Mattermost, Inc.

Allow the Usage of reservedName in usernames

Problem Definition

The current behavior of LDAP synchronization does not allow the usage of reservedName on usernames listed in this line of code:

var reservedName = []string{
	"signup",
	"login",
	"admin",
	"channel",
	"post",
	"api",
	"oauth",
	"error",
	"help",
}

As a result, the CleanUsername function gets triggered and all of these reserved keywords are replaced by an empty string if present anywhere in usernames originating from LDAP, Google, Office365, and SAML, and Gitlab.

Suggested Solution

Improve the external directory synchronization process by allowing the usage of the reservedName in usernames.

Why is this important

Attempting to rename the usernames would involve an enormous amount of effort to reconcile the other systems and would likely cause a wide variety of unexpected issues, especially when the company have numerous other systems that utilizes the LDAP directory and the user is assigned various privileges in many of them.