I have an issue where we have been (forever) in the IT department migrating from one AD to another with different usernames inside them (one has human names, the other has... barcode numbers for lack of a better description). Both have been active for some time as some services are available to one AD and some to another with an end game, ostensibly, of migrating all services to the new AD with IDs rather than human login names.
My Confluence instance has been around since long before the new one came about so, of course, I have a mix now of new and old users from both ADs. What I need to do is change the login name from the old to the new while maintaining groups, content and attachment ownership, etc. This is further complicated that both of each person's credentials have been valid and active and, without thinking, some have logged in as the new user, done stuff, then logged out subsequently logging in as the old user. I myself had a small stub of this as, when testing the user directory function, I logged in with my new ID, found that it was good, logged out and continued working as my old identity.
Keying from the information found in https://answers.atlassian.com/questions/304189/how-to-merge-confluence-accounts(where it seemed to move from local auth to LDAP) I took a shot at converting myself. It seems to have worked but I would like to make sure there isn't anything else I need to do or have set myself up for a Bad Day sometime in the future.
Base assumption for the following: the updates are to migrate content, etc to the current regular use identity. If migration is toward new ID, job done. If toward old ID (to preserve rights, privileges ,etc) altered old ID to be new ID.
The steps I took were:
At this point.... it broke. I couldn't log in as EITHER user. When I logged in as local admin and queried my name, it found both accounts in the AD but said "no user with the specified email address exists"
I started trying to unravel the schema but could NOT find anywhere else in the DB that definitively tied the login ID (which I found in numerous places) with anything else. The only direct correlation I could find are the items I changed above. I got side tracked for a bit but just arbitrarily tried logging in with NEW login ID. It worked. All content, permissions, etc associated now with the new login ID.
I suspect when there was the LDAP sync from AD, it repopulated my new login ID and all is well. My old one still shows with the query but remains "not found" by Confluence. This is not a surprise as there is no row with that login name in the user_mapping table.
End result is ok. All seems to work and the old address doesn't work at ALL (which I'll want when start rolling one by one to users). Questions remaining for me are:
Today, I had to bounce Confluence (has not been restarted at all since well before posting this question until today). The last problem with the OLD "display name" showing and pointing to a now non-existent personal space solved itself with the restart. I suspect that the restart fixed what may be dynamic pointers or executed some triggers that I couldn't find during long and painful trolling in the DB.
From this, it LOOKS like my manual approach to conversion worked but my questions are still outstanding.
Hi my Community friends! For those who don't know me, I'm a product marketer on the Confluence Cloud team - nice to meet you! For those of you who do, you know that I've been all up in your Co...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs