A user was removed from AD and then re-added, but the logs show on logon 'User already exists.'

Tadels · July 2, 2025, 3:16pm

Hi.
User ‘ben’ was accidentally deleted from AD and then re-added. Most likely, their UserID changed, causing a Rocket.Chat server issue. I’ve changed ‘ben’ to ‘ben2’ on the Rocket.Chat server, and ‘ben’ can now log in via the domain credentials, though they don’t have access to their old posts (which is expected). Only channels/groups work. Ideally, we’d now change the ownership of ‘ben2’'s messages to ‘ben’. Is this possible?
If that’s not possible, can we change the new ‘ben’'s ID to match the old one, allowing access to previous posts and settings?
Greets

Server Setup Information

Version of Rocket.Chat Server: 7.4.1
Operating System: Debian 12
Deployment Method: tar
Number of Running Instances: 1
DB Replicaset Oplog: wiredTiger oplog active
NodeJS Version: 22.11.0
MongoDB Version: 6.0.20
Proxy: nginx
Firewalls involved: iptables

2025-07-02T16:09:59.866426+02:00 rocketchat rocketchat[704]: {“level”:50,“time”:“2025-07-02T14:09:59.863Z”,“pid”:704,“hostname”:“rocketchat”,“name”:“Data Importer - LDAPUserConverter”,“err”:{“type”:“errorClass”,“message”:“Username already exists. [403]”,“stack”:“Error: Username already exists. [403]\n at AccountsServer.insertUserDoc (packages/accounts-base/accounts_server.js:1225:15)\n at processTicksAndRejections (node:internal/process/task_queues:105:5)\n at AccountsServer.Accounts.insertUserDoc (app/authentication/server/startup/index.js:323:14)\n at LDAPUserConverter.insertOrUpdateUser (app/importer/server/classes/converters/UserConverter.ts:241:19)\n at LDAPUserConverter.convertRecord (app/importer/server/classes/converters/UserConverter.ts:53:3)\n at LDAPUserConverter.iterateRecords (app/importer/server/classes/converters/RecordConverter.ts:219:19)\n at LDAPUserConverter.convertData (app/importer/server/classes/converters/UserConverter.ts:64:4)\n at Function.convertSingleUser (server/lib/ldap/UserConverter.ts:51:3)\n at Function.syncUserForLogin (server/lib/ldap/Manager.ts:365:3)\n at Function.addLdapUser (server/lib/ldap/Manager.ts:284:16)\n at Function.login (server/lib/ldap/Manager.ts:53:11)\n at packages/accounts-base/accounts_server.js:593:9\n at tryLoginMethod (packages/accounts-base/accounts_server.js:1560:14)\n at AccountsServer._runLoginHandlers (packages/accounts-base/accounts_server.js:592:22)\n at AccountsServer.Accounts._runLoginHandlers (app/lib/server/lib/loginErrorMessageOverride.ts:9:17)\n at MethodInvocation.methods.login (packages/accounts-base/accounts_server.js:654:22)”,“isClientSafe”:true,“error”:403,“reason”:“Username already exists.”,“errorType”:“Meteor.Error”},“msg”:“Username already exists. [403]”}

reetp · July 2, 2025, 6:46pm

This is not easy.

