Details
-
Suggestion
-
Resolution: Won't Fix
-
None
-
None
Description
NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.
Case:
There are 2 LDAP directories set up in Confluence which 1 for domain A and another 1 for domain B.
However, there are duplicate username such as jsmith located in both domain and they are not the same user. For eg.
User Directory A configured with Domain A: jsmith(John Smith)
User Directory B configured with Domain B: jsmith(Jonathan Smith)
In Confluence authentication and based on the rule of multiple directories, the first occurrence of the user across the directories would be use for authentication and login into Confluence. Assuming Directory A is on top of Directory B, whenever Jonathan Smith from Domain B try to login, it would use the one from Domain A for authentication. In the end, the customer would be rejected due to wrong password or missing due to being point to a different domain.
Some solution should be implemented to avoid different user with same username are having conflict on login into Confluence.
Current Workaround:
- Use a different attribute for username such as email during the setup of second directory in Confluence. Thus, the users from second domain are login with email address.
- Rename the conflicting username in the LDAP server before the setup of second user directory in Confluence.
Attachments
Issue Links
- relates to
-
CONFCLOUD-28910 Better handling of authentication in duplicate username across different LDAP domain
- Closed