AD (LDAP) migration

0
Hi, Assume I have an application which uses the LDAP module (appstore) for syncing users and authentication. What if the current LDAP (=Active Directory 2003 to be exact) is replaced by another LDAP (=AD 2008) server. What will happen at the application side in term of users when I change the LDAP module configuration? Should I change the server name to the new one, read LDAP, etc etc? Or should I create a new configuration in the module, read LDAP, etc and remove the old one? Some entities in the domain model have associations to Administration.Account. I do not want these associations to be messed up. Any advice on what to do is welcome. Regards, Paul
asked
3 answers
0

I think updating the server configuration of the existing server, and then do a sync ldap is the way to go. Of course, test it first and make a database backup ;-)

answered
0

Ok, this rises new questions:

What happens to all associations that I have from entities to e.g. Administration.Account? I assume that System.User/Name is used to map users, or at least is the most preferred way to do so. Will each sync clear the table and add the users again or will it just make the required changes?

When I have two LDAP servers and one mapping per server defined, how are duplicates handled? If a user exists, with the same unique ID (System.User/Name?), in both sources, the second of the two servers wins? Is the order predictable or can it be influenced?

I sync the users with one LDAP server, and when that server is removed from my application's LDAP configuration and replaced by another LDAP server and mapping, are all users from the removed server still in my application and updated with the information that comes from the second server? Assume here that both use System.User/Name as unique key.

Thanks, Paul

answered
0
  1. Existing users will not be created again, their accounts will just be updated
  2. Last synced applications wins (but if they sync different attributes that should be no problem)
  3. Correct
answered