We have an external directory which Gluu uses cache refresh to pull in details for (mail, uid, sn, cn, displayname etc...). At the moment, we need to use the UID as the username in order to log into Gluu, is it possible to instead use the mail attribute as the username? If we change our directory so the UID is the mail attribute, the Inum on Gluu's side changes on each update of the mail address causing some problems on other services being brought under Gluu identity management. My understanding is that because this is actually being recognised as a removal/addition rather than an update to an existing record by Gluu as we're changing the UID key (which makes perfect sense as Gluu would depend on that UID to be consistent on each cache refresh to determine what is what and we're changing it on email updates). So I started looking at the "Manage Authentication" area on Gluu and I thought that it would be that if I change the "**Local** primary key" from UID to mail ("Primary key" was left as UID) but this didn't appear to work when I tried (no account could log in via mail or UID after this change so I reverted it). My thinking here was that this would change the behaviour so Gluu would use "mail" as the primary key to lookup the person record in Gluu (which would contain the UID), then the UID would be used to authenticate against our external directory. [https://www.gluu.org/docs/oxtrust/configuration/#manage-authentication](https://www.gluu.org/docs/oxtrust/configuration/#manage-authentication) Some configuration info in case it helps (this config is currently where we log in with UID as username): ``` In the main cache refresh options we map like to like on the attributes:- - uid -> uid - mail -> mail - sn -> sn etc... ``` ``` In cache refresh> customer backend key/attributes - Key attribute: uid ``` ``` In Manage authentication - Primary key: uid - Local primary key: uid ``` Any help/advice would be appreciated on how we may be able to change the Gluu username from a UID to a mail login. Thanks