SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.

moving from ldap to ldaps identity source - need to recreate users ?

moving from an ldap to ldaps identity source.

(certificate is imported, etc)

should I

1. create a new identity source which uses the same AD,

2. link it to the system

3. unlink the existing ldap identity at the same time.


Will this maintain my user definitions (they remain resolvable via the new identity) ? 

Or will they all need to be recreated ?

Labels (1)
1 Reply

If it is the same forest, then just change ldap to ldaps on the existing connection.


If it is a different forest, you need to import/export users and


-export all users with tokens from the old ldap connection

-*break the map user search filter to exclude all users but keep the connection intact

-run an identity source cleanup job, then disconnect the ldap connection afterward

-then import the users and tokens and send them to the new ldap connection


Make a backup of the system as well as make an export job, so no

matter what happens next (if you make any mistakes) you can restore the system or import users

and retain tokens and pins and whatnot.