Why do I have to uncheck the LDAP User option to edit the username?
ISSUE
We have an LDAP user set up in Metric Insights with the wrong username. In trying to correct that username, we found we had to first set the LDAP user? option to no in order to push through the change (then set it back to yes after the correction). Why is this step necessary?
RESOLUTION
Having to uncheck the LDAP option is a function of how the LDAP feature works. Generally, if connecting to a company's LDAP, the user accounts will be created upon MI syncing with the LDAP server. This ensures the user information created in MI matches what's actually defined in LDAP (with the username serving as the primary key between Metric Insights and the LDAP server).
In this case, the LDAP user was created manually in Metric Insights. This in itself is okay to do, though not recommended. The key is ensuring the username correctly matches LDAP the first time around. Once configured, the username cannot be changed because MI defers mangement of the username to LDAP, therefore locking it down.
This makes sense considering how external authentication methods work (e.g., Active Directory, LDAP, or SAML Single Sign-On). A user that is mapped to an external authentication method is managed outside of Metric Insights so it should not be change-able from within Metric Insights.
Thus, if the LDAP username is wrong, you must set LDAP user? = no in order to correct it. Keep in mind, manually editing the username is only necessary if the user already has an extensive list of preferences set including favorite digests, elements, alerts, etc. If this is a newly created user profile, the alternative solution is to simply delete this user profile from Metric Insights, then have the user in question log in to MI with his/her LDAP credentials. Metric Insights will then confirm the credentials with the LDAP server and auto-create a new user profile with the correct information!