CN113468509A

CN113468509A - User authentication migration method, device, equipment and storage medium

Info

Publication number: CN113468509A
Application number: CN202110756743.1A
Authority: CN
Inventors: 李媛; 郝文静; 张涛; 原帅; 吕灼恒; 王家尧
Original assignee: Dawning Information Industry Beijing Co Ltd
Current assignee: Dawning Information Industry Beijing Co Ltd
Priority date: 2021-07-05
Filing date: 2021-07-05
Publication date: 2021-10-01
Anticipated expiration: 2041-07-05
Also published as: CN113468509B

Abstract

The embodiment of the invention discloses a user authentication migration method, a device, equipment and a storage medium, wherein the method comprises the following steps: extracting a user authentication file from an original authentication system, and extracting user authentication data from the user authentication file to be used as target user authentication data; if the target authentication system does not have data which is repeated with the target user authentication data, importing the target user authentication data into the target authentication system; if the target authentication system has data which is repeated with the target user authentication data, deleting the repeated data, or writing the associated data of the repeated data in the target user authentication data into a preset file, so that the user authentication data migration error can be avoided, the batch migration of the user authentication data is realized, the user authentication data migration efficiency is improved, the identification data of the user authentication data is retained, and the seamless migration of the user authentication is realized.

Description

User authentication migration method, device, equipment and storage medium

Technical Field

The embodiment of the invention relates to the technical field of internet, in particular to a user authentication migration method, a user authentication migration device, user authentication equipment and a storage medium.

Background

With the continuous expansion of the scale of the internet, the network traffic volume is also continuously increased; a plurality of servers are connected to form a cluster, so that network services are shared, and the method has important significance for meeting growing service requirements.

Different user authentication modes are usually adopted by different clusters, and the user authentication modes adopted by the same cluster may also change in different time periods. When the authentication mode of a certain cluster is changed, user authentication data of an original authentication system needs to be migrated to a current authentication system (namely, a target authentication system) so as to ensure that a user can continuously access the current cluster by using an original account and a password; or when the two clusters need to synchronize the user authentication data, the first cluster adopts the original authentication system, the second cluster adopts the target authentication system, and the user authentication data needs to be migrated from the original authentication system to the target authentication system, so that the user can access the second cluster by using the original user information.

In the process of implementing the invention, the inventor finds that: the existing user authentication data migration mode is that user authentication data is generally exported from an original authentication system and added to the current authentication system one by one, so that the workload is large, the efficiency is low, the time cost is seriously wasted, meanwhile, identification data of the user authentication data cannot be reserved, and seamless migration of user authentication cannot be realized.

Disclosure of Invention

Embodiments of the present invention provide a migration method, an apparatus, a device, and a storage medium for user authentication, which can implement migration of user authentication data between different authentication systems, can avoid user authentication data migration errors, and can improve data migration efficiency.

In a first aspect, an embodiment of the present invention provides a user authentication migration method, including:

extracting a user authentication file from an original authentication system, and extracting user authentication data from the user authentication file to be used as target user authentication data;

if the target authentication system does not have data which is repeated with the target user authentication data, importing the target user authentication data into the target authentication system;

and if the target authentication system has data which is repeated with the target user authentication data, deleting the repeated data, or writing the associated data of the repeated data in the target user authentication data into a preset file.

Optionally, if data that is duplicated with the target user authentication data exists in the target authentication system, prompting to delete duplicated data includes:

if the target authentication system has user identification data which is duplicated with the target user identification data in the target user authentication data, prompting to delete the duplicated user identification data; the target user identification data comprises user identity identification information and/or user name information.

Optionally, if data that is duplicated with the target user authentication data exists in the target authentication system, writing associated data of the duplicated data in the target user authentication data into a preset file, including:

if user group identification data which is repeated with target user group identification data in the target user authentication data exists in the target authentication system, writing the repeated user group identification data in the target user authentication data and the corresponding user identification data into a preset file; wherein the target user group identification data comprises user group identification information and/or user group name information.

Optionally, the writing the repeated user group identification data and the corresponding user identification data in the target user authentication data into a preset file includes:

acquiring question code information corresponding to repeated user group identification data in the target user authentication data; wherein the problem code information includes a reason for repetition of user group identification data;

and writing the repeated user group identification data, the corresponding user identification data and the question code information in the target user authentication data into a preset file.

Optionally, if the file format of the user authentication file is a lightweight directory exchange format, the importing the target user authentication data into a target authentication system includes:

judging whether the domain name path of each piece of data in the target user authentication data in an original authentication system is consistent with a preset domain name path in the target authentication system;

if not, updating the domain name path of each piece of data in the target user authentication data by adopting a preset domain name path;

judging whether each piece of data in the target user authentication data exists in a target organization unit path of an original authentication system or not;

if not, the target organization unit path is established in the target authentication system;

and if an import instruction is received, storing each piece of data in the target user authentication data based on the preset domain name path and the target organization unit path.

Optionally, if the file format of the user authentication file is a plain text file format and/or a spreadsheet format, the importing the target user authentication data into a target authentication system includes:

and acquiring user identification data and corresponding user group identification data in the target user authentication data, and importing the user identification data into a target authentication system one by one and importing the user group identification data into the target authentication system one by one.

Optionally, if the file format of the user authentication file is a plain text file format and/or a spreadsheet format, the extracting user authentication data from the user authentication file as target user authentication data includes:

extracting user identity identification information, user name information, user group identification information, user group name information and storage path information from the user authentication file;

generating user authentication data according to the user identity identification information, the user name information, the user group identification information, the user group name information and the storage path information;

and if the user authentication data comprises repeated data, deleting the repeated data, and taking the user authentication data after deleting the repeated data as target user authentication data.

