Hi,

After adding ldap to a site to allow additional users to login via their ldap accounts, it turn out that some people already had accounts before we switched on ldap. These accounts have the same email as their account in ldap. When they try to login with ldap, one gets "Another user already exists in the system with the same email address".
- One can delete the "drupal account" and when they login with ldap, a new profile is created.
- But they then lose all data in their current profile, and all authorship of content/comments linked to that user.
An administrator cannot edit the username, to change it to the ldap name. Its is greyed out with the caption "This username is automatically set and may not be changed". I believe that comes from the ldap module ldap_profile_form_user_profile_form_alter.

I tried updating the database directly:
update users set name='NEWUSER' where name='OLDUSER' limit 1;
and that seems to work, the user can login, content is still assigned to them. However a custom profile field is not being updated, that would otherwise be updated when one logins to ldap.

==> Why is changing the username forbidden?
==> How can one change the name to migrate a user from "drupal" to ldap?

Update: for now I just updated the DB for each conflicting user as noted above.

Comments

boran’s picture

Title: All username to be edited (at least by an admin) » Allow username to be edited (at least by an admin)

correct title typo

johnbarclay’s picture

I don't see any reason for this not being editable by the admin, though perhaps a warning of some sort would be useful.

pounard’s picture

I think it must be editable in this use case: an already (non LDAP) user has an email address, and he wishes to migrate it as a LDAP handled user. In order for this to happen and login to be possible, the username must be changed, else a new profile with the new username would be created instead, and Drupal will yell because the LDAP data actually holds the same email address than the non LDAP handled user. Email is UNIQUE per SQL constraint in Drupal, so it fails.

thatoneguy’s picture

Besides this, I'd like my users to be able to edit their own username. I view the Drupal username as more of a "display name" than the actual username. Since implementing SSO with SAML and using the email address as the primary user identifer, I have no need for a typical 'username' aside from a 'display name'.

johnbarclay’s picture

Version: 7.x-1.0-beta10 » 7.x-2.x-dev
Assigned: Unassigned » johnbarclay

It can only be editable if a permanent user id (PUID) is selected so a new account isn't attempted each time a user logs on. If PUID is enabled, the username should be editable.

johnbarclay’s picture

Title: Allow username to be edited (at least by an admin) » LDAP User: Allow username to be edited (at least by an admin)
Category: support » feature
Status: Active » Closed (won't fix)

This is controlled by the permissions in the user module. Generally with LDAP to Drupal provisioning users should not be allowed to change Drupal usernames, but this is an admin's decision.

johnbarclay’s picture

Issue summary: View changes

update summary, typo.