By: Joel James user 14 May 2019 at 10:31 a.m. CDT

1 Response
Joel James gravatar
Is this possible? I have 2 Active Directory domains with a 2way trust. My users are in AD1 and my groups are in AD2. Is is possible to link the 2 together so that when a LDAP query is done on a user in AD1 it will show all the groups they belong to from AD2? Let me know if you need more information. Thanks, Joel

By Aliaksandr Samuseu staff 14 May 2019 at 1:43 p.m. CDT

Aliaksandr Samuseu gravatar
Hi, Joel. I think there may some confusion here. When an external backend LDAP server is involved, integrating it with Gluu Server usually splits into two different parts: 1. You configure [Cacher Refresh]( to pull user entries from your AD server(s) into Gluu's own internal LDAP sever 2. You configure authentication in such way oxAuth will verify user credentials against your AD server(s) (using a simple LDAP bind operation) - this assumes you use basic LDAP-based authentication For both parts it's possible to customize the flow in certain limits, using custom scripts written in Jython. So, for example, you could import your users from AD server1, and when each of them is processed, you could query AD server 2 from inside the custom script, loading group data and processing it (like, adding a new attribute to each user containing list of groups they are in) Then in your authentication custom script you'll be checking this attribute on local user entries, if needed, or just include it as a claim when serving SSO requests from your apps, allowing them to do authorization (not sure what is you final goal here). Please note that helping with custom scripts writing is not covered by Community Support, though.