Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User records while migration from LDAP to AD Auth. servers

llie_
Occasional Contributor
‎05-06-2013 02:14:AM
‎05-06-2013 02:14:AM

User records while migration from LDAP to AD Auth. servers

Dear all,

 

As per Juniper documentaiton, User records contain all persistent cookies, SSO information, personal bookmarks, and other resource preferences for a particular user on the SA Series device. User Records are stored on each respective SA Authentication server instance created on the SA (Authentication > Auth. Servers > Users Tab). 

 

Now, how can i retrieve the user records, especially Persona Bookmarks,  while migrating the authentication servers from LDAP to AD? By default, the personal bookmarks are lost during such migration. I need new a way to keep user records after the migraiton.

 

Thank you in advance for your feedback,

Laurent

0 Kudos
10 REPLIES 10
Kita_
Valued Contributor
‎12-23-2010 09:44:AM
‎12-23-2010 09:44:AM

Re: User records while migration from LDAP to AD Auth. servers

Failover is not needed.  The configuration is to configure URS to point to each other.  For example,

Node 1:

Configured for server/client

This client: Primary Server=node2

This server: Peer&Client=node2

Node 2:

Same configuration, but point them to node 1.

Ensure you set the Enable User Record Sync on each Authentication Server with the same name or the setting above will not do anything.

0 Kudos
Kita_
Valued Contributor
‎05-06-2013 02:35:PM
‎05-06-2013 02:35:PM

Re: User records while migration from LDAP to AD Auth. servers

What software version are you running?

0 Kudos
llie_
Occasional Contributor
‎05-07-2013 01:02:AM
‎05-07-2013 01:02:AM

Re: User records while migration from LDAP to AD Auth. servers

Hi Kita

 

Our version is 7.2R4

 

Thank you in advance

Laurent

 

 

0 Kudos
filbert_
Frequent Contributor
‎05-07-2013 01:12:PM
‎05-07-2013 01:12:PM

Re: User records while migration from LDAP to AD Auth. servers

User record Sync whould help you out.

http://www.juniper.net/techpubs/en_US/sa7.2/topics/concept/secure-access-user-record-sync-about.html

0 Kudos
zanyterp_
Respected Contributor
‎05-07-2013 06:29:PM
‎05-07-2013 06:29:PM

Re: User records while migration from LDAP to AD Auth. servers

It is not possible to move user records between different authentication server types on the same physical server.
0 Kudos
Kita_
Valued Contributor
‎05-08-2013 11:46:AM
‎05-08-2013 11:46:AM

Re: User records while migration from LDAP to AD Auth. servers

User record sync is only supported to work between two different standalone devices or two different clusters.  If you have two separate standalone devices, this may be a possible solution.  

 

You can attempt to enable user record sync in the same device, end user will see an message "Retrieving user record is in progress. Any modifications to bookmarks and preferences will be overwritten when the record is retrieved" and produce a failure message.  I did notice the user create bookmarks will be transferred, but it is unclear if all data within the user record is transferred properly.  In the end, this method is not supported and should be used at your own risk.

0 Kudos
Kita_
Valued Contributor
‎05-09-2013 03:21:PM
‎05-09-2013 03:21:PM

Re: User records while migration from LDAP to AD Auth. servers

I did more testing and this solution seems to work in a standalone environment.  If user record sync is enabled, you can make this a "client and server" and configured the device to itself.

 

However, I did have some issues with this configuration within a cluster environment.  This is where I would receive the error message stated in the previous comment.  I was able to work around this by making both nodes in the cluster as a "client and server" and point to each other instead of itself.

0 Kudos
llie_
Occasional Contributor
‎05-13-2013 07:01:AM
‎05-13-2013 07:01:AM

Re: User records while migration from LDAP to AD Auth. servers

Hi Kita,

 

Thank you for the feedback and tests.

 

1. Do you have the screen captures for this setup within a cluster?

2. Did you configure both cluster members as "Client and Server" function? pointing to each other as Peer Servers or Client pointing to Server?

3. Do you have to do a manual synchronization (export>import) or is it automatic?

 

Thank you in advance,

Laurent

0 Kudos
Kita_
Valued Contributor
‎05-13-2013 09:04:AM
‎05-13-2013 09:04:AM

Re: User records while migration from LDAP to AD Auth. servers

Yes, both nodes need to be configured as client/server and they need to be pointed to each other as Peer and Client..  A manual sync is not required.  When each user logs it, it will run the user record sync and grab the necessary data from each other to ensure all the data is the same on each node.

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.