In a second aspect, an embodiment of the present invention provides a user authentication migration apparatus, including:

the data extraction module is used for extracting a user authentication file from an original authentication system and extracting user authentication data from the user authentication file as target user authentication data;

the data import module is used for importing the target user authentication data into the target authentication system if the data which is repeated with the target user authentication data does not exist in the target authentication system;

and the repeated data processing module is used for deleting the repeated data or writing the associated data of the repeated data in the target user authentication data into a preset file if the data which is repeated with the target user authentication data exists in the target authentication system.

In a third aspect, an embodiment of the present invention provides an electronic device, including:

one or more processors;

a storage device for storing one or more programs,

when executed by the one or more processors, cause the one or more processors to implement a migration method for user authentication as described in any embodiment of the invention.

In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a migration method for user authentication according to any embodiment of the present invention.

According to the technical scheme provided by the embodiment of the invention, when the repeated data in the target authentication system and the target user authentication data are the user identification data, the repeated user identification data can be deleted in the target authentication system or the target user authentication data, so that the target user authentication data introduction error caused by the repeated data is avoided, the batch migration of the user authentication data is realized, and the user authentication migration efficiency is improved; when the target authentication system and the target user authentication data are the user group identification data repeatedly, the repeated user group identification data in the target user authentication data are written into a preset file, so that user authentication migration errors can be avoided, meanwhile, packet information corresponding to the user identification data can be prevented from being lost, the integrity of the user authentication data is ensured, and seamless migration of user authentication is realized; when the user group identification data is written into the preset file, the problem code information corresponding to the user group identification data is written simultaneously, so that the user can know the repeated reasons corresponding to the data, and then a corresponding processing strategy is adopted, and the processing efficiency is improved; when the user authentication file is a lightweight directory exchange format file, checking a domain name path and an organization unit path of a target user authentication file, and finally storing target user authentication data according to a preset domain name path and a target organization unit path, so that batch import of the user authentication data in the lightweight directory exchange format user authentication file is realized, user authentication migration errors are avoided, and user authentication migration efficiency is further improved; when the user authentication file is a file in a plain text file format and/or a spreadsheet format, user identification data and corresponding user group identification data in target user authentication data are obtained, the user identification data are led into a target authentication system one by one, and the user group identification data are led into the target authentication system one by one, so that the integrity of a user identification data grouping structure is ensured, different user authentication file formats correspond to different types of original authentication systems, and user authentication migration among different authentication systems is realized; when the user authentication file is a file in a plain text file format and/or an electronic form format, extracting each identification data from the user authentication file, and further acquiring corresponding user identification data and user group identification data; repeated data is searched in advance to ensure the correctness of the target user authentication data, so that the efficiency of user authentication migration can be further improved; extracting a user authentication file from an original authentication system, and extracting user authentication data from the user authentication file to be used as target user authentication data; if the target authentication system does not have data which is repeated with the target user authentication data, importing the target user authentication data into the target authentication system; if the target authentication system has data which is repeated with the target user authentication data, deleting the repeated data, or writing the associated data of the repeated data in the target user authentication data into a preset file, so that the user authentication data migration error can be avoided, the batch migration of the user authentication data is realized, the user authentication data migration efficiency is improved, the identification data of the user authentication data is retained, and the seamless migration of the user authentication is realized.

Drawings

Fig. 1 is a flowchart of a migration method for user authentication according to an embodiment of the present invention;

fig. 2A is a flowchart of a migration method of user authentication according to an embodiment of the present invention;

fig. 2B is a flowchart illustrating a migration method of user authentication according to an embodiment of the present invention;

fig. 3A is a flowchart of a migration method of user authentication according to an embodiment of the present invention;

fig. 3B is a flowchart illustrating a migration method of user authentication according to an embodiment of the present invention;

fig. 4A is a flowchart of a migration method of user authentication according to an embodiment of the present invention;

fig. 4B is a flowchart illustrating a migration method of user authentication according to an embodiment of the present invention;

fig. 5 is a block diagram illustrating a configuration of a user authentication migration apparatus according to an embodiment of the present invention;

fig. 6 is a block diagram of an electronic device according to an embodiment of the present invention.

Detailed Description

The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.

Fig. 1 is a flowchart of a migration method of user authentication provided in an embodiment of the present invention, which is applicable to automatic migration of user authentication data among different user authentication systems, where different authentication systems may be configured in a cluster or may also be configured in corresponding clusters, respectively, and the method may be executed by a migration apparatus of user authentication in an embodiment of the present invention, where the apparatus may be implemented by software and/or hardware and integrated on an electronic device, and the electronic device may be a computer device or a server, as shown in fig. 1, where the method specifically includes the following steps:

s110, extracting a user authentication file in the original authentication system, and extracting user authentication data in the user authentication file to be used as target user authentication data.

The authentication system is a network system which performs centralized management on information such as an account number and a password of a user access host; through the authentication system, information such as an account number, a password and the like input by a user at a host login interface of a client can be verified so as to determine whether the user has authority information for accessing a corresponding host; correspondingly, the original authentication system is a historical authentication system adopted by the cluster or an authentication system corresponding to the user authentication data to be exported.

In the embodiment of the present invention, the original authentication system may include a Network Information Service (NIS) system and a Lightweight Directory Access Protocol (LDAP) system; in the network information system, a user logs in any NIS client and is subjected to login verification by the uniform NIS server, so that centralized management of user authentication information can be realized; in the LDAP system, the tree structure is used for storing and searching the user identity authentication information, so that the centralized management of a large amount of user identity authentication information can be realized. For example, when one cluster adopts an LDAP system, unified authentication of users can be realized, that is, a user can use the same account and password to access any server or host in the cluster, so that the complexity of the cluster authentication system can be reduced, and the management cost can be reduced.

