A user was removed from AD and then re-added, but the logs show on logon 'User already exists.'

Tadels · July 2, 2025, 3:16pm

Hi.
User ‘ben’ was accidentally deleted from AD and then re-added. Most likely, their UserID changed, causing a Rocket.Chat server issue. I’ve changed ‘ben’ to ‘ben2’ on the Rocket.Chat server, and ‘ben’ can now log in via the domain credentials, though they don’t have access to their old posts (which is expected). Only channels/groups work. Ideally, we’d now change the ownership of ‘ben2’'s messages to ‘ben’. Is this possible?
If that’s not possible, can we change the new ‘ben’'s ID to match the old one, allowing access to previous posts and settings?
Greets

Server Setup Information

Version of Rocket.Chat Server: 7.4.1
Operating System: Debian 12
Deployment Method: tar
Number of Running Instances: 1
DB Replicaset Oplog: wiredTiger oplog active
NodeJS Version: 22.11.0
MongoDB Version: 6.0.20
Proxy: nginx
Firewalls involved: iptables

2025-07-02T16:09:59.866426+02:00 rocketchat rocketchat[704]: {“level”:50,“time”:“2025-07-02T14:09:59.863Z”,“pid”:704,“hostname”:“rocketchat”,“name”:“Data Importer - LDAPUserConverter”,“err”:{“type”:“errorClass”,“message”:“Username already exists. [403]”,“stack”:“Error: Username already exists. [403]\n at AccountsServer.insertUserDoc (packages/accounts-base/accounts_server.js:1225:15)\n at processTicksAndRejections (node:internal/process/task_queues:105:5)\n at AccountsServer.Accounts.insertUserDoc (app/authentication/server/startup/index.js:323:14)\n at LDAPUserConverter.insertOrUpdateUser (app/importer/server/classes/converters/UserConverter.ts:241:19)\n at LDAPUserConverter.convertRecord (app/importer/server/classes/converters/UserConverter.ts:53:3)\n at LDAPUserConverter.iterateRecords (app/importer/server/classes/converters/RecordConverter.ts:219:19)\n at LDAPUserConverter.convertData (app/importer/server/classes/converters/UserConverter.ts:64:4)\n at Function.convertSingleUser (server/lib/ldap/UserConverter.ts:51:3)\n at Function.syncUserForLogin (server/lib/ldap/Manager.ts:365:3)\n at Function.addLdapUser (server/lib/ldap/Manager.ts:284:16)\n at Function.login (server/lib/ldap/Manager.ts:53:11)\n at packages/accounts-base/accounts_server.js:593:9\n at tryLoginMethod (packages/accounts-base/accounts_server.js:1560:14)\n at AccountsServer._runLoginHandlers (packages/accounts-base/accounts_server.js:592:22)\n at AccountsServer.Accounts._runLoginHandlers (app/lib/server/lib/loginErrorMessageOverride.ts:9:17)\n at MethodInvocation.methods.login (packages/accounts-base/accounts_server.js:654:22)”,“isClientSafe”:true,“error”:403,“reason”:“Username already exists.”,“errorType”:“Meteor.Error”},“msg”:“Username already exists. [403]”}

reetp · July 2, 2025, 6:46pm

This is not easy.

