CN113468509B - User authentication migration method, device, equipment and storage medium - Google Patents
User authentication migration method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN113468509B CN113468509B CN202110756743.1A CN202110756743A CN113468509B CN 113468509 B CN113468509 B CN 113468509B CN 202110756743 A CN202110756743 A CN 202110756743A CN 113468509 B CN113468509 B CN 113468509B
- Authority
- CN
- China
- Prior art keywords
- data
- user
- target
- user authentication
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a migration method, a migration device, migration equipment and a storage medium of user authentication, wherein the migration method comprises the following steps: extracting a user authentication file in an original authentication system, and extracting user authentication data in the user authentication file as target user authentication data; if the target authentication system does not have the data which is repeated with the target user authentication data, the target user authentication data is imported into the target authentication system; if the target authentication system has the data which is repeated with the target user authentication data, deleting the repeated data or writing the associated data of the repeated data in the target user authentication data into a preset file, so that user authentication data migration errors can be avoided, batch migration of the user authentication data is realized, user authentication data migration efficiency is improved, meanwhile, identification data of the user authentication data is reserved, and seamless migration of user authentication is realized.
Description
Technical Field
The embodiment of the invention relates to the technical field of Internet, in particular to a migration method, a migration device, migration equipment and a storage medium for user authentication.
Background
Along with the continuous expansion of the internet scale, the network traffic is also continuously increased; by connecting multiple servers to form a cluster, network services are commonly born, and the method has important significance for meeting the increasing service demands.
Different clusters typically employ different user authentication schemes, and the user authentication scheme employed by the same cluster may also vary over different time periods. When the authentication mode of a certain cluster is changed, user authentication data of an original authentication system needs to be migrated to a current authentication system (namely a target authentication system) so as to ensure that a user can continuously access the current cluster by using an original account number and a password; or when the two clusters need to synchronize the user authentication data, the first cluster adopts an original authentication system, the second cluster adopts a target authentication system, and the user authentication data needs to be migrated from the original authentication system to the target authentication system, so that the user can access the second cluster by using the original user information.
In the process of realizing the invention, the inventor finds that: the existing user authentication data migration mode generally derives the user authentication data from an original authentication system, and adds the user authentication data to the current authentication system one by one, so that the workload is large, the efficiency is low, the time cost is seriously wasted, the identification data of the user authentication data cannot be reserved, and seamless migration of the user authentication cannot be realized.
Disclosure of Invention
The embodiment of the invention provides a migration method, a migration device, migration equipment and a storage medium for user authentication, which can realize migration of user authentication data among different authentication systems, avoid user authentication data migration errors and improve data migration efficiency.
In a first aspect, an embodiment of the present invention provides a migration method for user authentication, including:
extracting a user authentication file in an original authentication system, and extracting user authentication data in the user authentication file as target user authentication data;
if the target authentication system does not have the data which is repeated with the target user authentication data, importing the target user authentication data into the target authentication system;
and if the target authentication system has the data which is repeated with the target user authentication data, deleting the repeated data or writing the associated data of the repeated data in the target user authentication data into a preset file.
Optionally, if there is data that is duplicated with the target user authentication data in the target authentication system, prompting to delete duplicated data includes:
if the target authentication system has the user identification data which is repeated with the target user identification data in the target user authentication data, prompting to delete the repeated user identification data; the target user identification data comprises user identification information and/or user name information.
Optionally, if there is data that is repeated with the target user authentication data in the target authentication system, writing the associated data of the repeated data in the target user authentication data into a preset file, including:
if the target authentication system has the user group identification data which is repeated with the target user group identification data in the target user authentication data, writing the repeated user group identification data in the target user authentication data and the corresponding user identification data into a preset file; wherein the target subscriber group identification data comprises subscriber group identification information and/or subscriber group name information.
Optionally, the writing the repeated user group identification data and the corresponding user identification data in the target user authentication data into a preset file includes:
acquiring problem code information corresponding to repeated user group identification data in the target user authentication data; wherein the problem code information comprises the reason for the repetition of user group identification data;
and writing the repeated user group identification data, the corresponding user identification data and the problem code information in the target user authentication data into a preset file.
Optionally, if the file format of the user authentication file is a lightweight directory exchange format, the importing the target user authentication data into the target authentication system includes:
judging whether the domain name path of each piece of data in the target user authentication data in an original authentication system is consistent with a preset domain name path in the target authentication system;
if not, updating the domain name path of each piece of data in the target user authentication data by adopting a preset domain name path;
judging whether each piece of data in the target user authentication data exists in a target authentication system in a target organization unit path of an original authentication system;
if not, creating the target organization unit path in the target authentication system;
and if receiving an import instruction, storing each piece of data in the target user authentication data based on the preset domain name path and the target organization unit path.
Optionally, if the file format of the user authentication file is a plain text file format and/or a spreadsheet format, the importing the target user authentication data into the target authentication system includes:
user identification data and corresponding user group identification data in the target user authentication data are acquired, the user identification data are imported to a target authentication system one by one, and the user group identification data are imported to the target authentication system one by one.
Optionally, if the file format of the user authentication file is a plain text file format and/or a spreadsheet format, the extracting the user authentication data in the user authentication file as the target user authentication data includes:
extracting user identity information, user name information, user group identification information, user group name information and storage path information from the user authentication file;
generating user authentication data according to the user identity information, the user name information, the user group identification information, the user group name information and the storage path information;
and if the user authentication data comprises repeated data, deleting the repeated data, and taking the user authentication data after deleting the repeated data as target user authentication data.
In a second aspect, an embodiment of the present invention provides a migration apparatus for user authentication, including:
the data extraction module is used for extracting a user authentication file in the original authentication system, extracting user authentication data in the user authentication file and taking the user authentication data as target user authentication data;
the data importing module is used for importing the target user authentication data into the target authentication system if the target authentication system does not have the data which is repeated with the target user authentication data;
And the repeated data processing module is used for deleting the repeated data or writing the associated data of the repeated data in the target user authentication data into a preset file if the data which is repeated with the target user authentication data exists in the target authentication system.
In a third aspect, an embodiment of the present invention provides an electronic device, including:
one or more processors;
storage means for storing one or more programs,
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement a migration method of user authentication according to any embodiment of the present invention.
In a fourth aspect, embodiments of the present invention provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a migration method for user authentication according to any embodiment of the present invention.
