Ronald Wimmer via FreeIPA-users wrote: > > > On 14.12.23 14:42, Alexander Bokovoy wrote: >> On Чцв, 14 сне 2023, Ronald Wimmer via FreeIPA-users wrote: >>> In our company we do have an IAM tool for user management. We need to >>> create IPA users via this particular tool. I am aware of all IPA >>> commands or API calls to create/modify or delete a user. >>> >>> As the tool does not support FreeIPA yet they asked if there is a way >>> to manage users by using LDAP only. Could that work? What about >>> attributes like ipaNTSecurityIdentifier, ipaUniqueID or uidNumber? >> >> Learn about lifecycle management. This is your way of integrating with >> such tools bvy creating staged users: >> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/managing_idm_users_groups_hosts_and_access_control_rules/configuring-idm-for-external-provisioning-of-users_managing-users-groups-hosts#doc-wrapper >> > > I followed the instructions from the documentation. > > How could I possibly overcome > > Dec 19 09:18:39 tipa01.ipatest.mydomain.at ipa-activate-all[836863]: > ipa: ERROR: Constraint violation: pre-hashed passwords are not valid > > I need to set passwords from the external system.
You need to enable migration mode (ipa config-mod --enable-migration true). By default a pre-hashed password can only be set once: during the user add operation. rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