In the embodiment of the present invention, optionally, the target user authentication data is data information that is locally stored in the authentication system and used for performing identity and authority authentication on the user. For different authentication systems, the data forms of the corresponding user authentication data are different, and the data form of the user authentication data is not particularly limited in the embodiment of the present invention. Specifically, after acquiring login information input by a user, the authentication system searches matching data in user authentication data according to the login information; if the matched user authentication data is found, the current user can be determined to pass the identity authentication; if the matched user authentication data is not found, determining that the current user does not have cluster access authority; through the user authentication data, the judgment of the user identity and the authority can be realized.

In the embodiment of the present invention, optionally, the user authentication file is a file for storing user authentication data in the original authentication system, and is composed of at least one piece of user authentication data; in this embodiment of the present invention, the File Format of the user authentication File may include a Lightweight Directory Interchange Format (LDIF), a plain text File Format (e.g., txt), and a spreadsheet Format (e.g., EXCEL). Different types of original authentication systems may correspond to different user authentication file formats, for example, when the original authentication system is an NIS, the corresponding user authentication file format may be a plain text file format or a spreadsheet format; when the original authentication system is an LDAP system, the corresponding user authentication file format may be a lightweight directory exchange format.

Specifically, a user authentication file is extracted from an original authentication system, and corresponding user authentication data is obtained according to the user authentication file; it should be noted that different types of original authentication systems correspond to user authentication files in different file formats; and the user authentication files with different file formats are correspondingly matched with the user authentication data extraction method. Therefore, after the user authentication file is obtained, the file format of the current user authentication file needs to be judged, and then the corresponding user authentication data extraction method is adopted to obtain the corresponding user authentication data, so that the extraction of the user authentication data corresponding to different types of original authentication systems can be realized, the applicability of the technical scheme of the application is ensured, and the obtaining efficiency of the user authentication data is improved.

The user authentication data may specifically include user identification data and user group identification data; taking a company employee management system as an example, the user identification data corresponds to company employee authentication information, and the user group identification data corresponds to department information to which employees belong, or corresponds to different work grouping information; one user identification data may correspond to one or more user group identification data, one user group identification data comprising at least one user identification data. The user identification data can comprise user identity identification information, user name information, user group name information and corresponding storage path information; the user group identification data may comprise user group identification information, user group name information, included user identity information and corresponding storage path information.

And S120, if the target authentication system does not have data which is overlapped with the target user authentication data, importing the target user authentication data into the target authentication system.

In the embodiment of the present invention, optionally, the target authentication system may be an authentication system currently adopted by the cluster, or an authentication system to which user authentication data is to be imported; the target authentication system may comprise an LDAP system. The target authentication system and the original authentication system may be the same type of authentication system, for example, both the target authentication system and the original authentication system are LDAP systems; it can also correspond to different types of authentication systems, for example, the original authentication system is the NIS system and the target authentication system is the LDAP system.

When the target user authentication data is imported into the database of the target authentication system, if data overlapping with the stored data in the target authentication system exists in the target user authentication data, a data import error may occur, which may cause data import stop; therefore, after the target user authentication data in the original authentication system is acquired, it is necessary to determine whether or not data overlapping with the target user authentication data exists in the target authentication system.

In the embodiment of the present invention, after it is determined that there is no data overlapping with the target user authentication data in the target authentication system, since the user authentication file corresponds to a different file format, the target user authentication data needs to be imported into the target authentication system by using a matching data import method according to the file format of the user authentication file. When the original authentication system and the target authentication system are of the same type, for example, both the original authentication system and the target authentication system are LDAP systems, and the user authentication file is in a lightweight directory exchange format; the batch import of the target user authentication data can be performed by adopting a data import command, for example, the import command is an ldapagd command, and the batch import of the data in the LDIF file can be realized by setting a file path of the data to be imported and an import execution rule; in the ldapadd command, it is possible to continue the import when an import error occurs by setting the-c parameter, and if the-c parameter is not set, stop the data import when an import error is encountered.

Optionally, when the original authentication system and the target authentication system are of different system types, for example, the original authentication system is an NIS system, the target authentication system is an LDAP system, and the user authentication file is in a plain text file format or a spreadsheet format; because the batch import command of the LDAP system is only suitable for the LDIF format file, the current target user authentication data needs to be imported into the target authentication system in a one-by-one import mode; by the method, seamless migration of the user authentication data between the original authentication system and the target authentication system can be realized, and the method can be suitable for different types of original authentication systems and target authentication systems.

It should be noted that, in the process of extracting and importing the target user authentication data, no modification operation is performed on the identification data in the target user authentication data, so that seamless migration of the user authentication data among different authentication systems can be ensured, and the user can still use the original identity information to pass the identity authentication of different authentication systems under the condition that the authentication systems are changed.

S130, if data which are repeated with the target user authentication data exist in the target authentication system, deleting the repeated data, or writing associated data of the repeated data in the target user authentication data into a preset file.

In the embodiment of the invention, if the stored data which is repeated with the target user authentication data is found in the target authentication system, the target user authentication data or the repeated data in the target authentication system can be deleted, so that the influence of the repeated data on the import of the user authentication data can be eliminated; the repeated data in the target user authentication data may also be written into a preset file, or the repeated data and corresponding associated data may be written into a preset file, for example, the file name of the preset file is export _ user _ error _ HHMMSS, and the storage path may be/opt/user; the user subsequently judges whether to delete or modify the repeated data, so that the mistaken deletion of the important user authentication data can be avoided, and the safety can be improved.

