I'm not sure if I need that suboridante and what is the impact in future, since I just created it to random user
чт, 12 июн. 2025 г. в 16:48, Florence Blanc-Renaud <f...@redhat.com>: > > Hi, > > On Mon, Jun 9, 2025 at 11:57 AM alexey safonov via FreeIPA-users > <freeipa-users@lists.fedorahosted.org> wrote: >> >> Hi team, >> >> I accidentally created subordinateID and made some random user as an >> owner. So right now we are not using that function and I'd like to >> delete it. Could not find how to do that. any suggestions? > > There is no supported method allowing to remove a subid, please see > https://freeipa.readthedocs.io/en/ipa-4-11/designs/subordinate-ids.html#revision-1-limitation: > once assigned subids cannot be removed. > > However if you feel adventurous, you can use ldapdelete to directly remove > the entry. > Let's take the following example where I created a user "flo" and assigned > subid to this user: > [root@server ~]# ipa subid-find --owner flo --all --raw > ------------------------ > 1 subordinate id matched > ------------------------ > dn: > ipauniqueid=64bf0eb6-d58f-4a83-a3d1-38e24da9bd72,cn=subids,cn=accounts,dc=ipa,dc=test > ipauniqueid: 64bf0eb6-d58f-4a83-a3d1-38e24da9bd72 > description: auto-assigned subid > ipaowner: uid=flo,cn=users,cn=accounts,dc=ipa,dc=test > ipasubuidnumber: 2147483648 > ipasubuidcount: 65536 > ipasubgidnumber: 2147483648 > ipasubgidcount: 65536 > objectclass: ipasubordinateidentry > objectclass: ipasubordinateid > objectclass: ipasubordinategid > objectclass: ipasubordinateuid > objectclass: top > ---------------------------- > Number of entries returned 1 > ---------------------------- > > The above command displays the DN of the subid entry. You can then use > ldapdelete to remove it: > [root@server ~]# ldapdelete -D cn=directory\ manager -w password > ipauniqueid=64bf0eb6-d58f-4a83-a3d1-38e24da9bd72,cn=subids,cn=accounts,dc=ipa,dc=test > > Check again, the entry is removed: > [root@server ~]# ipa subid-find --owner flo > ------------------------- > 0 subordinate ids matched > ------------------------- > ---------------------------- > Number of entries returned 0 > ---------------------------- > > flo >> >> >> Alex >> -- >> _______________________________________________ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org >> Do not reply to spam, report it: >> https://pagure.io/fedora-infrastructure/new_issue -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
