UserIdResolver migration

1.5.16. UserIdResolver migration#

Starting with LinOTP 2.8.1 it is possible to migrate token assigned to users from one UserIdResolver to another one. This can be useful for the following situations:

  • one large UserIdResolver has to be split up into smaller UserIdResolver units

  • a number of UserIdResolver are to be united into a big one

  • To change the type of UserIdResolver. E.g. users stored in a SQL database are now hosted in a LDAP

  • The users stay in the same user directory but the UID Type needs to be changed

The migration works as this: You need a UserIdResolver (or more than one) which contains the same users (means: the user names must be the same) as the original UserIdResolver. The migration from UserIdResolverA to UserIdResolverB transfers all token information for users which exist in UserIdResolverA to the same users in UserIdResolverB. So after the transition you still have the same user names with the same tokens assigned to residing in a new UserIdResolver.

Only users which exist in the destination UserIdresolver are migrated. This allowes to split up a large UserIdResolver.

The migrations procedure is like this:


../../_images/migrate_resolver_dropdown.png

Choose the two UserIdResolvers the token should be migrated from one to another. Please keep in mind that the migration is only be done for users existing in both UserIdResolver with the same names:


../../_images/migrate_resolver_popup.png

Finally the number of transferred tokens is displayed:


../../_images/migrate_resolver_success_popup.png

Here an example how to split up a large UserIdResolver:

UserIdResolverA contains the token information of following users: user1, user2, user3, user4, user5, user6, user7, user8, user9, user10


UserIDResolverB contains tokens of: user1, user2, user3


UserIdResolverC contains tokens of: user4, user5, user6, user7


Now the migration starts:


UserIdResolverA –> UserIdResolverB


UserIdResolverA contains the following token information for the following users: user4, user5, user6, user7, user8, user9, user10


UserIdResolverB now contains the token information for: user1, user2, user3


Second migration:


UserIdResolverA –> UserIdResolverC


UserIdResolverA contains the following token information for the following users: user8, user9, user10


UserIdResolverB now contains the token information for: user1, user2, user3


UserIdResolverC now contains the token information for: user4, user5, user6, user7