Wednesday, June 5, 2019

Gluu AD/LDAP Synchronization

In Gluu Server, there is a concept called AD/LDAP Synchronization.





AD/LDAP Synchronization, a.k.a. Cache Refresh, is the process of connecting one or more existing backend LDAP servers, like Microsoft Active Directory, with the Gluu Server's local LDAP server. Syncing people and attributes from a backend server speeds up authentication transactions. It is possible to perform attribute transformations, changing the name of attributes, or even using an interception script to change the values. Transformations are stored in the Gluu LDAP service.





How does authentication take place?



Because there is no password stored in the "local copy" of the Gluu LDAP, authentication has to take place on the actual Microsoft Active Directory instead.

1. User attempts to authenticate with Gluu Server
2. Gluu Server searches if the user exists in "local copy" of the Gluu LDAP
3. If yes, Gluu Server will authenticate against the actual MS AD server with the username and password


Slightly different architecture from other SSO products.


.

No comments:

Post a Comment