According to the technical scheme provided by the embodiment of the invention, when the repeated data in the target authentication system and the target user authentication data are the user identification data, the repeated user identification data can be deleted in the target authentication system or the target user authentication data, so that the target user authentication data introduction error caused by the repeated data is avoided, the batch migration of the user authentication data is realized, and the user authentication migration efficiency is improved; when the repeated user group identification data in the target authentication system and the target user authentication data are the user group identification data, the repeated user group identification data in the target user authentication data are written into a preset file, so that user authentication migration errors can be avoided, packet information loss corresponding to the user identification data can be avoided, the integrity of the user authentication data is ensured, and seamless migration of user authentication is realized; when the user group identification data is written into a preset file, the problem code information corresponding to each user group identification data is written at the same time, so that a user can know the repeated reasons corresponding to each data, and then a corresponding processing strategy is adopted, and the processing efficiency is improved; when the user authentication file is a lightweight directory exchange format file, checking a domain name path and an organization unit path of a target user authentication file, and finally storing target user authentication data according to a preset domain name path and a target organization unit path, so that batch import of the user authentication data in the lightweight directory exchange format user authentication file is realized, user authentication migration errors are avoided, and user authentication migration efficiency is further improved; when the user authentication file is in a plain text file format and/or a spreadsheet format file, user identification data and corresponding user group identification data in target user authentication data are obtained, the user identification data are imported into the target authentication system one by one, and the user group identification data are imported into the target authentication system one by one, so that the integrity of a user identification data grouping structure is ensured, different user authentication file formats correspond to different types of original authentication systems, and user authentication migration among different authentication systems is realized; when the user authentication file is a file in a plain text file format and/or a file in a spreadsheet format, extracting each piece of identification data from the user authentication file, and further acquiring corresponding user identification data and user group identification data; and the repeated data is searched in advance to ensure the correctness of the target user authentication data, so that the efficiency of user authentication migration can be further improved; extracting user authentication files from an original authentication system and extracting user authentication data from the user authentication files to serve as target user authentication data; if the target authentication system does not have the data which is repeated with the target user authentication data, the target user authentication data is imported into the target authentication system; if the target authentication system has the data which is repeated with the target user authentication data, deleting the repeated data or writing the associated data of the repeated data in the target user authentication data into a preset file, so that user authentication data migration errors can be avoided, batch migration of the user authentication data is realized, user authentication data migration efficiency is improved, meanwhile, identification data of the user authentication data is reserved, and seamless migration of user authentication is realized.
Drawings
FIG. 1 is a flow chart of a migration method for user authentication provided by an embodiment of the present invention;
FIG. 2A is a flowchart of a migration method for user authentication according to an embodiment of the present invention;
fig. 2B is a schematic flow chart of a migration method of user authentication according to an embodiment of the present invention;
FIG. 3A is a flowchart of a migration method for user authentication according to an embodiment of the present invention;
fig. 3B is a schematic flow chart of a migration method of user authentication according to an embodiment of the present invention;
FIG. 4A is a flowchart of a migration method for user authentication according to an embodiment of the present invention;
fig. 4B is a schematic flow chart of a migration method of user authentication according to an embodiment of the present invention;
FIG. 5 is a block diagram of a migration apparatus for user authentication according to an embodiment of the present invention;
fig. 6 is a block diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting thereof. It should be further noted that, for convenience of description, only some, but not all of the structures related to the present invention are shown in the drawings.
Fig. 1 is a flowchart of a user authentication migration method provided in an embodiment of the present invention, where the embodiment may be applicable to automatic migration of user authentication data between different user authentication systems, where different authentication systems may be configured in one cluster, or may also be configured in corresponding clusters, where the method may be performed by a user authentication migration device in the embodiment of the present invention, where the device may be implemented by software and/or hardware and integrated on an electronic device, where the electronic device may be a computer device or a server, as shown in fig. 1, and the method specifically includes the following steps:
s110, extracting a user authentication file in the original authentication system, and extracting user authentication data in the user authentication file as target user authentication data.
The authentication system is a network system for carrying out centralized management on information such as account numbers, passwords and the like of a user accessing a host; the authentication system can verify the account number, the password and other information input by the user on the host login interface of the client so as to determine whether the user has the authority information for accessing the corresponding host; correspondingly, the original authentication system is a historical authentication system adopted by a cluster or an authentication system corresponding to user authentication data to be exported.
In an embodiment of the invention, the original authentication system may include a network information system (Network Information Service, NIS) and a lightweight directory access protocol (Lightweight Directory Access Protocol, LDAP) system; in the network information system, a user logs in any NIS client machine and can log in and verify by a unified NIS server, so that centralized management of user authentication information can be realized; in the LDAP system, the tree structure is used for storing and searching the user identity authentication information, so that centralized management of a large amount of user identity authentication information can be realized. For example, when an LDAP system is adopted in a cluster, unified authentication of users can be realized, namely, the users can use the same account number and password to realize access to any server or host in the cluster, so that the complexity of the cluster authentication system can be reduced, and the management cost can be reduced.
In the embodiment of the invention, optionally, the target user authentication data is data information which is locally stored in the authentication system and is used for authenticating the identity and the authority of the user. For different authentication systems, the data forms of the corresponding user authentication data are different, and the data forms of the user authentication data are not particularly limited in the embodiment of the invention. Specifically, after acquiring login information input by a user, the authentication system searches matching data in user authentication data according to the login information; if the matched user authentication data is found, the current user can be determined to pass the identity authentication; if the matched user authentication data is not found, determining that the current user does not have the cluster access right; the user identity and authority can be determined by the user authentication data.
In the embodiment of the invention, the optional user authentication file is a file for storing user authentication data in an original authentication system and is composed of at least one piece of user authentication data; in embodiments of the present invention, the file formats of the user authentication file may include a lightweight directory interchange format (LDAP Data Interchange Format File, LDIF), a plain text file format (e.g., txt), and a spreadsheet format (e.g., EXCEL). Wherein, different types of original authentication systems can correspond to different user authentication file formats, for example, when the original authentication system is NIS, the corresponding user authentication file format can be plain text file format or electronic form format; when the original authentication system is an LDAP system, the corresponding user authentication file format may be a lightweight directory swap format.
Specifically, the user authentication file is extracted from the original authentication system, and corresponding user authentication data is obtained according to the user authentication file; it should be noted that, different types of original authentication systems correspond to user authentication files with different file formats; and the user authentication files with different file formats correspond to the matched user authentication data extraction methods. Therefore, after the user authentication file is acquired, the file format of the current user authentication file needs to be judged, and then the corresponding user authentication data extraction method is adopted to acquire the corresponding user authentication data, so that the extraction of the user authentication data corresponding to different types of original authentication systems can be realized, the applicability of the technical scheme of the application is ensured, and the acquisition efficiency of the user authentication data is improved.
The user authentication data may specifically include user identification data and user group identification data; taking a company employee management system as an example, the user identification data corresponds to company employee authentication information, the user group identification data corresponds to department information of employees, or corresponds to different work group information; one subscriber identity data may correspond to one or more subscriber group identity data, one subscriber group identity data comprising at least one subscriber identity data. The user identification data can comprise user identification information, user name information, user group name information and corresponding storage path information; the subscriber group identification data may include subscriber group identification information, subscriber group name information, included subscriber identity information, and corresponding storage path information.
And S120, if the target authentication system does not have the data which is repeated with the target user authentication data, importing the target user authentication data into the target authentication system.
In the embodiment of the invention, the target authentication system can be an authentication system currently adopted by a cluster or an authentication system to which user authentication data is to be imported; the target authentication system may comprise an LDAP system. The target authentication system and the original authentication system may be the same type of authentication system, for example, the target authentication system and the original authentication system are both LDAP systems; different types of authentication systems may also be corresponded, for example, the original authentication system is an NIS system, and the target authentication system is an LDAP system.