It should be noted that, when the repeated data is the user identification data and the corresponding associated data is the user identification data itself, the repeated user authentication data in the target user authentication data is written into the preset file; when the repeated data is user group identification data, the corresponding associated data may be user identification data included in the user group. By deleting repeated data or writing the repeated data into the corresponding preset file, data import errors caused by the repeated data can be avoided, the repeated data can be written into the preset file, and a user judges whether the repeated data is deleted or not, so that the high-efficiency import of batch user authentication data can be ensured.

In this embodiment of the present invention, optionally, if data that is duplicated with the target user authentication data exists in the target authentication system, prompting to delete duplicated data may include: if the target authentication system has user identification data which is duplicated with the target user identification data in the target user authentication data, prompting to delete the duplicated user identification data; the target user identification data comprises user identity identification information and/or user name information.

It should be noted that, the target user identification data includes user id Number (uidnetwork) and user name information (user id, uid), and uidnetwork is a character representation of uid, and as long as there is an item of information identical to the user identification data in the target authentication system, it can be determined that the current target user authentication data is repeated data; for example, the user name information and the user identification information of the target user identification data are user01/1000, the target authentication system comprises user identification data user01/1001, and if the current user name information is repeated, it can be determined that the two data are repeated; for another example, the user name information and the user identification information of the target user identification data are user01/1000, the target authentication system includes user identification data user02/1000, and if the current user identification information is repeated, it is determined that the two data are repeated; for another example, the user name information and the user identification information of the target user identification data are user01/1000, the target authentication system includes user identification data user01/1000, and the current user identification information and the user name information are both repeated, so that it is determined that the two data are repeated.

In the embodiment of the invention, after the user identification data are determined to be repeated, prompt information of the user identification data repetition can be sent to the user, and the user is prompted to delete the current repeated user identification data, so that data import errors caused by the repeated user identification data can be avoided; meanwhile, the repeated user identification data is deleted, so that any influence on other target user authentication data is avoided, and the high-efficiency import of the target user authentication data can be ensured.

In this embodiment of the present invention, optionally, if there is data that is duplicated with the target user authentication data in the target authentication system, writing associated data of the duplicated data in the target user authentication data into a preset file, where the data may include: if user group identification data which is repeated with target user group identification data in the target user authentication data exists in the target authentication system, writing the repeated user group identification data in the target user authentication data and the corresponding user identification data into a preset file; wherein the target user group identification data comprises user group identification information and/or user group name information.

It should be noted that, when the repeated data is the target user group identification data, since the user group identification data includes corresponding user identification data, if the repeated target user group identification data is directly deleted, the included user identification data will lose the corresponding user group information, which causes a user authentication data import error. For example, the user group name information (group id, gid) and the user group identification information (group id Number, gidenumber) of the target user group identification data are group01/2000, respectively, the target authentication system includes user group identification data group01/2001, the user group name information is repeated, if the target user group identification data is deleted, when the user group identification information corresponding to the user authentication data is 2000, the corresponding user group cannot be found, and further a system error is caused; if group01/2001 is deleted, the user authentication data corresponding to the user group identification information 2001 will generate an error; therefore, duplicate user group identification data cannot be deleted directly. Similarly, when the user group identification information is repeated and both the user group name information and the user group identification information are repeated, the corresponding user group identification data cannot be deleted.

Therefore, when the target user group identification data is determined to be repeated, the repeated user group identification data in the target user authentication data needs to be written into a preset file, or the repeated user group identification data and the user identification data contained in the repeated user group identification data need to be written into the preset file; and subsequently, the user judges whether to delete or modify the repeated user identification data or not, so that the loss of the user authentication data can be avoided, and the integrity of the user authentication data is ensured.

In this embodiment of the present invention, optionally, the writing the repeated user group identification data in the target user authentication data and the corresponding user identification data into a preset file may include: acquiring question code information corresponding to repeated user group identification data in the target user authentication data; wherein the problem code information includes a reason for repetition of user group identification data; and writing the repeated user group identification data, the corresponding user identification data and the question code information in the target user authentication data into a preset file.

It should be noted that, when repeatedly judging the user group identification data, as long as there is a duplication of information, it may be determined that the user group identification data of the target user authentication data and the user group identification data in the target authentication system are duplicated, and the duplicated user group identification data is written into a preset file; therefore, the user group identification data in the preset file has three conditions, namely that only the user group identification information is repeated, only the user group name information is repeated, and both the user group identification information and the user group name information are repeated.

In order to distinguish the three cases, the problem code information is used to indicate the reason of the repetition of the user group identification data, for example, group name _ duplicate indicates that the user group name information is repeated, group _ duplicate indicates that the user group identification information is repeated, and group name _ group _ duplicate indicates that the user group name information and the user group identification information are both repeated; by acquiring the problem code information corresponding to each repeated user group identification data, the user identification data contained in the repeated user group identification data and the corresponding problem code information are written into a preset file, so that the user can make sure the reason why the current repeated user group identification data are repeated, and then adopt a corresponding processing strategy.

In the embodiment of the invention, repeated user group identification data processing strategies can be preset; after the repeated user group identification data is added to the preset file, a matched processing strategy can be obtained according to the problem code information corresponding to the repeated user group identification data, for example, when the user group identification data is only the user group identification information repeated, user group identification information modification confirmation information is sent to a management user corresponding to the user group identification data, the user group identification information is modified after a confirmation reply of the user is received, and the corresponding user identification data is modified in a matched manner; the repeated user group identification data is processed through a preset processing strategy, and then the modified user group identification data is imported into the target authentication system again, so that the loss of the corresponding groups of the user can be avoided, and the integrity of the user authentication data is further ensured.

