Allow changing userID in alfresco when it's changed in AD and synced with LDAP: mapping of authenticated username to repository username


Current behavior:
At the moment if a user chnages name there is no way of changing the userID in alfresco , Or when it's synced via LDAP it's no possible to map a changed userID into alfresco. The new UserID will cause Alfresco to create a new user instead.
How to reproduce and use case?
1) install a ldap-ad system with ldap sync.


2) try to login with NTLM SSO with a user:
NTLM passthru (sso.enabled=true)


With the default parameters, this will create a user in Alfresco with username "username1"

(same thing with kerberos with the option to have username1@domain1 as username see )

3) now the user gets married and as "username1" was a user name based on her maiden name, admins in AD change her sAMAccountName from "username1" to "marriedusername1"

Expected behavior :
Customers want to be able to chnage the useID in AD, and using LDAP sync, the userID in alfresco to be updated.
Add an attribute that never changes like employeeID



is changed into:


Here the EmployeeId attribute is an invariant, so when syncing via LDAP this can be used as the identifier.

Business case:
This is a long standing enhancement request to have the possibility to change username in alfresco ,which is something that happens often. in this case,when a user's name was changed in AD when they got married or for other reasons, the user loses its rights on all folders and ownership of documents she created as anew user is created in alfresco!
This has been requested by many customers.



Testcase ID

Your pinned fields
Click on the next to a field label to start pinning.




Shima Matoorian

ACT Numbers

00130235, 00119749 Premier, 00262595, 00303085, 00502054 Premier, 00511848 Premier,00584610, 00588049 Premier,01021605

Bug Priority

Category 4