When the target user authentication data is imported into the database of the target authentication system, if there is data in the target user authentication data that is identical to the stored data in the target authentication system, a data import error occurs, and the data import is stopped; therefore, after the target user authentication data in the original authentication system is acquired, it is necessary to determine whether there is data in the target authentication system that is repeated with the target user authentication data.
In the embodiment of the invention, after determining that the target authentication system does not have the data which is repeated with the target user authentication data, the target user authentication data is imported to the target authentication system by adopting a matched data importing method according to the file format of the user authentication file because the user authentication file corresponds to different file formats. When the original authentication system and the target authentication system are of the same type, for example, the original authentication system and the target authentication system are both LDAP systems, and the user authentication file is in a lightweight directory exchange format; the batch importing of the target user authentication data can be performed by adopting a data importing command, for example, the importing command is an ldapadd command, and batch importing of the data in the LDIF file can be realized by setting a file path of the data to be imported and an importing execution rule; in the ldapadd command, continued import when an import error occurs may be achieved by setting the-c parameter, and if the-c parameter is not set, data import is stopped when an import error is encountered.
Optionally, when the original authentication system and the target authentication system are of different system types, for example, the original authentication system is an NIS system, the target authentication system is an LDAP system, and the user authentication file is in a plain text file format or a spreadsheet format; since the batch import command of the LDAP system is only applicable to the LDIF format file, the current target user authentication data is required to be imported to the target authentication system in a one-by-one import mode; by the method, seamless migration of the user authentication data between the original authentication system and the target authentication system can be realized, and the method is applicable to different types of original authentication systems and target authentication systems.
It should be noted that, during the process of extracting and importing the target user authentication data, no modification operation is performed on the identification data in the target user authentication data, so that seamless migration of the user authentication data between different authentication systems can be ensured, and under the condition that the authentication systems are changed, the user can still use the original identity information to perform identity authentication through different authentication systems.
S130, if the target authentication system has the data which is repeated with the target user authentication data, deleting the repeated data, or writing the associated data of the repeated data in the target user authentication data into a preset file.
In the embodiment of the invention, if the stored data which is overlapped with the target user authentication data is found in the target authentication system, the target user authentication data or the repeated data in the target authentication system can be deleted, and the influence of the repeated data on the user authentication data import can be eliminated; the repeated data in the target user authentication data can be written into a preset file, or the repeated data and corresponding associated data are written into the preset file, for example, the file name of the preset file is export_user_error_HHMMSS, and the storage path can be per opt/user; the user can judge whether to delete or modify the repeated data or not later, so that the false deletion of the important user authentication data can be avoided, and the safety can be improved.
When the repeated data is user identification data, the corresponding associated data is the user identification data, and the repeated user authentication data in the target user authentication data is written into a preset file; when the duplicate data is user group identification data, the corresponding associated data may be user identification data contained in the user group. The repeated data is deleted or written into the corresponding preset file, so that data import errors caused by the repeated data can be avoided, the repeated data can be written into the preset file, whether the repeated data are deleted or not is judged by a user, and further high-efficiency import of batch user authentication data can be ensured.
In the embodiment of the present invention, optionally, if there is data that is duplicated with the target user authentication data in the target authentication system, the prompting to delete duplicated data may include: if the target authentication system has the user identification data which is repeated with the target user identification data in the target user authentication data, prompting to delete the repeated user identification data; the target user identification data comprises user identification information and/or user name information.
It should be noted that, the user id Number (uidumer) and the user name information (user id, uid) included in the target user identification data, the uidumer is a character representation of the uid, and if one item of information is the same as the user identification data in the target authentication system, it can be confirmed that the current target user authentication data is the duplicate data; for example, the user name information and the user identity information of the target user identification data are user01/1000, the target authentication system comprises user identification data user01/1001, and the current user name information is repeated, so that the two data can be determined to be repeated; for another example, the user name information and the user identity information of the target user identification data are user01/1000, the target authentication system comprises user identification data user02/1000, and the current user identity information is repeated, so that the two data are determined to be repeated; for another example, the user name information and the user identity information of the target user identification data are user01/1000, the target authentication system comprises user identification data user01/1000, the current user identity information and the user name information are repeated, and it is determined that the two data are repeated.
In the embodiment of the invention, after the repetition of the user identification data is determined, the prompt information of the repetition of the user identification data can be sent to the user, the user is prompted to delete the current repeated user identification data, and the data import error caused by the repeated user identification data can be avoided; meanwhile, repeated user identification data is deleted, no influence is caused on other target user authentication data, and high-efficiency introduction of the target user authentication data can be ensured.
In the embodiment of the present invention, optionally, if there is data that is repeated with the target user authentication data in the target authentication system, writing the associated data of the repeated data in the target user authentication data into a preset file may include: if the target authentication system has the user group identification data which is repeated with the target user group identification data in the target user authentication data, writing the repeated user group identification data in the target user authentication data and the corresponding user identification data into a preset file; wherein the target subscriber group identification data comprises subscriber group identification information and/or subscriber group name information.
When the repeated data is the target user group identification data, because the user group identification data contains the corresponding user identification data, if the repeated target user group identification data is deleted directly, the corresponding user group information will be lost by the contained user identification data, and the user authentication data is led to an import error. For example, the group name information (group id, gid) and the group identification information (group id Number, gidNumber) of the target user group identification data are respectively group01/2000, if the target authentication system includes the user group identification data group01/2001, the user group name information is repeated, if the target user group identification data is deleted, when the user group identification information corresponding to the user authentication data is 2000, the corresponding user group cannot be found, and thus a system error is caused; if group01/2001 is deleted, user authentication data corresponding to user group identification information 2001 will be erroneous; therefore, duplicate user group identification data cannot be deleted directly. Similarly, when the user group identification information is repeated and the user group name information and the user group identification information are repeated, the corresponding user group identification data cannot be deleted as well.
Therefore, when the repeated user group identification data is determined, the repeated user group identification data in the target user authentication data is required to be written into a preset file, or the repeated user group identification data and the user identification data contained in the repeated user group identification data are required to be written into the preset file; and the user judges whether to delete or modify the repeated user identification data or not, so that the loss of the user authentication data can be avoided, and the integrity of the user authentication data is ensured.
In the embodiment of the present invention, optionally, writing the repeated user group identification data and the corresponding user identification data in the target user authentication data into a preset file may include: acquiring problem code information corresponding to repeated user group identification data in the target user authentication data; wherein the problem code information comprises the reason for the repetition of user group identification data; and writing the repeated user group identification data, the corresponding user identification data and the problem code information in the target user authentication data into a preset file.
When the repeatability judgment is performed on the user group identification data, as long as one item of information is repeated, the user group identification data of the target user authentication data and the user group identification data in the target authentication system can be determined to be repeated, and the repeated user group identification data is written into a preset file; thus, there are three cases in which the user group identification data in the preset file is repeated only by the user group identification information, only by the user group name information, and both the user group identification information and the user group name information.
