Open robertfromont opened 4 years ago
just to make sure, do you know about the admin setting called Use Real Name
under Admin > Layout > User Interface
? with this setting turned on you shouldn't see usernames in the chat UI anymore, but you'd still need to know them to mention someone.
cc @pierre-lehnen-rc
There is also the setting "User Data Field Map" which lets you specify how the RC "name" is filled
just to make sure, do you know about the admin setting called
Use Real Name
underAdmin > Layout > User Interface
? with this setting turned on you shouldn't see usernames in the chat UI anymore, but you'd still need to know them to mention someone.
@sampaiodiego yes, sorry I should have mentioned that we're already using that setting, and it works fairly well.
I think it appearing when you @mention someone is the primary source of annoyance, but there are still a few places where the username sneaks through, including:
Quoted messages:
Polls:
@mentions in channel previews on iOS:
There is also the setting "User Data Field Map" which lets you specify how the RC "name" is filled
@bbrauns Actually, that looks pretty interesting for auto-population of the LDAP username in custom fields, thanks!
I've just been exploring the way OAuth works, and it doesn't impose usernames on users.
So what I'm proposing here is to allow the possibility of configuring LDAP to work in a similar way to OAuth: provide a mechanism to authenticate users, without necessarily determining their username or other profile details.
Does that make sense?
I've been investigating the code, and have discovered that I can get almost all the way to what I need without changing anything.
It turns out that the LDAP_Username_Field setting (LDAP|Sync/Import|"Username Field") is what links the RC username to the LDAP username. By default this is set to sAMAccountName
, but if it's blanked out, then the RC username is not synced to the LDAP one (the first time an LDAP user logs in, they're asked what their RC should be).
This is great, but there's one wrinkle: if LDAP is enabled (LDAP_Enable is on) then users are not allowed to change their own usernames. This is determined here:
I guess this override of the Accounts_AllowUsernameChange setting makes sense when LDAP_Username_Field is not blank, as users might change their username and then find it's changed back again next time they log in.
However, in my case, I'd like users to be able to change their username, partly because they should be able to control their identity as they like, and partly because the default suggestion for a username when they first log is something nondescript like user-0
and if they click through that unintentionally, they should be able to fix it later.
Does this make sense?
Description:
Users should be able to be authenticated via LDAP without having their LDAP username the same as their Rocket Chat username.
Steps to reproduce:
Expected behavior:
They can log on, and have their username appear as the RC username.
Actual behavior:
Login fails.
Server Setup Information:
Client Setup Information
Additional context
This issue expands on RocketChat/Rocket.Chat#18881.
I have migrated a small number of users of a very large organization from a Slack workspace to an in-house Rocket Chat instance. So all the current users previously had descriptive usernames in Slack. In order to make migration as painless as possible, but also to tie authorization to the large organization's user database, I have enabled LDAP auth.
This means that everyone can just log in with a username/password they already know, which is great!
Unfortunately the LDAP usernames imposed by the larger organization have a formal structure and are quite opaque. In short, nobody knows anybody else's LDAP usernames, so it's difficult to understand who is talking in chats, who users want to @mention, etc.
I have enabled the Administration|Accounts|Default User Preferences|Hide Usernames setting to try to address this issue, but unfortunately the coverage of this setting isn't exhaustive; it doesn't apply in certain notifications, in Diego Sampaio's Poll app, etc. Perhaps more importantly, users like to be able to choose the name they known by in this community (The Nickname profile setting should probably allow this, but it doesn't appear to do anything other than appear in parentheses).
Ideally, what I'd like is:
I'm able and motivated to make the code change for this myself, but I'd like to implement this in a way that's likely to be accepted as a pull-request, as I'd prefer to be using the 'canonical' version of Rocket.Chat in production.
Any feedback or comments from current maintainers, who seem to include @sampaiodiego and @gabriellsh would be gratefully received.
Relevant logs: