"Excellent customer service, support, and knowledge of access management and AuthN."- Applications Development Senior Manager in the Government Industry,
When you need to migrate LDAP directories, it can be a difficult and complex process. At Optimal IdM, we offer a solution for quick and easy migration from one LDAP directory to another, such as from OpenLDAP servers to Active Directory servers. You can migrate a portion or all of the LDAP directory, and there are full roll-back capabilities included if needed.
Our Virtual Directory is a proxy at the LDAP layer that can look and act like any type of user directory. This allows it to translate between platforms, make apps work with multiple user databases and source data from other platforms, such as SQL based databases. It is also installed on an ongoing basis.
While this also applies to customers wanting to move off of any platform — such as eDirectory — the Sun migration has become very popular due to the company’s acquisition by Oracle and subsequent license increases. Performing a migration from one LDAP directory to another is not easy as no two LDAP directories are the same, with different schemas, directory trees and supported LDAP controls. Performing this migration manually would require changes to the application code and would be a lengthy and costly process. VIS easily solves this problem, by emulating the old LDAP platform while proxying requests to the new LDAP environment. VIS can also make a seamless transition off of an obsolete and no longer supported virtual directory such as the Symlabs/Quest virtual directory.
Learn how the Virtual Identity Server (VIS) can make your LDAP to active directory server migrations a quick and easy process, including Quest migrations, Symlabs migrations, and Sun LDAP migrations.
Interested in the features and benefits of Optimal IdM’s LDAP migration tools? Request a demo of the Virtual Identity Server! Request Demo
Over time it is quite common that companies wish to migrate from one platform to another platform. This can be a relatively easy change, or can be quite complicated depending upon the platform being changed. With regards to moving from one LDAP directory to another, this is often a very complex and involved migration. In fact, for many organizations it may not even seem feasible given some of the constraints. Given the rise in popularity of Microsoft’s Active Directory over the years, many customers are examining ways to move or migrate from one LDAP platform (e.g. Sun, OpenLDAP, eDirectory) to the Microsoft Active Directory platform. Additionally, with the acquisition of Sun by Oracle and Oracle’s subsequent price increase, many customers are looking for ways to migrate off of the Sun platform. Learn more about some of the challenges and considerations when migrating from one LDAP platform to another and how Optimal IdM’s Virtual Identity Server software is uniquely positioned to assist organizations in LDAP to active directory migrations. A key concept to keep in mind is that directory migration is different than directory synchronization. While both move data from one directory to another, the goal of directory migration is to move data from the old directory to the new one so that the old directory can be retired. The goal of directory synchronization is to support long term directory coexistence.
There are a number of challenges facing an organization that would like to migrate from one LDAP directory to another. Several of these key challenges are explored in greater detail and how the Virtual Identity Server (VIS) addresses each of these.
Schema is often the first item that comes to mind when looking at a directory migration. For example, there are common differences between the schemas of LDAP directories. For example, Novell’s eDirectory utilizes the object class “groupofnames”, when referring to a “group”, while Microsoft’s Active Directory utilizes the object class “Group”.
One way to solve this problem is to alter the schema of the target LDAP directory in order to support the old schema of the original LDAP directory. In instances where there is very little difference between the two LDAP directories (perhaps a Sun to an OpenLDAP) this may be feasible.
The Virtual Identity Server (VIS) has out of the box capabilities to manage schema differences across multiple LDAP directories. Configuring objectclass and attribute mappings using an easy point and click interface, allows an administrator to easily map one LDAP directory to another. In fact, these object class and attribute mappings are how VIS translates SQL data, making it appear as LDAP data through VIS. Handling schema changes between LDAP directories is an easy point and click configuration within VIS. VIS can handle these schema changes without changing one line of code in your applications.
While there are certain specifications and standards for LDAP directories such as being LDAP V3 compatible, there are many other things that are not covered in these specifications. This is what makes each of these LDAP directories look and behave differently. Listed below are just a few of the items that are different among LDAP directories.
There is also the LDAP manager, which provides an easy-to-use Windows tree view so you can see and change your LDAP directory without using command line utilities. This allows you to easily search, view and modify all of your LDAP directories with one simple Windows interface.
Attempting to manually convert from one LDAP directory to another by manipulating the schema, DIT and ACL’s of a new target directory is extremely risky and cannot be guaranteed to be successful. As the number of applications and the number of differences between the LDAP directories increases, so does the risk that this manual conversion will be successful. Additionally, you will only know “if” you will be successful after you have spent the time, money and effort to perform all of the manual changes and tested each and every application.
Interested in the features and benefits of Optimal IdM? Request a demo! Request Demo
When it comes to LDAP migration tools, there are numerous benefits to using VIS, including:
Listed below are some general questions that you may want to consider.
How tightly coupled are your applications written to the existing LDAP directory?
VIS is a black box abstraction layer between the applications and the physical directory, enabling you to quickly and easily make changes without impact to either the application or the directory.
Are you sure you know EXACTLY what the applications are doing?
VIS can quickly and easily produce application profile reports that show you exactly what the applications are doing.
Do you have source code to ALL of the applications to make the necessary changes?
VIS’s emulation and abstraction engine allows you to make the migration without changing any of the applications source code.
Assuming you have all of the source code, do you have an idea of the time, money and effort it will take to change the applications?
VIS provides an easy cost effective mechanism for a directory conversion.
With a manual conversion, ALL applications must first be converted before you will know that the applications will work. As the number of applications and customizations increase, so does the risk in manually converting (if possible). Can you afford the risk of this big bang migration?
VIS enables you to migrate applications slowly over time. VIS is a production tested and proven solution that has been by countless other customers to solve this exact problem.
Conversely, using the built-in and out of the box capabilities of the Virtual Identity Server, converting from one LDAP platform to another can be easily achieved. VIS provides an easy to use and repeatable method that has been utilized by customers around the world to solve the LDAP migration problem.
For your LDAP migration needs, Optimal IdM can help. Our VIS system automates processes to reduce costs, mitigates security risks, simplifies the environment, ensures compliance management and more. We also offer free quotes, a private cloud and custom solutions.
Fill out our online form or give us a call today to find out more.