AD integration

By: Stephen Dubay user 07 Dec 2015 at 4:22 p.m. CST

7 Responses
Stephen Dubay gravatar
We have a Windows AD environment. Looking to use Gluu to set up for SSO with Office 365, Lynda.com, Workday, and Blackboard. Can you provide the appropriate docs/info to get the AD integration going. I am not seeing what I would expect. I see the ldap config. Is there only one LDAP config at a time and if so I guess the AD info goes here? Thanks Stephen
None
closed

Answers

By William Lowe user 07 Dec 2015 at 4:27 p.m. CST

Copy
William Lowe gravatar
Hey Stephen, we use a process called Cache Refresh (CR) to perform the sync between a backend AD server and the local Gluu Server LDAP. You can find docs for CR [here](http://www.gluu.org/docs/admin-guide/cache-refresh/). Let us know if you need additional assistance.

By Michael Schwartz Account Admin 07 Dec 2015 at 4:52 p.m. CST

Copy
Michael Schwartz gravatar
I would just add that once you have sync'd your Gluu Server with AD, that you'd use SAML to connect to these SaaS services. Office 365 is not so straight forward, as the documentation for using an existing SAML server is almost non-existant. You can use ADFS as a proxy. We are also working with a system integrator who is coming up with a recipe to configure the Gluu Server SAML IDP (Shibboleth) with O365 directly by populating some special user attributes. We can make a referral if you have some budget for professional services.

By Stephen Dubay user 07 Dec 2015 at 6:56 p.m. CST

Copy
Stephen Dubay gravatar
Regarding attribute selection. There is little info regarding what tributes are required if any. IS there a sample config available? I am looking for the simplest config possible at this point as we start to figure things out. For source attribute mapping. I see that one is required. WHat is recommended? Right now I am getting Can't load Cache Refresh scripts. Using default script

By Michael Schwartz Account Admin 07 Dec 2015 at 7 p.m. CST

Copy
Michael Schwartz gravatar
If you don't know what to map, I'd reccommend uid, sn, givenName, sn, cn, displayName, and memberOf. The important question is: what attributes are needed by the applications with which you want to establish SSO. The best thing is to map the minimum required attributes.

By Thomas Maerz user 08 Feb 2016 at 5:59 p.m. CST

Copy
Thomas Maerz gravatar
I'm having a similar problem trying to get sync set up. I keep getting the same Can't load Cache Refresh scripts. Using default script message when I try to validate settings. /opt/tomcat/logs/oxtrust_cache_refresh.log is showing: http://pastebin.com/p1tSUt1d My configuration is like this: refresh method: copy polling interval: 15 server IP address: 255.255.255.255 (I assume this means allow any server? No mention of it in the docs and you use the Source Backend LDAP servers tab to configure the remote LDAP backend server address) cache refresh: enabled key attribute: SAMAccountname object class: organizationalPerson source attribute: givenName, sn, cn, displayname, memberof source backend ldap servers bind dn: ad\gluubind max connections: 1000 server: auth1.company.com:636 server: auth2.company.com:636 base dn: dc=ad,dc=company,dc=com use ssl: yes

By Florin Sfetea user 13 Feb 2019 at 3:58 a.m. CST

Copy
Florin Sfetea gravatar
It looks like the above link does not work anymore https://www.gluu.org/docs/admin-guide/cache-refresh/ Has something changed ?

By Florin Sfetea user 13 Feb 2019 at 4:04 a.m. CST

Copy
Florin Sfetea gravatar
Found it myself [https://gluu.org/docs/ce/3.1.5/user-management/ldap-sync/](https://gluu.org/docs/ce/3.1.5/user-management/ldap-sync/) LDAP Synchronization, a.k.a. Cache Refresh

Post an answer