According to the technical scheme provided by the embodiment of the invention, the user authentication file is extracted from the original authentication system, and the user authentication data is extracted from the user authentication file and is used as the target user authentication data; if the target authentication system does not have data which is repeated with the target user authentication data, importing the target user authentication data into the target authentication system; if the target authentication system has data which is repeated with the target user authentication data, deleting the repeated data, or writing the associated data of the repeated data in the target user authentication data into a preset file, so that the user authentication data migration error can be avoided, the batch migration of the user authentication data is realized, the user authentication data migration efficiency is improved, the identification data of the user authentication data is retained, and the seamless migration of the user authentication is realized.

Fig. 2A is a flowchart of a migration method of user authentication provided in an embodiment of the present invention, which is embodied on the basis of the above embodiment, in this embodiment, an original authentication system and a target authentication system correspond to the same type of authentication system, and when a user authentication file is in a lightweight directory exchange format, a storage path of target user authentication data is detected, and then the target user authentication data is stored according to a preset domain name path and an organization unit path, as shown in fig. 2A, the method specifically includes:

s210, extracting a user authentication file in a lightweight directory exchange format from the original authentication system, extracting user authentication data from the user authentication file as target user authentication data, and executing S220.

In the embodiment of the invention, if the file format of the user authentication file is the lightweight directory exchange format, the data form of the stored user authentication data is consistent with the data form of the target authentication system, so that the user authentication data can be directly acquired in the user authentication file by adopting a mode of extracting item by item.

It should be noted that, when the file format of the user authentication file is the lightweight directory exchange format, after the user authentication data is obtained, the integrity and validity of the data itself may be checked in advance, for example, whether user group identification data corresponding to the user identification data exists is checked, and if it is determined that the corresponding user group identification data does not exist, the corresponding user group identification data needs to be created; for another example, whether duplicate data exists in the user authentication data is checked, and if it is determined that duplicate data exists, the duplicate data may be deleted. By checking the completeness and the validity of the user authentication data in advance, the correctness of the acquired target user authentication data can be ensured, and the efficiency of importing the target user authentication data can be improved.

S220, judging whether data which is overlapped with the target user authentication data exists in the target authentication system or not.

If yes, go to S280; otherwise, S230 is performed. Specifically, the target user authentication data may include a user identification data (UserVo) list and a user group identification data (groupwo) list; querying a stored user identification data list and a user group identification list at a target authentication system server (Gridview), and judging whether repeated user name information (uid) and user identity identification information (uidNumer) exist in the target user authentication data and the target authentication system, or whether repeated user group name information (gid) and user group identification information (gidNumber) exist in the target user authentication data and the target authentication system, so as to determine whether repeated data exist in the target user authentication data and the target authentication system.

And S230, judging whether the domain name path of each piece of data in the target user authentication data in the original authentication system is consistent with a preset domain name path in the target authentication system.

If yes, executing S250; otherwise, S240 is performed. It should be noted that, when the file format of the user authentication file is the lightweight directory exchange format, the type of the original authentication system is the LDAP system, and meanwhile, the target authentication system is also the LDAP system; in the LDAP system, data is stored in a tree form, and a storage location of user authentication data in the authentication system needs to be determined through a Domain Component (DC) path and an Organization Unit (OU) path; DC is a root directory path of a tree structure, and OU is a subdirectory path of the tree structure, for example, OU ═ a, DC ═ B, and DC ═ com of data indicate that the data is in an a organization unit of a.com domain.

In the embodiment of the present invention, when importing target user authentication data, storage needs to be performed according to a storage path corresponding to each target user authentication data, and if the storage path is wrong or does not exist, the target user authentication data cannot be imported. Therefore, after determining that no repeated data exists in the target user authentication data, whether the domain name path of each piece of data in the target user authentication data is consistent with the current preset domain name path of the target authentication system or not is judged to determine whether the domain name path of the target user authentication data is correct or not, and the failure of importing the target user authentication data can be avoided.

And S240, updating the domain name path of each piece of data in the target user authentication data by adopting a preset domain name path, and executing S250.

Specifically, if it is determined that the domain name path of the user authentication data in the target user authentication data is not consistent with the preset domain name path of the target authentication system, the preset domain name path needs to be used to replace and update the domain name path of the current user authentication data, so as to ensure that each target user authentication data can be stored in the corresponding preset domain name path.

S250, judging whether each piece of data in the target user authentication data exists in the target authentication system in the target organization unit path of the original authentication system.

If yes, executing S270; otherwise, S260 is performed. Specifically, after confirming that the domain name path of the target user authentication data is correct, further judging whether a target organization unit path of the target user authentication data exists in a target authentication system; if the target organization unit path of the target user authentication data exists in the target authentication system, the current target user authentication data can be directly imported and stored according to a preset domain name path and a target organization unit path; if the target authentication system does not have the target organization unit path of the target authentication data, the corresponding target organization unit path is required to be newly established in the target authentication system, and then the target user authentication data is stored according to the preset domain name path and the target organization unit path, so that the target user authentication data can be stored according to the matched storage path, the data import error caused by the storage path error is avoided, and the data import efficiency is further improved.

S260, creating the target organization unit path in the target authentication system, and executing S270.

And S270, if an import instruction is received, storing each piece of data in the target user authentication data based on the preset domain name path and the target organization unit path, and executing S290.

It should be noted that the original authentication system corresponds to different system types, and the target authentication system includes an LDAP system, the data storage form of which is a tree form; the data forms of the user authentication data extracted from different original authentication systems are different, and the user authentication data in different forms can be imported into the target authentication system only by adopting a matched data import mode. When the file format of the user authentication file is a lightweight directory exchange format, the user authentication data can be stored as an intermediate temporary file, and the file path is/tmp/; because the storage path form of the user authentication data is consistent with that of the target authentication system, the user authentication data in the intermediate temporary file can be imported in batch by adopting an import command, and the authentication migration efficiency is improved.

