Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Is it possible to Sync users with the same ID from different LDAP Directories

Jeff Santos
Jeff Santos
Contributor
July 1, 2019

I have 3 LDAP directories synchronized on Jira.

The problem is that we have some useres with the same Account ID on more than one directory.

In one of them, the accounts are always disabled, but Jira won't sync the second one because of the first.

 

Do we have any workaround?

 

Thanks in advance! 

Answer
Watch
Like Be the first to like this
419 views

2 answers

1 accepted

0 votes
Answer accepted
Jeff Santos
Jeff Santos
Contributor
July 3, 2019

I solved the problem by including a filter on the directories using the UserAccount control attribute from AD.

Now, Jira only get the active accounts of each directory.

 

Thanks for the help!

Reply
1 vote
Dave Theodore [Coyote Creek Consulting]
Dave Theodore [Coyote Creek Consulting]
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 1, 2019

Jira starts at the top of the list of User Directories and works down through the list. If a user appears in the directory, it stops looking at other directories, as it assumes that is the (only) one that the user is a member of.  

If you sort the LDAP directory with disabled users to the bottom, that will be the last one to be checked. Assuming that there are no active users in that directory that are inactive in one of the ones above it, things should work the way you want. Test this in a development environment before doing it in production! Never test things like this for the first time in production!

View More Comments
Jeff Santos
Jeff Santos
Contributor
July 2, 2019

Hi Dave,

 

Thanks for the help.

I'd like Jira understand that it should only consider the enabled user, regardless of the directory it is in. However, if the enabled user is in the second directory, it will not be synchronized, and the disabled user will be kept. I also cannot switch them because unfortunately I have the same situation on both directories.

Like
Dave Theodore [Coyote Creek Consulting]
Dave Theodore [Coyote Creek Consulting]
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 2, 2019

Can you delete or rename the inactive users in LDAP? That's going to be your best bet

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events