To distinguish the above three cases, the reason for the repetition of the user group identification data is represented by the problem code information, for example, the groupname_duplicate represents the repetition of the user group name information, the groupname_duplicate represents the repetition of the user group identification information, and the groupname_groupid_duplicate represents the repetition of both the user group name information and the user group identification information; by acquiring the problem code information corresponding to each repeated user group identification data and further writing the repeated user group identification data, the user identification data contained therein and the corresponding problem code information into a preset file, the user can determine the reason of the repetition of the current repeated user group identification data and further adopt a corresponding processing strategy.
In the embodiment of the invention, repeated user group identification data processing strategies can be preset; after the repeated user group identification data is added to the preset file, a matched processing strategy can be obtained according to the problem code information corresponding to the repeated user group identification data, for example, when the user group identification data is only the repeated user group identification information, user group identification information modification confirmation information is sent to the management user corresponding to the user group identification data, after confirmation reply of the user is received, the user group identification information is modified, and the corresponding user identification data is matched and modified; and processing the repeated user group identification data through a preset processing strategy, and further reintroducing the modified user group identification data into the target authentication system, so that the loss of the corresponding packet of the user can be avoided, and the integrity of the user authentication data is further ensured.
According to the technical scheme provided by the embodiment of the invention, the user authentication file is extracted from the original authentication system, and the user authentication data is extracted from the user authentication file and is used as target user authentication data; if the target authentication system does not have the data which is repeated with the target user authentication data, the target user authentication data is imported into the target authentication system; if the target authentication system has the data which is repeated with the target user authentication data, deleting the repeated data or writing the associated data of the repeated data in the target user authentication data into a preset file, so that user authentication data migration errors can be avoided, batch migration of the user authentication data is realized, user authentication data migration efficiency is improved, meanwhile, identification data of the user authentication data is reserved, and seamless migration of user authentication is realized.
Fig. 2A is a flowchart of a migration method of user authentication according to an embodiment of the present invention, where the present embodiment is implemented on the basis of the foregoing embodiment, and in this embodiment, an original authentication system corresponds to an authentication system of the same type as a target authentication system, and when a user authentication file is in a lightweight directory exchange format, a storage path of target user authentication data is detected, and then the target user authentication data is stored according to a preset domain name path and an organization unit path, as shown in fig. 2A, where the method specifically includes:
S210, extracting a user authentication file in a lightweight directory exchange format from an original authentication system, extracting user authentication data from the user authentication file as target user authentication data, and executing S220.
In the embodiment of the invention, if the file format of the user authentication file is a lightweight directory exchange format, the data form of the stored user authentication data is consistent with the data form of the target authentication system, so that the user authentication data can be directly obtained in a way of extracting items from the user authentication file.
It should be noted that, when the file format of the user authentication file is a lightweight directory exchange format, after the user authentication data is obtained, the integrity and legitimacy of the data itself may be checked in advance, for example, whether the user group identification data corresponding to the user identification data exists is checked, and if it is determined that the corresponding user group identification data does not exist, the corresponding user group identification data needs to be created; for another example, it is checked whether there is duplicate data in the user authentication data, and if it is determined that there is duplicate data, the duplicate data may be deleted. By checking the completeness and the legality of the user authentication data in advance, the correctness of the acquired target user authentication data can be ensured, and the efficiency of importing the target user authentication data can be further improved.
S220, judging whether the target authentication system has the data which is repeated with the target user authentication data.
If yes, executing S280; otherwise, S230 is performed. Specifically, the target user authentication data may include a user identification data (UserVo) list and a user group identification data (GroupVo) list; inquiring the stored user identification data list and user group identification list at the target authentication system service end (Gridview), and judging whether repeated user name information (uid) and user identification information (uidumer) or repeated user group name information (gid) and user group identification information (gidNumber) exist in the target user authentication data and the target authentication system or not so as to determine whether repeated data exists between the target user authentication data and the target authentication system or not.
S230, judging whether the domain name path of each piece of data in the target user authentication data in the original authentication system is consistent with the preset domain name path in the target authentication system.
If the determination is consistent, executing S250; otherwise, S240 is performed. When the file format of the user authentication file is a lightweight directory exchange format, the type of the original authentication system is an LDAP system, and the target authentication system is also an LDAP system; in LDAP systems, data is stored in a tree form, and a storage location of user authentication data in an authentication system needs to be determined together through a Domain name (DC) path and an organization unit (Organizational Unit, OU) path; where DC is the root directory path of the tree structure, OU is the subdirectory path of the tree structure, e.g., ou=a, dc=b, dc=com for data, indicating that the data is in the a organization unit of the b.com domain.
In the embodiment of the invention, when the target user authentication data is imported, the target user authentication data needs to be stored according to the storage paths corresponding to the target user authentication data, and if the storage paths are wrong or are not existed, the target user authentication data cannot be imported. Therefore, after determining that the repeated data does not exist in the target user authentication data, judging whether the domain name path of each piece of data in the target user authentication data is consistent with the current preset domain name path of the target authentication system or not so as to determine whether the domain name path of the target user authentication data is correct or not, and thus failure in importing the target user authentication data can be avoided.
S240, updating the domain name path of each piece of data in the target user authentication data by adopting a preset domain name path, and executing S250.
Specifically, if it is determined that the domain name path of the user authentication data in the target user authentication data is inconsistent with the preset domain name path of the target authentication system, the domain name path of the current user authentication data needs to be replaced and updated by adopting the preset domain name path, so that each target user authentication data can be ensured to be stored in the corresponding preset domain name path.
S250, judging whether each piece of data in the target user authentication data exists in the target authentication system in a target organization unit path of the original authentication system.
Wherein, if it is determined that there is a request, S270 is executed; otherwise, S260 is performed. Specifically, after confirming that the domain name path of the target user authentication data is correct, further judging whether a target organization unit path of the target user authentication data exists in the target authentication system; if the target organization unit path of the target user authentication data exists in the target authentication system, the current target user authentication data can be directly imported and stored according to the preset domain name path and the target organization unit path; if the target organization unit path of the target authentication data does not exist in the target authentication system, a corresponding target organization unit path is newly established in the target authentication system, and then the target user authentication data is stored according to the preset domain name path and the target organization unit path, so that the target user authentication data can be stored according to the matched storage path, data import errors caused by storage path errors are avoided, and data import efficiency is further improved.
S260, creating the target organization unit path in the target authentication system, and executing S270.
And S270, if an import instruction is received, storing each piece of data in the target user authentication data based on the preset domain name path and the target organization unit path, and executing S290.
It should be noted that, the original authentication system corresponds to different system types, and the target authentication system includes an LDAP system, and the data storage form thereof is in a tree form; the data forms of the user authentication data extracted from different original authentication systems are different, and a matched data importing mode is needed to be adopted to import the user authentication data in different forms to the target authentication system. When the file format of the user authentication file is a lightweight directory exchange format, the user authentication data can be stored as an intermediate temporary file, and the file path is/tmp/; because the storage path form of the user authentication data is consistent with the storage path form of the target authentication system, the user authentication data in the intermediate temporary file can be imported in batches by adopting an import command, and the authentication migration efficiency is improved.
S280, deleting the repeated data, or writing the associated data of the repeated data in the target user authentication data into a preset file, and executing S290.
S290, ending.
In order to more clearly describe the technical solution of the embodiment of the present invention, as shown in fig. 2B, the technical solution provided by the embodiment of the present invention may include: firstly, checking whether an LDAP authentication source is configured in a target authentication system, if the LDAP authentication source is not configured, returning error information, and ending an authentication migration flow; if the LDAP authentication source is determined to be configured, acquiring a user authentication file in an LDIF format in an original authentication system, and analyzing the user authentication file to acquire target user identification data and target user group identification data; secondly, acquiring user identification data and user group identification data in a target authentication system from a server side of the target authentication system, and further judging whether data which is repeated with the user identification data or the user group identification data exists in the target user identification data and the target user group identification data; finally, if no repeated data exist, storing the target user identification data and the target user group identification data as intermediate temporary files, wherein the file path is/tmp/, and detecting whether the domain name path and the organization unit path of each data are consistent with the domain name path and the organization unit path configured in the target authentication system; if the data in the intermediate temporary file is inconsistent, the domain name path and the organization unit path of each data in the intermediate temporary file are required to be replaced by the configuration in the target authentication system, and the data in the intermediate temporary file is imported in batches by adopting an ldapadd command; and if the repeated data exists, returning error information, deleting the repeated user authentication data in the LDIF file or the target authentication system, and ending the authentication migration flow.
According to the technical scheme provided by the embodiment of the invention, when the file format of the user authentication file is a lightweight directory exchange format, the domain name path and the organization unit path of the target user authentication data are checked to obtain the correct storage path, and then the target user authentication data are stored according to the updated storage path, so that the data migration of the user authentication data among the same type authentication systems is realized, the user authentication data migration error caused by the storage path error is avoided, the batch migration of the user authentication data is realized, and the user authentication data migration efficiency is improved.
Fig. 3A is a flowchart of a migration method of user authentication according to an embodiment of the present invention, where the embodiment is implemented on the basis of the foregoing embodiment, and in this embodiment, an original authentication system and a target authentication system are different types of authentication systems, and when a user authentication file is in a plain text file format, user authentication data is extracted from the user authentication file, and the user authentication data is imported into the target authentication system by adopting a matched import manner, as shown in fig. 3A, where the method specifically includes:
s310, extracting a user authentication file in a plain text file format from the original authentication system, and executing S320.
S320, judging whether the user authentication file comprises/etc/passwd and/etc/group files.
If yes, executing S330; otherwise, S370 is performed. In the embodiment of the present invention, optionally, when the user authentication file is in a plain text file format, it is required to determine, according to the content of the user authentication file, that the/etc/pass and/etc/group files including the user identification data and the user group identification data are acquired simultaneously, and then acquire the identification data; wherein/etc/passwd is used to store subscriber identification data and/etc/group is used to store subscriber group identification data. Otherwise, returning error information and ending the flow. By acquiring the identification data, corresponding user identification data and user group identification data can be acquired, and acquisition of user authentication data is realized.
S330, obtaining user authentication data according to the/etc/passwd and/etc/group files as target user authentication data, and executing S340.
In the embodiment of the present invention, optionally, if the file format of the user authentication file is a plain text file format and/or a spreadsheet format, the extracting the user authentication data from the user authentication file as the target user authentication data may include: extracting user identity information, user name information, user group identification information, user group name information and storage path information from the user authentication file; generating user authentication data according to the user identity information, the user name information, the user group identification information, the user group name information and the storage path information; and if the user authentication data comprises repeated data, deleting the repeated data, and taking the user authentication data after deleting the repeated data as target user authentication data.
In the embodiment of the invention, after the user authentication data is obtained, repeated data screening can be performed in advance in the user authentication data to delete the repeated user authentication data, the user authentication data after the repeated data deletion is used as target user authentication data, or the data in the user authentication data is subjected to format check according to the preset user authentication data format, and the user authentication data which does not accord with the preset user authentication data format is deleted to obtain the corresponding target user authentication data. By checking the format or repeatability of the acquired user authentication data in advance, more accurate acquisition of the target user authentication data is realized.
In the embodiment of the invention, when the file format of the user authentication file is a plain text file format or a spreadsheet format, the identification data of the user authentication data exists in a field form; therefore, a preset data item searching mode can be adopted to extract all the identification data from the user authentication file so as to generate corresponding user authentication data; for example, searching a user name in a user authentication file to acquire user name information; after the identification data is acquired, storing the identification data according to the acquisition sequence, and combining the identification data with the same acquisition sequence to acquire the user authentication data, thereby realizing the acquisition of the user authentication data in the user authentication files with different file formats.
S340, judging whether the target authentication system has the data which is repeated with the target user authentication data.
If yes, executing S360; otherwise, S350 is performed.
S350, acquiring user identification data and corresponding user group identification data in the target user authentication data, importing the user identification data into a target authentication system one by one and importing the user group identification data into the target authentication system one by one, and executing S370.
In the real-time example of the invention, when the user group identification data is imported, the identification data (member user identification, memberUId) of the member users included in the user group identification data can be obtained, and the user group identification data and the contained user identification data are stored into the target authentication system group by group based on the same storage path, so that the data importing efficiency can be further improved.
When the file format of the user authentication file is a plain text file format or a spreadsheet format, the user authentication data does not have a target storage path consistent with the storage path form of the target authentication system, and the data form of the user authentication data is inconsistent, so that the target user authentication data cannot be directly imported in batches by adopting an import command; after the user identification data and the corresponding user group identification data are acquired from the target user authentication data, the user identification data are converted into a data storage form of the target authentication system, a storage path of the user identification data in the target authentication system is determined, and the user identification data are stored in the target authentication system according to the determined storage path; acquiring all user identification data included in the user group identification data, and storing the user identification data belonging to the same user group identification data by adopting the same storage path; the method realizes the importing of target user authentication data in user authentication files with different file formats.
S360, deleting the repeated data, or writing the associated data of the repeated data in the target user authentication data into a preset file, and executing S370.
When deleting the repeated data, the repeated data in/etc/passwd and/etc/group can be deleted, and the repeated data in the target authentication system can be deleted in the target authentication system server Gridview; if the repeated data in the target authentication system is deleted, the repeated data in the target user authentication data is imported to the target authentication system so as to ensure the identity authentication of the current user.
S370, ending.
In order to more clearly describe the technical solution of the embodiment of the present invention, as shown in fig. 3B, the technical solution provided by the embodiment of the present invention may include: after the target authentication system is determined to be configured with an LDAP authentication source, judging whether a user authentication file comprises a/etc/passwd file and a/etc/group file or not; if the user authentication file is determined to comprise the file, reading/etc/passwd and/etc/group files to acquire a target user identification data UserVo list and a target user group identification data GroupVo list; acquiring user identification data and user group identification data in a target authentication system from a service end Gridview of the target authentication system, and further judging whether data which is repeated with the user identification data or the user group identification data exists in the target user identification data and the target user group identification data; if no repeated data exists, adding the target user identification data to the target authentication system one by one and adding the target user group identification data to the target authentication system one by one; when adding the target user group identification data, the identification data of the included member users needs to be set; and if the repeated data are determined to exist, returning error information, deleting the repeated data, and ending the authentication migration flow.
