Problem changing username on LDAP

[Max-ADC]

Description:

Hello,

I have been using rocket.chat with ldap connection since 3 years. Every thing is working great.
The user name is about to change fot all users in our LDAP directory.
But if I change the username of one user in LDAP, and try to connect to RocketChat, the user is not found and I am getting this error in the logs :

{"level":50,"time":"2025-05-05T14:33:22.175Z","pid":93659,"hostname":"CDLC-CHAT","name":"Data Importer - LDAPUserConverter","err":{"type":"errorClass","message":"Email already exists. [403]","stack":"Error: Email already exists. [403]
at AccountsServer.insertUserDoc (packages/accounts-base/accounts_server.js:1223:15)
at processTicksAndRejections (node:internal/process/task_queues:105:5)
at AccountsServer.Accounts.insertUserDoc (app/authentication/server/startup/index.js:323:14)
at LDAPUserConverter.insertOrUpdateUser (app/importer/server/classes/converters/UserConverter.ts:241:19)
at LDAPUserConverter.convertRecord (app/importer/server/classes/converters/UserConverter.ts:53:3)
at LDAPUserConverter.iterateRecords (app/importer/server/classes/converters/RecordConverter.ts:219:19)
at LDAPUserConverter.convertData (app/importer/server/classes/converters/UserConverter.ts:64:4)
at Function.convertSingleUser (server/lib/ldap/UserConverter.ts:51:3)
at Function.syncUserForLogin (server/lib/ldap/Manager.ts:365:3)
at Function.addLdapUser (server/lib/ldap/Manager.ts:284:16)
at Function.login (server/lib/ldap/Manager.ts:53:11)
at packages/accounts-base/accounts_server.js:593:9
at tryLoginMethod (packages/accounts-base/accounts_server.js:1560:14)
at AccountsServer._runLoginHandlers (packages/accounts-base/accounts_server.js:592:22)
at AccountsServer.Accounts._runLoginHandlers (app/lib/server/lib/loginErrorMessageOverride.ts:9:17)
at MethodInvocation.methods.login (packages/accounts-base/accounts_server.js:654:22)","isClientSafe":true,"error":403,"reason":"Email already exists.","errorType":"Meteor.Error"},"msg":"Email already exists. [403]"}

It looks like RC is trying to create a new user but it fails because of the email beeing the same of the prévious user (prévious username).

What can I do to handle that problem ?

Steps to reproduce:

1. Connect RC to LDAP
2. Sync or connect with one of the user to create the RC user
3. Modify the username in LDAP directory
4. Try to connect with the new username

Server Setup Information:

• Version of Rocket.Chat Server: 7.5.1
• License Type: Community
• Operating System: Debian

Client Setup Information

• Desktop App : 4.3.3
• Operating System: Windows 10

[Rohitkumar2003]

I work on it issue.

[reetp]

This will need mongo wrangling.

From a dev....

"There's a setting for "Unique Identifier Field"
By default it has a CSV list of field names and it'll use the first field name in that list with a valid value to link the rocket.chat user with the ldap user.
My guess is that the field they use for username is in that list. If that's the case, then rocket.chat will not be able to find the existing user (as it will have the old username) and will try to create a new one, but that will also fail because there's already an user with the same email address.

I thought we had an option to identify users by email too, but apparently not.

Actually we do, but only if the user is not yet associated with another ldap entry (through the unique id)

So what you would need to do to get this user to work again is to delete the services.ldap.id and services.ldap.idAttribute entries from the user's document on mongo (there's no way to do it via API or anything else)
and then make sure that you only use immutable fields on that unique Id setting."

That's the best I can get.

Backup a few times. Preferably run a test box first if possible.

[Max-ADC]

Hello,
Thanks a lot for this precise reply. I will try the proposed solution and get back to you.