousRequest.run(Asynchronous.java:80) at org.jboss.seam.async.AsynchronousEvent.execute(AsynchronousEvent.java:27) at org.jboss.seam.async.ThreadPoolDispatcher$RunnableAsynchronous.run(ThreadPoolDispatcher.java:142) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) 2015-10-02 08:26:31,817 DEBUG [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-5-thread-8) Allowing to run new process exclusively

Are you getting anything in /tmp/sync directory? Also what's the ownership of this 'sync' directory?

/tmp/sync is empty. I tried "tomcat" and "ldap" as owners of this folder. In both cases i get the same error

'tomcat:tomcat' should be it's ownership. Please go ahead with a tomcat restart, see if anything changes or not.

Done, and now i see these messages again: 2015-10-02 09:39:04,133 DEBUG [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-5-thread-2) Starting conditions aren't reached 2015-10-02 09:39:04,133 DEBUG [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-5-thread-2) Allowing to run new process exclusively 2015-10-02 09:40:04,118 DEBUG [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-5-thread-3) Starting conditions aren't reached 2015-10-02 09:40:04,118 DEBUG [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-5-thread-3) Allowing to run new process exclusively And /tmp/sync is empty

Let's wait for 1 hour and see if there is any changes in log or not.

i got something ! AD users are copied to gluu LDAP. But i was expecting users to be copied in ou=people,o=sites (ldap.conf.InumDB.baseDNs=ou=people\,o=site) but instead they are copied in ou=people,ou=gluu. And i keep getting "Starting conditions aren't reached" Messages in log files every minute: 2015-10-02 13:57:11,006 DEBUG [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-5-thread-2) Starting conditions aren't reached 2015-10-02 13:57:11,006 DEBUG [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-5-thread-2) Allowing to run new process exclusively 2015-10-02 13:58:11,007 DEBUG [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-5-thread-5) Starting conditions aren't reached 2015-10-02 13:58:11,007 DEBUG [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-5-thread-5) Allowing to run new process exclusively Is thist normal?

Yes, it is normal.