Are you trying to migrate off an expensive directory platform (e.g. Oracle directory Server) to something more economical (e.g. Active Directory or AD LDS)?  Are you finding the LDAP migration process difficult or perhaps even impossible? Do you wish there was one proven solution that would eliminate all of the trials and tribulations you are currently facing? I have three words for you…Virtual Identity Server. Anyone can do an LDAP migration with the Virtual Identity Server…well…almost anyone!


Migration Challenges

Schema A directory’s schema is essentially the blueprint of how the directory is constructed including the restraints and specific directory language therein. LDAP directory schemas are generally unique and in order to migrate one directory to another, the schemas of the LDAP directories must be the same. Without VIS One way to solve this problem is to manually change the schema of the new directory to match the schema of the original directory. This is only a viable option when there are not many changes to make. The more changes that are needed, the more time consuming and riskier the process becomes. For example, changing the schema of a directory may alter the behavior of the applications using it and in some cases may even cause the applications to stop functioning all together. With VIS The Virtual Identity Server (VIS) has out of the box capabilities to manage schema differences across multiple LDAP directories. The simple point and click interface allows administrators to quickly and easily map one LDAP directory to another making it appear as one seamless directory. Likewise, VIS can be configured to emulate one directory, while actually storing the data in another. Paging Used by some LDAP directories and client applications, paging is a method of breaking large results sets in to more usable chucks (or pages). Some directories support paging and some do not, which can cause major compatibility issues and even broken applications when trying to migrate from one directory to another. Without VIS You would have to re-code each and every application to handle the paging differences which is extremely costly and time consuming. With VIS Virtual Identity Server allows your existing code to work against the new LDAP directory without having to change a single line of code in your applications. Directory System Agent (DSA/DSE) A DSA-Specific Entry (DSE) is a special type of entry that provides information about a directory server agent (DSA), which is a synonym for directory server.  When a client application connects to an LDAP directory’s root DSE the directory returns information about the information contained in the server and the types of operations that it supports. This DSA information is different on different LDAP directories and can cause migration challenges. Without VIS You would need to manually re-code every single application to handle the LDAP DSA differences which again, is very costly and time consuming. LDAP iconWith VIS No application changes are needed. The Virtual Identity Server easily solves this problem by using its directory emulation capabilities. VIS acts like any Sun/Oracle/LDAP directory while essentially translating the data to the target directory. There are several other factors to consider when migrating your LDAP directory – please check back in the coming weeks for LDAP Migrations Made Easy – Part 2 and contact us if you have any questions or if you would like more information right away.



  • The database in which all of your organization’s sensitive identity data is stored.
  • A digital ledger in which digital transactions are recorded chronologically and publicly.
  • Securely managing customer identity and profile data, and controlling customer access to applications and services.
  • The means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
  • A legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU.
  • The policy-based centralized orchestration of user identity management and access control.
  • An authentication infrastructure that is built, hosted and managed by a third-party service provider.
  • A security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.
  • A global provider of innovative and affordable identity access management solutions. 
  • Managing and auditing account and data access by privileged users.
  • Tools and technologies for controlling user access to critical information within an organization.
  • An authentication process that allows a user to access multiple applications with one set of login credentials.