Hello, in FreeIPA 4.5.4, how do you reset a user's password expiration date? Many thanks. Best regards, Philippe
Hi,
On Tue, Feb 7, 2023 at 4:11 PM None via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
Hello, in FreeIPA 4.5.4, how do you reset a user's password expiration date?
IIRC the command "ipa user-mod LOGIN --krbpasswordexpiration=DATETIME was already available in that version. flo
Many thanks.
Best regards, Philippe _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Hi Florence, unfortunately,
ipa user-mod user1 --krbpasswordexpiration='2024-06-28 07:49:37Z' Usage: ipa [global-options] user-mod LOGIN [options]
ipa: error: no such option: --krbpasswordexpiration
--
ipa --version VERSION: 4.5.4, API_VERSION: 2.228
----- Mail original ----- De: "Florence Blanc-Renaud" flo@redhat.com À: "FreeIPA users list" freeipa-users@lists.fedorahosted.org Cc: phiroc@free.fr Envoyé: Mardi 7 Février 2023 16:40:11 Objet: Re: [Freeipa-users] password-expiration
Hi,
On Tue, Feb 7, 2023 at 4:11 PM None via FreeIPA-users < freeipa-users@lists.fedorahosted.org > wrote:
Hello, in FreeIPA 4.5.4, how do you reset a user's password expiration date?
IIRC the command "ipa user-mod LOGIN --krbpasswordexpiration=DATETIME was already available in that version. flo
Many thanks. Best regards, Philippe _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Hi,
On Tue, Feb 7, 2023 at 4:49 PM phiroc@free.fr wrote:
Hi Florence, unfortunately,
ipa user-mod user1 --krbpasswordexpiration='2024-06-28 07:49:37Z' Usage: ipa [global-options] user-mod LOGIN [options]
ipa: error: no such option: --krbpasswordexpiration
My bad, I copied the attribute name instead of the CLI option name. Can
you try with ipa user-mod LOGIN --password-expiration=DATETIME
Note: if you type *ipa user-mod --help* you can see all the available options. flo
--
ipa --version VERSION: 4.5.4, API_VERSION: 2.228
----- Mail original ----- De: "Florence Blanc-Renaud" flo@redhat.com À: "FreeIPA users list" freeipa-users@lists.fedorahosted.org Cc: phiroc@free.fr Envoyé: Mardi 7 Février 2023 16:40:11 Objet: Re: [Freeipa-users] password-expiration
Hi,
On Tue, Feb 7, 2023 at 4:11 PM None via FreeIPA-users < freeipa-users@lists.fedorahosted.org > wrote:
Hello, in FreeIPA 4.5.4, how do you reset a user's password expiration date?
IIRC the command "ipa user-mod LOGIN --krbpasswordexpiration=DATETIME was already available in that version. flo
Many thanks. Best regards, Philippe _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Hi Florence, alas, same issue
ipa: error: no such option: --password-expiration
----- Mail original ----- De: "Florence Blanc-Renaud" flo@redhat.com À: phiroc@free.fr Cc: freeipa-users@lists.fedorahosted.org Envoyé: Mardi 7 Février 2023 17:12:32 Objet: Re: [Freeipa-users] password-expiration
Hi,
On Tue, Feb 7, 2023 at 4:49 PM < phiroc@free.fr > wrote:
Hi Florence, unfortunately,
ipa user-mod user1 --krbpasswordexpiration='2024-06-28 07:49:37Z' Usage: ipa [global-options] user-mod LOGIN [options]
ipa: error: no such option: --krbpasswordexpiration
My bad, I copied the attribute name instead of the CLI option name. Can you try with ipa user-mod LOGIN --password-expiration =DATETIME
Note: if you type ipa user-mod --help you can see all the available options. flo
When I run 'ipa user-show user1 --all'
the krbpasswordexpiration attribute appears in the list of user attributes though.
