Gluu base DN modification

By: kamlesh sharma user 17 Aug 2020 at 2:49 a.m. CDT

17 Responses
kamlesh sharma gravatar
Hi, I have my exisitng LDAP with our organization structure. I have insstalled GLUU 4.2 and created a new baseDN using dsconfig in openDJ and managed to import ldif. However, in gluu default baseDN is o=gluu and hence I cannot view my new ldap structure from gluu gui. I have also added new source ldap with the new baseDN in manage authentication tab. Still doesn't help. What I notice is in oxtrust json properties, there is baseDN default value o=gluu. When I modify the same to point to newly created baseDN, the system breaks. Please advise.
Ubuntu 18.04
closed

Answers

By Michael Schwartz Account Admin 17 Aug 2020 at 9:18 a.m. CDT

Copy
Michael Schwartz gravatar
Don't change the baseDN from `o=gluu`. This is the Gluu Server data store, so it is appropriate to use the suffix o=gluu. If you want to use OpenDJ for another directory service entirely, that's ok. You can then sync this datasource with the Gluu Server via the Cache Refresh feature. However, you may want to just run a whole new instance of OpenDJ (i.e. the WrenDS distribution) somewhere else. If you could share some more documentation, we can help you with the design.

By kamlesh sharma user 18 Aug 2020 at 12:14 a.m. CDT

Copy
kamlesh sharma gravatar
Hi, Thank you for your feedback. So I cannot use same gluu servers default openDJ with a new baseDN? I tried cache refresh, but it fails to copy my groups. It pulls only users. Below is my ldap structure as a sample. C=BH | o=myorg | ou=myou | | | uid=myusers cn=mygroups | members Also, for example, if I use new opendj, with my organization structure, when i perform cache refresh, all users in gluu would still be under default data store... ou=people,o=gluu right? So I cannot have my own directory structure. Please advise.

By Mohib Zico staff 18 Aug 2020 at 1:04 a.m. CDT

Copy
Mohib Zico gravatar
Hi Kamlesh, Yes, that's correct. Gluu Server has it's own configuration and own distinguished name structure. >> when i perform cache refresh, all users in gluu would still be under default data store... ou=people,o=gluu right? That's correct. >> I tried cache refresh, but it fails to copy my groups. It pulls only users. Yes, Gluu Server's groups and group operations are different than any standard LDAP/AD server.

By kamlesh sharma user 18 Aug 2020 at 1:13 a.m. CDT

Copy
kamlesh sharma gravatar
Hi, If I need to migrate from local LDAP/IAM to gluu ldap/IAM, i can only import my users, groups, OUs and members of each group is a manual task? It not easy because we have thousands off group membership. Please advise.

By Mohib Zico staff 18 Aug 2020 at 1:18 a.m. CDT

Copy
Mohib Zico gravatar
You mean, you have thousands unique groups in local LDAP???

By kamlesh sharma user 18 Aug 2020 at 1:29 a.m. CDT

Copy
kamlesh sharma gravatar
No, I meant membership. We have 100+ unique groups and each group has huge uid members.

By Mohib Zico staff 18 Aug 2020 at 1:46 a.m. CDT

Copy
Mohib Zico gravatar
Can you please share four user's ldap information ( current status ) from four groups? It will be helpful for me to understand what you are trying to say actually.

By Mohib Zico staff 18 Aug 2020 at 3:08 a.m. CDT

Copy
Mohib Zico gravatar
Thanks for sharing the info. Two more requests: - What is your primary key? - Four user's info from four membership group you mentioned. ( As this is public community tickets, you can send those information to "support@gluu.org" email address ).

By kamlesh sharma user 18 Aug 2020 at 3:16 a.m. CDT

Copy
kamlesh sharma gravatar
I was waiting for you to review and then delete. Its same, uid is primary key as any ldap for users. Like in gluu oxtrust gui, we create group and add members, we perform same in our IAM. groups are created as cn=groupname with FQDN and users are added as member atribute to each cn. Please advise.

