Skip to content

Rename user

Burke Mamlin edited this page Aug 16, 2020 · 1 revision

There's no easy way to rename a user from crowd or jira. The steps described below worked and history was preserved for talk and JIRA.

We have to hack it straight to LDAP. Make sure to copy the output of these commands to the relevant JIRA ticket. It's recommended to do a backup before (check LDAP docs for details).

Step 0: Register user access

Take printscreens of recent activity for JIRA, wiki and Talk for the user. Also all LDAP groups.

Step 1: modify LDAP

$ ssh ldap.openmrs.org
$ sudo -i
$ vi modify-user-<current username>.ldif
dn: uid=<current username>,ou=users,dc=openmrs,dc=org
changetype: modrdn
newrdn: uid=<new username>
deleteoldrdn: 1

$ docker cp modify-user-<current username>.ldif ldap_ldap_1:/root
$ docker exec -it ldap_ldap_1 bash

# list current data
$ USER="<current username>"
$ ldapsearch -LLL -D "cn=admin,dc=openmrs,dc=org" -W -b "uid=${USER},ou=users,dc=openmrs,dc=org"
# creds in LP 

$ ldapmodify -D "cn=admin,dc=openmrs,dc=org" -W -f /root/modify-user-<current username>.ldif
# creds in LP 

# list new data
$ USER="<new username>"
$ ldapsearch -LLL -D "cn=admin,dc=openmrs,dc=org" -W -b "uid=${USER},ou=users,dc=openmrs,dc=org" 
# creds in LP 

Step 2: Rename in formage

Login to formage and edit the user to the new username. If the user is not in formage, attempt to reset the user's password. The email will cause the user to be in formage. Add all older LDAP groups.

Save the current password hash, and add a known password hash.

Step 3: Verify access

Login to talk, ID, JIRA and Wiki with the new username. Check recent activity for talk, JIRA and wiki. In talk, disconnect all other active logins.

Step 4: Recover

Recover the old password hash in formage.

Clone this wiki locally