Changing user IDs in 4.0.1
1. Go to the jts admin page: https://[OURSERVER]:9443/jts/admin
2. Click "Server" on the top menu, then "Advanced Properties" on the left menu.
3. Change "Ability to Modify User IDs" from false to true (if it wasn't already).
4. Change "User Registry Type" from DETECT to UNSUPPORTED.
5. Click "Save" in the upper right.
6. Load the user profile and edit the ID. Save.
7. Change "User Registry Type" from UNSUPPORTED back to DETECT.
8. Click "Save" in the upper right.
What happens is the new user ID does not work. The old user ID works to login but then gets the error:
Error!
You are not authorized to view this page.
ForbiddenWe do not use LDAP, if that matters. User IDs are created in RTC.
Accepted answer
CLM 4.0.1, Windows, Tomcat, Derby test system.
- Log in as admin
-
Set to UNSUPPORTED, Allow changing User ID, save
- Open a User, change the ID, save
- Opened tomcat-users.xml, found original user ID, changed that to the desired ID for the user I changed.
- Shut down server
- Start up server
-
Login with changed user ID - password unchanged - worked
Comments
I updated my blog post.
For Tomcat I would also suggest to shut down tomcat before changing the username property in tomcat-users.xml. This would prevent issues concurrent server and user write operations on the tomcat-users.xml and caching.
This did the trick. The missing step was restarting the server. :) Unfortunately any time we have to restart the server we have to get involved with change control and approvals, so we will likely continue our old process of creating a new ID and changing the name of the old account to include "(BAD ID)". Now to learn how to purge accounts with bad IDs...
Mike, changing user ID's should be a rare thing. Typically one time only, because of a typo or because of changing the registry. If this is common in your case, I would be interested what could cause this. I would consider reviewing my processes. Or consider to use a free LDAP system such as Apache Directory Studio.
Shutting down and restarting the server should not be so complex that it prevents doing it for the right reasons. If it is, that is a clear indicator to me, that the process needs adjustments.
I am however aware of the distressing fact that sometimes wrong processes can't be changed to be right due to factors out of ones control.
One other answer
Comments
Tomcat.
I think that linked article is where I originally got the instructions and they aren't working, as described above. The only thing I am doing different is I skipped the step "Change property Ability to Modify User IDs back to false" as I am pretty sure that is not necessary.
Of course those instructions were specifically for LDAP and we're not using LDAP. Are you saying that in addition to those instructions we need to edit tomcat-users.xml? Can this be done while the server is live and without restarting? If not, it's a huge deal that involves change control and approvals for us and would take two weeks to get a user ID changed. Any server restart is considered a "change" here.
One thing I noticed is that the ccm admin page has the same "Ability to Modify User IDs" setting and it does not automatically change to match the jts admin setting. Is this relevant?
I tried updating the tomcat-users.xml file as you suggested (in addition to the above instructions in the OP), but that did not change anything. Still only the old ID worked and still got the same error.