Hello the list,
The next terrible bad thing our customer service model says we'd like to do
with FreeIPA is set user passwords from our customer management system. It's
not AD and it's not LDAP. It does have a store of salted hashed sha512
I have set the FreeIPA directory in migration mode as per
We are able to add new users (with add-user) and set their password with
The previous bit is working. The next bit is not.
We have a bunch of users in the directory who were created before we enabled
this feature in user creation, and another bunch who have not yet generated
a password hash. These users have no password set in FreeIPA. Our script is
capable of figuring out if an account hasPassword attribute is True or
We'd like to set these user's passwords if they are not already set, but:
ipa user-mod username --setattr
ipa: ERROR: Constraint violation: Pre-Encoded passwords are not valid
We get the same response when we kinit as admin or a user with the System:
Change User password permission.
Is there a specific configuration mode option or account attribute that
allows this to work?