Status: Open (View Workflow)
Affects Version/s: 4.2, 5.0
Fix Version/s: None
Environment:any with lpap or ldap-ad
00130235, 00119749 Premier, 00262595, 00303085, 00502054 Premier, 00511848 Premier,00584610, 00588049 Premier
The latest Jira is interesting especially comment
where Andy mentions three possible solutions. Could we please implement at least one of those solutions as many customer want this?
How to reproduce and use case?
1) install a ldap-ad system with ldap sync.
2) try to login with NTLM SSO with a user:
NTLM passthru (sso.enabled=true)
With the default parameters, this will create a user in Alfresco with username "username1"
(same thing with kerberos with the option to have username1@domain1 as username see ALF-13687)
3) now the user gets married and as "username1" was a user name based on her maiden name, admins in AD change her sAMAccountName from "username1" to "marriedusername1"
When that user logs into alfresco, a new user is created
This results in the user loosing its rights on all folders and ownship of documents she created
Expected result/Enhancement request:
Could we please implement Andy's suggestion assuming that the Directory contains an attribute that never changes.
is changed into:
that is the EmployeeId attribute is an invariant.
It sems to me that for the configuration point of view that mapping could be achived with just one extra parameter (call it ldap.synchronization.authUserIdAttributeName for instance)
and then setting the for key paramters to: