After provisioning an LDAP user incorrectly, can we change uid/uname?

Nextcloud version (eg, 20.0.5): 19.0.7
Operating system and version (eg, Ubuntu 20.04): Ubuntu 18.04.5
Apache or nginx version (eg, Apache 2.4.25): 2.4.29-1ubuntu4.14
PHP version (eg, 7.4): 7.2.24-0ubuntu0.18.04.7

The issue you are facing:

we inadvertently provisioned in our OpenLDAP-based LDAP tree a new user with a misspelt surname, resulting in a misspelt uid/uname … we know nextcloud uses entryUUID as a unique identifier per-user, so by that logic we should be able to change the uid without problem … but is that actually the case?

I don’t believe this user has ever logged in, as the summary of their account has their storage as completely empty …


Delete the user; create a new one, with the right name…

ok, so when I noticed the problem initially I had already altered the users ldap entry to fix cn, dn, email and sn but left uid alone as I thought that would definitely give me issues … nextcloud seems to have noticed at least part of these modifications - the display name is correct[1], but email shows the old value … and when I try to delete the user nextcloud complains: “An error occured during the request. Unable to proceed.”

I’ve found the nextcloud.log however there doesn’t seem to be anything logged for this event … am I looking in the correct spot for that to show up?

I’ve reverted the changes to the LDAP record and these are all now back to where they were when the user was initially provisioned … now I’d like to prompt nextcloud to refresh from LDAP (if possible), but also happy to wait out any usual refresh interval if required …


[1] I’m not sure where the display name is derived from to know which parameter this is representing

I should add that in all of these modifications, the ldap entryUUID for the user has remained unchanged. nextcloud is also reporting that as the actual username as well (not that this is bothering us, just noting in passing)

oh, and something I wasn’t clear on was that our LDAP records have a dn of the form:

cn=First Last,ou=People,dc=acme,dc=com

… so when I changed the user’s last name, I also changed their dn as well …