This is probably similar

github.com/RocketChat/Rocket.Chat

Problem changing username on LDAP

opened 02:42PM - 05 May 25 UTC

Max-ADC

### Description: Hello, I have been using rocket.chat with ldap connection sin…ce 3 years. Every thing is working great. The user name is about to change fot all users in our LDAP directory. But if I change the username of one user in LDAP, and try to connect to RocketChat, the user is not found and I am getting this error in the logs : {"level":50,"time":"2025-05-05T14:33:22.175Z","pid":93659,"hostname":"CDLC-CHAT","name":"Data Importer - LDAPUserConverter","err":{"type":"errorClass","message":"Email already exists. [403]","stack":"Error: Email already exists. [403] at AccountsServer.insertUserDoc (packages/accounts-base/accounts_server.js:1223:15) at processTicksAndRejections (node:internal/process/task_queues:105:5) at AccountsServer.Accounts.insertUserDoc (app/authentication/server/startup/index.js:323:14) at LDAPUserConverter.insertOrUpdateUser (app/importer/server/classes/converters/UserConverter.ts:241:19) at LDAPUserConverter.convertRecord (app/importer/server/classes/converters/UserConverter.ts:53:3) at LDAPUserConverter.iterateRecords (app/importer/server/classes/converters/RecordConverter.ts:219:19) at LDAPUserConverter.convertData (app/importer/server/classes/converters/UserConverter.ts:64:4) at Function.convertSingleUser (server/lib/ldap/UserConverter.ts:51:3) at Function.syncUserForLogin (server/lib/ldap/Manager.ts:365:3) at Function.addLdapUser (server/lib/ldap/Manager.ts:284:16) at Function.login (server/lib/ldap/Manager.ts:53:11) at packages/accounts-base/accounts_server.js:593:9 at tryLoginMethod (packages/accounts-base/accounts_server.js:1560:14) at AccountsServer._runLoginHandlers (packages/accounts-base/accounts_server.js:592:22) at AccountsServer.Accounts._runLoginHandlers (app/lib/server/lib/loginErrorMessageOverride.ts:9:17) at MethodInvocation.methods.login (packages/accounts-base/accounts_server.js:654:22)","isClientSafe":true,"error":403,"reason":"Email already exists.","errorType":"Meteor.Error"},"msg":"Email already exists. [403]"} It looks like RC is trying to create a new user but it fails because of the email beeing the same of the prévious user (prévious username). What can I do to handle that problem ? ### Steps to reproduce: 1. Connect RC to LDAP 2. Sync or connect with one of the user to create the RC user 3. Modify the username in LDAP directory 4. Try to connect with the new username ### Server Setup Information: - Version of Rocket.Chat Server: 7.5.1 - License Type: Community - Operating System: Debian ### Client Setup Information - Desktop App : 4.3.3 - Operating System: Windows 10

Tadels · July 3, 2025, 7:11am

Great. Thanks. I had this message too…
I’m on mongosh.

db.users.find({username: “ben”});

    _id: '5aCHWotmpHjFmb8Jb',
    createdAt: ISODate('2025-07-02T14:12:26.764Z'),
    type: 'user',
    username: 'ben',
    emails: [ { address: 'ben@example.com', verified: true } ],
    name: 'Jan Ben',
    services: {
      ldap: {
        idAttribute: 'objectGUID',
        id: '0521a64f2ef33d4ea79771a225540938'
      },

after are loginTokens, importIds, ldap…

db.users.find({username: “ben2”});

   _id: 'bkrHkhJjeq2rzqrTT',
    createdAt: ISODate('2023-05-30T11:50:41.986Z'),
    services: {
      password: {
        bcrypt: '...'
      },
      ldap: {
        id: '327ed72e9ef9774fb33cbc8418569307',
        idAttribute: 'objectGUID'
      },
      resume: {}
    },
    emails: [ { address: 'ben2@example.com', verified: false } ],
    type: 'user',
    status: 'offline',
    active: true,
    _updatedAt: ISODate('2025-07-02T14:15:20.328Z'),
    roles: [ 'user' ],
    ldap: true,
    username: 'ben2',

Which ID needs to be changed (and how) so that the new “ben” can access his old posts and settings?

reetp · July 3, 2025, 11:46am

I don’t honestly know.

This stuff is super complex.

I’ll try and ask a dev. Please be patient.

Tadels · July 3, 2025, 1:17pm

Solution:

In mongosh (use rocketchat), then:

db.users.remove({_id: '5aCHWotmpHjFmb8Jb'});

then

db.users.update(
  {_id: 'bkrHkhJjeq2rzqrTT'},
  {
    $set: {
      username: 'ben',
      'emails.0.address': 'ben@example.com', 
      'services.ldap.id': '0521a64f2ef33d4ea79771a225540938' 
    },
    $unset: {
      'services.password': '' 
    }
  }
);

Thanks, Gemini.

reetp · July 3, 2025, 3:16pm

Nice job!

I had just been told that this was the correct solution.

I believe that there are a number of issues that have similar causes with LDAP, AD, etc and the team have been made aware.

Thanks.

Topic		Replies	Views
Usernames changed after 2nd login Community Support	0	299	April 25, 2023
Corrupted user issue Community Support	0	1675	November 26, 2019
Error Log through LDAP Sync Community Support	5	84	February 24, 2025
Migrate users to LDAP (long) after initial users creations Community Support	0	682	April 3, 2020
Too Frequent Login errors Community Support	5	919	September 8, 2022

[Secure CommsOS™ Launch] Join our next Roadmap Reveal webinar to learn more Register now ->

A user was removed from AD and then re-added, but the logs show on logon 'User already exists.'

Server Setup Information

Related topics