Table of Contents
To keep the Gluu Server up-to-date with the latest user claims, your organization can either "push" or "pull" identity data. In the "pull" mode, otherwise known as LDAP Synchronization or Cache Refresh, the Gluu Server can use an existing LDAP identity source like Microsoft Active Directory as the authoritative source of identity information. If you "push" identities to the Gluu Server, you can use the JSON/REST SCIM API. Local user management can also be performed inside oxTrust. Each method is detailed below.
Cache Refresh was built by Gluu to pull user information from a backend Active Directory/LDAP Server. Cache refresh dynamically synchronizes user information from the backend data source to a local LDAP server in order to maximize performance. Cache refresh is documented in our configuration section.
Self-Registration is done by users on a self-service basis. Since oxTrust user registration cannot add users to a backend LDAP or Active Directory server, self-registration will only be effective if GluuLDAP is used for authentication of users.
BY default a a limited number of attribute is present in default self-registration form. If more attributes are needed they can be added in Registration Management of Organization Configuration. Learn more about Registration Management here.
Local User Management
In oxTrust, you can add, edit and manage people, groups and user attributes and claims to ensure the proper information is released about the right people.
To manage people, navigate to User > Manage People, as shown in the screenshot below.
From this interface you can add users and search for specific users. Because the user database can potentially be very large, a value is required in the search field. In other words, you can not click search with a blank entry to populate all users. If you need to see all users, this would be best performed manually within the Gluu OpenDJ server. Upon performing a user search, a list will be populated with all users that match the search, as shown in the screenshot below.
To edit a user, simply click on any of the hyperlinks associated with that user and you will be taken to a user management interface where you can modify that specific attributes relating to that user as displayed below.
This feature allows the Gluu Server Administrator to bulk import users. The user xls file can be added using the Add button.
Validation checking for the added xls file can be done using the Validate button. If the file is not formatted properly, the server will reject the same with an error as shown below in the screenshot.
Out of the box, the Gluu Server includes one group: Gluu Server manager group, named: “gluuManager”. Groups can be added and populated as needed. By using the Manage Groups feature, the Gluu Server Administrator can add, delete or modify any group or user within a group. The list of available groups can be viewed by hitting the Search button with a blank search box.
The Gluu Server Administrator can modify information such as Display Name, Group Owner, Visibility type etc. The Server Administrator can also add or delete users within existing groups. The group information is represented as shown below.
If any member of the Organization is required to be added in any specific group, this can be achieved be clicking on the Add Member button. The flow is Add Member --> Search the name/email of the user --> Select the user --> Click OK --> Update.
An “Active” attribute list can be seen from the Configuration > Attributes section. By default, only active attributes are shown. To see inactive attributes, click the "Show All Attributes" link above the table. To edit an attribute simply click on the Display Name. Learn more about Attributes management here.