I would like to know if it is safe to rename JIRA user's username when the user is being authenticated against an LDAP directory. I had submitted a support ticket to JIRA (https://support.atlassian.com/servicedesk/customer/portal/22/JSP-251123) and was advised that this was not possible and that I should vote for this 12 year old issue - https://jira.atlassian.com/browse/JRA-3132. Sensing that this probably would not be implemented any time soon, I took what I could find about the old ScriptRunner script and poured into the SQL database and Perl to rename users.
However now my testing reveals that renaming a user is possibly not a problem at all! See https://developer.atlassian.com/jiradev/latest-updates/developer-changes-for-older-jira-versions/preparing-for-jira-6-0/renamable-users-in-jira-6-0. Looking at the database I find that a table, app_user, seems to map any current username with a user_key and therefore seems to handle user renames.
So which is it? Is it safe to rename a user in JIRA? If a user in an LDAP User Directory changes their username, can the log in with their renamed username and will everything be linked up properly?
In JIRA 6.0, we added the ability to rename users in the internal directory. Support for renaming LDAP users was not added until later, but has also been around for quite some time now (since 6.1, I think).
The trouble with renaming an LDAP user is that the rename has to happen both in LDAP and in JIRA to achieve the desired result. For that to work, there has to be some other identifier that JIRA knows to associate with that user. Since you've been poking around in the database already, the column that would matter is
I'll confess that I've not dug too deeply into where that value comes from, but my understanding is that it is a UUID generated by the LDAP server or something to that effect and that as long as it does not change when you rename a user on the LDAP server, JIRA will recognize that you have done this and update its own user's name to match the change on the LDAP side.
As for the technical details.... The app_user table is indeed the mechanism that is used to provide a layer of indirection between the user's key (originally the lowercase of the username unless there is a collision that prevents this) and user's name. The values in the cwd_* tables are the user's name. The rename process updates the cwd_* tables and app_user while leaving all other tables as-is.
Atlassian Summit is an excellent opportunity for in-person support, training, and networking.Learn more
👋Community members! Downtime happens. And great incident response takes a village. Teams like Support, Dev, SRE, Ops, IT, and Marketing have to come together to resolve the problem while keep...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG