Rolemining function in the Novell migration

Conversion of all Novell rights information

Under Novell you can also set permissions (trusts) on objects other than just users or groups. To avoid losing information when migrating from Novell Fileserver to Microsoft Filer, see migRaven integrated an intelligent Rolemining mechanism.

1. migRaven works as follows

1. It must be the group type for the permission groups in migRaven Domains, Global, or Universal groups are available
2. Definition of the name concept for the authorization groups

2. Acquisition of rights from Novell to Microsoft

1. Trustee information will be in migRaven imported
2. A comparison is made via LDAP to the eDirectory: Each trustee information is resolved via LDAP and treated individually:

3. Translation of the Novell Trust to Microsoft

(Only rights can be transferred if the corresponding users already exist in the AD! migRaven does not create user accounts! The adjustment is made via the sAMAccount. This must correspond to the CN in eDirectory. If the value does not correspond, an adjustment to migRaven be carried out -> In this case, speak to us.)

1. Resolving the account from the trustee info via LDAP in eDirectory: What is it? User or a container?
2. Users are added directly to the authorization groups
3. Containers are resolved and checked for multiple use
4. Not used multiple times in trusts: Members are resolved and become direct members of the permission group
5. Container occurs several times in trusts: members are dissolved, all members come into a role group, which itself becomes a member of the authorization groups becomes for the directories, where before under Novell also the container was entitled.

List permissions are of course created in this operation. This is done according to the minimal principle analogous to Novell. The future file system under Microsoft behaves exactly as under Novell. Permission inheritance does not need to be interrupted. ABE is fully supported. The users will not notice any difference after the migration.

The goal is to carry out a very clean takeover. Here the AG-DL-P or A-DL-P principle is implemented. Depending on what makes sense in each case.

We only recommend a double-group strategy if the first group is there to reuse a group of accounts in the same constellation in different places (Role: eg a group that accepts all employees of the department "Purchasing"). In this way, users can be granted rights to multiple directories very quickly, but they can also be revoked.

Info: Basically, rights are enforced migRaven assigned only via authorization groups.