----- Mail original ----- De: "None via FreeIPA-users" freeipa-users@lists.fedorahosted.org À: "Florence Blanc-Renaud" flo@redhat.com Cc: freeipa-users@lists.fedorahosted.org, phiroc@free.fr Envoyé: Mardi 7 Février 2023 17:23:34 Objet: [Freeipa-users] Re: password-expiration
Hi Florence, alas, same issue
ipa: error: no such option: --password-expiration
----- Mail original ----- De: "Florence Blanc-Renaud" flo@redhat.com À: phiroc@free.fr Cc: freeipa-users@lists.fedorahosted.org Envoyé: Mardi 7 Février 2023 17:12:32 Objet: Re: [Freeipa-users] password-expiration
Hi,
On Tue, Feb 7, 2023 at 4:49 PM < phiroc@free.fr > wrote:
Hi Florence, unfortunately,
ipa user-mod user1 --krbpasswordexpiration='2024-06-28 07:49:37Z' Usage: ipa [global-options] user-mod LOGIN [options]
ipa: error: no such option: --krbpasswordexpiration
My bad, I copied the attribute name instead of the CLI option name. Can you try with ipa user-mod LOGIN --password-expiration =DATETIME
Note: if you type ipa user-mod --help you can see all the available options. flo
Hi,
On Tue, Feb 7, 2023 at 5:23 PM phiroc@free.fr wrote:
Hi Florence, alas, same issue
ipa: error: no such option: --password-expiration
Ok, the functionality was added in 4.6.0 (see Release notes
https://www.freeipa.org/page/Releases/4.6.0) so you need to use directly ipa user-mod LOGIN --setattr krbpasswordexpiration=VALUE flo
----- Mail original ----- De: "Florence Blanc-Renaud" flo@redhat.com À: phiroc@free.fr Cc: freeipa-users@lists.fedorahosted.org Envoyé: Mardi 7 Février 2023 17:12:32 Objet: Re: [Freeipa-users] password-expiration
Hi,
On Tue, Feb 7, 2023 at 4:49 PM < phiroc@free.fr > wrote:
Hi Florence, unfortunately,
ipa user-mod user1 --krbpasswordexpiration='2024-06-28 07:49:37Z' Usage: ipa [global-options] user-mod LOGIN [options]
ipa: error: no such option: --krbpasswordexpiration
My bad, I copied the attribute name instead of the CLI option name. Can you try with ipa user-mod LOGIN --password-expiration =DATETIME
Note: if you type ipa user-mod --help you can see all the available options. flo
--
ipa --version VERSION: 4.5.4, API_VERSION: 2.228
----- Mail original ----- De: "Florence Blanc-Renaud" < flo@redhat.com > À: "FreeIPA users list" < freeipa-users@lists.fedorahosted.org > Cc: phiroc@free.fr Envoyé: Mardi 7 Février 2023 16:40:11 Objet: Re: [Freeipa-users] password-expiration
Hi,
On Tue, Feb 7, 2023 at 4:11 PM None via FreeIPA-users < freeipa-users@lists.fedorahosted.org > wrote:
Hello, in FreeIPA 4.5.4, how do you reset a user's password expiration date?
IIRC the command "ipa user-mod LOGIN --krbpasswordexpiration=DATETIME was already available in that version. flo
Many thanks. Best regards, Philippe _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Hi Florence,
I've tried the --setattr option with 'first',
ipa user-mod user1 --setattr first=phil
... but to no avail
ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the 'first' attribute of entry 'uid=...'.
