Convert Local Archer Groups to LDAP Groups
Hello all I hope everyone is safe. Stay indoors and stay safe!
We have been presented with a requirement of replacing a large number of local Archer groups with LDAP groups.
Initially it sounded simple, but the number of changes we need to make are huge (record permissions, rules, notifications etc)
So, I'm thinking of the below approach. Can someone validate or confirm if they have tried this? And if there is anything I need to keep in mind. I understand its NOT a recommended approach, but its either this or weeks of efforts identifying and replacing a number of groups across the platform:
- Take db backup before starting.
Lets say we have:
and we want to map ArcherLDAPgroup to ArcherLocalGroup via LDAPsynch
Now, if I select * from tblgroup:
ArcherLocalGroup (distinguished_name = NULL and ldap_config_id = NULL)
- We create an AD group called "ArcherLDAPGroup" and add all the users from "ArcherLocalGroup" into this new AD group.
- Next fetch the LDAP AD groups structure in Archer:
Now, select * from tblgroup:
- ArcherLocalGroup (distinguished_name = NULL and ldap_config_id = NULL)
- ArcherLDAPGroup (distinguished_name = somevalue and ldap_config_id = 1 or 2 or 3)
If I update these two rows in SQL to:
- ArcherLocalGroup (distinguished_name = somevalue and ldap_config_id = 1 or 2 or 3)
- ArcherLDAPGroup (distinguished_name = NULL and ldap_config_id = NULL)
Now, when I run the synch again, Archer will update my "ArcherLocalGroup" instead of "ArcherLDAPGroup"
Has anyone tried something like this? Just wanted to know what you guys think.