Hi,
After adding ldap to a site to allow additional users to login via their ldap accounts, it turn out that some people already had accounts before we switched on ldap. These accounts have the same email as their account in ldap. When they try to login with ldap, one gets "Another user already exists in the system with the same email address".
- One can delete the "drupal account" and when they login with ldap, a new profile is created.
- But they then lose all data in their current profile, and all authorship of content/comments linked to that user.
An administrator cannot edit the username, to change it to the ldap name. Its is greyed out with the caption "This username is automatically set and may not be changed". I believe that comes from the ldap module ldap_profile_form_user_profile_form_alter.
I tried updating the database directly:
update users set name='NEWUSER' where name='OLDUSER' limit 1;
and that seems to work, the user can login, content is still assigned to them. However a custom profile field is not being updated, that would otherwise be updated when one logins to ldap.
==> Why is changing the username forbidden?
==> How can one change the name to migrate a user from "drupal" to ldap?
Update: for now I just updated the DB for each conflicting user as noted above.
Comments
Comment #1
boran CreditAttribution: boran commentedcorrect title typo
Comment #2
johnbarclay CreditAttribution: johnbarclay commentedI don't see any reason for this not being editable by the admin, though perhaps a warning of some sort would be useful.
Comment #3
pounardI think it must be editable in this use case: an already (non LDAP) user has an email address, and he wishes to migrate it as a LDAP handled user. In order for this to happen and login to be possible, the username must be changed, else a new profile with the new username would be created instead, and Drupal will yell because the LDAP data actually holds the same email address than the non LDAP handled user. Email is UNIQUE per SQL constraint in Drupal, so it fails.
Comment #4
thatoneguy CreditAttribution: thatoneguy commentedBesides this, I'd like my users to be able to edit their own username. I view the Drupal username as more of a "display name" than the actual username. Since implementing SSO with SAML and using the email address as the primary user identifer, I have no need for a typical 'username' aside from a 'display name'.
Comment #5
johnbarclay CreditAttribution: johnbarclay commentedIt can only be editable if a permanent user id (PUID) is selected so a new account isn't attempted each time a user logs on. If PUID is enabled, the username should be editable.
Comment #6
johnbarclay CreditAttribution: johnbarclay commentedThis is controlled by the permissions in the user module. Generally with LDAP to Drupal provisioning users should not be allowed to change Drupal usernames, but this is an admin's decision.
Comment #6.0
johnbarclay CreditAttribution: johnbarclay commentedupdate summary, typo.