----- Mail original ----- De: "Florence Blanc-Renaud via FreeIPA-users" freeipa-users@lists.fedorahosted.org À: phiroc@free.fr Cc: freeipa-users@lists.fedorahosted.org, "Florence Blanc-Renaud" flo@redhat.com Envoyé: Mardi 7 Février 2023 17:37:19 Objet: [Freeipa-users] Re: password-expiration
Hi,
On Tue, Feb 7, 2023 at 5:23 PM < phiroc@free.fr > wrote:
Hi Florence, alas, same issue
ipa: error: no such option: --password-expiration
Ok, the functionality was added in 4.6.0 (see Release notes ) so you need to use directly ipa user-mod LOGIN --setattr krbpasswordexpiration =VALUE flo
----- Mail original ----- De: "Florence Blanc-Renaud" < flo@redhat.com > À: phiroc@free.fr Cc: freeipa-users@lists.fedorahosted.org Envoyé: Mardi 7 Février 2023 17:12:32 Objet: Re: [Freeipa-users] password-expiration
Hi,
On Tue, Feb 7, 2023 at 4:49 PM < phiroc@free.fr > wrote:
Hi Florence, unfortunately,
ipa user-mod user1 --krbpasswordexpiration='2024-06-28 07:49:37Z' Usage: ipa [global-options] user-mod LOGIN [options]
ipa: error: no such option: --krbpasswordexpiration
My bad, I copied the attribute name instead of the CLI option name. Can you try with ipa user-mod LOGIN --password-expiration =DATETIME
Note: if you type ipa user-mod --help you can see all the available options. flo
When using --setattr you have to use the LDAP attribute name. So in this case givenname.
4.5.4 is getting along to 6 years old now. In general we strongly encourage you to upgrade to a supported release, one release at a time (there is no going from 4.5 to 4.10 directly).
rob
None via FreeIPA-users wrote:
Hi Florence,
I've tried the --setattr option with 'first',
ipa user-mod user1 --setattr first=phil
... but to no avail
ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the 'first' attribute of entry 'uid=...'.
----- Mail original ----- De: "Florence Blanc-Renaud via FreeIPA-users" freeipa-users@lists.fedorahosted.org À: phiroc@free.fr Cc: freeipa-users@lists.fedorahosted.org, "Florence Blanc-Renaud" flo@redhat.com Envoyé: Mardi 7 Février 2023 17:37:19 Objet: [Freeipa-users] Re: password-expiration
Hi,
On Tue, Feb 7, 2023 at 5:23 PM < phiroc@free.fr > wrote:
Hi Florence, alas, same issue
ipa: error: no such option: --password-expiration
Ok, the functionality was added in 4.6.0 (see Release notes ) so you need to use directly ipa user-mod LOGIN --setattr krbpasswordexpiration =VALUE flo
----- Mail original ----- De: "Florence Blanc-Renaud" < flo@redhat.com > À: phiroc@free.fr Cc: freeipa-users@lists.fedorahosted.org Envoyé: Mardi 7 Février 2023 17:12:32 Objet: Re: [Freeipa-users] password-expiration
Hi,
On Tue, Feb 7, 2023 at 4:49 PM < phiroc@free.fr > wrote:
Hi Florence, unfortunately,
ipa user-mod user1 --krbpasswordexpiration='2024-06-28 07:49:37Z' Usage: ipa [global-options] user-mod LOGIN [options]
ipa: error: no such option: --krbpasswordexpiration
My bad, I copied the attribute name instead of the CLI option name. Can you try with ipa user-mod LOGIN --password-expiration =DATETIME
Note: if you type ipa user-mod --help you can see all the available options. flo
Hi Rob,
thanks for your feedback.
Unfortunately,
ipa user-mod user1 --setattr givenname=phili ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the 'givenName' attribute of entry 'uid=...'.
In general we strongly encourage you to upgrade to a supported release
I wish I could. I'll report it to my manager.
----- Mail original ----- De: "Rob Crittenden" rcritten@redhat.com À: "FreeIPA users list" freeipa-users@lists.fedorahosted.org Cc: phiroc@free.fr Envoyé: Mardi 7 Février 2023 17:51:20 Objet: Re: [Freeipa-users] Re: password-expiration
When using --setattr you have to use the LDAP attribute name. So in this case givenname.
4.5.4 is getting along to 6 years old now. In general we strongly encourage you to upgrade to a supported release, one release at a time (there is no going from 4.5 to 4.10 directly).
rob
None via FreeIPA-users wrote:
Hi Florence,
I've tried the --setattr option with 'first',
ipa user-mod user1 --setattr first=phil
... but to no avail
ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the 'first' attribute of entry 'uid=...'.
