i hoe i can explain my issue correctly.
from rollout of our atlassian system environment we run Jira and Confluence.
The internal jira user directory was also used from confluence. In the past there was no way to connect to our two active directories. So we add each user manualy in the internal directory and user-groups. We are working with ~300 projekts~25000issues ~600 spaces ~95000 pages
in our internal directory we set the username eg. max.mustermann and group associations
thats was fine for us and the user.
Now we want to add crowd.
at first we add a directory and import all users&groups from the old Jira internal directory
then we add the active directories als delegated ldap directory.
in ldap1 we have user with the samaccountname "max.mustermann"
with this directory we get an mapping to our importet directory with the same usernames.
in ldap2 iss the samaccountname like "S111998237" - in this way we have no mathing with our importet directory.
is there a way to get a matching?
we have in our importet directory ~1900 user like "max.mustermann"
from ldap1 comes ~900 of the 1900 user with "max.mustermann"->matching OK
from ldap2 comes ~1000 of the 1900 user with "S111998237"->no matching
In LDAP2, is there any other user attribute than samAccountName (e.g. CN) whose value would be the expected one ("firstname.lastname" in your example)? In which case, you would just need to change the username attribute in the configuration of your directory connector in Crowd.
If not, you can use user aliases: https://confluence.atlassian.com/crowd/specifying-a-user-s-aliases-194805921.html
But that means that you will have to define such aliases for all your LDAP2 users for both Jira and Confluence. There is a REST API that will allow you to do it by script though: https://jira.atlassian.com/browse/CWD-1469
Hope this helps.
we provide a SAML Plugin for Jira & Confluence (and others).
We have quite a few customers similar to your setup, who are using our Plugins.
Generally they don't see the need to use Crowd in this specific setup at all. They just install our Plugin on Confluence and Jira - they then either synchronise the Users via AD directly into Confluence/Jira or they use the Just in Time Provisioning Feratures to create/update the User during login based on attributes sent via SAML.
Like Bruno describes, we also support attribute mapping, so that we can basically use any attribute in AD to represent the Username ... we also support transformation via Regex (for example dropping a Domain extension) if necessary.
If you like to give our plugin a testdrive or discuss your setup with more directly let me know.
Just for completeness - there are plugins from other Vendors in the marketplace too. All at different price & feature levels: https://marketplace.atlassian.com/search?query=saml
All the best from a grey & snowy Berlin.
For JSM June Challenge #2, share how your non-technical teams like HR, legal, marketing, finance, and beyond started using Jira Service Management! Tell us: Did they ask to start using it or...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events