Multiple LDAP domains as user sources, how to handle duplicate usernames?

[Profecy]

So in my environment we have several LDAP Domains. We sync the users from AD into Authentik. However, there inevitably are duplicate
users across these domains. So in Domain A I have a user called "user" in Domain B there is another user called "user".

This now leads to errors, because the username already exists in authentik from "user" in Domain A so "user" from Domain B will not sync.

Anybody have advice on handling this?

Thank You!

[dewi-tik]

You could use LDAP source property mapping to handle these problem users. Maybe prepend problem usernames with a string.

Or if those users don't need to be synced, you could change the permissions of the LDAP bind user so that the users aren't visible (remove read permission on the objects) to it and therefore aren't synced.