Hi Rob, I’m not at work anymore. How do you find out which credentials you need to modify users in ipa? Do you need to be root? When using the FreeIPA GUI, I’ve no problem creating and modifying users, adding them to groups, etc. However, in the GUI, the password-expiration field is readonly, which is why I have attempted modifying its value on the CLI.
> Le 7 févr. 2023 à 18:53, Rob Crittenden <[email protected]> a écrit : > > What user principal are you using? Do you have permissions to modify > this other user's information? The error message says you don't. > > rob > > [email protected] wrote: >> >> Hi Rob, >> >> thanks for your feedback. >> >> Unfortunately, >> >> ipa user-mod user1 --setattr givenname=phili >> ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the >> 'givenName' attribute of entry 'uid=...'. >> >> >>>> In general we strongly encourage you to upgrade to a supported release >> >> I wish I could. I'll report it to my manager. >> >> >> >> >> ----- Mail original ----- >> De: "Rob Crittenden" <[email protected]> >> À: "FreeIPA users list" <[email protected]> >> Cc: [email protected] >> Envoyé: Mardi 7 Février 2023 17:51:20 >> Objet: Re: [Freeipa-users] Re: password-expiration >> >> When using --setattr you have to use the LDAP attribute name. So in this >> case givenname. >> >> 4.5.4 is getting along to 6 years old now. In general we strongly >> encourage you to upgrade to a supported release, one release at a time >> (there is no going from 4.5 to 4.10 directly). >> >> rob >> >> None via FreeIPA-users wrote: >>> >>> >>> Hi Florence, >>> >>> I've tried the --setattr option with 'first', >>> >>> >>> ipa user-mod user1 --setattr first=phil >>> >>> ... but to no avail >>> >>> ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the >>> 'first' attribute of >>> entry 'uid=...'. >>> >>> >>> >>> ----- Mail original ----- >>> De: "Florence Blanc-Renaud via FreeIPA-users" >>> <[email protected]> >>> À: [email protected] >>> Cc: [email protected], "Florence Blanc-Renaud" >>> <[email protected]> >>> Envoyé: Mardi 7 Février 2023 17:37:19 >>> Objet: [Freeipa-users] Re: password-expiration >>> >>> >>> >>> >>> >>> Hi, >>> >>> >>> >>> On Tue, Feb 7, 2023 at 5:23 PM < [email protected] > wrote: >>> >>> >>> Hi Florence, >>> alas, same issue >>> >>> ipa: error: no such option: --password-expiration >>> >>> >>> >>> Ok, the functionality was added in 4.6.0 (see Release notes ) so you need >>> to use directly ipa user-mod LOGIN --setattr krbpasswordexpiration =VALUE >>> flo >>> >>> >>> >>> >>> >>> >>> ----- Mail original ----- >>> De: "Florence Blanc-Renaud" < [email protected] > >>> À: [email protected] >>> Cc: [email protected] >>> Envoyé: Mardi 7 Février 2023 17:12:32 >>> Objet: Re: [Freeipa-users] password-expiration >>> >>> >>> >>> >>> Hi, >>> >>> >>> >>> On Tue, Feb 7, 2023 at 4:49 PM < [email protected] > wrote: >>> >>> >>> Hi Florence, >>> unfortunately, >>> >>> ipa user-mod user1 --krbpasswordexpiration='2024-06-28 07:49:37Z' >>> Usage: ipa [global-options] user-mod LOGIN [options] >>> >>> ipa: error: no such option: --krbpasswordexpiration >>> >>> >>> My bad, I copied the attribute name instead of the CLI option name. Can you >>> try with >>> ipa user-mod LOGIN --password-expiration =DATETIME >>> >>> >>> Note: if you type ipa user-mod --help you can see all the available >>> options. >>> flo >>> >>> >> > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