And S280, deleting the repeated data, or writing the associated data of the repeated data in the target user authentication data into a preset file, and executing S290.

And S290, ending.

In order to more clearly introduce the technical solution of the embodiment of the present invention, as shown in fig. 2B, the technical solution provided by the embodiment of the present invention may include: firstly, checking whether an LDAP authentication source is configured in a target authentication system, if the LDAP authentication source is not configured, returning error information, and ending an authentication migration flow; if the LDAP authentication source is determined to be configured, acquiring a user authentication file in an LDIF format in the original authentication system, and analyzing the user authentication file to acquire target user identification data and target user group identification data; secondly, acquiring user identification data and user group identification data in the target authentication system from a server of the target authentication system, and further judging whether data which are repeated with the user identification data or the user group identification data exist in the target user identification data and the target user group identification data; finally, if the fact that repeated data do not exist is determined, storing the target user identification data and the target user group identification data as an intermediate temporary file with a file path of/tmp/, and detecting whether the domain name path and the organization unit path of each data are consistent with the domain name path and the organization unit path configured in the target authentication system or not; if the inconsistency is determined, replacing the domain name path and the organization unit path of each data in the intermediate temporary file with the configuration in the target authentication system, and adopting an ldaadd command to carry out batch import on the data in the intermediate temporary file; and if the repeated data exists, returning error information, deleting the repeated user authentication data in the LDIF file or the target authentication system, and ending the authentication migration process.

According to the technical scheme provided by the embodiment of the invention, when the file format of the user authentication file is the lightweight directory exchange format, the domain name path and the organization unit path of the target user authentication data are checked to obtain the correct storage path, and then the target user authentication data are stored according to the updated storage path, so that the data migration of the user authentication data among authentication systems of the same type is realized, the user authentication data migration error caused by the storage path error is avoided, the batch migration of the user authentication data is realized, and the user authentication data migration efficiency is improved.

Fig. 3A is a flowchart of a migration method of user authentication provided in an embodiment of the present invention, which is embodied on the basis of the above embodiment, in this embodiment, an original authentication system and a target authentication system are authentication systems of different types, and when a user authentication file is in a plain text file format, user authentication data is extracted from the user authentication file, and the user authentication data is imported into the target authentication system by using a matching import manner, as shown in fig. 3A, the method specifically includes:

s310, extracting the user authentication file in the plain text file format from the original authentication system, and executing S320.

S320, judging whether the user authentication files comprise/etc/password files and/etc/group files.

If yes, executing S330; otherwise, S370 is performed. In the embodiment of the present invention, optionally, when the user authentication file is in a plain text file format, after determining that the/etc/password and/etc/group file containing the user identification data and the user group identification data is simultaneously obtained according to the content of the user authentication file, obtaining the identification data is performed; wherein,/etc/password is used for storing user identification data, and/etc/group is used for storing user group identification data. Otherwise, returning error information and ending the process. By acquiring the identification data, the corresponding user identification data and user group identification data can be acquired, and the acquisition of user authentication data is realized.

S330, acquiring user authentication data as target user authentication data according to the/etc/password and/etc/group files, and executing S340.

In this embodiment of the present invention, optionally, if the file format of the user authentication file is a plain text file format and/or a spreadsheet format, extracting the user authentication data from the user authentication file as the target user authentication data may include: extracting user identity identification information, user name information, user group identification information, user group name information and storage path information from the user authentication file; generating user authentication data according to the user identity identification information, the user name information, the user group identification information, the user group name information and the storage path information; and if the user authentication data comprises repeated data, deleting the repeated data, and taking the user authentication data after deleting the repeated data as target user authentication data.

In the embodiment of the present invention, after the user authentication data is obtained, the repeated data may be screened in advance in the user authentication data to delete the repeated user authentication data, and the user authentication data from which the repeated data is deleted is used as the target user authentication data, or according to a preset user authentication data format, format check may be performed on data in the user authentication data, and the user authentication data that does not conform to the preset user authentication data format may be deleted to obtain the corresponding target user authentication data. By performing format or repeatability check on the acquired user authentication data in advance, more accurate acquisition of the target user authentication data is realized.

In the embodiment of the invention, when the file format of the user authentication file is a plain text file format or an electronic form format, the identification data of the user authentication data exists in a field form; therefore, each identification data can be extracted from the user authentication file by adopting a preset data item searching mode, and then corresponding user authentication data is generated; for example, a user name is searched in a user authentication file to obtain user name information; after the identification data are obtained, the identification data are stored according to the obtaining sequence, and the identification data with the same obtaining sequence are combined to obtain the user authentication data, so that the user authentication data in the user authentication files with different file formats can be obtained.

S340, judging whether data which is overlapped with the target user authentication data exists in the target authentication system or not.

If yes, executing S360; otherwise, S350 is performed.

S350, acquiring user identification data and corresponding user group identification data in the target user authentication data, importing the user identification data into a target authentication system one by one and importing the user group identification data into the target authentication system one by one, and executing S370.

In the real-time embodiment of the present invention, when the user group identification data is imported, the member user identification data (memberUid) included in the user group identification data can be acquired, and the user group identification data and the included user identification data are stored to the target authentication system group by group based on the same storage path, so that the efficiency of data import can be further improved.

