Hi,

Can we combine a custom Kerberos/Spnego-based authentication filter with the Atlassian-provided LDAP Directory?  i.e. will the LDAP directory filter 'pick up' the UserPrincipal in the request or an http header?

ldap directory: https://confluence.atlassian.com/adminjiraserver071/connecting-to-an-ldap-directory-802592350.html

Context

Our jira instance already currently uses a custom spnego-based authentication mechanism prior to 'home grown' user provisioning code (which uses ldap and Jira api's ). We would like to replace this 'home grown' user provisioning code with Atlassians' "out of the box"  LDAP directory functionality.

Question

If we enable the LDAP directory, does the "LDAP directory filter" check the HttpServletRequest.getPrincipal() (or some http header) for the user.

Usecase

Here's our usecase:

1) User Bob Brown (username "bbrown") logs on to the LAN

2) Bob points his browser to our internal jira instance

3) Authentication filter confirms via kerberos/spnego that "bbrown" has already authenticated on the network and puts  "Bob" in the request user principal  and/or  "bbrown" in some http header

4) Tomcat filter processor chains to the LDAP filter

5) LDAP filter recognizes that user "bbrown" has been authenticated and *SKIPS* challenge (i.e. doesn't prompt for creds)

6) LDAP filter looks up Bob's user info from LDAP

7) LDAP filter updates Jira's database with Bob Brown's user information (i.e. update in case his name change or inserts if it doesn't yet exist).

Summary

The key point lies in #5: can the ldap filter recognize that "bbrown" has authenticated, yet still retrieve user info from ldap? 

thanks in advance