Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Managed Service Comapny Multiple User Directory (Clients) Sync with same usernames

William Dickinson
William Dickinson May 21, 2020

Thanks in advance,

Just deploying Jira Service Desk and have the LDAP sync working just fine for about 10 clients.  The issue is that several clients have simple and common usernames like john.  Per everything I have read the directories sync in order, so John from client A highest up on the sync list would be there, but John from Client Z does not sync.  

I further understand that there has to be unique usernames and that there can't be two Johns since they would be duplicate accounts.

My question is, could we track everything by MAIL, instead of sAMAccountName as is default?

The likleyhood of 2 users having the same full email address is not high in my experience.  That email could then be used to log in.

I have read some articles about changing the User Name Attribute as well as the group search under Schema, but I'm coming up empty when I try to do my syncs with the error

org.springframework.ldap.UncategorizedLdapException: Unable to find the username of the principal.  I would rather not have to create 1 off users for these duplicates.

 

Again, thanks for your time.

Answer
Watch
Like Be the first to like this
368 views

1 answer

0 votes
Audun Røe _Kantega SSO_
Audun Røe _Kantega SSO_ May 22, 2020

At a guess, UncategorizedLdapException is caused by one or more users not having the designated username attribute ('mail'). Try adding a presence filter ((mail=*)) to drop them, and see if that helps.

Alternatively, you could use 'userPrincipalName' instead of mail. It should be mandatory for all users, so no presence issues, and is more or less guaranteed to be unique across an entire AD forest AFAIK.

View More Comments
William Dickinson
William Dickinson May 22, 2020

Audun,

 

Thanks so much for taking the time.  That was my thought as well, but for the ad sync group in question I made sure they all had it.  I'll try the filter and the user Principal name as well.  I believe that would make everyone unique in jira, but we'd still need to make sure they could sign in with something unique as well, most likley email?  You help is much appreciated.  I'll give it a shot and report back.

 

Thanks again.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
TAGS
AUG Leaders

Atlassian Community Events

    See all events