Recently we had to change the login names for around 1200 students.
For this rename we needed to change the students’ Novell eDirectory account and home directory as well as ensuring linked systems such as an LDAP authenticated Moodle site and an IDM linked Active Directory (AD) domain were properly updated.
Create Mapping File: The mapping file is used by Mass User to know what to rename the existing username to. I used MS Access to join my list of new and old account names with an exported list of DNs from our eDirectory.
Use NDS Report to create a list of all the accounts. You only want the DN and CN fields. Save this as an Excel or CSV file.
Create a new MS Access file and import the account list.
Import the text / excel file that lists the old and new account names.
You now need to create a query that maps the cn to the old account name, and then use this to generate a list of the full old dn and the new account name.
You can then export this as a text file.
You will need to set the field separate as ‘=’ and set the test qualifier to none.
You should end up with each line having format:
Once the mapping file is generated you can apply it either to individual OUs (e.g. year groups), or to the entire Users container. I would recommend applying to small containers initially to allow checking for errors. After verifying all renames were performed correctly you can then apply the rename to your entire users’ container.
Before doing the mass rename we did some simple tests of renaming eDirectory accounts to see how they replicated to Active Directory. We determined that the individual renames were successfully propagated through IDM to automatically change the pre-2000 and logon name fields to match the new eDirectory account.
When performing the mass rename of accounts, AD was checked after doing each OU to check propagation was successful. We experienced no problems with IDM and all accounts were successfully synchronised with Active Directory.
For Moodle we wished for users to retain their own accounts including all their settings and course information. To do this the username stored in the Moodle Database (DB) would need to be changed to the new username.
Before making changes to Moodle I recommend putting the site in admin mode and temporarily disabling your LDAP authentication. I only put the site in Admin mode and then had problems during migration as some students had attempted to logon after I had renamed the eDirectory accounts, but before migrating Moodle accounts. This created new user accounts in Moodle that prevented the update queries running due to duplicate key name problems (ie the old account would not rename to new one if one has already been created with the new name)
First you need to import your list of old and new account names into the database. If you already have it in a separate DB on your Moodle server you can use that, otherwise it is best to just to create a new table in the Moodle DB.
I used this query to check the mapping fields. You will need to adjust the fields and collation types for your own setup.
# Shows the current username, the new username and the new IDNumber field for validation check. SELECT mdl.`username` , ern.`StudentId` , replace( `idnumber` , mdl.`username` , ern.`StudentId` COLLATE latin1_swedish_ci ) FROM moodle.`mdl_user` mdl, sbhsdata.`oasisStudentIdMap` ern WHERE mdl.`username` COLLATE latin1_general_ci = ern.`OldStudentId`
I originally setup Moodle to use the IDNumber field to store the full DN, if you use a different field you will need to adjust this.
# Replaces the IDNumber field with the new username. UPDATE moodle.`mdl_user` mdl, sbhsdata.`oasisStudentIdMap` ern SET `idnumber` = replace( `idnumber` , mdl.`username` , ern.`StudentId` COLLATE latin1_swedish_ci ) WHERE mdl.`username` COLLATE latin1_general_ci = ern.`OldStudentId`
# Replaces the mdl_user field with the new username. UPDATE `mdl_user` mdl, `rename` ren SET mdl.`username` = ren.`newname` WHERE mdl.`username`= ren.`oldname`
The migration to the new accounts went well with no problems from student passwords or accounts, although we had a few instances of students using the old username instead of the new one.
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.