Cisco Systems 5.4.x Understand Migration (from Embedded) to Either LDAP or SSO

8-21

UserGuide for Cisco Digital Media Manager5.4.x

OL-15762-05

Chapter8 Authentication and Fe derated Identity

Procedures

Note • Unless you choose explicitly to keep the local copy of a user, a group, or a policy, we discard the local copy.

• Migration from one mode to another takes as long as 1 minute to finish (CSCtn22370).

The result varies according to the combination of your choices.

Understand Migration (from Embedded) to Either LDAP or SSO

Note • Before you migrate from embedded authentication mode to federation mode, you must install a digital certificate

from a trusted CA on your IdP server. Otherwise, you cannot migrate to federation mode at all.

•After you migrate from embedded authentication mode to either LDAP (ActiveDirectory) mode or federation mode, the locked

property sheets become unlocked. You must use them.

• Migration from one mode to another takes as long as 1 minute to finish (CSCtn22370).

Procedures

•

Export the Root CA X.509 Certificate from Your Active Directory Server, page 8-22

•

Configure DMM to Trust the Active Directory Root CA, page 8-22

•

Choose an Authentication Method, page 8-23

When You

Keep Local

Copies of

The Result

Users

Groups

Policies

Yes Yes Ye s

•

We preserve all local information.

•

We overwrite all LDAP-derived user account passwords with

CiscoDMMvp99999.

1. This security feature protects your network and user data. If anyone gains unauthorized access to the exported file and tries

to use it, ActiveDirectory rejects the invalid passwords.

Yes No No

•

We preserve all local user accounts. However, we overwrite all LDAP-derived

user account passwords with CiscoDMMvp99999.

•

We discard all LDAP-derived groups.

•

We discard all LDAP-derived policies.

No Yes Yes

•

We discard all LDAP-derived user accounts.

•

We preserve all LDAP-derived groups. However, they are empty.

•

We preserve all LDAP-derived policies. Although they no longer apply to anyone,

you can reuse them and apply them to any remaining user accounts and a ny future

user accounts as you see fit.

No No No

•

We discard all LDAP-derived users, groups, and policies.