When the file format of the user authentication file is a plain text file format or a spreadsheet format, the user authentication data does not have a target storage path consistent with the storage path form of the target authentication system, and the data form of the user authentication data is inconsistent, so that the target user authentication data cannot be directly imported in batch by adopting an import command; therefore, after the user identification data and the corresponding user group identification data are obtained from the target user authentication data, the user identification data are converted into a data storage form of the target authentication system, a storage path of the user identification data in the target authentication system is determined, and the user identification data are stored to the target authentication system according to the determined storage path; acquiring all user identification data included in the user group identification data, and storing the user identification data belonging to the same user group identification data by adopting the same storage path; the import of the target user authentication data in the user authentication files with different file formats is realized.

And S360, deleting the repeated data, or writing the associated data of the repeated data in the target user authentication data into a preset file, and executing S370.

When deleting the repeated data, the repeated data in/etc/password and/etc/group can be deleted, and the repeated data in the target authentication system can also be deleted in the Gridview of the server side of the target authentication system; if the repeated data in the target authentication system is deleted, the repeated data in the target user authentication data is imported into the target authentication system so as to ensure the identity authentication of the current user.

And S370, ending.

In order to more clearly introduce the technical solution of the embodiment of the present invention, as shown in fig. 3B, the technical solution provided by the embodiment of the present invention may include: after determining that the target authentication system is configured with the LDAP authentication source, judging whether a user authentication file comprises an/etc/password and an/etc/group file; if the user authentication file is determined to comprise the file, reading/etc/password and/etc/group files to obtain a target user identification data UserVo list and a target user group identification data GroupVo list; acquiring user identification data and user group identification data in the target authentication system from a server Gridview of the target authentication system, and further judging whether data which are repeated with the user identification data or the user group identification data exist in the target user identification data and the target user group identification data; if the fact that repeated data do not exist is determined, the target user identification data are added to the target authentication system one by one, and the target user group identification data are added to the target authentication system one by one; when the identification data of the target user group is added, the identification data of the included member users needs to be set; and if the repeated data is determined to exist, returning error information, deleting the repeated data, and ending the authentication migration process.

According to the technical scheme, when the file format of the user authentication file acquired in the original authentication system is the pure text file format, after the fact that the user authentication file simultaneously comprises/etc/password and/etc/group files is determined, corresponding target user authentication data are acquired according to the user authentication file, and after the fact that the target authentication data and the target authentication system do not have repeated data, the target authentication data are led into the target authentication system, the fact that the user authentication data in the user authentication file in the pure text file format are led in is achieved, the influence of the file format of the user authentication file on user authentication migration is avoided, the user authentication migration among different types of authentication systems is achieved, and the user authentication migration efficiency is improved.

Fig. 4A is a flowchart of a migration method of user authentication provided in an embodiment of the present invention, which is embodied on the basis of the above embodiment, in the embodiment, an original authentication system and a target authentication system are authentication systems of different types, and when a user authentication file is in a spreadsheet format, the spreadsheet format file is read to obtain user authentication data, and the user authentication data is imported into the target authentication system, as shown in fig. 4A, the method specifically includes:

s410, the user authentication file in the spreadsheet format is extracted from the original authentication system, and S420 is executed.

S420, acquiring user authentication data according to the user authentication file in the spreadsheet format, taking the user authentication data as target user authentication data, and executing S430.

Specifically, when the user authentication file is in a spreadsheet format, matching data is searched in the spreadsheet file according to a preset column name, for example, the preset column name is a user name and a user identifier; further acquiring user authentication data according to the searched matching data; the query results with the same query sequence can be considered to belong to the same user to obtain each identification data of the user, and then the user authentication data corresponding to each user is obtained through combination, so that the user authentication data in the user authentication file in the electronic form format can be obtained.

S430, judging whether the target authentication system has data which is overlapped with the target user authentication data.

If yes, executing S450; otherwise, S440 is performed.

S440, acquiring user identification data and corresponding user group identification data in the target user authentication data, importing the user identification data into a target authentication system one by one and importing the user group identification data into the target authentication system one by one, and executing S460.

It should be noted that, when the user authentication file is in the electronic form format, the importing manner of the user identification data and the user group identification data is consistent with the importing manner of the target user authentication data in the user authentication file in the plain text file format, and details are not repeated here.

S450, deleting repeated data, or writing associated data of the repeated data in the target user authentication data into a preset file, and executing S460.

And S460, ending.

In order to more clearly introduce the technical solution of the embodiment of the present invention, as shown in fig. 4B, the technical solution provided by the embodiment of the present invention may include: after determining that the target authentication system configures an LDAP authentication source, reading a user authentication file in a spreadsheet format to obtain a target user identification data UserVo list and a target user group identification data GroupVo list; acquiring user identification data and user group identification data in the target authentication system from a server Gridview of the target authentication system, and further judging whether data which are repeated with the user identification data or the user group identification data exist in the target user identification data and the target user group identification data; if the fact that repeated data do not exist is determined, the target user identification data are added to the target authentication system one by one, and the target user group identification data are added to the target authentication system one by one; when the identification data of the target user group is added, the identification data of the included member users needs to be set; and if the repeated data is determined to exist, returning error information, deleting the repeated data in the user authentication file or the target authentication system, and ending the authentication migration process.

According to the technical scheme in the embodiment of the invention, when the user authentication file extracted from the original authentication system is in a spreadsheet format, target user authentication data is extracted from the user authentication file; and after determining that no data which is repeated with the target user authentication data exists in the target authentication system, the user identification data in the target user authentication data is led into the target authentication system one by one, and the user group identification data is led into the target authentication system one by one, so that the extraction and the leading-in of the user authentication data in the user authentication file in the spreadsheet format are realized, the migration of the user authentication data among different authentication systems is further realized, the influence of the file format of the user authentication file on the user authentication migration is avoided, and the user authentication migration efficiency is improved.