----- Mail original ----- De: "Florence Blanc-Renaud via FreeIPA-users" freeipa-users@lists.fedorahosted.org À: phiroc@free.fr Cc: freeipa-users@lists.fedorahosted.org, "Florence Blanc-Renaud" flo@redhat.com Envoyé: Mardi 7 Février 2023 17:37:19 Objet: [Freeipa-users] Re: password-expiration
Hi,
On Tue, Feb 7, 2023 at 5:23 PM < phiroc@free.fr > wrote:
Hi Florence, alas, same issue
ipa: error: no such option: --password-expiration
Ok, the functionality was added in 4.6.0 (see Release notes ) so you need to use directly ipa user-mod LOGIN --setattr krbpasswordexpiration =VALUE flo
----- Mail original ----- De: "Florence Blanc-Renaud" < flo@redhat.com > À: phiroc@free.fr Cc: freeipa-users@lists.fedorahosted.org Envoyé: Mardi 7 Février 2023 17:12:32 Objet: Re: [Freeipa-users] password-expiration
Hi,
On Tue, Feb 7, 2023 at 4:49 PM < phiroc@free.fr > wrote:
Hi Florence, unfortunately,
ipa user-mod user1 --krbpasswordexpiration='2024-06-28 07:49:37Z' Usage: ipa [global-options] user-mod LOGIN [options]
ipa: error: no such option: --krbpasswordexpiration
My bad, I copied the attribute name instead of the CLI option name. Can you try with ipa user-mod LOGIN --password-expiration =DATETIME
Note: if you type ipa user-mod --help you can see all the available options. flo
What user principal are you using? Do you have permissions to modify this other user's information? The error message says you don't.
rob
phiroc@free.fr wrote:
Hi Rob,
thanks for your feedback.
Unfortunately,
ipa user-mod user1 --setattr givenname=phili ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the 'givenName' attribute of entry 'uid=...'.
In general we strongly encourage you to upgrade to a supported release
I wish I could. I'll report it to my manager.
----- Mail original ----- De: "Rob Crittenden" rcritten@redhat.com À: "FreeIPA users list" freeipa-users@lists.fedorahosted.org Cc: phiroc@free.fr Envoyé: Mardi 7 Février 2023 17:51:20 Objet: Re: [Freeipa-users] Re: password-expiration
When using --setattr you have to use the LDAP attribute name. So in this case givenname.
4.5.4 is getting along to 6 years old now. In general we strongly encourage you to upgrade to a supported release, one release at a time (there is no going from 4.5 to 4.10 directly).
rob
None via FreeIPA-users wrote:
Hi Florence,
I've tried the --setattr option with 'first',
ipa user-mod user1 --setattr first=phil
... but to no avail
ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the 'first' attribute of entry 'uid=...'.
----- Mail original ----- De: "Florence Blanc-Renaud via FreeIPA-users" freeipa-users@lists.fedorahosted.org À: phiroc@free.fr Cc: freeipa-users@lists.fedorahosted.org, "Florence Blanc-Renaud" flo@redhat.com Envoyé: Mardi 7 Février 2023 17:37:19 Objet: [Freeipa-users] Re: password-expiration
Hi,
On Tue, Feb 7, 2023 at 5:23 PM < phiroc@free.fr > wrote:
Hi Florence, alas, same issue
ipa: error: no such option: --password-expiration
Ok, the functionality was added in 4.6.0 (see Release notes ) so you need to use directly ipa user-mod LOGIN --setattr krbpasswordexpiration =VALUE flo
----- Mail original ----- De: "Florence Blanc-Renaud" < flo@redhat.com > À: phiroc@free.fr Cc: freeipa-users@lists.fedorahosted.org Envoyé: Mardi 7 Février 2023 17:12:32 Objet: Re: [Freeipa-users] password-expiration
Hi,
On Tue, Feb 7, 2023 at 4:49 PM < phiroc@free.fr > wrote:
Hi Florence, unfortunately,
ipa user-mod user1 --krbpasswordexpiration='2024-06-28 07:49:37Z' Usage: ipa [global-options] user-mod LOGIN [options]
ipa: error: no such option: --krbpasswordexpiration
My bad, I copied the attribute name instead of the CLI option name. Can you try with ipa user-mod LOGIN --password-expiration =DATETIME
Note: if you type ipa user-mod --help you can see all the available options. flo
Hi Rob, I’m not at work anymore. How do you find out which credentials you need to modify users in ipa? Do you need to be root? When using the FreeIPA GUI, I’ve no problem creating and modifying users, adding them to groups, etc. However, in the GUI, the password-expiration field is readonly, which is why I have attempted modifying its value on the CLI.
