Renaming a uid in AM

Hi,

I am trying to figure out a way to rename user’s uid in a tree. I tried using idRepository.setAttribute(uid, “uid”, [newUid]); in a script but it just seems to be ignored. Then I tried the Set Profile Property node in the tree but I get the following exception:

ERROR: Node processing failed
java.lang.NullPointerException: null
[CONTINUED]	at com.sun.identity.idm.server.IdCachedServicesImpl.search(IdCachedServicesImpl.java:518)
[CONTINUED]	at com.sun.identity.idm.IdentityStoreImpl.searchIdentities(IdentityStoreImpl.java:163)
[CONTINUED]	at com.sun.identity.idm.IdentityStoreImpl.searchIdentitiesByUsername(IdentityStoreImpl.java:121)
[CONTINUED]	at com.sun.identity.idm.IdentityStoreImpl.findIdentityByUsername(IdentityStoreImpl.java:394)
[CONTINUED]	at com.sun.identity.idm.IdentityStoreImpl.findUserByUsernameOrAlias(IdentityStoreImpl.java:411)
[CONTINUED]	at com.sun.identity.idm.IdentityStoreImpl.getIdentity(IdentityStoreImpl.java:289)
[CONTINUED]	at com.sun.identity.idm.IdUtils.getIdentity(IdUtils.java:89)
...

I have a suspicion that uid might be a special case given its use as a unique identifier in most distinguished names but we are not using it as part of our DN.

Any recommendations on what I might be able to do to get the attribute renamed?

Thanks!

The authentication with LDAP will use any “naming attribute” you wish. Of course, global uniqueness is necessary. There is no need to modify “uid”. Moreover, the BIND operation with LDAP targets the corresponding DN, based on the filter criteria composed by such naming attribute. Again, no modification required.

What precisely are you attempting to accomplish?

Thank you grpensa. We are trying to rename the uid.

In our business processes there are times when we need to change the users uid and allow them to login with the new one.

However, it doesn’t seem to be possible as I have tried adding both the old and new uids using idRepository (works) and the removing the old one using the same idRepository object and that doesn’t work so there seems to be some tight Ping integration on that attribute.

Thank you for clarifying the use case.
Actually, there is no need to go through the “build new, delete old, methodology”.
In fact I would avoid that and continue with a simple LDAP modify. That way you are guaranteed the corresponding DN and UUID remain constant.
Also, would you please provide an example of a DN. Are you currently using UID as the rdn? And, what is your provisioning engine, please?

Cheers.

Have you considered dissociating the user login from the user id? The actual flow would be user enters username (user login id), journey resolve the associated user id (commonly using the Identify Existing User node) then straight into the datastore decision node. In this scheme, a user would never change user id (which simplifies greatly all of your business scenarios), but can change the username (typically could be mail for example).

Thank you Patrick for the suggestion, it was actually one of the other options we were considering but we wanted to exhaust all other options before going down that route. However, it seems more likely that we will have to bite the bullet and implement something along what you suggested

1 Like