By Mohib Zico staff 18 Aug 2020 at 3:51 a.m. CDT

Copy
Mohib Zico gravatar
Please send those info I requested in stated email address with actual users. From that snippet, I am still not clear how you use 'uid' as login credential ( or primary key ) when UID is in subgroup. We need clean & clear data ( you can remove password ) to understand what has to be done in Gluu Server to import data from your backend LDAP ( I am not considering it IAM because data structure is not standard ). So, again, this is what we need from you: - those snippet you shared, re-share. - "Four Active Users" from four member groups. And, this is what we will do after your share: - Mostly I have seen 'cn' is dominating attribute in your ldap. So we need to figure out how to use 'cn' as primary key. - If UID is really your primary key, then have to figure out how to use that in Gluu Server. - You are concerned with 'membership': so have to figure out how to place that attribute 'inside' Gluu Server's 'memberOf' attribute. Bottomline: - You can't 100% push whatever data you have in your existing LDAP server inside Gluu Server because Gluu strongly follow official standard. - We need to write custom script which will run in the middle of 'Cache Refresh' that will convert + migrate your data from your existing LDAP to Gluu LDAP. - After migration, you will have a 100% standard data structure which is worldwide acceptable ( i.e. you can import / export in ANY standard ldap server available in the world ).

By kamlesh sharma user 18 Aug 2020 at 4:05 a.m. CDT

Copy
kamlesh sharma gravatar
Sounds good. Users are actually created under each OU with primary uid. I have mailed you the sample now. Please advise.

By Mohib Zico staff 18 Aug 2020 at 5:30 a.m. CDT

Copy
Mohib Zico gravatar
Thanks, received. We will check those and share our suggestion.

By Mohib Zico staff 21 Aug 2020 at 11:21 a.m. CDT

Copy
Mohib Zico gravatar
**Status** Conversation going on over email.

By Mohib Zico staff 02 Sep 2020 at 9:24 a.m. CDT

Copy
Mohib Zico gravatar
Please feel free to reopen the ticket if required. Thanks!

By kamlesh sharma user 02 Sep 2020 at 9:30 a.m. CDT

Copy
kamlesh sharma gravatar
Please can you share sample custom script to cache refresh ldap attributes like groups, members, password, description etc.

By kamlesh sharma user 03 Sep 2020 at 2:56 a.m. CDT

Copy
kamlesh sharma gravatar
Hi, Please can you share sample custom script as an example to cache refresh custom attributes from ldap to gluu. Thanks in advance! Kamlesh Sharma I [cid:image001.png@01D681E0.D02FF6B0] Middleware Administrator | Technical Support Group Building 1091, Road 4225, Block 342, Juffair P.O. Box 33305 | Kingdom of Bahrain Direct line +973 17377319 kamlesh.sharma@iga.gov.bhmailto:kamlesh.sharma@iga.gov.bh> | www.bahrain.bhhttp://www.bahrain.bh/> [cid:image002.png@01D681E0.D02FF6B0]https://www.facebook.com/iGABahrain/> [cid:image003.png@01D681E0.D02FF6B0]http://www.twitter.com/egovbahrain> [cid:image004.png@01D681E0.D02FF6B0]http://instagram.com/egovbahrain> [cid:image005.png@01D681E0.D02FF6B0]http://www.youtube.com/egovbahrain> [cid:image006.png@01D681E0.D02FF6B0]https://www.linkedin.com/company/egovernment-authority> [cid:image007.jpg@01D681E0.D02FF6B0]

By Mohib Zico staff 03 Sep 2020 at 3:05 a.m. CDT

Copy
Mohib Zico gravatar
Hi Kamlesh, Sample cache refresh script is already there in your installed Gluu Server. Screenshot attached. Also, it will be great if you can open new ticket for new issue.
Capture.PNG

Post an answer