our specific LDAP setup is managed by iRedMAil and iRedAdmin
users DNS look like dn: firstname.lastname@example.org,ou=Users,domainName=domain.com,o=domains,dc=domain,dc=com
groups are similarly also identified by mail adresses
is it possible to user just the username für synchronizing the users to jira and append `@domain.com` automatically?
and either way if that is possible or not, how can i transfer ISSUES and boards to different users?
the usernames would change like this
username -> email@example.com
preferable i would want to run a query that replaces all user references with the new users
on the other services like bitbucket there is not much data created so transfering users should be able to be done manually
I understand you want to change all the usernames in Jira from the format of just 'username' to 'firstname.lastname@example.org' and that your users in Jira are being managed in an LDAP directory that Jira is connected to.
This can be done if you are using a connected LDAP directory (a delegated LDAP directory in Jira does not handle this kind of user rename task). The trick to making sure this works is to make sure that your LDAP directory in Jira has the correct value for the "User Unique ID Attribute:" field for this user directory. For different LDAP types (AD/OpenLDAP/etc) this attribute can be different. However the purpose of that field is to generate a unique value that corresponds to the account itself. This way if the account is renamed in LDAP, when Jira syncs with the LDAP instance it can understand that this is the same account and in turn will rename the user account it has for that user. Whereas if Jira does not have the correct attribute set here, when the sync happens after a user rename, Jira would instead create a new user account. If the new user account is created, this is because Jira does not understand that a rename has happened, and instead it is just adding the user accounts found in the directory per the DN/user filters in place. These LDAP attributes in Jira are also better explained in Connecting to an LDAP directory.
I also tried to highlight the critically important attributes on the directory in Jira as it pertains to this scenario:
It's important to make sure that the user rename that happens in LDAP is working correctly in Jira first. I would suggest trying to rename a test account in LDAP first, and then syncing Jira just to make sure this change is taking place in the way you would expect it to, and not just creating a new user account. Once that is complete, there are two different approaches you can take to try to rename all these accounts in Jira from username to email@example.com formats:
That said, I would still recommend that you test out this kind of change on a staging server first. This kind of change has the potential to lock out all your users from Jira if this is not done correctly or you encounter any unexpected results. If you don't have a staging server to test this on first, then I would recommend trying these steps:
If this works, you should be all set. But if this doesn't work, then you should still be able to quickly revert these changes by re-ordering the old directory back to the higher order and syncing that once more.
I am facing similar problem but our LDAP setting is for 'delegated LDAP directory'. Which I understand, syncs with LDAP when user log into Jira.
We would like to change the username from '123456' to 'u123456'. Both these values map to LDAP Directory - 'employeenumber' and 'uid' respectively. 'uid' is also a unique id in LDAP.
We cannot touch LDAP, hence need to make this change in LDAP Directory form of Jira.
In Jira LDAP directory, the User Unique ID Attribute: entryUUID is wrong, hence it stores null in cwd_user table for column 'External_id'. It should be 'uid'. So I changed it to 'uid' and now can see the value in it as 'u123456' when user logs in with '123456'. Which is correct.
Now, I want to change the username from '123456' to 'u123456'.
For this User Name Attribute was changes from 'employeenumber' to 'uid' along with 2 other fields having 'employeenumber'.
User was asked to login with 'u123456' and he was successfully able to login. In database I could see app_user, cwd_use and cwd_membership table updated.
Now, I want to make this change for all users. Hence the obvious solution that appeared to me was to change in database the value of 'External_id' in table cwd_user from null to 'u123456' and restart Jira.
I did that and asked another user to login with 'u111111', but this time Jira considered him as a new user and started creating its profile.
Can you please help me what was wrong with my approach and how it can be corrected?
When you're using an Delegated LDAP directory in Jira, technically there is no syncing happening here. Only when the user first attempts to login will Jira make a call back to the LDAP instance, just to see if that username and password pass authentication or not. If it does, and this user exists in the user filter, the account can be added to Jira. However this is not a synchronization of the user account data at that time of first login, it's merely a one time lookup for when the account can be first created in Jira. There is no mechanism to sync user account changes in a delegated directory. This is explained in Synchronizing data from external directories.
Data caching and synchronization do not occur for the following user directory types:
- Internal Directory with LDAP Authentication.
- Internal Directory.
As such, there is no way that Jira can be expected to track username changes when the user account is coming from a delegated directory.
However if you were using a Connected LDAP directory, Jira does sync the users / groups here. So if that account was in Jira, and the unique user identifier value was set to some value that does not change, then Jira could track this account rename provided Jira has a sync before and after the username changes in LDAP.
With this information you should be able to still get Jira to rename the user accounts, but you are going to need to use a non-delegated LDAP directory in order to do so, AND you would need to have this done before the changes happened in LDAP.
I hope this helps.
Catch up with Atlassian Product Managers in our 2020 Demo Den round-up! From Advanced Roadmaps to Code in Jira to Next-Gen Workflows, check out the videos below to help up-level your work in the new ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events