That specific field is needed in Jira in order for Jira to be aware of user account renames that can happen. This is explained in Connecting to an LDAP directory. From that page:
User UniqueID Attribute
|
The attribute used as a unique immutable identifier for user objects. This is used to track username changes and is optional. If this attribute is not set (or is set to an invalid value), user renames will not be detected — they will be interpreted as a user deletion then a new user addition.
This should normally point to a UUID value. Standards-compliant LDAP servers will implement this as 'entryUUID' according to RFC 4530. This setting exists because it is known under different names on some servers, e.g. 'objectGUID' in Microsoft Active Directory.
|
Since the objectGUID is the field we normally expect here, I feel like I need to know more about why you want to change this setting to be another value that is known to be able to change in Active Directory?
Jira is expecting that the field you choose here will never change for an account once created. While sAMAAccountName doesn't usually change, it is still possible to rename the value of that field for an account. Furthermore, there are known problems with using that specific field as a unique identifier. Check out the KB LDAP username or SAMAccountName rename creates a new user in JIRA not associated with the previous user account for more details.
If your looking to migrate to use a different LDAP/AD server, instead of changing the setting of that user directory in Jira, it might be better off to instead create a new user directory in Jira, set that up with the settings you need, and then re-order the user directories in Jira so that the new directory is above the old one. This way you can test out the new directory settings without removing the other user directory. As long as the new user directory has the exact same usernames as the old one, the user accounts will still be there (ie, accounts won't get removed from Jira). Usually the problem I see with a directory migration like this is that while the user accounts are there, the groups that grant application access or login rights are not exactly the same in the new directory. So users might not be able to login until their new account is a member of the group that grants access.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.