This is probably similar

github.com/RocketChat/Rocket.Chat

Problem changing username on LDAP

opened 02:42PM - 05 May 25 UTC

Max-ADC

### Description: Hello, I have been using rocket.chat with ldap connection sin…ce 3 years. Every thing is working great. The user name is about to change fot all users in our LDAP directory. But if I change the username of one user in LDAP, and try to connect to RocketChat, the user is not found and I am getting this error in the logs : {"level":50,"time":"2025-05-05T14:33:22.175Z","pid":93659,"hostname":"CDLC-CHAT","name":"Data Importer - LDAPUserConverter","err":{"type":"errorClass","message":"Email already exists. [403]","stack":"Error: Email already exists. [403] at AccountsServer.insertUserDoc (packages/accounts-base/accounts_server.js:1223:15) at processTicksAndRejections (node:internal/process/task_queues:105:5) at AccountsServer.Accounts.insertUserDoc (app/authentication/server/startup/index.js:323:14) at LDAPUserConverter.insertOrUpdateUser (app/importer/server/classes/converters/UserConverter.ts:241:19) at LDAPUserConverter.convertRecord (app/importer/server/classes/converters/UserConverter.ts:53:3) at LDAPUserConverter.iterateRecords (app/importer/server/classes/converters/RecordConverter.ts:219:19) at LDAPUserConverter.convertData (app/importer/server/classes/converters/UserConverter.ts:64:4) at Function.convertSingleUser (server/lib/ldap/UserConverter.ts:51:3) at Function.syncUserForLogin (server/lib/ldap/Manager.ts:365:3) at Function.addLdapUser (server/lib/ldap/Manager.ts:284:16) at Function.login (server/lib/ldap/Manager.ts:53:11) at packages/accounts-base/accounts_server.js:593:9 at tryLoginMethod (packages/accounts-base/accounts_server.js:1560:14) at AccountsServer._runLoginHandlers (packages/accounts-base/accounts_server.js:592:22) at AccountsServer.Accounts._runLoginHandlers (app/lib/server/lib/loginErrorMessageOverride.ts:9:17) at MethodInvocation.methods.login (packages/accounts-base/accounts_server.js:654:22)","isClientSafe":true,"error":403,"reason":"Email already exists.","errorType":"Meteor.Error"},"msg":"Email already exists. [403]"} It looks like RC is trying to create a new user but it fails because of the email beeing the same of the prévious user (prévious username). What can I do to handle that problem ? ### Steps to reproduce: 1. Connect RC to LDAP 2. Sync or connect with one of the user to create the RC user 3. Modify the username in LDAP directory 4. Try to connect with the new username ### Server Setup Information: - Version of Rocket.Chat Server: 7.5.1 - License Type: Community - Operating System: Debian ### Client Setup Information - Desktop App : 4.3.3 - Operating System: Windows 10

Tadels · July 3, 2025, 7:11am

Great. Thanks. I had this message too…
I’m on mongosh.

db.users.find({username: “ben”});

    _id: '5aCHWotmpHjFmb8Jb',
    createdAt: ISODate('2025-07-02T14:12:26.764Z'),
    type: 'user',
    username: 'ben',
    emails: [ { address: 'ben@example.com', verified: true } ],
    name: 'Jan Ben',
    services: {
      ldap: {
        idAttribute: 'objectGUID',
        id: '0521a64f2ef33d4ea79771a225540938'
      },

after are loginTokens, importIds, ldap…

db.users.find({username: “ben2”});

   _id: 'bkrHkhJjeq2rzqrTT',
    createdAt: ISODate('2023-05-30T11:50:41.986Z'),
    services: {
      password: {
        bcrypt: '...'
      },
      ldap: {
        id: '327ed72e9ef9774fb33cbc8418569307',
        idAttribute: 'objectGUID'
      },
      resume: {}
    },
    emails: [ { address: 'ben2@example.com', verified: false } ],
    type: 'user',
    status: 'offline',
    active: true,
    _updatedAt: ISODate('2025-07-02T14:15:20.328Z'),
    roles: [ 'user' ],
    ldap: true,
    username: 'ben2',

Which ID needs to be changed (and how) so that the new “ben” can access his old posts and settings?

reetp · July 3, 2025, 11:46am

I don’t honestly know.

This stuff is super complex.

I’ll try and ask a dev. Please be patient.

Tadels · July 3, 2025, 1:17pm

Solution:

In mongosh (use rocketchat), then:

db.users.remove({_id: '5aCHWotmpHjFmb8Jb'});

then

db.users.update(
  {_id: 'bkrHkhJjeq2rzqrTT'},
  {
    $set: {
      username: 'ben',
      'emails.0.address': 'ben@example.com', 
      'services.ldap.id': '0521a64f2ef33d4ea79771a225540938' 
    },
    $unset: {
      'services.password': '' 
    }
  }
);

Thanks, Gemini.

reetp · July 3, 2025, 3:16pm

Nice job!

I had just been told that this was the correct solution.

I believe that there are a number of issues that have similar causes with LDAP, AD, etc and the team have been made aware.

Thanks.

Topic		Replies	Views
Migrate users to LDAP (long) after initial users creations Community Support	0	682	April 3, 2020
Usernames changed after 2nd login Community Support	0	299	April 25, 2023
User login failed (LDAP auth) duplicate username in mongoDB Community Support	2	638	April 5, 2022
Migration LDAP to Oauth Keyckoak Community Support	0	308	May 15, 2023
Failed login detected - Username[unknown] Community Support	4	1869	September 29, 2020

[Secure CommsOS™ Launch] Join our next Roadmap Reveal webinar to learn more Register now ->

A user was removed from AD and then re-added, but the logs show on logon 'User already exists.'

Server Setup Information

Related topics