After AD Synchronization (Cache Refresh) was configured, I realized the total number of people imported exceeded the number of actual users we had in office.
There is a way to filter off the unnecessary users from Microsoft Active Directory. If an AD user is a staff, we will tag this user as a member of "Azlabs Staff" AD Group.
Then we can re-configure Cache Refresh in Gluu Server again -- "Customer Backend Key/Attributes". (Yes, I dislike this tab title. Very confusing.)
Do remember Custom LDAP filter has to be a proper LDAP Query. As such, the memberOf value has to be a full DN. e.g. cn=Azlabs Staff,cn=users, dc ....
Wait for the next Cache Refresh to kick in.
Done.
.
No comments:
Post a Comment