Hi Sarwar,
There is no out of the box way to do this today. You could use existing REST APIs to do it (and package all those calls in a script if needed).
For provider users:
- Create a new user for every old user but in the OIDC registry (POST /users).
- Add the new user as a member at the required scope (org/catalog/space) with the same roles as that of the old user/member (POST /members).
- If the old user happens to be an owner of an org/catalog/space, then you will first have to add a member with no role for the new user and then do a transfer ownership from the old user to the new user. (POST /transfer-owner)
- Delete the old user. (DELETE /users).
If developer portal users are involved, additional steps are needed since user emails are required to be unique across all registries used for the catalog.
So instead of the above steps, you might have to:
- Create a temporary user in the OIDC registry (POST /users)
- Make him the owner of the consumer orgs owned by LUR users (POST /transfer-owner)
- Delete the old members/users (from both APIM and Portal admin page if needed) (DELETE /users, DELETE /members for APIM).
- Create a new OIDC user for every old LUR user as before (POST /users)
- Reassign orgs and memberships to the new users (for owners - transfer ownership from temp user to the new user, for developers (create/update memberships).
Hope that helps.
------------------------------
Nisha Narayanan
------------------------------
Original Message:
Sent: Wed January 18, 2023 03:46 PM
From: Sarwar Mohammad
Subject: Migrate users from LUR to OIDC - APIC v10
Hi All,
We need to migrate all users from LUR to OIDC user registry in APIC v10. What is the best approach? Are there any scripts that can be utilized to accomplish this?
Thanks,
Mohammad Sarwar
------------------------------
Sarwar Mohammad
Mahwah NJ
------------------------------