Le 7 févr. 2023 à 18:53, Rob Crittenden rcritten@redhat.com a écrit :
What user principal are you using? Do you have permissions to modify this other user's information? The error message says you don't.
rob
phiroc@free.fr wrote:
Hi Rob,
thanks for your feedback.
Unfortunately,
ipa user-mod user1 --setattr givenname=phili ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the 'givenName' attribute of entry 'uid=...'.
In general we strongly encourage you to upgrade to a supported release
I wish I could. I'll report it to my manager.
----- Mail original ----- De: "Rob Crittenden" rcritten@redhat.com À: "FreeIPA users list" freeipa-users@lists.fedorahosted.org Cc: phiroc@free.fr Envoyé: Mardi 7 Février 2023 17:51:20 Objet: Re: [Freeipa-users] Re: password-expiration
When using --setattr you have to use the LDAP attribute name. So in this case givenname.
4.5.4 is getting along to 6 years old now. In general we strongly encourage you to upgrade to a supported release, one release at a time (there is no going from 4.5 to 4.10 directly).
rob
None via FreeIPA-users wrote:
Hi Florence,
I've tried the --setattr option with 'first',
ipa user-mod user1 --setattr first=phil
... but to no avail
ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the 'first' attribute of entry 'uid=...'.
----- Mail original ----- De: "Florence Blanc-Renaud via FreeIPA-users" freeipa-users@lists.fedorahosted.org À: phiroc@free.fr Cc: freeipa-users@lists.fedorahosted.org, "Florence Blanc-Renaud" flo@redhat.com Envoyé: Mardi 7 Février 2023 17:37:19 Objet: [Freeipa-users] Re: password-expiration
Hi,
On Tue, Feb 7, 2023 at 5:23 PM < phiroc@free.fr > wrote:
Hi Florence, alas, same issue
ipa: error: no such option: --password-expiration
Ok, the functionality was added in 4.6.0 (see Release notes ) so you need to use directly ipa user-mod LOGIN --setattr krbpasswordexpiration =VALUE flo
----- Mail original ----- De: "Florence Blanc-Renaud" < flo@redhat.com > À: phiroc@free.fr Cc: freeipa-users@lists.fedorahosted.org Envoyé: Mardi 7 Février 2023 17:12:32 Objet: Re: [Freeipa-users] password-expiration
Hi,
On Tue, Feb 7, 2023 at 4:49 PM < phiroc@free.fr > wrote:
Hi Florence, unfortunately,
ipa user-mod user1 --krbpasswordexpiration='2024-06-28 07:49:37Z' Usage: ipa [global-options] user-mod LOGIN [options]
ipa: error: no such option: --krbpasswordexpiration
My bad, I copied the attribute name instead of the CLI option name. Can you try with ipa user-mod LOGIN --password-expiration =DATETIME
Note: if you type ipa user-mod --help you can see all the available options. flo
It relies on the Kerberos TGT you currently have. I assume you log into the UI as admin but on the cli you have a ticket for yourself.
Use klist to find out
To become admin: kinit admin
rob
Philippe de Rochambeau wrote:
Hi Rob, I’m not at work anymore. How do you find out which credentials you need to modify users in ipa? Do you need to be root? When using the FreeIPA GUI, I’ve no problem creating and modifying users, adding them to groups, etc. However, in the GUI, the password-expiration field is readonly, which is why I have attempted modifying its value on the CLI.
