By: KHOO BOO LEONG user 06 Feb 2018 at 4:32 a.m. CST

1 Response
KHOO BOO LEONG gravatar
What's the reason behind forcing synchronization of external user repository (LDAP) to Gluu's embedded LDAP? Should the deployment is for a huge user base environment with over million users, isn't it a waste of resource to maintain 2 sets of huge LDAP cluster at the same time? Would it be good to just have an option to just use external LDAP without synchronization?

By William Lowe staff 06 Feb 2018 at 9:05 a.m. CST

William Lowe gravatar
Gluu always needs cached and pre-processed user data in one place in order to provide a multi-protocol SSO / access management experience to users. There may several sources of initial (raw) user data, and this "raw" data may not be usable "as is", so it will need to be pre-processed. It would be extremely inefficient to do this pre-processing each time an auth request needs to be served by Gluu. Without the caching approach, it would require a query to all remote user data sources each time a user authenticates, then run all transmutations over some attributes that need to be pre-processed.