By: FP BB user 26 Jun 2020 at 7:55 p.m. CDT

4 Responses
FP BB gravatar
Hello, I'm new to Gluu and find the tool very good! I have a server setup locally and am able to successfully import/sync Users from my Active Directory into Gluu locally via LDAP Cache just fine. My question is, how can I can configure Gluu so that any new users I create locally within Gluu and any AD Imported users whose attributes I update, also get exported/sync'd back to my Active Directory? Thanks in advance

By Mohib Zico staff 27 Jun 2020 at 2:12 a.m. CDT

Mohib Zico gravatar
Hi, 'Cache Refresh' is a 'pull' method. That means, you can 'pull' user's information from AD / any LDAP server to Gluu Server. 'Push' user's information from Gluu Server to AD is not possible because we generally don't want to give that much 'write access' to Gluu Server so it can modify backend data souce ( i.e. AD for your case ). However, there is a script which actually can 'push' updated password from Gluu Server to backend AD / LDAP server; you can use/modify that script to meet your requirement. Here is the script: https://github.com/GluuFederation/oxAuth/tree/master/Server/integrations/basic.password_expiration

By FP BB user 28 Jun 2020 at 4:39 p.m. CDT

FP BB gravatar
@Mohib.Zico - Thanks for your response and advising. Is there any potential way to push into AD with Gluu at the moment at all or no? We were hoping to leverage Gluu as an all-in-one IAM tool for create/update operations back into Active Directory. Please do advise if there is any possible workaround and/or functions to push back into AD at all with Gluu. Also, after reading the info below, it indicates push/pull user data from Gluu to AD seems possible? https://www.gluu.org/features/identity-management/ Thanks again

By Mohib Zico staff 28 Jun 2020 at 11:57 p.m. CDT

Mohib Zico gravatar
Hello, Pull == Cache Refresh. Push == SCIM protocol. There are two ways to get / push user's information in Gluu Server only. >> We were hoping to leverage Gluu as an all-in-one IAM tool for create/update operations back into Active Directory. If it's one time job, you can just pull all user's information from AD into Gluu's LDAP server with Cache Refresh. But if it's continuous job, then what I described above is the only way.

By FP BB user 29 Jun 2020 at 9:44 a.m. CDT

FP BB gravatar
@Mohib.Zico - Understood and thanks for the confirmation. Do you know if there any existing guides available to meet my use case of using SCIM to constantly run CRUD ops back into AD at all?