On ti, 05 huhti 2022, Francis Augusto Medeiros-Logeay via FreeIPA-users wrote:
Thanks again!
How can I do that? On the GUI I get an error message when I try to set the base
rid:
"IPA Error 4000: ExecutionError
This command can not be used to change ID allocation for local IPA domain. Run `ipa
help idrange` for more information"
Is it possible to set it?
Yes, it is possible to change but you'd need to use a bit of a low-level
command on IPA server as root:
# ipa -e in_server=true console
(Custom IPA interactive Python console)
api: IPA API object
pp: pretty printer
idrange = api.Object.idrange.get_dn('IPA.TEST_id_range')
entry = api.Backend.ldap2.get_entry(idrange)
entry.update({'ipaBaseRID': [b'1000']})
api.Backend.ldap2.update_entry(entry)
This is an interactive IPA console that allows to use IPA bindings in
Python. The console is preconfigured with LDAP connection (whence, use
of in_server=true) if ran this way as root on IPA server.
Lines starting with >>> are where you enter their content after '>>>'
prompt.
Change the idrange name in the first '>>>' line and enter the remaining
commands as they are (after '>>>' prompt).
What it does is:
1. get DN of the ID range named 'IPA.TEST_id_range'
2. Pull LDAP entry pointed by this DN
3. Change one attribute, 'ipaBaseRID' of this entry to value 1000, but
it has to be specified as an array of binary string values: [b'1000']
4. update LDAP entry with new content
After this change your ID range shold have base RID of 1000.
I only tested this on FreeIPA 4.9+.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
