[solved] Duplicate user blocks LDAP migrate_auth

Summary

We’re trying to migrate a block of users to LDAP auth, but are blocked by a duplicate entry

Steps to reproduce

v5.5.0 E10
I run the CLI command “sudo /opt/mattermost/bin/mattermost user migrate_auth email ldap email --dryRun” and get a report of emails not matched, this is fine and expected. Then I run the same command without the “–dryRun”, and I get the following error: “Error: Error while migrating users: MigrateToLdap: Unable to migrate AD/LDAP users with specified field. Duplicate entry detected. Please remove all duplcates and try again., email= username=[username]”

I’ve checked MatterMost (System Console > Reports > Users) and there is no user by that username. I suspect this might be a case of our AD containing multiple usernames without an email, but why would MatterMost be checking AD for any email-addresses that don’t belong to registered users?

Is there a way to list all users in the MatterMost database through the CLI? I’m not really comfortable poking the database with SQL to find out… Or can I rely on Reports > Users to list all users, including ones without email?

Expected behavior

If the dry-run succeeds, I expect the actual migration to succeed as well.

Observed behavior

See the above error

Hi @selsno,

It is possible that the ID Attribute of those users have changed which might be causing the issue - more information here: https://docs.mattermost.com/deployment/sso-ldap.html#i-updated-a-user-account-in-ad-ldap-and-they-can-no-longer-log-in-to-mattermost.

Also, have you tried using the command --force Ignore duplicate entries on the AD/LDAP server. ?

Hey Amy.

Thanks for the feedback. We tripple-checked our users, and I got some help from one of our database-people to check the MatterMost user-table, and in the end we could certify that it really was just an AD issue that gave the error. So in the end we just ran --force, and all is well now.

Thanks for the help.