Le 7 févr. 2023 à 18:53, Rob Crittenden rcritten@redhat.com a écrit :
What user principal are you using? Do you have permissions to modify this other user's information? The error message says you don't.
rob
phiroc@free.fr wrote:
Hi Rob,
thanks for your feedback.
Unfortunately,
ipa user-mod user1 --setattr givenname=phili ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the 'givenName' attribute of entry 'uid=...'.
In general we strongly encourage you to upgrade to a supported release
I wish I could. I'll report it to my manager.
----- Mail original ----- De: "Rob Crittenden" rcritten@redhat.com À: "FreeIPA users list" freeipa-users@lists.fedorahosted.org Cc: phiroc@free.fr Envoyé: Mardi 7 Février 2023 17:51:20 Objet: Re: [Freeipa-users] Re: password-expiration
When using --setattr you have to use the LDAP attribute name. So in this case givenname.
4.5.4 is getting along to 6 years old now. In general we strongly encourage you to upgrade to a supported release, one release at a time (there is no going from 4.5 to 4.10 directly).
rob
None via FreeIPA-users wrote:
Hi Florence,
I've tried the --setattr option with 'first',
ipa user-mod user1 --setattr first=phil
... but to no avail
ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the 'first' attribute of entry 'uid=...'.
----- Mail original ----- De: "Florence Blanc-Renaud via FreeIPA-users" freeipa-users@lists.fedorahosted.org À: phiroc@free.fr Cc: freeipa-users@lists.fedorahosted.org, "Florence Blanc-Renaud" flo@redhat.com Envoyé: Mardi 7 Février 2023 17:37:19 Objet: [Freeipa-users] Re: password-expiration
Hi,
On Tue, Feb 7, 2023 at 5:23 PM < phiroc@free.fr > wrote:
Hi Florence, alas, same issue
ipa: error: no such option: --password-expiration
Ok, the functionality was added in 4.6.0 (see Release notes ) so you need to use directly ipa user-mod LOGIN --setattr krbpasswordexpiration =VALUE flo
----- Mail original ----- De: "Florence Blanc-Renaud" < flo@redhat.com > À: phiroc@free.fr Cc: freeipa-users@lists.fedorahosted.org Envoyé: Mardi 7 Février 2023 17:12:32 Objet: Re: [Freeipa-users] password-expiration
Hi,
On Tue, Feb 7, 2023 at 4:49 PM < phiroc@free.fr > wrote:
Hi Florence, unfortunately,
ipa user-mod user1 --krbpasswordexpiration='2024-06-28 07:49:37Z' Usage: ipa [global-options] user-mod LOGIN [options]
ipa: error: no such option: --krbpasswordexpiration
My bad, I copied the attribute name instead of the CLI option name. Can you try with ipa user-mod LOGIN --password-expiration =DATETIME
Note: if you type ipa user-mod --help you can see all the available options. flo
I’m in a similar situation and need to upgrade.
These docs are what I found https://www.freeipa.org/page/Upgrade#FreeIPA_4.2.0_or_newer and it seems to imply to simply run a yum update freeipa-server to go to the latest version. Is there some other documentation I should be following?
-Kevin
On Feb 7, 2023, at 10:51 AM, Rob Crittenden via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
When using --setattr you have to use the LDAP attribute name. So in this case givenname.
4.5.4 is getting along to 6 years old now. In general we strongly encourage you to upgrade to a supported release, one release at a time (there is no going from 4.5 to 4.10 directly).
rob
None via FreeIPA-users wrote:
Hi Florence,
I've tried the --setattr option with 'first',
ipa user-mod user1 --setattr first=phil
... but to no avail
ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the 'first' attribute of entry 'uid=...'.
