After renaming a user in Active Directory, Confluence syncs that user in as a new user (if and only if Confluence is connected to JIRA or Crowd, which is in turn connected to LDAP)

Summary

After renaming a user in Active Directory, and performing a sync in Crowd/JIRA, Crowd/JIRA correctly identifies that the user is an updated user, rather than a whole new user. When syncing from that same Crowd/JIRA to Confluence, Confluence incorrectly identifies the user as a new user, and will create a user account for them.

Environment

Crowd/JIRA has a connector to Active Directory. The base DN is set at an OU that has only one user. This user is Joe Smith, and has the username jsmith. Confluence is in turn connected to this Crowd/JIRA Server

Steps to Reproduce:

1. Create a user in Active Directory, jsmith.
2. Sync Crowd/JIRA. Verify the user appears in Crowd/JIRA.
3. Sync Confluence with Crowd/JIRA. Verify the user appears in Confluence.
4. On the user in Active Directory: Right Click » Properties » Account » Adjust both logon names to smithj
5. Sync Crowd/JIRA. Verify the username is updated correctly in Crowd/JIRA.
6. Sync Confluence. Verify that there is now a user for jsmith, and smithj.

Note: This problem only affects Confluence when you synchronise from Active Directory into Crowd/JIRA. It does not affect Confluence connecting to AD directly

Other Information.

When I created the user originally and synced into Crowd, I found the following information:

GUID: f877e918-fd42-46ce-89be-88ecadf2d1a0}
SID: S-1-5-21-348418773-4108394185-1306204109-366320
External ID in Conf: 819201:18e977f842fdce4689be88ecadf2d1a0
External ID in Crowd: 18e977f842fdce4689be88ecadf2d1a0

After Confluence sync'd the user incorrectly, there were two entries in cwd_user with an external ID of 819201:18e977f842fdce4689be88ecadf2d1a0 - the only difference was the user name.

Verification information:

• Before Rename.ldif - LDIF of the user before it was renamed in Active Directory
• After Rename.ldif - LDIF of the user after it was renamed in Active Directory
• DirectoryConfigSummaryCrowd.txt: Crowd's Directory Configuration Summary, showing the connector for Active Directory and applications
• DirectoryConfigSummaryConfluence.txt: Confluence's Directory Configuration Summary, showing both a Direct Connection to AD, and a Connection to Crowd
• cwd_user.Confluence.Before.csv: Output of SELECT * FROM CWD_USER in Confluence before the rename. There are two records for dnorton in the table
• cwd_user.Confluence.After.csv: Output of same query in Confluence after the rename - there are two dave.norton entries for each directory, as well as the incorrect dnorton - note they only appear in the Crowd Directory, not the Direct AD one.
• cwd_user.Crowd.Before.csv: Output of select * from cwd_user where directory_id != 32769; in Crowd showing a single dnorton before rename
• cwd_user.Crowd.After.csv: Output of same query in Crowd showing a single record - renamed to dave.norton.

Workaround

• Create a new user directory with the same configuration as the original
  • Ensure successful sync
• Disable the original user directory, move new directory to be primary
• Ensure new directory is working before removing original.