John, 1) View the Manager Group in oxTrust and add one of your imported AD users to this group. Then you won't need your default admin user anymore. 2) Then change the LDAP authentication to point to your AD server. You can't sync AD passwords because they are in a non-standard format. - Mike

Hi, John. Cache Refresh doesn't copy any passwords from backend into Gluu's internal LDAP directory (actually, in case of AD it isn't possible to achieve with LDAP requests at all; you need to use its APIs for replication, that's the only way, AFAIK). It just aggregates user attributes from several sourse backend LDAP servers, and, optionally, run transform script on this attributes before saving them internally. When authenticating some user who was imported by CR from backend, oxAuth will anyway test its credentials against backend (after making sure that such user exists at all in Gluu's internal LDAP directory) Regards, Alex.

Also, Mike is correct, you most likely haven't set oxAuth to use your backend for authentication from now on.

Ok perfect, I will give these instructions a go. Thank y'all so much for your help! - I'll configure oxAuth to point to Backend for authentication. **_EDITED_** for Assistance on connecting to Active Directory: ** Got to Configuration, Manage Authentication, ** *For those with [ ] - Make sure those are removed when typing in your config. * - Name: [Server name] - Bind DN: username@company.com - Max Connections: 1000 - primarykey: samaccountname - localprimarykey: uid - server: [ServerIP]:636 For SSL or [ServerIP]:389 for non SSL - basedn: dc=company,dc=com (Mileage may vary) - SSL: Marked (If not use port 389 for LDAP. However SSL **Strongly** recommended) - Enabled: Marked

It's been a long time from this ticket and I would like to know if there's now a way to sync ad passwords to avoid a single-error point (AD or comms down). Thanks!