By: KHOO BOO LEONG Account Admin 06 Feb 2018 at 4:32 a.m. CST

1 Response

What's the reason behind forcing synchronization of external user repository (LDAP) to Gluu's embedded LDAP? Should the deployment is for a huge user base environment with over million users, isn't it a waste of resource to maintain 2 sets of huge LDAP cluster at the same time? Would it be good to just have an option to just use external LDAP without synchronization?

CentOS 7.0

closed

By William Lowe user 06 Feb 2018 at 9:05 a.m. CST

Copy

Gluu always needs cached and pre-processed user data in one place in order to provide a multi-protocol SSO / access management experience to users. There may several sources of initial (raw) user data, and this "raw" data may not be usable "as is", so it will need to be pre-processed. It would be extremely inefficient to do this pre-processing each time an auth request needs to be served by Gluu. Without the caching approach, it would require a query to all remote user data sources each time a user authenticates, then run all transmutations over some attributes that need to be pre-processed.

You need to Login in order to post an answer

Reason behind synchronizing external user repository

By: KHOO BOO LEONG Account Admin 06 Feb 2018 at 4:32 a.m. CST

Answers

By William Lowe user 06 Feb 2018 at 9:05 a.m. CST

Post an answer