Fig. 5 is a block diagram of a structure of a user authentication migration apparatus according to an embodiment of the present invention, where the apparatus specifically includes: a data extraction module 510, a data import module 520 and a duplicate data processing module 530;

a data extraction module 510, configured to extract a user authentication file in an original authentication system, and extract user authentication data in the user authentication file as target user authentication data;

a data importing module 520, configured to import the target user authentication data into the target authentication system if there is no data that is duplicated with the target user authentication data in the target authentication system;

a repeated data processing module 530, configured to delete repeated data or write associated data of the repeated data in the target user authentication data into a preset file if data that is repeated with the target user authentication data exists in the target authentication system.

Optionally, on the basis of the foregoing technical solution, the data repetition processing module 530 includes:

a first duplicate data processing unit, configured to prompt to delete duplicate user identification data if user identification data that is duplicate with target user identification data in the target user authentication data exists in the target authentication system; the target user identification data comprises user identity identification information and/or user name information.

the second repeated data processing unit is used for writing repeated user group identification data in the target user authentication data and corresponding user identification data into a preset file if the user group identification data which is repeated with the target user group identification data in the target user authentication data exists in the target authentication system; wherein the target user group identification data comprises user group identification information and/or user group name information.

Optionally, on the basis of the above technical solution, the second repeated data processing unit is specifically configured to acquire question code information corresponding to repeated user group identification data in the target user authentication data; wherein the problem code information includes a reason for repetition of user group identification data; and writing the repeated user group identification data, the corresponding user identification data and the question code information in the target user authentication data into a preset file.

Optionally, on the basis of the above technical solution, if the file format of the user authentication file is a lightweight directory exchange format, the data importing module 520 includes:

a domain name path determining unit, configured to determine whether a domain name path of each piece of data in the target user authentication data in an original authentication system is consistent with a preset domain name path in the target authentication system;

a domain name path updating unit, configured to update a domain name path of each piece of data in the target user authentication data by using a preset domain name path if the target user authentication data is not the target user authentication data;

the organization unit path judging unit is used for judging whether each piece of data in the target user authentication data exists in a target organization unit path of an original authentication system or not;

an organization unit path creating unit, configured to create the target organization unit path in the target authentication system if the organization unit path is not created;

and the data storage unit is used for storing each piece of data in the target user authentication data based on the preset domain name path and the target organization unit path if an import instruction is received.

Optionally, on the basis of the above technical solution, the data importing module 520 is specifically configured to, if the file format of the user authentication file is a plain text file format and/or a spreadsheet format, obtain user identification data and corresponding user group identification data in the target user authentication data, import the user identification data into the target authentication system one by one, and import the user group identification data into the target authentication system one by one.

Optionally, on the basis of the foregoing technical solution, the data extraction module 510 includes:

the information extraction unit is used for extracting user identity identification information, user name information, user group identification information, user group name information and storage path information from the user authentication file if the file format of the user authentication file is a plain text file format and/or a spreadsheet format;

the data generating unit is used for generating user authentication data according to the user identity identification information, the user name information, the user group identification information, the user group name information and the storage path information;

and the data deleting unit is used for deleting the repeated data if the user authentication data comprises the repeated data, and taking the user authentication data after the repeated data is deleted as target user authentication data.

The device can execute the user authentication migration method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method. For technical details not described in detail in this embodiment, reference may be made to the method provided in any embodiment of the present invention.

Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 6, the electronic device includes:

one or more processors 610, one processor 610 being exemplified in fig. 6;

a memory 620;

the apparatus may further include: an input device 630 and an output device 640.

The processor 610, the memory 620, the input device 630 and the output device 640 of the apparatus may be connected by a bus or other means, and fig. 6 illustrates the example of connection by a bus.

The memory 620, which is a non-transitory computer-readable storage medium, may be used to store software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to a user-authenticated migration method in an embodiment of the present invention (e.g., the data extraction module 510, the data import module 520, and the data duplication processing module 530 shown in fig. 5). The processor 610 executes various functional applications and data processing of the computer device by running software programs, instructions and modules stored in the memory 620, namely, implementing a migration method of user authentication of the above method embodiments, namely:

The memory 620 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of the computer device, and the like. Further, the memory 620 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, memory 620 optionally includes memory located remotely from processor 610, which may be connected to the terminal device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.

The input means 630 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the computer apparatus. The output device 640 may include a display screen or the like.

An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a user authentication migration method according to any embodiment of the present invention; the method comprises the following steps:

Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.

A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.

Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).

It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims

1. A migration method of user authentication is characterized by comprising the following steps:

2. The method of claim 1, wherein prompting for duplicate data deletion if data is present in the target authentication system that is duplicate with the target user authentication data comprises:

3. The method according to claim 1, wherein if data duplicated with the target user authentication data exists in the target authentication system, writing associated data of the duplicated data in the target user authentication data into a preset file includes:

4. The method according to claim 3, wherein writing the repeated user group identification data and the corresponding user identification data in the target user authentication data into a preset file comprises:

5. The method according to claim 1, wherein if the file format of the user authentication file is a lightweight directory exchange format, the importing the target user authentication data into a target authentication system comprises:

6. The method of claim 1, wherein if the file format of the user authentication file is a plain text file format and/or a spreadsheet format, the importing the target user authentication data into a target authentication system comprises:

7. The method according to claim 1, wherein if the file format of the user authentication file is a plain text file format and/or a spreadsheet format, the extracting user authentication data in the user authentication file as the target user authentication data comprises:

8. A user-authenticated migration apparatus, comprising:

9. An electronic device, comprising:

one or more processors;

a storage device for storing one or more programs,

when executed by the one or more processors, cause the one or more processors to implement the migration method for user authentication of any of claims 1-7.

10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out a method of migrating a user authentication according to any one of claims 1 to 7.