Currently, our Vault Enterprise is configured with LDAP at the namespace level. We have been tasked to migrate to AzureAD but to implement it at the root level.
To complicate matters more, the LDAP prefixes usernames with “U.” whereas AzureAD doesn’t use this feature anymore. Is there away to migrate everyone, from their old LDAP account to the new AzureAD and keep their Vault Roles?
We are talking about several thousand users
Are you managing this in some kind of configuration as code system, such as Terraform? If so, the answer would be to make whatever changes you need there.
Or are you configuring all these things manually by Vault API/UI/CLI interactions? In which case, you would have to write yourself a custom script calling the Vault API many times to transform your configuration.
Thank you for responding so quickly.
We are using Terraform to impliement LDAP at the namespace level, and likewise will use Terraform again to impliment AzureAD at the root level
How would we go about mapping the two user accounts together (minus the U.) and inheriting the same roles please
That would entirely be dependent on the form of the specific Terraform code you currently have written - it’s not something that is possible to give generic advice about.