On ke, 23 marras 2022, Grant Janssen wrote:
Alexander
Thank You for your attention, but this did not work for me.
I had tried earlier to remove this attribute in the conventional manner, but failed.
(example again at the tail of my output)
[root@ef-idm01 ~]# ipa -e in_server=true user-mod waynev
--delattr=krblastadminunlock=20171006230951Z
ipa: ERROR: krblastadminunlock does not contain '20171006230951Z'
It says the attribute value is not there. Can you do
ipa user-show --all --raw waynev |grep krblastadminunlock
?
This differs from your output below by not processing the attributes
value's output. And then use that value to pass through to user-mod.
[root@ef-idm01 ~]# exit
logout
grant@ef-idm01:~[20221123-6:59][#1012]$ klist
Ticket cache: KEYRING:persistent:555:555
Default principal: grant@PRODUCTION.EFILM.COM<mailto:grant@PRODUCTION.EFILM.COM>
Valid starting Expires Service principal
11/23/2022 04:43:47 11/24/2022 04:43:34
HTTP/ef-idm01.production.efilm.com@PRODUCTION.EFILM.COM<mailto:HTTP/ef-idm01.production.efilm.com@PRODUCTION.EFILM.COM>
11/23/2022 04:43:37 11/24/2022 04:43:34
krbtgt/PRODUCTION.EFILM.COM@PRODUCTION.EFILM.COM<mailto:krbtgt/PRODUCTION.EFILM.COM@PRODUCTION.EFILM.COM>
grant@ef-idm01:~[20221123-6:59][#1013]$ ipa user-mod
--delattr=krblastadminunlock=20171006230951Z waynev
ipa: ERROR: krblastadminunlock does not contain '20171006230951Z'
grant@ef-idm01:~[20221123-6:59][#1014]$ ipa user-show --all waynev | grep
krblastadminunlock
krblastadminunlock: 20171006230951Z
grant@ef-idm01:~[20221123-DING!][#1015]$
thanx
- grant
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland