Hi, Rahul.
>Is it possible to connect to Gluu's LDAP directly? Or does one have to tunnel? It's unclear from the contradicting pages.
Yes, it's possible and the quote from the cluster docs actually shows how it's done (no need to change the other property if don't need to cluster it):
> Change..
> HOST_LIST="ldaps://127.0.0.1:1636/" to HOST_LIST="ldaps://127.0.0.1:1636/ ldaps://<server_ip>:1636"
It's also true that usually tunnelling is suggested, as it's much safer way to do this. At least, if you'll decide to expose its ports to the outter net, make sure you set firewall rules limiting who can connect from where.