RFI: What does Gluu keep in o=site database?

By: Jozef Babjak user 28 Mar 2017 at 4:54 a.m. CDT

4 Responses
Jozef Babjak gravatar
Gluu comes with two real LDAP databases configured in slapd.conf file. The first one, suffixed with o=gluu is apparently for business data, but the purpose of the second one, suffixed with o=site is somehow unclear. Even after importing business data and using Gluu for a while, it seems to be empty. The only clue is an index on "gluuStatus" attribute in o=site database, which suggests that some status information is stored there. So, the questions are: 1) What does Gluu need o=site DB for? Is it necessary at all? 2) If we connect Gluu to an external LDAP server, do we need to move also o=site database there? 3) If we have multiple instances of oxAuth service connected to a single external OpenLDAP, do these instances need separated or shared o=site database?
U1404
closed

Answers

By Mohib Zico staff 28 Mar 2017 at 10:35 a.m. CDT

Copy
Mohib Zico gravatar
Hi Jozef, Are you using Cache Refresh? If yes then: >> 1) What does Gluu need o=site DB for? Is it necessary at all? oxTrust uses o=site only. It uses this branch to store snapshot of user key(s) attributes specified in CR configuration. >> 2) If we connect Gluu to an external LDAP server, do we need to move also o=site database there? Yes if you use 'Cache Refresh'. We need to sync both o=site and o=gluu. >> 3) If we have multiple instances of oxAuth service connected to a single external OpenLDAP, do these instances need separated or shared o=site database? oxAuth doesn't use o=site. If you don't use Cache Refresh, you can ignore o=site.

By Jozef Babjak user 29 Mar 2017 at 3:06 a.m. CDT

Copy
Jozef Babjak gravatar
Thank you for clarification. Please, can you explain what is "cache refresh" in context of Gluu? Because I'm not sure whether we are using it or not.

By Mohib Zico staff 29 Mar 2017 at 3:15 a.m. CDT

Copy
Mohib Zico gravatar
It's LDAP synchorinzation tool. By using 'Cache Refresh', organization can pull user's information from their own backend AD/OpenLDAP. [Here](https://gluu.org/docs/ce/3.0.1/admin-guide/user-group/#ldap-synchronization) is the doc.

By Jozef Babjak user 29 Mar 2017 at 5:38 a.m. CDT

Copy
Jozef Babjak gravatar
Thanks!

Post an answer