Migrate portal users when AD/LDAP authentication is configured
To migrate portal users from using portal database for authentication to using AD/LDAP, you must ensure the LDAP_ID of the portal user present in the PTL_USER table matches the ldap.loginAttribute value in AD/LDAP. If the values fail to match, you must update the user name in the portal database.
For example: Assume Joe has joe.smith as LDAP_ID in the portal database. If ldap.loginAttribute is set to sAMAccountName on the LDAP screen, and on AD/LDAP, the value of sAMAccountName must be joe.smith for the user to login successfully. If the value of sAMAccountName is other than joe.smith, you must change the LDAP_ID of the user in the PTL_USER table of the portal database to joe.smith to match the user name present in AD/LDAP.
To update the LDAP_ID in the portal database:
- Login to the Oracle database server of the IT Analytics Portal.
On Linux: Login as aptare user. If you have already logged in as root, use su -aptare.
On Windows: Login using user credentials of the ORA_DBA group.
- Identify the USER_ID that corresponds to the LDAP_ID using:
select LDAP_ID, USER_ID from PTL_USER where LDAP_ID='<user_name>';
For example:
select LDAP_ID, USER_ID from PTL_USER where LDAP_ID='joe.smith';
- Update the LDAP_ID with the user ID obtained from the above step.
update PTL_USER set LDAP_ID = '<user_name>' where USER_ID = <user_ID_from_previous_step>;
For example:
update PTL_USER set LDAP_ID = 'smith.joe' where USER_ID = <user_ID_from_previous_step>;
- Repeat steps 2 and 3 for all the users having a mismatch in their IDs.
Note:
Use LDAP_ID mentioned in step 3 (above) to login to AD/LDAP. Avoid using user name aptare as aptare (user_id=100) is an internal bootstrap user required to maintain referential integrity amongst the database tables. Hence you must not change aptare or use it for external LDAP integration.