According to the technical scheme, when the file format of the user authentication file acquired in the original authentication system is the plain text file format, corresponding target user authentication data is acquired according to the user authentication file after the user authentication file is determined to simultaneously comprise the/etc/passwd and/etc/group files, and after the target authentication data and the target authentication system are determined to have no repeated data, the target authentication data is imported into the target authentication system, so that the importing of the user authentication data in the user authentication file in the plain text file format is realized, the influence of the file format of the user authentication file on the user authentication migration is avoided, the user authentication migration among different types of authentication systems is realized, and the user authentication migration efficiency is improved.
Fig. 4A is a flowchart of a migration method of user authentication according to an embodiment of the present invention, where the embodiment is implemented on the basis of the foregoing embodiment, and in this embodiment, the original authentication system and the target authentication system are different types of authentication systems, and when the user authentication file is in a spreadsheet format, the spreadsheet format file is read to obtain user authentication data, and the user authentication data is imported into the target authentication system, as shown in fig. 4A, where the method specifically includes:
S410, extracting a user authentication file in a spreadsheet format from the original authentication system, and executing S420.
S420, acquiring user authentication data according to the user authentication file in the electronic form format, and executing S430 by taking the user authentication data as target user authentication data.
Specifically, when the user authentication file is in the electronic form format, searching matching data in the electronic form file according to a preset column name, for example, the preset column name is a user name and a user identifier; further, according to the searched matching data, user authentication data are obtained; the query results with the same query sequence can be considered to belong to the same user so as to acquire all the identification data of the user, and user authentication data corresponding to all the users are further obtained through combination, so that the acquisition of the user authentication data in the user authentication file in the electronic form format is realized.
S430, judging whether the target authentication system has the data which is repeated with the target user authentication data.
If yes, executing S450; otherwise, S440 is performed.
S440, user identification data and corresponding user group identification data in the target user authentication data are acquired, the user identification data are imported to a target authentication system one by one, and the user group identification data are imported to the target authentication system one by one, and S460 is executed.
When the user authentication file is in the electronic form format, the importing method of the user identification data and the user group identification data is consistent with the importing method of the target user authentication data in the user authentication file in the plain text file format, which is not described herein.
S450, deleting the repeated data, or writing the associated data of the repeated data in the target user authentication data into a preset file, and executing S460.
S460, ending.
In order to more clearly describe the technical solution of the embodiment of the present invention, as shown in fig. 4B, the technical solution provided by the embodiment of the present invention may include: after the target authentication system is determined to be configured with an LDAP authentication source, reading a user authentication file in a spreadsheet format to obtain a target user identification data UserVo list and a target user group identification data GroupVo list; acquiring user identification data and user group identification data in a target authentication system from a service end Gridview of the target authentication system, and further judging whether data which is repeated with the user identification data or the user group identification data exists in the target user identification data and the target user group identification data; if no repeated data exists, adding the target user identification data to the target authentication system one by one and adding the target user group identification data to the target authentication system one by one; when adding the target user group identification data, the identification data of the included member users needs to be set; and if the repeated data are determined to exist, returning error information, deleting the repeated data in the user authentication file or the target authentication system, and ending the authentication migration flow.
According to the technical scheme, when the user authentication file extracted from the original authentication system is in the electronic form format, target user authentication data are extracted from the user authentication file; after determining that the target authentication system does not have the data which is repeated with the target user authentication data, the user identification data in the target user authentication data are imported into the target authentication system one by one, and the user group identification data are imported into the target authentication system one by one, so that the extraction and import of the user authentication data in the user authentication file in the electronic form format are realized, the migration of the user authentication data among different authentication systems is realized, the influence of the file format of the user authentication file on the user authentication migration is avoided, and the user authentication migration efficiency is improved.
Fig. 5 is a block diagram of a migration apparatus for user authentication according to an embodiment of the present invention, where the apparatus specifically includes: a data extraction module 510, a data import module 520, and a duplicate data processing module 530;
the data extraction module 510 is configured to extract a user authentication file in the original authentication system, and extract user authentication data in the user authentication file as target user authentication data;
A data importing module 520, configured to import the target user authentication data to the target authentication system if there is no data that is repeated with the target user authentication data in the target authentication system;
and the repeated data processing module 530 is configured to delete the repeated data if there is data that is repeated with the target user authentication data in the target authentication system, or write the associated data of the repeated data in the target user authentication data into a preset file.
Optionally, based on the above technical solution, the repeating data processing module 530 includes:
the first repeated data processing unit is used for prompting to delete repeated user identification data if the user identification data which is repeated with the target user identification data in the target user authentication data exists in the target authentication system; the target user identification data comprises user identification information and/or user name information.
Optionally, based on the above technical solution, the repeating data processing module 530 includes:
a second repeating data processing unit, configured to write, if there is user group identification data that is repeated with target user group identification data in the target user authentication data in the target authentication system, the user group identification data that is repeated in the target user authentication data and corresponding user identification data into a preset file; wherein the target subscriber group identification data comprises subscriber group identification information and/or subscriber group name information.
Optionally, based on the above technical solution, the second duplicate data processing unit is specifically configured to obtain problem code information corresponding to the user group identifier data that is duplicated in the target user authentication data; wherein the problem code information comprises the reason for the repetition of user group identification data; and writing the repeated user group identification data, the corresponding user identification data and the problem code information in the target user authentication data into a preset file.
Optionally, based on the above technical solution, if the file format of the user authentication file is a lightweight directory exchange format, the data importing module 520 includes:
a domain name path judging unit, configured to judge whether a domain name path of each piece of data in the target user authentication data in an original authentication system is consistent with a preset domain name path in the target authentication system;
a domain name path updating unit, configured to update a domain name path of each piece of data in the target user authentication data by using a preset domain name path if not;
an organization unit path judging unit for judging whether each piece of data in the target user authentication data exists in the target authentication system in the target organization unit path of the original authentication system;
An organization unit path creation unit configured to create the target organization unit path in the target authentication system if not;
and the data storage unit is used for storing each piece of data in the target user authentication data based on the preset domain name path and the target organization unit path if receiving the import instruction.
Optionally, based on the above technical solution, the data importing module 520 is specifically configured to obtain the user identification data and the corresponding user group identification data in the target user authentication data if the file format of the user authentication file is a plain text file format and/or a spreadsheet format, import the user identification data into the target authentication system one by one, and import the user group identification data into the target authentication system one by one.
Optionally, based on the above technical solution, the data extraction module 510 includes:
the information extraction unit is used for extracting user identity information, user name information, user group identification information, user group name information and storage path information from the user authentication file if the file format of the user authentication file is a plain text file format and/or a spreadsheet format;
The data generation unit is used for generating user authentication data according to the user identity information, the user name information, the user group identification information, the user group name information and the storage path information;
and the data deleting unit is used for deleting the repeated data if the user authentication data comprises the repeated data, and taking the user authentication data after deleting the repeated data as target user authentication data.
The device can execute the migration method of the user authentication provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method. Technical details not described in detail in this embodiment may be found in the method provided by any embodiment of the present invention.
