cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Domain Migration :from single domain to multiple domain.

Go to solution
Former Member

on ‎09-26-2006 4:45 PM

0 Kudos

Hi ,

We have an urgent requirement for the domain migration

The scenario is currently we are using MS AD as LDAP server to store portal users and thier credentials.

Lets say we have current domain name as : ad.abc.com

we are planning to migrate from this domain to number of domains.our requirement is to move the portal users into thier specific domain in batches.eg out of 5 users 2 has been moved to new domain and other 3 are still in ad.abc.com.

But after domain migration ,all the 5 users should be able to access all the applications and functionality of portals.

What should we do to achieve the same?

How portal applications will be affected by this?Can all the users access all applications without fail?

What exactly the LDAP does in portals?

Any help will be greatly appreciated

Thanks in Advance

Amit

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member110461
Active Contributor
‎09-26-2006 6:25 PM
0 Kudos

Hi Amit,

I assume you are talking about AD domains and not DNS domains?

Assuming that, basically the LDAP acts as the user list and authentication for the portal. So when you log on, the portal connnects to the ldap to verify your uid / pw. It also gets your list of ldap groups you belong to.

We can assign portal roles to these groups, so the users get whatever roles are assigned to their groups (plus any roles which have been assigned to their uids). This information is stored in the portal, not the ldap.

Note, if you have roles assigned directly to the users, they will lose those role assignments when you move them as they point at their full domain name.

Also, if they move groups, they will lose whatever role assignments they had in the groups they previously belonged to.

Portal roles give access to the applications, so as long as they get the same role re-assigned after moving them you will be ok.

Hope that helps

Paul

Show replies
Show replies
Former Member
‎09-27-2006 5:27 AM
0 Kudos

Hi Paul,

Thanks a lot for your useful information about LDAP and domains.I was not aware of that earlier.

yes i am talking about AD domains.

How can i make sure that roles are assigned directly to the users or to the ldap groups?What is the path inside portal which gives me information about this?

From portal how can i get access to LDAP server and details within that?

As per your communication ,i can understand that in both cases(if we move groups or users from 1 to other) they will lose thier role assignments?so whats the solution for that?

Do i need to give roles again to all the users and create new groups in thier new domain?

Eagerly waiting for your reply.

Amit Koyal

former_member110461
Active Contributor
‎09-27-2006 9:45 AM
0 Kudos

There are several ways to look to see how roles have been assigned to users. The easiest way is to go into user admin -> roles. Enter a user and edit them. Their assigned roles will be listed. In the top right. If the tick box is greyed out, then the role has been assigned to a group. If you can select the tick box then the role has been directly assigned to the user.

The way I would do it though is to assign roles to the new groups they are going to be members of, so that when they are moved they automatically get the role.

The details of the ldap server will be in system administration -> system configuration -> um configuration.

Hope that helps, if so feel free to give points

Paul

Former Member
‎09-27-2006 2:02 PM
0 Kudos

Hi Paul,

Thanks a lot.This is my last post regarding domain,can you please confirm on these points finally?

1.Can a single portal user be a assigned to two different groups with different role assignments for both groups?I think its not possible.and if two groups have exactly same roles,can he be apart of both groups?

2.your last reply suggest that,suppose my domain is changed,to access all roles in new domain, i should create a new group with exactly same role assignments as in my previous AD domain.What about those roles which i have been assigned through portal,but not groups?can those roles also be inherited?

3.when i go to user admin-roles and search for groups ,and edit any one group,how can i see the names of users present in this particular group from portal side?or i can only see details in <b>LDAP</b> server?

please confirm on the above.

Thanks and have a nice Day

Amit koyal

Former Member
‎09-28-2006 7:30 AM
0 Kudos

Hi Paul,

waiting for your reply.

former_member110461
Active Contributor
‎09-28-2006 9:40 AM
0 Kudos

1. Most ldaps can assign users to serveral groups. All the portal does is assign roles to groups, which means that members of those groups will inherit the roles.

So if a user is a member of two groups, they will inherit all roles from those groups.

2. When I talk about roles I am only talking about portal roles. So creating groups in your new ad and assigning roles to them would be the answer. yes they will inherit.

3. go to user admin -> roles and click on the group name rather than edit. That will show you who is a member.

Paul

Former Member
‎09-28-2006 11:26 AM
0 Kudos

Hi Paul,

Thanks a lot.it was really a great help from your side.I want to reward points but getting error like:

Error Rewarding Points

Any idea why it is so?I have given a mail to sdn reg this,whenever i get reply from them,i will definitely do it.

former_member110461
Active Contributor
‎09-28-2006 1:47 PM
0 Kudos

I think there was a problem with the points system earlier so that was probably causing it.

Paul

Former Member
‎09-28-2006 9:17 PM
0 Kudos

Hi Paul,

Now I am able to Reward Points.I will try to implement the domain migration and get back to ypu for any further clarifications

Thanks

Amit

Answers (0)

Ask a Question