cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - New to the community? Learn how to post a question and get help from PTC and industry experts! X

Change/migrate Security Managment from MKS Domain to LDAP

traker99
5-Regular Member

Change/migrate Security Managment from MKS Domain to LDAP

Hello!

 

We are using Integrity 10.8 with MKS Domain Security Managment for Users and Permissions. Now we like to migrate to a LDAP or ADS solution.

 

We have some questions regarding the technical solution design and migration, maybe someone has done this procedure allready and may share some informations.

 

  • Is it possible to use one (1) ldap with a integrity staging combine so each server use the same single ldap server?
  • What is the best solution to migrate the mks domain users and groups to ldap or ads? Maybe its possible to export data and import it into ldap ?

I already check the documentation and its unclear how do migrate from actual mks domain management to a ldap management with maintain the same user/group settings?

 

Thank you very much

 

1 REPLY 1
awalsh
17-Peridot
(To:traker99)

 

  • It is possible to use the same LDAP server for staging and production and any test servers you may have. This is what many customers do.
  • Do you need to migrate the groups as well as users? The easiest option would be to keep the MKS Domain Groups, and use LDAP users. If you are migrating the groups, then you can get the group memberships by running "integrity viewmksdomaingroup" for a single group, or "aa groups --members" for all groups.
  • I'm sorry, I can't give you advice on importing into LDAP.  For exporting from MKS Domain, you can create a tab-delimitted list of the users with attributes from MKS Domain using the CLI: integrity mksdomainusers --fields=loginID,email,fullname. You can't get the passwords - the users will have to create new passwords.

I'm assuming the userids are not changing.  If you need to change the userids, then it is much more complicated (it involves DB changes or losing history of users) and I'd recommend opening a case with Technical support .

Announcements


Top Tags