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention, as shown in fig. 6, where the device includes:
one or more processors 610, one processor 610 being illustrated in fig. 6;
a memory 620;
the apparatus may further include: an input device 630 and an output device 640.
The processor 610, memory 620, input 630 and output 640 of the device may be connected by a bus or other means, for example in fig. 6.
The memory 620 is a non-transitory computer readable storage medium, and may be used to store software programs, computer executable programs, and modules, such as program instructions/modules (e.g., the data extraction module 510, the data import module 520, and the duplicate data processing module 530 shown in fig. 5) corresponding to a user-authenticated migration method in an embodiment of the present invention. The processor 610 executes various functional applications of the computer device and data processing by running software programs, instructions and modules stored in the memory 620, i.e. a migration method implementing user authentication of the above-described method embodiments, namely:
extracting a user authentication file in an original authentication system, and extracting user authentication data in the user authentication file as target user authentication data;
if the target authentication system does not have the data which is repeated with the target user authentication data, importing the target user authentication data into the target authentication system;
and if the target authentication system has the data which is repeated with the target user authentication data, deleting the repeated data or writing the associated data of the repeated data in the target user authentication data into a preset file.
Memory 620 may include a storage program area that may store an operating system, at least one application program required for functionality, and a storage data area; the storage data area may store data created according to the use of the computer device, etc. In addition, memory 620 may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, memory 620 optionally includes memory remotely located relative to processor 610, which may be connected to the terminal device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 630 may be used to receive entered numeric or character information and to generate key signal inputs related to user settings and function control of the computer device. The output device 640 may include a display screen or the like.
The embodiment of the invention also provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the migration method of user authentication according to any embodiment of the invention; the method comprises the following steps:
Extracting a user authentication file in an original authentication system, and extracting user authentication data in the user authentication file as target user authentication data;
if the target authentication system does not have the data which is repeated with the target user authentication data, importing the target user authentication data into the target authentication system;
and if the target authentication system has the data which is repeated with the target user authentication data, deleting the repeated data or writing the associated data of the repeated data in the target user authentication data into a preset file.
The computer storage media of embodiments of the invention may take the form of any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
Note that the above is only a preferred embodiment of the present invention and the technical principle applied. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, while the invention has been described in connection with the above embodiments, the invention is not limited to the embodiments, but may be embodied in many other equivalent forms without departing from the spirit or scope of the invention, which is set forth in the following claims.
Claims (10)
1. A migration method for user authentication, comprising:
extracting a user authentication file in an original authentication system, and extracting user authentication data in the user authentication file as target user authentication data;
if the target authentication system does not have the data which is repeated with the target user authentication data, importing the target user authentication data into the target authentication system;
if the target authentication system has the data which is repeated with the target user authentication data, deleting the repeated data or writing the associated data of the repeated data in the target user authentication data into a preset file;
The method comprises the steps of extracting a user authentication file in an original authentication system, extracting user authentication data in the user authentication file as target user authentication data, and comprising the following steps:
when the original authentication system is a lightweight directory access protocol system, extracting a user authentication file in a lightweight directory exchange format from the original authentication system, and extracting user authentication data from the user authentication file in a item-by-item extraction mode; the user authentication data comprises user identification data and user group identification data, wherein one user identification data corresponds to one or more user group identification data;
checking whether the user group identification data corresponding to each user identification data exists or not, and if the corresponding user group identification data is determined to not exist, creating the corresponding user group identification data.
2. The method of claim 1, wherein prompting for duplicate data if there is duplicate data in the target authentication system with the target user authentication data comprises:
if the target authentication system has the user identification data which is repeated with the target user identification data in the target user authentication data, prompting to delete the repeated user identification data; the target user identification data comprises user identification information and/or user name information.
3. The method of claim 1, wherein if the file format of the user authentication file is a lightweight directory exchange format, writing the associated data of the repeated data in the target user authentication data into a preset file if there is data in the target authentication system that is repeated with the target user authentication data, comprises:
if the target authentication system has the user group identification data which is repeated with the target user group identification data in the target user authentication data, writing the repeated user group identification data in the target user authentication data and the corresponding user identification data into a preset file; wherein the target subscriber group identification data comprises subscriber group identification information and/or subscriber group name information.
4. A method according to claim 3, wherein writing the repeated user group identification data and the corresponding user identification data in the target user authentication data into a preset file comprises:
acquiring problem code information corresponding to repeated user group identification data in the target user authentication data; wherein the problem code information comprises the reason for the repetition of user group identification data;
And writing the repeated user group identification data, the corresponding user identification data and the problem code information in the target user authentication data into a preset file.
5. The method of claim 1, wherein importing the target user authentication data to a target authentication system if the file format of the user authentication file is a lightweight directory swap format, comprises:
judging whether the domain name path of each piece of data in the target user authentication data in an original authentication system is consistent with a preset domain name path in the target authentication system;
if not, updating the domain name path of each piece of data in the target user authentication data by adopting a preset domain name path;
judging whether each piece of data in the target user authentication data exists in a target authentication system in a target organization unit path of an original authentication system;
if not, creating the target organization unit path in the target authentication system;
and if receiving an import instruction, storing each piece of data in the target user authentication data based on the preset domain name path and the target organization unit path.
6. The method according to claim 1, wherein importing the target user authentication data into a target authentication system if the file format of the user authentication file is a plain text file format and/or a spreadsheet format, comprises:
Acquiring user identification data and corresponding user group identification data in the target user authentication data, and importing the user identification data into a target authentication system one by one and importing the user group identification data into the target authentication system one by one;
if the target authentication system has the data which is repeated with the target user authentication data, writing the associated data of the repeated data in the target user authentication data into a preset file, wherein the method comprises the following steps:
if the target authentication system has the user group identification data which is repeated with the target user group identification data in the target user authentication data, writing the repeated user group identification data in the target user authentication data and the corresponding user identification data into a preset file; wherein the target subscriber group identification data comprises subscriber group identification information and/or subscriber group name information.
7. The method according to claim 1, wherein if the file format of the user authentication file is a plain text file format and/or a spreadsheet format, the extracting the user authentication data in the user authentication file as the target user authentication data includes:
Extracting user identity information, user name information, user group identification information, user group name information and storage path information from the user authentication file;
generating user authentication data according to the user identity information, the user name information, the user group identification information, the user group name information and the storage path information;
and if the user authentication data comprises repeated data, deleting the repeated data, and taking the user authentication data after deleting the repeated data as target user authentication data.
8. A migration apparatus for user authentication, comprising:
the data extraction module is used for extracting a user authentication file in the original authentication system, extracting user authentication data in the user authentication file and taking the user authentication data as target user authentication data;
the data importing module is used for importing the target user authentication data into the target authentication system if the target authentication system does not have the data which is repeated with the target user authentication data;
the repeated data processing module is used for deleting repeated data or writing associated data of the repeated data in the target user authentication data into a preset file if the data which is repeated with the target user authentication data exists in the target authentication system;
The data extraction module is specifically configured to:
when the original authentication system is a lightweight directory access protocol system, extracting a user authentication file in a lightweight directory exchange format from the original authentication system, and extracting user authentication data from the user authentication file in a item-by-item extraction mode; the user authentication data comprises user identification data and user group identification data, wherein one user identification data corresponds to one or more user group identification data;
checking whether the user group identification data corresponding to each user identification data exists or not, and if the corresponding user group identification data is determined to not exist, creating the corresponding user group identification data.
9. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs,
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the user-authenticated migration method of any one of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements a migration method of user authentication according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110756743.1A CN113468509B (en) | 2021-07-05 | 2021-07-05 | User authentication migration method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110756743.1A CN113468509B (en) | 2021-07-05 | 2021-07-05 | User authentication migration method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113468509A CN113468509A (en) | 2021-10-01 |
| CN113468509B true CN113468509B (en) | 2024-01-30 |
Family
ID=77878036
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110756743.1A Active CN113468509B (en) | 2021-07-05 | 2021-07-05 | User authentication migration method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113468509B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114840490A (en) * | 2022-03-23 | 2022-08-02 | 青岛海尔科技有限公司 | Database account migration method, storage medium and electronic device |
| CN116583048B (en) * | 2023-04-14 | 2024-08-16 | 南京立宇菲科技有限公司 | A device for identifying suspected duplicate data of power equipment |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8027921B1 (en) * | 2002-02-13 | 2011-09-27 | Sprint Communications Company L.P. | Method and software for migrating protected authentication data |
| CN102200936A (en) * | 2011-05-11 | 2011-09-28 | 杨钧 | Intelligent configuration storage backup method suitable for cloud storage |
| CN102473127A (en) * | 2009-07-16 | 2012-05-23 | 国际商业机器公司 | An integrated approach for deduplicating data in a distributed environment that involves a source and a target |
| JP2012137932A (en) * | 2010-12-27 | 2012-07-19 | Nippon Telegraph & Telephone East Corp | Authentication migration system, authentication migration method and authentication migration device |
| US9819669B1 (en) * | 2015-06-25 | 2017-11-14 | Amazon Technologies, Inc. | Identity migration between organizations |
| CN108471403A (en) * | 2018-02-27 | 2018-08-31 | 平安科技(深圳)有限公司 | A kind of method, apparatus, terminal device and the storage medium of account migration |
| CN108932282A (en) * | 2018-05-18 | 2018-12-04 | 腾讯科技(深圳)有限公司 | A kind of database migration method, apparatus and storage medium |
| CN110389856A (en) * | 2018-04-20 | 2019-10-29 | 伊姆西Ip控股有限责任公司 | Method, apparatus and computer program product for migrating data |
| CN110519285A (en) * | 2019-08-30 | 2019-11-29 | 浙江大搜车软件技术有限公司 | User authen method, device, computer equipment and storage medium |
| CN113050890A (en) * | 2021-03-26 | 2021-06-29 | 北京沃东天骏信息技术有限公司 | Data migration method and device |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070083917A1 (en) * | 2005-10-07 | 2007-04-12 | Peterson Matthew T | Apparatus system and method for real-time migration of data related to authentication |
| US20100269151A1 (en) * | 2009-04-20 | 2010-10-21 | Crume Jeffery L | Migration across authentication systems |
| WO2018090256A1 (en) * | 2016-11-16 | 2018-05-24 | 华为技术有限公司 | Directory deletion method and device, and storage server |
| US20180246886A1 (en) * | 2017-02-27 | 2018-08-30 | OSF Global Services Inc. | Data migration for platform integration |
-
2021
- 2021-07-05 CN CN202110756743.1A patent/CN113468509B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8027921B1 (en) * | 2002-02-13 | 2011-09-27 | Sprint Communications Company L.P. | Method and software for migrating protected authentication data |
| CN102473127A (en) * | 2009-07-16 | 2012-05-23 | 国际商业机器公司 | An integrated approach for deduplicating data in a distributed environment that involves a source and a target |
| JP2012137932A (en) * | 2010-12-27 | 2012-07-19 | Nippon Telegraph & Telephone East Corp | Authentication migration system, authentication migration method and authentication migration device |
| CN102200936A (en) * | 2011-05-11 | 2011-09-28 | 杨钧 | Intelligent configuration storage backup method suitable for cloud storage |
| US9819669B1 (en) * | 2015-06-25 | 2017-11-14 | Amazon Technologies, Inc. | Identity migration between organizations |
| CN108471403A (en) * | 2018-02-27 | 2018-08-31 | 平安科技(深圳)有限公司 | A kind of method, apparatus, terminal device and the storage medium of account migration |
| CN110389856A (en) * | 2018-04-20 | 2019-10-29 | 伊姆西Ip控股有限责任公司 | Method, apparatus and computer program product for migrating data |
| CN108932282A (en) * | 2018-05-18 | 2018-12-04 | 腾讯科技(深圳)有限公司 | A kind of database migration method, apparatus and storage medium |
| CN110519285A (en) * | 2019-08-30 | 2019-11-29 | 浙江大搜车软件技术有限公司 | User authen method, device, computer equipment and storage medium |
| CN113050890A (en) * | 2021-03-26 | 2021-06-29 | 北京沃东天骏信息技术有限公司 | Data migration method and device |
Non-Patent Citations (1)
| Title |
|---|
| 云存储安全技术研究进展综述;肖亮 等;数据采集与处理(第03期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113468509A (en) | 2021-10-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106874389B (en) | Data migration method and device | |
| CN112838951B (en) | Operation and maintenance method, device and system of terminal equipment and storage medium | |
| US8745088B2 (en) | System and method of performing risk analysis using a portal | |
| CN101588390B (en) | Method for improving centralized authentication service system service viscosity and load equilibrium apparatus | |
| CN108632241B (en) | Unified login method and device for multiple application systems | |
| CN113468509B (en) | User authentication migration method, device, equipment and storage medium | |
| EA007778B1 (en) | Application generator | |
| CN110691089B (en) | Authentication method applied to cloud service, computer equipment and storage medium | |
| CN106656927A (en) | Method and device for enabling Linux account to be added to AD domain | |
| CN116980166A (en) | Internet-based data transmission management system | |
| CN116506136A (en) | Cross-domain login authentication method and device for government service | |
| CN106933888A (en) | Database configuration management system | |
| CN118474188A (en) | Tenant identification method for multiple systems | |
| CN113032263A (en) | Case test processing method and device, server and readable storage medium | |
| CN105681291A (en) | Method and system for realizing unified authentication of multiple clients | |
| CN113778709B (en) | Interface calling method, device, server and storage medium | |
| CN113704659B (en) | Equipment terminal access marking method and system | |
| WO2023051073A1 (en) | Database test method, distributed database, and storage medium | |
| CN111625581A (en) | System data processing method adopting button to start service | |
| CN116739397B (en) | Dynamic management method for new energy indexes | |
| CN114268472B (en) | User authentication method and system of application system based on block chain | |
| CN113094689B (en) | Configuration-based single sign-on method and system in government affair system | |
| CN118337491A (en) | Login method and device, electronic equipment and storage medium | |
| CN110287265B (en) | Login request processing method and device, server and readable storage medium | |
| CN109995698B (en) | Asset equipment authentication method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |