Showing results for 
Show  only  | Search instead for 
Did you mean: 

This product reached the end of support date on March 31, 2021.

Migration from database authentication to LDAP authentication


We're using database for DCRUM css authentication now. We are going to migrate to LDAP authentication. The question is whether we shall just import user from LDAP. Then it will replace the database users directly. Or there is some steps to disable database authentication at first.






When you use the LDAP authentication and import a user, it will import username,password, and email adress, therefore you'd have a conflict only if all informations are identical.

I'd recommend to start with a clean slate and remove users before importing them, I'm not sure how the CSS will react.

I know when you are using LDAP, you can import the same user multiple times and it will refresh information about the user, but that is with a pre existing LDAP authentication setup.

You can also test with one user to see if anything goes wrong if you can't delete and import.


Dynatrace Pro
Dynatrace Pro

According to Importing LDAP Users, a local user with the same name will take priority, so simply importing them won't accomplish much. Recreating users manually is a lot of work, as you'll have to re-add the groups, roles, and DMI reports that they had previously had access to.

You might want to create a ticket in our support system to see if an easier way to migrate users can be worked out that will preserve groups, roles and DMI reports.

As an aside note, when you import an LDAP user, the CSS only stores the username in its database.
The user's first name, last name, and email are dynamically retrieved
from LDAP when required, and the password is passed to LDAP as well.