Grant Janssen via FreeIPA-users wrote: > I see a slight variation, but still cannot remove the attribute. > > grant@ef-idm01:~[20221123-7:19][#1018]$ipa user-show --all --raw > waynev | grep krblastadminunlock > grant@ef-idm01:~[20221123-7:20][#1019]$ipa user-show --all --raw > waynev | grep -i krblastadminunlock > krbLastAdminUnlock: 20171006230951Z > grant@ef-idm01:~[20221123-7:20][#1020]$ ipa user-mod > --delattr=krbLastAdminUnlock=20171006230951Z waynev > ipa: ERROR: krblastadminunlock does not contain '20171006230951Z' > grant@ef-idm01:~[20221123-7:20][#1021]$
It's probably a difference between storage and representation. This is a case where ldapsearch is probably better to find the value. Alternatively you can try deleting the entire attribute with: --setattr krblastadminunlock= But again, this would affect any authentication and not just IPA servers so it doesn't make sense that access is not universally allowed/denied. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
