Re: [Freeipa-users] admin account deleted from webui
On 05/09/2012 10:24 PM, Rob Crittenden wrote: Sylvain Angers wrote: Hello Someone did delete the admin account by mistake, how can we recover from this? Fortunately there is nothing really special about the admin account except that they are a member of the admins group, that is the important bit. You can use ldapmodify to add another user into the admins group: $ ldapmodify -x -D 'cn=directory manager' -W dn: cn=admins,cn=groups,cn=accounts,dc=example,dc=com changetype: modify add: member member: uid=youruser,cn=users,cn=accounts,dc=example,dc=com ^D You can decide to re-create the admin user if you'd like. We have a bug open to prevent the last member of the admins group to be removed. I think we should document recovery procedure also: https://fedorahosted.org/freeipa/ticket/2746 Petr^2 Spacek rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] admin account deleted from webui
Sylvain Angers wrote: > >> Hello >> Someone did delete the admin account by mistake, how can we recover from >> this? >> > > > You might want to have a look on this, There is a RFE which will prompt you before you delete some important things. https://fedorahosted.org/freeipa/ticket/2560 https://fedorahosted.org/freeipa/ticket/2564 Regards Arpit Tolani ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] admin account deleted from webui
Sylvain Angers wrote: Hello Someone did delete the admin account by mistake, how can we recover from this? Fortunately there is nothing really special about the admin account except that they are a member of the admins group, that is the important bit. You can use ldapmodify to add another user into the admins group: $ ldapmodify -x -D 'cn=directory manager' -W dn: cn=admins,cn=groups,cn=accounts,dc=example,dc=com changetype: modify add: member member: uid=youruser,cn=users,cn=accounts,dc=example,dc=com ^D You can decide to re-create the admin user if you'd like. We have a bug open to prevent the last member of the admins group to be removed. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users