LDAP User and SAML User are not getting matched

itkama · March 16, 2025, 10:25pm

Infos:

Used Zammad version: 6.4.1-1741933941.0923b150.jammy
Used Zammad installation type: package
Operating system: Ubuntu 22.04
Browser + version: Chrome 134

Expected behavior:

Users are synced via LDAP (works). Now I want them to be able to login via SAML via Entra ID, where those users exist as hybrid identities synced via Entra ID Connect. Once I login via SAML I should login as the user that was synced via LDAP before.

Actual behavior:

Once I login via SAML, a new user user.name@domain.com1 gets created instead of being logged in as user.name@domain.com. The newly created user also has no other attributes like a name assigned to it.

Steps to reproduce the behavior:

Configure LDAP. Have users with the same attributes login via SAML

This to me sounds similar to this thread:

Sadly there was no resolution there.

These are my LDAP attributes:

These are my SAML attributes:

laserjet25 · April 1, 2025, 5:15pm

I’ll see if I can replicate the issue (might take a while). I don’t see why the users would mismatch in AZAD since they are synced directly form onprem. I would really be curios how may other people have this working as it might indicate something weird with how Zammad handles users.