Changing from LDAP to AD?


So we currently use an internal linux LDAP setup for our users logging onto suite.

We have recently moved to a full Microsoft hybrid AD solution with IaaS AD Servers all linked to Azure AD.

I’m stuck as i’m not sure how to migrate our existing users and keep all their data if we change our system to stop using our current ldap and use AD the usernames for the users are totally different compared to their current usernames.

So if i just point it to AD, then when they login surely they will be treated as new users and loose everything they already have?

Hey booktrunk!

I’d like to preface this by saying that I have used LDAP/AD very little, so I’m not 100% sure if the following would work as expected

However, if you have database access, you could perhaps try amending the usernames of your users, to match a value that AD would typically submit?
(ie: the AD user’s username/email/etc)

Hopefully, then, AD would accept this as the matching user in the CRM, and log in as them.

Hopefully someone with some deeper LDAP/AD knowledge can weigh in
(and let us know whether this would work or not)

Hope you can find a solution for this!

@booktrunk ,
Here is what I would do as test.

1. Install a standalone test version of Suite CRM.
2. Import the users table from your system using LDAP.
3. Connect it to the AD server.
4. Login as a user.
5. Logout.
6. Now review what the two users table and compare the LDAP user and AD users.

What I would be looking for is to see if Suite CRM created a new record or used an existing record.
By looking in the file modules/Users/authentication/LDAPAutheneticate/LDAPAuthenticateUser.php, this part of the code is after the LDAP binding has been succesful.

$dbresult = DBManagerFactory::getInstance()->query("SELECT id, status FROM users WHERE user_name='" . $name . "' AND deleted = 0");

//user already exists use this one
if ($row = DBManagerFactory::getInstance()->fetchByAssoc($dbresult)) {
    if ($row['status'] != 'Inactive') {
        return $row['id'];
    return '';

It looks like all that is compared is the username.

That’s how I would test this. Hope this helped.