Users with name 'name@email.domain' issue

jtlarson · January 28, 2021, 12:09am

We have a large user database imported via LDAP. Some of the usernames are plain like ‘ajexample’ but others have their full email set as the ‘name’: ‘ajexample@our.domain’

Users who have this name format receive an error (“Unauthorized - You (username) are not authorized to use RT…”) when trying to access our /rt/SelfService webpage, so we would like to remove the ‘@our.domain’ portion from each name.

I don’t see a way to edit a large number of users within RT, so can I do this safely via a mysql query on the RT DB?

knation · January 28, 2021, 12:56am

It might be easier to write a Perl script that uses the RT Perl API. Are these users disabled when you go to their user record? Ie the checkbox for “Allow this user to access RT” is unchecked?

jtlarson · January 28, 2021, 5:42pm

The users in question do have the “Let this user access RT” checked, but not “Let this user be granted rights (Privileged).”

I had planned on editing the rt.users table via phpmyadmin, but if you can suggest a source for perl code that could do what I need, that would be great.

jtlarson · January 29, 2021, 11:07pm

Update: I was able to do this with a relatively simple mysql query:

UPDATE Users set Name = replace(Name, ‘@unwanted.domain’, ‘’)

This updates the ‘Name’ column in the ‘Users’ table, and replaces any instances of ‘@unwanted.domain’ with ‘’ (nothing). So if a username used to be ‘bob@unwanted.domain’ it would be changed to ‘bob’.

Alternative: If you have LDAP_import configured, you can also add Set($LDAPUpdateOnly, 1); to your RT_SiteConfig.pm and run “/opt/rt5/sbin/rt-ldapimport --import” to force updating of existing users based on LDAP info.