RBF LDAP User Migration
Hello All,
I have just now changed build forge authentication to LDAP. Now we have some existing users that are using local RBF user authentication. As we have many user groups Its not viable to change the settings to LDAP group management. So we kept Group Management Local to RBF.
Now for the new users its all good, it will get created and default access is provided. What I want is to migrate the current user profiles so that the groups access can be retained. Otherwise I have to ask all users to login once and then I will have to provide the access again.
Please provide me any guidance on how to do this effectively.
Thanks
Praveen
|
2 answers
Hello,
When the user logs in and is created in the Console. You should be able to just add them to an access group or group containing the permissions you want to have. You shouldn't have to manually change every tiny permission setting. If you have set it up so that a user requires that kind of fine level management. Then unfortunately, there is not a standard or efficient way of doing what you want. This would typically be considered something you could export and import at a later time.
Except, as a security measure, Build Forge does not allow you to export or import access groups or related information. If it did, a user with access to the console host could directly manipulate the XML files of exported objects, and then import them.
|
I guess I described in confusing manners. Sorry for that.
What I did is LDAP integration set up and I want to change the existing local users to LDAP, but I think this is something not available so far. I tried with API as well but the user.setLDAP(true) says LDAP properties cannt be changed.
Well then I left with one last option is that to export the full group assignment of the user, and delete all users. Once all created in the system run the another utility to add the users in the earlier groups.
we kept USER ID same as LDAP userid thought we could manage the same after the LDAP authentication.
|
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.
Comments
I am surprised it would be difficult to change the settings for the groups to use LDAP. A big part of the LDAP integration is the ability to sort the users into access gorups based on their LDAP groupings. You don't have to map every LDAP or access group but you can set up enough to make it easier to customize users. The LDAP linked user is essentially a new user and will not be able to benefit from any of the previous mapping you did manually before.