Re: [Freeipa-users] ipa user/group-mod --setattr can't remove objectclass
Stephen Ingram wrote: Rob- I think this works. I'm not totally sure because I keep getting strange schema violation errors. Perhaps it is the way each --setattr option is evaluated by the directory. I'm going to have to dig deeper to find out. setattr are evaluated first, so the setattr wipes out objectclass and sets it to a single value. addattr then adds the other values. Needless to say thought, a --delattr option would make it much easier to say quickly remove an objectclass or one of a list of email addresses. Yes. rob Steve On Mon, Oct 3, 2011 at 12:05 PM, Rob Crittenden wrote: Stephen Ingram wrote: Rob- I tried that, but I couldn't figure out the correct format: ipa user-mod --setattr=objectclass=oc1, oc2, oc3 ipa user-mod --setattr=objectclass=oc1 oc2 oc3 ipa user-mod --setattr=objectclass=oc1, objectclass=oc2, objectclass=oc3 and some others. Nothing seemed to work all reporting that multiple arguments were not supported. This should work ipa user-mod --setattr=objectclass=oc1 --addattr=objectclass=oc2 --addattr=objectclass=oc3 ... rob Steve On Mon, Oct 3, 2011 at 11:48 AM, Rob Crittenden wrote: Stephen Ingram wrote: I've successfully used ipa user-mod --setattr to remove custom attributes that I've added by simply setting the attribute equal to nothing. However, it does not work in the case of objectclasses since there are several and the command does not support multiple arguments. I've seen references to --delattr in older v1 documentation. Obviously, this could be easily accomplished with an ldapmodify command, but it would be nice to have directly in ipa. Is this already supported and I simply don't know the correct command? Steve There is currently not a delattr equivalent in v2 though we are looking into it. What you'd need to do is a setattr with the full list of objectclasses you want it to be set to. This will replace the current value(s). rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] ipa user/group-mod --setattr can't remove objectclass
Rob- I think this works. I'm not totally sure because I keep getting strange schema violation errors. Perhaps it is the way each --setattr option is evaluated by the directory. I'm going to have to dig deeper to find out. Needless to say thought, a --delattr option would make it much easier to say quickly remove an objectclass or one of a list of email addresses. Steve On Mon, Oct 3, 2011 at 12:05 PM, Rob Crittenden wrote: > Stephen Ingram wrote: >> >> Rob- >> >> I tried that, but I couldn't figure out the correct format: >> >> ipa user-mod --setattr=objectclass=oc1, oc2, oc3 >> >> ipa user-mod --setattr=objectclass=oc1 oc2 oc3 >> >> ipa user-mod --setattr=objectclass=oc1, objectclass=oc2, objectclass=oc3 >> >> and some others. Nothing seemed to work all reporting that multiple >> arguments were not supported. > > This should work > > ipa user-mod --setattr=objectclass=oc1 --addattr=objectclass=oc2 > --addattr=objectclass=oc3 ... > > rob > >> >> Steve >> >> On Mon, Oct 3, 2011 at 11:48 AM, Rob Crittenden >> wrote: >>> >>> Stephen Ingram wrote: I've successfully used ipa user-mod --setattr to remove custom attributes that I've added by simply setting the attribute equal to nothing. However, it does not work in the case of objectclasses since there are several and the command does not support multiple arguments. I've seen references to --delattr in older v1 documentation. Obviously, this could be easily accomplished with an ldapmodify command, but it would be nice to have directly in ipa. Is this already supported and I simply don't know the correct command? Steve >>> >>> There is currently not a delattr equivalent in v2 though we are looking >>> into >>> it. >>> >>> What you'd need to do is a setattr with the full list of objectclasses >>> you >>> want it to be set to. This will replace the current value(s). >>> >>> rob >>> > > ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] ipa user/group-mod --setattr can't remove objectclass
Stephen Ingram wrote: Rob- I tried that, but I couldn't figure out the correct format: ipa user-mod --setattr=objectclass=oc1, oc2, oc3 ipa user-mod --setattr=objectclass=oc1 oc2 oc3 ipa user-mod --setattr=objectclass=oc1, objectclass=oc2, objectclass=oc3 and some others. Nothing seemed to work all reporting that multiple arguments were not supported. This should work ipa user-mod --setattr=objectclass=oc1 --addattr=objectclass=oc2 --addattr=objectclass=oc3 ... rob Steve On Mon, Oct 3, 2011 at 11:48 AM, Rob Crittenden wrote: Stephen Ingram wrote: I've successfully used ipa user-mod --setattr to remove custom attributes that I've added by simply setting the attribute equal to nothing. However, it does not work in the case of objectclasses since there are several and the command does not support multiple arguments. I've seen references to --delattr in older v1 documentation. Obviously, this could be easily accomplished with an ldapmodify command, but it would be nice to have directly in ipa. Is this already supported and I simply don't know the correct command? Steve There is currently not a delattr equivalent in v2 though we are looking into it. What you'd need to do is a setattr with the full list of objectclasses you want it to be set to. This will replace the current value(s). rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] ipa user/group-mod --setattr can't remove objectclass
Rob- I tried that, but I couldn't figure out the correct format: ipa user-mod --setattr=objectclass=oc1, oc2, oc3 ipa user-mod --setattr=objectclass=oc1 oc2 oc3 ipa user-mod --setattr=objectclass=oc1, objectclass=oc2, objectclass=oc3 and some others. Nothing seemed to work all reporting that multiple arguments were not supported. Steve On Mon, Oct 3, 2011 at 11:48 AM, Rob Crittenden wrote: > Stephen Ingram wrote: >> >> I've successfully used ipa user-mod --setattr to remove custom >> attributes that I've added by simply setting the attribute equal to >> nothing. However, it does not work in the case of objectclasses since >> there are several and the command does not support multiple arguments. >> I've seen references to --delattr in older v1 documentation. >> Obviously, this could be easily accomplished with an ldapmodify >> command, but it would be nice to have directly in ipa. Is this already >> supported and I simply don't know the correct command? >> >> Steve > > There is currently not a delattr equivalent in v2 though we are looking into > it. > > What you'd need to do is a setattr with the full list of objectclasses you > want it to be set to. This will replace the current value(s). > > rob > ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] ipa user/group-mod --setattr can't remove objectclass
Stephen Ingram wrote: I've successfully used ipa user-mod --setattr to remove custom attributes that I've added by simply setting the attribute equal to nothing. However, it does not work in the case of objectclasses since there are several and the command does not support multiple arguments. I've seen references to --delattr in older v1 documentation. Obviously, this could be easily accomplished with an ldapmodify command, but it would be nice to have directly in ipa. Is this already supported and I simply don't know the correct command? Steve There is currently not a delattr equivalent in v2 though we are looking into it. What you'd need to do is a setattr with the full list of objectclasses you want it to be set to. This will replace the current value(s). rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] ipa user/group-mod --setattr can't remove objectclass
I've successfully used ipa user-mod --setattr to remove custom attributes that I've added by simply setting the attribute equal to nothing. However, it does not work in the case of objectclasses since there are several and the command does not support multiple arguments. I've seen references to --delattr in older v1 documentation. Obviously, this could be easily accomplished with an ldapmodify command, but it would be nice to have directly in ipa. Is this already supported and I simply don't know the correct command? Steve ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
