URL: https://github.com/freeipa/freeipa/pull/1714 Author: abbra Title: #1714: use LDAP Whoami command when creating an OTP token Action: opened PR body: """ ipa user-find --whoami is used by ipa otptoken-add to populate ipaTokenOwner and managedBy attributes. These attributes, in turn are checked by the self-service ACI which allows to create OTP tokens assigned to the creator. With 389-ds-base 1.4.0.6-2.fc28 in Fedora 28 beta there is a bug in searches with scope 'one' that result in ipa user-find --whoami returning 0 results. Because ipa user-find --whoami does not work, non-admin user cannot create a token. This is a regression that can be fixed by using LDAP Whoami command. Fixes: https://pagure.io/freeipa/issue/7456 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1714/head:pr1714 git checkout pr1714