----- Mail original ----- De: "Florence Blanc-Renaud via FreeIPA-users" freeipa-users@lists.fedorahosted.org À: phiroc@free.fr Cc: freeipa-users@lists.fedorahosted.org, "Florence Blanc-Renaud" flo@redhat.com Envoyé: Mardi 7 Février 2023 17:37:19 Objet: [Freeipa-users] Re: password-expiration
Hi,
On Tue, Feb 7, 2023 at 5:23 PM < phiroc@free.fr > wrote:
Hi Florence, alas, same issue
ipa: error: no such option: --password-expiration
Ok, the functionality was added in 4.6.0 (see Release notes ) so you need to use directly ipa user-mod LOGIN --setattr krbpasswordexpiration =VALUE flo
----- Mail original ----- De: "Florence Blanc-Renaud" < flo@redhat.com > À: phiroc@free.fr Cc: freeipa-users@lists.fedorahosted.org Envoyé: Mardi 7 Février 2023 17:12:32 Objet: Re: [Freeipa-users] password-expiration
Hi,
On Tue, Feb 7, 2023 at 4:49 PM < phiroc@free.fr > wrote:
Hi Florence, unfortunately,
ipa user-mod user1 --krbpasswordexpiration='2024-06-28 07:49:37Z' Usage: ipa [global-options] user-mod LOGIN [options]
ipa: error: no such option: --krbpasswordexpiration
My bad, I copied the attribute name instead of the CLI option name. Can you try with ipa user-mod LOGIN --password-expiration =DATETIME
Note: if you type ipa user-mod --help you can see all the available options. flo
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Kevin Vasko wrote:
I’m in a similar situation and need to upgrade.
These docs are what I found https://www.freeipa.org/page/Upgrade#FreeIPA_4.2.0_or_newer%C2%A0and it seems to imply to simply run a yum update freeipa-server to go to the latest version. Is there some other documentation I should be following?
It is still true that upgrading packages will move from one version to another. We never envisioned moving multiple at the same time. There have been rather huge architectural changes since the 4.5 releases.
https://docs.redhat.com/ has the latest documentation under RHEL.
rob
-Kevin
On Feb 7, 2023, at 10:51 AM, Rob Crittenden via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
When using --setattr you have to use the LDAP attribute name. So in this case givenname.
4.5.4 is getting along to 6 years old now. In general we strongly encourage you to upgrade to a supported release, one release at a time (there is no going from 4.5 to 4.10 directly).
rob
None via FreeIPA-users wrote:
Hi Florence,
I've tried the --setattr option with 'first',
ipa user-mod user1 --setattr first=phil
... but to no avail
ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the 'first' attribute of entry 'uid=...'.
----- Mail original ----- De: "Florence Blanc-Renaud via FreeIPA-users" freeipa-users@lists.fedorahosted.org À: phiroc@free.fr Cc: freeipa-users@lists.fedorahosted.org, "Florence Blanc-Renaud" flo@redhat.com Envoyé: Mardi 7 Février 2023 17:37:19 Objet: [Freeipa-users] Re: password-expiration
Hi,
On Tue, Feb 7, 2023 at 5:23 PM < phiroc@free.fr > wrote:
Hi Florence, alas, same issue
ipa: error: no such option: --password-expiration
Ok, the functionality was added in 4.6.0 (see Release notes ) so you need to use directly ipa user-mod LOGIN --setattr krbpasswordexpiration =VALUE flo
----- Mail original ----- De: "Florence Blanc-Renaud" < flo@redhat.com > À: phiroc@free.fr Cc: freeipa-users@lists.fedorahosted.org Envoyé: Mardi 7 Février 2023 17:12:32 Objet: Re: [Freeipa-users] password-expiration
Hi,
On Tue, Feb 7, 2023 at 4:49 PM < phiroc@free.fr > wrote:
Hi Florence, unfortunately,
ipa user-mod user1 --krbpasswordexpiration='2024-06-28 07:49:37Z' Usage: ipa [global-options] user-mod LOGIN [options]
ipa: error: no such option: --krbpasswordexpiration
My bad, I copied the attribute name instead of the CLI option name. Can you try with ipa user-mod LOGIN --password-expiration =DATETIME
Note: if you type ipa user-mod --help you can see all the available options. flo
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
freeipa-users@lists.fedorahosted.org
-
Florence Blanc-Renaud -
Kevin Vasko -
Philippe de Rochambeau -
phiroc@free.fr
-
Rob Crittenden