On 05/09/2012 10:24 PM, Rob Crittenden wrote:
Sylvain Angers wrote:
Someone did delete the admin account by mistake, how can we recover from

Fortunately there is nothing really special about the admin account except
that they are a member of the admins group, that is the important bit.

You can use ldapmodify to add another user into the admins group:

$ ldapmodify -x -D 'cn=directory manager' -W
dn: cn=admins,cn=groups,cn=accounts,dc=example,dc=com
changetype: modify
add: member
member: uid=youruser,cn=users,cn=accounts,dc=example,dc=com


You can decide to re-create the admin user if you'd like.

We have a bug open to prevent the last member of the admins group to be removed.

I think we should document recovery procedure also:

Petr^2 Spacek


Freeipa-users mailing list

Reply via email to